DeTORed
A law enforcement consortium, comprised of the United States Federal Bureau of Investigation, the United States Immigration and Customs Enforcement division of the Department of Homeland Security, European law enforcement agencies consisting of Eurojust (the European Union's Judicial Cooperation Unit) and Europol (the European Union's law enforcement agency) have mounted a successful seizure campaign (monikered Operation Onymous) targeting over 400 suspected nefarious dark market sites resident on the TOR network.
Key quote from the TorProject: 'In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries.' - via a post by TOR Executive Director Andrew Lewman
United States Veteran's Day 2014
These are times that try mens souls. The summer soldier and the sunshine patriot will, in this crisis, shrink from the service of their country; but he that stands by it now, deserves the LOVE and THANKS of man and woman. - Thomas Paine, 1776
Heart of Cheney
Apparently Dick Cheney (one our former Veeps and President of the Senate) fearing for his life, decided to terminate the in-built wireless capabilities of his lifeline. In this case, none other than his implanted heart defibrillator.
We are bound to discover more of this behavior going forward given the paucity of medical device security, and the need to access telemetry from these life giving, and sustaining machines, without invasive measures.
2014/11/07: As an addendum to this post, it behooves me to add I have great respect for Mr. Cheney. His efforts to control his own destiny, medically and otherwise, are exceedingly admirable.
Identity, An Internet Building Block? →
Sure to be a fascinating debate, the Internet Society is hosting “Is Identity an Internet Building Block?” slated during the IETF 91 in Honolulu, Hawaii. If you are in the Information Security racket, and interested in Identity Management this is sure to be a must attend event. The debate will also be web and audio-cast for your remote attendance.
Wait, What..., Again?
In not-unsurprising-cruft-news, additional, vulnerability-laden, Unix and Unix-like (read Linux) utilities have been detected, requiring updates. The list, enumerated by HD Moore, the CTO of Rapid7 (and of Metasploit fame) includes wget, tnftp, symlink issues and others. Questions have arisen, as to why these utilities have not been scrutinized earlier...
' “wget versions prior to 1.16 are vulnerable to a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target,” said HD Moore, the chief research officer at Rapid7 who found the vulnerability, in a blog post Tuesday...' - via PCWorld's Lucian Constantin
Team Players →
Fascinating screed via the eponymous Salted Hash column's author Steve Ragan, targeting social engineer teaming, in this case emphasizing enhanced results as the sum 'social-ness' of the effort..
Yesterday's Gestation →
via Paleofuture's Matt Novak. The inception date of our beloved interweb is generally assumed to be the date of the first electronic message transmitted via the packet switched network, that was to become the ARPANET, and at that time managed by BBN.
Ristić: On The Demise of SSL v3 →
Quite likely, the authoritative post on the Poodle attack - via Ivan Ristić at SSL Labs, and Today's Must Read [a snippet follows].
"You can look at this problem from two perspectives. As a user, you want to protect yourself from attacks, and the best way to do that is to disable SSL 3 in your browser. (Instructions are easy to find online.) The updated SSL Labs Client Test will tell you if your change was successful. As a web site operator, you should disable SSL 3 on your servers as soon as possible. You need to do this even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited. In normal operation, SSL 3 shouldn't needed by the vast majority of sites..." - Ivan Ristic
Concept, Proof of
Bad news for Network Attached Storage users, as a newly devised POC now exists. Should you be concerned? Probably.