Web Server Botnets and Server Farms as Attack Platforms
Een bijzonder interessant artikel over mogelijk toekomstige attack vectors van hackers.
Are file inclusion vulnerabilitiess equivalent to remote code
execution? Are servers (both Linux and Windows) now the lower hanging
fruit rather than desktop systems?
In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security)
wrote an article on cross platform web server malware and their massive
use as botnets, spam bots and generally as attack platforms.
Web security papers deal mostly with secure coding and application
security. In this paper we describe how these are taken to the next
level with live attacks and operational problems service providers deal
with daily.
We discuss how these attacks work using (mainly) file inclusion vulnerabilities (RFI) and (mainly) PHP shells.
Further, we discuss how ISPs and hosting farms suffer tremendously from this, and what can be done to combat the threat. (Link>>)
All the latest crack links: Vista A.C. links
Binnenkort in "onze theaters":
- KPN Horror story, de verhuizing "from Hell".
- Klanten survey: Hosting Providers (+ attentiepunten bij de keuze van)
- Verhuizen van uw Website, Tips /
- Onze ervaringen met leveranciers: good guys, bad guys (greenlist, blacklist)
Huidige LCD's reeds verouderd, obsolete....
Today's LCD flat panels are already
obsolete
By Burt Carver: Thursday 11 January 2007, 09:27
One of the overriding themes at CES has been the
dramatic improvements in LCD panel technology. Every major manufacturer has introduced a 120Hz model,
along with claimed improvements... (Meer>>)
Over de software & Services van HP. (Meer>>)
Free Drive Fitness Test: Download & Inormatie (via deze link>>)
Geen Privacy voor Laptops bij entree in de USA, ze kunnen worden wettelijk worden bekeken, ook zakelijke informatie
At U.S. borders, laptops have no right to privacy
A lot of business travelers are walking around with laptops that contain private corporate information that their employers really do not want outsiders to see.
Until recently, their biggest concern was that someone might steal the laptop. But now there's a new worry--that the laptop will be seized or its contents scrutinized at U.S. customs and immigration checkpoints upon entering the United States from abroad.
Although much of the evidence for the confiscations remains anecdotal, it's a hot topic this week among more than 1,000 corporate-travel managers and travel industry officials meeting in eBarcelona, Spain, at a conference of the Association of Corporate Travel Executives (Meer>>)
Nieuwe SPAM Techniek
Spammers dodging OCR with .gif 'cut-and-paste'
By Paul McNamara on Fri,
10/20/2006 - 2:11pm
Spammers have begun slipping their junk past optical character recognition
(OCR) software through a variety of animated .gif "cut-and-paste"
techniques, says John Graham-Cumming, an anti-spam activist who maintains The Spammers' CompendiumElectric Cloud.
On blog posts this week -- here
and here
-- Graham-Cumming explains two of the OCR-evading methods that were brought to
his attention by Nick FitzGerald, a New Zealand anti-spam consultant and
regular contributor to The Spammers' Compendium. (It being 3 a.m. in New
Zealand, I'm relying on Graham-Cumming's account here.) ... (Update: FitzGerald
explains
his advantage.)
"I don't know how widespread it is," Graham-Cumming told me this
afternoon. "(The second spam message) was targeted for this Wednesday, so
I think it's probably pretty new."
The second of the two techniques takes animated .gif spam "to a new
level," he said on his blog.(Meer>>)
Anti-Phishing Site Launches
OpenDNS' new public phishing database is thorough, accurate—and free.
by Jeff Goldman, [October 18, 2006]
OpenDNS this month launched PhishTank, a free, community-based public database of phishing URLs. The PhishTank web site allows anyone to submit phishing data, check the status of their submissions, and rate other people's submissions—Digital Inspiration's Amit Agarwal calls it "Digg-style voting," a good way to describe the collective process by which phishing sites are verified.
David Ulevitch, founder and CEO of OpenDNS, says his company receives phishing data from a range of private sources, but has never been happy with the results. "A lot of that data has a lot of false positives, and it's not very accurate," he says. "And some of the data we get that is accurate is very, very slim—it doesn't cover a wide ground of phishing sites."
By opening up the system to user submission and user verification, Ulevitch says, PhishTank is able to be both much more thorough and much more accurate than any private, closed solution. And with an API and RSS feed available to automate both sending and receiving of data, an ISP can set up an application or a feed to inform them of phishes just on a specific netblock. Ulevitch says additional solutions like an Outlook plug-in to enable one-button submission are in the works.
Strength in numbers
To improve verification, the site encourages a sense of community, with users getting recognition for being both top submitters and top verifiers of submissions. "People that have been using the site for a long time and that are very accurate, their vote counts for more," Ulevitch says. "And it takes a certain threshold of votes to actually mark it as, 'Yes, this is a phish.'"
As a result, Ulevitch claims PhishTank essentially can't be gamed. "Someone who wants to mess around can't just register ten accounts to screw with the system, because all it takes is for somebody who's been using the site to go in and put in their one vote saying 'this is a phish,' and their vote counts much more," he says.
Because an ISP can use the API or the RSS feed to get information on a specific netblock, Ulevitch says PhishTank can make it extremely easy for a service provider to keep track of issues on their network. "Whenever they refresh the feed, the can see there's nothing there, or that there's four more and they need to go and close them," he says. "It's a nice way to manage abuse."
In spite of all its benefits, Ulevitch doesn't think PhishTank will necessarily compete with paid services. "We work with a company called Support Intelligence—they'll take the data from PhishTank, but they have a whole control panel and web interface, and they provide much more granular reporting and analysis than PhishTank will ever do," he says. "So they're in support of it, because their customers need more than just an RSS feed. They look at PhishTank as helping out."
Looking forward
Improved statistics are coming soon—"It turns out lots of people love looking at the pretty graphs," Ulevitch says—and in the meantime, basic graphs of verified phishes can be embedded on a user's or an ISP's website. "Any way that we can improve how we get data out there, we will," Ulevitch says. "That means RSS, API, embeddable charts—a lot of ISPs have their own abuse dashboard or NOC dashboard, and they can just throw a graph up there of valid phishes for their netblock."
Another next step will be a page on the PhishTank site listing available applications that have been built using the API. "We've already seen in the last couple of days that over 20 developers have registered for the API program," Ulevitch says.
And beyond phishing data, Ulevitch sees the basic concept behind PhishTank as applicable to a wide range of different issues. "It seems like the model of how we're doing this might be scalable for malware and spyware, for lots of things where people get these kinds of abuse and don't really have a central place to put them," he says.
Still, Ulevitch says it would be wrong to think that this is purely an unselfish effort by OpenDNS. "All we care about is having the best source of phishing data—and we think the means to accomplishing that is by having a totally open platform," he says. "So while it seems like it's 100 percent altruistic, our secret benefit is, just like any developer, we want to use the best data possible."
|
