Monday, December 22, 2014

Sony and PRNK, still a better love story than...

Gina from Cymmetria Research created another meme on Sony's incident. 

Sunday, December 21, 2014

Real damage, you say? SCADA is here.

I'm often asked "has cyber ever done any real damage?" as if billions lost, lives ruined, and children harassed isn't enough. Cyber is not a separate entity - it's about living our lives and doing our business.

Today, this news story was published. A lot yet remains to be seen, but such case studies are exactly what we've been waiting for.

Apparently, a steel factory in Germany suffered an attack, which resulted in an industrial attacks... or SCADA, cyber-physical, ICS, or whatever you want to call it - attack.

I hope there will be more published on this.

Gadi Evron.

Saturday, December 20, 2014

Importance of intelligence :)

According to this new story, streets thugs jumped the guy who shot Bin Laden, demonstrating the importance of collecting intelligence before an operation. ;)

Too bad it's a satire. :)


Gadi Evron.

Wasn't me!

We didn't want to stay out of the meme paradise this past week has offered. :)

Meme created by Gina from Cymmetria Research.

Gadi Evron.

This Week in Cyber Security & Privacy - 14-20 December, 2014

This Week in Cyber Security and Privacy
14-20 December, 2014

Links to stories:

- ICANN hacked:
- Oslo snooping mobile towers:
- "Misfortune Cookie" vulnerability:
- Iranian hackers:
- Sheldon Adelson's casino attack attributed to Iranian hackers:
- Linux: Git vulnerability:
- Sony breach: NIST revision:

Originally posted on Gadi Evron's blog, at:

Also on Facebook:

And on Twitter:

Gadi Evron.

Sony is interesting, but not in what people speak of

Some interesting things happening at Sony - and they are the ones deserving of our attention. Not this attribution nonsense.

Was it N. Korea behind the Sony attacks? Why? Why not? Fact is, nobody knows. It just happened 30 seconds ago. Speak about something important instead - like how to do better.

Honestly, if I was still a CISO, with today's horrible state of cyber security's systematic failure - I'd not be sleeping at night.
I like to avoid FUD and speak facts and measurements - I'm mentioning such "scare talk" as, honestly - would you be sleeping at night if you were a CISO?

That said, here are some interesting tangential stories to follow on this:

Geo-politics are warming up to something... but what? I am slightly concerned by this message from Obama, and yet it makes me wonder if he knows something we don't, or just responds to the public to instill calm... or?

Story: Obama vows US response to Sony hack

Cyber insurance is being put to its first major test. I'll be following this story closely.

Story: Breach insurance might not cover losses at Sony Pictures

Sony is not making a very good job at incident response, and in fact, is making a bad show of it - doing what the attackers want, lashing out at file sharers, etc. But knowing they are vulnerable right now and can't do much about it - what would you have done differently? I can't really judge them.

That said, it will be interesting to watch how the movie's numbers do, now that it gains the "forbidden fruit" infamy.

Story: Sony pulls movie "The Interview"

Gadi Evron.

Thursday, March 18, 2010

Using Laser To Fingerprint Paper

I like it when old technologies and known scientific facts are used in a new way that makes them pure genius.

A discovery of old, which will change the future.
Ingenia Technology Limited today launches an exciting breakthrough proprietary technology, developed by Imperial College London and Durham University - the Laser Surface Authentication system (LSA). The LSA system recognises the inherent 'fingerprint' within all materials such as paper, plastic, metal and ceramics.

The LSA system is a whole new approach to security and could prove valuable in the war against terrorism through its ability to make secure the authenticity of passports, ID cards and other documents such as birth certificates.

This technological breakthrough has been masterminded by Professor Russell Cowburn, Professor of Nanotechnology in the Department of Physics at Imperial College London.

Every paper, plastic, metal and ceramic surface is microscopically different and has its own 'fingerprint'. Professor Cowburn's LSA system uses a laser to read this naturally occurring 'fingerprint'. The accuracy of measurement is often greater than that of DNA with a reliability of at least one million trillion.

The inherent 'fingerprint' is impossible to replicate and can be easily read using a low-cost portable laser scanner. This applies to almost all paper and plastic documents, including passports, credit cards and product packaging.
More on the science behind this:
"A unique 'fingerprint' is formed by microscopic surface imperfections on almost all paper documents, plastic cards and product packaging. That is what makes it possible to develop a much cheaper system to combat fraud. This inherent identity code is virtually impossible to modify. It can easily be read using a low-cost portable laser scanner.

"Since all non-reflective surfaces have naturally occurring roughness that is a source of physical randomness, our technology can provide in-built security for a range of objects such as passports, ID and credit cards and pharmaceutical packaging. It can be cheaper and more reliable than current methods such as holograms and security ink.

"Our research team used the optical phenomenon of 'laser speckle' to examine the fine structure of different surfaces using a focused laser.

"We tried the technique on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging. The result was a clear recognition between the samples. This continued even after they were subjected to rough handling, including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.

"The beauty of this system is that we do not need to modify the item being protected in any way with tags, chips or ink - it is as if documents and packaging had their own unique DNA. This makes protection secret, simple to integrate into the manufacturing process and immune to attack.

"It can be applied retrospectively and is no threat to personal privacy."
Look for this at the immigration desk verifying your passport, five years from now.

Gadi Evron,

Follow me on twitter!

An interesting day in information security

A Mafia boss was caught because of his using Facebook, while unrelated to that the EFF released the result of their Freedom of Information request for material on how law enforcement uses social networking to investigate suspects. "under cover".

The SEC moved to freeze portfolios and accounts following attacks by a Russian hacker, who manipulated stocks.

InfoSecurity magazine has a story on espionage in sport, mentioning how where there's a motive, cyber-crime follows.

And of course, the leading story (which I discovered thanks to a post on Facebook by Dave Aitel) is how an hacker (if that is a descriptive word in this case) broke into 100 cars to cause inconvenience, such as honking, or immobilizing customer the cars.

He hijacked the remote control system ("web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments") by logging on with an account of an employee. He used to be an employee himself, until fired later on.

Also, check out this extremely interesting paper from Cormac Herley at Microsoft Research on why people reject security advice:
So Long, And No Thanks for the Externalities:
The Rational Rejection of Security Advice by Users

Gadi Evron,

Follow me on twitter!

Monday, February 22, 2010

Email Portability Approved by Knesset Committee

The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament.

While many users own a free email account, many in Israel still make use of their ISP's email service.

According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, "just like" mobile providers do today with phone numbers.

This new legislation makes little technological sense, and will certainly be a mess to handle operationally as well as beurocratically, but it certainly is interesting, and at least the notion is beautiful.

The proposed bill can be found here [Doc, Hebrew]:

Linked to from this ynet (leading Israeli news site) story, here:,7340,L-3852744,00.html

Gadi Evron,

Follow me on twitter!

Chuck Norris Botnet and Broadband Routers

Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news.

When I raised this issue before in 2007 on the NANOG mailing list, some other vetted mailing lists and on CircleID here and here, the consensus was that the vendors will not change their position on default settings unless "something happens", I guess this is it, but I am not optimistic on seeing activity from vendors on this now, either.

The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. In tests Prof. Randy Vaughn and I conducted with some ISPs in 2007-8 the results have not been promising.

Further, many of these devices world wide serve as infection mechanisms for the computers behind them, with hijacked DNS that points end-users to malicious web sites.

On the ISPs end, much like in the early days of botnets, many service providers did not see these devices as their responsibility -- even though in many cases they are the providers of the systems, and these posed a potential DDoS threat to their networks. As a mind-set, operationally taking responsibility for devices located at the homes of end users made no sense, and therefore the stance ISPs took on this issue was understandable, if irresponsible.

As we can't rely on the vendors, ISPs should step up, and at the very least ensure that devices they provide to their end users are properly set up (a significant number of iSPs already pre-configure them for support purposes).

The Czech researchers have done a good job and I'd like to thank them for sharing their research with us.

In this article by Robert McMillan, some details are shared in English:
Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: "in nome di Chuck Norris," which means "in the name of Chuck Norris." Norris is a U.S. actor best known for his martial arts films such as "The Way of the Dragon" and "Missing in Action."

Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs.

It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview.

A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue.

Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers.
Read more, here.

Gadi Evron,

Follow me on twitter!

Thursday, February 18, 2010

Mozilla Add-on Policies and Spyware Surprises

Following up on my previous post, I wrote a full accounting of how I discovered FlashGot illegitimate behavior, as well as how Mozilla's policies work on such issues:

Gadi Evron,

Follow me on twitter!

Tuesday, February 16, 2010

Flashgot Firefox Plugin Now Spyware

FlashGot Firefox plugin, a long-time download assistant, now acts like spyware.

It gives you recommendations IN Google search to another search site, according to your searches.

Gadi Evron,

Follow me on twitter!