crankygeek_tech_notes

Hot spots are hot. Located in thousands of airport lounges, hotels, cafés, and even public parks, they allow anyone with an 802.11b wireless LAN card to surf the Web, check e-mail, or even connect to the company LAN at broadband speeds. Before you experience the thrill of surfing the Net while nursing a latte at Starbucks, however, be sure you take the necessary precautions.

All wireless LANs have security issues, but wireless hot spots raise unique concerns. As with any wireless LAN, signals can penetrate walls and ceilings. That means that anyone in range with a standard wireless card can connect, even if they’re sitting out in the parking lot. story here

Hacking isn’t a kid’s game anymore. It’s big business. Online black markets are flush with stolen credit card data, driver’s license numbers, and malware, the programs that let hackers exploit the security weaknesses of commercial software. Cybercriminals have become an organized bunch; they use peer-to-peer payment systems just like they’re buying and selling on eBay, and they’re not afraid to work together.

While the independent hacker still exists (pardon us, but in this story, we’ll refer to “hacker” in the layman’s sense), the FBI sees true organized crime in parts of the hacking community, particularly in Eastern Europe, says special agent Chris Stangl, who works in the bureau’s cybercrime division, the agency’s third largest behind counter-terrorism and intelligence. “You’ll have hackers cracking the machines, individuals collecting the data, and individuals selling for profit,” Stangl says. full story here

When the supposedly uncrackable copy protection used on DVD was indeed cracked back in 1999, two very different messages were received. Hackers and most tech enthusiasts took the crack as yet another sign that these encryption schemes will all, ultimately, fall to the efforts of hackers. The titans of the entertainment industry received another message—a challenge, as it were, to build an even more “robust” content protection system.

To do this, the powers that be knew that their content protection systems were going to have to get increasingly complex and increasingly pervasive. Attention has increasingly shifted to end-to-end protection schemes which reach all the way to output devices such as monitors and even speakers. One technology stepped to the forefront of the output protection scheme, but its existence and myriad problems would remain largely unknown for years. Meet HDCP, the so-called High Definition (Digital) Content Protection technology developed by Intel and licensed to electronics manufacturers by Digital Content Protection, LLC, an Intel subsidiary. full story here

Not long after my last post about the malware known as bots, a report came out that Microsoft is predicting that bots will be the biggest computer and network security threat in 2007. According to this Computerworld article, Aaron Kornblum, a senior attorney with Microsoft Corp.’s Internet Safety Enforcement team, said “Botnets are really where it’s at for serious cybercriminals, because of their concentrated power.” Look for much more information and more FUD (fear, uncertainty and doubt) in the media about bots and watch for antivirus and security software vendors to improve their detection and defense of the bot threat this year. finish story here

For almost ten years now I have argued that digital rights management has little to do with piracy, but that is instead a carefully plotted ruse to undercut fair use and then create new revenue streams where there were previously none. I will briefly repeat my argument here before relating a prime example of it in the wild.

The theory

Access control technologies such as DRM create “scarcity” where there is immeasurable abundance, that is, in a world of digital reproduction. The early years saw tech such as CSS tapped to prevent the copying of DVDs, but DRM has become much more than that. It’s now a behavioral modification scheme that permits this, prohibits that, monitors you, and auto-expires when. Oh, and sometimes you can to watch a video or listen to some music. full story here

By Gregg Keizer,

TechWeb Technology News MessageLabs on Friday fingered a pair of Trojans for pushing up spam rates, and said the duo use techniques that make it difficult for anti-virus vendors to keep up.

According to the U.K.-based security provider, the sharp increase in spam — a jump to 72.9 percent of all mail in October from the previous month’s 64.4 percent — was largely caused by two zealous Trojan downloaders that have been infecting PCs, then using them to spew huge amounts of junk mail.

“The Warezov Trojan is the most aggressive we’ve seen in quite a while,” said Paul Wood, a senior analyst with MessageLabs. “Once on a system, it downloads the next stage or component, but as it does, it changes a few bytes in the code and essentially releases a new version. That makes it very difficult for anti-virus systems to identify.”

By mutating its own code — done automatically, MessageLabs researchers suspect, though they haven’t found final proof — Warezov, aka “Stration,” expands the attack window. “If anti-virus companies take five to six hours to create a signature, the Trojan extends that time even further with these new versions,” said Wood.

story here

The torrent in spam that started in October may slow slightly after the first of the year, but users should expect more junk mail than ever in 2007, a messaging security company predicted Thursday. Spam volume is up 73% in the last three months, Postini reported, thanks to a one-two-three punch of a huge increase in the number of spam botnets and a major jump in the use of both image- and document-based spam. For the year, spam quantity is up 143%.

“It’s a triple threat, a perfect storm,” says Dan Druker, a Postini executive VP. “Spammers are using much more difficult [to stop] techniques than in the past, and the botnets are much bigger.” Some days in November, Postini, which offers enterprises managed antispam services, counted a million different IP addresses bound to incoming junk mail. full story here

What if you could rig it so that competing with your flagship product was against the law? Under 1998’s Digital Millennium Copyright Act, breaking an anti-copying system is illegal, even if you’re breaking it for a legal reason. For example, it’s against the law to compete head-on with the iPod by making a device that plays Apple’s proprietary music, or by making an iPod add-on that plays your own proprietary music. Nice deal for Apple.

Microsoft gets the same deal, courtesy of something called “Information Rights Management,” a use-restriction system for Office files, such as Word documents, PowerPoint presentations, and Excel spreadsheets.

We’ve had access control for documents for years, through traditional cryptography. Using PGP or a similar product, you can encrypt your files so that only people who have the keys can read them.

But Information Rights Management (IRM), first introduced in Office 2003, goes further — it doesn’t just control who can open the document, it also controls what they can do with it afterwards. Crypto is like an ATM that only lets you get money after you authenticate yourself with your card and PIN. IRM is like some kind of nefarious goon hired by the bank to follow you around after you get your money out, controlling how you spend it. story here

Imagine your incoming e-mail volume suddenly leaping 360 times above normal. It’s not spam, not strictly speaking. It’s a misdirected bounce attack.

Bounces used to be a good and useful thing. When you send an e-mail to an invalid address or make some other sort of error, you want to know that it didn’t go well. But along the way, bounces got abused just like everything wholesome about e-mail to the point where you had to avoid them as a matter of course.

First, bounces became accomplices to spamming through directory harvest attacks. In this attack, a spammer picks a domain and sends out a large number of messages, guessing at the user name portion of the e-mail address and probably pulling a lot of them out of a directory of names (e.g., john@foo.com, martha@foo.com, etc.). If the spammer gets a bounce on a message, then it’s not an address in that domain. The messages that don’t bounce are real addresses, and then you spam them. Because of this threat, many domains don’t send back bounces for wrong addresses anymore. finish story here

New Code Every 30 Minutes
The malware is a mass-mailing worm that affects machines running Microsoft Windows. When the malware infects a computer–usually after the user has opened an attachment containing the worm in a spam e-mail–it sends itself out again to other e-mail addresses found on the computer. The code is then capable of downloading new versions of itself as frequently as every 30 minutes from a batch of Web sites, said Mikko Hypponen, chief research officer at F-Secure, a security company in Helsinki.

Those new versions are created by a program on a server controlled by the hacker, Hypponen said.

In the past, malware has been known to create variations of itself, but the code to create those variations was contained inside the malware. So when a sample was obtained, security analysts could study it and identify potential new versions, he said.

Now, the hacker’s program is compiling the code and rapidly churning out new versions, but analysts don’t know how the new code is generated. story here