The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill.

I’ve noticed this trend picking up lately, a few companies are adopting this strategy or at least discussing it. First hit – warning, second hit – suspension then finally third hit is permanent disconnection and possible blacklisting.

Illegal file-sharers could be booted off the internet by summer 2011, says Lord Mandelson. The Business Secretary, who has been charged with ironing out the UK’s plans to tackle internet piracy, revealed that disconnecting repeat offenders will be a last resort.

Mandelson told the government’s Digital Creative Industries Conference that the “consequence-free” days of illegal file-sharing are over, and that a “legislate and enforce” strategy had been identified as the best way to tackle the problem. “Three strikes is a reasonable way of describing our approach,” he said.

The legislation, which will see those caught illegally downloading sent warning letters, will be officially set out in the Digital Economy Bill that is expected next month and will come into force in April 2010. “Technical measures will be a last resort and I have no expectation of mass suspensions resulting.”

I don’t see what the big deal is really, just use encrypted protocols or sign up to a VPN package and use another country that’s no so big on stamping down on piracy.

A lot of people use VPNs here in US or UK simply because BitTorrent traffic is throttled, it’s a small price to pay.

The same measures could be used to avoid any ISP snooping and get your downloads in peace. The whole Torrent scene has become a bit of a mess lately and it’s a hotpot of bogus files and tracked downloads.

Even with something like PeerGuardian you aren’t totally safe.

Repeat offenders will be issued with a second letter. If this fails to stop them illegally downloading, they will be put on a “serious infringers list”, with ISPs expected to “exercise technical measures”.

Mandelson also said that Ofcom will monitor the success of the warning letters in the first year and if illegal file-sharing has not reduced by 70 percent then suspending net connections will be brought into force.

“The threat for persistent individuals is, and has to be, real, or no effective deterrent to breaking the law will be in place,” he added.

Mandelson also said a “proper route of appeal” would be available for those suspended from the web. Once notified of possible suspension, offenders will be given 20 working days to appeal to an independent body, although Ofcom has yet to appoint the body. Mandelson said the suspension would not come into force until the appeal has been heard.

It’s interesting as well that they aren’t going hardcore right off the bat, they are still giving people a chance. If piracy reduces by 70% after the initial measures are put in place no-one will get disconnected.

Does that mean 30% of people can still download copyright content without any repercussions?

I’ll be watching the implementation anyway to see what kind of effect it has, I’d like to see the figures before and after 12 months and of course the metrics for measurement.

Source: Network World

The latest in this strung of busts is the music piracy ground RNS or Rabid Neurosis, very eminent in the scene in the late 90s/early 2000s.

With P2P and people ripping stuff themselves, is ‘the scene’ dying or are most releases repackaged group releases? I’ve been out of the whole 0day warez/racing/fxp thing for a long time, so I honestly have no idea.

Six men have been accused of running the world’s most prolific music piracy ring, an online crew federal prosecutors allege delivered more than 25,000 copyrighted albums, often before they were officially released.

As members of Rabid Neurosis, or RNS as the group was called, they tapped insiders at music retailers, radio stations, and CD manufacturing plants, who were able to get their hands on music titles before their commercial release in the US. In other cases, they turned to affiliates elsewhere in the world, who were able to supply music that was not yet available in America.

“These reproductions were done for the benefit of the members of RNS and other affiliated piracy groups, in that, by getting a reputation for providing pirated materials that were previously unavailable on the piracy scene, RNS members were granted access to massive libraries of pirated music, video games, software and movies,” prosecutors alleged in court documents filed Wednesday.

They have an impressive record though often releasing full retail albums before they were for sale! They stopped around 2007 tho, I guess that’s when Bit Torrent and p2p was really taking off.

25,000 albums is a serious number though I’d guess their restitution is definitely going to be in the millions. But then historically the fines given out for piracy cases has just been completely ridiculous.

The most likely outcome, 6 more people filling for bankruptcy.

The claim of personal benefit is important, since sentencing guidelines frequently require a showing that copyright infringers financially gained from their activities.

Wednesday’s indictment, filed in US District Court in the Eastern District of Virginia, named Adil R. Cassim, 29, of Granada Hills, California, the alleged leader of the group, Matthew D. Chow, 28, of Missouri City, Texas, Bennie L. Glover, 35, of Shelby, North Carolina, an employee of a CD production plant, and Edward Mohan II, 46, of Baltimore.

