Security Bullet In
Communiques from the security front, sir
Monday 21 December 2009, 4:43 PM
Twitter hack was DNS redirect
Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect.
A group calling itself the Iranian Cyber Army redirected users to a defacement page showing a flag, according to a screen grab on Flickr.
Twitter said in a blog post on Friday that the majority of users had not been able to access Twitter for over an hour.
"Last night, DNS settings for the Twitter web site were hijacked," said the Friday blog post. "From 9:46pm to 11pm PST, approximately 80 percent of Traffic to Twitter.com was redirected to other websites."
However, Twitter said it did not believe user accounts had been compromised.
The attackers used internal credentials. according to Wired.
In January 2009 Twitter was subjected to a brute-force dictionary attack which led to a break-in of celebrity Twitter accounts. The attacker managed to gain internal credentials - an administrator's password.
The Domain Name System (DNS) is often likened to a phone book for the internet. DNS is the protocol used to translate human-readable URLs into numeric IP addresses.
A group calling itself the Iranian Cyber Army redirected users to a defacement page showing a flag, according to a screen grab on Flickr.
Twitter said in a blog post on Friday that the majority of users had not been able to access Twitter for over an hour.
"Last night, DNS settings for the Twitter web site were hijacked," said the Friday blog post. "From 9:46pm to 11pm PST, approximately 80 percent of Traffic to Twitter.com was redirected to other websites."
However, Twitter said it did not believe user accounts had been compromised.
The attackers used internal credentials. according to Wired.
In January 2009 Twitter was subjected to a brute-force dictionary attack which led to a break-in of celebrity Twitter accounts. The attacker managed to gain internal credentials - an administrator's password.
The Domain Name System (DNS) is often likened to a phone book for the internet. DNS is the protocol used to translate human-readable URLs into numeric IP addresses.
Thursday 10 December 2009, 5:00 PM
McKinnon lawyers seek judicial review
Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday.
Karen Todner, McKinnon's solicitor, said in a press statement that in addition to the medical reports, commentary was submitted on assurances that McKinnon would be looked after by US authorities.
"The evidence served includes all previous medical reports together with an up to date psychiatric report on Gary's mental wellbeing and two reports, one English and one American, commenting on the assurances which have been provided on behalf of the US Government to accommodate Gary's illness," said Todner. "We hope that on receipt of these documents the home secretary may reflect and reconsider his position."
Todner and the rest of McKinnon's legal team have requested a judicial review of home secretary Alan Johnson's decision not to intervene in McKinnon's extradition to the US. McKinnon, who has Asperger's syndrome, is suicidal, and is on medication. He faces extradition to the US to face charges of "the biggest military hack of all time".
McKinnon's mother Janis Sharp has organised a protest in support of McKinnon outside the Home Office in Marsham Street on Tuesday 15 December, from 12 noon to 2pm. At two, the demonstration will proceed to Buckingham Palace, where some of the campaigners will leave flowers and cards for the Queen, to draw attention to McKinnon's situation.
However, according to Sharp, the police have warned that campaigners may be arrested if they attempt to go to the palace.
Karen Todner, McKinnon's solicitor, said in a press statement that in addition to the medical reports, commentary was submitted on assurances that McKinnon would be looked after by US authorities.
"The evidence served includes all previous medical reports together with an up to date psychiatric report on Gary's mental wellbeing and two reports, one English and one American, commenting on the assurances which have been provided on behalf of the US Government to accommodate Gary's illness," said Todner. "We hope that on receipt of these documents the home secretary may reflect and reconsider his position."
Todner and the rest of McKinnon's legal team have requested a judicial review of home secretary Alan Johnson's decision not to intervene in McKinnon's extradition to the US. McKinnon, who has Asperger's syndrome, is suicidal, and is on medication. He faces extradition to the US to face charges of "the biggest military hack of all time".
McKinnon's mother Janis Sharp has organised a protest in support of McKinnon outside the Home Office in Marsham Street on Tuesday 15 December, from 12 noon to 2pm. At two, the demonstration will proceed to Buckingham Palace, where some of the campaigners will leave flowers and cards for the Queen, to draw attention to McKinnon's situation.
However, according to Sharp, the police have warned that campaigners may be arrested if they attempt to go to the palace.
Thursday 3 December 2009, 6:13 PM
Civil liberties groups attack file-sharing bill
Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill.
Liberty said in a position paper on Tuesday that the bill, part of which proposes to cut internet access to persistent unlawful filesharers, could contravene human rights legislation.
"Illegal file-sharing, appropriate sanctions and internet access raise several human rights issues including the right to receive and impart information (protected by Article 10 of the Human Rights Act 1998 (HRA); the right to fair trial (protected by Article 6 of the HRA) and the right to protection of property (Article 1 of the First Protocol)."
The bill passed through its second reading in the House of Lords on Tuesday. The Liberty position paper was published to coincide with this event.
Jim Killock, executive director of the Open Rights Group, told ZDNet UK on Thursday that Liberty was "absolutely right" to question the human rights implications of cutting people's internet access without a court order.
"If you remove somebody's connection to the internet you are severely interfering with their freedom of expression," said Killock.
The Open Rights Group also published a position paper on Tuesday, which called attention to provisions in the bill which would allow the secretary of state (i.e. Lord Mandelson) wide-ranging powers to amend copyright legislation.
Digital rights group the Electronic Frontier Foundation (EFF) also criticised the government plans, saying that the legislation could actually undermine the digital economy, rather than shore it up.
