blogs

There is a lot of uncertainty around the H1N1 flu strain (aka Swine Flu) being spread around, and want to make sure I pass on some useful (and actionable) information that I've found.

As with any flu or non-influenza respiratory illness, there is risk for complications. H1N1 is observed to infect different subpopulations preferentially, and we lack built-up immunity to this new strain.

Jeff Moss' appointment to the US Homeland Security Advisory Council raised a few eyebrows in some quarters, but quite frankly I think that non-government contribution to something like the advisory council is critical.

I've worked on enough government consultations including lawful access, copyright reform, industry association efforts and other similar initiatives that I know for a fact that government benefits from the dose of reality private sector industry people provide.

What follows is the sordid tale of one security researcher being silenced unceremoniously by the Twitter machine, read it if you dare:

Silence Hypponen - I used to have a Twitter account, called mikkohypponenI used it to tell about things I saw while doing computer security research.This turned out to be quite popular.But then, two days ago, I got banned from Twitter.Updated on 9th by editor: Mikko's account now appears to be "un-banned". On 08/10/09 At 03:20 PM [F-Secure Security Labs]

In very interested in the debate over demarcation point between response activities of network security operations (a world I know very well), law enforcement/cybercrime investigation/prevention/prosecution (a world I know well enough from a network operation perspective), and military action to protect national security or critical infrastructure.

Many of the botnets in play today have national security implications, and certainly have direct law enforcement and network security impact. At what point does the line get crossed?

Raising cyber security awareness is always a good thing. Awareness and education is a critical component of improving online safety and security, and addresses what is often (if not always) the weakest link of the chain: human beings.

Organizations such as SANS, the US government, and the Canadian government take advantage of the heightened meta-awareness to increase awareness on specific issues. In other words, more people are expecting to see information throughout the month so various sources diligently oblige.

Before I saw anything else, let me just say that security expert John Bumgarner doesn't really know what he's talking about.

I should start at the beginning. The context here is the recent DDoS attacks against South Korean and US targets. Bumgarner is one of the people given opportunity for public comment by the news media, particularly here:

“Large banks in the United States have great relationships with service providers, so why doesn’t the U.S. government have a good relationship with their service providers to ensure that they can quickly turn the spigot off?” asked John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit, an independent research institute.

- Cyberattacks could have been mitigated

Good question. The answer is: they do.

TrendMicro and others have release some details on what malware is being used for the recent DDoS attacks on South Korean and US targets in the past week. The MyDoom variant itself isn't very interesting, and propagates through email.

The Trojan that it dropped, and the malware used in the DDoS attacks, is much more interesting to me. Symantec calls it Trojan.Dozer, while several other AV companies seem to be leaning towards naming it as a variant of the Trojan.Agent family. Symantec's write-up provides some very useful details on traffic patterns the Trojan exhibits, allowing good ol' network security monitoring to be used in tracking down infected hosts.

Aside from there being very few (if any) good reasons to still use FTP or any other protocol that relies on cleartext authentication, password practices are important for making sure your account is still only your's. Many ISPs, hosting providers, and other organizations still allow FTP for doing site updates. A large list of such accounts was recently identified thanks to the take-down of a server used to store FTP authentication credentials collected by the Zbot trojan.

Any form of ad-injection, dynamic typo-squatting, or other ISP-introduced content addition or redirection is controversial at best. There are a number of vendors offering solutions, perhaps the best known (for all the wrong reasons) is Barefruit.

Rogers has apparently turned their content injection capabilities back on after a well-publicized incident a couple of years ago.

Rogers Again Injects Web Pages With Its Own Content:

If you drive in a city, you've experienced "shockwave traffic jams". Common wisdom on defensive driving techniques generally includes a caution against too many jerky starts and stops, as they can cascade through the rest of traffic.

Japanese researchers have recreated this emergent feature of traffic dynamics, news courtesy of the Emergent Chaos blog: