Friday, September 25, 2015

Walking along the underworld of the Network

Most experts of computer security love their work. But they also love to infiltrate in the forums of the bad guys or dismantle their botnets. Today we have two examples of these interesting adventures, not new but always interesting. We'll also talk about a huge failure in the use of cookies in the browsers and we'll return over the famous Volkswagen case.

Israeli experts in cybersecurity infiltrated in a forum called Enigma, where computer mercenaries offer their services to their costumers in order to execute aimed attacks. They could read, live, how was developed the negotiation for data thief and not authorized accesses to HSBC UK, Citibank and Bank of America among other huge companies. When the forum administrators suspected the present of spies, they shut down the forum. This is not the first time that happened, but is always to see what happened in the forums.

Assaulting the botnet

Another funny story comes from Hispasec: how they managed to infiltrate in a theft information botnet in Latin America and shut it down, in association with ESET. Taking the control of a botnet has its own name: sinkhole, and consists on "redirect the traffic of the infected computers to avoid that the cybercriminals can take any information from them". Amazing.

Bad cookies

Less funny is the last problem with the cookies, which never ends, unveiled by the main North American CERT: the cookies injected vía HTTP allow an attacker to skip the secure version of HTTP, HTTPS revealing private information. The failure was discovered in the last conference Usenix, in summer, and now the main browsers (Safari, Chrome, IE, Mozilla, Opera y Vivaldi) solved it. Anyway, the best you can do is to disable their general acceptance and enable them only when you need to.

Hacker ethics

We finish with a text to ponder, about the ethics, legal and social considerations related to the engineers who designed the Volkswagen system which allows to reduce emissions when the system is audited.  The case is generating a lot of opinions in the senior hacker community, because of the risk of using this tactics in, for example, the electronic voting machines with closed software, in a way they work correctly during the audition, but after, during the elections, do different things.

Probably the Volkswagen case will have consequences in this aspect. And that was all for this week. Come to visit us on Sunday to read our interview to the responsible of the company from Vitoria, Erle Robotics. Have a good weekend!


Post a Comment