Monday, June 20, 2011

The Rich Seize Internet Name-space!

ICANN (the controlling authority for the Internet) will accept applications ($185,000) for new root domain names (i.e. website suffixes like .com and .net), for 90 days, beginning Jan 12, 2012.  Winners awarded their domain name (e.g.: .ipod, .apple, .cisco, .pepsi, .democrat, .republican, .healthcare, .books, .worldbank, etc.) must pay $25,000 annually.  These new root domain names can be in "nearly any word in any language, including in Arabic, Chinese and other scripts", this was decided at a meeting today in Singapore.  (Source:  Associated Press)

What does this mean?  It means that .com just became a "second class" root domain.  I'm not sure that this is good for small businesses in any way - but, that obviously isn't a concern for ICANN.  Anyone who can afford the process can apply for any root domain name they want.  If two people or entities want the same domain name, they can bid on it - so who ever has more money wins.  If, for example, Pepsi and Coke, in addition to applying for .pepsi and .coke, both wanted .drink or .beverage or .pop or .soda - they could fight it out in good ol' greenbacks via public auction.

That is all well and good for Pepsi and Coke; but, what about a small Information Security Company, like CyberCede Corporation?  What are the chances that web traffic going to cybercede.com will decrease in favor of being directed to whomever owns .infosec, or .security?

The face of the Internet is about to change - perhaps more drastically than it has changed since its inception.

This also means that there are sites you just won't be able to reach without knowing a foreign language, or without having a modification to your keyboard to allow you to type in non-Romanic characters.  I think this is significant.  Up until this point, the Internet has been a global unifying movement.  Sure, you can find pages that have foreign language content today - but you can at least read the address of that page in English.  I would go so far as to believe that Internet use could have been contributing to the adoption of English as a global standard language for international communication.

While some might scream "mono-culture" - that simply isn't what I'm talking about here.  It is a well documented fact that a national language goes far in unifying a people.  In the same way, English has unified many people around the world via the Internet.  In some very small way, we were, in my humble opinion, rolling back the damage done by the Biblical tale of the Tower of Babylon.  The world has been "getting smaller", and in large part that has been because of the Internet.  I think this move will reverse that perception.

To sum it up - we can expect big money to create great domain space names, and attempt to market .com into obscurity; and, using a US English keyboard, where previously it was a gateway to information in every corner of the world, will now become a limiting factor - barring entrance to foreign sites for the average American.  But hey - who cares, right?  Most Americans don't actually get world-wide information from the Internet.  Their computers are the little brother to their massive television sets, that broadcast 'truth' directly into their subconscious minds.  After all - TV is only meant for mindless relaxation and reassurance; and, the Internet is just for Facebook games and Porn, right?  As long as I can order my pizza online - I don't care what they do.  Mmmm pizza and sitcoms - the American Dream.  Go back to sleep .... go back to sleep.  OH?! incoming facebook message on my phone!  Oh it's just a someone using facebook to promote their blog... go back to sleep.... go back to sleep.  zzzzz



Wednesday, March 23, 2011

Cyber Attack From Iran

A well prepared attacker with an IP address originating in Tehran, Iran (212.95.136.18) compromised a user account in an RA (Registration Authority) at comodo.com, created themselves a new userID, and quickly generated CSRs (Certificate Signing Requests) for nine certificates.  Comodo is a certification authority present in the Trusted Root Certification Authorities Store on Microsoft Windows, as well as all modern web browsers such as Mozilla Firefox and Google's Chrome.

Given proper circumstances, the resulting certificates could be used to spoof content, conduct phishing attacks, and/or perform man-in-the-middle attacks against all popular browsers, across many platforms.  Using these certificates, the attacker could redirect a victim to a forged Firefox plug-in download page, and deliver them malicious add-ons to install.  The certificate would appear valid to the the browser, so there would be no warning to the user that something was amiss.  At that point, the attacker could control the lion's share of computer's in American homes.

However, upon discovery, all certificates were revoked.  This will make using the forged certificates much more difficult, and much less far reaching (unless other key components of our Internet infrastructure are also compromised, namely our DNS systems).  Comodo could only verify that one of the certificates generated was actually received by the attacker.  Comodo reported, "Our systems indicate that when this one certificate was first tested it received a 'revoked' response from our OCSP responders.  The site in Iran on which the certificate was tested quickly became unavailable."


It is believed that "this was likely to be a state-driven attack".

