February 29th, 2008

Judge releases Wikileaks

Posted by Richard Stiennon @ 8:46 pm

Categories: State Sponsored Hacking

Tags: Domain Names, Internet, Richard Stiennon

All it took was a little representation. That is one trouble with the US legal system. You have to show up to defend yourself. The guys at Wikileaks.org were effecitvely put out of business by aggressive swiss bankers because they did not show up in court. At a federal appeal today in San Francisco there was plenty of representation from the good guys, including the EFF.

Victory! You will note that the domain name Wikileaks.org now resolves properly.

In transit to Australia. If you are traveling to Canberra, Brisbane, Melbourne, or Sydney next week, drop me a line mate!

Update:  Stiennon’s blog has moved to here.  

February 29th, 2008

Oil field data loss just common theft

Posted by Richard Stiennon @ 8:55 am

Categories: State Sponsored Hacking, Stupid Criminal stories

Tags: Brazil, Data Loss, Data, Firewalls, GIS, Network Security, Security, Networking, Software, Richard Stiennon

Sighs of relief can be heard coming from Brazil this week as police arrested four men (port security guards) responsible for heisting some computers that had lots of data from the newly discovered mega-oil-patch off the coast of Brazil.

Way back when I was an industry analyst I remember fighting the battle against universitites about so called academic freedom and firewalls. The argument ran that places of higher learning should not erect barriers that would limit access to information. That laughable theory applied to IT security has long since been discredited but the horrifying aspect was that the idea of no-firewalls was also present in major US government agencies such as the US Geological Survey, which is part of the Department of the Interior.

The USGS IT guys proudly told me that they were a research organization made up of scientists who would not abide firewalls. In further discussions they revealed that every oil and gas exploration company was required to store copies of their GIS data with USGS. I found this frankly horrifying because in all my travels I had found that oil and gas companies have the best security of any industry and they recognize the value of their data and go to extraordinary measures to protect it. And here I find that they are all sharing that data in an unsecured repository.

This was in 2002. I am sure that by now the USGS has instituted some protections around that data. They may even have firewalls.

Update:  Stiennon’s blog has moved to here. 

February 27th, 2008

Declan on Wikileaks

Posted by Richard Stiennon @ 4:02 pm

Categories: State Sponsored Hacking

Tags: Internet, Domain Names, Litigation, Semiconductors, Processors, Business Operations, Hardware, Components, Richard Stiennon

The news today is that several free speech advocates are stepping into the fray over Wikileaks. See Declan McCullagh’s coverage. I love his syllogism:

[Shutting down Wikileaks is] like Apple not liking CNET News.com’s scoop a few years ago (which it was) about the switch to Intel microprocessors–and then trying to yank our domain name through a court injunction. Or AT&T trying to get us taken off the Internet after our story about how its lawyers filed an improperly redacted brief in the litigation over National Security Agency surveillance.

Free speech matters. First principles matter. Wikileaks may not be exactly a news organization in the traditional sense, but precedents set in this case could ripple far beyond Judge White’s courtroom in San Francisco.

Could not agree more Declan. I wish I was sticking around the Bay Area but I have a plane to catch to Australia. Would be great to be at that hearing!

Update:  Stiennon’s blog has moved to here. 

February 27th, 2008

Only 8,700 insecure ftp servers?

Posted by Richard Stiennon @ 3:51 pm

Categories: CyberCrime

Tags: Idea, FTP Server, Server, FTP, Security, Richard Stiennon

According to ComputerWorld coverage Finjan is publicizing a source in Hong Kong they have discovered that offers to sell access to hacked ftp servers. The idea is that a malware purveyor or phisher would want ftp access with admin credentials so they can quickly and easily upload there wares to the web sites served by the ftp service.

Larry Dignan thinks this may be the first “Hacking as a Service” example but he is way off. There have been sites in the past that allowed you to execute a “ping of death” against any site, or a ping storm or whatever, just type in the IP or URL and watch what happens. So nothing new there. The “new” is the financial model. Selling access piecemeal. Kind of Hacking 2.0.

The simple warning to administrators: Use ftp over secure shell (SSH) to update your servers. Yes, use the advanced authentication techniques.