"[The bill] burdens the digital industries with the demands of older incumbent sectors," wrote EFF international outreach coordinator Danny O'Brien on Tuesday. "The Digital Economy Bill has an open-ended requirement that ISPs pay for and implement record-keeping and technical measures against subscribers."
O'Brien said that subscribers may be penalised if they offer open wi-fi networks. Nascent mesh networks may also be killed off by the bill, O'Brien added, as independent mesh nodes would become responsible for all of the traffic flowing through them.
The objections by Liberty, ORG and EFF were made a day before objections by major web players. On Wednesday, Google, Yahoo, eBay and Facebook wrote to Lord Mandelson asking him to remove certain provisions in the bill which they said could stifle innovation.
The Department of Business, Innovation and Skills had not responded to a request for comment at the time of writing.
Liberty said in a position paper on Tuesday that the bill, part of which proposes to cut internet access to persistent unlawful filesharers, could contravene human rights legislation.
"Illegal file-sharing, appropriate sanctions and internet access raise several human rights issues including the right to receive and impart information (protected by Article 10 of the Human Rights Act 1998 (HRA); the right to fair trial (protected by Article 6 of the HRA) and the right to protection of property (Article 1 of the First Protocol)."
The bill passed through its second reading in the House of Lords on Tuesday. The Liberty position paper was published to coincide with this event.
Jim Killock, executive director of the Open Rights Group, told ZDNet UK on Thursday that Liberty was "absolutely right" to question the human rights implications of cutting people's internet access without a court order.
"If you remove somebody's connection to the internet you are severely interfering with their freedom of expression," said Killock.
The Open Rights Group also published a position paper on Tuesday, which called attention to provisions in the bill which would allow the secretary of state (i.e. Lord Mandelson) wide-ranging powers to amend copyright legislation.
Digital rights group the Electronic Frontier Foundation (EFF) also criticised the government plans, saying that the legislation could actually undermine the digital economy, rather than shore it up.
"[The bill] burdens the digital industries with the demands of older incumbent sectors," wrote EFF international outreach coordinator Danny O'Brien on Tuesday. "The Digital Economy Bill has an open-ended requirement that ISPs pay for and implement record-keeping and technical measures against subscribers."
O'Brien said that subscribers may be penalised if they offer open wi-fi networks. Nascent mesh networks may also be killed off by the bill, O'Brien added, as independent mesh nodes would become responsible for all of the traffic flowing through them.
The objections by Liberty, ORG and EFF were made a day before objections by major web players. On Wednesday, Google, Yahoo, eBay and Facebook wrote to Lord Mandelson asking him to remove certain provisions in the bill which they said could stifle innovation.
The Department of Business, Innovation and Skills had not responded to a request for comment at the time of writing.
Friday 27 November 2009, 5:04 PM
Authentication risks all too human
Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information Security Agency (Enisa).
The agency launched a paper on Thursday detailing the risks of using electronic identification smartcards for online banking services. A number of European countries have proposed the use of ID smartcards for online transactions. The Enisa paper points out which risks need to be mitigated for those transactions to be acceptably safe.
Enisa spokesman Ulf Bergstrom told ZDNet UK on Thursday that human and technology aspects are "intrinsically linked". However, in terms of processes, Enisa said that governments and banks need to cooperate more closely for smartcard authentication to work.
"The biggest room for technical improvement which we underline is that banks and governments must cooperate better to be able to use national eID cards for banking purposes," said Bergstrom.
Risks include flaws in smartcard design and cryptography, vulnerabilities in the user's PC, weaknesses in authentication architecture, weaknesses in infrastructure, and lack of user awareness.
The agency launched a paper on Thursday detailing the risks of using electronic identification smartcards for online banking services. A number of European countries have proposed the use of ID smartcards for online transactions. The Enisa paper points out which risks need to be mitigated for those transactions to be acceptably safe.
Enisa spokesman Ulf Bergstrom told ZDNet UK on Thursday that human and technology aspects are "intrinsically linked". However, in terms of processes, Enisa said that governments and banks need to cooperate more closely for smartcard authentication to work.
"The biggest room for technical improvement which we underline is that banks and governments must cooperate better to be able to use national eID cards for banking purposes," said Bergstrom.
Risks include flaws in smartcard design and cryptography, vulnerabilities in the user's PC, weaknesses in authentication architecture, weaknesses in infrastructure, and lack of user awareness.
Wednesday 25 November 2009, 5:37 PM
Opera censors Chinese content
Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content.
Opera Mini was updated on Friday from an international to a Chinese version, the BBC reported on Tuesday. This version no longer allows users to access Facebook, the BBC said.
Previously Opera Mini had run on Opera servers located outside the country, bypassing the Great Firewall of China, the BBC added.
Opera joins other search companies in censoring Chinese content. Microsoft's Bing censors Chinese search results even outside of China, according to Ars Technica, while Google set up Google.cn in 2006 partly to censor itself on behalf of the Chinese government, the BBC reported.
Opera Mini was updated on Friday from an international to a Chinese version, the BBC reported on Tuesday. This version no longer allows users to access Facebook, the BBC said.
Previously Opera Mini had run on Opera servers located outside the country, bypassing the Great Firewall of China, the BBC added.
Opera joins other search companies in censoring Chinese content. Microsoft's Bing censors Chinese search results even outside of China, according to Ars Technica, while Google set up Google.cn in 2006 partly to censor itself on behalf of the Chinese government, the BBC reported.
Previous
