Information Security News
Last week at a Chaos Computer Club (CCC) convention in Hamburg, Germany, German hacker Starbug claimed he reproduced a fingerprint belonging to German defense minister Ursula von der Leyen using nothing but some commercially-available software and a number of high-resolution photos of her hand.
Starbug, whose real name is Jan Krissler, said that he used a close-up photo of von der Leyen's thumb that was taken with a “standard photo camera” at a press conference from a distance of three meters (about 10 feet). He also used several other pictures of her thumb which had been taken from different angles at different times. Then, according to VentureBeat, Starbug used a program called Verifinger to recreate the print.
Fingerprint readers like those that are commonly found on more recent iPhone models have been hacked in the past. Starbug himself is famous for circumventing Apple's Touch ID in just 48 hours—and he spoke to Ars about the feat at length in an interview. But recreating a fingerprint with just a photo takes a well-known hack a step further. On CCC's website, the group described the conclusions of Starbug's most recent hack: "In the past years, it was successfully demonstrated a number of times how easily fingerprints can be stolen from [their] owner if a person touched any object with a polished surface (like glass or a smartphone)... With this knowledge [of recreating fingerprints from photos] there will be no need to steal objects carrying the fingerprints anymore."
Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not precisely the profile of a highly sophisticated attack. Such attacks have increased in both intensity and frequency in the past year but, to an extent, are not terribly new.
The question is, why are these low-skill attacks still happening and what can be done to stop them. This week I hope to put up a series of posts on some things every organization can do, this one is the first.
Many of these attacks rely on spoofing source IPs to an open UDP service (i.e. NTP, DNS, etc) that respond with traffic much larger to the spoofed target. Since some protocols can respond with hundreds of times larger of a response than the request, it makes it easy for someone with a gigabit connection to the internet to direct large DDoSs at a victim assume they know enough open services.
The first step to deal with this problem is for organizations to stop running open UDP services without a really really good reason (which you dont have). Usually, this involves very minor configuration changes. If you do need to run open services to the internet (you dont) than to use rate-limiting to prevent the service from being abused.
Does your network run any open UDP services? There are 4 websites that will help you find such services on your network.
These are the four biggest offenders in reflective DDoS attacks and eliminating them would go a long way to taking a bite out of the DDoS threat. In all cases, there are good reasons to disable the services even if you are not a victim. First, could be the potential of civil liability from a victim. Second, is the possibility of information leakage (i.e. SNMP).
Be sure to check your organizations IP space and for fun, check your home networks as well and/or your favorite WiFi hotspot.
If we all take some time to clean up our small corners of the net, we can start tamping down on DDoS and get back to our XBox.
bambenek \at\ gmail /dot/ com
The FBI is reported to be investigating the people responsible for the denial of service attacks that rendered Microsoft's Xbox Live and Sony's PlayStation Network inaccessible for much of Christmas Day, according to sources speaking to the Daily Dot.
A group calling itself Lizard Squad has claimed responsibility for the Christmas attacks. The group has raised its profile over the Christmas period by speaking with a variety of media outlets, including BBC Radio 5 Live and Sky News. Talking to WinBeta, group members said that the denial of service attacks were being done to demonstrate poor security on the part of Microsoft and Sony.
The Lizard Squad members call themselves "Ryan Cleary" (after Ryan "ViraL" Cleary, the LulzSec collaborator imprisoned for hacking and possession of child pornography) and "Vinnie Omari." They claim that their denial of service attacks used undersea routers and that a total of 1.2 terabits per second of data flooded the gaming networks.
The Separation of Information Security & IT
Many organizations have historically lumped together the information security ("InfoSec") and information technology ("IT") functions. Because anti-virus software, firewalls and proxies were primary tools used in securing the network -- and IT was ...
The Extended Enterprise #Cloud Perimeter By @E_deSouza | @CloudExpo
Norks blame US for TITSUP internet, unleash racist rant against Obama
But the US Federal Bureau of Investigation has continued to blame Norks for the crushing assault on the struggling film studio, even as infosec experts remain sceptical about the claims. The NDC hit back with its own accusations against Washington:.