Cybersecurity / Recently Commented

DNS Attack Code Has Been Published

As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more

Targeted Social Engineering Attacks Against Corporations Reach Record Levels

A recent report by iDefense Labs estimates that there have been 66 distinct spear phishing attacks between February 2007 and June 2008, with the rate of attacks continuing to accelerate. Spear phishing groups have claimed more than 15,000 corporate victims in 15 months, with victim losses exceeding $100,000 in some cases. Victims include Fortune 500 companies, financial institutions, government agencies, and legal firms. more

DNS Security Flaw Secret Leaked Prior to Set Date: Patch DNS as Fast as Possible

In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors... more

U.S. Comprehensive National Cybersecurity Initiative Single Largest Fund for 2009

Walter Pincus of The Washington Post is reporting that President Bush's single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence. CNCI or "Cyber Initiative" is a highly classified, multiyear, multibillion-dollar project designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. "It is no longer sufficient for the U.S. Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions," says Director of National Intelligence Mike McConnell. more

Website of Georgian President Under Attack, Political Motivation Suspected

For over 24 hours the website of President Mikhail Saakashvili of Georgia, a former Soviet republic, has been down as a result of a distributed denial of service (DDoS) attack. This attack appears to have a political motivation, says Jose Nazario of Arbor Neworks. "Tensions between Russia and Georgia appear to be running high lately." According to The Shadowserver Foundation, a security watchdog group, the site ( began coming under attack very early Saturday morning (Georgian time). more

Many Systems Open to Attack Through Channels Enabled to Support IPv6 Traffic

It may be years before the new internet protocol IPv6 takes over from the current IPv4, but a security researcher is warning that many systems -- corporate and personal -- are already open to attack through channels that have been enabled on their machines to support IPv6 traffic, according to the Wired report by Kim Zetter. Joe Klein, a security researcher with Command Information, says many organizations and home users have IPv6 enabled on their systems by default but don't know it. They also don't have protection in place to block malicious traffic, since some intrusion detection systems and firewalls aren't set up to monitor IPv6 traffic, presenting an appealing vector through which outsiders can attack their networks undetected. more

Obama Says Cybersecurity Would Be Top Priority in His Administration

Sen. Barack Obama, the U.S. presidential candidate outlined in a speech yesterday, what he envisioned for a cyber-security infrastructure that would protect the nation's computer networks and strengthen science and computer education programs. "I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information -- from the networks that power the federal government, to the networks that you use in your personal lives." more

Romanian Authorities Arrest Over 20 Cybercrime Suspects

Authorities have arrested more than 20 people in Romania who are suspected of running online fraud schemes, according to media reports. The Tuesday arrests were confirmed by the U.S. Federal Bureau of Investigation (FBI), which has been working with Romanian officials on cybercrime in recent months. The FBI would say only that the agency is aware of the arrests and because "this is an ongoing matter, we will have no further comment at this time." The losses caused by the cybercrime ring is estimated to reach millions of euros. more

Cybercrime Organizational Structure Has Evolved, Reveals New Report

Finjan’s Malicious Code Research Center has released a report on the latest developments of today’s Crimeware business environment. "With the transition of cybercrime from amateur hacker attacks to highly professional cybercrime business models," says the report. "We see that the organizational structure of cybercriminals reflects this trend. Individual hackers operating independently or groups of hackers with common goals have been replaced by hierarchical cybercrime organizations were each cybercriminal has his own well-defined role and reward system. The current cybercrime organizations bear an uncanny resemblance to organized crime organizations such as the Mafia." more

An Astonishing Collaboration

Wow. It's out. It's finally, finally out... So there's a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes...somewhere. Not where it was supposed to... I'm pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn't get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day... more

Gmail Collaborate With eBay and PayPal to Fight Phishing

Google has recently announced that it has succeeded in working with eBay and PayPal, also owned by eBay, to fight phishing by using authentication standards DomainKeys and DomainKeys Identified Mail (DKIM). According to Google, this is the main tool used by Gamil to keep spam out of its inboxes. However, Brad Taylor, Google's Software said in a blog post, that "these systems can only be effective when high volume senders consistently use them to sign their mail -- if they're sending some mail without signatures, it's harder to tell whether it's phishing or not. Well, I'm happy to announce today that by working with eBay and PayPal, we're one step closer to stopping all phishing messages in their tracks." Google hopes this will set a good example for other organizations to follow suit and work towards making email trustworthy. more

Security Experts Caution Against Latest Strom Warm Campaign Claiming U.S Invasion of Iran

Recent blast of emails linked to Strom Warm attempt to exploit client-side vulnerabilities by stating that the U.S. army has invaded Iran. The email is also reported to contain links to videos. The text reads:

“Just now US Army’s Delta Force and U.S. Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran’s Army resistance. The video made by US soldier was received today morning. Click on the video to see first minutes of the beginning of the World War III. God save us.” more

Internationalization of Malware Has Become a Difficult Challenge

Former malware analyst, Wes Brown, has reported on the growing internationalization of malware. He writes: "In the past, an anti-malware company could focus on English-targeted samples. But an increasing percentage of malware samples are international in origin and targeting international machines. I saw numerous cases of Chinese malware targeting Chinese software or hosts. This was quite a challenge to determine if it was malware or not for several reasons." Brown further explains: "One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in." more

Lithuanian Government and Corporate Websites Attacked

Hundreds of Lithuanian government and corporate Web sites were hacked and plastered with Soviet-era symbols and other digital graffiti this week in what appears to be a coordinated cyber attack launched by Russian hacker groups, reports Brian Krebs of the Washington Post. According to reports, Lithuanian officials did not directly accuse Russian hackers of initiating the attacks which are said to have come from foreign computers. However, iDefense, a security intelligence firm, based in Reston, VA, as linked the attacks to nationalistic Russian hacker groups protesting a new Lithuanian law banning the display of Soviet emblems, including honors won during World War II. more

Give Web Browsers Expiry Dates, Say Security Researchers

Computer security researchers from ETH Zurich, Google, and IBM have suggested that computer software would be more secure if it were labeled with an expiration date -- similar to perishable food product. Firefox 2 is considered to be the most secure browser since 83.3% of its users worldwide are running the current version. The issue of browser security matters more these days because more and more malware is targeting Web browser vulnerabilities. Remotely exploitable vulnerabilities have been on the rise since 2000 and accounted for 89.4% of vulnerabilities reported in 2007, according to the study, which claims that a "growing percentage of these remotely exploitable vulnerabilities are associated with Web browsers." more