Security Bullet In
Communiques from the security front, sir
Thursday 21 February 2008, 1:53 PM
US brings down its spy satellite
The US Navy claims to have scored a hit on an ailing spy satellite, and brought it down.
Last week the Pentagon announced that the US Navy was to fire on the satellite. The Pentagon claimed that the ailing satellite needed to be brought down before it re-entered earth's atmosphere as it contained a hazardous chemical - hydrazine - a compound derived from ammonia, used in rocket fuel.
According to a US DoD press release, at about 10.26pm EST yesterday the USS Lake Erie (CG-70), fired a single modified tactical Standard Missile-3 (SM-3) hitting the satellite approximately 247 kilometres (133 nautical miles) over the Pacific Ocean as it traveled in space at more than 17,000 mph. USS Decatur (DDG-73) and USS Russell (DDG-59) were also part of the task force.
The US DoD claimed a hit on the satellite's fuel tank. However, it being a spy satellite, the US is obviously anxious to recover any bits and pieces that don't get burnt up in the earth's atmosphere. The Press Association reported that the US will send "hazardous materials" teams, codenamed 'Burnt Frost', to recover any pieces that fall to earth.
Russia has questioned the US explanation for bringing down the satellite, claiming it was a thinly disguised arms test, reports ZDNet.co.uk sister site CNet News.com.
Me, I reckon it's all of the above, apart from the rocket fuel explanation. Consider the size of the earth vs. the size of a satellite - what's the likelihood a) that much of the satellite would survive entering the earth's atmosphere if the DoD just left it, and b) even if some of it did survive, that it would hit an inhabited part of the world?
Defence people are always paranoid their gadgets may fall into the hands of the 'enemy', while shooting down their own satellite gives the US DoD an excuse to develop the technology needed to shoot down satellites.
How to test whether that technology works? Why, by shooting down their own satellite they can test the technology, while not provoking the international incident that would occur if they shot down someone else's spy satellite, say China's, or Russia's. The US DoD now has a plethora of data about shooting down spy satellites, and has also handily demonstrated to any potential 'enemy' that it has the capability to shoot down objects orbitting the earth.
Everyone's a winner, apart from the American taxpayer. The US DoD spent $30m on that one missile alone, according to some reports - it would be interesting to know what the total bill will be. I'd imagine spy satellites don't come cheap.
Wednesday 20 February 2008, 5:34 PM
Security scholarships up for grabs
Security training organisation (ISC)2 has announced that it has eight scholarships to give to post-grads involved in information security research.
One-year scholarships of up to £6,250 each will be awarded to up to eight full-time post-graduate information security students, at any regionally accredited university worldwide, said an (ISC)2 press release. The submission deadline is April 30, 2008.
However, the bar is quite high for gaining the scholarships. To apply, candidates must submit a scholarship application form, undergraduate and graduate transcripts, three character references and a proposed budget for using the scholarship funds. Students must also include a certified statement from their faculty advisor or institution confirming that:
· The applicant is a post-graduate student in good standing in the institution and with the relevant department;
· The applicant is pursuing a defined information security research project that has been approved by their college or university;
· The applicant’s research supervisor must also submit a letter of endorsement reflecting the character of the individual and the projected timeline to project completion.
At the time of writing, (ISC)2 was unavailable for comment, but I put a question to them as to why the entry criteria were so stringent, especially the multiple character references: Is it to keep crackers out?
Tuesday 19 February 2008, 3:42 PM
Hardware encryption: Caveat emptor
When is 128-bit AES not 128-bit AES? When it's actually XOR.
According to security publication Heise, numerous hardware encryption products are being misadvertised as encrypting data using 128-bit AES.
The Advanced Encryption Standard (AES) is a block cipher used by the US Government, and other organisations, interested in having very strong encryption indeed.
Heise sister publication c't magazine cracked open an Easy Nova Data Box by German vendor Drecom, advertised as using 128-bit AES. However, by analysing the encryption, c't found that the block cipher was actually exclusive-or (XOR).
The problem with XOR by itself is that it's relatively easy to break, by analysing how frequently letters or groups of letters appear in the ciphertext.
This is exactly how c't managed to deduce the XOR cipher.
"Who would have expected that decryption would be so easy?" said the article. "Indeed, the bar is so low that even novice attackers will have no trouble getting over it."
Moreover, when c't went to Innmax, the manufacturer of the chip used in the hardware, the IM7206 controller chip, Innmax confirmed their findings.
