Computer Security Articles

Microsoft has released the webbrowser Internet Explorer in version 9 – next to more speed it also adds a bit of security as every new IE version does. For example, the new built-in tracking protection helps protecting the privacy when surfing the Internet. The SmartScreen Application Reputation helps to prevent to download and install malicious applications by identifying seldom downloaded applications – this can help identifying server-side polymorphic malware. Of course, the usual SmartScreen feature to identify for example Phishing sites is still included. Also already known are feature like ActiveX filtering and Tab isolation. Security-wise, IE9 is a small step in the right direction, though.

IE9 can be downloaded from Microsofts website in plenty of languages. But there is a catch: The most widespread Windows operating system, Windows XP, is not supported! Only on Windows Vista, 7 and Server 2008 IE9 can be installed. Windows XP users can alternatively use the Browser Choice to easily install a different webbrowser which increases security and speed too, like Google Chrome, Firefox or Opera.

Dirk Knop
Technical Editor

Published by Blanca Carton, March 2011

It is a well-known fact that cyber-bullying is becoming a serious problem among teenagers. Just recently, two teenage girls in Florida are facing serious criminal charges for a Facebook prank they played on a classmate. The girls, aged 15 and 16, created a fake Facebook profile in the name of another student—a girl they were no longer friends with—and added photos doctored to make it look like their victim was engaged in sexually explicit acts (Source: Marco Eagle).

Situations like this raise the following questions:

Are you responsible for your own safety when you browse the Internet? The answer to this question is YES. In the same way you take all necessary precautions when you go back home at night, you should also observe certain online security precautions in order to chat, share information, etc. securely on the Web.

Are you responsible for your friends’ safety when you browse the Internet? The answer to this question is also YES. The Internet has many advantages but also poses some dangers that make you responsible, though indirectly, for their safety. If you post pictures of your friends without permission, give away private information (like their address, phone number, where and when they are going on holiday, etc.) or other data you might be putting them at risk.

For that reason we’d like to remind you of these 5 simple tips that will help you protect yourself and others:

1. Enjoy the Internet. The Internet is an open door to information that before was only available to you in libraries, or trips impossible to make. It puts the whole world in your hands… Make the most of it!
   Note: In any event, you shouldn’t believe everything you see on the Internet or on TV. Always corroborate information.
2. Treat your Internet friends the same way you would treat a friend you see in person. In the same way you wouldn’t trust a stranger you met on the street, you should be equally cautious on the Internet.
3. It someone asks you where you live, your phone number or wants you to send them pictures of you, activate your webcam to record you or offers to meet on the street… Say no and report it. They will probably do to others the same things they are trying to do to you.
4. Do not accept messages from strangers. Just opening those messages can trigger viruses that damage computers and try to steal information from them.
5. Don’t insult, disturb or threaten anybody. Remember that there is always a way to know who posted a comment or photos on the Internet and you can be identified. These actions constitute a crime and won’t go unpunished even if performed from your computer at home.
   If someone insults, disturbs or threatens you, report it immediately to your parents or tutors so that that person is prevented from doing it again to you or anybody else.

Finally, install a good antivirus program on your computer  and keep it up-to-date just as you do with your favorite video game

The loosely-knit Anonymous group appears to have launched a distributed denial-of-service attack against websites belonging to a highly controversial American church, after the two launched a war of words across the internet.

Westboro Baptist Church is a small, independent church based outside Topeka, Kansas, which has become notorious around the world for picketing funerals, burning the American flag and its hateful stance against homosexuality.

The group’s head, Fred Phelps, has encouraged members to picket military funerals with offensive signs such as “Thank God for Dead Soldiers”, claiming that the United States is being punished by God for not condemning homosexuality.

And it is a number of websites run by the church, with names such as “GodHatesFags” and “GodHatesAmerica” that have been disrupted by an internet distributed denial-of-service (DDoS) attack.

Here’s what seems to have happened.

A couple of days ago, a message appeared on an Anonymous website accusing Westboro Baptist Church of bigotry, and calling on the congregation (most of whom are members of Phelps’s extended family) to stop its public protests or have its websites attacked.

Westboro Baptist Church’s response was typically robust and uncompromising, calling Anonymous a group of “coward crybaby hackers”, and a “puddle of pimple-faced nerds”:

To be honest, my feeling is that Westboro Baptist Church probably revels in feeling persecuted, and probably gets a perverse kick out of receiving the attention of the world’s media and groups such as Anonymous.

