Cyber attacks against SecureWorks clients in 2008 originated mainly from within the USA, though this doesn’t mean the computers aren’t being controlled from Russia, or elsewhere:
The United States topped the list with 20.6 million attempted attacks originating from computers within the country and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483… These findings illustrate the ineffectiveness of simply blocking incoming communications from foreign IP addresses as a way to defend your organization from cyber attacks, as many hackers hijack computers outside their borders to attack their victims.
The US government is rolling out a DNS authentication mechanism to thwart DNS poisoning attacks discovered this year.
All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites… DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites… The White House DNSSEC mandate comes just weeks after the July disclosure of one of the most serious DNS bugs ever found. The Kaminsky bug — named after security researcher Dan Kaminsky who discovered it — allows for cache poisoning attacks, where a hacker redirects traffic from a legitimate Web site to a fake Web one without the user knowing.
San Francisco is hunting for a mystery device on their city network (via Slashdot).
With costs related to a rogue network administrator’s hijacking of the city’s network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network. The device, referred to as a ‘terminal server’ in court documents, appears to be a router that was installed to provide remote access to the city’s Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven’t been able to log in to the device, however, because they do not have the username and password. In fact, the city’s Department of Telecommunications and Information Services isn’t even certain where the device is located, court filings state.
Schneier says not to hand just anyone your cell phone:
There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.