RSS

Monthly Archives: May 2008

A Few Things On This Beautiful Sunday In Virginia

Hello readers of Digital Frontier, I hope your day is going splendidly.  I just wanted to highlight a couple of things from the last few days.

First, I set up a Twitter account last night.  My twitter name is Scubastevo so go ahead and follow me.  Twitter is a “microblogging” platform that allows you to interact with friends with short messages of 140 characters.  I’m still trying to figure out the advantages of using this social network/blogging platform but it should be interesting.  I’m assuming it will get better when I get more friends and followers.  Go ahead and sign up for an account and add me as a friend; search for Steve S or Scubastevo to find me.

Second, I saw Indiana Jones 4 yesterday afternoon.  I must say that I enjoyed it immensely.  I’m not sure I liked the ending/points of the plot, but the action kept me engaged the whole time.  Additionally, it didn’t feel slow like Indiana Jones and the Temple of Doom did; or like any of the National Treasure movies.  I must say Harrison Ford is still badass in the role and the addition of Shia Leboeuf was a smart move in order to progress the Indy Series.

Third, I’m reading a book I got as a gift called Leading By Example, by Bill Richardson.  I’m not very far into it, but the overall theme of the book is energy independence and revolution.  His main points seem to be if we develop technology for better renewable resources, then we will become independent from the sources of non-renewable energy.  This advancement of renewable energy technology will act as a panacea for many of the problems we as Americans and citizens of the world encounter.  His book thus far has proven to be very frank and without bullshit or the normal ballyhooing that usually presents itself when talking about energy and resources.  I hope to write on this topic at a later date, but for now I think I’ll just finish the book.

Happy Memorial Day everyone!

 
Leave a comment

Posted by on May 25, 2008 in Environment, General

 

Tags: , , , , , , , , ,

The Future of Computer Exploits: Phlashing

Hewlett Packard’s Systems Security Lab has detailed a new type of attack that impacts hardware rather than software.  Exploiters, who are finding it harder and harder to to find loopholes in software systems, are beginning to take advantage of an attack called phlashing.  This attack, even though it has existed for a number of years, pinpoints Network Enabled Embedded Devices (NEEDS).

These NEEDS are vulnerable because of a security flaw found within the actual hardware of the computer.  Network enabled embedded devices have instructions called firmware for interfacing with other components.  Firmware is written in computer readable language- extremely basic in nature.  Exploits targeting this kind of language are not scannable by anti-virus programs since they exist at so basic of a level.

The principle vector for this type of permanent denial of service is loading a corrupted BIOS (Basic Input/Output Device System) onto the computer.  The corrupted BIOS ruins the hardware when it is turned on.  Options for mitigating this attack are limited- your only option is to replace the hardware.  Recently, reports have surfaced of counterfeited routers and other hardware being sold to the U.S. government and military.  The fear is that malicious coders and criminals would load corrupted firmware onto these networked devices.  If a company or government agency were to implement these corrupted devices into their network, it could possibly bring thier entire network to its knees.

A big debate is surfacing concerning the likelihood that this kind of attack would be implemented by hackers.  As my previous articles have highlighted, most hackers find it more efficient to hijack a computer to use as a part of a virtual army in a botnet; rather than render it useless with a virus.  Additionally, the risk of being caught executing this kind of attack on companies is very high.  Today, companies find it acceptable to guard against malware and phishing without too much involvement with law enforcement.  Messing with the hardware infrastructure of a company is an expensive proposition, making the attackers a prime target for investigators.  The way I figure, most criminals would prefer to stay out of reach of the long arm of the law.

Even if PDoS attacks don’t become a prevalent attack vector for exploiters and hackers, researchers at HP note that it reflects the ongoing diversification of  malware.  It is possible that the evolution of attacks such as these will one day denote a shift in common attack strategies.  The reserachers suggest that system engineers and administrators include protecting against this type of attack in thier network topology.  Defense in depth techniques could be strengthened with this type of attack in mind

 
1 Comment

Posted by on May 24, 2008 in Security

 

Tags: , , , , , ,

1,000 Views!!!!

Today, I passed the 1,000 view count!  This is very cool especially because the last blog I ran (on the Penn State blog system) was pretty lame.  I look forward to another 1,000 views which will likely come faster than the first thousand.

 
Leave a comment

Posted by on May 21, 2008 in General

 

Tags:

The Daily Scoop

For the fourth installment of my Daily Scoop series, I have a bunch of great links for you to check out.

First up is a Q & A from the Commanding Officer of AFCYBER- Major General William Lord.  The questions were posed from a Slashdot forum and answered very honestly and objectively by General Lord.

This article continues coverage on AFCYBER and related projects.  The article’s title is Mutually Assured DDoS, which caught my eye.

