The Observer On: Storm Worm

22 10 2007

 Looks like someones just as worried about the “gathering” power of the Storm Worm as I have been.

I’ve posted previously on this topic:

Here’s a small excerpt from a recent article in The Observer:

In millions of Windows, the perfect Storm is gathering
John Naughton
Sunday October 21, 2007
The Observer

A spectre is haunting the net but, outside of techie circles, nobody seems to be talking about it. The threat it represents to our security and wellbeing may be less dramatic than anything posed by global terrorism, but it has the potential to wreak much more havoc. And so far, nobody has come up with a good idea on how to counter it.

It’s called the Storm worm.

The article goes on to say pretty much what I have been saying since July of 06!!

Anyway, hope somebody is starting to get the whole scope of the situation that is only continuing to grow.

In other words, HAAAALP!!11!!1!!!!11!!





Storm Worm Update: I Hate To Say I Told You So…

8 10 2007

Anyone remember this article I wrote back in July:  STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY?
Well, it looks like I was correct in being concerned that the Storm Worm and its resulting botnets could become even more of a problem even though the code was so old.  Now this nasty little trojan has a bran new bag:

Storm Worm Descends on Blogspot
It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Source – Darknet – The Darkside

Notice what I underlined there.  Darknet sees a growing threat from Splogs.  I see that threat mixed with Storm Worm, and I say, “I knew Storm Worm would only become a larger problem”.  I still don’t know why though, beyond the basic malicious crap people do.

There are probably millions of undetectable variants of the Storm Worm trojan.  I am sure that the growing power of the extremely slippery botnets, that Storm Worm is used to create, will eventually do something very big and very naughty.  I don’t know how or why or what will happen, but if unchecked, something really BIG is going to come crashing down on some rather large target, maybe even a government.

I know it seems like I keep saying “THE SKY IS FALLING”, but I’m not.  I am only saying that there is the potential for “the sky to fall” if security companies and professionals don’t create a fool proof definition to stop all the Storm Worm variants and the botnets it creates.

Just in case you were wondering; No, I do not have the knowledge to create this “fool proof definition”, nor do I know how much work or how possible it could be.

Keep your eye’s open, and don’t click on random crap.





What The Invisible Wahington DC TOR Nodes Mean to You

14 04 2007

It has been established before that TOR is not as purely anonymous as you might think. There have been a few well documented anonymity attacks for TOR but none have ever really been considered a “significant risk”.  This latest scare, which I saw pop up on REDDIT and several other social link sharing sites, is actually a collection of data from 2006, which on the net clock is a long time, but it is still alarming.

Excerpt via http://jadeserpent.i2p.tin0.de/tor-dc-nodes-2.txt

Due to the sheer amount of traffic apparently passing through this collusion
network, consolidation and analysis of exit node traffic is only one of several
forms of anonymity attacks made more feasible. Hence these 9 routers appear to
pose a significant anonymity threat to users of the public Tor network.

If that doesn’t scare the pants off you then read the rest of the article (CLICKY).

For those that aren’t well versed in TOR anonymity attacks and other long winded net speak, I’ll break it down in terms that even I could understand. (And it really did take a bit of research and thinking to figure what this document was saying in lay terms.)

So here goes my lame ass attempt at explaining it:

There are 9 TOR (The Onion Router) nodes in the Washington DC area that are colluding several different types of  internet traffic (including ssh).  These nodes have been identified as follows; donk3ypunch, TheGreatSantini, mauger, paxprivoso, soprano1, hubbahubbahubba, m00kie, and joiseytor. According to the article, 8 of these nodes are routing all of their traffic to the one node called “alaa”, which is acting as the only node that allows traffic to pass through it, which means that somebody has a significant amount of power to fuck with your privacy … and they live in Washington DC.

That’s pretty much all I get out of the original article, which makes me want to start using my own ssh tunnel to a private proxy all on its own, but I did some further research.

All the “poses a risk”, “could be”, “maybe” and numerous other qualifiers I found in my google-palooza, means no one really knows if data is actually being collected. So all this info would seem harmless, except according to the PRIVACY ECOSYSTEM BLOG :

We found ourselves [Aug/06] coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.

Click here for some more info on the “missing” Washington nodes.  There’s a huge list of domains that show up as just not existing, except the TOR nodes do in fact exist.  The existance of the missing machines (or IP addresses) running these colluding TOR nodes has been established by jadeserpent.i2p.tin0.de in their exhaustedly researched paper, which brings us right back to square one:

Due to the sheer amount of traffic apparently passing through this collusion
network, consolidation and analysis of exit node traffic is only one of several
forms of anonymity attacks made more feasible. Hence these 9 routers appear to
pose a significant anonymity threat to users of the public Tor network.

Which is just super.

So what’s the friggin deal, you ask? Why are these machines magically “missing”? What is happening to the data that passes through them?  The resounding answer that I could find, is that nobody knows, not even the people who created and continue to update TOR.

For the mean time, if you want super duper unimpregnable privacy, you’re JWF (jolly well fucked).  For what its worth, if you’re just using TOR to get past your office fire walls and see the web pages that they have blocked, you’re fine.  If you’re using TOR to do some shit that the government might take note of, you may want to use a darknet or some such service that has yet to be compromised.  Unfortunately for us poor folk, the only commercial darknet that I can think of is Relakks, a pay service that offers “true” anonymity.

As for everyone else, who just wants music and software, you’re fine.  Encrypt your bittorrent traffic, don’t use static IP’s, and keep up a strong set of firewalls.  Redundancy is your friend when it comes to fairly good privacy.





SNL Conspiracy Theory Rock Banned!! Only Aired Once! (Video)

28 12 2006

This is too friggin funny not to air over and over again just cause your purse strings are being tugged at:

thnx reddit





Leaked Rumsfeld Memo Proposed ‘Major Adjustment’ in Iraq May Mean More…

4 12 2006

Rumsfeld Memo Proposed ‘Major Adjustment’ in Iraq – New York Times

The memo provides no indication that Mr. Rumsfeld intended to leave his Pentagon post. It is unclear whether he knew at that point that he was about to be replaced, though the White House has said that Mr. Bush and Mr. Rumsfeld had a number of conversations on the matter.Told that The New York Times had obtained a copy of it, a Pentagon spokesman, Eric Ruff, confirmed its authenticity. “As it became clear that people were considering options for the way forward, the secretary had some views on the subject, and this memo reflects those views,” he said.

At first this may seem innocuous but Steve Young over at the Huffington post thinks a bit more of it:

Is White House Whistleblower Ready to Bring Down the President?

I hope to heaven this is all true and bush will be out way before 2008.  It would make a nice Chrismahanaquanza gift!

BUCK FUSH!





Ken Lay Alive?

31 10 2006

Hey, I didn’t write it





9/11 Freeway Blogging

6 10 2006