[SecurityRatty] tag: numerous

Towards a Streaming SQL Standard

Fri, 05 Sep 2008 13:39:08 +0000

In More Towards a Streaming SQL Standard, Marc Adler says, “Despite what I think about Streambase’s marketing and sales organization, you must admit that Zdonik and Cherniack are first-class researchers, and have contributed a lot to the field of CEP.”

I agree that these gentlemen are top notch researchers, witnessed by the fact that the authors do not mention nor claim to be “complex event processing” anywhere in their paper! This paper is not about CEP, nor does it claim to be about CEP, it is about stream processing and unifying SQL standards.

ABSTRACT: This paper describes a unification of two different SQL extensions for streams and its associated semantics. We use the data models from Oracle and StreamBase as our examples. Oracle uses a time-based execution model while StreamBase uses a tuple-based execution model. Time-based execution provides a way to model simultaneity while tuple-based execution provides a way to react to primitive events as soon as they are seen by the system.

Asmentioned on numerous occasions, stream processing is a very important area in CEP/EP. It is important not to confuse the higher situational knowledge from object-object correlation and state management with the single-object event refinement that occurs in stream processsing. Event stream processing is fundamentally different than complex event processing.

Event stream processing performs operations on streaming event objects. In almost all advanced CEP/EP applications is is necessary to perform robust track and trace operations on streaming event objects, like tracking the position of an airplane. Tracking the position of an aircraft can be modelled very nicely with event stream processing. Tracking individual event objects is a precuror to multiclass object situation refinement.

When we manage the state of all the aircraft in the skies over New York, you need more than a stream processing construct. You need to manage the state of all the aircraft. Paul Vincent of TIBCO Software being to address this important point in The Value of State…

Again, we will be better equiped to solve complex distributed event processing problems if we do not confuse the notion of event stream processing and complex event processing. These technologies are indeed complimentary, both very important, but they are not the same.

I applaud Oracle and StreamBase’s work toward a unified standard for SQL extensions for streams.

Zango And The Batman Online Videogame

Wed, 03 Sep 2008 07:00:00 +0000

This is Newsarama, a site (mostly) geared around comics and other related media:

Click to Enlarge

You'll notice Batman, over on the right there. Let's take a closer look:

"Free Online Batman Game"? Well, that's curious because I follow comics pretty closely and I'd be the first to know if an "Online Batman Game" had been in the works (this advert has been doing the rounds on numerous comic-related websites. Visit the URL in the ad - Batmangame.info - and you'll see this...

Click to Enlarge

There it is again - "Online Batman Game". Furthermore, the text goes on to say:

"Batman Online lets you do anything and every little thing you'd like in a Batman game. From leveling up your character to destroying villans, it has it all. Download and play this amazing game now, all for free! I'm sure you'll be playing for hours on end, it's that much fun.

    Level Up Your Character

   Explore a Huge Vast World

   Play Online With Your Friends

   Hundreds of Quests To Finish

   Perfect Battle System

So start your Batman adventure today! Download the full game below and fight them all!"

Note that they specifically call it "Batman Online". It specifically sounds like a text blurb you'd expect to see with a MMORPG. However, something isn't quite right here.

1) The only DC licensed MMORPG anybody knows of is this, and it isn't due out until 2009. It's not Batman-centric, either.

2) The screenshots are lifted from the Batman Begins videogame, which came out in 2005. If you were offering a "Batman Online Game", wouldn't you use screenshots from that instead of an unrelated title?

3) Absolutely no licensing, copyright or legal mumbo-jumbo on the page anywhere. DC and Warner Bros don't roll like that.

4) The website - Batmangame(dot)info - is registered anonymously. Not exactly something you see everyday for websites related to licensed DC franchises such as Batman videogames.

5) "To download and play the Batman Online Game you must download and install Zango as well. It is free, very easy to install and will give you access to the full game."

Shall we continue?

Click to Enlarge

A Zango installer prompt, complete with picture of Batman at the top. If you say "No" to the install, you end up on Google.com. What happens if you click "Start"? Well, you'll get the usual collection of Zango installer screens including one that rather humorously has a guy in a superhero costume.

