Network Security - Archived News

U.S. Defends New Internet Wiretap Rules
Associated Press (05/05/06) Bridis, Ted The White House is defending new federal rules expanding the applicability of the 1994 Communications Assistance for Law Enforcement Act (CALEA) to include Internet phone and broadband services. Under the FCC-authorized rules, which go into effect next May, providers of such services must enable their equipment for court-ordered wiretaps; the rules originally required only wireless phones to be so enabled. A three-judge panel for the D.C. Circuit Court will consider on Friday a case filed by foes of the new rules that the United States has applied telephone-era regulations to new-generation Internet services in an inappropriate manner. The Justice Department said in court papers that subjecting the Internet phone industry to CALEA is necessary, otherwise the industry "could effectively provide a surveillance safe haven for criminals and terrorists who make use of new communications services." Critics of the new FCC rules--which include civil liberties and education groups--claimed the regulations are excessively broad and not consistent with Congress' goals when it approved CALEA, which provided an exemption for companies defined as information services. "Our significant concern is that if the FCC is essentially permitted to override the congressional exclusion, there are no limits," stated Center for Democracy and Technology lawyer John Morris.
Click Here to View Full Article
Linux Desktop Growth Could Spur New Malware Activity
Computerworld (04/20/06) Lai, Eric As Linux is implemented as a desktop OS in a growing number of organizations and institutions, including the Indiana Department of Education, experts say the platform could become increasingly targeted by malware. Right now, one of the main attractions of Linux is its relative immunity from malware as compared to Windows. However, the emergence of the cross-platform proof-of-concept virus Virus.Linux.Bi.a/Virus.Win32.Bi.a has raised concerns that actual malware will be launched inevitably. "I think we'll see an increase in virus activity as Linux becomes more mainstream," says Johannes Ulrich of The SANS Institute. The addition of new access controls to the upcoming Windows Vista may also push some virus creators to target other OS platforms, although Red Hat and Novell say they have enhanced their own access controls in their respective offerings Security Enhanced Linux and AppArmor.
Click Here to View Full Article
An Antiphishing Strategy Based on Visual Similarity Assessment
Internet Computing (04/06) Vol. 10, No. 2, P. 58; Liu, Wenyin; Deng, Xiaotie; Huang, Guanglin
City University of Hong Kong researchers propose an antiphishing strategy that identifies potential phishing sites and evaluates suspicious pages' resemblance to actual sites registered with the system through visual cues. The SiteWatcher system employs two sequential processes: The first process runs on local email servers and watches emails for specific keywords and questionable URLs, and then the second process matches the potential phishing pages against actual pages and determines visual similarity by focusing on key regions, page layouts, and overall styles. SiteWatcher sends a phishing report to the customer if the visual similarity between the Web pages exceeds the corresponding threshold. The system represents block-level similarity as the weighted average of the visual similarities of all matched-block pairs between two pages. Layout similarity is defined as the proportion of the weighted number of matched blocks to the number of total blocks in the true page, and this similarity is measured by identifying a few blocks with identical contents and then matching other blocks based on the spatial relations of all blocks on the page via the neighborhood relationship model; two blocks are considered to be matches if both bear a high visual resemblance to one another and fulfill the same position constraints with corresponding already-matched blocks. The similarity in overall style between two pages is defined as the correlation coefficient of the pages' histograms of the style feature values. The researchers built a prototype SiteWatcher system whose results showed promise, and they are currently focusing on making the system more efficient and weighing the possibility of deploying commercial applications. The researchers believe the SiteWatcher strategy could be a component of a larger enterprise antiphishing solution.
