Previous month:
January 2014
Next month:
March 2014

February 2014

Top 5 #infosec reads: February 24-28, 2014

by Matt Piscitello

Government darkware, Android smartphone, oobleck, an academic hoax arms race, and Bruce on NSA at RSA top this week's list of infosec-worthy reads.

NSA May Have A Mask of Its Own

The silent-but-violent malware identified mid-February as the Mask has been hitting computers for nearly seven years undetected. More alarming was the speculation this week that the NSA may have developed its own type of darkware code for government use. The Mask malware uses a variety of simple techniques to subvert security and detection alike. If cybercriminals are capable of writing sophisticate malware, why not national security agencies? 

Android Smartwatch On The Horizon 

O.K., it's not strictly #infosec news but Google's collection of gadgets will expand to include an Android-powered smartwatch. There was no official announcement from Google during Mobile World Congress last Sunday, but "news emerged" that LG among other manufacturers will be involved with development. The street chatter has the smartwatch  in late-stage development and that it will most likely be unveiled at a Google developer event in Summer 2014.

Understanding Where Software and Hardware Meet, As Told by Dr. Seuss 

Matthew Gast (@MatthewSGast) refers to the intersection of hardware and software as "oobleck," a malleable term for the way in which the two meet and work together. Where previously hardware and software were set apart, now they coexist in moment-to-moment unison. Matthew didn't come out and say Silicon Valley will be the new Mount Neeka Tave but... 

MIT Grads Create Gibberish Machines, Discredit The Academic World

Three MIT graduate students conducted an experiment to expose how certain scientific conferences browbeat researchers for papers and accept anything that they receive to boost revenue from conference registration fees or increase academic publication subscription numbers. They wrote a simple computer program that churned out nonsense in the form of an academic paper, signed their names to the papers, and submitted them to prove their hypothesis. The authors made the SCIgen automatic nonsense generator publicly available shortly after their 2005 hoax. Since then, French researcher Cyril Labbé  created a detection program, and  a subsequent study reveals that hoax paper submissions are common and becoming more sophisticated. Hoax researchers are predicting an arms race, but is any of this affecting the well known "publish or perish" cycle?

Bruce Schneier Calls For The NSA To Split


Bruce Schneier may lead the pack when it comes to criticizing the NSA since Edward Snowden first revealed details of their surveillance. Schneier is calling for the intelligence organization to be broken into smaller groups. He listed details of what the NSA was already capable of during his speech at RSA 2014 and joked that the NSA may be developing malware (see NSA May Have A Mask of Its Own). Unsurprisingly, Bruce called for broader us of encryption, saying, "Encryption works. Most Cryptography gives the NSA trouble, and that's important."

DNS zone data access in the “new TLD” era

Top Level Domain zone files –DNS data that are published by registry operators – have many uses beyond the common use as the authoritative source for obtaining IP addresses of the name servers of domain names like, typepad,com, or Security researchers use TLD zone data while investigating botnets, phishing, or other malicious activities. Online brand protection investigators or intellectual property attorneys use TLD zone data to identify malicious registrations that violate trademarks. Businesses use zone data for marketing intelligence, domain name speculation, SEO and more.

Historically, the only requirement for gaining access to TLD zone data was to agree to an Acceptable Use Policy with each of the relatively small number registry operators. Anticipating that the delegation of hundreds of new TLDs would make this process unwieldy for zone data consumers, the ICANN community has deployed Centralized Zone Data Service (CZDS), a portal where you can

  • create an account,
  • create cryptographic keys for secure file transfer,
  • select the TLD zone files you wish to access (all is an option),
  • identify how you will use zone data,
  • agree to terms and conditions,  and
  • identify the IP address registry operators will whitelist for access.


Once your request is approved, you will be able to download the zones you’ve selected via the dashboard. Zone data consumers who have developed scripts or automation can grab an API from github.

The download process is described in Part II, DNS zone data access in the “new TLD” era, Part II: Managing and Downloading zone data.