• Home
• About
• Blog

Crowd Sourced Quality Assurance

No Security, No Safeguards, No Service

It has been a while since my last post, so let us catch up on some very interesting trends that have been gaining momentum.

Since we last met, there have been a number of interesting events in the industry.

A number of high profile folks have been scanning the entire Internet, and documenting the results

• Carna Botnet's: Internet Census 2012

  • Researcher uses Nmap (NSE) to find a frightening amount of systems with the admin user: root and password: root, also finds a large number of embedded devices on the internet (printers, webcams)

  • Researcher uses this botnet of systems to conduct Internet Wide portscans in mere hours.

• HD Moore's project: Critical IO

  • Creator of Metasploit, starts a pet project to scan the entire Internet looking for wide-ranging security flaws.

• Hyperion Gray's Global Web Application Vulnerability Repo: PunkSPIDER

  • Security Research group, largely unconcerned with responcible disclosure, creates PunkSpider, an Internet Wide security scanner to document and search for websites with common webapp vulns: Cross-Site Scripting, SQL Injection, etc.

• The University of Michigan's Networking and Security Research Group's: Internet Wide Monitoring

  • CloudAV Architecture: N-Version Antivirus in the Network Cloud - This project advocates and explores the deployment of malware detection functionality as an in-cloud service in contrast to the traditional host-based deployment model.

  • Detecting and Dismantling Botnet Command and Control Infrastructure using Behavioral Profilers and Bot Informants - In this project we seek to develop tools and techniques for identifying bots and botnets and for mitigating botnet attacks.

  • PREDICT - The Virtual Center for Network and Security Data is a unique effort to organize, structure, and combine the efforts of the network security researcher community with the efforts of the data measurement and collection community. Under the umbrella of the Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) our virtual center provides a common framework for managing datasets from various data providers.

  • Topology-Aware Internet Threat Detection Using Pervasive Darknets - This project seeks to increase the visibility and effectiveness of Internet threat detection systems by developing methods to automatically discover network topology and use that knowledge to deploy pervasive network sensors that enable new Internet threat detection capabilities.

  • Internet Motion Sensor - The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space.

Standards increasing requirements for the disclosure and remediation of security vulnerabilities

• ISO 29147 & 30111

Browsers and web-portals are now remotely and aggressively blocking plugins

• Apple Safari Blocks Java
• Apple Safari now blocks older versions of Adobe's Flash player
• Mozilla Firefox now requires Click to Play for plugins
• Facebook actively blocks sites who have been compromised like NBC
• Google's search engine & Chrome browser actively steering users away from compromised sites

A string of major companies have announced internal compromises

• Twitter
• Facebook
• Microsoft
• Apple

Let us take a moment to digest that information.

We have a growing amount of unmoderated bulk scanning of the internet taking place, we have standards groups moving to require responsible disclosure and remedation, and we have controls clamping down on the portals to the Net.

The future is clear.

If you require the Internet in order for you to do buisness (yes, that is most of you), then you are going to find yourself starting to proactively address security conserns in short order.

It took only minutes for researchers to discover and communicate the compromise and hosting of malware at NBC's websites; the sites was blocked and filtered shortly after. It took hours for NBC itself to announce and remediate the problem.

How much buisness would you like to do this year?

How many hours of downtime can you afford to loose?

It's no longer a case of Hackers directly taking you down with a DDoS or defacement.

Instead, your customers will now see the roads to your front door closed or detoured by the major gateways on the Net.

When building out you infrastructure, remember to aim for a Defensible Network Architecture; Don't fall victim to the fallacy of the 'Internal Network'

-Enigma