Tuesday, April 17, 2007

The Dark Side

Now that I talked about the Internet culture in general in Out of the Mists of Antiquity... I will discuss the inevitable dark side,

In the beginning there trust and sharing, but alas this was not paradise, just another place for humans to interact.

One of the earliest, and well know, examples of the dark side is the flame war. This is the term given when two or more parties disagree on a topic and the "discussion" becomes heated. Per Goodwin's Law a lengthy flame ware will end up with at least one Nazi. A few factors seem to be a major cause of these wars:
  1. Anonymity - when no one knows who you really are some people will say things that would not in a face-to-face situation.
  2. Lack of body language can cause misunderstandings. Somewhere I read an article on a study that boiled down to about 80% of the time we assume we know the "tone" of written communication, but in reality we are only right about 10% of the time.
  3. Until recently with digital recording devices something spoken virtually disappeared once it was spoken, but once something is typed it is, or can be, saved word for word. Hence the old adage of don't e-mail or send a message that you wouldn't want printed in the newspaper.
Now on to what everyone thinks of as the real dark side hackers. In the early days a hacker was someone of great skill and ability a hacker could create a short powerful script or program in a short time and get something useful done with it. One of the most famous, and politically active, of these is Richard M. Stallman. Many would consider him eccentric, but consider his article originally written in 1997 titled The Right to Read where there is no such thing as a library and scholars require government reading grants to be able to afford the fees for research... talk about derailing scientific discovery.

The natural curiosity of these hackers lead to exploring systems they where not granted access to. Thus the cracker was born.
NOTE: To the purest calling a cracker a hacker is like calling a sniper a marksman.
Some of the people breaking into systems began leaving began signs that they had been there by destroying or damaging files and the most visible of these being web site defacement. The hey I'm cool look what I did phase. Web site defacement while still done is not where the dark side is concentrating the motivation has changed from fame to financial gain.

One of the easiest, most entertaining, ways to understand this is through the "Stealing the Network" Series by Syngress. This series contains fictional short stories written by well known security experts that are technically accurate unlike the depictions shown in movies.

Stealing the network: How to Own the Box shows the "cottage industry" stage of the early crimes for profit.

The subsequent titles move in to the more sinister organized crime stage that we are currently experiencing, while still staying technically accurate. The books, in order, are: Stealing the Network: How to Own a Continent, Stealing the Network: How to Own an Identity and Stealing the Network: How to Own a Shadow.

I personally recommend the entire Stealing the Network series.

Out of the Mists of Antiquity...

The only way to really understand something is to go back to the beginning, and the dark side of the Internet is no different. Without light there can be no dark so that is where I'll start.

In the beginning there was ARPANET (Advanced Research Projects Agency Network) which begat the Internet.

First understand that in sharp contrast to the standard mainframe centric standard of the day (1960s) one of the main requirements was that it should be able to sustain 80% failure and the remaining portion or portions had to continue to function. The original project was designed by university students, and in order to document standards, but not offend the professors, the new standards became know as RFCs or Request For Comment.

From these humble origins sprang Richard Stallman, Open Source, VoIP, peer-to-peer (P2P) networks, and the Internet we know and love.

Much of the culture remains a mystery to the majority of the world, even those that participate in it.

There are a few books that help understand the culture.

One of these is The Wisdom of Crowds by James Surowiecki. This book gives evidence that averaging the responses of a group of average people can be more accurate that a single or small group of experts. While this concept is counter intuitive, an least to me it was, Mr Surwiecki provides evidence to back theory.

Another is The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman and Rod Beckstrom. Here the authors show how decentralized organizations can overwhelm centralized entities. As an example take Napster and it's descendants...

And this last one may be surprising, but I submit Blink: The Power of Thinking Without Thinking by Malcolm Gladwell as well. Anyone that has ever know something without knowing why has experienced this. I submit with the anonymity of the Internet more people are following their "instincts" with out fear of ridicule.

Next I'll use the light provided here to explore the dark side

Wednesday, April 11, 2007

Licensed to SPAM by Uncle Sam

Shame on me after complaining about MS and their marketing hype, on the other had you can start sending SPAM to one of the lesser know TLA governmental agencies.

Now getting serious the Securities and Exchange Comission (SEC) wants pump and dump SPAM forwarded to them.

The Internet Storm Center (ISC) has a diary entry here that contains additional information and information about other non-US governmental agencies that are asking for the offending pump-and-dump SPAM be sent to them.

The One, The Only, The Vulnerable Vista

Lets start this out by saying that Vista was designed to be more secure, and it appears to be headed in the right direction there. Just don't get me started on DRM.

Once again Vista, the impenetrable, that is according to the marketing hype has been proven vulnerable. There was the ANI vulnerability that MS rushed a patch out for last week, and now during the regular update there is a second vulnerability designated as critical by MS for Vista.

Once the all the hype is removed it is just another operating system by Microsoft that has it's flaws. Once is has had time to mature I'll consider adding it to one of my systems. For now I'll only "play" with it as a virtual machine.

Tuesday, April 10, 2007

Vista Smista & ANI Exploit

OK, I've gotten it out of my system. I'm not a fan of Vista I have two main issues in regards to Vista:
  1. The fact that Digital Rights Management (DRM) has some control over my system, and can degrade or disable viewing "premium content" when someone else feels that there is a potential for me to steal premium content. I'd call that guilty unless proven innocent.
  2. Then there is the marketing, I shouldn't call it scam, hype that Vista in invulnerable.
Issue 1 has been beaten to death by many people including myself.

For issue 2 I'll mention Microsoft Security Advisory (935423). This was commonly referred to as the Microsoft ANI vulnerability, and Vista was one of the version that was vulnerable.

ANI Details

In short this was disclosed to Microsoft in December of 2006. Apparently the first report of this vulnerability was used as an exploit was March 28th. Due to the wide spread use of the exploit several third parties released interim patches, including my favorite Zeroday Emergency Response Team (ZERT). Microsoft reacted, as it tends to do when third party patches are released, and the news media starts to publish... Microsoft released the official patch out-of-cycle on Tuesday the 3rd of April (instead of today the 10th of April)

Monday, April 2, 2007

Malware the New Common Cold

Everyone has had a cold and everyone will continue to get colds. Science, and your doctor, have tried to eradicate the common cold, but to no avail.

Why are we still saddled with the common cold. Lets go to the root cause, which is, excuse me, are viruses, and by viruses I mean uncountable millions. Common cold viruses are so numerous that no one has attempted to even count them, common cold viruses can literally appear and die off or mutate into a different strain without anyone knowing.

In the old days viruses where unique digital organisms that would appear and never change. After a while viruses would "mutate into sever distinct strains, as their original creator or another entity made changes.

Nowadays malware writers cross-pollinate between different malware code attempting to create the uber malware. Then there was the so called storm worm which spread through a barrage or constantly changing e-mails with different intriguing subject lines and different executables.

The bottom line is that malware is here to stay with us for the foreseeable future, and just like real life there are some times where we must take extra care to avoid infections.

Its a Cold Day on the Internet

No this is not an April fools joke.

Once again the dark side has come out with a nasty, and this one is so bad that the Internet Storm Center (ISC) has raised the threat level to Yellow which ISC describes as:
We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.
More information about the various levels are here.

In a nutshell MS has released an advisory 935423 also know as CVE-2007-0038, and before that as CVE-2007-1765. The issue is that animated cursors, yes those cute things, and be used to install malware and compromise your computer. Don't think that just because you don't see a change to your cursor that it has not happened (they can use the same visual effects as standard, and infect your computer).

What I find maddening is that this vulnerability was first reported to MS back in December 20, 2006, MS skipped last months updates and there is no patch from Microsoft yet. I will note that there was no evidence of the vulnerability being exploited until recently, but way to go MS.

Now there is a patch available from Zeroday Emergency Response Team (ZERT) which is detailed here. Personally I'm using it and have used their patches in the past when MS has been slow to get an official fix out for a really nasty, shall I call it a malware epidemic.

ZERT is not know for casually creating unofficial patches, but was formed by a group of well known security experts to provide a quick response for nasty widespread zeroday exploits.

UPDATE: I just ran across the following information posted on April 1st, but it appears to be real. MS is apparently planning on releasing a patch for this a week early on April 3rd announced o their security blog, and on their Microsoft Security Bulletin Advance Notification. This appears to be the truth and not a April Fools joke. I will not that this states planned, and this is not the first time that a third party patch has embarrassed MS into releasing a security patch out-of-cycle.

No this is not an April fools joke.