Here is something that also piqued my interest.  The Wired article basically explains that buying a used car is more energy efficient than buying a hybrid car.  As a consumer that is soon going to be thrust into the used car market, it is nice to have this kind of detailed comparison.

Release Candidate 1 for Firefox Beta 3 has been released.  I have been using the beta of the much anticipated third installment of Firefox for a few months.  It is chock full of new features, most of which I will detail in a review upon its final release.

I thought it was interesting to find out that Google (Search Engine Master) has started a Beta Version of a Public Health Record Storage System.  Their aim is to provide a central location for people to share their medical records with medical professionals.

 
Leave a comment

Posted by on May 19, 2008 in Daily Links

 

Tags: , , , , ,

NSA Website Unresponsive- Web Attack Possible?

As I was doing some research for my summer internship this past Thursday, my travels on the internet lead me to explore more about the NSA security guides.  As I tried to navigate my browser to the main NSA page, it proved unresponsive.  I thought to myself, well this is quite odd, how come one of the agencies that is charged with cyber security is down.

As it turns out, the DNS servers used to turn web addresses into computer and network readable IP addresses for NSA.gov were unavailable.  A spokesperson for the NSA said that their two DNS servers had become unreachable Thursday morning.  As for the reason behind this error, McPherson (a industry analyst) had this to say,

“It’s either an internal routing problem of some sort on their side or they’ve messed up some firewall or [access control list] policy,” he said. “Or they’ve taken their servers offline because something happened.  That “something else” could be a technical glitch or a hacking incident,” McPherson said.

Recommendations to avoiding this type of problem were also offered by McPherson saying that the NSA should have hosted the two DNS servers on different machines for redundancy.  Additionally the server that the DNS resides on is also home to the NCSC (National Computer Security Center) which means, if exploited, hackers would have access to truly valuable information.

I also had trouble accessing the website sporadically on Friday, but the reason for that may have been that some internet service providers cache information from websites.  This feature would have saved the unavailable websites and prevented access to them.  I suppose the moral of this story is that even the industry pros experience catastrophic malfunctions sometimes.

 
Leave a comment

Posted by on May 18, 2008 in Security

 

Tags: , , ,

New Ubuntu Page

It seems as though I’m on a blogging spree tonight!  I have just added a separate page on this blog that is all about Ubuntu.  I have copied my few entries on Ubuntu over to that page mostly to see if traffic shifts.  I was getting a ton of hits from my two Ubuntu stories especially dual monitor configuration and TV tuner setup.  Here is the link in case you are too lazy to put your mouse to the upper right hand part of the screen.   🙂

 
Leave a comment

Posted by on May 18, 2008 in General

 

Tags: ,

Cool Story Roundup

As you probably know, I fell a little behind on my blog posts in the past three weeks.  In order to help me catch up, I’m going to do a (or a few) blog posts that contain shorter accounts of events that I have found interesting during my time off.

Word has come in from Russia in the past month that the government agency in charge of regulating the mass media and communications is going to start requiring that citizens register every single Wi-Fi enabled device.  Not only does the citizenry have to register the devices, but they also have to receive special permission in order to operate the hardware that they bought.  Processing such a registration could take up to 10 days for laptops and handheld devices and even longer for access points.

Paypal has issued a press release saying that they are implementing yet another security feature to prevent phishing, spamming and identity fraud.  They plan on requiring users of the e-commerce site to only use current and up-to-date web browsers in order to reduce the risk from outdated, breached software.  Their plan goes like this: if you use “first tier browsers” like Firefox 2 (and soon to be 3), Internet Explorer 7, and Opera 9 and up, you will be able to use Paypal the same way you have done in the past.  Next, if you are a user of a so called “second tier browser” such as any first tier browser that is a version behind, you will be warned at the point of login that you are at risk.  And last (as you probably guessed) are the “third tier browsers” which probably reflect browser versions that are ancient by software update standards.

In another interesting story, AFCYBER plans to create a military botnet in order to combat future enemies.  The Air Force’s cyber defense command admits that attacks via a DDoS (Distributed Denial of Service) are a huge problem that we, as a country, have done nothing to protect ourselves against.  Concern over where the computing resources to create such a botnet is great as there is talk about using civilian infrastructure to supplement Air Force resources.  I plan to write more on this topic as more news starts trickling in.

The World Congress of IT will attempt to start a co-op of companies and countries to make a International Multilateral Partnership Against Cyber-Terrorism (IMPACT).  The board is said to be made up of security all-stars from companies like Google and Symantec.  It is the hope of the World Congress of IT that IMPACT becomes a Centers for Disease Control (CDC) type of organization for cyber security.  Its main function will be to provide a place for communication when cyber attacks occur.  This coordination system will help organize international response to these attacks, particularly on civilian targets.

 
Leave a comment

Posted by on May 18, 2008 in Security

 

Tags: , , , , , , , , , , , , ,