Thursday, 20 June 2013

Cloud Computing

Cloud computing refers to the use of networked infrastructure software and capacity to provide resources to users in an on-demand environment. With cloud computing, information is stored in centralized servers and cached temporarily on clients that can include desktop computers, notebooks, handhelds and other devices.

Cloud infrastructure can reside within the company’s datacenters (as internal clouds or on-premise solutions) or on external cloud computing resources (off-premise solutions available through service providers). It encompasses any subscription- based or pay-per-use service that extends existing IT capabilities.

Typically, Clouds utilize a set of virtualized computers that enable users to start and stop servers or use compute cycles only when needed (also referred to as utility computing). By design, cloud computing is scalable, flexible and elastic –offering IT staff a way to easily increase capacity or add additional capabilities on demand without investing in new and expensive infrastructure, training new personnel or licensing more software.

Different Flavours of Cloud Computing
Companies can leverage cloud computing for access to software, development platforms and physical hardware. These assets become virtualized and available as a service from the host:
SaaS – Software as a Service (Network-hosted application)
DaaS – Data as a Service (Customer queries against provider’s database)
PaaS– Platform as a Service (Network-hosted software development platform)
IaaS – Infrastructure as a Service (Provider hosts customer VMs or provides network storage)
IPMaaS – Identity and Policy Management as a Service (Provider manages identity and/or access control policy for customer)
NaaS – Network as a Service (Provider offers virtualized networks (e.g. VPNs))

Linkedin DNS Issue, Change PassWord Again!?

Our site is now recovering for some members. We determined it was a DNS issue, we're continuing to work on it. Thanks for your patience.(@LinkedIn Twitter)
Business-focused social network LinkedIn is continuing torecover from a DNS error that took the site offline for an hour. The outage began when the popular service’s homepage was replaced by a domain sales page.
While the outage appears to have stopped, some users are still saying (via Twitter) that they cannot access, although none are seeing the incorrect page.
LinkedIn explained the outage was caused by “a DNS issue”, but provided no further details. Others have speculated that there may have been more malicious factors at play. co-founder Bryan Berg suggested that the service was “hijacked” with all traffic sent to a network hosted by India-based Confluence Networks. Furthermore, due to the lack of SSL security on the site, Berg says that could have meant if you visited the page “your browser sent your long-lived session cookies in plain text” — potentially enabling third-parties to access user information and accounts.
However, a Hacker News user claiming to work with LinkedIn’s network operations center argued that the outage was down to a mistake from LinkedIn’s DNS provider, which accidentally pointed the website’s homepage to a domain parking page. Rather amusingly that put the domain up for sale.
t’s been just over one year since LinkedIn saw 6.5 million password leaked following a hack into its system, and the site can ill afford to suffer further security issues given the severity of that previous hacking.
Even if the DNS issue was down to a harmless error, the fact that the site pointed to a domain buying page for many users for a sustained period of time — combined with last year’s events — may have been enough to make many LinkedIn regulars fear the worst again.
LinkedIn has more than 225 million users worldwide. The US is its largest market, and it just passed 20 million registered members in India, its next biggest country.
We reached out to LinkedIn and Confluence Networks and will provide any additional details that the companies disclose.

US and Russia agree on setting up cyber conflict hotline

As leaked details of ongoing network surveillance and espionage programs by the National Security Agency (NSA) continue to stir up international concern about how deep US intelligence is reaching into IT operations worldwide, Russia and the US have taken steps to cooperate on cybersecurity—or at least prevent an accidental cyberwar.
During talks at the G-8 Summit in Enniskillen, Northern Ireland, the US and Russia agreed to cooperate more fully on a number of security measures. In addition to agreeing to continue to work together in preventing nuclear proliferation, the two governments are taking steps to improve communications about the proliferation of information weaponry. "We recognize that threats to or in the use of ICT (information and computer technologies) include political, military, and criminal threats, as well as threats of a terrorist nature, and are some of the most serious national and international security challenges we face in the 21st century,” the governments said in a joint statement issued by Presidents Barack Obama and Vladimir Putin today.

