« January 2014 | Main | March 2014 »

February 2014

Friday, 28 February 2014

Top 5 #infosec reads: February 24-28, 2014

by Matt Piscitello

Government darkware, Android smartphone, oobleck, an academic hoax arms race, and Bruce on NSA at RSA top this week's list of infosec-worthy reads.

NSA May Have A Mask of Its Own

The silent-but-violent malware identified mid-February as the Mask has been hitting computers for nearly seven years undetected. More alarming was the speculation this week that the NSA may have developed its own type of darkware code for government use. The Mask malware uses a variety of simple techniques to subvert security and detection alike. If cybercriminals are capable of writing sophisticate malware, why not national security agencies? 

Android Smartwatch On The Horizon 

O.K., it's not strictly #infosec news but Google's collection of gadgets will expand to include an Android-powered smartwatch. There was no official announcement from Google during Mobile World Congress last Sunday, but "news emerged" that LG among other manufacturers will be involved with development. The street chatter has the smartwatch  in late-stage development and that it will most likely be unveiled at a Google developer event in Summer 2014.

Understanding Where Software and Hardware Meet, As Told by Dr. Seuss 

Matthew Gast (@MatthewSGast) refers to the intersection of hardware and software as "oobleck," a malleable term for the way in which the two meet and work together. Where previously hardware and software were set apart, now they coexist in moment-to-moment unison. Matthew didn't come out and say Silicon Valley will be the new Mount Neeka Tave but... 

MIT Grads Create Gibberish Machines, Discredit The Academic World

Three MIT graduate students conducted an experiment to expose how certain scientific conferences browbeat researchers for papers and accept anything that they receive to boost revenue from conference registration fees or increase academic publication subscription numbers. They wrote a simple computer program that churned out nonsense in the form of an academic paper, signed their names to the papers, and submitted them to prove their hypothesis. The authors made the SCIgen automatic nonsense generator publicly available shortly after their 2005 hoax. Since then, French researcher Cyril Labbé  created a detection program, and  a subsequent study reveals that hoax paper submissions are common and becoming more sophisticated. Hoax researchers are predicting an arms race, but is any of this affecting the well known "publish or perish" cycle?

Bruce Schneier Calls For The NSA To Split

Bruce

Bruce Schneier may lead the pack when it comes to criticizing the NSA since Edward Snowden first revealed details of their surveillance. Schneier is calling for the intelligence organization to be broken into smaller groups. He listed details of what the NSA was already capable of during his speech at RSA 2014 and joked that the NSA may be developing malware (see NSA May Have A Mask of Its Own). Unsurprisingly, Bruce called for broader us of encryption, saying, "Encryption works. Most Cryptography gives the NSA trouble, and that's important."

Posted at 11:00 AM in All matters security, Top Infosec Reads | | Comments (0)

DNS zone data access in the “new TLD” era

Top Level Domain zone files –DNS data that are published by registry operators – have many uses beyond the common use as the authoritative source for obtaining IP addresses of the name servers of domain names like securityskeptic.com, typepad,com, or icann.org. Security researchers use TLD zone data while investigating botnets, phishing, or other malicious activities. Online brand protection investigators or intellectual property attorneys use TLD zone data to identify malicious registrations that violate trademarks. Businesses use zone data for marketing intelligence, domain name speculation, SEO and more.

Historically, the only requirement for gaining access to TLD zone data was to agree to an Acceptable Use Policy with each of the relatively small number registry operators. Anticipating that the delegation of hundreds of new TLDs would make this process unwieldy for zone data consumers, the ICANN community has deployed Centralized Zone Data Service (CZDS), a portal where you can

  • create an account,
  • create cryptographic keys for secure file transfer,
  • select the TLD zone files you wish to access (all is an option),
  • identify how you will use zone data,
  • agree to terms and conditions,  and
  • identify the IP address registry operators will whitelist for access.

Output_X0bZGZ

Once your request is approved, you will be able to download the zones you’ve selected via the dashboard. Zone data consumers who have developed scripts or automation can grab an API from github.

The download process is described in Part II, DNS zone data access in the “new TLD” era, Part II: Managing and Downloading zone data.

Posted at 08:45 AM in Domain names and DNS | | Comments (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories