Security Now 325
Topic: TCP Pt 3: Necessary Refinements
Recorded: November 2, 2011
Published: November 2, 2011
Security Now 325: TCP Pt 3: Necessary Refinements
- EFF study finds that 4 Certificate Authorities have been compromised in the last 4 months
By studying the Certificate Revocation Lists (CRL) published Revocation Reason: * NULL * Affiliation Changed * CA Compromise * Certificate Hold * Cessation of Operation * Key Compromise * Privilege Withdrawn * Superseded * Unspecified (See posting for the ways CA's can be tricked.) SANS Security Institute Editors: (Liston): The entire SSL Certificate system is founded on the faulty premise that we should trust a corporation simply because they claim to be trustworthy. These companies have taken on a huge responsibility as a part of their business model, and have simply not taken the kinds of precautions one should take when voluntarily positioning oneself as the basket containing all the chickens. (Murray): We do not have to have a perfect system of key management but vendors who want to offer services in the security space have to have good security. Their brands are essential to their viability and they are very fragile.
- SANS: BT Must Start Blocking Newzbin 2 Within Two Weeks
A UK High Court judge has given British Internet service provider (ISP) BT two weeks to implement a plan to block Newzbin2, a membership-only site known for making pirated content available. The ruling is the result of a lawsuit brought by US movie companies. The judge decided that BT was aware of the copyright infringement activity occurring on Newzbin2 and had ruled in July that the company must prevent its customers from being able to access that site. The judge also ruled that "the costs of implementing the order should be borne by BT." (Murray): Seems to me that BT is a victim here. They are being made responsible for the criminal activity of others. They are being forced to do something both expensive and ineffective. The Internet routes around censorship. How much damage are the rest of us supposed to endure because the publishers cannot figure out how to offer their products at a price both profitable to them and not so high as to create a black market? (Liston): This all sounded somewhat reasonable up until the last sentence. If the movie companies expect ISPs to block access to sites at their behest, then they really should be footing the bill. They own the copyright, they benefit financially from its protection, so expecting a disinterested third-party to cover the costs of implementing a block on infringing websites seems a bit over the top.]
- Medtronic Insulin Pump Attacks "Improve"
Bruce Schneier: "Attacks never get worse, they only get better." SANS: A researcher who last year developed a method of taking control of ATMs so they would dispense cash at his behest has now devised an attack that allows him to take control of certain wireless insulin pumps. The attack could be used to deliver incorrect doses of insulin to patients. The pumps in question, which are made by Medtronic, contain radio transmitters that allow doctors and patients to make adjustments. With specialized equipment, the attack could be conducted at a distance of up to 300 feet and does not require the attacker to know the device's serial number. The pumps at present do not use encryption while transmitting information.
- Proposed Legislation Would Broaden US Government's Authority to Blacklist Piracy Websites
SANS: Legislators in the US House of Representatives have introduced a bill that would increase the government's authority to shut down web sites that offer products that violate copyright and trademark laws. The proposed legislation would allow the Justice Department to obtain court orders requiring ISPs in the US to stop resolving DNS for the offending websites; the sites could still be accessible outside the US. The bill would also allow the government to order search engines to remove certain websites from their results. The US attorney general would also be granted the authority to block distribution of workarounds to allow access to blacklisted sites.
- Symantec calls "Nitro" a focused and concerted attack against Chemical and Defense Companies
SANS: Symantec researchers say that a wide-reaching industrial espionage they are calling "Nitro" has targeted both defense and chemical companies. The attacks appear to be designed to steal confidential information. Nearly 50 companies have been targeted in the campaign since July 2011. Those behind the attack are interested in "proprietary designs, formulas, and manufacturing processes." The attacks proceeded unhindered from the mid-July until mid-September. Most of the infected computers were in the US, the UK and Bangladesh. Computers in 17 other countries were infected as well. The attacks spread through email messages sent to IT departments at targeted organizations, pretending to be requests for meetings or warnings about unpatched Adobe programs. The Trojan used in the attacks is known as PoisonIvy and is readily available on the Internet.
- Mac OSX gets Bitcoin Mining Malware
Malware known as DevilRobber has been detected on Mac OS X computers. It makes its way onto computers by being bundled with Mac applications available on file sharing networks. DevilRobber has several components. It attempts to steal usernames and passwords; it tries to steal users' Bitcoin wallets; and it hijacks computers' processing power to conduct Bitcoin mining. The virtual currency is earned by using processing power to help solve complex cryptographic problems.
- Backpeddling on DuQu Trojan.
No longer so clear that it's closely related to Stuxnet. It's turning up all over the place, and researchers aren't yet clear about it's intentions.
- Matt Yakel (@mattyakel) Poteau, OK: @sggrc You're right my @firefox 7.0.1 was about 800Mb of RAM this morning killed it, now 250Mb, 2 mins later it's @ 320Mb #FAIL
- Sean T (@SeanT6) Hi Steve try out "Memory Fox" It really works and reduces firefox memory use. It's at the mozilla add on's page.
- Also tweeted: Testing Firefox 8, I can say "Mozilla has awaken!" But another add on called "Memory fox" has fixed the memory bug. I need to load 100 tabs.
- New GMAIL APP for iOS - from iTunes for the iPhone & iPad
- Latest Desktop Operating System Market Share Report
http://news.cnet.com/8301-10805_3-20128371-75/windows-xp-usage-dips-but-its-still-top-os/ XP: 48% Win7: 35% Vista: 9% Mac OSX v10.6 4% Max OSX v10.7 2% Linux 1% Other 2% 887 days of XP support remaining (April 2014)
Topic: TCP Pt.3 - Necessary Refinements
Coping with large Bandwidth-Delay Products / "Bytes in Flight" Large Bandwidth*Delay Products - aka - "LFN": Long Fat Networks Why the "product" of B and D? How much "data in flight" ?? Not much data being sent, then little data-in-flight even if it takes a while. Lots of data being sent, but little end-to-end delay, then little data-in-flight. BUT... Lots of data *AND* a long end-to-end delay, means LOTS of data in flight. The TCP Receive Window - 16 bits (Header Option: a 1-byte value that specifies a "shift" value) Every incoming TCP packet header contains the latest "receive window" The (internal) TCP Congestion Window For every ACK received, increase CWND by one MSS
GoToAssist.com/securitynow Free for 30 Days
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|