Hotline to the Kremlin

In response to those threats, officials said that the US and Russian governments were taking steps "to increase transparency and reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship," a White House spokesperson wrote in a "fact sheet" on the agreements published today. Those steps include direct communications between the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) and the Russian equivalent organization.
"On a continuing basis, these two authorities will exchange technical information about malware or other malicious indicators appearing to originate from each other’s territory, to aid in proactive mitigation of threats," the White House statement said. "This kind of exchange helps expand the volume of technical cybersecurity information available to our countries, improving our ability to protect our critical networks."
This exchange of information includes a cyber equivalent to the Cold War era "hotline" between the White House and the Kremlin. There will be "a direct secure voice communications line between theUS cybersecurity coordinator and the Russian deputy secretary of the security council, should there be a need to directly manage a crisis situation arising from an ICT security incident," the White House said.
Ironically, the agreement comes on the heels of revelations about the National Security Agency's wide-ranging surveillance of Internet traffic and as evidence of the NSA's own efforts to create cyberweapons based on "zero-day" vulnerabilities continues to mount.
The agreement covers civilian-to-civilian level communications on cyber-threats and doesn't connect the Russians with the NSA, which has an oversight role in US military cybersecurity, or the US Cyber Command, the Department of Defense (DOD) joint command in charge of the security of DOD networks. Both the NSA and US CYBERCOM are headed by General Keith Alexander.
Instead, the man on the phone will be Michael Daniel, US cybersecurity coordinator and a member of the White House's National Security staff. Before he took the job last year, Daniel spent the previous decade as chief of the Intelligence Branch of the Office of Management and Budget—overseeing Alexander's budget and other classified intelligence and defense program spending.

Do as I say…

The agreement between the US and Russia comes as the White House has continued to press for China to curtail cyberattacks alleged to come from units of its military against US companies and government agencies. As Foreign Policy's Matthew Aid reported last week, those pleas have been the cause of much protest from Chinese officials, largely because the NSA's Office of Tailored Access Operations (TAO) has been hacking Chinese networks for over 15 years.
Using systems installed by agents in foreign countries, including China, the TAO is able to bypass defensive perimeters such as national firewalls and other intrusion prevention systems to give the NSA a backdoor to monitor and exploit targeted systems. These systems can be used for things as innocuous as monitoring what parts of the Internet are visible through the Great Firewall or from within Iran, or they can be used to launch remote attacks on systems and steal data from within the networks of foreign governments.

Anonymous #opPetrol target list has been released

Just a few more hours and #opPetrol will be initiated by Anonymous spirits all around the world. It was unclear which companies were going to be attacked but one of the sources that will attack the companies in #opPetrol has shared a #opPetrol target list with Cyberwarzone.
1 Saudi Arabian Oil Company (Saudi Arabia) 3 

2 National Iranian Oil Company (Iran) 3 

3 Qatar General Petroleum Corporation (Qatar)3 

4 Iraq National Oil Company (Iraq) 2,3 

5 Petroleos de Venezuela.S.A. (Venezuela) 3 

6 Abu Dhabi National Oil Company (UAE) 3 

7 Kuwait Petroleum Corporation (Kuwait) 3 

8 Nigerian National Petroleum Corporation (Nigeria) 3 

9 National Oil Company (Libya) 2,3 

10 Sonatrach (Algeria) 2,3 

11 Gazprom (Russia) 

12 OAO Rosneft (Russia) 

13 PetroChina Co. Ltd. (China) 

14 Petronas (Malaysia) 

15 OAO Lukoil (Russia) 

16 Egyptian General Petroleum Corp. (Egypt) 2 

17 ExxonMobil Corporation (United States) 

18 Petroleos Mexicanos (Mexico) 

19 BP Corporation (United Kingdom) 

20 Petroleo Brasilerio S.A. (Brazil) 

21 Chevron Corporation (United States) 

22 Royal Dutch/Shell (Netherlands) 

23 ConocoPhillips (United States) 

24 Sonangol (Angola)3 

25 Petroleum Development Oman LLC (Oman) 

26 Total (France) 

27 Statoil (Norway) 

28 ENI (Italy)
It is known as black gold. Anonymous has published a new operation that will attack the Petroleum industry on the 20th of June. The operation seems to have an Islamic mindset as the operation founders are not happy with the fact that the currency that is being used to exchange the petroleum is based on the Dollar currency.

