[SecurityRatty] tag: remarkably

Game on!

Tue, 04 Nov 2008 21:00:00 +0000

In my last blog, we looked at increasing complexity on the part of both the “good” guys who are building legitimate businesses and on the part of the “bad guys” who are building a “dark network” of sorts that is remarkably like the first. Today, I’d like to dig into that and look at a system for explaining this; and I thought I’d use the phrase we used playing street hockey in my youth in Canada when the cars cleared the road, and the game got serious again: game on!...

Ed Felten on e-voting: What can go wrong

Sun, 02 Nov 2008 21:00:00 +0000

Voting machines of all stripes have remarkably similar flaws and though geographically scattered, inaccurate tallies of votes are not likely to flip a whole presidential election, there is a "nightmare scenario" that could. Meanwhile on the state level, security issues have already popped up in the wake of various states' deployments of direct-recording electronic (DRE) voting machines.

DNA Matching and the Birthday Paradox

Thu, 11 Sep 2008 02:21:02 +0000

Nice essay:

Is it possible that the F.B.I. is right about the statistics it cites, and that there could be 122 nine-out-of-13 matches in Arizona's database?
Perhaps surprisingly, the answer turns out to be yes. Let's say that the chance of any two individuals matching at any one locus is 7.5 percent. In reality, the frequency of a match varies from locus to locus, but I think 7.5 percent is pretty reasonable. For instance, with a 7.5 percent chance of matching at each locus, the chance that any 2 random people would match at all 13 loci is about 1 in 400 trillion. If you choose exactly 9 loci for 2 random people, the chance that they will match all 9 is 1 in 13 billion. Those are the sorts of numbers the F.B.I. tosses around, I think.

So under these same assumptions, how many pairs would we expect to find matching on at least 9 of 13 loci in the Arizona database? Remarkably, about 100. If you start with 65,000 people and do a pairwise match of all of them, you are actually making over 2 billion separate comparisons (65,000 * 64,999/2). And if you aren't just looking for a match on 9 specific loci, but rather on any 9 of 13 loci, then for each of those pairs of people there are over 700 different combinations that are being searched.

So all told, you end up doing about 1.4 trillion searches! If 1 in 13 billion searches yields a positive match as noted above, this leads to roughly 100 expected matches on 9 of 13 loci in a database the size of Arizona's. (The way I did the calculations, I am allowing for 2 individuals to match on different sets of loci; so to get 100 different pairs of people who match, I need a match rate of slightly higher than 7.5 percent per locus.)

Opinion: Better than locks: A security approach to "free"

Fri, 30 May 2008 01:22:15 +0000

Kevin Kelly's "Better Than Free" essay has been burning up the Internet for months as readers debate which concepts hold value online (and how to monetize those values). Geoff Leeming tackles the question from the security point of view... and comes up remarkably optimistic.

Free Wi-Fi for AT&T Laptop Mobile Broadband Subscribers

Tue, 20 May 2008 05:32:57 +0000

AT&T extends its free Basic Wi-Fi package to laptop-based mobile broadband subscribers, but not to smartphone users, including iPhones: This is a logical move, vastly overdue, because it's a better experience for a laptop user to have access in a Wi-Fi hotspot, while simultaneously removing load from AT&T's 3G network. This was predicted many years ago--as early as 2001 by EarthLink, Boingo Wireless, and Helio founder Sky Dayton--that 3G spectrum was scarce enough and expensive enough to operate that using Wi-Fi like a local heat sink to bleed usage off would keep 3G usable.

The other advantage, of course, is that 3G laptop users that find themselves out of the HSPA coverage area offered by AT&T don't fall back to EDGE or GPRS as long as they can find an AT&T-included hotspots. No hotspot operator likes to guarantee a particular local network speed, but I know that Wayport--which has or will build nearly all of the 17,000 locations in question here--aims for T-1 speed (1.5 Mbps each way) and quality (guaranteed uptime), depending on availability.

Windows laptop users with AT&T's Communication Manager software (version 6.8) installed will be automatically logged onto hotspots--and, I would guess, logged off 3G whether the user wants that or not! I'll be curious about reports from the field.

A 5G/month ($60/month or greater) plan is requierd for free Wi-Fi service.

The Boy Genius Report quotes what appears to be an internal AT&T memo about today's launch that free Wi-Fi for smartphones is coming later in 2008. Boy Genius has a remarkably good track record for a rumor/leak site, so I'm inclined to believe their report.

Hacker posts Chilean government data on 6 million

Tue, 13 May 2008 06:21:54 +0000

Chile's remarkably lax data and privacy protections are in the spotlight as a hacker -- looking to do exactly that -- posts personal data on around six million Chileans.