Each was charged with a single count of conspiracy to commit copyright infringement. If convicted each faces a maximum sentence of five years in prison and a fine of $250,000, in addition to a possible order to pay restitution.

Patrick L. Saunders, 30, of Brooklyn, New York, was charged in August and pleaded guilty on Tuesday to one count of copyright infringement. James A. Dockery, 39, of Mooresboro, North Carolina was charged on Tuesday.

They had an impressive network of contacts with people from retail outlets, cd printing factories and radio stations. All the people who get tracks and whole albums before they hit the streets.

I’m sure there will be plenty more similar cases to follow in the near future.

Source: The Register

Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and a large percentage of people not using any kind of protection at all.

Brits are lax at updating their security software, compared to their European counterparts, says PC Tools. Worldwide research by the security firm revealed that a third of Brits never update their security software, compared to just five percent of German and seven percent of French web users.

Nearly one in ten Brits also admitted they don’t use any form of security software when surfing the web, compared to five percent of French and four percent of Germans. The UK is also lagging behind when it comes to deleting files sent from unknown sources. Just one percent of Brits will delete files sent by email, instant messenger or social networking sites compared to two percent of French web users and nine percent of Germans.

With auto-updates and software prompting you to up date I don’t know why it’s such a big problem, I would hazard a guess that it’s to do with the lack of Broadband penetration in UK.

There’s still a huge number of people using dial-up which makes it very cumbersome to update software, especially with file sizes getting bigger and bigger.

PC Tools said that 41 percent of all respondents use just one or two passwords across all the sites they visit online, while eight percent admitted to having just one password for all their online account. Of that eight percent, over half were French, while 35 percent were Brits and just 16 percent were German.

Michael Greene, vice president of product strategy, PC Tools, said: “While consumers are generally security conscious, they are not yet security savvy. The increased use of the internet among consumers is providing a lucrative market for cybercriminals and we are seeing more and more sophisticated techniques that lure consumers into clicking on malicious links or downloading malicious files”.

Over three quarters of Brits have some form of security software installed on their PC, compared to the global average of 57 percent. Worryingly, 53 percent of Brits also said they only act on a security alert if something strikes them as particularly dangerous.

From the stats, the average for those having some kind of security software installed is trumped by the Brits – but if they don’t update isn’t it useless.

And with 41% of people using only 2 different passwords for ALL online sites..that doesn’t bode well for anyone who gets hit with a targeted attack.

Source: Network World

The thing is it seems like it wasn’t a traditional network based botnet style DDoS attack, but a ‘joejob‘ attack where spam is sent out containing a link and the users clicking on the link contribute to the site becoming overwhelmed with requests.

The DoS attack has been confirmed on the Twitter Status page here – Ongoing denial-of-service attack.

The attack theory comes from Bill Woodcock, as reported by The Register.

Users looking to update their Twitter feeds or Facebook pages were likely disappointed Thursday morning, as a denial-of-service attack made both services hard to reach.

Around 9 a.m. Eastern Time, the number of responses from micro-blogging service Twitter fell precipitously, reaching a bandwidth of 60 Mbps by 10:40 a.m. ET, according to Arbor Networks, a networking services firm. Twitter had reached nearly 200 Mbps prior to the drop.

The service continued to be impacted Thursday afternoon, reaching a peak of 150 Mbps, about half of its normal peak for that time of day, according to Arbor.

It seems to be a politically motivated attack aimed at a certain anti-Russian blogger known as Cyxymu.

It targeted all web properties where had profiles, the main ones of course being Facebook and Twitter but also included Livejournal (where he hosts his blog) and his Youtube account.

It’s a simple but seemingly very successful method of attack, shown by the fact that it took out a couple of major sites which already manage large amounts of traffic.

Users also complained of issues accessing Facebook. The service confirmed midday on Thursday that, it too, had suffered a denial-of-service attack.

“You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack,” the social network stated on its own Facebook page. “We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.”

You might have noticed a lot of failed requests if you use Facebook (JavaScript timeout errors and network pipe errors).

Facebook fell because of the same targetted attack on Cyxymu, they acknowledged such on their Facebook page.

Source: Security Focus

Of course when that was sold off to Symantec then subsequently discontinued, things changed a lot.

