UW Computer Security Research and Course Blog

According to this article, the English version of Wikipedia may be implementing a system called “flagged revisions” to the editing software, which would require that edits would have to be approved (“flagged”) by a “trusted” user (see the Wikipedia page on flagged revisions here). Edits that have not yet been approved could be viewed by users on request, but the default version of a page would exclude any changes that have not yet been approved. Trusted users’ edits are automatically approved. There could be long wait times for edits to be approved; this system has already been implemented in the German Wikipedia version, and edits there have taken as long as three weeks to be approved. (Read on …)

Network Solutions runs one of the largest domain registrars and DNS hosting providers in the world. It currently hosts more than 7.5 million domain names, including many of the most popular web sites on the Internet. The domain name servers hosted at Worldnic translate URLs into IP addresses, so if these servers are not operational, an otherwise functioning web site is effectively down.

With billions of dollars being shifted from retail to e-commerce every year, web site up-time has become mission-critical to many companies. Any sort of web site failure for even extremely small periods of time can directly affect a 21st century company’s bottom line. Network Solutions has the very important task of serving as the gateway between customers’ web browsers and companies’ web sites. As the man in the middle, they are a very clear target for attackers. A malicious user has a clear path to disrupt service without ever having to attack a customer or the company itself. This scenario makes top-level security imperative to Network Solutions and Worldnic. A single successful attack could disrupt millions of transactions across millions of web sites.

(Read on …)

According to an article from New Zealand’s ONE news, one of their citizens, Chris Ogle, recently purchased an iPod from  a thrift shop with detailed information about some of the US soldiers. This information has included social security numbers, information about where they are stationed, as well as current cell phone numbers. Each file had a disclaimer reading that the release of it’s contents were “…prohibited by federal law”. Who ever donated the iPod has obviously broken this disclaimer, if they didn’t want the files to be found they could have destroyed the iPod or better yet erased the files. According to the story, many of the files are dated 2005, but regardless of the year peoples personal information is not necessarily likely to change (i.e. their social security number), in the wrong hands this information could potential harm the soldiers by in the most extreme case giving away locations to military bases or in a more likely case giving someone enough information to commit identity fraud. The man has said that he would be happy to give the iPod back to the US government if asked, which seems to me would be the appropriate response for the government to take to protect the security of their soldiers personal information.

Today’s Seattle Times reports of an Oregon ex-CIA agent who had been selling the identities of other CIA agents to the Russians – from his jail cell.  Not only am I surprised that he had already been convicted (in 1996) but managed continue, but also that “the spy wars between Russia and the United States did not stop with the end of the Codl War and the collapse of the Soviet Union in 1991.” (!!!)

The story reveals security problems both on behalf of the government, and on behalf of this former agent, Harod Nicholson. On the government’s behalf, we are reminded that all security is based on some level of trust – and with a large program like the CIA, it is hard to ensure that every agent can be 100% trusted, now matter how hard they are screened. Nicholson clearly should not have been trusted. As for Nicholson, he had been sending secret messages through his son, which his son then physically traded with Russian agents for cash. What tipped the US government to this process? They didn’t figure out exactly what was said in the messages, but the rise in communication between the two, and the son’s frequent international travel tipped them off to the fact that something was going on. Strange messages – like biblical verses – started appearing in their letters. Sometimes, it’s not that the entire message leaks, but external information can tip an outsider to the fact that *something* is going on – and then they can make a pretty good guess as to what.

For us as students, this is a reminder that Security, while not only fun to pretend we are lock-breaker hackers like in the movies, is actually relevant to real lock-breaker hacker secret agents, who are not in the movies, but real. While our only personal exposure to security may be adding a password to our email, or at the most crucial keeping our Social Security Nubmer and Bank Accounts secret, there are reasons that extremely strong security is necessary. For those in the CIA, they don’t worry that someone is trying to decrypt their messages, they know that someone is trying to decrypt their messages. They don’t hypothetically consider trust, and then tell their best friend their passwords – too much is on the line.

I guess I’m finally convinced that security really really is valuable.

Security Professional John Schiefer has continued to work in the computer security field for 15 months while he has been waiting to be sentenced for being a botmaster of a 250,000 bot herd (http://www.theregister.co.uk/2009/01/23/botmaster_sentencing_kerfuffle/). This Los Angeles based security consultant has been awaiting sentencing since pleading guilty in November of 2007. Since then, Schiefer has stated that he has been working as a professional in the security field as well as a network engineer for an internet startup. The prosecutors have requested the minimum 60-month sentence, followed by five years of supervised release. Luckily, everyone in this class has signed an ethics form so nothing like this will happen.