Only 8,700 out of 65,000,000 active web servers? That is a good percentage.

Update:  Stiennon’s blog has moved to here. 

February 26th, 2008

You can keep on asking...

Posted by Richard Stiennon @ 8:55 am

Categories: State Sponsored Hacking

Tags: Agency, General Accounting Office, Authentication, Advertising & Promotion, Firewalls, Telnet, Security, Marketing, Networking, Richard Stiennon

But you have to ask the right questions. Two senators have sent a letter to 24 US agencies asking them to report on their progress in data protection. This article at Federal Computer Week highlights the woeful state of security compliance at most US agencies.

This is great. There can be no change without someone asking these type of questions. But what worries me is that adopting policies such as NIST 800-53 is only the very first step towards becoming secure. GAO, and other agencies that are attempting to address the sorry state of security within the US fed should move on to requiring more proactive steps. Things like:

Every firewall will be set up to deny by default.

Every firewall will explicitly block high level ports.

Telnet, FTP, and TFTP may not be used unsecured.

Administrative access to be granted via strong authentication only.

These mandates would be a start. After getting over the firestorm of objections the GAO could start to work on configuration management and universal strong authentication.

Update:  Stiennon’s blog has moved to here. 

February 24th, 2008

Pakistan removed from the Internet

Posted by Richard Stiennon @ 1:40 pm

Categories: State Sponsored Hacking

Tags: YouTube Inc., Pakistan, Internet, Internet Service Providers (ISPs), Richard Stiennon

4:30 PM Eastern (US).

The telecom company that carries most of Pakistan’s traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP’s must block access to YouTube because it was a source of blasphemous content.

I cannot let the irony pass with out commenting. A religious state, Pakistan, identifies a content provider, YouTube, as the source of blasphemous, seditious content and orders, King Canute style, that the Internet tides be stopped. A zealous ISP ignorantly decides the best way to comply with the decree is to re-route all of YouTube’s IP addresses to whatever site they thought was more appropriate. The first repercussion was that YouTube disappeared from the Internet for almost an hour. I suspect the second repercussion was that Pakistan’s Internet access crawled to a halt as all of a sudden they were handling IP requests for one of the busiest sites in the world. As of this writing YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling. So, while working on a fix that will filter out the spurious route announcements, PCCW has found it necessary to shut down Pakistan’s Internet access. The leadership of Pakistan just created a massive Denial of Service on their own country.

I could say: “be careful what you wish for” to those elements that object to free and open access to information and expression of ideas. But to put it in terms they might understand better: Do not anger the Internet gods or you will suffer their wrath!

Update: This blog points out that the “blasphemous content” claim may be a red herring. There may be more political motivations behind it.

Update:  Stiennon’s blog has moved to here. 

February 24th, 2008

Pakistan declares war on YouTube

Posted by Richard Stiennon @ 12:36 pm

Categories: State Sponsored Hacking

Tags: YouTube Inc., Pakistan, Internet Service Providers (ISPs), Internet, Richard Stiennon

What could at first have been just one of those days on the Internet where some newbie engineer accidentally announces a spurious route and takes out a segment of the network has turned into an international fiasco. But no, Pakastan has ordered all ISP’s to block YouTube. From Yahoo news:

ISLAMABAD (AFP) - Pakistan has ordered all Internet service providers to block the YouTube website for containing “blasphemous” content and material considered offensive to Islam, officials said Sunday.

YouTube because it contained “blasphemous content, videos and documents,” a government official told AFP.

“The site will remain blocked till further orders,” he said.

So an ISP in Pakistan decided to announce a route that would re-direct anyone trying to get to YouTube to some other site that probably hosted a warning about the blasphemous content. Results were predictable. YouTube itself disapeared from the Internet, And, I suspect that most of Pakistan is experiencing performance issues as they are receiving ALL of the YouTube requests from around the world. By 2:30 the Internet watch guards had alerted the backbone provider for Pakistan to filter out those malicious route announcements and alerted YouTube to announce more granular routes that would supercede the Pakistani routes, at least in the US.

As of this writing, 3:30 Eastern most of the rest of world can still not get to YouTube.

February 24th, 2008

Pakistan takes out YouTube

Posted by Richard Stiennon @ 12:16 pm

Categories: State Sponsored Hacking

Tags: YouTube Inc., Pakistan, Internet, BGP, Routers & Switches, Network Technology, Networking, Security, Richard Stiennon

Like I said in a recent post, the Internet is a series of tubes. Sometimes that helps route around malicious legislation and regulators, sometimes it causes big problems. Like today at 2 PM eastern when someone in Pakistan announced a more specific BGP route announcement for the block of IP addresses that YouTube uses. Routers default to the more specific route announcement. Now all YouTube traffic is being routed to Pakistan.

Our trusting routers are the BIGGEST security hole. Malicious attackers can easily disrupt the entire Internet by betraying that trust.
Thanks to Barrett Lyon at Bitgravity for tracking this.

Update:  Stiennon’s blog has moved to here. 

February 22nd, 2008

Get a clue Morocco

Posted by Richard Stiennon @ 10:38 pm

Categories: Stupid Criminal stories

Tags: Government, Internet, Vertical Industries, Enterprise Software, Software, Richard Stiennon

Do you ever get the feeling that the people around you are missing out on a major shift in the way the world works? Try explaining lolcats to your grandfather for instance. I feel sorry for the powers that be in Morocco who have sentenced Fouad Mourtada, a guy with a clue, to three years in jail for spoofing a Facebook site for a member of their so-called royalty.

I feel sorry for the backward thinking elements of the world as we enter an accelerated phase of how humans communicate and works. Let Fouad go. Hire him to instill cluefulness in your government.

What’s next? Arresting somebody for Leroy Jenkins syndrome?

I am compiling a top ten list of government stupidity when it comes to the Internet. This qualifies.

Update:  Stiennon’s blog has moved to here. 

February 22nd, 2008

TippingPoint tips balance in withdrawal of CFIUS application

Posted by Richard Stiennon @ 1:18 pm

Categories: State Sponsored Hacking

Tags: Bain, 3Com Corp., TippingPoint Technologies, Government, Ethernet, Vertical Industries, Food & Beverage, Mergers & Acquisitions, Networking, Enterprise Software

I met Mike Rothman last night for drinks. He was on a once in a lifetime pass through Southfield, Michigan. I found myself acting like many people do in the presence of a knowledgeable industry analyst. I asked questions. One of them was: “What about this 3Com mess?” I’ll let Rothman give his thoughts at SecurityIncite.com. Here are mine.

Remember that I was the only analyst who thought that the proposed Checkpoint acquisition of SourceFire was a mistake? I cheered when Checkpoint pulled out of that one. At the time they used the excuse that US government scrutiny of the deal would probably kill it. At that time Checkpoint was spooked because a Dubai based sea port company had trouble with some regulatory agency that no one had ever heard of before, the Committee on Foreign Investments in the US, or CFIUS.

This committee is evidently under the auspices of the US Treasury Department. It would be interesting for someone to challenge its constitutionality because it sure sounds fishy to me. Too date all it is doing is creating an atmosphere of fear among world organizations that are interested in making US investments.

I am not a huge fan of Wall Street suits that think they have a better idea when it comes to managing technology companies. Or any companies for that matter. Look where that got Kmart. In this case Bain Capital (yes, Mitt Romney’s brain child) decided to get involved in the convoluted history of poor old 3com, the ethernet switching company. According to Heidi Moore at Deal Journal, Huawei, the Chinese company best known for cloning Cisco gear, was going to take a small stake in 3com as Bain took the majority of it. Then, later on, Bain would sell all of 3com to Huawei.

On the face of it, the part that got the attention of the regulators was the fact that 3com equipment, in particular TippingPoint IPS devices, are installed within many government agencies including the Defense Department. There is probably a good argument to be made that a company with close ties to the Chinese government should not own TippingPoint. So, Bain was offering to carve that out. 3com had already announced an intention to sping tippingPoint off as a publicly traded entity.

My concern is that the 3com deal just fell victim to an escalating spat between two governments. A spat that is not going to do any good for the global economy if it continues.

Update:  Stiennon’s blog has moved to here.