Re: Dan Kaminsky
On 29-Jul-09, at 9:23 PM, Randy Bush wrote: LAS VEGAS — Two noted security professionals were targeted this week by hackers who broke into their web pages, stole personal data and posted it online on the eve of the Black Hat security conference. boring. Two noted security professionals, and Kevin Mitnick, whom no one gives a damn about, were targeted... Ettore Bugatti, maker of the finest cars of his day, was once asked why his cars had less than perfect brakes. He replied something like, "Any fool can make a car stop. It takes a genius to make a car go." so i am not particularly impressed by news of children making a car stop. at the risk of adding to the metadiscussion. what does any of this have to do with nanog? (sorry I'm kinda irritable about character slander being spammed out unnecessarily to unrelated public lists lately ;-P )
Re: Dan Kaminsky
On 3-Aug-09, at 9:43 PM, andrew.wallace wrote: Hi, Read my post one more time and think though: Only "zf0" are legally in the shit. The guy "Dragos Ruiu" has absolutely no case against me. Copy & paste doesn't count as defamation, speak to Wired's legal team if you have an issue. Cheers, Andrew Whoa. Feeling a tad defensive? ;-P I used slander specifically. Any defamation from referenced emails is short-lived. ;-) cheers, --dr On Tue, Aug 4, 2009 at 2:02 AM, Richard A Steenbergengerbil.net> wrote: On Sat, Aug 01, 2009 at 01:11:17PM -0700, Cord MacLeod wrote: I don't see a video attached or an audio recording. Thus no slander. Libel on the other hand is a different matter. You have those backwards. Slander is transitory (i.e. spoken) defamation, libel is written/recorded/etc non-transitory defamation. This seems like a group that could benefit from knowing those two words. :) -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
QR-Codes... was: Re: Dan Kaminsky
On 7-Aug-09, at 8:01 PM, Randy Bush wrote: Have you seen the iphone decoding bar code into urls ? doesn't the iphone has an app to decode qr-codes similar to the one built into almost all keitai here in japan. http://en.wikipedia.org/wiki/QR_Code There are multiple (5+ at last count) iPhone apps for QR codes, incl. NTT and KDDI/au variants. There are also similar apps for Android, and Symbian ships with one (though not field aware like NTT and KDDI/au variants) cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 4/5 2009 http://pacsec.jp Vancouver, Canada March 22-26 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Re: Does Internet Speed Vary by Season?
On 7-Oct-09, at 11:22 AM, Scott Morris wrote: I may be having my wires a little crossed (I'm not an electrical engineer) but I was always under the impression that manipulation of the physical characteristics like that from heat/dampness didn't reduce the "speed" but the "quality" (like line noise/errors/etc) of the line. Well, since it's been documented that internet speed / usage varies with the weather (it gets faster when it's sunny, slower when it rains) I'm sure some seasonal correlation could be found. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 4/5 2009 http://pacsec.jp Vancouver, Canada March 22-26 http://cansecwest.com Amsterdam, Netherlands June 16/17 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: Does Internet Speed Vary by Season?
On 10-Oct-09, at 10:23 PM, Lorell Hathcock wrote: Could you point to the documentation? Well, a friend at one particular large internet exchange says he can predict semi-accurately the ambient temperature/ weather in the local city from the MRTG stats. :-) The stats he showed me backed him up - or at least clearly showed strong correlation between weather and traffic levels. The formal proof is left as an exercise for the reader. ;-P This has nothing to do with corrosion and all about usage and congestion. Cold weather leads to more people snuggling up with their laptops. In sunny warm weather everyone gets away from the kb and goes outside to have a real life. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 4/5 2009 http://pacsec.jp Vancouver, Canada March 22-26 http://cansecwest.com Amsterdam, Netherlands June 16/17 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: an over-the-top data center
On 28-Nov-08, at 7:35 PM, Gadi Evron wrote: On Fri, 28 Nov 2008, Howard C. Berkowitz wrote: It seems that all these cases are more under the bottom than over the top. Every couple of years there is a story about some anti virus company, data center, or whatever running out of an old nuclear bunker/military base/middle of no where. It is exciting the first few times. Hey I'll defend the interest in this one. They at least have cool architecture. And to all the folks debating the form of security, let me also remind that massive redundancy always provides even more security than one very, very, hard point. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 16-20 2009 http://cansecwest.com London, U.K. May 27/28 2009 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: Security team successfully cracks SSL using 200 PS3's and MD5
On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote: Joe Greco wrote: [ ] Either we take the potential for transparent MitM attacks seriously, or we do not. I'm sure the NSA would prefer "not." :-) As for the points raised in your message, yes, there are additional problems with clients that have not taken this seriously. It is, however, one thing to have locks on your door that you do not lock, and another thing entirely not to have locks (and therefore completely lack the ability to lock). I hope that there is some serious thought going on in the browser groups about this sort of issue. [ ... ] ... JG F Y I, see: SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad' certificates @ http://www.codefromthe70s.org/sslblacklist.aspx Best. Snort rule to detect said... url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY Weak SSL OSCP response -- MD5 usage"; content:"content-type: application/ ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05"; metadata: policy security-ips drop, service http; reference: url, www.win.tue.nl/hashclash/rogue-ca/ ; classtype: policy-violation; sid:101;) cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 16-20 2009 http://cansecwest.com London, U.K. May 27/28 2009 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: Security team successfully cracks SSL using 200 PS3's and MD5
On 2-Jan-09, at 6:53 PM, Gadi Evron wrote: Yes, this is a serious matter, but it hardly has any operational impact to speak of for users and none for NSPs. Dunno. Last I checked NSPs had web servers too. :-P cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 16-20 2009 http://cansecwest.com London, U.K. May 27/28 2009 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: [Nanog] ATT VP: Internet to hit capacity by 2010