Click Here to View Full Article
Binghamton University Research Links Digital Images and Cameras
EurekAlert (04/18/06)
Researchers at Binghamton University, State University of New York, have developed a new technique that links digital images to the camera used to take them, as well as detects forged images. The technology works similar to the way in which forensic examiners use tell-tale scratches to connect bullets to the gun used to fire them. Jessica Fridrich, associate professor of electrical and computer engineering, says the technique would make it more difficult for child pornographers to avoid prosecution. "The defense in these kinds or cases would often be that the images were not taken by this person's camera or that the images are not of real children," says Fridrich. "Sometimes child pornographers will even cut and paste an image of an adult's head on the image of a child to avoid prosecution." After discovering that original digital pictures include a weak noise-like pattern of pixel-to-pixel non-uniformity, Fridrich, Jan Lukas, and Miroslav Goljan developed an algorithm to extract and define the unique fingerprint of a camera so that information about the origins and authenticity of single images could be gathered. They have achieved 100 percent accuracy in linking pictures to the camera that took them, in a test that involved 2,700 individual images and nine digital cameras.
Click Here to View Full Article
Beware the Smart Virus
Byte and Switch (04/07/06) Rogers, James
Attendees at this week's Storage Networking World conference warned of a new kind of smart virus based on advanced mathematical theory that could disrupt storage networks and servers. "It's not far-fetched," said Interval International CIO Sasan Hamidi, who noted that researchers are already able "to create a living computer program and let it have intelligence." With that capability, a smart virus could mutate itself to get around patches and other security measures. Hamidi claimed that hackers could author the viruses based on cellular automation or game theory, among other scientific foundations. Evolutionary computing could lead to a threat that differs from traditional worms and viruses in its ability to alter its own code once detected and redirect the attack to another part of the network. "The code adapts itself to the environment," said Hamidi. This could be a worm that learns from the environment and becomes more intelligent." Since storage and many other computer resources are now IP-based, an evolutionary computing virus could wreak havoc on an organization after entering through a system's TCP packets. IT managers at the convention agreed that few people have the expertise in genetic algorithms to pull off an evolutionary computing attack, though they identified the 1988 Great Worm attack that brought down much of the Internet as an example. However, Hamidi argued that the industry's current lack of preparedness against such an attack is troubling. Even though most hackers currently lack the knowledge of advanced scientific theory to execute such an attack, the attendees grudgingly admitted that it is only a matter of time before the theoretical possibility of an evolutionary computing attack becomes a reality.
Click Here to View Full Article
A Pretty Good Way to Foil the NSA
Wired News (04/03/06) Singel, Ryan
Phil Zimmerman, author of the PGP email encryption program, has developed an open-source software application to secure Internet phone calls. Zfone is currently only available for OS X and Linux, though a version for Windows is expected this month. The program encrypts and decrypts voice calls as traffic moves in and out of the computer, and does not require users to predetermine an encryption key or enter lengthy passwords. Zfone, which has already been tested with X-lite, Free World Dialup, and the Gizmo Project, is intended to be compatible with any VoIP client using the standard industry SIP protocol. During the call, the software displays a three-character code for each caller to read aloud to defend against man-in-the-middle attacks, where eavesdroppers intercept the cryptographic keys between two callers. If someone is attempting to intercept the communications, the spoken codes will not match what appears on the callers' screens, and they will know that someone is attempting to listen in. Zfone is based on the SRTP system that adds a 3,000-bit key exchange to the 256-bit AES cipher to generate the three-character codes that users read aloud to each other. The protocol has been submitted to the IETF for standardization. Zfone is intended principally to compete with Skype's proprietary encryption system, which is not available for peer review and is alleged to contain demonstrated vulnerabilities.
