Bill’s Security Blog

Quoting selectively from The Korea Time’s article:
“Defense Ministry’s Cyber Network Is Hacker-Proof”

A Defense Ministry spokesman assured Tuesday that the department’s cyber-security system is “hacker-proof,” adding that its intra-net computer data network is detached from the external Internet.

But Defense Ministry spokesman Won Tae-jae told local reporters during a press briefing Tuesday that the ministry’s intra-net network is not connected to the external Web, “so that outsiders can’t approach the internal network through the Internet.”

And regarding computers with Web access, “we have been instructing our staff not to store any military data on those computers. Also, our staff members are not allowed to use programs like word-processing on Internet-enabled computers,” the spokesman said. “We are also constantly monitoring our network and the Web-enabled computers.”

I don’t know what self-respecting security professional would ever make a claim that any piece of electronic is “hacker proof.”

I mean, someone hacked a damn coffee maker for christ sake.

And as far as physical separation of networks. Ya, it’s great in theory.

But what about: “Malware infects space station laptops“?

It’s hard to get more physically isolated than being on the International Space Station 200 miles into outer space.

Learning from the Oracle debacle, perhaps one might be tempted to make such a claim if their intent was to draw a lot attention from hackers/crackers in order to test and improve defenses.

Something tells me that’s not what the Defense Ministry meant.

Bill

From ITWorld.com, “Privacy feature in Internet Explorer 8 leaks private data”

Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld, an IDG affiliate in the Netherlands, and Fox IT, a Dutch firm specializing in IT security and forensic research.

But researchers were able to retrieve data displaying general information about the browser’s behavior. Although URLs (Uniform Resource Locators) aren’t stored, Prickaerts was still able to restore the browsing history. “The remaining records in the history file still enable me to deduce which websites have been visited,” said Prickaerts.

Even more data is stored in the browser’s cache, a feature designed to speed up performance of websites by storing a copy of recently accessed information on a user’s hard disk. InPrivate Browsing failed to disable this feature. Users seeking a higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic tools.

The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8 on a par with Firefox 2 and 3. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.

Microsoft’s main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an e-mail response. The feature isn’t designed to protect a user’s privacy from security experts and forensic researchers, the company said.

I’ll give Microsoft the benefit of the doubt. They do have time to fix these issues before final release.

But really. Come on!

This isn’t rocket science.

Now, I’d be a little less disappointed if the forensic team got the information from memory swap space, or by having to apply cryogenic memory retrieval tactics. This would at least indicate that Microsoft tried.

But from the article, it seems that they retrieved the files right out of the browser’s default local storage.

Here’s what really chafs me…

Microsoft IE runs on Microsoft Windows. Microsoft Windows runs on the hardware.

Microsoft runs the entire system. Memory allocation, process scheduling, you name it.

How can it be that they can fail to develop a simple tool that doesn’t store anything on disk, but uses only in-memory storage?

This is Microsoft doing what Microsoft does best: 80%.

Bill

I had a long list of titles for this one…

• Tax dollar - Fail
• How to spend a whole lot of money for nothing
• Movie plot software (in a nod to Schneier’s Movie Plot Threats)

Below are some quotes from the article.  I’ll focus on the simple capability of the system, and will leave to others a discussion of the significant privacy issues involved.

Source: “Dalhousie to help U.S. catch cyber terrorists” - The ChronicleHerald Metro section on August 22…

 A major software project is underway by the U.S. Department of Homeland Security to monitor levels of Internet traffic and detect possible security breaches — and Dalhousie University is going to help build it.

“We’re just looking at bytes and addresses.”

Mr. McHugh said the new software will be used by government and businesses to monitor who’s trying to access their computer networks. It will look at the amount of information being sent from network to network and turn that complex raw data into some type of graph or chart.

Analysts will read those charts and look for patterns that can help reveal the work of hackers, spammers and cyber terrorists. Mr. McHugh said shady characters on the web will often contact hundreds of different Internet addresses, trying to look for weaknesses or important places to target. Sometimes they’ll try to contact addresses that aren’t even hooked up to a machine.

“If you try to make contact to a lot of addresses where there are no machines, it indicates you’re probing around the network because you don’t know what’s there,” Mr. McHugh explained Thursday.

The technology could eventually be used to track child pornographers, Mr. McHugh said. From a known child pornography site, the program could follow the trail back to an offender’s computer.

Carrie Gates is a Canadian computer scientist and Dalhousie alumnae working at CA Labs in New York. Researchers there and in Halifax work together on the project. She said once the software is complete, it will be released to the public so anyone can use it to monitor their computer networks.

Ok, so let me summarize:

• The system will be used by: government, companies, and individuals.
• The system will only look at source, destination, and packet size.
• The system will only reveal the ISP source.

I have lots of issues with this.

First, if you are a company or individual, then this system is nothing more than a glorified firewall.  It’s not even an IDS, since it does not do anything but reporting.

Install a firewall and Snort, and call it a day.  If you are really interested, look at the logs/alerts once in a while.  This new system is useless for you.

If you are the Government, then you can, if you can get this thing installed in the right place, monitor traffic at a high enough level to determine some anomalous or suspect activity.

But can you tell the source of the attacker?

This leads to my second issue, suppose you can get this device at some sort of critical juncture in the Net, can you really track a hacker?

Let’s consider this for a second.  They may really be on to something.

Oh, wait: TOR, okbye.

Third.  Well, now that I think this device is completely useless, they could tweak it a little and make it useful.

They could put some content filtering on it and use it to kill spam.

But I think there might already be solutions for this, blink, blink.

Ah well, back to the drawing board.

Bill