Hackers Break Into Linux Source Code Site

As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers.

The bad guys paid the good guys an unwelcome visit earlier this month, breaking into the Kernel.org website that is home to the Linux project. They gained root access to a server known as Hera and ultimately compromised “a number of servers in the kernel.org infrastructure,” according to a note on the kernel.org website.

Administrators of the website learned of the problem and soon discovered a number of bad things were happening on their servers. Files were modified, a malicious program was added to the server’s startup scripts and some user data was logged.

Posted in Security Stories | Tagged , , , , | Leave a comment

New Windows Worm Wriggling Through Networks

A retro worm attack is underway that takes the unusual spin of employing the Remote Desktop Protocol (RDP) in Windows’ remote desktop connection feature as its attack vector.

Researchers from Microsoft, F-Secure, eEye Digital Security, and other organizations say the so-called Morto worm infects Windows workstations and Windows servers. It spreads by uploading a Windows DLL file to a targeted machine. The worm looks for weak administrator passwords in Remote Desktop on an organization’s network — everything from “12345” to “admin” and “password.”

Researchers say the attack could be used for various purposes, including distributed denial-of-service (DDoS) attacks against targeted organizations. “The remote control feature allows bot-like control of the infected machines and they can be used for basically any purpose,” says Mikko Hypponen, chief research officer of F-Secure Lab.

Posted in Security Stories | Tagged , , , | Leave a comment

Google One of Many Victims in SSL Certificate Hack

A Dutch company that issues digital certificates used to authenticate websites said that several dozen other websites in addition to Google have been affected by a security breach.

The company, DigiNotar, issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates, which are validated by Web browsers to ensure people are not visiting a fake website that is trying to appear legitimate.

DigiNotar is what’s called a Certificate Authority (CA), an entity that sells digital certificates to legitimate website owners. But DigiNotar issued a digital certificate for the google.com domain, a mistake that could allow a skilled attacker to intercept someone’s e-mail.

Posted in Security Stories | Tagged , , , | Leave a comment

New Windows Worm Spreads By Attacking Weak Passwords

A new Windows worm is working its way through company networks by taking advantage of weak passwords, security researchers said over the weekend. The worm, dubbed “Morto” by Microsoft and Helsinki-based F-Secure, has been circulating since at least last week, when company administrators noticed systems generating large numbers of unexplained connections to the Internet.

“Although the overall number of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable,” said Hil Gradascevic, a researcher with the Microsoft Malware Protection Center (MMPC), in a Sunday blog.

Morto spreads using RDP, or Remote Desktop Protocol, the Microsoft-made protocol for controlling one computer by connecting to it from another.

Posted in Security Stories | Tagged , , , | Leave a comment

UK Charges Another Alleged Anonymous Member

U.K. police said Thursday a 22-year-old student has been charged in connection with participating in distributed denial-of-service attacks (DDOS) with the hacking collective Anonymous.

Peter David Gibson, of Hartlepool, was charged with conspiracy to do an unauthorized act in relation to a computer under the Criminal Law Act of 1977. Gibson has been bailed and is scheduled for an appearance in Westminster Magistrates Court on Sept. 7.

Posted in Security Stories | Leave a comment

Transition From IPv4 to IPv6

Even though the transition started roughly ten years ago, there is still much confusion as to the intricacies of the migration from IPv4 to IPv6. IPv4 is version 4 of the Internet Protocol that we have been using since the early 80’s, using a 32-bit address such as Currently, there are less than 10% of these IP addresses left in the global pool of unallocated IPv4 addresses. IPv6 is version 6 of the Internet Protocol, using a 128-bit address such as 3412:2003:3545:30de:680a:9876:32cd:302d. IPv6 addresses are normally written with hexadecimal digits and colon separators. The IPv6 address database possesses the capability of hosting 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. To put this into perspective, there are as many IPv6 addresses as there are grains of sand on the earth!

The IPv6 conversion will also completely eliminate the need for IP masquerading in the form of Network Address Translation (NAT).  Since so many IP addresses will be in circulation, there will no longer be any pressure on the IP address space.  If there is no pressure on the IP address space, then there is no reason to translate the private addresses to the public addresses and back again which means there is no longer a necessity for NAT.

One of the greatest challenges organizations have to contend with is handling large and unwieldy IPv6 addresses.  Two familiar mechanisms have been adjusted to assist with addressing the challenges of working with exceptionally large IPv6 addresses.  With IPv6, DHCP has been largely modified with a stateless auto-configuration mechanism where routers send out “router advertisements” that contain the upper 64 bits (network portion) of an IPv6 address and hosts generate the lower 64 bits themselves, mostly by using their ethernet physical or MAC address, in order to form a complete address.  Therefore, the IPv6 network has been identified and new devices can be added quite easily without the need to “reserve” IP addresses as we do with the current IPv4 process.

The second modification deals with modern Domain Name System.  DNS software is capable of sending and receiving packets larger than 512 bytes.  If a DNS server doesn’t indicate this capability in its request, the root server will fit as much as possible within the 512-byte packet and mark it as “truncated,” which is the indication that the request should retry over TCP rather than the usual UDP.  Older DNS software shouldn’t have any problems either, as long as the firewall doesn’t block DNS packets larger than 512 bytes or DNS requests over TCP.

The global Internet utilization trend is moving towards mobile media and applications.  The greatest demand for IPv6 is being driven by mobile smart phones.  Today, it is not uncommon for mobile phones to support multiple multimedia applications such as YouTube or even live television.  However, even with recent advances, the U.S. Market lags in not just mobile media but mobile applications behind Asian Pacific and European regions.  The compelling advantage in the Asian Pacific region is the proliferation of IPv6 where mobile devices have Internet addressable IP addresses.  This empowers each device to not only initiate new outbound connections but also to have new inbound connections initiated to it.  Media companies working with mobile providers can deliver content directly to IPv6 enabled applications, rather than waiting for the device to connect and request information.

However, this goes far beyond mobile applications and allows any device to be IPv6 enabled and Internet connected.  We are starting to see IP enabled televisions, DVRs, DVD players and other media devices, but with the drive for home automation we will start to see refrigerators, washing machines, along with other appliances, not to mention other systems such as HVAC, lighting and surveillance systems. We are also starting to see IP based car systems, where your mobile phone can control a variety of automobile functions.  Some vehicles are even coming with WiFi systems.   Realistically, just about anything else that you plug into an outlet can be Internet enabled and acquire a unique IP address.

Japan began implementing their Internet Protocol switch in the late 90’s, years before the transition was even considered mandatory.  The Japanese prime minister used his executive power to boost the migration by offering tax breaks to companies that switched to IPv6.  Considering China and India possess populations of 1,337,700,000 and 1,181,263,000 respectively, it is no wonder that Japan, China and South Korea developed IPv6 in Asia back in 2005.

In the United States, there is no definitive migration plan to convert businesses to IPv6 addresses.  The U.S. Contains 5% of the world’s population, yet has 60% of the supply of IPv4 addresses.  This advantage in availability of the majority of IPv4 address space, along with a lack of any mandate, has  kept the U.S. market from completing the transition.  Asia has 60% of the world’s population and not enough IPv4 addresses to support their infrastructure explosion.  IPv4 and IPv6 will need to coexist during the transition, which creates an apathetic approach to the migration in the first place.  Businesses do not feel forced to make the switch and thus will remain with IPv4 addresses until the switch is dire enough to keep their customers on board and their paychecks afloat.  Even if there is no immediate draw to support IPv6, organizations need to ask themselves one simple question: “When IP addresses run out, how will they communicate with organizations that are only IPv6 enabled?”

Another challenge involves security surrounding IPv6.  At first, vulnerabilities may pose a threat to newly implemented IPv6 addresses.  Most security tools such as access control devices, threat management tools, hardware appliances and host based intrusion detection programs have not been programmed to inspect IPv6 packets to the extent that is needed.  Data on these packets can bypass most network security.  The Windows firewalls do not handle IPv6 so these packets would pass through uncontested.  However there are some very effective threat management tools such as Palo Alto Networks that support access and application control, along with threat management.

There are many challenges  associated with the migration of IPv6, yet many beneficial outcomes.  The sooner businesses support  IPv6, the better.  The specific transition period from when IPv4 addresses are depleted to the full integration of IPv6 can either be blissfully short or frighteningly drawn out.

Posted in Blog Posts | Tagged , , , , | Leave a comment

MIT Researchers Craft Defense Against Wireless Man-In-Middle Attacks

MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels.

Posted in Security Stories | Leave a comment