Well now the Hacker News Network is back online, one of the side projects of L0pht Heavy Industries – yes www.l0pht.com is back online too.

Hacker News Network is one of the side projects of the Boston-based hacker collective known as L0pht Heavy Industries. They’re the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.

The L0pht’s eight members were hacker gods back in the ’90s, but most of them have faded from the limelight, even as they’ve watched a cottage industry of security research firms sprout up based on many of the disclosure techniques they pioneered. The L0pht disbanded after it sold out to consultancy @stake in 2000, and its members gradually watched their dream of being paid to do cutting-edge hacking and security research wither and die.

But over the past few months, the L0pht has been getting back together, kind of.

Unsurprisingly it was being swallowed by a corporate that drove them apart, different people having differing opinions on what they should be doing..plus of course politics.

And the main reason as they state, is it stopped being fun. Only one of the crew remains at Symantec (Paul Nash aka Silicosis).

Thankfully they have put their differences behind them and I hope to see some good things come out of L0pht once again.

Six of the eight members reunited last year at a Boston security conference, and in May 2009, members of the group released the first update to their L0phtCrack password audit tool since 2005. They say it took a few years of negotiations with Symantec — which bought @stake in 2004 — to get back control of L0phtCrack and several other L0pht properties.

Last month the L0pht Web site went back online, and the demo version of Hacker News Network is set for an official launch on Jan. 11, 2010. (Chosen because the date 01-11-10 works as a binary number.)

The L0pht Web site will give members a single place to link to their current projects. Peiter Zatko, aka Mudge, says he’d like to use it as an archive of the group’s historic security advisories.

More projects may evolve. The group acquired the rights to its AntiSniff network monitoring tool from Symantec and is toying with the idea of reviving that as well.

I can’t wait to see what new techniques and technologies they can put into L0phtcrack and bring it back up to date. Because in it’s day it was simply THE best password cracker on the market by far.

Antisniff is a neat tool too and it would be good to see that revived and revamped.

I hope to see good times ahead from L0pht and will be watching what they are up to.

Source: Network World

Don’t they read the news? Don’t they understand how losing customer trust can really effect your bottom-line?

I would have thought 30% of respondents thinking data loss was high impact as a low figure, but 7%? That’s just insane.

A mere seven per cent of respondents to a survey on data management believed data loss has a “high” impact on a business.

This is one of the key findings of a survey launched in Hong Kong yesterday by Kroll Ontrack, a US-based provider of data recovery solutions. The survey was conducted earlier this year by StollzNow Research. It asked IT managers from 945 small, medium and large companies in Hong Kong, Singapore and Australia about their views and experiences related to data management.

The survey found that just less than half (49 per cent) of all IT managers have reported a data loss situation in the last two years.

Even more shocking is that half of the small business surveyed don’t even run back-ups! It’s so cheap and simple now with mass storage devices available off the shelf with Terabytes of storage.

There’s really no excuse for not backing up any more, I even had a 2TB RAID mirrored storage unit at home to back up my personal stuff. All my websites are backed up nightly and the backups sent to multiple physical servers and DB backups sent via e-mail.

While larger companies may not fully appreciate the risks they face with data loss, it is the small business sector that appears to be most at risk. An alarming 49 per cent of small companies stated that they fail to back up their data on a daily basis.

This is despite the fact that nearly half of all participants had experienced data loss in their workplace in the past two years, and 36 per cent felt that data loss could have a significant impact on their business.

Small businesses were also less likely to test their backup systems on a regular basis, or to have implemented a policy for the preservation of data. While 61 per cent of overall respondents reported that their company had a formalised data retention policy, this figure fell to just 45 per cent for companies with 50 or fewer employees.

I’d be interested to see a similar survey for the US and Europe to see if the figures are in the same kind of range.

It’s very common though for policies and backups to be implemented and never updated or tested. So when a failure actually occurs the company finds out their system isn’t even working.

Computers and backup systems don’t just keep magically working, especially when you’re changing configurations, server setups and software all the time.

Source: Network World

As a senior White House official this is quite a serious position with the responsibility of protecting both the US government networks and looking out for private companies too.

It’ll be interesting to see who is chosen for the post and what kind of policies or campaigns they will run.

President Obama is expected to announce late this week his decision to create a senior White House official responsible for protecting the nation’s government-run and private computer networks from attack, according to a published report.

The “cyber czar” will probably be a member of the National Security Council but will report to the national security adviser and the senior White House economic advisor, according to The Washington Post, which cited unnamed officials who had been briefed on the plan. As of Friday, Obama had not yet settled on the advisor’s rank and title.

The announcement is to coincide with the release of a 40-page report evaluating the government’s strategy for security government networks and other infrastructure deemed critical to national security. The timing of the report – it was expected to be released a week or two ago – and the details included in the Washington Post report suggest the plan may have run into infighting by advisors to Obama.

Officially the rank and title have not yet been decided but they will be working with the National Security Council and the Economic division of the government.

The strategy will be interesting to see too, what are they going to propose to protect the government networks and what else will they deem critical to national security? I hope it includes power stations and other such resources (Industrial Control Systems for example) as they seem to be massively lacking security.

On his first full day in office, Obama signaled a willingness to have the cyber czar report directly to the president, an arrangement that he promised as a candidate and that was also recommended by a panel of more than 60 government and business computer security experts.

While the idea is whoever is appointed will be someone who can “pick up the phone and contact the president directly, if need be,” the advisor no longer would report directly to Obama, according to the report. What’s more, the czar would now have two bosses, in an attempt to strike a balance between homeland security and economic concerns.

Over the past few months, turf wars have arisen between advisors who want the ultra-secretive National Security Agency to oversee the country’s cybersecurity. Others have said the job is best carried out by the National Cybersecurity Center, an office within the Department of Homeland Security that’s responsible for coordinating the defense of civilian, military and intelligence networks. In March, the government’s cybersecurity chief abruptly resigned amid allegations his office was woefully underfunded and inappropriately controlled by the military.

Seems like there is some infighting going on in the government and a bit of a power struggle as to which department will be controlling the ‘cyber czar’.

It’s looking like the organizational problems regarding cyber security may run deeper than they appear on the surface with claims of underfunding and misuse by the military.

I hope they do sort it out though, the more secure the US government is the safer the rest of the World will be.

Source: The Register

It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a single location.

I guess the users haven’t heard of OpenDNS either, or perhaps they can’t use it because it’s blocked by the ‘Great Firewall of China‘.

An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on Wednesday.

Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The DNS is what computers use to find each other on the Internet.

The incident revealed holes in China’s DNS that are “very strange” for such a big country, said Konstantin Sapronov, head of Kaspersky’s Virus Lab in China.

The problems started when registrar DNSPod’s DNS servers were targeted with a DDOS (distributed denial of service) attack, described by the company in an online statement. In such an attack, the attacker orders a legion of compromised computers to try to communicate with a server all at once, which overwhelms the server and crushes its ability to return requests for information.

A DoS attack on the root domain servers of any organisation is always one of the most effective as you don’t have to saturate a large pipe, you just have to make the machine max out it’s CPU/RAM so it can’t serve any more requests.

It’s much better than trying to take a corporate network offline by filling up their main line. Targeted attacks are always the most effecient.

Internet access returned to normal in the late night several hours later, according to the government statement.

China had almost 300 million Internet users at the end of last year, according to the country’s domain registry agency, and streaming online video is as popular among young people as it is in Western countries.

The event, the first of its kind in China, suggests the country needs to improve its rules managing the DNS, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

The original attack transformed into a regional DNS jam essentially because Baofeng is so popular, said Zhao.

Such programs may need smarter code, which could instruct them to withdraw DNS requests that go unanswered, he said. The way unanswered requests are redirected to higher-level servers could also be changed, Zhao said.

An interesting point is that the registrar that was attacked hosted the DNS for the very popular video streaming site Baofeng – the traffic was so high for this site that that unanswered DNS requests turned into another traffic jam having the effective of multiplying the original DDoS attack.

I’m guessing this was an unintended side effect, but it worked out well for the attackers.

Source: PCWorld

Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.

It seems like this malware might be here to stay and infecting more and more computers building a formidable network of zombies.

April 1 has come and gone in some parts of the world, and the Conficker worm is still here. While the day in security passed by relatively uneventfully, there are still people at risk.

The doomsday some were predicting the Conficker worm to bring had not materialized as of the evening of April 1. But that hardly means Conficker is a bust.