On 18-Apr-08, at 1:45 PM, David Coulson wrote: > Stephen John Smoogen wrote: >> I think that is based off the all American TV going to HDD that is >> supposed to happen in 2009. ( I think I read that currently only 40% >> of Americans have HDD TV's and the 60% were not going to buy one >> until >> it became too late. ) > This is not accurate. In 2009 the US is terminating analog (NTSC) > transmission of 'over the air' broadcasts. It has nothing to do with > 'high definition' broadcasts. OTA broadcasts will just be done using > ATSC, rather than NTSC. It will continue to provide SD programming. Bet you a beer it won't happen. :) Just like the mandated HD broadcasts in top markets by 1997 or else they lose license. cheers, --dr ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
Re: [NANOG] IOS rootkits
The question this presentation begs for me... is how many of the folks on this list do integrity checking on their routers? You can no longer say this isn't necessary :-). I know FX and a few others are working on toolsets for this... I'll probably have other comments after I see the presentation. This development has all sort of implications for binary signing requirements, etc... cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008http://cansecwest.com pgpkey http://dragos.com/ kyxpgp ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
Re: [NANOG] IOS rootkits
On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote: > On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft > <[EMAIL PROTECTED]> wrote: >> If the way of running this isn't out in the wild and it's actually >> dangerous then a pox on anyone who releases it, especially to gain >> publicity at the expensive of network operators sleep and well being. >> May you never find a reliable route ever again. > > This needs fixing. It doesnt need publicity at security conferences > till after cisco gets presented this stuff first and asked to release > an emergency patch. Bullshit. There is nothing to patch. It needs to be presented at conferences, exactly because people will play ostrich and stick their heads in the sand and pretend it can't happen to them, and do nothing about it until someone shows them, "yes it can happen" and here is how Which is exactly why we've accepted this talk. We've all known this is a possibility for years, but I haven't seen significant motion forward on this until we announced this talk. So in a fashion, this has already helped make people more realistic about their infrastructure devices. And the discussions, and idea interchange that will happen between the smart folks at the conference will undoubtedly usher forth other related issues and creative solutions. Problems don't get fixed until you talk about them. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008http://cansecwest.com pgpkey http://dragos.com/ kyxpgp ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
Re: [NANOG] IOS rootkits
On 18-May-08, at 7:11 AM, Suresh Ramasubramanian wrote: > 2. It can be prevented by what's widely regarded as BCP on router > security, and has been covered at *nog, in cisco training material, > etc etc for quite some time now. > > I am much less concerned about security conferences discussing this > than about the (highly uninformed) publicity that accompanies these > conferences. I'm not going to touch the disclosure or not debate... it's been done. But I will agree to disagree with you about the above two points. First of all about prevention, I'm not at all sure about this being covered by existing router security planning / BCP. I don't believe most operators reflash their routers periodically, nor check existing images (particularly because the tools for this integrity verification don't even exist). If I'm wrong about this I would love to be corrected with pointers to the tools. Regarding the second point, I also lament the often liberal doses of alarmism/FUD that get plastered over the popular media whenever complicated technical issues are discussed - but unless we have some have the discussions, and information dispersal, then the misconceptions have no chance of being dispelled. The threat of misinformed press does not seem to be sufficient to justify censuring open discussion of the issues imho. One of the thing I truly enjoy about the conferences we organize, is seeing the synergism that occurs when multiple minds focus on these security issues at the conferences. When the analysis is parallelized over multiple brains, inevitably the creative solutions that occur from the congregation of different viewpoints and ideas is pleasantly surprising, and powerful. I've seen numerous examples of this: even just last April I had a chance to be a fly on the wall at a discussion between Jacob Appelbaum and Theo DeRaadt talking about the cold memory attacks research Jacob started - the result of which was that during the discussion it was realized that with the addition of about 30 lines of code in the power fail interrupt handler a large segment of those attacks could be nullified, as they are now on OpenBSD. If the discussion hadn't happened, the creative solution to it would have never arisen. These kinds of "out of the box" solutions frequently arise out of multi-person debate and free association that follows discussions of serious issues - no-one has the whole picture and adding other's viewpoints often brings superior solutions to problems up. So in my opinion the benefits of discussing serious issues at conferences far outweigh the potential drawbacks of misguided media coverage of them. What I infer from your post is that you are of the opinion that issues such as this rootkit prototype should be reported to CSIRT and then shuffled under a carpet. To which I respond that that kind of attitude has led to what I currently consider to be an inappropriate level of concern and awareness amongst service providers of the seriousness of this threat. Cisco has some great guys, but surely discussion of this threat amongst the wider security community will lead to more and better solutions than Cisco operating in a vacuum. And more importantly this issue is not a Cisco issue - the basic threat vector should be a concern to other infrastructure equipment manufacturers too. Until we talk about it, we cannot find the right responses to the problem, and experts talking about it usually leads to better and more comprehensive solutions than single persons or smaller groups working in isolation. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008http://eusecwest.com pgpkey http://dragos.com/ kyxpgp ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
