root labs rdist

June 18, 2008

Next Baysec: June 19th at Pete’s Tavern

Filed under: Misc,Security — Nate Lawson @ 2:52 pm

The next Baysec meeting is Thursday at Pete’s Tavern. Come out and meet fellow security people from all over the Bay Area.  As always, this is not a sponsored meeting, there is no agenda or speakers, and no RSVP is needed.  Thanks go to Ryan for planning all this.

See you on Thursday, June 19th, 7-11 pm.

Pete’s Tavern
128 King St. (at 2nd)
San Francisco

June 12, 2008

China hax0rs US

Filed under: Crypto,Hacking,Misc,Security — Nate Lawson @ 9:12 am

Like any mainstream article on security, this recent AP article sensationalizes China’s response to multiple accusations of state-sponsored hacking. First, the money quote:

“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it.”
— Foreign Ministry spokesman Qin Gang

Is this supposed to play into some pompous Western belief that China is a backwater and thus incapable of hacking computers? Does anyone believe it takes advanced technology to break into PCs?

Next we have the meaningless numbers. The Pentagon claims its network is scanned or attacked 300 million times a day. For this to be true, that would be an average of 3400 times per second. If we consider every packet to be a scan, that is about 200 KB/second. However, the entire port scan should be considered a single attempt. Of course, bigger numbers sound more scary and justify a higher budget. Perhaps each TCP option in the header of each packet could be considered a separate attempt since they could be attacking both timestamp and window scaling implementations!

The more interesting allegations are that China copied the contents of a laptop of the visiting U.S. Commerce Secretary and hacked into the office computers of two House representatives. The laptop incident is more interesting since it seems easier to prove. Did they confiscate the laptop and take it to another room? Did the file access times change or was it powered off? I assume he continued using the laptop during the trip and thus it would be harder to tell. Was he using disk encryption? Why not?

The allegations regarding the two House members are much less provable. The FBI investigated their computers and said they’d been accessed by people in China. How did they first decide they should call the FBI? Porn popups? Without more evidence showing a clear intent, this is more likely a malware incident. It is surprisingly convenient that their allegations appear alongside House Intelligence committee meetings on hacking.

June 5, 2008

Interview about DRM on Security Focus

Filed under: Embedded,Misc,PC Architecture,Security,Software protection — Nate Lawson @ 10:52 pm

Security Focus just posted this interview of me, talking about DRM. Here are a few choice quotes.

On authoring software protection for Vista:

The rules of the game are changing recently with Microsoft Vista kernel patch protection. If you’re a rootkit author, you just bypass it. If you’re a software protection designer, you have to play by its rules. For the first time in the PC’s history, it’s not a level playing field any more. Virus scanner authors were the first to complain about this, and it will be interesting to see how this fundamental change affects the balance of power in the future.

On using custom hardware for protection:

Custom hardware often gives you a longer period until the first break since it requires an attacker’s time and effort to get up to speed on it. However, it often fails more permanently once cracked since the designers put all their faith in the hardware protection.

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 93 other followers