GDT::Security::Watchdog::Archive::Year 2010

Security Watchdog

This Sucks! Gawker Cracked
This sucks! On 13 December 2010 I got an email message from Gawker Media alerting me that Gawker had been cracked. What sucks is that I didn't even know I had Gawker account.

LifeHacker.com::FAQ: Compromised Commenting Accounts on Gawker Media

Passwords are still important. Are bad passwords an example of computer illiteracy?

Blogs.WSJ.com::The Top 50 Gawker Media Passwords

[14 December 2010, top]
Crackers Are Criminals
I wouldn't want this to happen to me.
   "It is alleged scammers had stolen Mildenhall's email account 
    and personal and property documents to sell the houses and 
    funnel cash into Chinese bank accounts."

ZDnet.com.au::Crims use hacked email to steal house

[24 October 2010, top]
Is Iris Scanning Becoming More Popular?
@nanofoo received the following tweet from @Slashdot on 2010.09.13.
   Dept. of Homeland Security To Test Iris Scanners 
   http://bit.ly/ceMsLz

USAToday.com article contained the following quote.

   "If you can identify any individual at a distance and without 
    their knowledge, you literally allow the physical tracking 
    of a person anywhere there's a camera and access to the 
    Internet." -- ACLU lawyer Christopher Calabrese 
[13 September 2010, top]
Beware of Those Web Widgets
"Just one click" is a phrase that I've used a lot to describe how easy it is to get a computer cracked or steal an identity. I might have to start saying, "Just zero clicks."

Blogs.Forbes.com::Record Five Million Sites Were Likely Infected By Hacked Web Widget

[16 August 2010, top]
Schmidt Says No Anonymity On Future Web
On 20 April 2010, @nanofoo (i.e. Gerald Thurman) tweeted the following.
   "Is Privacy Dead?" is becoming a frequently asked question 
    and I believe the answer is approaching "Yes."

On 6 August 2010, @nanofoo (i.e. Gerald Thurman) tweeted the following.

   No anonymity on future web says Google CEO 
   - http://bit.ly/aCM0L0 @THINQtech

Expanding the shortened URL in the last tweet...

Thinq.co.uk::No anonymity on future web says Google CEO: Privacy is so last century

[06 August 2010, top]
CyberAttacks, CyberSecurity, CyberCommand, CyberWarrior
@compufoo retweeted the following on 2010.07.22.
   RT @TheOfficialACM Tech News: Cyberwarrior Shortage Threatens 
   U.S. Security http://n.pr/aICIr6 (via NPR) 
@nanofoo received the following tweet from @SchneierBlog on 2010.07.20.
   New GAO Cybersecurity Report: From the U.S. Government 
   Accountability Office: "Cybersecurity: Key Challenges 
   Need ... http://bit.ly/dAeXZ6
@nanofoo received the following tweet from @SchneierBlog on 2010.07.19.
   Embedded Code in U.S. Cyber Command Logo: This is excellent. 
   And it's been cracked already.... http://bit.ly/99iI24

And finally with respect to cyber-attacks on private networks...

   "[they are] comparatively easy to launch, cheap to launch, 
   the amount you can steal is enormous, and the chances of 
   getting caught are miniscule." -- Larry Clinton, president 
   of the Internet Security Alliance,

TheHill.com::White House meeting will stress economic side of cybersecurity

[22 July 2010, top]
Passwords Are Still Important
"Yes" it is 2010 and "yes" passwords are still important when it comes to using computers and other devices.

Simson Garfinkle has written about "a new approach does away with the need for long strings of letters and numbers."

TechologyReview::Passwords that are Simple--and Safe

[extra] I've hard-code a few passwords... Wired.com::SCADA System's Hard-Coded Password Circulated Online for Years

[20 July 2010, top]
Economist.com Talks About Cyberwar
I agree.
   "Cyberspace has become the fifth domain of warfare, 
    after land, sea, air and space."

Question: Will the U.S. have to engage in politically correct cyberwarfare? I hope the answer isn't "yes."

Economist.com::Cyberwar: It is time for countries to start talking about arms control on the internet

[06 July 2010, top]
Elcomsoft Internet Password Breaker
Headlines, subject-lines, titles have always been important. The headline "New Tool Reveals Internet Passwords" caught my attention.
   "Moscow [Russia] based ElcomSoft, developer of the new password 
    recovery tool, 'Elcomsoft Internet Password Breaker,' says the 
    product is designed as tool to provide forensics, criminal 
    investigators, security officers and government authorities 
    with the ability to retrieve a variety of passwords stored 
    on a PC."

SecurityWeek.com::New Tool Reveals Internet Passwords

[02 July 2010, top]
SSL Certificates Need Better Administration
Secure sockets aren't secure if they're not configured and SysAdmin'd correctly.

eSecurityPlanet.com::SSL Certificates In Use Today Aren't All Valid

[30 June 2010, top]
Russia and U.S. and Internet Crime
Computing ethics vary by country.
   "The Russians have a dramatically different definition of 
    information security than we do; it's a broader notion, 
    and they really mean state security," says U.S. ICANN 
    representative George Sadowsky. -- CACM.ACM.org

CACM.ACM.org::At Internet Conference, Signs of Agreement Between U.S. and Russia

[16 April 2010, top]
Princeton U. Experiences iPad Problems
Prior to encountering the content in this posting, I had seen the following headline: "Half a Million iPad Fans Can't Be Wrong?" Hmm... as with all things, time will tell.
   "Network monitoring has shown that many iPad devices are 
    causing a problem on the campus network. These devices 
    are continuing to use an IP address they have been leased 
    well beyond the time they should. (In technical terms, 
    the device's DHCP client software stops renewing its lease, 
    but the device keeps using the IP address after the DHCP 
    lease expires.  This is not a WiFi issue.)  This behavior 
    causes a disruption on the campus network."

Princeton.edu::Apple iPad Network Connectivity Issues

[14 April 2010, top]
Java Zero-Day Defect Discovered
James Gosling, the father of Java, has left Oracle.

In an unrelated matter: Not all Java-based programs are secure.

Java Deployment Toolkit Performs Insufficient Validation of Parameters

[11 April 2010, top]
More About Cyber War
Jeffrey Carr is the author of "Inside Cyberwarfare."
   "Carr argues that we need to distinguish between cyberwar 
    and cyberterror, as well as cyber-espionage and cybercrime
    --even while we unify our defense against each of those 
    looming problems."

Forbes.com::Why Cyber War Is No Cold War

[28 March 2010, top]
Is It FUD?
Is it FUD?

I don't think so; therefore, it probably is.

   @nanofoo tweeted the following on 2010.01.30.

   Obama said nothing in his State of the Union address about 
   the state of the Union w/respect to cyberwarfare preparedness

According to PopSci.com... "we are not prepared."

PopSci.com::U.S. Wargamers Wrap Up Massive Cyberattack Drill: "We Are Not Prepared"

[21 February 2010, top]
Is the U.S. Ready For Cyberwarfare?
TechNews.ACM.org had a posting titled "In Cyber War, Most of U.S. Must Defend Itself" on 2010.02.10 and it started with the following.
   "There are concerns that the United States is extremely 
    vulnerable to a full-scale cyberattack, and the U.S. 
    Cyber Command is not in a position to protect U.S. 
    civilian computer networks [...]"

The TechNews.ACM.org posting included the following.

   "Meanwhile, U.S. military networks are under constant 
    cyberattack because they are such an appealing target, 
    according to Deputy Defense Secretary William Lynn. 
    'And the frequency and sophistication of attacks are 
    increasing exponentially,' he notes.

I believe this is true because we're living in exponential times.

More from the TechNews.ACM.org posting titled "In Cyber War, Most of U.S. Must Defend Itself."

   "McAfee hints at the possibility that countries are 
    competing in a quiet cyber arms race, and communications 
    systems, banks, and power grids are just as likely to be 
    targets as military networks."

Note: McAfee is an "antivirus software and computer security company headquartered in Santa Clara, California."

[Extra] @nanofoo tweeted the following on 2010.02.07.

   China & Russia dominate 2010 ACM Intl. Collegiate 
   Programming Contest http://bit.ly/cVLdpz

@nanofoo tweeted the following on 2010.01.30.

Obama said nothing in his State of the Union address about 
the state of the Union w/respect to cyberwarfare preparedness.
[09 February 2010, top]
Cybersecurity Enhancement Act of 2009
The House voted 422-5 in favor of H.R. 4061 -- The Cybersecurity Enhancement Act of 2009.
   "The bill requires the Obama administration to conduct an 
    agency-by-agency assessment of cybersecurity workforce skills 
    and establishes a scholarship program for undergraduate and 
    graduate students who agree to work as cybersecurity specialists 
    for the government after graduation."  
    [source: NYTimes.com via Slashdot.org]

Yikes! politician Michael Arcuri said, "Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just image what a rogue state could do."

FYI to Arcuri: Kids not yet in high school can be crackers.

Science.House.gov::HR4061::Cybersecurity Enhancement Act of 2009

[04 February 2010, top]
Digital Privacy Day 2010
28 January 2010 was Data Privacy Day
   "Data Privacy Day is an international celebration of the dignity 
    of the individual expressed through personal information."

Data Privacy Day... "digital lives in a networked world."

[28 January 2010, top]
DARPA's Cyber Genome Program
DARPA's Cyber Genome Program Proposers' Day is on 29 January 2010.
   "The objective of the Cyber Genome Program is to produce 
    revolutionary cyber defense and investigatory technologies 
    for the collection, identification, characterization, and 
    presentation of properties and relationships from collected 
    digital artifacts of software, data, and/or users to support 
    DoD law enforcement, counter intelligence, and cyber defense 
    teams. Digital artifacts may be collected from live systems 
    (traditional computers, personal digital assistants, and/or 
    distributed information systems such as 'cloud computers'), 
    from wired or wireless networks, or collected storage media. 
    The format may include electronic documents or software (to 
    include malicious software - malware). The Cyber Genome Program 
    will encompass several program phases and technical areas of 
    interest. Each of the technical areas will develop the cyber 
    equivalent of fingerprints or DNA to facilitate developing 
    the digital equivalent of genotype, as well as observed and 
    inferred phenotype in order to determine the identity, lineage, 
    and provenance of digital artifacts and users."
    [source: FBO.gov via Wired.com]

The Wired.com headline should have read: "Pentagon Searches for 'Digital DNA' to Identify Hackers Crackers"

[26 January 2010, top]
Bruce Schneier On China Cracking Gmail
When Bruce Schneier shares information, I try to learn from it.
   "China's hackers subverted the access system Google 
    put in place to comply with U.S. intercept orders."

Dear Mr. Schneier... And I know this is a little thing, but please, please, please write cracking instead of hacking.

CNN.com::U.S. enables Chinese hacking of Google

[24 January 2010, top]
Computer Security Remains an Oxymoron
@nanofoo received the following tweet from @hblodget on 2010.01.18.
   Is Google Going To Address The Fact That So Many Gmail 
   Accounts Are Getting Hacked?  http://bit.ly/76OW0I

And of course the accounts are being cracked (i.e. not hacked).

@nanofoo sent following tweet as a reply to @hblodget on 2010.01.18.

   About Google Gmail being cracked... Oxymoron? computer security

In a nutshell, Google's Gmail is popular; therefore, it is going to be a popular target for crackers and cyber-terrorists. The fact that Gmail gets cracked provides definitive proof that computer security is downright difficult and it is why computer security gurus make lots of money.

[18 January 2010, top]
Baidu Cracked By Crackers
The Slashdot posting makes reference to the "Iranian Cyber Army."
   "Chinese netizens pointed out that the hackers, who call 
    themselves 'Iranian Cyber Army', changed Baidu's DNS 
    records, redirecting traffic to another site."
    --English.People.com.cn

The "hackers" that took down Baidu were "crackers."

YRO.Slashdot.org::Twitter Hackers Take Down Baidu

[13 January 2010, top]
Google Gmail To Default To HTTPS
I agree with Google's assessment.
   "Over the last few months, we've been researching the 
    security/latency tradeoff and decided that turning https 
    on for everyone was the right thing to do."

Gmailblog.Blogspot.com::Default https access for Gmail

[13 January 2010, top]
2010 Starts With a SpamAssassin Bug
Yup... With respect to regular expressions 20[1-9][0-9] matches 2010.

Yet more evidence (like we needed more) that processing dates and times on a computer is non-trivial.

Secure.Grepular.com::SpamAssassin 2010 bug

[02 January 2010, top]
About the Security Watchdog
The Security Watchdog starts 2010 with 497 postings. This blog was started during March of 2000 and the current world of computer security is worse now than it was then. Needless to say, there will always be content for the Security Watchdog for at least the next couple of years.

Security Watchdog Archives: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000

[01 January 2010, top]


Creator: Gerald Thurman [deru@deru.com]
Last Modified: Saturday, 05-Jan-2013 11:17:39 MST

Thanks for Visiting