Ciber-guerra 2.0

"A recent weapons flight test in the Utah desert may change future warfare after the missile successfully defeated electronic targets with little to no collateral damage.

Boeing [NYSE: BA] and the U.S. Air Force Research Laboratory (AFRL) Directed Energy Directorate, Kirtland Air Force Base, N.M., successfully tested the Counter-electronics High-powered Microwave Advanced Missile Project (CHAMP) during a flight over the Utah Test and Training Range that was monitored from Hill Air Force Base.

CHAMP, which renders electronic targets useless, is a non-kinetic alternative to traditional explosive weapons that use the energy of motion to defeat a target.

Notícia completa no site da Boeing

A cara de um hacker

Irritada com os contantes ataques, a Georgia publicou um relatório com diversos detalhes interessantes, incluindo duas fotografias de um alegado hacker.
Notícia na ZDnet

Suporte a AES nos CPUs Intel

do site do TrueCrypt:

Some processors (CPUs) support hardware-accelerated AES encryption,* which is typically 4-8 times faster than encryption performed by the purely software implementation on the same processors.
By default, TrueCrypt uses hardware-accelerated AES on computers that have a processor where the Intel AES-NI instructions are available. Specifically, TrueCrypt uses the AES-NI instructions that perform so-called AES rounds (i.e. the main portions of the AES algorithm).** TrueCrypt does not use any of the AES-NI instructions that perform key generation.
Note: By default, TrueCrypt uses hardware-accelerated AES also when an encrypted Windows system is booting or resuming from hibernation (provided that the processor supports the Intel AES-NI instructions).
To find out whether TrueCrypt can use hardware-accelerated AES on your computer, select Settings >Performance and check the field labeled 'Processor (CPU) in this computer supports hardware acceleration for AES'.
To find out whether a processor you want to purchase supports the Intel AES-NI instructions (also called "AES New Instructions"), which TrueCrypt uses for hardware-accelerated AES, please check the documentation for the processor or contact the vendor/manufacturer. Alternatively, click here to view an official list of Intel processors that support the AES-NI instructions. However, note that some Intel processors, which the Intel website lists as AES-NI-supporting, actually support the AES-NI instructions only with a Processor Configuration update (for example, i7-2630/2635QM, i7-2670/2675QM, i5-2430/2435M, i5-2410/2415M). In such cases, you should contact the manufacturer of the motherboard/computer for a BIOS update that includes the latest Processor Configuration update for the processor.

Fuzzers

Uma longa lista de fuzzers no site do livro "Fuzzing: Brute Force Vulnerability Discovery": http://www.fuzzing.org/


Vulnerabilidades em apps Android

Popular Android Apps Vulnerable
Security study finds flawed SSL implementations in more than 1,000 Android apps.
http://www.informationweek.com/security/vulnerabilities/popular-android-apps-vulnerable/240009507

Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security
http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
 
(com agradecimentos ao Diego Kreutz) 

Negócio na ciber-guerra

"só um ‘rookie’ pode ignorar esta ‘bonanza’"

A oportunidade da ciberguerra para… os investidores
Inteligência Económica

CloudFlare e DDoS

A CloudFlare opera uma content distribution network (CDN) e é especialista em proteger sites de ataques DDoS. O artigo explica como o consegue com 23 datacenters à volta do mundo e usando Anycast.

One big cluster: How CloudFlare launched 10 data centers in 30 days

On August 22, CloudFlare, a content delivery network, turned on a brand new data center in Seoul, Korea—the last of ten new facilities started across four continents in a span of thirty days. The Seoul data center brought CloudFlare's number of data centers up to 23, nearly doubling the company's global reach—a significant feat in itself for a company of just 32 employees.

(...)

In the two years since its launch, the content delivery network and denial-of-service protection company has helped keep all sorts of sites online during global attacks, both famous and infamous—including recognition from both Davos and LulzSec. And all that attention has amounted to Yahoo-sized traffic—the CloudFlare service has handled over 581 billion pageviews since its launch.

Yet CloudFlare does all this without the sort of Domain Name Service "black magic" that Akamai and other content delivery networks use to forward-position content—and with only 32 employees. To reach that level of efficiency, CloudFlare has done some black magic of a different sort, relying on open-source software from the realm of high-performance computing, storage tricks from the world of "big data," a bit of network peering arbitrage and clever use of a core Internet routing technology.

In the process, it has created an ever-expanding army of remote-controlled service points around the globe that can eat 60-gigabit-per-second distributed denial of service attacks for breakfast.

(...)

CloudFlare's CDN is based on Anycast, a standard defined in the Border Gateway Protocol—the routing protocol that's at the center of how the Internet directs traffic. Anycast is part of how BGP supports the multi-homing of IP addresses, in which multiple routers connect a network to the Internet; through the broadcasts of IP addresses available through a router, other routers determine the shortest path for network traffic to take to reach that destination.

Using Anycast means that CloudFlare makes the servers it fronts appear to be in many places, while only using one IP address. "If you do a traceroute to Metallica.com (a CloudFlare customer), depending on where you are in the world, you would hit a different data center," Prince said. "But you're getting back the same IP address."

That means that as CloudFlare adds more data centers, and those data centers advertise the IP addresses of the websites that are fronted by the service, the Internet's core routers automatically re-map the routes to the IP addresses of the sites. There's no need to do anything special with the Domain Name Service to handle load-balancing of network traffic to sites other than point the hostname for a site at CloudFlare's IP address. It also means that when a specific data center needs to be taken down for an upgrade or maintenance (or gets knocked offline for some other reason), the routes can be adjusted on the fly.

(...)

artigo completo no site da ArsTechnica

Ataques 0-day piores do que se pensava

Zero-day attacks are meaner, more rampant than we ever thought
ArsTechnica




Computer attacks that target undisclosed vulnerabilities are more common and last longer than many security researchers previously thought. The finding comes from a new study that tracked the number and duration of so-called zero-day exploits over three years.

The typical zero-day attack, by definition, exploits software flaws before they are publicly disclosed. It lasts on average 312 days, with some lasting as long as two and a half years, according to the study by researchers from antivirus provider Symantec. Of the 18 zero-day attacks the researchers found between 2008 and 2011, 11 of them previously went undetected. Recent revelations that the Stuxnet malware that sabotaged Iranian nuclear facilities relied on five zero days already underscored the threat posed by such attacks. But the researchers said their findings suggest the menace may be even greater.

"Zero-day attacks are difficult to prevent because they exploit unknown vulnerabilities, for which there are no patches and no anti-virus or intrusion-detection signatures," they wrote. "It seems that, as long as software will have bugs and the development of exploits for new vulnerabilities will be a profitable activity, we will be exposed to zero-day attacks. In fact, 60 percent of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many."

Researchers Leyla Bilge and Tudor Dumitras conducted a systematic study that analyzed executable files collected from 11 million computers around the world from February 2008 to March 2012. Three of the zero-day exploits they found were disclosed in 2008, seven were disclosed in 2009, six were disclosed in 2010, and two were disclosed in 2011. (The binary reputation data the researchers relied on prevented them from identifying attacks in 2012.) An attack on many versions of Microsoft Windows, which appears to have gone undetected as a zero day until now, had the shortest duration: just 19 days. An exploit of a separate security bug in the Windows shell had the longest duration: 30 months.

notícia completa no site da ArsTechnica

Food for thought: Duas empresas tecnológicas chinesas consideradas "ameaças à segurança" dos EUA

Dá que pensar...

Duas empresas tecnológicas chinesas consideradas "ameaças à segurança" dos EUA
Público

Duas das maiores empresas tecnológicas e fabricantes de smartphones do mundo, as chinesas Huawei e ZTE, são acusadas pelos EUA de representarem uma ameaça à segurança do país. Uma comissão da Câmara dos Representantes recomenda às empresas norte-americanas que evitem fazer negócios com as duas companhias chinesas.