If that’s the case, then they’re probably enjoying what’s happening right now – with their websites flooded by traffic, preventing internet users with legitimate interest in the group visiting them.

It always makes me uncomfortable when controversial groups have their freedom of speech curtailed by activists, however unpleasant the things that those groups may be saying. When groups – such as the Westboro Baptist Church – have repellent views, I feel it’s better to allow them to express them than to have them silenced through internet attacks.

What’s interesting is that there may be some affiliated with Anonymous who don’t agree that targeting the Westboro Baptist Church is an appropriate use of their time and resources. But when you have a group like Anonymous, with no leadership and no organisational structure, where anyone can claim to be speaking for the group, it’s impossible to tell what actions hactivists should take and which they shouldn’t.

One thing’s worth remembering though. Participating in a denial-of-service attack is illegal, however much you disagree with the contents of the website that you’re attacking.

The success of the Tunisian and Egyptian protest movements inspired demonstrations throughout the Middle East last week, including large-scale social media coordinated protests in Libya, Iran, Bahrain, Algeria, Jordan and Yemen. In several of countries, governments responded to the calls for reform with arrests and violent suppression of public demonstrations. Increasingly, several Middle Eastern governments also may be disrupting phone and Internet communication to contain the spread of unrest.

These new Internet filtering efforts come a week after Egypt returned to the Internet following an abortive effort to block protests demanding the then president, Hosni Mubarak, resign. While other countries, including Iran and Myanmar, disrupted telecommunication following social unrest in the past, the Egyptian outage represents a new Internet milestone – the first highly connected, telecommunication dependent society to intentionally disconnect from the Internet [1,2].

This analysis uses real-time data from the 110 Internet providers around the world to identify possible ongoing Internet traffic manipulation in Middle East countries with active protest movements. More details on our data collection infrastructure and methodology are available in our recent academic paper [3].

Overall, our data shows pronounced changes in Internet traffic levels in two Middle East countries last week: Bahrain and Libya. While network failures and other exogenous events may play a role in decreased traffic volumes, we observe the changes in Bahrain and Libya are temporally coincident with the onset of recent protests. Several Bahrain telecommunication companies blamed the slowdown on “overloaded circuits” and extremely high usage [4].

We note that many countries in the region maintain some level of permanent Internet limits, including blocks on dissident web sites, social media and adult content [5]. The traffic volumes graphed on the following page represent possible traffic manipulation beyond normal filtering practices.

In the below chart, we show the “normal” traffic in and out of each country averaged over the proceeding three weeks in green. The dotted red line in each graph shows the traffic over the last seven days. Orange shaded areas indicated periods of statistically abnormal traffic either last week or the week of February 14. Abnormal traffic volumes may network failures or periods of intentional traffic manipulation. Due to the near complete block of all Internet traffic (January 27 – February2), the Egyptian graph shows orange for most of last week as traffic levels climbed to normal. Yemen Internet traffic also exhibited brief, though unusual dips, during the prior week (February 7-11) and also includes an orange period.

While the Internet has proven a powerful tool for rallying social and political change, so too have governments recognized their regulatory and technical capability to disrupt communications. The next few weeks will likely prove a major contest between the continued evolution of the Internet as a vehicle for political change and authoritarian governments’ continued assertion of control.

A PDF version of this analysis is also available.

End Notes

[1] Craig Labovitz, “Egypt Loses the Internet”. Arbor Networks blog post. Available at http://asert.arbornetworks.com/2011/01/egypt-loses-the-internet. January 28, 2011.

[2] James Cowie, “Egypt Leaves the Internet”. Renesys blog post. Available at http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml. January 27, 2011.

[3] Craig Labovitz, Scott Iekel-Johnson, Danny McPherson, Jon Oberheide, and Farnam Jahanian, “Internet Inter-Domain Traffic”. Proceedings of ACM SIGCOMM 2010, New Delhi. August, 2010.

[4] Christopher Rhoads, “Technology Poses Big Test for Regimes”. Wall Street Journal. February 12, 2011.

[5] OpenNet Initiative. Web site at http://opennet.net.

 
 

Published by Blanca Carton, february 2011

When I was a child there was no Internet. Well, it’s not that I am that old , but the World Wide Web came into my life when I was in my teens. A few years have passed since then and I must confess that the Internet is now an essential part of my everyday life.

I use it for almost everything: bank transfers, doing my weekly shopping, holiday reservations…  Who was going to tell me!

However, surfing the Net poses some safety risks that we should all be aware of.