Once everything is installed, you're taken to another page and from here things just get plain confusing. Remember, up to this point you've been promised an "Online Batman Game", the description of which is clearly intended to evoke images of a MMORPG. However....

Click to Enlarge

All of a sudden, you're being told you're downloading "Batman: Vengeance" on a cheap-looking splash page and shown what looks like an unofficially ripped Batman: Vengeance trailer on Youtube.

In case you're unaware, Batman: Vengeance is a videogame first launched way back in 2001 for consoles (followed shortly after by a PC version). What does this have to do with an "Online Batman Game"? Well, nothing, actually. Aside from the fact you were presented with one thing and are now handed another, things get even stranger when you see the download location:

Click to Enlarge

Have you ever heard of an officially licensed game being offered via Rapidshare downloads? It's possible, I guess, but it seems a little odd. However, the real oddness is reserved for the "Online Batman game" itself.

Remember, we've been promised "Hundreds of quests", "A huge vast world", the ability to "level up your character" and (of course) the "play online with your friends" promise of greatness.

Click to Enlarge

Imagine your dismay, then, when you've installed Zango, downloaded the game from Rapidshare using up around 140MB of bandwidth, installed it and....

Oh dear.

Not only are you given a totally different game than what was advertised, you're given a DEMO VERSION of that game with four short sample levels present, no online functionality and quite a few less quests than the "hundreds" advertised.

Hilariously, you can download a 100% legit copy of this demo here at Fileplanet, sans Adware. Setting aside the issue of whether this file is actually sitting on Rapidshare with either Ubisoft or DC / Warner Bros permission (and if it IS okay to be there, I'm pretty sure it's NOT okay to falsely advertise it as some kind of MMORPG) there are some questions that need to be raised here.

When this guy approached them with his website, did nobody stop to think that this game did not actually match up with the "Online Batman" game it was touted as? Didn't someone at Zango Quality Control actually download the game and see the big "This is a demo" wording as soon as it starts up? Or question why the screenshots on the website don't look like the graphics for Batman: Vengeance in the slightest?

However you look at it, this is a scam, pure and simple. Whoever came up with the idea of an "Online Batman Game" is lying through their teeth. Of course, because their website is registered anonymously we have no idea who the culprit is, unless of course Zango want to deposit them on the steps of Gotham City and let me dispense some Batman-style justice to their posterior.

However, based on the way these things tend to go - God forbid anyone ever offer up the identity of someone happily scamming the public at large, even when that person is dragging the name of the company associated with them through the mud by their antics - I think I might be waiting some time for the Bat Signal...

Gartner Event Processing Summit (and EPTS Meeting), Sept 2008

Sat, 30 Aug 2008 08:57:00 +0000

Many folks have been sending me email, inquiring if I will be attending the Gartner Event Processing Summit, September 15-16 or the 4th Event Processing Symposium, September 17-19, 2008 (the EPTS meeting). I regret not attending either event this year and will miss getting together with everyone. In addition, I would like to thank Opher and the EPTS team for inviting me.

As we get closer to the conference dates, I wish that I had made plans to fly back to the US to meet everyone. However, I have been cutting back on public speaking, taking a break since May. In addition, Gartner did not ask me to speak at their Event Processing Summit this year, I assume because they did not want to pay airfare for my flight from Thailand to the US. Also, Gartner always likes to fill their conference speaking slots with as many Gartner speakers as they can, unless you are a paid sponsor; and I noticed a number of Gartner employees speaking in multiple slots.

(Editorial Note) Then again, maybe I complained to much about the lack of organization and conference problems when I was invited at be a Gartner keynote speaker last time - reservations not made propertly, problems with the guest speaker registration list at sign-in, rooms shifted without notifying the speakers and panelists. Admittedly, I was not happy with the conference organizers at the last get together. This was my fault, as I am accustomed to better conference execution and am probally too “picky” about details these days - my bad. Anyway, the Gartner organizers apologized numerous times, saying they had too many conferences going on at the same time and not enough people to cover them all.

One of the problems with spending so much time in Asia, especially in Thailand, is that guest speakers are really treated as VIPs. There are usually special comfy couches set up for the speakers and the conference staff really treat you very nice, taking care of you every step of the way. In fact, there is an entire very nice culture around how guest speakers are treated in Thailand. Often, they pin flowers on the VIP speakers and take your photos like you are a star. Very nice culture.

