Some notes on satellite C&C

Wired and Ars Technica have some articles on malware using satellites for command-and-control. The malware doesn't hook directly to the satellites, of course. Instead, it sends packets to an IP address of a known satellite user, like a random goat herder in the middle of the wilds of Iraq. Since the satellites beam down to earth using an unencrypted signal, anybody can eavesdrop on it. Thus, while malware sends packets to that satellite downlink in Iraq, it's actually a hacker in Germany who receives them.

This is actually fairly old hat. If you look hard enough, somewhere (I think Google Code), you'll find some code I wrote back around 2011 for extracting IP packets from MPEG-TS streams, for roughly this purpose.

My idea was to use something like masscan, where I do a scan of the Internet from a fast data center, but spoof that goat herder's IP address. Thus, everyone seeing the scan would complain about that IP address instead of mine. I would see all the responses by eavesdropping on that satellite connection.

This doesn't work in Europe and the United States. These markets use more expensive satellites which not only support encryption, but also narrow "spot Continue reading

Trade Stimulators and the Very Old Idea of Increasing User Engagement

Very early in my web career I was introduced to the almost mystical holy grail of web (and now app) properties: increasing user engagement.

The reason is simple. The more time people spend with your property the more stuff you can sell them. The more stuff you can sell the more value you have. Your time is money. So we design for addiction.

Famously Facebook, through the ties that bind, is the engagement leader with U.S. adults spending a stunning average of 42.1 minutes per day on Facebook. Cha-ching.

Immense resources are spent trying to make websites and apps sticky. Psychological tricks and gamification strategies are deployed with abandon to get you not to leave a website or to keep playing an app.

It turns out this is a very old idea. Casinos are designed to keep you gambling, for example. And though I’d never really thought about it before, I shouldn’t have been surprised to learn retail stores of yore used devices called trade stimulators to keep customers hanging around and spending money.

Never heard of trade stimulators? I hadn’t either until, while watching American Pickers, one of my favorite shows, they talked about this whole Continue reading

Microsoft patches yet another Hacking Team zero-day exploit

Over two months after Italian surveillance software maker Hacking Team had its internal data leaked by hackers, vendors are apparently still fixing zero-day exploits from the company's arsenal.On Tuesday, Microsoft published 12 security bulletins covering 56 vulnerabilities in the new Edge browser, Internet Explorer, Windows, Office, Skype for Business, .NET Framework and some of its other software products.To read this article in full or to leave a comment, please click here

17 Real Big Sci/Tech projects

17 Real Big Sci/Tech projectsImage by NASASome science/technology is big news like the discovery of a new gene – but sometimes its just big, like the Saturn V rocket of the Apollo era. Here we take a look at pictures of some recent BIG science and technology topics like a cool new wind turbine, a black hole discovery and more. Have fun:To read this article in full or to leave a comment, please click here

ASA v9.4 Elliptic Curve Cryptography with TLS1.2

cryptoWith ASA version 9.4 Cisco has added support for Elliptic curve cryptography (ECC), which is one of the most powerful types of encryption in use today. While ECC has been in use since 2004, only it’s recently use has skyrocketed. Part of this reason is power consumption… In my limited understanding, experts have concluded that a shorter ECC keys are just as strong as a much larger RSA key. This increases performance significantly, which reduces the power required for each calculation. If you want to learn more about ECC, check out this fantastic article from arstechnica.

That brings me to the issue. Last night I failed over some 5585x’s running > 9.4 that happened to be doing Anyconnect SSL VPN. This morning, my client was seeing issues. Luckily the solution was simple and a college pointed me to the solution fairly quickly. From the Cisco support community page I found later on….

For version 9.4.(x) we have the following information:

Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve Continue reading

Rebuilding Reader

For the time being, we are discontinuing Reader.PacketPushers.net. We didn't advertise it heavily in the past. Reader saw some traffic, but not a lot. And...we were never entirely happy with the result we got out of it. Our plan is to reboot Reader at some point in the future with new software. We still think it's a good idea, but we want to get a more polished look and feel out of it first.

The post Rebuilding Reader appeared first on Packet Pushers.

5 Takeaways from a Week at #VMWorld

vmworld2015

Another VMworld has come and gone. 23,000 people at this year’s VMWorld at the Moscone Center seemed to push the limits with standing room only at sessions and coffee in high demand, but the show was well run and the solution exchange was hopping.

I was glad to see less marketing rhetoric around private vs. public cloud, software vs. hardware, virtualized networks vs. physical networks and more focus on delivering solutions that help accelerate the deployment of workloads in ways that help customers.

Here’s a look at my 5 things that made an impression on me at this year’s show.

1. It’s a Hybrid World

A major focus (maybe the focus) of VMworld this year was what VMware calls the “Unified Hybrid Cloud.” It was good to see a strong shift from previous years where much focus was placed on defending private cloud versus public cloud. VMware is certainly taking an “inside out” strategy by focusing on their strength inside the data center and leveraging their vCloud Air public cloud services. Their ability to provide sophisticated tools for private data centers and extend that to a public resource-on-demand consumption model is certainly a strong value proposition for customers.

2. Continue reading

California assembly passes digital privacy bill

The California assembly has passed a digital privacy bill that aims to prevent government access without warrant to private electronic communications, while providing some exceptions for law enforcement in emergencies or for other public safety requirements.California is home to a large number of tech companies who face regularly requests for data on their customers from both state and federal law enforcement agencies. Twitter, for example, reported 273 requests for account information in California from January to June this year.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The bill, which would require a judge's approval for access to a person’s private information, including data from personal electronic devices, email, digital documents, text messages and location information, had been passed in June by the state senate and will now return there for concurrence before heading to state Governor Jerry Brown for approval.To read this article in full or to leave a comment, please click here

Organizations Can Be Twice As Secure at Half the Cost

Last week at VMworld, Pat Gelsinger made a statement that got folks buzzing. During his Cyber-Security-King_Blogkeynote, he said that integrating security into the virtualization layer would result in organizations being twice as secure at half the cost. As a long-time security guy, statements like that can seem a little bold, but VMware has data, and some proven capability here in customer environments.

We contend that the virtualization layer is increasingly ubiquitous. It touches compute, network, and storage – connects apps to infrastructure – and spans data center to device. More importantly, virtualization enables alignment between the things we care about (people, apps, data) and the controls that can protect them (not just the underlying infrastructure).

Let me speak to the statement from the data center network side with some real data. VMware has a number of VMware NSX customers in production that have deployed micro-segmentation in their data centers.  Here’s what we found:

  1. 75% of data center network traffic is East-West, moving VM to VM regardless of how convoluted the path may be.
  2. Nearly all security controls look exclusively at North-South traffic, which is the traffic moving into and out of the data center; 90% of East-West traffic never Continue reading

Android porn app snaps pic of user, locks it on home screen with $500 ransom demand

Some unlucky individuals thought they had downloaded the Android app Adult Player to watch porn videos, but the app silently takes a photo of users while they use the app and then displays the image on the home screen, along with a ransom note demanding $500.Researchers from Zscaler's ThreatLab first discovered the "new mobile ransomware variant that leverages pornography to lure victims into downloading and installing it." Perhaps the desire for viewing porn is stronger than common sense, as the permissions asked to be activated as device admin. It asks for the right to monitor screen-unlock attempts and to "lock the phone or erase all the phone's data if too many incorrect passwords are typed."To read this article in full or to leave a comment, please click here

1 3,341 3,342 3,343 3,344 3,345 3,855