Gold and Silver

The operation founders stated in the Pastebin file that:
Because Petrol is sold with the dollar ($) and Saudi Arabia has betrayed Muslims with their cooperation. So why isn't Petrol sold with the currency of the country which exports it?
Because the Zionists own us like this \!/
Historically, the Currency of Muslims was not the paper money that you know today, it was Gold and Silver.
The new world order installed their own rules so that they can control us like robots.
In the future, there will be no money paper and coins. The NWO are planning, by 2020, to make "Electronic Money" (like credit cards).
It's a money that you can't see and you can't touch. So, i believe that human kind will become more and more like a machine, more robotic, and even more addicted to the seeming "convenience" of it.
I also believe that this will make it much easier for them to steal from us. They do not need to make wars to steal petrol, Gold, etc....
So we are in a "new world" called "Petro-Dollar" !!!!! :s :s s
We defend our dignity and the dignity of all races, even if they are not Muslims. We are not racists. You can call us Jihadists or "terrorists," whatever you want, BUT, the REAL terrorists know who they are, and so do we. \!/ They are the killers of innocents, the stealers of land, dignity, rights, and resources; they are the creators of the bombs, drones, and surveillance technologies that have stolen all that is sacred from us.
We are the new generation of Muslims and we are not stupid. We do not fear anyone or anything. We represent Islam. We fight together, We stand together, We die together.

Countries that are being attacked

The operation seems to target the following countries:
  • USA

Governments that will be attacked


AnonGhost leads the attack: Anon's follow

The hacking team that has launched this operation is the hacking group known as AnonGhost. AnonGhost was initiated after the Teampoison hacking team was dismantled. They have been fighting for their goals for over 1 year now and it does not seem that they are going to start. One of the main attackers and brains of AnonGhost is Mauritania Attacker.

Crack iOS Mobile Hotspot Passwords in Less Than a Minute

Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user’s device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user’s Internet connection.
Andreas Kurtz, Felix Freiling and Daniel Metz published a paper that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish  a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system’s complex programming layers.
During the PSK setup, users have to establish a password to protect the session. In previous versions, users were able to choose their own passwords, but in iOS 6 for example, the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number. The mechanism relies on words vulnerable to dictionary or brute-force attacks, and builds primarily from a list of 10 common words such as “suave,” “head,” “coal,” and “coach.” Using additional hardware to guess the four-digit number, the researchers were able to crack the tethering passwords in less than a minute.
“The process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds,” the paper said. “Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios.”
WPA2 supports two authentication methods: a RADIUS server or a shared key. For mobile hotspots, the research paper said session authentication and encryption relies on a password which is used to derive a PSK which is used with in a four-way handshake to create temporary keys used to encrypt sessions and do integrity checks. An attacker would need to capture one of the four-way handshakes between the Wi-Fi device and hotspot and conduct a brute-force attack to crack the password.
“It should be noted that all generated keys are only valid for the lifetime of a single session and that generation of those keys only relies on the PSK,” the paper said. “This implies that the security level of the whole mobile hotspot depends on the quality of the passphrase.”
Mobile devices already have a significant attack surface which is exacerbated by the multiple ways they’re enabled to connect to the Internet, via everything from Wi-Fi to Bluetooth, NFC, RFID, and over cellular radio standards such as GSM and CDMA. Once the hotspot feature is enabled, a software-based access point churns up allowing other wireless devices to connect using PSK. This can lead to a number of additional risks, elevated by the weak passwords.
The researchers said they were able to find not only the password scheme but the relatively short list of words used by iOS to develop default passwords by reverse engineering iOS mobile hotspots. Initial attempts against a pre-determined list of more than 52,000 words took close to an hour to crack, which is not a realistic attack against a business traveler, for example. Deeper digging eventually extracted the exact word list from the official Preferences system app which generates the default passwords, the paper said.
“We found out, that every time a new hotspot password is generated an English-language dictionary file is accessed from the file system,” the paper said. “Consequently, we monitored all accesses to the file system by intercepting all open() system calls to the iOS kernel and analyzed the corresponding backtrace of the method calls that caused this file access.”
In order to pull off an attack, someone would have to monitor Wi-Fi traffic and wait for a wireless client to connect to a mobile hotspot, de-authenticate a client, forcing the user to reconnect, which increases the possibility of capturing the four-way handshake necessary to snare the PSK. An attacker, the researchers said, could use freely available tools to pull off each step of the attack, including identifying iOS targets, de-authenticating wireless clients, capturing the WPA handshake and cracking the passwords.
The researchers said they built an app called Hotspot Cracker which automates the generation of the word list used for default passwords.
“The app also gives explanations and hints on how to crack a captured WPA handshake using well-known password crackers,” the paper said. “Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like CloudCracker, to crack hotspot passwords on-the-fly.