I recently visited the Internet in Safe Hands website, where you can find information about the latest Internet threats as well as tips to combat them. The Resources section contains a number of guides you can download, like Mums on the Web, with simple measures to protect your family, Teenagers Guide, with tips for chatting, playing online or downloading safely, or the one I am currently reading, Guide for Safe Online Shopping, with practical advice for you to shop online with complete peace of mind.

Visit it! I hope you find it as useful as I did.

With the globalization of organized crime via the Internet, increasing numbers of people are being subjected to crime. The resources available to local law enforcement organizations to respond to these crimes is often limited. If you would like to report a crime, the following list may be helpful:

Computer Crime & Intellectual Property Section
United States Department of Justice:
http://www.justice.gov/criminal/cybercrime/reporting.htm

The Internet Crime Complaint Center:
http://www.ic3.gov/default.aspx

Your Local FBI Office:
http://www.fbi.gov/contact/fo/fo.htm

National Association of Attorney General’s Computer Crime Point of Contact List:
http://www.naag.org/issues/20010724-cc_list_bg.php

National Center for Missing & Exploited Children:
http://www.missingkids.com/missingkids/servlet/PublicHomeServlet?LanguageCountry=en_US

United States Computer Emergency Readiness Team (for technicians):
http://www.us-cert.gov/

Regardless of whether you expect a successful resolution, it is beneficial to report a crime because it enables these organizations to better evaluate the extent of the problem.

James McQuaid
2-27-2010

Smart Internet Protection 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It replaces the Personal Internet Security 2011 in the FakeVimes family.

VIPRE detection name: SmartInternetProtection2011.FakeVimes

SmartInternetProtection2011 graphic interface

(Click graphic to enlarge)

How to remove Smart Internet Protection 2011:

If  Smart Internet Protection 2011 has infected your PC, you should remove it immediately. Click here to use VIPRE to remove Smart Internet Protection 2011 from your computer now.

If you have kids who own their own computers, an inexpensive lamp timer is an excellent way to enforce a digital curfew. I can assure you that your child is occasionally using the Internet at 3:00 am, and this is not helping him or her stay focused in class.

There are other good reasons to run the electrical power for your DSL modem, home router, and switch (if you have one) through a timer. Home routers have very little memory, and their RAM can become exhausted, which may limit the degree to which they can adequately perform stateful packet inspection. It should be noted that most of the home routers in operation today are unpatched for vulnerabilities which can render them useless as security devices. By rebooting these flimsy devices on a daily basis, you can reduce the number of problems you experience with them.

In addition, by turning off the Internet for five hours a night (i.e. midnight to 5:00 am), you can reduce your attack window by 20%. This makes your computer significantly less desirable to the botnet master seeking 24/7 uptime. It may also reduce your exposure to hackers in other time zones.

Midnight to 5:00 am is an ideal time to schedule nightly anti-virus and Windows Defender scans. Correspondingly, you should adjust your Automatic Updates feature in Windows to download updates at 2:00 pm (instead of 2:00 am).

In addition to removing the temptation for your kids to chat all night, you will improve your family’s safety by limiting Internet activity to a period when an adult may be able to provide some measure of supervision.

James McQuaid

Internet Security 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It’s a new clone of the Antivirus2010.RTK of VXCactus.

Internet Security 2011 also installs the MBR rootkit.

Internet Security 2011 graphic interface

(Click on graphic to enlarge)

How to remove Internet Security 2011:

If Internet Security 2011 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove Internet Security 2011 from your computer now.

February 8th is Safer Internet Day, a day devoted to making the Internet a better place for children. And before your child goes online… make sure their computer is up to date with secure software. There are lots of updates and patches to install this month.

Microsoft’s Security Bulletin includes a critical update for Internet Explorer that affect all versions of IE.

Note that the least affected OS is Windows XP Service Pack 3. That’s because Service Pack 2 was retired from the update cycle last year. Children are often provided “hand-me-down” computers. Before giving a child old hardware, make sure the current service pack is installed. You should also consider an alternative browser.

But then again, alternatives aren’t worry free either.

Google recently patched Chrome to version 9.0.597.84.

VLC media player, another popular alternative, has a flaw when parsing an invalid MKV file that could allow a malicious attacker to trigger an execution of arbitrary code. VLC media player 1.1.7 addresses this issue, so either update, or avoid untrusted downloads (and sites if you have the VLC plugin installed).

Adobe is also publishing an update today for Adobe Reader and Acrobat. Affected versions include Adobe Reader X (10.0) and earlier versions for both Windows and Macintosh.

On 08/02/11 At 04:46 PM

Hooray.  Long term readers of this blog know how that I don’t like how some people “test” different Internet Explorer versions by turning their PCs into “Frankenstein” systems, and then expect that their “test results” can be trusted – not.

The Virtual PC compatible images available are:

XP SP3 with IE6 (expires 11 January 2011)
XP SP3 with IE7 (expires 11 January 2011)
XP SP3 with IE8 (expires 11 January 2011)

Vista with IE7 (expires 90 days after first run)
Vista with IE8 (expires 90 days after first run)

You’ll need a minimum of 3 GIG of free hard drive space to expand the VHDs.

Download here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=21eabb90-958f-4b64-b5f1-73d0a413c8ef&displaylang=en

By the way, don’t forget that Internet Explorer 9 is out in public beta too – you’ll need to build your own VM to test that one and, believe me, its worth testing. I’m certainly seeing interesting results when surfing using IE9 – everything from web sites that don’t display properly to web forms that are broken – I find myself swapping between IE9 and Google Chrome for some sites which are broken in some places and working in others.

One of the things I love about working in the UAB Computer Forensics Research Laboratory is having the opportunity to learn from professors from so many different specialty areas. In addition to the Computer Science professors who visit our lab for the weekly Spam Researchers Meeting, where we entertain guests from the Knowledge-Discovery & Data Mining Lab and the Artificial Intelligence Lab I also get to work with criminologists, sociologists, and forensic chemists who make up the rest of our “CIS-JS Working Group.” Last week I had the pleasure of visiting a DEA Drug Testing lab with my colleague Dr. Elizabeth Gardner. Today I was able to compare data mining techniques with a visiting Bioinformatics professor from Colorado State. But some of the times I learn the most though are when I visit with my department chairs, Dr. Anthony Skjellum in Computer & Information Sciences and Dr. John Sloan from Justice Sciences.

A Sociologist looks at AnonOps

Like most Computer Security people, I’ve been following the Wikileaks responses from Anonymous with interest. As I’ve watched Anonymous recruit their activist army, I’ve been thinking more and more about lynch mobs, so I asked Dr. Sloan to come up to the lab and help me understand how mobs work. I made my best pitch to him, explaining how “AnonOps” as the Anonymous Operations group calls themself, calls to mind a mob that was a cross between the angry villagers storming Dr. Frankenstein’s castle, and childhood memories of Detroit fans burning cars in the streets.

Dr. Sloan explained that the public (like me) have a lot of misconceptions about mobs. He said what we are dealing with in the Anonymous DDOS attacks are actually instances of “Diffuse Crowds.” In the case of Anonymous, Sloan says that “Convergence Theory” explains this type of crowd. Its not that a group of people spontaneously erupted into acts of cyber vandalism, but rather that people who share similar passions come together with an intention to “make a difference” but without a clear agenda on how to do so. Some of the people who come to these online gatherings are bystanders, some followers and some leaders, but these roles are not set in stone. When the crowd has gathered – in this case on an IRC channel – various members of the crowd propose courses of action. When one of the proposals is adopted by the group, that person, whether or not they intended to be, is suddenly, and perhaps only temporarily, a leader.

The earlier prominent theory of crowd behavior was called “Contagion Theory” and proposed that membership in a crowd results in “irrational, emotionally charged behavior.”

My early suggestions to Dr. Sloan was that it was because of being Anonymous that the crowd was choosing to participate in DDOS attacks. Perhaps the leaders of the group also counted on that affect. Their instructions for how to volunteer your computer to participate in the DDOS attacks against Mastercard said “if you get caught, don’t admit to anything and tell the authorities that your computer must have a virus!” The belief of the general public is that mob behavior, such as that which lead to race riots and lynchings in previous generations, counts on the anonymity and the irrational frenzy of the mob for its success.

Crowds that take action are “Expressive Crowds” or “Mobs” if those expressions lean towards violence towards a target or “Riots” if those expressions lean towards generalized violence and lawlessness. Expressive Crowds gather around strong emotions, such as joy, excitement, anger, or fear.

While Dr. Sloan said that Convergence Theory also says that groups come together along strongly felt emotions, that they should be seen as “rational” with individuals understanding their decisions and acting by choice, not due to some “mass hysteria” or “frenzy.”

Expressive Crowds in Cyberspace

As we look at previous expressive crowds that turned towards cyber attacks in the past we see that this seems to be a correct characterization.

In 2008, when Russia invaded the area of Georgia known as South Osettia, the interest was nationalism. As online chatrooms and forums discussed the rightness of the Russian cause, the idea was planted and began to spread that individuals could help with a DDOS against Georgian government and media computers.

August 19, 2008 – Evidence that Georgia DDOS Attacks are Populist in Nature

In 2009, when the Iranian government cracked down on the process of a free election, Facebook and Twitter users colored their profile pictures green to show solidarity with the oppressed voters. As more Twitter followers started watching the “#IranElection” hashtag, some began providing information on how to DDOS the Iranian government. The number of participants in the group grew, with some reading the tags (bystanders), some choosing passive signs of response (green profile pictures), and some choosing active measures (DDOS Attacks).

June 16, 2009 – Armchair Cyberwarriors: Twitter and #IranElection

This past summer Islamic activists, already in chat rooms and forums to communicate about proselytizing the Islamic way of life in the west, began sharing information on how to attack Facebook by downloading an attack tool.

June 1, 2010 – Virtual Jihad Against Facebook

Anonymous and Operation Payback

Operation Payback takes its name, and its tactics from a company that claims to have been contracted by the Motion Picture industry to shut down websites that are trading in pirated movies. Girish Kumar, the managing director of Aiplex Software, explains that the Film industry hires cyber hitmen to take down internet pirates. He claimed that his company is hired “to launch cyber attacks on sites hosting pirated movies that don’t respond to copyright infringement notices sent to them by the film industry.”

The die was cast in September 2010 when AIplex pointed its attention at the greatest source of pirated movies on the internet, The Pirate Bay. In response, one of the /b/rothers from 4chan pointed a botnet under his own control at AIPlex, taking the company’s website offline while other members of the channel were still talking about the best way to do so.

Almost immediately, the 4chan buzz began looking for a new target. TechCrunch ran a story that contained the original call to arms:

How fast you are in such a short time! Aiplex, the bastard hired gun that DDoS’d TPB (The Pirate Bay), is already down! Rejoice, /b/rothers, even if it was at the hands of a single anon that it was done, even if ahead of schedule. now we have our lasers primed, but what do we target now?

We target the bastard group that has thus far led this charge against our websites, like The Pirate Bay. We target MPAA.ORG! The IP is designated at “216.20.162.10″, and our firing time remains THE SAME. All details are just as before, but we have reaimed our crosshairs on this much larger target. We have the manpower, we have the botnets, it’s time we do to them what they keep doing to us.

REPEAT: AIPLEX IS ALREADY DOWN THANKS TO A SINGLE ANON. WE ARE MIGRATING TARGETS.

(The original Anonymous image, according to EncyclopediaDramatica.com’s Anonymous entry)

They were able to knock offline, at least temporarily, the Recording Industry Association of America, the Motion Picture Association of America. Later in the month, the Low Orbit Ion Cannon, or LOIC as the chosen 4chan attack tool is called, was pointed at AFACT – the Australian Federation Against Copyright Theft. Nearly 8,000 other websites were casualties of that attack which overwhelmed the hosting platform. Many major organizations that deal with copyright and the protection of intellectual property have been attacked as part of Operation Payback at one time or another, including:

ACS Law
RIAA
MPAA
AIPlex Software
Davenport Lyons
Australian Federation Against Copyright Theft
DC Legal
Ministry of Sound
Ministerio de Cultura (spain)
Sociedad General de Autores y Editores
Federation of the Italian Music Industry (FIMI)
United Kingdom Intellectual Property Office
Associação do Comércio Audiovisual de Portugal
Gene Simmons
Hustler.com
Antipiracy.fi (finland)
US Copyright Office
Irish National Federation Against Copyright Theft
Warner Brothers

Anonymous went after RIAA again in late October after the RIAA achieved a court order to terminate the LimeWire file sharing network.

Wikileaks and AnonOps

While a group may have leaders of the moment, there are permanent roles assigned by the “true” leaders of AnonOps, as well as “talent-based” roles. As AnonOps tries to move through its paces, it needs developers to improve and modify its attack tools, graphic artists to create its images. Video editors to create its YouTube videos, and network designers to help it build stable infrastructure.

But mostly, it needs a cause that the public supports. Those causes go back to the basic emotions upon which Diffuse Crowds converge. Wikileaks stirred up the passion of the press and the public as it began releasing revelation after revelation.

AnonOps recognized such an opportunity with Wikileaks. While the early “Operation Payback” was exactly what it said: “You DDOSed our website, so we are DDOSing your website” the new act is to convince the public that this was all about Internet Censorship from the beginning. “We fight censorship and stand up for truth” is a much more stable platform upon which to base a group, as opposed to the original “We pirate movies and break the law.”

However, breaking the law, and getting away with it, is a great attractor of media. Dr. Sloan explained that this reminded him of the 1960s Vietnam War protests on college campuses. The more the media covered the protests, the more likely it was that your neighborhood college campus was going to have a protest.

Cyber attacks => Media Coverage => New like-minded individuals “converge” into the group => New skills and ideas => New missions and leadership

Exit Strategy

The question that is yet to be determined is, has the AnonOps groups reached a stable form? It is clear that the illegal activity is getting out of hand, and threatening the existence of their group. This weekend’s attacks on Paypal, Mastercard, and Visa demonstrated the group’s online power, and attracted more hackers. The targeting this evening was sporadic and approaching “riot” stage as various participants shouted out target names in the AnonOps chatrooms and watched as they fell. Established leaders were shouting things like “WHAT ARE YOU DOING?!?!? WHY ARE YOU ATTACKING AIRLINES!?!?! WHAT DOES THAT HAVE TO DO WITH WIKILEAKS OR CENSORSHIP?!?!” Meanwhile, Delta.com, AA.com, United.com, and others all suffered brief outages.

Some of the leadership are attempting to distance themselves from the DDOS attacks and are encouraging an alternative approach of encouraging people to read the leaked cables and write about them as a way of “uncensoring” them. Others are encouraging a new form of cyber attack, asking members to DDOS companies that are found to have been involved in, or believed to be involved in, atrocious acts described in the classified cables. Remember above that members are attracted to groups that share their same strongly held feelings and attitudes. When AnonOps revealed today that US taxpayer dollars were used by a defense contractor to pay for sex with young boys, they were playing perfectly to this theory of the crowd. EVERYONE would be outraged by some of these actions, if they occurred the way AnonOps describes them. That’s a powerful tool for enlarging your group, and lowering the barrier to otherwise illegal action. It may be difficult to convince a member to DDOS their own credit card company, but the moral barrier to DDOSing “sex slave brokers” as one AnonOps post described the company, may be lower.

One attempt at legitimacy was to engage the Electronic Freedom Foundation. Leaders reasoned in the AnonOps chatrooms that a partnership with EFF would bring legitimacy to their cause, and EFF responded positively to the approach with their new Say No To Online Censorship campaign.

The new campaign within AnonOps uses the name “truthisrevolutionary.org” which comes from a George Orwell quote:

“During times of universal deceit, telling the truth becomes a revolutionary act” – George Orwell

I guess my big takeaway from my discussions with Dr. Sloan was the new sociological theories on crowds and gatherings. Crowds can be rational. And, according to one Sociology text:

…Crowds themselves do not impair judgment. The actions of individuals at gatherings also illustrate that individuals remain independent, sometimes responding to solicitations, sometimes ignoring them, sometimes interacting with their subgroup, and sometimes acting spontaneously.

I hope the members of Anonymous will remember that while they are Anonymous, they are also individuals, and responsible for their individual behavior and decisions.

I have an article appearing in TechNewsWorld about the reliability of Internet web services. The Twitter outage in August shocked a lot of people and called into question the dependability of Internet-based services. In this article I look back on other notable outages — eBay, MySpace, and Yahoo have all had their bad days — and look into the root causes of the failures.

While researching the article I read “Mafiaboy: How I Cracked the Internet and Why It’s Still Broken.” This is the story of distributed denial of service (DDoS) attacks that took down Yahoo, CNN and other websites in February of 2000. The perpetrator was a 15-year-old high school student from Montreal who had built up his DDoS capabilities by hacking university and corporate servers for many months. If a high school student with no budget can take down top websites, it’s clear that politically-motivated adults with even modest funding can do the same or worse.

Updated January 31: Added graph and discussion of remaining active paths

Following a week of growing protests and periodic telecommunication disruption, Egypt suddenly lost all Internet connectivity at approximately 5:20pm EST Thursday.

The below graph shows traffic to and from Egypt based on ATLAS data from 80 providers around the world.

Between 3 and 5pm EST, Egyptian traffic rapidly climbed to several Gigabits. At 5:20pm, the all Egyptian transit providers abruptly withdrew the major of Egypt’s several thousand BGP routes and traffic dropped to a handful of megabits per second.

At present, the cause of the outage is unknown though many press reports have drawn parallels to the Internet outages following Iranian political protests during the summer of 2009. Further, the simultaneous failure of Internet across multiple different Egyptian ISPs and diverse physical paths (i.e. satellite, fiber optic, etc) suggests this was a coordinated event rather than a natural failure. Typically, telecommunication companies operate under strict regulatory control in many countries around the world.

As of Monday (January 31), Egypt remains disconnected from the Internet. A week view of traffic in and out of Egypt below.

Normally, Egypt enjoys one of the largest and most robust Internet infrastructures in Africa with a dozen major providers, more than 30% consumer penetration, and multiple high-speed paths to Europe and the rest of the world. Egypt also serves as a major terrestrial fiber optic crossing point for traffic to other countries in Africa and the Middle East. Traffic to other countries using these links through Egypt has not been impacted.

While the Egyptian telecommunication market has enjoyed significant liberalization in the last decade, the Egyptian government Telecommunications Regulatory Authority (TRA) continues to assert a strong level of regulatory control over the telecom licensees. See http://www.tra.gov.eg for more information (although the TRA web site is currently unreachable outside Egypt).

In recent months there has been a lot of discussion in the US about an Internet kill switch. The real idea behind the kill switch is not to protect the infrastructure as claimed, but rather for political control such as has been recently observed in Egypt and other countries.
Proponents of the Internet kill switch paint … Read More.

Full story: ESET ThreatBlog

In all currently supported Windows operating systems a security vulnerability in the so-called MHTML handler can lead to information disclosure; speculations in the media indicate possibly even worse things. The cyber criminals just need a manipulated link to trigger the flaw, for example within an email or with a web page. Microsoft released a security advisory about the issue and announces an update to fix the vulnerability.

To secure the own computer, the company also provides a Fix-it tool as workaround which disables the MHTML handler. This will render attacks useless. Thus it is advised to apply the workaround by downloading and executing the Fix-it tool as soon as possible.

Dirk Knop
Technical Editor

Full story: Avira – TechBlog

As I mentioned in my blog from 17 January "IPv4: IPcalypse", the available number of IPv4 addresses was reaching zero. That has happened, IANA Central Registry of IPv4 addreses is exhausted. Not on the predicted 11 February 2011, but 8 days earlier, today, 3 February 2011. It will be a little while more (it may even take the rest of this year) before the Regional Internet Registry (RiR’s) pools of reserved IPv4 addresses will be exhausted as well, but don’t hold your breath as you may miss that.

The fact that there are no more IPv4 addresses available does not mean the internet will stop (you’re reading this message online, right?), but for those that want to put a website online and do not have an IPv4 address, that would be a bit difficult.

When there is a shortage, there are always people that will take advantage of it and hope to make some $ $ $ on it. I will not be surprised if there will be a lot of smart website hosters that will take advantage of the lack of IPv4 addresses this and offer very cheap sub-domaining where the websites will all reside behind the same IPv4 Number. The URL’s will start to look like:

Another curious effect we may see is people offering their IPv4 numbers for $ ale on e.g. auction sides as eBay. Wherever ISP’s have not transferred to IPv6, this can be a booming business.

And where corporate organizations and people switch over to IPv6 both externally and internally, there will be a lot of 2nd hand hardware s routers being offered on auction sides as well. Of course these would be IPv4 only (why otherwise sell them) but this may not be advertised.

Of course the non-availability of IPv4 addresses will be misused for social engineering as well where messages like “We still have IPv4 addresses available, click here…” will try to get to click on the link and end up at malicious websites.

More than ever, this is the time to switch to IPv6. If you are putting a new website online, doing this at an ISP or hoster that is already supporting IPv6 may save you some problems in the (near) future. When you buy new hardware (routers, switches, network appliances, etc) make sure they do support IPv6 as well.

IPv4 is dead, long live IPv6!!!

BTW: You did not click on the link for available IPv4 addresses, did you?

Full story: Norman’s security blog

After a week long Internet outage following widespread social unrest and political protest, Egyptian Internet traffic returned to near normal levels this morning at approximately 5:30am EST.

A graph of Egyptian Internet traffic from the vantage of carriers around the world both today and throughout the week below. As in previous posts, I use data from ATLAS anonymous carrier traffic engineering statistics.

A cursory survey of Egyptian Internet infrastructure shows all major providers and web sites are once again reachable from the rest of the Internet.

While other countries, including Iran and Myanmar, experienced telecommunication disruptions following social unrest in the past, the Egyptian outage represents a new Internet milestone. For the region, Egypt enjoys one of the largest and most robust Internet infrastructures with four major national providers and a hundred or more smaller consumer and web hosting providers. Put simply, we have never seen a country as connected as Egypt completely lose Internet connectivity for such an extended period. Also as a sign of the growing importance of social media, and web sites, it is telling that Egyptian telecommunications block largely focused on the Internet — mobile and fixed line service returned earlier in the week.

Today, the Internet is as an integral part the Egyptian economy and society. Unlike periods as recent as a decade ago, governments of technically developed countries cannot disrupt telecommunication without incurring significant economic cost and social / political pressures.

I’ll update this blog and twitter (@labovit) as we get more information.

- Craig

 
 

Full story: Security to the Core | Arbor Networks Security » 2011

An experiment in non-communication?

In what some observers are calling a first, the government of Egypt has shut down the country’s four Internet service providers, blacking out nearly all net access in the country in the face of widespread protests.

According to the Aljazeera news organization, which specializes in news of the Arabic world, protesters have been mobbing city streets and throwing rocks and some gasoline bombs in Alexandria and Cairo for four days. The crowds of mostly young people have been calling for an end to the rule of Hosni Mubarak, who has been in power for 30 years. Protests also have been reported in the cities of Suez, Mansoura and Sharqiya.

James Cowie on the renesys.com blog asked the central question: “What happens when you disconnect a modern economy and 80,000,000 people from the Internet? What will happen tomorrow, on the streets and in the credit markets? This has never happened before, and the unknowns are piling up.”

He said that exceptions to the Internet blackout were the 83 routes of the Noor Group which allows inbound traffic from Telecom Italia. That allows access to the Egyptian stock exchange (www.egyptse.com).

Cowie said that Tunisia blocked certain Internet routes and Iran limited traffic to slow communication when those two countries were faced with large scale protests recently. Neither imposed a complete blackout, however.

Tom Kelchner

Update from Twitter, 4 p.m. (EST):

I’m not sure what to think about this but it sounds serious:

Full story: GFI Labs blog

Sometimes a really bad idea can live on, no matter how thoroughly it’s rejected. Such is the case with the “Internet kill switch” idea featured on and off in proposed homeland security legislation.

The notion is that the President, or in some versions some other government agency, should have the power to disconnect certain “critical infrastructure” in the event of an emergency which meets legislative criteria. We’ll ignore the fact that attacks against such infrastructure could be executed in microseconds, far too quickly for government to react. And any pre-emptive action would inevitably cause huge economic losses; imagine the major banks being taken offline for…how long?

The idea has been floating out there for a few years and became prominent early in the Obama administration. An eclectic and seemingly centrist group of legislators, including Senators Collins from Maine and Lieberman from Connecticut, advocated it. But even putting aside considerable technical and logistical problems with the proposal, the interests against it are huge. It never had a chance.

But now that Egypt has shown that it can shut itself off from the Internet altogether, Senator Collins has been inspired to reintroduce her bill which expired with the last congress. Why now? Fortunately, all the reasons why it was a bad idea before are still operative and the interests against it are at least as well organized.

Full story: Security Watch

If there is any doubt as to how tightly internet communications have been restricted in Egypt, SophosLabs has produced some interesting statistics. In the process of analyzing spam, one of our Vancouver researchers noticed that spam originating from Egypt had nearly vanished.

While there have been reports that Egypt had cut off internet services completely, there were conflicting reports suggesting that one ISP that accounts for approximately 8% of Egyptian users was still online to some degree.

According to our statistics, the amount of spam received from Egypt in the last two days has dropped by 85%. While I’m not advocating this as a method to stop the spam problem, it seems to confirm media reports of the extent to which internet access is currently available (or unavailable, as it were) to the Egyptian people.

While you may have a lower chance of receiving an email proclaiming you’ve won the Cairo lottery, this won’t have any significant impact on the volume of spam that gets to your mailbox.

The real point is these numbers demonstrate the availability of electronic communications to Egyptians and may be an indicator of their ability to organize and stay in touch with the outside world.

We will continue to monitor these statistics and post on Naked Security if we see any indications that normal internet access is returning.

To learn more about the countries that are responsible for your inbox being full read our latest Dirty Dozen spammers report for Q4 2010.

Full story: Naked Security – Sophos

Can NIS 2010 protect your PC from current and emerging forms of malware. Find out! It’s NIS 2010 vs 10 malicious websites/downloads. Make sure you catch the last 10 min BTW.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.