[SecurityRatty] tag: film

Minority Report

Mon, 03 Nov 2008 21:00:00 +0000

In 1956 Philip K. Dick published a short story called Minority Report which was subsequently made into a moderately successful film starring Tom Cruise. If you saw the film or read the story you may remember that the plot revolves around a system designed to predict crimes and then arresting people in advance for crimes which they hadn't yet committed. Chilling thought, that.

"Would you feel safe with this man looking after you?

Sun, 28 Sep 2008 16:44:00 +0000

That was the caption under the picture of Rocker,Ted Nugent, in last Tuesday's Guardian. Nugent had volunteered to be Sir Paul McCartney's "Bodyguard" when he played a concert in Israel.

Unfortunately,this is what our industry has to tolerate. Many people, from broken down celebrity deer hunters to jail guards think that if you know how to shoot a rifle or open a gate for inmates to go to the yard, it automatically follows that you know everything about protecting the life of a executive.

So, Ted Nugent knows how to play guitar and shoot deer. Just what part of that background would equip him to keep the former Beetle safe in the Middle East? It is certainly not like Mr. Nugent is trying to pull the wool over our eyes when it comes to any specialized training he may have received. "I'm Dirty Harry with a ponytail", claims the singer.

First of all Mr. Nugent, "Dirty Harry" was a film produced by Hollywood to entertain people, not a "training aid". Secondly, even if we were to stretch our imaginations and consider Harry Callaghan's actions, we would recall that the character was a Police Detective and as such, would have undergone rigourous training at a professional Police Academy.

Refering to reported Islamic Extremist Death Threats made against McCartney if he insisted on playing the concert, Nugent informed us that he "will not bend or waiver to Voodoo Religions or Whackjobs".

It is unknown whether or not Mr. Nugent thinks that Islamic Extremists come from Haiti, but if he is serious about a future career in Executive Protection, we would advise him to attend our upcoming course in Dubai next month where he will not only learn first hand the Art of Personal Protection, but he will also learn about Middle Eastern Cultures, Tradition and Religion.

Unfortunately, there's no way of predicting how much culture we may be able to pass on to Mr. Nugent, as the course is only a little over a week long. We will also be teaching etiquette and which knife and fork to use when attending a formal event with your Principal. That's right Ted, you don't get to tear the meat from the bone with your hands.

Someone call the U.A.E. and let the Hilton know that we may have to stay longer than planned.

Another Site Hiding Pirate Movies Behind a Zango Installer Prompt

Fri, 15 Aug 2008 03:44:39 +0000

A few days ago, I wrote about a site asking you to install Zango before you could view the site content (which happens to be pirated movies). Well, another site has come to light doing a similar thing - I'm starting to wonder how many of these are actually out there. It's also served to highlight what I feel is a particularly confusing popup box, but we'll get to that later. First off, here's the website in question:

Click to Enlarge

Bestcinemaonline(dot)com. As you can see, the site is similar to the last one (except that site is registered anonymously to an individual in China, whereas this one is registered to someone in Indonesia). Also, the format is different - the last site was more of a "movie repository", whereas this one takes the shape and style of a blog with each individual entry pointing to a film. And what films they are!

Batman!

X-Files!

Click to Enlarge

Hellboy! (Is that even out yet?)

As you might have expected, a lot of the movies end up looking like this when attempting to watch them:

Click to Enlarge

.....whoops.

I must also give a special mention to one of the most confusing popup warnings I've ever seen - it really threw me, and I admit I nearly installed Zango accidentally after seeing it. If (when prompted with the Zango installer box) you click "Cancel", this appears in the middle of your screen:

"Click OK to Cancel or Click "Cancel" to continue the installation".

.....Whaaaaaa? That's a bit of a brain bender, right there. I hope this set of writeups doesn't become a Trilogy...

Gonzo: Two Thumbs In and Up

Thu, 17 Jul 2008 06:10:12 +0000

Just saw the Hunter S. Thompson movie - Gonzo, and if you are a fan you should to. Lots of good stuff in there, the film links various part of his life and career, and gives a pretty unvarnished view of the high highs and the low lows. Weaves in writing, politics, and fame seamlessly. I have never really had as much fun as early on in my career in the early-mid 90s I was a web programmer in Aspen, hacking CGI/PERL. Among the most fun things was building and running HST's site. My boss, Ed, was his neighbor. Ed was also seriously allergic to bees. One day he was alone in his house and got stung. He was dying. Luckily Hunter was due over to his house to watch a basketball game, walked in and called 911. My boss woke up in the ambulance with Hunter pounding on him chest and screaming at him. Ed said - "Waking up to that face screaming at me, I didn't know if I was alive or dead." Seeing the movie it was also great to see a lot of the Woody Creek folks again like George Stranahan, who lovingly said about Hunter - "my friend and neighbor who never paid his rent, broke up my marriage and taught my children to smoke dope. " Of course, there was no way he could match his early productivity and this is true of almost all artists. Most of the last two decades were wasted from a writing standpoint. However his piece written on 9/11 is as good as its gets:

The towers are gone now, reduced to bloody rubble, along with all hopes for Peace in Our Time, in the United States or any other country. Make no mistake about it: We are At War now -- with somebody -- and we will stay At War with that mysterious Enemy for the rest of our lives.

It will be a Religious War, a sort of Christian Jihad, fueled by religious hatred and led by merciless fanatics on both sides. It will be guerilla warfare on a global scale, with no front lines and no identifiable enemy. Osama bin Laden may be a primitive "figurehead" -- or even dead, for all we know -- but whoever put those All-American jet planes loaded with All-American fuel into the Twin Towers and the Pentagon did it with chilling precision and accuracy. The second one was a dead-on bullseye. Straight into the middle of the skyscraper.

Nothing -- even George Bush's $350 billion "Star Wars" missile defense system -- could have prevented Tuesday's attack, and it cost next to nothing to pull off. Fewer than 20 unarmed Suicide soldiers from some apparently primitive country somewhere on the other side of the world took out the World Trade Center and half the Pentagon with three quick and costless strikes on one day. The efficiency of it was terrifying.

We are going to punish somebody for this attack, but just who or what will be blown to smithereens for it is hard to say. Maybe Afghanistan, maybe Pakistan or Iraq, or possibly all three at once. Who knows? Not even the Generals in what remains of the Pentagon or the New York papers calling for WAR seem to know who did it or where to look for them.

This is going to be a very expensive war, and Victory is not guaranteed -- for anyone, and certainly not for anyone as baffled as George W. Bush. All he knows is that his father started the war a long time ago, and that he, the goofy child-President, has been chosen by Fate and the global Oil industry to finish it Now. He will declare a National Security Emergency and clamp down Hard on Everybody, no matter where they live or why. If the guilty won't hold up their hands and confess, he and the Generals will ferret them out by force.

Good luck. He is in for a profoundly difficult job -- armed as he is with no credible Military Intelligence, no witnesses and only the ghost of Bin Laden to blame for the tragedy.

One unintended lesson I take away from Hunter's life is how important patience is. Obama is a politician and may yet disappoint us all, but I gotta believe Hunter would be seriously impressed. If he had waited another couple of years, he may have seen a lot of the stuff he fought for in 1968 and 72 come to fruition. Sometimes you are just 36-40 years ahead of your time and you have to be ok with that and figure out how to deal if possible. (Note - it sure sometimes feels this way in software security). Speaking of security:

Security

by Hunter S. Thompson (1955).

Security ... what does this word mean in relation to life as we know it today? For the most part, it means safety and freedom from worry. It is said to be the end that all men strive for; but is security a utopian goal or is it another word for rut?

Let us visualize the secure man; and by this term, I mean a man who has settled for financial and personal security for his goal in life. In general, he is a man who has pushed ambition and initiative aside and settled down, so to speak, in a boring, but safe and comfortable rut for the rest of his life. His future is but an extension of his present, and he accepts it as such with a complacent shrug of his shoulders. His ideas and ideals are those of society in general and he is accepted as a respectable, but average and prosaic man. But is he a man? has he any self-respect or pride in himself? How could he, when he has risked nothing and gained nothing? What does he think when he sees his youthful dreams of adventure, accomplishment, travel and romance buried under the cloak of conformity? How does he feel when he realizes that he has barely tasted the meal of life; when he sees the prison he has made for himself in pursuit of the almighty dollar? If he thinks this is all well and good, fine, but think of the tragedy of a man who has sacrificed his freedom on the altar of security, and wishes he could turn back the hands of time. A man is to be pitied who lacked the courage to accept the challenge of freedom and depart from the cushion of security and see life as it is instead of living it second-hand. Life has by-passed this man and he has watched from a secure place, afraid to seek anything better What has he done except to sit and wait for the tomorrow which never comes?

Turn back the pages of history and see the men who have shaped the destiny of the world. Security was never theirs, but they lived rather than existed. Where would the world be if all men had sought security and not taken risks or gambled with their lives on the chance that, if they won, life would be different and richer? It is from the bystanders (who are in the vast majority) that we receive the propaganda that life is not worth living, that life is drudgery, that the ambitions of youth must he laid aside for a life which is but a painful wait for death. These are the ones who squeeze what excitement they can from life out of the imaginations and experiences of others through books and movies. These are the insignificant and forgotten men who preach conformity because it is all they know. These are the men who dream at night of what could have been, but who wake at dawn to take their places at the now-familiar rut and to merely exist through another day. For them, the romance of life is long dead and they are forced to go through the years on a treadmill, cursing their existence, yet afraid to die because of the unknown which faces them after death. They lacked the only true courage: the kind which enables men to face the unknown regardless of the consequences.

As an afterthought, it seems hardly proper to write of life without once mentioning happiness; so we shall let the reader answer this question for himself: who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed?

A ship is safest at port, but thats not why we build ships.

Homer Simpson and the Kimya Botnet

Fri, 11 Jul 2008 13:46:17 +0000

Television often relies on fake codes, phone-numbers and addresses to make up part of their fictional worlds. Sometimes, it can go slightly wrong - how many people tried to call Doctor Who last week?

D'oh.

Actually, "D'oh" is rather appropriate here. In an old episode of The Simpsons, it was revealed that Chunkylover53@aol.com was Homers Email address. Of course, every Simpsons fan with net access immediately added Chunkylover53 to their AIM contact list. As this article points out....

Homer's e-mail address chunkylover53@aol.com, as seen on EABF03, was registered by writer-producer Matt Selman, who also replied to e-mails from fans testing it. "He logged in the night that the episode aired and it was immediately filled with the maximum number of responses. He's tried to answer every one of them and then as soon as he answers a hundred, a hundred more pop in," Al Jean told the New York Post in January 2003.

The "Chunkylover53" AIM screen-name hasn't logged in for quite some time, apparently. Imagine the puzzled expressions worn by Simpsons fans when, all of a sudden, the account came back to life in the last few days with this in their "Away" message....

...yes, "Homer" has seemingly returned, and he comes bearing infection files!

Of course, the "exclusive Simpsons episode" is nothing of the kind - what you actually download is a file about 150kb in size, and it looks like this:

Run the file, and you won't see a new Simpsons episode - you're actually more likely to see this:

....a strange error message that mentions "photos" (probably fake), followed by lots of real error messages as most of your desktop fails, leaving you with an entirely blank screen:

Click to Enlarge (if you really must!)

From this point onwards, the PC will likely need a reboot and will be sluggish until cleaned up, constantly throwing out error messages, crashing when attempting to open Windows Explorer etc.

Now, given that the infection links are being passed around via IM Away messages, there was always going to be the possibility of an Instant Messaging worm attack. However, a lot of testing has taken place and so far, we haven't seen any malicious messages or URLs sent via AIM or MSN Messenger.

That's no reason to get complacent though, because what we have seen taking place is possibly quite a bit worse. First of all, a number of hidden files are dropped onto the PC, including Rootkit technology (which the bad guys have helpfully pointed out in the code):

Worse, your PC is deposited into a Botnet of Turkish origin - here's the giveaway traffic stream via an Ethereal log:

....awaiting further instructions from the Botnet C&C center. This particular Botnet has been around since March of this year. The Turkish connection is interesting, because I haven't seen too many Turkish Botnets - and there's been quite a surge in hacking activity from Turkey recently (most notably the DNS attacks on Photobucket and ICAAN by NeTDevilz).

Finally, the infection drops a number of other files onto the PC besides the Rootkit, which are seemingly related to a new variant of this Chinese infection.

It's worth noting that there may only be Instant Messaging infection links sent out if the person running the Botnet Command Center decides to issue all the drones with such a command - so while we haven't seen any IM infection activity, it would be wise not to rule it out completely. We recommend infected users keep an eye on all Instant Messaging activity until they can clean the infection from their computer, just in case.

