Tag Archive for Security

| October 10, 2009
Comments Off on Size Doesn’t Matter for Botnets

Size Doesn’t Matter for Botnets

Size Doesn't Matter for BotnetsDarkReading points out a new report released on 09-29-09 from researchers at Symantec’s MessageLabs unit which provides a detailed analysis of the size and output of current botnets. One of the report’s conclusions: Size doesn’t always matter.  Rustock, for example, is still the largest of the botnets, with an estimated size of between 1.3 million and 1.9 million nodes. Cutwail is next in size, with an estimated 1 million to 1.5 million bots.

Size Doesn't Matter for BotnetsBut neither of these two botnets is the largest proliferator of spam, according to Paul Wood, senior analyst at MessageLabs and one of the authors of the report. That title goes to a rapidly emerging botnet called Grum, which delivered an average of 39.9 billion spam messages per day last quarter — more than 23 percent of all the spam on the Internet.

Despite the fact that it’s half the size of Rustock, Grum is generating much more spam,” Wood says. “It’s getting each bot to do a lot more work.

Bobax, a botnet that has been around for more than two years, is also becoming more efficient, generating more than 27 billion messages per day and 15.2 percent of all Internet spam, the report says. That means each Bobax node generates more than 1,400 spam messages per minute.

Botnet operators have discovered that many ISPs don’t immediately recognize the huge output of individual bots because each bot’s performance is affected only on the upload, not on the download, Wood says. “Your computer might be a bot, but it might not affect your download performance very much,” he observes. “It’s only when users try to upload something and experience a performance problem that the ISP gets a complaint.

As they become more sophisticated, botnet operators are finding ways to make their infrastructures more efficient, Wood says. A new botnet, Maazben, accounted for only 0.5 percent of Internet spam 30 days ago, but now is generating 4.5 percent — about 2.4 billion messages a day — at its peak. As with Bobax, each Maazben bot is highly productive, pushing out nearly 1,300 spam messages per minute.

No matter what their size or how efficiently they operate, botnets clearly are at the heart of the spam problem, MessageLabs says. According to the report, botnets generated an average of more than 150 billion messages per day last quarter — nearly 88 percent of all the spam on the Internet.

The takedown of ISPs like McColo definitely helped, but it doesn’t solve the problem,” Wood says. “Already we see botnet operators spreading traffic across multiple ISPs, effectively giving themselves better backup than some enterprises have.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| October 3, 2009
Comments Off on Smart Grid needs IPv6

Smart Grid needs IPv6

Smart Grid needs IPv6Cisco Systems is looking at IPv6 as a critical component in securing the next-generation electricity distribution system. IPv6 is attractive to the Smart Grid initiative for two reasons, the first being an abundance of IP addresses available in the expanded 128-bit address space for all the gizmos they hope to sell in a market that Cisco pegs at $20 billion a year. “IPv6 is an interesting discussion and one that occupies a lot of bandwidth at Cisco,” Marie Hattar, Cisco’s vice president of network systems and security solutions marketing, told InternetNews.com. “Some people say that for smaller deployments, we could get away with IPv4, but the smart grid has a number of parts.

The second benefit to the Smart Grid is the security features in IPv6 which will add a layer of protection to the vulnerable electric grid management systems. Security is also now top of mind as the Department of Homeland Security (DHS) is now investigating a report into potential threats to the West Coast power grid. Earlier this year, widely circulated reports noted that foreign entities—presumably from China—infiltrated the U.S. power grid on several occasions and have the ability to disrupt power distribution.

China infiltrated the U.S. power grid

At the 2009 Black Hat security conference, a security researcher detailed security vulnerabilities in smart grid meters. “If you think about hacking into a smart meter, it’s like hacking into your TV’s remote control — you still get your TV,” Ms. Hattar said. “The meters are a reporting mechanism but it’s not going to affect the electrical system.” Still, Cisco’s Hattar added that smart meter vendors are concerned about security and Cisco will work with them. “A key part is to build out an end-to-end framework that is secure. A lot has to do with isolation and not exposing the grid to points of entry that are hackable.

As utilities are looking to build out smart grid, it’s more effective to agree on a common protocol across the board as opposed to trying intermix different ones,”  Hatter says. “In many ways, this is like the early days of the Internet where we ultimately settled on IP. We see IP as the scalable protocol for smart grid and we’re working with a variety of vendors to advocate this and make this the key protocol of choice.

Cisco is among the numerous IT vendors with initiatives for improving the power grid. IBM is working with several of its partners on power grid issues through its Smart Planet program.

There’s likely to be subsidiary benefits to the smart grid, like furthering the cause of IPv6  since tens of millions of users and new devices around the world will require connectivity. For example, with utilities adopting IP-enabled metering for thousands of homes connected to the network, there could be an issue with addressing over IPv4. On IPv6, thanks to its plentiful address availability, there are no addressing issues.

rb-

Not only is this a technological issue, but it is an energy policy issue. An electrical grid that can support Smart meters, will allow energy producers to better control the flow of electricity, which will increase the efficiency of the electrical grid, which will, in turn, decrease our dependence on fossil fuels. America needs to get off of electrical generation by fossil fuels and this technology can speed the process before it is too late and gasoline reaches $7.00 a gallon making the current recession seem like a walk in the park.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| September 16, 2009
Comments Off on Malware Goes Green

Malware Goes Green

Malware Goes GreenZDNet reports that malware writers have come up with a new social engineering angle. The bad guys have started mashing up two issues Green and Security to help spread their malware. CA has been tracking the emergence of new scareware called Green-AV Premier Edition 3.0.

Green malware social engineering attack

E-Waste RecyclingThe malware claims to be the “World’s First Antivirus Which Cares About the Environment” and “costs” $99.99, This attack plays on Green sympathies by promising to donate $2 from every purchase for saving the “Amazonian green forests.”

CA says that the effects of an attack from this malware are similar to those caused by most rogue security software.

Recommendations:

  • Keep your security software up to date
  • Never click on a link you did not ask for
  • Never purchase this type of security software since you could be giving your credit card information to fraudsters and making yourself a target of identity theft

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| September 7, 2009
Comments Off on Feds Still Want to Federalize Internet

Feds Still Want to Federalize Internet

Feds Still Want to Federalize InternetSenator Jay Rockefeller (D-WV) has released a revised version of his bill that would federalize the Internet (I covered this topic earlier here). The current draft would allow the president to “declare a cybersecurity emergency” on “non-governmental” computer networks and do what’s necessary to respond to the threat.

Feds Still Want to Federalize NetSection 3 (2) (B) Defines “Cyber” as any matter relating to, or involving the use of, computers or computer networks. Section 201 (2) (B), permits the president to “direct the national response to the cyber threat” if necessary for “the national defense and security.”

I think the redraft, while improved, remains troubling due to its vagueness,” Larry Clinton told CNETIt is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill,” said Clinton, president of the Internet Security Alliance, which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board.

Senate Intelligence Committee Chairman JAY ROCKEFELLER (D-WV)A Senate source familiar with the bill told CNET that the president’s power to take control of portions of the Internet is comparable to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

Section 201 (5) the bill requires the White House to engage in “periodic mapping” of private networks deemed to be critical, and those companies “shall share” requested information with the federal government. The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien, a senior staff attorney with the Electronic Frontier Foundation in San Francisco told CNET. “As soon as you’re saying that the federal government is going to be exercising this kind of power over private networks, it’s going to be a really big issue,” he says.

The language has changed but it doesn’t contain any real additional limits,” EFF’s Tien says. “It simply switches the more direct and obvious language they had originally to the more ambiguous (version)…The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There’s no provision for any administrative process or review. That’s where the problems seem to start. And then you have the amorphous powers that go along with it.

Rb-

If your network is determined to be “critical” by the Feds, there is likely a new set of regulations coming from the same people who are giving themselves failing grades for their own cyber-security.

These new rules could impact staffing decisions, disclosure policies and open the door to a government can take over your IT systems. This bill requires watching by anybody that uses or manages computers, a private network, or the Internet. It is likely they will sweep it in as pork on another unrelated bill, to limit public discussion.

Contact your representatives in DC.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| August 28, 2009
Comments Off on WPA Gone in 60 Seconds

WPA Gone in 60 Seconds

WPA Gone in 60 SecondsJapanese researchers have identified a WPA hack that could give hackers a way to read encrypted Wi-Fi traffic  in less than 1 minute. Toshihiro Ohigashi (Hiroshima University) and Masakatu Morii (Kobe University) presented a way to break the WPA (Wi-Fi Protected Access) encryption system at the Joint Workshop on Information Security. The researchers outlined their work in a paper called “A Practical Message Falsication Attack on WPA” on August 7, 2009.

The new attack builds on 2008 research from Darmstadt University of Technology graduate students Martin Beck and Erik Tews who proved that WPA Temporal Key Integrity Protocol (TKIP) could be attacked. The Beck-Tews attack only worked on short packets in a WPA implementation that supported 802.11 quality of service (QOS) features and took between 12 and 15 minutes to work.

The new threat uses “man in the middle” (MITM) attacks on WPA TKIP systems. The MITM attack uses the “chopchop” attack on a short packet (like ARP broadcasts), decipher its 64-bit Message Integrity Code (MIC), and can then craft whatever packet it wants. The new packet is coded with the proper checksums and passed along to the access point, which should accept it as genuine. Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated told IDGNews, “They took this stuff which was fairly theoretical and they’ve made it much more practical.”

Both attacks work only on WPA systems that use the TKIP algorithm. The new attack does not work on newer WPA2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm. Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, said that people should now use WPA2. She told IDGNews, WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago.”

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, Robert Graham, CEO of Errata Security told ars technica. He continues, the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. “It’s not as bad as WEP, but it’s also certainly bad.”

rb-

This is only an issue if the WLAN is secured at all.  Motorola published a report in April 2009  that says 64% of companies are neglecting WLAN security. The report claims that only 47% of companies are using Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) encryption on their wireless networks.

These attacks highlight the weaknesses of TKIP-based WLAN encryption. WPA TKIP was developed to fix the worst of the security holes in the first Wi-Fi encryption protocol, WEP. WI-Fi-certified products have had to support WPA2 since March 2006 . Users should move to AES-CCMP which requires WPA2 Personal for home and small office networks or WPA2 Enterprise for larger networks.

Using AES-CCMP may require that some network equipment installed before 2003 be reviewed as AES supports key lengths up to 256 bits, which may not be compatible with older hardware. Any remaining equipment of this vintage may need to be upgraded to newer Wi-Fi adapters, switched to Ethernet only, or retired. WPA2 has not shown any vulnerabilities to date. There is no real good reason to try to secure your WLAN with WPA-TKIP anymore.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »