Kit "faça você mesmo" uma botnet

Foi descoberto um kit em estilo "faça você mesmo" a sua botnet. Algumas características:
  • Possibility to carry out DDoS attacks
  • SOCKS; bot owner can use victim’s pc as proxy
  • Firefox password stealer; stealing passwords saved in Firefox database
  • Remote execution of any file
  • Pidgin password stealer; stealing passwords from the instant messenger Pidgin
  • jDownloader password stealer; stealing passwords from a downloader of one-click hoster
A notícia na ZDnet: DIY botnet kit spotted in the wild

Microsoft neutraliza a botnet Kelihos or Waledac 2.0

Depois das botnets Rustock e Waledac, a Microsoft Digital Crimes Unit neutralizou a botnet Kelihos, também conhecida por Waledac 2.0 devido às alegadas ligações entre as duas. A Kelihos era usada para enviar spam. Sendo relativamente pequena (!), apenas 41 mil máquinas, tinha a capacidade de enviar 3,8 biliões de mensagens de email por dia.

Apesar de estar longe de ser o primeiro caso do género, é de certo modo uma mudança em relação à segurança informática clássica: em vez de (apenas) proteger as potenciais vítimas, apanhar os criminosos (ou tirar-lhes os meios de acção).

A notícia no blog da Microsoft:
Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case

Quem tem mais servidores?

Não tem muito a ver com segurança, mas é muito interessante:

Who Has the Most Web Servers?

(Apesar no topo ser Maio de 2009, os números foram actualizados em Agosto de 2011)

Domain-in-the-Middle Attacks

"It's an easy attack. Register a domain that's like your target except for a typo. So it would be countrpane.com instead of counterpane.com, or mailcounterpane.com instead of mail.counterpane.com. Then, when someone mistypes an e-mail address to someone at that company and you receive it, just forward it on as if nothing happened."

fonte: Schneier on Security

Need to know rule

Bernard Woolley: But, you only need to know things on a need-to-know basis.

Sir Humphrey Appleby: I need to know *everything*. How else can I judge whether or not I need to know it?

Bernard Woolley: So that means you need to know things even when you don't need to know them. You need to know them not because you need to know them but because you need to know whether or not you need to know. If you don't need to know, you still need to know so that you know that there is no need to know.

Sir Humphrey Appleby: Yes!

Bernard Woolley: Good. That's very clear!

From the “Yes Prime Minister” sitcom

pergunta para recuperar uma password

Muito bom, ou melhor, muito mau! Copy&past do site do Bruce Schneier:

New Lows in Secret Questions

I've already written about secret questions, the easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password. Here's a new one, courtesy of the National Archives: "What is your preferred internet password?" I have been told that Priceline has the same one, which implies that this is some third-party login service or toolkit.

imagem:

A Saga DigiNotar

Google, Mozilla and Microsoft ban the DigiNotar Certificate Authority in their browsers
Zero Day


"According to multiple blog posts, Google, Mozilla and Microsoft have already banned the DigiNotar Certificate Authority in their browsers. This preemptive move comes as a direct response to the mess that DigiNotar created by issuing over 200 rogue certificates for legitimate web sites and services — see a complete list of the affected sites and services.

Earlier this week, Google reported of attempted man-in-the-middle attacks executed against Google users, and most recently, TrendMicro offered insights into a large scale spying operation launched against Iranian web users.

(...)

Meanwhile, the Dutch government issued a statement saying that it “cannot guarantee the security of its own websites” and is “taking over the company’s (DigiNotar) operations.” “the user of government sites no longer has the guarantee … that he is on the site where he wanted to be,” Interior Minister Piet Hein Donner said at a pre-dawn press conference.

Moreover, Illinois-based VASCO, which owns the Dutch-based DigiNotar issued the following statement: DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.

(...)