1200px-Conficker.svg

Conficker – the “Fortunate 500”

Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat  Global Telecom’s, SCADA, and other critical infrastructure.  On the other hand, it is an example of what cyber-civic society can do when Read More

CLDAP Reflection Attacks

NSP-SEC Top 10 SP Security Techniques – Updated Slides

At NANOG 47, I gave an update to the NSP-SEC Top 10 Security Techniques. This tutorial has the video posted on the NANOG archives. I’ve posted the slides here for those who have not viewed or downloaded them. Slides 1 – 127 Slides 128 – Finish Questions, suggestions, and views are welcomed.

CLDAP Reflection Attacks

The flaws with the 60 Minute Report on “Cyberwar: Sabotaging the System”

We need to expect more out the press, policy makers, and the pontificating “Cyber-warfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a Read More

CLDAP Reflection Attacks

DDOS Trends Changing – More Effective Attack Classes.

I will giving an interview today that the industry has done a poor job in communicating the changes in Denial of Service (DOS) attacks. CERT-FI‘s release of the “Sockstress” details yesterday has a few people confused.  Outpost24 discovered some new TCP state abuse technique which can cause a range of issue on a TCP stack Read More

CLDAP Reflection Attacks

Beware, Liability does roll down hill

In my own work, I mention to my peers how everything has changed in today’s Converged Internet/Global Telecommunications world. Liability and accountability rolls down hill. If something happens where the operator is found at fault, that finding does not stop with the operator. It will ‘roll down hill’ to the vendors and now the auditors. Read More

CLDAP Reflection Attacks

Is the “Full Disclosure” vs “Non-Disclosure” Debate Dead? NOT

I was watching Matthew Watchinski walk through the events and activities behind our Adobe vulnerability this past Feb (see US CERT’s “Adobe Acrobat and Reader Vulnerability TA09-051A“). What struck me about Matt’s talk is a statement he made near the end: “… Full Disclosure vs Non-Disclosure debate is dead. I leaned this because my E-mail Read More

CLDAP Reflection Attacks

Reflections on “X.805” Certification?

While walking through E-mail, doing my morning [[SITREP]], and sipping coffee I was surprise to see a request from a peer asking about X.805 Certification info.  What is “X.805 Certification?” For those who have never run into [[X.805]], it is a [[ITU]] security reference model submitted by Lucent from their security practices team. As seen Read More

CLDAP Reflection Attacks

Understanding “DDOS”

In the operational security community, Distributed Denial of Service (DDOS) is the “gun” used in extortion. Extortion is a human crime – where one group (or individual) preys on another. We mitigate extortion through civic society’s rules (laws) and enforcement (justice system). This dual system of laws and enforcement is further reinforced with education – Read More