Most DDoS Attacks Originate From China

A company that protects against DDoS attacks, Prolexic Technologies, released its attack report for Q3 2011. There’s a lot to the report, including that Prolexic mitigated what it claims is the largest event in 2011 (in terms of packet-per-second volume). That attack occurred between November 5-12 and, according to Prolexic, portends the increasing scale and complexity of DDoS attacks.

Indeed, the report shows that DDoS attacks are increasing in terms of bandwidth (up 66% from Q3 2010) and packets-per-second, which is up nearly four-fold from the same time period a year ago.

What is perhaps most notable, however, is where the attacks are coming from. The report found that China was the biggest offender, responsible for over half (55%) of all DDoS attacks. For perspective, number two on the list is India, with 8.69% of the attacks.

Further, China is responsible for most of the botnets being sent out; it’s the country of origin for the two largest ASNs. One accounts for 43.88% of them, and the other 21.79%. Again, for perspective, the third-largest botnet is from Turkey and gobbles up just 9%.

Original post found at: http://hothardware.com/News/Most-DDoS-Attacks-Originate-From-China-Says-Report/

CSET: The Cyber Security Evaluation Tool!

with the recent surge in vulnerabilities related to the SCADA systems, it is highly imperative by organizations to securely manage their setups. CSET, the Cyber Security Evaluation Tool by Department of Homeland Security (DHS) aids organizations in properly securing their digital property. This tool will help organizations to better evaluate their network safety structure, enabling them to detect their weaknesses so that remote attackers can be prevented and combated.

CSET

The Cyber Security Evaluation Tool (CSET) can provide you with a systematic and repeatable approach for assessing the cyber security posture of your industrial control systems (ICS) networks and IT systems. It also includes both highlevel and detailed questions related to all ICS, so that organizations can protect their key cyber assets. CSET is an easy to install desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

Download CSET:

CSET v4.0 – CSET_4.0.iso – http://us-cert.gov/control_systems/csetdownload.html

Government Use GPS to Track Your Moves on your own car.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn't violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn't tracking your movements.

That is the bizarre — and scary — rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants — with no need for a search warrant.

read more here : http://www.time.com/time/nation/article/0,8599,2013150,00.html

One of these devices was torn down here:

Tracking Device Teardown

The crazy thing is it is totally legit.

How unique are your usernames?

* Monday, February 14, 2011
* By Robert Lemos

By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users.

"These results show that some users can be profiled just from their usernames," says Claude Castelluccia, research director of the security and privacy research group at INRIA, and one of the authors of a paper on the work. "More specifically, a profiler could use usernames to identify all the site [profiles] that belong to the same user, and then use all the information contained in these sites to profile the victim."

A scammer could use this information to build a profile of a person and then target them with convincing phishing messages—perhaps referring to specific purchases on another website. The INRIA researchers developed a way to determine how unique a username is, and a method of connecting usernames based on the information published to different sites.

Those who have more unique usernames are more vulnerable. "The other 50 percent of users are more difficult to link because their usernames have 'low' entropy and could in fact be linked to multiple users," says Daniele Perito, a doctoral candidate at INRIA, who was involved with the work. The INRIA researchers have created a tool that can check how unique a username is, and thus how easily an attacker could use it to build a profile of a person.

Lost iPhone? - Lost passwords!

OPENBSD backdoored by FBI?

List: openbsd-tech
Subject: Allegations regarding OpenBSD IPSEC
From: Theo de Raadt
Date: 2010-12-14 22:24:39
Message-ID: 201012142224.oBEMOdWM031222 () cvs ! openbsd ! org
[Download message RAW]

I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
our network stack, in particular the IPSEC stack. Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of
the code are now found in many other projects/products. Over 10
years, the IPSEC code has gone through many changes and fixes, so it
is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for
nearly 10 years. I refuse to become part of such a conspiracy, and
will not be talking to Gregory Perry about this. Therefore I am
making it public so that
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

Of course I don't like it when my private mail is forwarded. However
the "little ethic" of a private mail being forwarded is much smaller
than the "big ethic" of government paying companies to pay open source
developers (a member of a community-of-friends) to insert
privacy-invading holes in software.

----

From: Gregory Perry
To: "deraadt@openbsd.org"
Subject: OpenBSD Crypto Framework
Thread-Topic: OpenBSD Crypto Framework
Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg==
Date: Sat, 11 Dec 2010 23:55:25 +0000
Message-ID: <8D3222F9EB68474DA381831A120B1023019AC034@mbx021-e2-nj-5.exch021.domain.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status: RO

Hello Theo,

Long time no talk. If you will recall, a while back I was the CTO at
NETSEC and arranged funding and donations for the OpenBSD Crypto
Framework. At that same time I also did some consulting for the FBI,
for their GSA Technical Support Center, which was a cryptologic
reverse engineering project aimed at backdooring and implementing key
escrow mechanisms for smart card and other hardware-based computing
technologies.

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI. Jason
Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC.

This is also probably the reason why you lost your DARPA funding, they
more than likely caught wind of the fact that those backdoors were
present and didn't want to create any derivative products based upon
the same.

This is also why several inside FBI folks have been recently
advocating the use of OpenBSD for VPN and firewalling implementations
in virtualized environments, for example Scott Lowe is a well
respected author in virtualization circles who also happens top be on
the FBI payroll, and who has also recently published several tutorials
for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

Merry Christmas...

Gregory Perry
Chief Executive Officer
GoVirtual Education

"VMware Training Products & Services"

540-645-6955 x111 (local)
866-354-7369 x111 (toll free)
540-931-9099 (mobile)
877-648-0555 (fax)

http://www.facebook.com/GregoryVPerry
http://www.facebook.com/GoVirtual



FOUND HERE : http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Skype's Biggest Secret Revealed

For eight years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries. Those who could, didn’t dare to publish their code, as it most certainly looked scarier than Frankenstein.

The time has come to reveal this secret. http://cryptolib.com/ciphers/skype contains the greatest secret of Skype communication protocol, the obfuscated Skype RC4 key expansion algorithm in plain portable C. Enjoy!

Why publish it now? - It so happened that some of our code got leaked a couple of months ago. We contacted Skype reporting the leak. Only weeks later, our code is already being used by hackers and spammers and we are abused by Skype administration. I do not want to go into any finger-pointing details here, but naturally, we do not wish to be held responsible for our code being abused. So we decided that the time has come for all the IT security experts to have it. Why let the hackers have the advantage? As professional cryptologists and reverse engineers, we are not on their side. Skype is a popular and important product. We believe that this publication will help the IT security community help secure Skype better.

However, for the time being, we are not giving away a licence to use our code for free in commercial products. Please contact us if you need a commercial licence.

It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption - the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all. If you want to know more, come to Berlin for 27C3 to hear all the juicy details on how to use this function to decrypt Skype traffic.

With best regards,
Skype Reverse Engineering Team