denial of service

Vendors scramble to fix bug that could crash Internet systems

Paul Mah — Fri, 03 Oct 2008 12:23:55 -0400

The security community is abuzz about critical vulnerabilities discovered in the TCP/IP protocol that underly the Internet. This comes on the heels of a blog posting by security researcher Robert Hansen in which he outlines some dire consequences of these flaws. Technical details have not been released to the public at this point, though the experts who discovered the problem--Robert Lee and Jack Louis from security vendor Outpost 2--say that they were able to knock-out Windows, Linux, embedded systems and even firewalls. Indeed, targeted machines could remain disabled even after the cessation of the denial of service (DOS) attack. As a result, even taking out an entire data center is a plausibility, given that the issue allows a system to mount a successful DOS attack with very little bandwidth.

For more on this issue:
- check out this article from PC World

U.S., China largest originators of Internet attacks

Paul Mah — Fri, 30 May 2008 07:19:10 -0400

Akamai Technologies, which operates a global network of servers used to support the distribution of online media as well as large-scale websites and applications hosted online, has released its inaugural "State of the Internet" report. The hefty report extrapolates data gathered across Akamai's global network. It notes that while Internet-attack traffic is observed originating from 125 countries, the United States and China are the two largest sources of this traffic. Internet-attack traffic could involve denial of service and hacking attempts, as well as traffic from worms, viruses and bots. Almost 17 percent of this traffic comes from China, though the U.S. is a close second at 14 percent.

For more on Internet attacks:
- check out Network World article

DOS attack against Revision3’s services traced to MediaDefender

Paul Mah — Fri, 30 May 2008 07:17:50 -0400

Revision3, an online media company, has alleged that an outage experienced over Memorial Day weekend was traced to a Denial of Service (DOS) attack initiated by servers owned by anti-piracy group MediaDefender. In a detailed blog, Revision3 CEO Jim Louderback detailed their network sleuthing, which traced the offending DOS network packets back to MediaDefender. The shocker was when both the CEO and the Vice President of Operations at MediaDefender admitted that they have been injecting a broad array of torrents--without authorization--into Revision3's BitTorrent tracking server.

This all was made possible by a misconfiguration at Revision3. Revision3 unwittingly closed the backdoor just prior to the weekend which, Louderback hypothesized, caused MediaDefender's servers to throw "an epic tantrum", slinging upward of 8,000 SYN packets a second at Revision3. Revision3 uses BitTorrent to host its own legal content. The FBI are looking into the matter now, but it will be interesting to see how it all turns out.

For more about the alleged DOS attack:
- check out this InformationWeek article

ATM machines cry out for security

Mon, 25 Feb 2008 06:59:59 -0500

ATM machines may be a new target for hackers. A report by the managed security firm, Network Box, outlined several threats to these commonplace banking tools. They include IP worms, disruption of the IP network, denial of service and the harvesting of transaction data for malicious purposes. The report said that banks and financial institutions are not securely protecting customers' data. The reason may be because the technology is too old.

An estimated 70 percent of current ATMs are based on PC/Intel hardware and commodity operating systems using standard IP networking. Many financial institutions have opted for cheaper systems rather than the best security. And that means that credit/ATM card numbers, transaction amounts and account balances could be easily captured by hackers.

"Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure," said Mark Webb-Johnson, chief technology officer at Network Box. But that might be assuming way too much. Network Box recommends that all traffic to and from ATM machines should be encrypted, not just the PIN number. ATM networks should also be separated from the rest of the bank's network, thereby allowing them to be closely monitored and controlled. If your ATM machine isn't secure, what is?

For more on ATM vulnerabilities:
- See this VNunet article

Cisco patches IP phones

Fri, 15 Feb 2008 06:59:54 -0500

To think, there once was a time when you didn't have to worry about your phones, of all things, getting infected with viruses. Well, those carefree days are officially over: this week Cisco released a series of patches for buffer overflow and denial of service vulnerabilities in a number of its IP phones. The affected models are as follows: Cisco Unified IP Phone models 7940, 7940G, 7960 and 7960G. In related news, Cisco also patched its Unified Communications Manager this week, due to a vulnerability that could have allowed for SQL injection attacks.

For more on the patches:
- see this ZDnet article

Bluetooth security still a challenge

Mon, 24 Sep 2007 06:59:58 -0400

Bluetooth offers a tremendous opportunity for mobile users, but Ooi Szu-Khiam, senior security consultant at Symantec, says that security is still a big issue. Indeed, research firm InsightExpress revealed that 73 percent of mobile device users are not aware of security issues that could put mobile devices such as cell phones and Bluetooth-equipped notebooks at risk. "There are many other methods that (launch) a variety of denial-of-service attacks, and even some that could allow an attack to eavesdrop on private conversations," Szu-Khiam told Cnet. He also noted that "numerous instances of mobile viruses, worms and Trojan horses" have occurred in the last year. Some of the terms used to describe these security vulnerabilities: bluejacking, bluespamming and bluebugging.

For more information on Bluetooth security:
- see the article in Cnet

Test, test, and test some more

Mon, 02 Apr 2007 20:01:38 -0400

Continuous testing during a project's development is the most important indicator of whether you will deliver a relatively bug-free, quality product. Even post-deployment, periodic testing is important to see if something is about to or has already gone wrong. But even with all of this testing, unexpected failures, like total network collapses or denial-of-service attacks, are not a thing of the past. That's largely because of the complexity of today's corporate environments, where hundreds or thousands of devices are interconnected, each with bugs in their software making them vulnerable and each capable of random hardware faults and glitches. Testing every combination of everything is impossible, but that's no excuse for insufficient testing. Simply employing the standard testing procedures of exercising each function or product in isolation, and then again through the integration process may not be enough. Active testing on the whole system is the only way to prevent the out-of-the-box, seemingly impossible failures that are increasingly frequent.

Read more about the importance of testing:
- read the blog at IT-Director.com

ALSO NOTED: What it takes to be an effective CIO; Personality clashes on the job;

Sun, 04 Mar 2007 19:01:38 -0500

> What it takes to be an effective CIO. Article

> Personality clashes prevent the sharing of information-sharing between departments. Article

> Study: Convergence fears are in decline. Article

> Nearly half of businesses can't quantify the benefits of their outsourcing deals. Article

> Human error to blame for most network availability incidents and security issues. Article

> Combating Denial of Service attacks. Article

> Dirty data costs time and money, study says. Article

> The challenges faced by IT executives. Article

And finally… How technology buyers can get the most value from advisory firms. Column

Cyber attacks in finance sector overstated

Sun, 03 Dec 2006 19:01:39 -0500

Last week's news brought a dire warning from the Feds that terrorists were readying to hit financial sites and data banks. But some industry groups are downplaying the risk, saying that cyber attacks are less of a risk than actual physical attacks. The Financial Services Information Sharing and Analysis Center says it has lowered the risk level for cyber security attacks, as it hasn't yet detected any such malicious activity. One security expert even claims that the reported denial-of-service attack cited by the Feds wouldn't do much damage even if it did occur.

For more on cyber terrorism:
- read the news at InformationWeek

Terrorist cyber attack aimed at financial community

Thu, 30 Nov 2006 19:01:39 -0500

The dawn of December brings with it a dire security warning to financial institutions that terrorists are aiming to crash stock trading and banking sites using cyber attacks. According to the Department of Homeland Security, an Islamic militant group is targeting databases within financial organizations and the threat of a denial of service attack is expected to continue through the end of the month. Financial executives don't seem too worried however, saying that their organizations are in a high level of security readiness.

For more on the impending cyber assault:
- read the article at eCanadaNow

PLUS: Financial sector is huge hacker target. Article