Cyber Arms Intelligence Report for July 25th

This last week, malware was front and center in the news. The Register covered a story about Power Plants being infected with the latest Windows shortcut vulnerability. No problem, you’d think, just remove it. Well, Siemens warned their clients that removing the virus left the possibility of affecting the power plant. Yikes…

Next up, Dell reported that the W32.Spybot worm was found on replacement motherboards for four servers – the PowerEdge R310, PowerEdge R410, PowerEdge R510 and the PowerEdge T410PowerEdge R410. A limited number of the boards were sent out to customers, so Dell initiated a call campaign to notify affected users. The problem is that they never posted anything on their website, so customers were very cautious when they received unsolicited calls from non-technical Dell support reps. This makes one wonder, how did the worm get into the motherboard flash? Dell claims human error, and says that all infected boards at the factory have been dealt with and only clean boards are being shipped now.

And last but not least, the FBI shut down, a site that hosted over 70,000 blogs. According to the Foxnews report, the site contained links to material on terrorism, and had bomb making tutorials.

Here are some other top news stories from around the web:

Welcome to the future: Cloud-based WPA cracking is here
In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 “cloud” based service provided through the efforts of a security researcher known as Moxie Marlinspike. It is effective against pre-shared key deployments of both WPA and WPA2 wireless networks.

DNS Hijack – How to Avoid Being a Victim
There are many ways DNS can be vulnerable, but there are also many ways enterprises can reinforce their DNS architecture to make it more resilient against both brute force attacks and fraud. Below, I’ve prescribed a just a few things that your organization can do to ensure that you have a better defense prepared for your DNS.

India and US planning to start Counter Attacks
India and the US signed a Counter Terrorism Initiative that includes steps to check financing of terror activities, joint probe in cases of bomb blasts besides cooperation in cyber and border security.

Could a single hacker crash a country’s network?
Harassing a handful of Web sites is one thing, but does one hacker have the technological wherewithal to bring down an entire country’s network? In a word: yes

7 Types of Hard CISSP Exam Questions and How To Approach Them
The first thing most people hear about the CISSP examination is how difficult or unfair the questions are. Although this may be a good warning, it does not begin to prepare you to do well on the exam itself. For some of the CISSP exam questions, just knowing the facts is not enough. These questions are referred to as “hard questions“. This paper examines seven types of hard questions you are likely to see on the CISSP examination and the best approaches for solving them.