Click Here to View Full Article

DNS Servers Do Hackers' Dirty Work
CNet (03/24/06) Evers, Joris
Hackers have begun using DNS servers to magnify the scope of Internet attacks and disrupt online commerce in a variation on the traditional distributed denial-of-service (DDOS) attack. VeriSign sustained attacks of a larger scale than it had ever seen last year. Rather than the typical bot attack, VeriSign was being targeted by domain name system servers. "DNS is now a major vector for DDOS," said security researcher Dan Kaminsky. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks." DNS-based DDOS attacks follow the familiar pattern of inundating a system with traffic in an effort to bring it to a halt, though the hackers responsible for the attacks are more likely to be professional criminals looking to extort money than teenagers simply pulling off a prank. In a DNS-based DDOS attack, the user would likely dispatch a botnet to flood open DNS servers with spoofed queries. DNS servers appeal to hackers because they conceal their systems, but also because relaying an attack via a DNS server amplifies the effect by as much as 73 times. DNS inventor Paul Mockapetris likens the DNS reflector and amplification attack to clogging up someone's mailbox. Writing and mailing letters to that person would be traceable and time-consuming, while filling out the person's address on numerous response request cards from magazines will cause large quantities of mail to pile up quickly without divulging the responsible party's identity. In a bot-delivered attack, users can block traffic by identifying the attacking machines, though blocking a DNS server could disrupt the online activities of large numbers of users. The DNS servers that permit queries from anyone on the Internet, known as recursive name servers, are at the core of the problem. Mockapetris called the operators of these open servers the "Typhoid Marys of the Internet," and said "they need to clean up their act."
Click Here to View Full Article

Study Says Chips in ID Tags Are Vulnerable to Viruses
New York Times (03/15/06) P. C3; Markoff, John
A team of European security researchers has shown that radio frequency identification (RFID) tags contain a vulnerability that a hacker could exploit to transmit a software virus by infecting even a small portion of the chip's memory. The researchers, associated with the computer science department at Vrije Universiteit in Amsterdam, warn that in addition to the host of privacy concerns raised by the widespread use of RFID tags, the newly discovered vulnerability could enable terrorists or smugglers to pass through RFID luggage scanning systems at airports. The researchers tested software intended to replicate the commercial software in RFID tags, and noted that while they did not have a specific flaw to report, they believe that commercial RFID software contains the same potential vulnerabilities that can be found in the rest of the computer industry. The group's leader, American computer scientist Andrew Tanenbaum, warned specifically of the dangers of buffer overflow, a common programming error throughout the software industry where developers fail to verify all of their input data. The low cost of RFID tags, the critical feature that enables their widespread deployment in tracking cargo, merchandise, and even livestock and pets, is also a security concern, according to SRI International's Peter Neumann, co-author of a forthcoming article in the May issue of the Communications of the ACM. "It shouldn't surprise you that a system that is designed to be manufactured as cheaply as possible is designed with no security constraints whatsoever," Neumann said, citing the potential to counterfeit or deactivate tags, insufficient user identification, and the poor encryption of the U.S. passport-tracking system under development, though he had not previously considered the possibility of viruses or malware.
Click Here to View Full Article

Cellphone Could Crack RFID Tags, Says Cryptographer
EE Times (02/14/06) Merritt, Rick
Weizmann Institute computer science professor Adi Shamir says a cell phone could be used to compromise the most popular brand of RFID tags. The cryptography expert recently monitored how RFID tags used power as they were being read using a directional antenna and digital oscilloscope. Speaking during a panel discussion at the RSA conference in San Jose, Shamir added that one could determine whether the tag received password bits that were correct or not. "We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment?to write a note to RAM that it has received a bad bit and to ignore the rest of the string," noted Shamir. The test was done on the biggest brand of RFID tags, and it showed that the tags were not protected. "A cell phone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity," said Shamir. He noted that designers have cut back on security features because of the need to lower the cost of tags to five cents each, but warned that next-generation tags will have to shore up the security issue.
