The Documentary, a BBC World Service program (or programme) recently aired a 3-part series called Danger In The Download.
It's definitely worth a listen. All of the episodes are now available online.
Episode 1 — The growing threats in cyberspace from hackers and cyber weapons. Episode 2 — Is the net's architecture and governance is still fit for purpose? Episode 3 — What governments can do to protect the Internet.
If you prefer your audio in the form of a podcast, we also recommend PRI's The World: Technology Podcast which is also offering Episode 1 for download.
Yesterday, I suggested that nonymous speech is vastly superior to anonymous DDoS attacks and other forms of censorship.
Today, I offer this "anti-piracy" PSA (circa 1988) as evidence to support my thesis:
Click to embiggen.
It's stuff like this that made me happy to buy Infocom's games. They asked nicely, and made their points with tongue-in-cheek humor. I still remember this joke 24 years later. DDoS attacks? They fade from memory quickly.
Internet activists (as well as today's media industry) would do well to learn from the past.
UK Courts recently ordered Internet Service Providers to block access to The Pirate Bay. Yesterday, Virgin Media was attacked by some that claim associations to the Anonymous collective.
Well, The Pirate Bay had something to say about the attack on its Facebook page.
TPB: We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us.
My take: Love thy enemy.
TPB: So don't fight them using their ugly methods. DDOS and blocks are both forms of censorship.
My take: Two wrongs don't make a right.
TPB: If you want to help; start a tracker, arrange a manifestation, join or start a pirate party, teach your friends the art of bittorrent, set up a proxy, write your political representatives, develop a new p2p protocol…
My take: Don't be destructive. Better to be "subversive".
TPB: …print some pro piracy posters and decorate your town with, support our promo bay artists or just be a nice person and give your mom a call to tell her you love her.
My take: Call your mother. She worries about you.
Now some Anons out there may push back at The Pirate Bay's claim that DDoS equals censorship. There are numerous Anons that have claimed DDoS attacks are a form of digital protest similar to a sit-in. But consider this: a sit-in is a form of trespass, and trespass and preventing access to others is a crime.
A crime for which the world's greatest human rights leaders have been arrested. But that's the whole point. Civil disobedience is about non-violent resistance — breaking the rules and yet showing respect to the framework in order to change the rules. DDoS is not a non-violent protest. And the attempted lack of accountability is not respecting your fellow members of society.
Ran across quite an interesting infection today. I visited a site that prompted me with a security warning about a "Microsoft" application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.
After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.
The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.
Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around for a while now.
The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary.
iJava also keeps track of infections. Below is the data from the infection mentioned above:
Which shows that for this particular malware, the infection only started yesterday. So far there's only 83 visits to the Java drive-by link.
And thankfully, he's not very successful (knock on wood):
Updated to add: The number of visits has now increased to 122 with a 26% success rate. Since it's counting the number of visits, if a specific IP accessed the page twice it then counts it as two. The total unique IPs so far is 77 with 30% success rate.
Kaspersky's Kurt Baumgartner has pointed out that this rate can actually be considered pretty high for such kits.
Jarno Niemela, a Senior Researcher here at F-Secure Labs, will be taking part in a Black Hat Webcast on Thursday, May 17, 2012. The subject is "Making Life Difficult for Malware" and will focus on system modifications that can be used to prevent malware from functioning properly in the event that your system is compromised.
The Combating Terrorism Center at West Point (USA) has released a study called "Letters from Abbottabad: Bin Ladin Sidelined?". The study provides analysis of 17 declassified documents captured last year during the raid which killed Usama bin Ladin. Copies of the documents in the original Arabic as well as English translations have been made available.
Although the name is no longer as catchy as Lizamoon, the idea remains the same.
This njukol.com is still pretty fresh out of the oven. The domain was registered last April 28. The funny thing is, the registrant of the domain is still the same with all those previous ones.
Syria has been the center of much international attention lately. There's unrest in the country and the authoritarian government is using brutal tactics against dissidents. These tactics include using technology surveillance, trojans and backdoors.
Some time ago we received a hard drive via a contact. The drive had an image of the system of a Syrian activist who had been targeted by the local authorities.
The activist's system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat.
Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called "Xtreme RAT".
Xtreme Rat is a full-blown malicious Remote Access Tool.
Sold for 100 euro (Paypal) via a page hosted at Google Sites: https://sites.google.com/site/nxtremerat
We have reasons to believe this infection wasn't just bad luck. We believe the activist's computer was specifically targeted. In any case, the backdoor calls home to the IP address 216.6.0.28. This IP block belongs to Syrian Arab Republic — STE (syrian Telecommunications Establishment).
This would not have been the first case of using trojans for such purposes in Syria, either.
See these references for similar cases in the past:
