In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
published research
Sony: A Game Changer for Cyber Attribution
We’ve been writing a lot about the issue of cyber attribution in recent weeks, following the attack on Sony Pictures Entertainment in November. That incident has become something of a Rorschach Test for those in the information security field: revealing as much about the individual attempting to explain the Sony hack as about the attack itself. Rid and a Ph.D student, Ben Buchanan, have authored a paper in the Journal of Strategic Studies. In their paper, Rid and Buchanan note that one of the biggest challenges of cyber attribution: bridging the technical and political or cultural issues that often surround cyber attribution. As Rid notes: the individuals doing the basic forensic work on the incident may not have a grasp of the larger cultural or political issues at play. That’s a dynamic we’ve seen at play (in spades) in recent news about the hack of Sony Pictures. In this podcast, Rid […]
Senator Warns of DHS Struggle with Cyber Security
U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]
Two Step: FBI Says North Korea Acted Alone, Had Help
The official line on perhaps the biggest security story of the year shifted noticeably this week following a report by the security firm Norse Corp. that cast doubt on the official explanation of the devastating November hack: that it was a state-sponsored operation carried out by hackers working for the government of the Democratic Peoples Republic of Korea, or DPRK. Two reports in recent days – both citing officials close to the Sony hack investigation – suggest that the FBI believes – simultaneously – that the DPRK did not act alone and that it was the only actor responsible for the attack on Sony Pictures Entertainment.
Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections
Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]