The publication warned that other hardware encryption products using the IM7206 would probably be similarly easy to crack.
Monday 18 February 2008, 6:06 PM
Wikileaks taken offline
On Monday, the main site of Wikileaks was ordered to be taken offline by a California judge.
According to a press release from Wikileaks, which provides an anonymous, encrypted online document-hosting service for whistle-blowers, Wikileaks main site 'wikileaks.org' was taken completely offline by an order made by a Californian court to domain registrar Dynadot.
"Dynadot shall immediately clear and remove all DNS hosting records for the wikileaks.org domain name and prevent the domain name from resolving to the wikileaks.org website or any other website or server other than a blank park page, until further order of this Court," stated the injunction.
The order, made by Judge White, came as a result of several Wikileaks articles, public commentary and documents dating prior to 2003, relating to Cayman Island's bank Julius Baer.
The documents allegedly reveal secret Julius Baer trust structures used for asset hiding, money laundering and tax evasion. The bank alleges the documents were disclosed to Wikileaks by offshore banking whistleblower and former Vice President for its Cayman Island's operation, Rudolf Elmer.
According to Wikileaks, Judge White signed the order from Julius Baer lawyers "without amendment, or representations by Wikileaks or Amicus" at the California Northern District Court in San Francisco on Monday.
While Wikileaks has six pro-bono attorneys in San Francisco who deal with legal cases, Wikileaks claims it was given only hours notice by email prior to the hearing. Wikileaks was not represented. Wikileaks pre-litigation California council Julie Turner attended the start of hearing in a personal capacity, but was then asked to leave the court room, Wikileaks claimed.
Wikileaks has backup servers in Belgium and Australia, but said it "never expected to use them."
Despite the injunction, Wikileaks stated that it will "keep on publishing, in fact, given the level of suppression involved in this case, Wikileaks will step up publication of documents pertaining to illegal or unethical banking practices."
Meanwhile, Wikileaks' main servers in Sweden have been "taken out" by a fire in the power supply. Immediately prior to the fire, Wikileaks suffered a sustained distributed denial of service attack.
Thursday 14 February 2008, 11:50 AM
Valentine's Day brings spam and scams, warns FBI
It's a perennial security story -- spammers, scammers, and those seeking to promulgate malware will adjust campaigns to seasonal events. Christmas brings Yuletide spam, February brings Valentine's Day spam, and so on.
This Valentine's Day is no exception. No less an organ than the FBI has warned that Storm worm spammers are seeking to extend their network of compromised computers.
"If you unexpectedly receive a Valentine’s Day e-card, be careful," says the FBI. "It may not be from a secret admirer, but instead might contain the Storm Worm virus."
Click on a link to view the e-card, you get infected, and become part of the Storm botnet.
While it may seem blindingly obvious that clicking on links from untrusted sources is a bad idea, the traditional anonymity of Valentine's Day correspondence may lend itself to this kind of scam. It also doesn't hurt to remind people that risky electronic intercourse can leave you with a virus.
Security vendor Kaspersky has a slightly different take on a similar story -- the Russian anti-malware company has reported a spike of spam this morning (February 14), and mass mailings since Monday:
"Kaspersky Lab has detected a large-scale global mass mailing of Valentine’s Day spam," Kaspersky said in a press release. "The message currently accounts for about 5 percent of all mail traffic checked by Kaspersky Hosted Security Services."
The Russian security vendor first noticed the Valentine’s Day spam run at 11pm GMT on the evening of 11th February. The text of the spam message asks the recipient to click on a link to view a selection of Valentine’s Day e-cards. However, clicking on the link downloads a malicious file -- not the Storm worm this time, but a Trojan Kaspersky calls "Win32.Tibs."
Meanwhile, web safety campaign Get Safe Online is warning of more Valentine's Day scams - this time the dangers of online dating.
Get Safe Online polled 1,012 people in the UK, all over 18. Apparently, almost a fifth of internet daters have been approached for money whilst online, "many of them under the guise of someone who talks repeatedly about their financial difficulties, playing on emotions to elicit cash," said a press release.
Tony Neate, managing director of Get Safe Online, told a security conference in London on Tuesday of the dangers of online dating.
"One fifth of people have dated online, and a fifth of those have been asked for money," said Neate. "The survey found that men who are 55 or over are the most vulnerable to being scammed. When I found out, I thought 'My God! That's me!'. They get scammed by some blonde bombshell, while [the men] are thinking, 'That time I went to the gym must have paid off.'"
Previous
