Rodney Campbell's Blog

The hack of the year

A Swedish hacker tells how he infiltrated a global communications network used by scores of embassies over the world, using tools freely available on the internet.

Malware Response and Analysis (PDF)

This paper examines the response needed when your computer is infected with malware, the effect of malware programs and how to determine the changes to an operating system.

Loophole in Windows Random Number Generator (pdf)

Apple Fixes ‘Misleading’ Leopard Firewall Settings

Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment comes less than a month after independent researchers threw cold water on Apple’s claim that Leopard’s firewall can block all incoming connections. The firewall patches come 24 hours after a Mac OS X update that provided cover for at least 41 security vulnerabilities.

Did NSA Put a Secret Backdoor in New Encryption Standard?

There are four different approved techniques, called DRBGs, or ‘Deterministic Random Bit Generators’ based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. A presentation at the CRYPTO 2007 conference showed that there are constants in the standard used to define the algorithm’s elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

First Use of RIPA to Demand Encryption Keys

The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn’t comply.

Security Pro Admits to Hijacking PCs for Profit

A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware.

Russian hacker gang vanishes day after moving to China

They severed connections to six of the seven net blocks on November 8

Encrypted E-Mail Company Hushmail Spills to Feds

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer”. But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

The World’s Biggest Botnets

What makes three of today’s largest botnets tick, what they’re after and a peek at the ‘next’ Storm.

Solaris 10 Security Best Practices

Sun and the Center for Internet Security working together, in concert with representatives from academia, industry and government, have published security guidance for Solaris 10 11/06 and 8/07.

Russian Business Network – Down, But Not Out

A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be building a new home for itself elsewhere on the Web.

Most consumers clueless about online tracking

Average users largely unaware of extent to which online marketers and advertisers are tracking their movements.

When AntiVirus Products (and Internet Explorer) Fail you

Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code.

OSX.RSPlug.A Trojan Horse Changes Local DNS Settings to Redirect to Malicious DNS Servers

A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites.

One-Third of Employees Violate Company IT Policies

A national survey of U.S. white-collar workers commissioned by the nonprofit, independent organization ISACA (formerly the Information Systems Audit and Control Association) has found that more than one-third (35%) of employees have violated their company’s IT policies at least once and that nearly one-sixth (15%) of employees have used peer-to-peer file sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk.

Employee Monitoring: Highlighting the Issues

While there is no doubt that employee monitoring is becoming standard practice, companies need to ensure that it complies with legal requirements and does not unduly affect the employment relationship. This feature outlines the law governing employee monitoring in various jurisdictions in Europe, the US and Asia-Pacific and provides some practical guidance on achieving compliance.

Identity thieves likely to be first-timers, strangers

An analysis of identity-theft cases closed by the U.S. Secret Service in the past six years has found that identity thieves typically do not have a criminal record and are generally not known by their victims.

DNS Recursion bandwidth amplification Denial of Service PoC

Facebook used against you!

Two pupils have been suspended from a private school after they were found to be members of a ‘dogging’ group featured in facebook.

Storm worm can befuddle NAC

Users will see that, for example, antivirus is turned on, but actually it isn’t scanning for viruses.