Whoever is responsible for these messages has changed them a couple of times already - last night, the download link had been updated to look like this:

...and it currently advertises a link for a dating website:

We've reported all links related to this attack, and at least two of the files claiming to be "exclusive Simpsons episodes" are currently offline, though there's bound to be more out there. For now, this is a good reminder to be cautious when randomly adding cool things seen on TV and film to your online applications - you can't always assume the person at the other end is entirely in control.

We detect this as Kimya.

Additional Research: Chris Mannon, FSL Senior Threat Researcher
Deepak Setty, FSL Senior Threat Research Engineer

My Name......is......Neo!

Mon, 30 Jun 2008 12:35:39 +0000

As Keanu would say, "There's a bomb on the bus".

I mean, "Whoa". He might also have said "Excellent", but that was definitely the wrong film.

At any rate, here's an infection from China called "Agent.NEO", which probably has some deep seated relevance to the Matrix trilogy. Or maybe not. There aren't tons of screenshots of desktop fireworks, because by and large, this infection doesn't hit you with the pretty whiz-bang effects on your monitor. What it does do, however, is drop a ton of files onto your PC (many of which do strange things - here's a couple from various directories):

...slows everything down to a crawl, attempts to detect and disable security programs, contact a remote mail server with network sensitive data, hijack your IE:

Click to Enlarge

....and tries to show you a couple of Chinese popup ads (none of those pages were online at time of testing, otherwise there'd be multicoloured screenshots galore below).

I'm trying really hard to end this writeup with a really cheesy Matrix reference, but I can't think of any so in conclusion: avoid Agent.NEO at all costs (but watch the films again, they're awesome).

Even the Rich and Famous pay the price for being Dishonest and Unethical

Sun, 29 Jun 2008 12:05:00 +0000

All of our courses - in the U.S. and over seas, begin with the same message - ETHICS is the keystone of our profession and our success. It's a shame that famed litigator - Richard "Dickie" Scruggs forgot that lesson.

In yesterday's Washington Post, the headline reads; "Famed Litigator Gets 5-Year Term for Conspiracy to bribe Judge". For those who are not familiar with him, Scruggs became one of the wealthiest and most famous lawyers in the country by taking on tobacco, insurance and asbestos companies.

What did he do? Well, for starters (and what they were able to prove), he attempted to bribe Lafayette County Circuit Court Judge Henry Lackey by offering him $50,000.00. U.S. District Judge Neal Biggers Jr., called Scruggs' conduct "reprehensible" and told him that he picked the wrong Judge to bribe. In addition to the 5 year jail term, he was fined $250,000.00 and lost his law license.

You really got to love it when Justice is rightfully served. Unfortunately, it makes me wonder how many more sleazy lawyers around the country and unethical Judges are not getting reported and prosecuted. It is a little too hard to believe that Scruggs is the only dirt-bag in the legal profession. We welcome the message it sends out; "nobody is above the law".

Like most, if not all common criminals, Richerd Scruggs became greedy. In 1990, Scruggs became famous for suing tobacco companies and winning lawsuits that resulted in a $206 BILLION dollar settlement. If his take of that was just 10%, he walked away with a cool $20.6 Billion dollars. A film was even made about the case - "The Insider" starred Al Pacino and Russell Crowe.

A decade later he is trying to bribe a Judge with $50,000? I would say it was a combination of greed and power going to his head. Maybe that is why the "Post" reported that he nearly fainted and swayed from side to side when the Judge scolded him. He had to sit down before the sentence was read out. He must have believed that he was untouchable.

It's just a shame that he wasn't touched with a heavier sentence. A twenty year sentence would have sent out an even more powerful message. Still and all, the idea of wearing a prison jumpsuit and eating balogna sandwiches is probably like a life sentence to someone who believed themselves to be above the law.

The article claims that many high profile friends petitioned Judge Biggers for leniency when sentencing Scruggs. He's lucky I am not the warden at his jail. I think he would be a perfect candidate for the toilet cleaning squad.

Castlecroft Medical Practice patient information at risk

Thu, 19 Jun 2008 07:54:50 +0000

Technorati Tag: Security Breach

Date Reported:
6/18/08

Organization:
NHS Trust

Contractor/Consultant/Branch:
Wolverhampton City Primary Care Trust
Castlecroft Medical Practice

Victims:
Patients

Number Affected:
~11,000

Types of Data:
"names, dates of birth, addresses, contact details and confidential medical records"

Breach Description:
"A laptop containing confidential medical records of all 11,000 Wolverhampton patients at a city surgery has been stolen from a GP’s house, police revealed today."

Reference URL:
The Press Association
The Express & Star

Report Credit:
The Press Association

Response:
From the online sources cited above:

A laptop containing confidential information about 11,000 patients has been stolen from a GP's home.
[Evan] This is now the 11th breach reported on The Breach Blog concerning NHS Trust and affiliated organizations. What is the excuse? Can the GP and/or Primary Care Trust and/or Medical Practice claim to not know the risks involved?

Contrary to Department of Health guidelines, the information was not encrypted, which would have made it unreadable without a special code to unscramble it.
[Evan] Are medical personnel aware of and required to follow the guidelines? Are there penalties or sanctions for non-compliance?

The laptop was among items stolen in a recent burglary at the home of the unnamed doctor, who works at the Castlecroft Medical Practice in Wolverhampton.

The details of when and where the laptop was taken from are not being released, but a helpline has been launched for worried patients
[Evan] I could not find the helpline phone number; otherwise I would publish it for people.

The information on the computer, which belongs to the practice, included patients' names, dates of birth, addresses, contact details and confidential medical records.

The practice has written to all of its 11,000 patients to inform them that information about them was on the stolen computer.

Dr Peter Wagstaff, senior partner at the practice, said: "The practice is treating this issue very seriously and we are extremely sorry for any distress or concern that it may cause our patients. Though not encrypted, the confidential information on the laptop was protected by a complex password system, which only a person with specialist computer knowledge would be able to crack."
[Evan] If the organization were "treating this issue very seriously", and if it was "truly sorry" then why attempt to minimize the situation (risk) by using the password protection argument. In my opinion (and that shared by many information security professionals), password protection is NOT an adequate preventative control to ensure the confidentiality of the information stored on a laptop computer. This holds especially true in instances where the password protection is controlled by the operating system. See: "Laptop stolen from a Quest Diagnostics employee" and "Not to worry: the stolen laptop was 'password-protected'".

He said the laptop appeared to have been stolen for its re-sale value, rather than for any information stored upon it.
[Evan] In my opinion, this is another attempt to minimize the situation and imply that the risk of confidential information disclosure is less than it may actually be.

Jon Crockett, chief executive of Wolverhampton City Primary Care Trust, said the trust was "extremely concerned" about the theft.

He said: "Patients and the public have the right to expect that those dealing with confidential information maintain the highest levels of security and we are carrying out a full and urgent investigation into this incident."
[Evan] Mr. Crockett makes a very valid point.

National guidance from the Department of Health is that any confidential information about patients must be stored in a safe and secure environment, and mobile devices - including laptops - which contain such data must be fully protected by encryption, he said.
[Evan] Again, Mr. Crockett seems to "get it".

Commentary:
The 11th breach for NHS Trust-affiliated organizations in less than 10 months and the fact that the cause of this one is so well publicized in other breaches does not instill much confidence.

The eleven breaches are only what has been reported on The Breach Blog, there may be more.

Past Breaches:
NHS Trust:
May, 2008 - Sandown Health Centre backup tape is missing
March, 2008 - Stolen NHS flash drive contained adolescent information
February, 2008 - Laptop missing from Russells Hall Hospital (UK)
January, 2008 - Stolen Bolton Hospitals Laptop affects cancer patients
January, 2008 - Queen Mary's Sidcup Hospital microfiche film goes missing
January, 2008 - Stockport Primary Care Trust flash drive goes missing
January, 2008 - Oldham Primary Care Trust NHS loses two data sticks
January, 2008 - Highly sensitive medical information found in the road
December, 2007 - Laptop stolen in Royal Bolton Hospital break-in
September, 2007 - Dudley Group of Hospitals NHS Patient Data For Sale on eBay

Framing Computers Under the DMCA

Mon, 09 Jun 2008 02:47:47 +0000

Researchers from the University of Washington have demonstrated how lousy the MPAA/RIAA/etc tactics are by successfuly framing printers on their network. These printers, who can't download anything, received over 400 takedown notices:

The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of “Iron Man” and the latest Indiana Jones film.

Research, including the paper, here.

Framing Computers Under the DMCA

Mon, 09 Jun 2008 02:47:47 +0000

Researchers from the University of Washington have demonstrated how lousy the MPAA/RIAA/etc. tactics are by successfuly framing printers on their network. These printers, which can't download anything, received over 400 takedown notices:

The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of “Iron Man” and the latest Indiana Jones film.

Research, including the paper, here.