Click Here to View Full Article
Calling Cryptographers
Technology Review (02/16/06) Greene, Kate
In his keynote address at this week's RSA Conference in San Jose, Microsoft Chairman Bill Gates outlined a holistic vision of information security, comprising a "true ecosystem" where all members of the computing industry work together to combat cyberattacks. Gates and other conference speakers argued for a multilayered security approach that, while not foolproof, would shore up hardware, software, and networks. Claiming that password protections can be easily compromised by phishing and other rudimentary schemes, Gates plugged Microsoft's InfoCard digital identity system as a worthy replacement, though Gates admitted that the move away from passwords would take at least four years to complete due to the multitude of vendors that would have to collaborate. RSA Security CEO Art Coviello outlined his company's community policing program, which would address security on a global scale. RSA's system could instantly flag an IP address associated with a fraudulent transaction and notify banks and other relevant institutions. Sun CEO Scott McNealy spoke about the steps that his company has made to improve security in server hardware and data centers, describing the elliptical curve cryptography (ECC) built into Sun's processors. The security standard, approved by the National Security Agency, employs a smaller key than conventional cryptography applications, making it suitable for smaller devices such as cell phones and censors. A panel of distinguished cryptographers reiterated the call for the creation and dissemination of new methods, as, aside from Sun's development of ECC, the industry currently uses only the RSA, and Diffie-Hellman standards of cryptography, leaving scant recourse in the event that one technique fails.
Click Here to View Full Article

High Tech, Under the Skin
New York Times (02/02/06) P. E1; Bahney, Anna
The convergence of man and machine is taking a bold step forward as people implant RFID devices under their skin to log on to their computers, unlock their cars, and open doors with a wave of the hand. Some enthusiasts argue that the cell phone has essentially become an appendage of the human body, and implanting a chip is simply the logical extension of our intertwined relationship with technology. RFID tags have been implanted in livestock for years, enabling owners to scan the animal from two to four inches away to determine if it belongs to them. While the blending of humans and computers has long been the dystopic fantasy of science fiction visionaries, a growing body of pro-convergence technologists see its reality in the redesigns of cameras, MP3 players, and storage devices to resemble jewelry and blend into a user's wardrobe, as well as the jackets and sunglasses that now come with Bluetooth capabilities, enabling them to function as digital devices. For the many people who see the cell phone as an extension of themselves and carry flash drives on their key chains and iPods with their entire music library, an implanted RFID chip is no different than having a filling put in, says the Institute for the Future's Alex Soojun-Kim Pang. RFID tags can be obtained on the Internet for as little as $2, and devices such as computers and car doors can be modified with wire scanners to interface with the chip. Implanting RFID chips is not a new practice, as the Florida company Verichip has implanted more than 2,000 people with chips to link to their medical records since 2004. The practice has drawn criticism from privacy advocates, who claim that while the technology may be an appealing novelty today, the future could bring an RFID-dependent climate where people will be required to have the chips implanted. There are also health concerns about the procedure, as many have had their chips implanted in non-medical settings.
Click Here to View Full Article

Blindfolding Big Brother, Sort Of
Technology Review (01/30/06); Greene, Kate
In a recent interview, IBM's Jeff Jonas discussed his controversial Anonymous Resolution software, a cross-referencing technology that can match individuals between different databases. Whereas a bank or other institution would normally send encrypted customer data to a database marketing company for analysis, Jonas' approach goes a step beyond encryption and anonymizes the data, assigning a nonreversible numeric value to each piece of personal information that cannot be calculated by running the math backwards. Traditionally, the database marketer would have to decrypt the information to analyze it, then encrypt it again to transmit it back to the original entity, though if the database company is the victim of internal corruption or a security breech, the data are imperiled. The Anonymous Resolution system enables the original entity to share information with the database marketer simply by linking their two databases with common identifiers, so that the information is never decrypted. Currently, the system is used principally by governments seeking to facilitate internal communication, such as various divisions within a law enforcement agency trying to determine if their investigations overlap. The particular encryption method that the software employs, known as one-way hash, is extremely sensitive, and it was a challenge for Jonas to overcome subtle differences in the way identities are expressed, such as upper and lower cases and middle initials. Jonas reports that he spends roughly 40 percent of his time addressing privacy and civil liberties issues concerning the contents of government watch lists and the creation of an immutable audit log, which would help ensure that those with access to the lists are not manipulating them of using them for personal or frivolous applications.
Click Here to View Full Article