I absolutely look forward to speaking on event processing or CEP at a future venue and meeting everyone face-to-face instead of over the net. My sincere and deepest apologies for not attending either the Gartner or the EPTS event this year.

PS: If you take up a collection and send me a RT business class air ticket, I might change my mind

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Mon, 25 Aug 2008 09:00:00 +0000

(Source: Tripwire) Looking for a File Integrity Monitoring Solution? With the numerous servers, devices and applications organizations rely on to support their everyday business, outages and security breaches due to poor IT configurations are unacceptable. In addition, many organizations must now prove compliance with standards like PCI DSS designed to protect systems and sensitive data. File integrity monitoring solutions minimize security risk resulting from undesirable configuration change by monitoring, detecting, and reconciling changes to key files throughout the virtual and physical IT infrastructures.

Learn how file integrity monitoring solutions work and the capabilities you should expect your solution to have. Then review a detailed checklist you should complete before purchasing your solution. Finally, discover how Tripwire Enterprise effectively combines file integrity monitoring with configuration assessment-a single configuration control solution that proactively assesses and monitors the IT infrastructure and enables organizations to achieve and maintain compliance with standards and regulations.

Web Based Botnet Command and Control Kit 2.0

Fri, 22 Aug 2008 10:02:15 +0000

The average web based command and control kit for a botnet consisting of single user, single campaign functions only, has just lost its charm, with a recent discovery of a proprietary botnet kit whose features clearly indicate that the kit's coder know exactly which niches to fill - presumably based on his personal experience or market research into competing products.

What are some its key differentiation factors? Multitasking at its best, for instance, the kits provides the botnet master with the opportunity to manage numerous different task such as several malware campaigns and DDoS attacks simultaneously, where each of these gets a separate metrics page.

Automation of malicious tasks, by setting up tasks, and issuing notices on the status of the task, when it was run and when it was ended. Just consider the possibilities for a scheduling malware and DDoS attacks for different quarters.

Segmentation in every aspect of the tasks, for instance, a DDoS attacks against a particular site can be scheduled to launched on a specific date from infected hosts based in chosen countries only.

Customized DDoS in the sense of empowering the botnet master with point'n'click ability to dedicate a precise number of the bots to participate, which countries they should be based in, and for how long the attack should remain active. Quality and assurance in DDoS attacks based on the measurement of the bot's bandwidth against a particular country, in this case the object of the attack, so theoretically bots from neighboring countries would DDoS the country in question far more efficiently.

Historical malware campaign performance, is perhaps the most quality assurance feature in the entire kit, presumably created in order to allow the person behind it to measure which were the most effective malware and DDoS campaigns that he executed in the past. From an OSINT perspective, sacrificing his operational security by maintaing detailed logs from previous attacks is a gold mine directly establishing his relationships with previous malware campaigns.

Bot Description:

1. Completely invisible Bot work in the system.
2. Not loads system.
3. Invisible in the process.
4. Workaround all firewall.
5. Bot implemented as a driver.

Functions Bot (constantly updated):

1. Downloading a file (many options).
2. HTTP DDoS (many options, including http authentication).

The web interface

-- Convenient manager tasks.
-- Every task can be stopped, put on pause, etc. ...
-- Interest and visual scale of the task.

-- A task manager for DDoS and Loader

-- For DDoS tasks

Bots involved in DDoS 'f.
Condition of the victim (works, fell).

2. Bots manager
-- Displays a list of bots (postranichno).
-- Obratseniya date of the first and last.
-- ID Bot.
-- Country Bot.
-- Type Bot.
-- The status Bot (online / offline).
-- Bot bandwidth to different parts of the world (europe, asia).
-- The possibility of removing bots

-- When you click on ID Bot loadable still a wealth of information about it

3. Statistics botneta
-- Statistics both common and build Bot.
-- Information on the growth and decline botneta dates (and build).
-- Bots online
-- All bots

-- Dead bots.