The United Nations Serving Malware

Wed, 23 Apr 2008 06:13:00 +0000

Yet another massive SQL injection attack is making its rounds online, and this time without the SEO poisoning as an attack tactic, has managed to successfully infect the United Nations events page, which is now also marked as malware infected page, and with a reason since both the malicious URl and the injection are still active. According to WebSense :

"This mass injection is remarkably similar to the attack we saw earlier this month. When a user browses to a compromised site, the injected JavaScript loads a file named 1.js which is hosted on http://www.nihao[removed].com The JavaScript code then redirects the user to 1.htm (also hosted on the same server). Once loaded, the file attempts 8 different exploits (the attack last April utilised 12). The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 as well as other applications. Ominously files named McAfee.htm and Yahoo.php are also called by 1.htm but are no longer active at the time of writing. There are further similarities too between the two mass attacks. Resident on the latest malicious domain is a tool used in the execution of the attack. An analysis of that tool can be found in the ISC diary entry here. Mentioned in that diary entry is http://www.2117[removed].net. Our blog on that attack can be found here. It appears that same tool was used to orchestrate this attack too. "

Let's assess the malicious injection. nihaorr1.com/ 1.js (219.153.46.28) is attempting to load nihaorr1.com/ 1.htm, where several other internal exploit serving URLs and javascript obfuscations load through IFRAMES, such as :

nihaorr1.com/ Real.gif
nihaorr1.com/ Yahoo.php
nihaorr1.com/ cuteqq.htm
nihaorr1.com/ Ms07055.htm
nihaorr1.com/ Ms07033.htm
nihaorr1.com/ Ms07018.htm
nihaorr1.com/ Ms07004.htm
nihaorr1.com/ Ajax.htm
nihaorr1.com/ Ms06014.htm
nihaorr1.com/ Bfyy.htm
nihaorr1.com/ Lz.htm
nihaorr1.com/ Pps.htm
nihaorr1.com/ XunLei.htm

and finally serve the malware, by also taking us out of the point and loading another malicious IFRAME farm at gg.haoliuliang.net/one/ hao8.htm?036 (222.73.44.162) :

Scanners Result: 18/32 (56.25%) :
W32/PWStealer1!Generic; PWS:Win32/Lineage.WI.dr
File size: 24667 bytes
MD5...: 4b913be127d648373e511974351ff04e
SHA1..: 0ab703c93e3ad7c03d1aae5ea394d7db3b89bfd2

Another internal IFRAME serving exploits is also loading at haoliuliang.net, gg.haoliuliang.net/wmwm/ new.htm where a new piece of malware is served :

Scanners Result: 26/32 (81.25%)
Trojan-PSW.Win32.OnLineGames.ppu; Trojan.PSW.Win32.OnlineGames.GEN
File size: 7205 bytes
MD5...: af05c777700b338f428463e56f316a05
SHA1..: bd68f621ec6c9796afa8b766c6cf4167afbd4703

As it appears, everyone's a victim of web application vulnerabilities discovered automatically, and either filtered based on high-page rank, or trying to take advantage of the long-tail of SQL injected sites to compensate for the lack of vulnerable high profile sites.

Related posts:
UNICEF Too IFRAME Injected and SEO Poisoned
Embedded Malware at Bloggies Awards Site
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
Yet Another Massive Embedded Malware Attack
MDAC ActiveX Code Execution Exploit Still in the Wild
Malware Serving Exploits Embedded Sites as Usual
Massive RealPlayer Exploit Embedded Attack
Syrian Embassy in London Serving Malware
Bank of India Serving Malware
U.S Consulate St. Petersburg Serving Malware
The Dutch Embassy in Moscow Serving Malware
U.K's FETA Serving Malware
Anti-Malware Vendor's Site Serving Malware
The New Media Malware Gang - Part Three
The New Media Malware Gang - Part Two
The New Media Malware Gang
A Portfolio of Malware Embedded Magazines
Another Massive Embedded Malware Attack
I See Alive IFRAMEs Everywhere
I See Alive IFRAMEs Everywhere - Part Two

Malicious microprocessor opens new doors for attack

Wed, 16 Apr 2008 07:16:23 +0000

A team of security researchers at the University of Illinois at Urbana-Champaign demonstrated on Tuesday a hack that, by compromising a remarkably small number of circuits on a microprocessor, gave them back-door access to the machine in which the chip was running. It's a lot of work to execute... for the moment.

1967 Article on Data Privacy and Security

Thu, 03 Apr 2008 02:35:49 +0000

An eerily prescient article from The Atlantic in 1967 about the future of data privacy. It presents all of the basic arguments for strict controls on data collection of personal information, and it's remarkably accurate in it's predictions of the future development and importance of computers as well all of all of the ways the government would abuse them.

Well worth reading.

Apple issues mega-monster security update

Wed, 19 Mar 2008 04:30:11 +0000

Just a day after a remarkably large Safari update, Apple released a "frighteningly large" security update that patched nearly 90 vulnerabilities in both its own code and the third-party applications it bundles with its Tiger and Leopard operating systems.