Cyber-Attacks to Worsen,RSA's Coviello

Cyber-attacks will become more destructive within three to five years, predicts Art Coviello, executive chairman of the security firm RSA.
"There's about to be a big change," he says in an interview at RSA Conference Asia Pacific in Singapore [transcript below].
Today, it's difficult for cybercriminals to launch a destructive attack from the Internet without some manual intervention, Coviello says. But when the Internet migrates to IPv6, the whole environment will change, he says.
"In the next three to five years, when you have all of these control systems connected to the Internet, and as literally hundreds of millions of devices get deployed, you're going to have an attack surface that's just unbelievably large," he says. "That will form the basis of potential for destructive attacks."
Organizations need to fully understand the threats that are emerging to take appropriate preventive measures, Coviello says.
During this exclusive interview, Coviello discusses:
Why destructive cyber-attacks will become a bigger threat;
The example governmental bodies in Singapore are setting for other global markets on information sharing and cybersecurity training;
Unique challenges and opportunities for cybersecurity in Asia Pacific;
Coviello oversees RSA's strategy and overall operations for information-centric security. The information security industry leader plays key roles in several national cybersecurity initiatives. Coviello has more than 30 years of strategic, operating and financial management experience at high-technology companies.
Information Sharing
TRACY KITTEN: How critical is information sharing in cybersecurity?
ART COVIELLO: Certainly, information sharing is critical. In my keynote, I talked about the need for an intelligence-driven security model, and intelligence-driven models have to thrive on just that - intelligence. Information sharing is the mother's milk of this kind of a model, and it has to happen on multiple levels. I called for governments to take the lead in being a clearinghouse for information sharing, but companies and industry associations also have to play a key role in creating an ecosystem of intelligence there. In other words, vendors need to share intelligence with vendors within vertical industries. Industry groups have to share information. Then we all have to share it with one another. And governments represent the best place to not only anonymize [information], but to act as the clearinghouse, to disseminate that information.
Big Data
KITTEN: Why is big data such a focus?
COVIELLO: For two reasons. Big data is one of the issues with the expansion of the attack surfaces. As we create more and more of these big data stores and develop applications to extract intelligence from these big data applications, they themselves will become targets of cybercriminals, rogue nation-states and hacktivists. But the flip side is also true - we can use big data analytics to spot anomalous behavior in people and in the flow and use of data. Big data analytics becomes a security technique. And it's actually quite exciting because ... it's the one way that we have a chance at catching up to and being in a position to keep pace with our adversaries, even in the face of a lot of uncertainty that exists in the world today.
Singapore's Cybersecurity Significance
KITTEN: What role will RSA be playing, if any, in assisting with information sharing and government collaboration?
COVIELLO: Like many vendors, we will be supplying technology to the lab and hopefully we will have the opportunity to provide advisory services. But I really want to take the time to laud the Singapore government, not only for being such gracious hosts, but taking a strong leadership role in working with the Asian countries to foster more cooperation. I was at an event with officials from those countries with the Singaporean government. This is the kind of momentum-building event that augers well for the future. Again, my hat is off to this government.
KITTEN: Why is Singapore so significant, from a cybercrime and risk perspective?
COVIELLO: The government interest is one [reason], but Singapore has a very advanced economy, [and a] really attractive talent pool of people. They just get it and they're acting as if they do. We're going to be investing a fair bit in Singapore over the next couple of years as we develop an anti-fraud command center capability for the Asia Pac region. The thing that Singapore has that is attractive for that center is a fairly diverse culture, [with] lots of language skills. If you're going to service a diverse region, this is a very good place to do it from.
Increasing Awareness
KITTEN: Why is the timing right for an event like this?
COVIELLO: I've actually been asking myself that question, because we're surprised with the success that we're seeing in terms of the number of registrants. I think that it's not just the level of awareness that I referred to in my keynote, but the level of understanding of the problem is going up. If you have awareness, you may or may not act on it. If you have understanding, you have a tendency to act on it. I think the level of understanding is going up through the region. The attacks are escalating. The deployment in adoption of technology is increasing [and] the attack surface is also creating more issues. The time is now. The need is now. The threat is intense. I think it's a perfect storm of reasons for us to come together here and, quite frankly, I think it's going to build very quickly over the next couple of years.
Asia Pacific's Regulatory Landscape
KITTEN:What are some of the regulations and differing environments in this part of the world that pose challenges for cybersecurity and intelligence sharing?
COVIELLO: Regulation - the bane of my existence. The problem is it's so difficult for governments to keep up with the ephemeral nature of technology and the uses of it. That makes it doubly difficult for them to regulate. Part of the advice I gave in my keynote is that governments should be focused on outcomes, not prescriptive measures. But you made a good point. Having diverse regulations makes it that much more difficult for a security vendor to provide a horizontal solution capability because we have to be in a position to comply with regulations, and sometimes the technologies can trigger things like privacy regulation issues around deployment. It's a problem, and we do our best to work around it.
Attack Origins
KITTEN: Are cyber-attacks stemming from Asia a concern?
COVIELLO: Yes and no. If you're in the United States, you think all the attacks are coming from Asia and Europe. If you're in Asia, you think all of the attacks are coming from Europe and the U.S. If you're in Europe, you think all of the attacks are coming from Asia and the United States. Quite frankly, the attacks are coming from everywhere, and the United States does have a disproportionate share of the sources of attack, not because there are more Americans doing the hacking. It's because America is such a great hosting site. ... Korea is another one. Korea has tremendous bandwidth. If I'm going to set up a botnet, I might as well take advantage of all that bandwidth in Korea. It doesn't matter where the attacks appear to be coming from. What's important is where the source is, and ... while it would be nice to be able to track the source, we have to develop solutions that will protect us from any attacker no matter where they come from.
Evolution of Attacks
KITTEN: Are destructive attacks something we should be concerned about?
COVIELLO: It's getting to be a more urgent concern. If we start acting today, we've got a chance. One of the issues we've had - and this gets back to the difference between awareness and understanding - is we've had awareness of things like Cyber Pearl Harbor and Cyber 9/11. Since 9/11/2001, they've been talking about things like that. Have they happened yet? No. What we've got is a situation where we've had 10 years of awareness and nothing has happened. It's like that fable of the boy that cried wolf. If nothing has happened in 10 years, then I don't believe it's ever going to happen, but there's about to be a big change.
When we migrate to IPv6 and have the Internet of things, we're going to connect hundreds of billions of devices to the Internet. Today, there's only about a billion devices connected to the Internet. It's extremely hard, if not impossible, to launch a destructive attack from the Internet without some form of manual intervention. But in the next three to five years, when you have all of these control systems connected to the Internet, and as literally hundreds of millions of devices get deployed, you're going to have an attack surface that's just unbelievably large. That will form the basis of potential for destructive attacks.
KITTEN: Are there any final thoughts you'd like to share about the need for more public/private partnerships?
COVIELLO: We've got the right tenor of discussion around public/private partnership. There's probably nothing to add there. In terms of the show itself, one of the other points I made in my keynote speech is ... the larger vendors have to develop complete suites. There has always been this argument of best-of-breed versus product suites. Our products have to be more and more like suites and they have to be best of breed. Either we do it ourselves or we do it in combination with other vendors. And the controls that get developed have to have this big data orientation or we'll never get to a point where we get true defense in depth. We end up with these isolated individual point things that are, again, the bane of existence for our practitioners and customers.