"A China tem meios, oportunidades e motivos para usar as empresas de telecomunicações para fins maliciosos", lê-se num relatório da comissão de segurança da Câmara dos Representantes, que é na sua maioria composta por membros do Partido Republicano.

No mesmo documento, afirma-se que "a Huawei e a ZTE não conseguiram acalmar as preocupações desta comissão pelos problemas de segurança decorrentes da sua contínua expansão nos Estados Unidos. Dado o seu comportamento obstrucionista, a comissão acredita que este facto tornou imperativa a procura de uma solução para este problema".

O relatório da comissão de segurança do Congresso recomenda mesmo às empresas norte-americanas que não façam negócios com a Huawei e com a ZTE por causa das alegadas ligações destas duas companhias ao Governo chinês: "Com base em várias informações – sigilosas e públicas –, não podemos considerar que a Huawei e a ZTE estejam livres da influência de um Estado estrangeiro e, portanto, constituem uma ameaça à segurança dos Estados Unidos e aos nossos sistemas."

notícia completa no site do Público

NIST escolhe o SHA-3, Keccak

NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition

From NIST Tech Beat: October 2, 2012

"The National Institute of Standards and Technology (NIST) today announced the winner of its five-year competition to select a new cryptographic hash algorithm, one of the fundamental tools of modern information security.

The winning algorithm, Keccak (pronounced “catch-ack”), was created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors. The team’s entry beat out 63 other submissions that NIST received after its open call for candidate algorithms in 2007, when it was thought that SHA-2, the standard secure hash algorithm, might be threatened. Keccak will now become NIST’s SHA-3 hash algorithm."

Notícia no site do NIST

Explicação do Keccak

(com agradecimentos à Ibéria Medeiros)

Secretas inglesas aconselham empresas sobre ciber-segurança

Business leaders urged to step up response to cyber threats

The UK’s most senior business leaders are getting new advice on how to better tackle the growing cyber threats to their companies.

Currently, too few company chief executives and chairs take a direct interest in protecting their businesses from cyber threats.

So now, for the first time, the Government and intelligence agencies are directly targeting the most senior levels in the UK’s largest companies and providing them with advice on how to safeguard their most valuable assets, such as personal data, online services and intellectual property.

Today, the Government is launching Cyber Security Guidance for Business at an event attended by FTSE 100 CEOs and Chairs, Ministers from the Department for Business, Innovation and Skills (BIS), Foreign Office, Cabinet Office, Home Office and senior figures from the intelligence agencies.

Business Secretary Vince Cable said:

“Cyber security threats pose a real and significant risk to UK business by targeting valuable assets such as data and intellectual property. By properly protecting themselves against attacks companies are protecting their bottom line.

“Ensuring this happens should be the responsibility of any chief executive or chair as part of an approach to good corporate governance which secures a business for the long-term.”

notícia completa

Vulnerabilidade em modems DSL afecta 4,5 milhões no Brasil

DSL modem hack used to infect millions with banking fraud malware
ArsTechnica

Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.

The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

"This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems," Assolini wrote in a blog post published on Monday morning. "This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months."

Assolini said the mass attack was the result of a "perfect storm" brought on by the inaction of a variety of key players, including ISPs, modem manufacturers, and the Brazilian governmental agency that approves network devices, but failed to test any of the modems for security.

It remains unclear which modem manufacturers and models are susceptible to the attacks. Assolini said a vulnerability disclosed in early 2011 appears to be caused by a chipset driver included with modems that use hardware from communications chip provider Broadcom. It allows a CSRF attack to take control of the administration panel and capture the password set on vulnerable devices. Assolini doesn't know precisely when, but at some point attackers began exploiting the vulnerability on millions of Brazilian modems. In addition to pointing the devices to malicious DNS servers, the attackers also changed the device passwords so it would be harder for victims to change the malicious settings.


notícia completa no site da ArrTechnica