In short, the Conficker worm did what was expected—generate 50,000 domain names and begin contacting them. According to BKIS, the Bach Khoa Internetwork Security center, 1.1 million PCs in Europe, Asia and a part of America infected with Conficker have already “called home.”

But even though nothing dramatic happened, AVG Technologies Chief Research Officer Roger Thompson warned against blowing the worm off.

It seems like the confirmed infection rate is sitting at just above 1 million, far less than the previously estimated 9 million.

But still 1 million is a formidable arsenal of spam sending machines, or a deadly DDoS network.

There is also the possibility of selling Conficker’s army of infected computers, but that could prove problematic due to the amount of attention it generated. Right now, countless members of the security community, including the Conficker Cabal—formally known as the Conficker Working Group—are keeping tabs on the worm. Even with 50,000 domains in question, those domains are being closely monitored and any malicious servers will likely be noticed before long.

“Given the profile of Conficker, I think it’s rather unlikely that the botnet is up for sale,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas. “Not a lot of people out there would like to handle such hot property, as the botnet is being watched by a lot of people. However, leasing [parts of] the botnet is a different story. That way the leasers would get the advantage of the power of the botnet, but the owners would still be running the risk.”

I think the assumption is fine, they won’t plan on selling the botnet – they will just keep increasing its size and potential and then lease out chunks of it for DDoS attacks and sending spam e-mails.

All this dodgy stuff is big business now, and sadly there doesn’t seem to be anything we can do about it.

Of course we can personally make sure no-one we know gets infected with Conficker, and if they do we can clean it up. But other than that, just observe the fun right?

Source: eWeek

There have always been debates about the security, it’s harder to segregate as the virtual machines are somehow attached at the system level so if you can break out of the ‘jail’ (into the ‘hypervisor’) you can effectively access everything on that physical server. There is still a lot of skepticism about the security of virtual servers and the big 3 providers (VMWare, Citrix Xen and Microsoft) are apparently working on some new security solutions, but as they haven’t been released yet you better be careful.

Does transitioning to virtualization increase security risks within a company? IT managers appear to be at loggerheads with IT security professionals over that question, even while sharing similar opinions on where risks might lie, according to a new survey.

The 2009 Security Mega Trends Survey from research firm Ponemon Institute — which also looked at attitudes on other topics, such as outsourcing and Web 2.0 technologies — shows roughly two-thirds of IT operations staff who responded said they felt virtualization of computer resources did not increase information-security risks. But about two-thirds of information security professionals surveyed felt the opposite way.

A full three-quarters of the survey’s 1,402 respondents, all active in U.S.-based private sector firms or government agencies, said their organizations had already implemented virtualization of their computer resources, with about 90% in both the IT and security camps saying they were “familiar” or “very familiar” with virtualization

It’s strange to see the opinions are almost polarized and exactly opposite, 2/3s of managers think that virtualization does not increase risk but 2/3s of security pros think that it does. I’d personally have to say it does increase risk, especially at the moment where it’s still quite a new technology and the implementation and security measures are not mature yet.

Stay away from virtualization for extremely data critical operations.

The survey reflects the often upbeat attitudes about virtualization expressed by experienced IT pros about how the technology, most commonly that of VMware, Microsoft of Citrix Xen, is bringing them the benefit of server consolidation.

“We started virtualization in a development and test environment, and now the main applications we have using VMware in production instances are file and print servers,” says Rich Wagner, director of IT infrastructure at Columbus, Ohio-based Hexion Specialty Chemicals. Wagner says virtualization hasn’t raised red flags as far as security requirements. The main concern, he says, is “from a performance standpoint — the CPU and memory and disk I/O — in sharing a large box,” with database servers seen as a resource-intensive application that might not be well-suited for virtualization.

There’s a far more skeptical view of virtualization security often expressed by seasoned IT security pros, who harbor doubts that vendors on the virtualization front have really sorted out or addressed the risks associated with the underlying hypervisor transformation.

I agree it’s definitely best for a testing/staging situation where you can set up multiple different environments concurrently on the same piece of hardware without having to reboot.

It’s great in a development environment too if you need to test a piece of code on multiple operating systems with different specifications.

But as I said above, for CPU intensive activities and for servers that hold critical data I just don’t think it’s a good idea.

Source: Network World