Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

1001 Geek Nights

This week's column is just a collection of fairly short items that make interesting reading in passing - read them all at once, or scan and pick out whatever appears interesting.

The Japanese Navy suffered a leak of confidential information onto the Internet recently when a Chief Petty Officer is accused of copying information onto his personal system which was compromised with malware that targeted the popular Japanese P2P software, Winny. The accused is in charge of communications on a Japanese destroyer, and it is possible that the information that was transferred was highly sensitive communications data and settings.

Numerous Internet forums were buzzing with the news of an event by Apple this last week. Apple held a press event on 28 February at which it was announced the availability of Mac Mini's with Intel chips powering them and a "Boombox" accessory for iPods. One of the most interesting elements of the new Mac Mini is the integrated Intel Graphics adaptor (80MB of shared memory). While it is double the VRAM of the previous model, it takes its chunk from the main system RAM and is reported to have significantly poorer 3D performance compared to the earlier Mac Mini models. While the 3D performance may be less, it really shines in 2D performance - in particular decompression of video. This particular move by Apple has led some commentators to claim that it is Apple's attempt at a Digital Video Recorder. When combined with the Frontrow media management software that Apple supplies with the systems, the claim does not look too outlandish. Improving the baseline hard drive space to 80GB, and including digital audio out ports, certainly makes it possible to easily integrate the Mini into the lounge room alongside the television and stereo. An integrated iPod dock on the case just completes it.

Noted by a couple of security reporting sites is an ominous silence in the reporting of new vulnerabilities and exploits over the last few days. While attacks and breach attempts are ongoing, they are using known historical exploits, and the new information being released has been very small scale in impact. A majority of primary sources appear to have slowed in the updating of information, both before and after the traditional weekend quiet period. Silences such as this tend to put wary security professionals on their guard, as something big may be being coordinated behind the scenes. No major law enforcement cases can be found to explain the silence, either. A week or so ago some of the core systems on a particular eMule network were shutdown, and a mid-level hacker was arrested in France, but neither case can explain the current situation. Many universities in the southern hemisphere commenced their academic year this week, but a spike of activity would be expected from such an event. Hopefully all will be well, but a number of experts are beginning to develop a feeling that something is amiss.

Since AOL announced that commercial email sent to their network customers would attract fees, or be forced through more restrictive filtering, the decision has attracted condemnation and opposition from numerous groups. At least 50 groups have banded together to lead the charge against the move. One of the most prominent concerns is that groups that can not afford the fees will be the most disadvantaged (charities, non-profits, etc.).

With major crises such as the Pakistan Earthquake, South East Asian Tsunami, and many other disasters, it could limit the fundraising ability of these organisations. Other criticism points out that it essentially gives spammers a free pass (as long as they pay their fee) to spam AOL customers, and AOL will do nothing about the messages.

At the same time as it is launching this service, AOL has launched lawsuits against three unnamed phishers / groups for $18 million USD. Those who are being targeted are accused of sending immense numbers of messages to AOL and CompuServe clients which attempted to get them to give up sensitive financial data or their ISP account details.

News reported by The Register indicates that although a large percentage of UK consumers know about VOIP, and have the ability to use it through their Internet connections, less than 10% of users currently use VOIP. While VOIP takeup is slow, money being made on fixed line telephone services is falling but mobile telephony revenues are increasing - which is possibly a good sign for mobile content providers and 3G network supporters.

In the often narcissistic environment of online blogs, many people do their best to get more visitors and regular readers of their content. Some of the most popular blogs, which allow their authors to make a living just from the content they create (based off Google advertisements or equivalent), are starting to attract attention from hackers who are launching distributed Denial of Service (dDoS) attacks against them. By preventing legitimate visitors from viewing the sites, it prevents the authors from making any income in that time period. Normally launched against online betting sites, payment sites or e-commerce sites, this new trend could make it more difficult for people to make a living from their sites (or for new people to do so).

In what appears to be a tap-out by ICANN (being bullied by VeriSign in the courts), ICANN has decided in favour of giving VeriSign effectively permanent ownership of the .com namespace, including the ability to raise prices by almost 50% over the next six years (7% per year). In addition to this, VeriSign gains control of domain names that have expired (said to be the biggest market on the Internet). In return, VeriSign will abandon its current lawsuits against ICANN and also recognise the authority that ICANN holds. While the approval still needs US Congress approval prior to taking effect, this is considered only a formality. The growing chorus of outcry against the move might prompt a closer review, and some believe it could even mean the end of ICANN. This chorus included outcry from eight registrars, who between them handle more than 60% of all domains traded globally.

Light reporting suggests that China is establishing an independent set of root level servers which can handle queries using Chinese characters. While there has been much discussion about previous alternate root setups, ICANN and Verisign, some people believe that this is a good move by China. With the second largest online population (behind the US), China is soon set to have the largest number of people online for any country in the world (pure numbers, not percentages). With such a large number of Internet users moving to an alternate setup, it could be the first real threat to the US ICANN / VeriSign dominance which currently exists (unlike the EU threat from a few months ago).

While the servers for this new root will not be globally distributed like the current set, it will still control the destination of tens of millions of Internet users. Although this move is not likely to have any effect on the rest of the Internet, it does force a separation for Chinese users. In conjunction with complaints and issues about the 'Great Firewall of China' and other censoring activities it raises questions about the freedom of information flow that this will allow for.

According to reporting which was covering news conferences in relation to the recently disclosed Greek Wiretapping case, it appears that the software which enabled the attack to take place was actually designed into the systems. Whether it was put in place due to a law such as CALEA or not is not known, but it is hinted at that the code was to allow law enforcement agencies to wiretap calls when necessary. If the allegations of the USA being behind the case are true, it could be possible that it is using capacity that CALEA (or a derived / similar law) has put in place (even though it is outside of the USA).

More criticism has recently been seen over the "SiteAdvisor" program to alert Internet users to sites and content that may or may not be safe for them to look at in terms of malware or popup advertising hidden in the site. Closely matching advice that was given to potential investors into the program, the commentary considered some of the risks that the program will face into the future. Specifically, it focussed on the issues that arise due to the lag between when a site is assessed and when a user visits the site.

If a site is hacked prior to assessment and is fixed post-assessment, then the SiteAdvisor database will reflect for a time that the site is untrustworthy, even though it was due to an external hack which has since been repaired. Likewise, if a site that is deemed trustworthy gets hacked before it is assessed again, then a user who trusts the SiteAdvisor assessment will discover that they have been affected by the misclassification. Because the assessment process is not instantaneous, this problem is a result of the design of SiteAdvisor, which is placing itself in the position of acting as arbiter of what is safe on the Internet for end computer users.

Finally, Apple released their first security update for 2006 which addressed a number of issues - some of the more serious ones were actually unknown prior to Apple releasing the patch. Patches were provided for issues related to to bypassing security restrictions, unsafe loading of encrypted volumes, heap overflows, privilege escalation, arbitrary remote code execution, and others. Public exploit code has already been released for a 'passwd' privilege escalation. If OS X users have not applied the patch, they should at the earliest opportunity.

6 March 2006

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.