Ramblings & ephemera
From “Report: China’s botnet problems grows” (SecurityFocus: 21 April 2008):
Computers infected by Trojan horse programs and bot software are the greatest threat to China’s portion of the Internet, with compromises growing more than 20-fold in the past year, the nation’s Computer Emergency Response Team (CN-CERT) stated in its 2007 annual report released last week.
The response [...]
Posted on April 21st, 2008 by Scott Granneman
Filed under: law, security | No Comments »
From Charles Glass’ “The New Piracy: Charles Glass on the High Seas” (London Review of Books: 18 December 2003):
Ninety-five per cent of the world’s cargo travels by sea. Without the merchant marine, the free market would collapse and take Wall Street’s dream of a global economy with it. Yet no one, apart from ship owners, their [...]
Posted on April 20th, 2008 by Scott Granneman
Filed under: business, history, law, security | No Comments »
From Ryan Naraine’s “‘Pump-and-Dump’ Spam Surge Linked to Russian Bot Herders” (eWeek: 16 November 2006):
The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.
Internet security researchers and law enforcement authorities have traced the operation to [...]
Posted on December 10th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, security | Comments Off
From Mica Rosenberg’s “Guatemala forces end 10-year prisoner rule at jail” (The Washington Post: 25 September 2006):
Guatemalan security forces took over a jail run for over 10 years by inmates who built their own town on prison grounds complete with restaurants, churches and hard-drug laboratories.
Seven prisoners died when 3,000 police and soldiers firing automatic weapons [...]
Posted on September 28th, 2006 by Scott Granneman
Filed under: business, law, security, weird | Comments Off
From Wikipedia’s “MacDonald triad” (26 July 2006):
The MacDonald triad are three major personality traits in children that are said to be warning signs for the tendency to become a serial killer. They were first described by J. M. MacDonald in his article “The Threat to Kill” in the American Journal of Psychiatry.
Firestarting, invariably just for [...]
Posted on August 20th, 2006 by Scott Granneman
Filed under: Commonplace Book, law, science | Comments Off
From Seth David Schoen’s “Wiretapping vulnerabilities” (Vitanuova: 9 March 2006):
Traditional wiretap threat model: the risks are detection of the tap, and obfuscation of content of communication. …
POTS is basically the same as it was 100 years ago — with central offices and circuit-switching. A phone from 100 years ago will pretty much still work today. [...]
Posted on August 20th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, law | Comments Off
From Bruce Schneier’s “Mitigating Identity Theft” (Crypto-Gram: 15 April 2005):
The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. …
The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, law, security | Comments Off
From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005):
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, security | Comments Off
From Bruce Schneier’s “Burglars and “Feeling Secure” (Crypto-Gram: 15 January 2005):
This quote is from “Confessions of a Master Jewel Thief,” by Bill Mason (Villard, 2003): “Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important [...]
Posted on August 2nd, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, business, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
After successful exploitation, a bot uses Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), HyperText Transfer Protocol (HTTP), or CSend (an IRC extension to send files to other users, comparable to DCC) to transfer itself to the compromised host. The [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
… some of the more widespread and well-known bots.
Agobot/Phatbot/Forbot/XtremBot
… best known bot. … more than 500 known different versions of Agobot … written in C++ with cross-platform capabilities and the source code is put under the GPL. … structured in a [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
“A botnet is comparable to compulsory military service for windows boxes” - Stromberg
… Based on the data we captured, the possibilities to use botnets can be categorized as listed below. …
Distributed Denial-of-Service Attacks
Most commonly implemented and also very often used are [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, business, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
An event that is not that unusual is that somebody steals a botnet from someone else. … bots are often “secured” by some sensitive information, e.g. channel name or server password. If one is able to obtain all this information, he [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Webster U: InfoSec Management, business, security | Comments Off
From The Honeynet Project & Research Alliance’s “Know your Enemy: Tracking Botnets” (13 March 2005):
A botnet is a network of compromised machines that can be remotely controlled by an attacker. … With the help of honeynets we can observe the people who run botnets … Due to the wealth of data logged, it is possible [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, security | Comments Off
From Federico Biancuzzi’s “Phishing with Rachna Dhamija” (SecurityFocus: 19 June 2006):
We discovered that existing security cues are ineffective, for three reasons:
1. The indicators are ignored (23% of participants in our study did not look at the address bar, status bar, or any SSL indicators).
2. The indicators are misunderstood. For example, one regular Firefox user told [...]
Posted on July 30th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, law, science | Comments Off
From Alex Bellos’s “Coke. Guns. Booty. Beats.” (Blender: June 2005):
In the slums of Rio De Janeiro, drug lords armed with submachine guns have joined forces with djs armed with massive sound systems and rude, raunchy singles. Welcome to the most excitingâ€â€and dangerousâ€â€underground club scene in the world. …
Rio de Janeiro, Brazil, is the glamorous city [...]
Posted on July 18th, 2006 by Scott Granneman
Filed under: Commonplace Book, law, politics | Comments Off
From Charles R. Smith’s “Big Brother on Board: OnStar Bugging Your Car“:
GM cars equipped with OnStar are supposed to be the leading edge of safety and technology. …
However, buried deep inside the OnStar system is a feature few suspected - the ability to eavesdrop on unsuspecting motorists.
The FBI found out about this passive listening feature [...]
Posted on July 11th, 2006 by Scott Granneman
Filed under: Technology, Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, law, security | Comments Off
From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 January 2004):
Last month Bush snuck into law one of the provisions of the failed PATRIOT ACT 2. The FBI can now obtain records from financial institutions without requiring permission from a judge. The institution can’t tell the target person that his records were taken by the FBI. And [...]
Posted on July 11th, 2006 by Scott Granneman
Filed under: Wash U: Tech in Changing Society, Webster U: InfoSec Management, business, politics, security | Comments Off
From David Lague’s “Next step in pirating: Faking a company” (International Herald Tribune: 28 April 2006):
At first it seemed to be nothing more than a routine, if damaging, case of counterfeiting in a country where faking it has become an industry.
Reports filtering back to the Tokyo headquarters of the Japanese electronics giant NEC in mid-2004 [...]
Posted on July 11th, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, business, security | Comments Off
From “Triple DES Upgrades May Introduce New ATM Vulnerabilities” (Payment News: 13 April 2006):
In a press release today, Redspin, an independent auditing firm based in Carpinteria, CA, suggests that the recent mandated upgrades of ATMs to support triple DES encryption of PINs has introduced new vulnerabilities into the ATM network environment - because of other [...]
Posted on July 11th, 2006 by Scott Granneman
Filed under: Webster U: InfoSec Management, business, security | Comments Off