At least it looks that way.  Of course - in cyberspace - things aren't always what they seem.  The attack could have just as easily been conducted by an American Warhawk, who compromised a system in Iran, and launched the attack from there.  However, Comodo reported that, "The Iranian government has recently attacked other encrypted methods of communication."

In order to use these certificates maliciously, there would have to be additional DNS tom-foolery.  Do the attackers already have that piece of the attack 'in the bag'? 

You may recognize some of these domain names.  It looks like this was an attack against communications, as opposed to banks or online-shopping sites, as a criminal might attempt.


In any event - even though the certificates in question were revoked, Microsoft released a patch.  If you are running windows, you should apply that patch.


From the comodo release:

Fraudulently issued certificates

9 certificates were issued as follows:
Domain:  mail.google.com    [NOT seen live on the internet]
Serial:  047ECBE9FCA55F7BD09EAE36E10CAE1E

Domain:  www.google.com  [NOT seen live on the internet]
Serial:  00F5C86AF36162F13A64F54F6DC9587C06

Domain:  login.yahoo.com  [Seen live on the internet]
Serial:  00D7558FDAF5F1105BB213282B707729A3

Domain:  login.yahoo.com    [NOT seen live on the internet]
Serial:  392A434F0E07DF1F8AA305DE34E0C229

Domain:  login.yahoo.com     [NOT seen live on the internet]
Serial:  3E75CED46B693021218830AE86A82A71

Domain:  login.skype.com     [NOT seen live on the internet]
Serial:  00E9028B9578E415DC1A710A2B88154447

Domain:  addons.mozilla.org     [NOT seen live on the internet]
Serial:  009239D5348F40D1695A745470E1F23F43

Domain:  login.live.com     [NOT seen live on the internet]
Serial:  00B0B7133ED096F9B56FAE91C874BD3AC0

Domain:  global trustee     [NOT seen live on the internet]
Serial:  00D8F35F4EB7872B2DAB0692E315382FB0

Thursday, March 10, 2011

New Definition: TMH is Too Much Help

 TMH:  Too Much Help

Every now and again we need to come up with new words to describe something in our ever-changing world.  In the Digital Age, we often use abbreviations.  Some abbreviations, such as "LOL", for "Laughing out Loud" and "BRB", for "Be Right Back" have moved from what we might call "geek-space" into everyday use.  Cell phones, and their ability to send text messages have spread these sort of practices far and wide.  This new abbreviation is derived from an already popular abbreviation used in verbal communications: "TMI", which stands for "Too Much Information".

Because many of us have become very impatient, as well as very reliant upon spell checkers, some "auto-correct" features have been built into many mobile phone text message clients.  The "auto-correct" features, as anyone who has used them will attest, sometimes offer "too much help". 

It is because of this shortcoming that I have the distinct honor of bringing you a new abbreviation.  TMH

TMH stands for too much help.  The reason it is a useful abbreviation is because the person who has become a victim of the helpful auto-correct feature is often oblivious to the fact that their text messages was auto-corrected into obscurity.

Here is an example text message session to illustrate the point:

Bridget:  we'd paper

Metajunkie: tmh

Bridget:  We need paper

Metajunkie: OK, I'll pick some up on way home

Here is another example text message:


Bridget:  Innuendo and her husband can't come out on Friday
Metajunkie:  Who is innuendo?
Bridget:  Bonnie
Metajunkie:  why do you call her innuendo?
Bridget:  tmh
Metajukie: oic

and one last one for good measure:

Bridget:  pick up milk
Metajunkie:  tmh?
Bridget: ha ha. no - really - pick up milk

I think we will all be able to put the abbreviation "tmh" to good use.

Happy texting!

Metajunkie

Friday, January 28, 2011

Qwiki Entries for some Malware related terms

Rather than searching with Google, to get an understanding of some key terms regarding cyber-jutsu, and the threats to your computer, check out these links to Qwiki.com articles.


Qwiki.com is a new way to learn about a topic quickly. Perhaps best of all, for many of us who have tired eyes from reading our computer screens all day – or those of us who are just plain lazy... Qwiki.com reads the entry to you. It should be noted that the pronunciation of all words is not quite “spot on” yet. The site is very cool – but unquestionably - “in the works”.


Some terms all computer users should be familiar with:


http://www.qwiki.com/q/#!/Malware


http://www.qwiki.com/q/#!/Botnet


http://www.qwiki.com/q/#!/Trojan_horse_%28computing%29


http://www.qwiki.com/q/#!/Keystroke_logging


http://www.qwiki.com/q/#!/Rootkit