4. Statistics botneta country

-- All countries to work on

-- New work by country

-- Online work from country to country

-- Dead bots by country

5. Detailed history botneta

6. Convenient user-friendly interface adding teams
8. Admin minimal server loads
-- Use php5/mysql

Upcoming features :
1. Form grabber (price increase substantially), for old customers will be charged as an upgrade
2. Public key cryptography
3. Clustering campaigns and DDoS attacks

Despite it's proprietary nature, it's quality and innovative features will sooner or later leak out for everyone to take advantage of, a rather common lifecycle for the majority of proprietary malware kits in general.

Related posts:

BlackEnergy DDoS Bot Web Based

A New DDoS Malware Kit in the Wild

The Cyber Bot - Web Based Malware

The Black Sun Bot - Web Based Malware

Custom DDoS Capabilities Within a Malware

Botnet on Demand Service

Loads.cc - DDoS for Hire Service

Using Market Forces to Disrupt Botnets

Botnet Communication Platforms

A Botnet Master's To-Do List

DDoS on Demand VS DDoS Extortion
How Does a Botnet with 100k Infected PCs Look Like?

Let's Play Two

Tue, 12 Aug 2008 08:47:51 +0000

Every year my Dad and I go to see a Red Sox series. Last weekend was this year's trip and we went to Chicago to see the World Champion Boston Red Sox (saying that never gets old) play the White Sox. Of course, while you are in Chicago you have to see Wrigley Field, and we really lucked out. This weekend was Red Sox versus the White Sox (the battle of the Soxes they used to call it on Channel 38) on the southside and northside featured Cubs versus Cardinals! The last four World Series winners in town on the same weekend (Red Sox 04, 07, White Sox 05, Cards 06).

We learned several things- first in heaven the Cubs play the Red Sox in the World Series. Those ballparks are true gems. (In hell its probably the Yankees versus Phillies). Also, the people on the southside and northside *really* have a rivalry going. Its basically Boston v NY but they live in the same town! Here is one example from the southside

One of the great things about Wrigley (and there are many despite what southsiders say), is that its in the middle of a real neighborhood

Epicenter of Cub universe

Lots of action before and after game time, lots of people wandering around with gloves catching batting practices homers outside the stadium...err Field. Key point - Wrigley is a field, not a Stadium. Also Fenway is a Park. The Greek root of the word "paradise", means "enclosed green space", not concreteopolis

Wrigley is baseball Mecca

The greatest Cub of all, Ernie Banks, was our touchstone for the day - "Let's Play Two." we started at Wrigley for the day game (Zambrano got shelled) and then got crosstown for the night game.

To pull this off the L is your friend. As several Chicagoans pointed out, they are the only city that can have a true subway series, because the Red Line services both the White Sox and Cubs, whereas Mets-Yankees involves numerous transfers and so on.

We got to US Cellular Field which is fine but a shadow of Wrigley and absolutely nothing good to eat. Luckily we had Daisuke Matsuzaka on the hill

Before every game, Big Papi holds court in center with some players from the other team, he is to be a very popular guy. Ozzie Guillen told him before the series that with Manny gone, he wouldn't see a pitch to hit all weekend (ps. he did and crushed a bases loaded double)

The question we got most was - what about the Manny trade? His replacement strikes out a lot, but is otherwise a promising player

The Red Sox and White Sox share a little history, most especially Pudge Fisk who hit the famous homer in the 75 world series for the Red Sox and then had a great career for the White Sox (actually played more games for Chicago than Boston, but went into Cooperstown with a B on his hat)

Red Sox won, hanging out in Wrigley was an even bigger highlight, and Chicago is a beautiful city to visit, by far the most accessible of the big US cities. Also, lots of good places to eat courtesy of Thomas Ptacek.

FaceBook Under Massive Phishing Attack From China

Mon, 11 Aug 2008 04:20:01 +0000

Facebook is under attack with numerous phishing scams and it looks like the network effect is coming into full swing to allow the prolification of these scammers to spread virally. The worrying thing about these scams is that they are increasingly sophisticated.

Links List 8.8.08

Fri, 08 Aug 2008 15:03:05 +0000

Peace Corps meets long-term next-generation global leadership development meets really long-term international business development. IBM’s new Corporate Service Corps program is assisting numerous nonprofits and companies across the globe to become more efficient and more computer-savvy. In a span of three years, over 600 of IBM’s employees will spend month-long projects in countries where it wants a bigger footprint by donating their time and services. A reason (besides getting to work with Doug McClure) to work for IBM.

Buying a lemon is always a bad thing – but when you pay $1 billion for it?! Back in 2005, Google bought a 5% stake in AOL for $1 billion and now is calling that investment “impaired”. That’s one way of putting it, so it’s a good thing Google has money to burn.

At LinuxWorld this week, Bob Sutor, VP of open source and standards at IBM, said that the next 10 years is “do or die” for open source software designed for specific industries. 10 years? That’s like 70 years in open source development time.

And finally…8/8/08…the Olympics are here! Network administrators around the world, except for Terry Childs, will be eyeing office network bandwidth closely as people go online to watch streaming video of the games. NBC and Microsoft will offer 2,200 hours of live video coverage with up to 20 simultaneous live streams of different events. Plus NBCOlympics.com will offer 3,000 hours of on-demand video content. The time difference means that much of the primetime events will be broadcast while the Western hemisphere is supposed to be hard at work. Me – I’m just glad it’s the weekend, and I can get the Olympics fix I’ve been waiting years for.

Phishers Backdooring Phishing Pages to Scam One Another

Thu, 07 Aug 2008 11:01:50 +0000

There seems to be no such thing as a free phishing page these days, with phishers scamming one another at an alarming rate according to a recently published research entitled "There is No Free Phish:An Analysis of “Free” and Live Phishing Kits".

Cybercriminals attempting to scam other cybercriminals has been happening for years, with old school cases where backdoored malware tools such as crypters and binders are offered for free, or a newly released RAT whose client is in fact infected with a third-party malware. Realizing and definitely not enjoying the fact that the lowered entry barriers into cybercrime are empowering yesterday's script kiddies will malware kits that used to be utilized by a set of people who invested time and money into the process several years ago, this unethical competitive practice is only going to get more common. Backdooring phishing pages is one thing, backdooring entire web malware exploitation kits, next to the possibility to remotely exploit a competitor's command and control server is entirely another :

"Taking a more strategic approach, a cybercriminal wanting to scam another cybercriminal would backdoor a highly expensive web malware exploitation kit, then start distributing it for free, and in fact, there have been numerous cases when such kits have been distributed in such a fraudulent manner. The result is a total outsourcing of the process of coming up with ways to infect hundreds of thousands of users though client side exploits embedded or SQL injected at legitimate sites, and basically collecting the final output - the stolen E-banking data and the botnet itself."

What's to come in the long term? Why just backdoor the phishing page, when you can embedd it with a live exploit URL in an attempt to both, infect the cybercriminal about to use and obtain all of the already stolen virtual assets has has already stolen, and also, have a third-party maintain a blended attack campaign without even knowing it.

Related posts:
Phishing Campaign Spreading Across Facebook
Phishing Pages for Every Bank are a Commodity
RBN's Phishing Activities
Inside a Botnet's Phishing Activities
Large Scale MySpace Phishing Attack
Update on the MySpace Phishing Campaign
MySpace Phishers Now Targeting Facebook
MySpace Hosting MySpace Phishing Profiles
DIY Phishing Kits
DIY Phishing Kit Goes 2.0
PayPal and Ebay Phishing Domains
Average Online Time for Phishing Sites
The Phishing Ecosystem
Assessing a Rock Phish Campaign
Taking Down Phishing Sites - A Business Model?
Take this Malicious Site Down - Processing Order..
209 Host Locked
209.1 Host Locked
66.1 Host Locked
Confirm Your Gullibility
Phishers, Spammers and Malware Authors Clearly Consolidating
The Economics of Phishing

Open Wireless Networks on University Campuses

Thu, 31 Jul 2008 09:30:21 +0000

Open wireless networks raise privacy issues and entail increased risk of malicious attacks and illegal downloading activities. Such networks are nonetheless attractive—particularly to universities—because they enhance usability and thus expand access to nonsensitive system resources. At universities, such access brings numerous benefits to students, faculty, and the surrounding community alike. Here, the authors describe the challenges of removing individual user authentication requirements at the perimeter of a university network in which mobile device users access system resources over wireless links to the wired infrastructure. The authors discuss how to mitigate the security and privacy risks entailed in an open network of this sort, and also describe how IT departments can vary the network's degree of openness.