Protection Against the Zero Day

Zero day threats are becoming a common hack. How do you protect yourself against such holes? You follow best practices and lock down your system. Let's describe specifically what that means.

Don't use a debit card. You put your account at risk. Instead use credit cards. And pay off their balance each month. Check out all weird activity on your statements, even if they are small. Crooks may be testing the waters.

Consider signing up for ID Theft protection. Download and install Microsoft security updates for your Windows operating system. Do the same thing for other software you use. Install and configure both antivirus and antispyware software on your PC.

Don't type your social security number anywhere online. Use strong passwords for everything. Do not click on ads. Skip the porno sites. Lock down Windows. Don't click any links in email. Use a spam blocker.

These things may seem like common sense. Make sure you employ these practices. It will minimize the chance of you being exploited. You will encounter less pain. And that's a good thing.

Zero Day and the Visanet

I skimmed through a book called Zero Day Threat. They define such as threat as one that is so new that not protection against it exists yet. In other words, this is a virus that takes advantage of a hole that has not been patched yet. The most interesting part of the book was the details on the Visanet system. This is set of processing centers that handle Visa charge transactions.

The authors visited one of the Visanet processing centers. It was a "nondescript" building. That makes sense. You don't want to advertise where you processing centers are. Three are 4 such processing centers around the world that make up the Visanet.

The Visanet centers are located in the Western USA, the eastern USA, Europe, and Asia. Locations are nice and spread out to keep the transactions running. Each transaction consists of 1500 bytes. The total transaction takes about 2 seconds to complete. These processing centers do a massive volume of transactions per second. Good stuff.

Next time I plan to talk about precautions you can take to guard against a Zero Day Threat.

Aurora

There is a lot of buzz about the Aurora zero day exploit. It takes advantage of a vulnerability in Microsoft’s Internet Explorer. Users visit a malware web page. Hackers then gain control of their system through the use of a back door. The name Aurora comes from the file path where malware binary files are downloaded to the target computer.

This hack was specifically focused on Internet Explorer version 6. It was sent to a few people in around thirty companies. This was not a widespread attack. Google was one of the high profile target companies under attack. Google has reported that only two accounts were compromised at their company.

Microsoft is releasing an emergency patch today. McAfee has updated their Stinger virus removal tool. This version is being called Aurora Stinger. It seems like McAfee is generating a lot of hype regarding this exploit. Although they are combating a real vulnerability, from the outside it looks like a big publicity drive.

Hacking for Dummies

I broke down and read Hacking for Dummies. It was a surprisingly good read. To be a hacker, you need to think like a thief. This is the hacker mentality? Hacking is like testing software. You can go further than a tester by broadcasting your findings to the world. This makes you a Hacktivist.

Put up a fake contest web site. Then promote it. Ask users to create an account on the web site. You can collect a lot of good passwords that way. It is a good practice to disable broadcasting of your SSID on a wireless network. Did you know that passive monitoring can find your access point even if you are not broadcasting the SSID?

When you conduct tests for port scanning, you should scan the first 65535 ports on the computer. This might produce false positives for holes. Note also that the port scan itself might cause a Denial of Service. Be sure to test your firewall from both inside and outside your network. You never know when an attack is going to come from within.

Here are some methods to prevent Denial of Service attacks. Apply patches, including patches to firmware. Set up your router to block malformed traffic. Block ICMP and disable SNMP. Do not put sensitive information on your web servers. That way hackers can’t get your info even if they compromise your network.

Factoring a 768-bit RSA Number

Last month a team completed a multi-year effort to factor a 768-bit number. The number was one from an old RSA Challenge list. A 22 page paper was written on the subject. The team consisted of Thorsten Kleinjung and associates. This is a record for factoring integers. Their conclusion is that 768-bit RSA numbers are no longer recommend for encryption.

Let us put this into perspective. 10 years ago a team factored a 512-bit number. Factoring a 768-bit number is a few thousand times more difficult then that. Factoring a 1024-bit number will be around a thousand times more difficult than factoring a 768-bit one. The researchers estimate that 1024-bit number factorization will occur some time in the next decade. However it won’t occur as soon as the next 5 years.

The techniques used in the factorization involved heavy math. But one idea they used was that of a sieve. They report that sieving is easy. Conducting work in parallel does create some challenges. Clients must do a lot of communication with servers. Trouble arises when one machine or a network connection goes down.

A square root step significantly reduced the solution space. Many large primes were generated to help the factorization process. Some steps required a terabyte of memory. They ran their jobs on up to 80 different machines. In total the factorization took 10^20 computations. The techniques were chosen using some experience and a lot of luck.

I am amazed at the multi-year commitment by the team to complete the factorization. However this does not mean I no longer trusting 768-bit encryption. Congrats to the Kleinjung team. This is good stuff.

Kindle DRM Hacked

Amazon has implemented Digital Rights Management on its Kindle for PC product. The book you buy is supposed to only be readable on your PC. Israeli hacker Labbu has claimed to have broken this DRM. His tool is called Unswindle. The latest version is v5-rc1. The tool requires Mobidedrm from Darkreverse.

Unswindle is written in the Python programming language. It cracks the unique key that Amazon distributes per book. Previously Amazon had patched their Kindle for PC product, rendering Unswindle useless. However Labbu provided an update which got past the latest fix from Amazon.

Labbu did say that Amazon had some good security in place for their Kindle for PC. The development began in response to a challenge posted on a hacker site. This was not for illegal use of Amazon books. Some dude just wanted to open a Kindle file on a PC other than the one that was authorized through the DRM. Labbu responded in full force with Unswindle. Nice.

Let's Hack

I picked up a Hacking for Dummies book a while ago. It had an unknown date of publication. The intro was written by the dude who authored Hacking Exposed. The cheat sheet from the book had already been torn out. LOL. Owned.

The book stated that there are 23,000 professionals with the CISSP certification. An alternate certification is the Certified Ethical Hacker. There is an entire industry built around ethical hacking. This is where you conduct legal security testing. It is also called penetration testing. Another word for ethical hackers is White Hat Hackers.

Here is a cop out. The author states that he is not responsible for hacks performed by his readers. Yeah right. Let's get some terms right. A hacker is somebody who likes to tinker with stuff. A cracker, on the other hand, is someone who likes breaking into systems.