(Read on …)

The Associated Press reports that there is a growing chance that, while watching an advertisement on a video screen in a public place, the advertisement may also be watching you.  Following a trend of increasingly prevalent automatic public monitoring, from security cameras to red-light cameras, advertisements may now attempt to identify the people watching them.  This is done with small cameras that can be embedded either in or around the advertising video screen.  The output from the cameras is feed into software which attempts to identify certain characteristics about the watcher.  This includes both personal characteristics such as age, gender, and ethnicity and behavioral characteristics such as the amount of time spent watching the advertisement.

(Read on …)

With the improvement of wireless technologies and a decrease in their cost, more and more devices come with network connectivity built in. From Wifi to Bluetooth to 3G, more and more devices are becoming wireless capable. A recent article from ScienceDaily (continued here and here) discusses how many of our personal belongings will be interacting wirelessly, and the technologies being developed in order to cope with such a massive increase. There is a predicted 7 trillion devices for 7 billion people by 2017 that will be connected on personal networks. Given many of the problems of wireless security that we are faced with today, the chance for potential problems is a serious concern.

The article discusses the MAGNET, a European research project aimed at seamlessly managing personal networks (PN). The goal is to make maintaining one’s PN easy and convenient to use, while trying to still be secure. It is hoped that bringing new devices into the network should be done in a user friendly way, to avoid many of the connection nuances that annoy consumers today.

Assets and Security Goals

• If everyone’s lives are as fully connected as conjectured, then all forms of privacy and personal security could be at stake. The PN is used to keep your entire life connected, whether it be to keep personal finances and work in order, or to monitor heart rate and other bodily functions.
• Maintaining availability and reliability of electronic devices. Devices could stop functioning properly if dependencies are built upon the functionality of the PN being intact

Potential Adversaries and Threats

• Adversaries outside the personal network If so many devices are communicating wirelessly, the amount of traffic in the air at once is potentially staggering. Any adversaries who wish to learn about an individual could monitor this communication and learn about the user.
• Adversaries within the personal network. If an adversary were able to gain access to a device within the PN, it may be possible to gain access to other devices in a network.
• Advertisers/Marketers It may be possible for a manufacturer to construct a device which monitors a user’s PN to learn about their habits. This information gathering could be used to make very targeted ads depending on the devices in their PN and the communications they make.
• Device manufacturers Device manufacturers could be adversaries themselves, and embed malicious behavior in their devices. Maybe one manufacturer’s device could attack a competitor’s device on the same network.

Potential Weaknesses

• Professor Liljana Gavrilovska, Technical Manager of the MAGNET Beyond project, stated that, “We have a user-centric approach with the overall objective to design, develop, demonstrate and validate the concept of a flexible PN that supports resource-efficient, robust, ubiquitous personal services in a secure, heterogeneous networking environment for mobile users.” By maintaining a user-centric approach it’s possibly that many assumptions have to be made about the types of devices and the accessprivileges given on a PN. Specific customization of individual devices on a PN may be difficult given how transparent this process is trying to be made to the user
• Trust between devices could be a weakness in a network. Enforcement and access rights that devices have within the network would have to be specified to ensure devices can’t take actions that aren’t necessary for their function.

Potential Defenses

• Ensure that all users are aware of the risks associated with this technology before using it. It’s apparent even today that many users aren’t concerned with security, given how many home networks are left vulnerable and exposed.
• Enforce a kind of standards policy on manufacturers to ensure that the devices they produce conform to security standards, and do not exhibit any undesired behavior that is not related to their dedicated tasks.

Given the recent trends and developments in personal devices, it’s inevitable that our devices will be communicating on a massive scale. The MAGNET project is responding to the need for a well defined standard for these technologies to cooperate. There is a lot at stake, and adversaries have every reason to target user’s PNs for personal gain. Efforts are being made to ensure that this technology is safe and secure for users to depend on, but these measures should be scrutinized in order to ensure personal privacy and safety.

According to a New Scientist Article, a company called Biorics wants to control the spread of pandemic disease by dispersing “cough-detecting” microphones throughout airport lounges. The proposed technology would detect coughing passengers and distinguish a common-cold-like cough from one that could be a symptom of a serious and spreadable disease. In 1998, a group of scientists from the Nippon Medical School in Tokyo, Japan showed that they could discriminate between productive and non-productive coughs; where a productive cough is usually accompanied by the expulsion of phlegm (i.e. a sick person’s cough). Biorics used this research to develop a system that theoretically could detect a sick traveler in an airport and stop the spread of a possibly devastating disease.

(Read on …)

Barack Obama’s online community, which began during the 2008 campaign as a way to bring people into the political process, has been the target of recent attacks, according to an article in PCWorld.

The site (login required) allows registered users to create their own blogs, and many attackers have taken advantage of that capability by posting images designed to trick viewers into downloading Trojan horses. For example, one attack involves tricking users into clicking an image to view a movie. If they click, they are told they need to download a codec. That “codec” is actually a Trojan horse.

Of course, this type of attack is not new. But the fact that they are happening on a web site controlled by the President of the United States is, and it raises interesting questions about who controls a site’s content, what causes a user to trust blog content, and how attackers can reach the most victims.

Naïve users who read blogs on barackobama.com might trust what they are seeing more because they trust the President. But while the site’s operators have an interest in maintaining the trustworthiness of their site, and are actively searching for and eliminating attacks, they cannot always keep up.

Attackers can also take advantage of the President’s strong reputation to reach more victims. As with any malicious web page, posting links to them on other sites increases the malicious page’s search ranking. But this effect is magnified by the popularity of the President’s site itself, which improves the search ranking of every page on it.

In the early days of the world-wide web, the notions of content-provision and site-operation were synonymous. If the operators of a site were trustworthy, then short of a redirection attack, the content of that site could also be trusted. But these notions have been split by the advent of online community sites that allows users to contribute their own content. Now, to provide a safe experience for its users, a site must not only do no harm itself, but must successfully control what other users can post. It may take some time for naïve users to realize that.

This new requirement is further complicated by the fact that the better a site operator’s reputation is, the more traffic it will have, and the more users will be inclined to trust what they see on it. That gives attackers an incentive to attack the sites with the best reputation, where they can do the most harm.

Operators wishing to maintain the reputations of their sites have two options: detection and removal, and stronger warnings to their users. Strong warnings may be undesirable for the site operator because they are essentially telling their users that their site is unsafe. That means they will need to strengthen their detection and removal, possibly requiring that postings be approved before they are made public, if they are going to keep their site safe enough to stake their reputations on.

According to the D.C. Examiner, a virus, allegedly planted by an
ex-employee, was recently discovered among Fannie Mae’s 4,000 computer
servers.  The virus would have first disabled the companies’ computer
monitoring systems, then restricted all employee access, begin erasing all of
the companies’ data, and finish by shutting down every machine.  According to
prosecutors, this would have caused millions of dollars worth of damage,
understandably, and halted all of Fannie Mae’s computer operations for at
least a week.
The article is somewhat vague on how or when the virus was found, but
some of the dates connected with the article provide cause for alarm.  The
employee allegedly responsible was fired on October 24th for attempting to
tamper with certain server’s settings.  The virus mentioned in this article,
however, was installed before this date, and set to attack on January 31st.
The article was written two days before this would happen on the 29th, leading
one to believe that the virus was hidden amongst Fannie Mae’s code for at
least several months before being discovered.  The company should be commended
for recognizing a possible insider attack in October when they fired the
employee, however perhaps they could have done more to investigate the actions
of that employee such that this potentially devastating virus could have been
found earlier.
This story, and ones similar, emphasize how crucial it is for
companies to protect themselves from insider attacks.  These precious servers
cannot exist in isolation, however their access and updates need to be
strictly monitored in order to minimize the risk of malicious software being
installed by trusted parties.  Arbiters of these systems could consider
personally approving every update pushed onto a server, and installing a
security system that would only allow these changes to be made, however this
in and of itself presents its own problems.  This solution might not be
feasible for large scale systems, and also one might imagine another slough of
security holes in the new update monitoring system.  At a more fundamental
level, this solution really only moves the burden of trust up the chain of
command, and thus the same insider vulnerabilities arise, albeit for a
smaller and more trusted set of individuals.  The best security from these
forms of attacks may be deterrence, by enacting strict punishments and hard
jail-time for perpetrators of these attacks.  The threat of arson charges
deters disgruntled employees from burning down office buildings, perhaps
similarly draconian laws regarding computer intrusion would better deter
attacks such as these.

Article:  http://www.dcexaminer.com/local/012909-Ex-Fannie_Mae_worker_charged_with_planting_computer_virus.html