Cyber Arms Intelligence Report for August 31st

Cyber War issues were in the news a lot last week. The Washington Post had a very interesting article titled “Pentagon’s cybersecurity plans have a Cold War chill“. Although the US working with allies gives the cyberarms race a Cold Waresque feeling, the government wants to harden our infrastructure and has created offensive cyber weapons as a path of deterrence to cyber attack.

It also mentions the threats of providing the US with cheap electronics. “A U.S. laptop maker that once would have boasted that its components were assembled in 50 countries must now worry about 50 points where an intruder could plant malicious code. The Defense Department calls this problem “supply chain vulnerability.”

The White house is trying to rein in 26 high risk IT project where costs are getting out of hand. A little “whodunnit” action going on today when a British code breaker who helped the NSA intercept Al-Qaeda communications was found dead in his apartment.

An Army Colonel in Afghanistan was relived of duty after criticising the military’s reliance on Power Point presentations. “For headquarters staff, war consists largely of the endless tinkering with PowerPoint slides to conform with the idiosyncrasies of cognitively challenged generals in order to spoon-feed them information, even one tiny flaw in a slide can halt a general’s thought processes as abruptly as a computer system’s blue screen of death.

Talking about the military, the DOD released information on a major cyber attack that occurred in 2008. “The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008

Just how dangerous are USB and removable media to computer security? Recently, Security company PandaLabs, claimed that 1 in 4 worms spread through USB flash drives

In other news, Cisco patches a bug that crashed 1% of the internet.  And Google continues growing as it acquires its 5th company this month.

Some other top stories from around the web:

First rootkit targeting 64-bit Windows spotted in the wild
Alureon rootkit is back, and has acquired the ability to hijack computers running 64-bit versions of Microsoft Windows, proclaimed Marco Giuliani, security researcher with security company Prevx.

The penultimate guide to stopping a DDoS attack – A new approach
In this post we (UNIXY) are going to share our experience fending off a large Distributed Denial of Service (DDoS) attack for a client.

DEFCON survey reveals vast scale of cloud hacking
An in-depth survey carried out amongst 100 of those attending this year’s DEFCON conference in Las Vegas recently has revealed that an overwhelming 96 percent of the respondents said they believed the cloud would open up more hacking opportunities for them.

Scam preys on required TweetDeck update
On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe.

Rustock Botnet Responsible for 40 Percent of Spam
More than 40 percent of the world’s spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec’s MessageLabs’ division.

Social Engineering 101 (Q&A)
Today, people get duped over the phone, but also over e-mail and via Facebook and other online avenues. In this edited interview CNET talked to Chris Hadnagy, operations manager at Offensive Security, which organized the Defcon social-engineering contest and does security auditing and training for companies, about the risks to this type of attack, what people can do to protect themselves, and why women might be less susceptible.

12 thoughts on “Cyber Arms Intelligence Report for August 31st”

  1. For me, the 64-bit rootkit is probably one of the biggest security disappointments of the year. My OSMM module would have prevented that from happening for sure! LOL 😉

    After all these years, I’m still amazed that social engineering is still an issue. Yes, I know that it’s human nature to be social engineered, but still, it’s like automatically whipping out your wallet if a complete stranger on the street asks you if you have change for a $100 bill.

    1. Mister Reiner is formulating support for a 100% secure computing platform. Everyone should check it out when they get a chance.

      Mister Reiner – Have you read “No Tech Hacking” by Johnny Long? Great book. Johnny performed penetration and social engineering tests against US government facilities. He talks briefly about the one place that he found that had the best security. And, it was a bank in Africa…

      We as Americans, I believe. are extra susceptible to social engineering attacks.

      We truly want to believe that people are honest and sincere. It’s either that or we are more gullible or just don’t care. I would hope its the first one though! 🙂

  2. “caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008“

    Same way UK Intel got hammered by ZueS a couple of years ago.

    I’m telling you, “Idiot User” needs to be added as an OSI layer…

Leave a Reply to Marie Chelle Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.