Things I have no choice but to write

Month: March 2010

First morning. Bike commute

a couple of observations as I try to get to work without a car:
I have no bright clothes.
As a result, I am dressed like an overweight, middle-aged ninja.
Almaden lake park is closed in early morning, so you can't get to chynoweth solely on paths.
There is no bike path by oakridge. We have to fix this
The light rail is moderately busy at 7am.
Many poor and homeless people travel by bike.
Final time 36:00 on the bike, 80 min total.
Sent via BlackBerry by AT&T 408 876 0111

Breach: Kneber Bot Attack

Another hack attack hits the headlines

Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan – a simple smash and grab. This one’s a game changer. 

Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes:

  • 68,000 corporate log-in credentials
  • Access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials
  • 2,000 SSL certificate files
  • Dossier-level data sets on individuals, including complete dumps of entire identities from victims’ machines.

Penetration of this scale and amongst such an esteemed group of public and private organizations – Merck & Co, Cardinal Health, 10 US Government Agencies – makes it is clear that no-one is untouchable to an ambitious,  determined and organized group of hackers. But what’s most startling is the lack of visibility about this particular bot.

Firstly we don’t yet know where it came from. Fingers have been pointed at China but there appears to be very little hard evidence. Next, we don’t actually know the extent of the damage. This apparently, is still being assessed, and affected companies notified. Moreover it isn’t clear to what extent the attack has been contained.

What we do know is that it started in late 2008 in Germany. But that in itself begs another unanswered question. How can an attack using a spyware freely available in the Internet penetrate 75 000 systems Worldwide – and still go unnoticed for more than a year?

What is becoming ever more clear is that conventional malware and signature based detection systems are fast becoming inadequate for addressing the increasing sophistication of cyber attacks like the Kneber Bot.

So how can companies improve their visibility and protect themselves against these increasingly sophisticated attacks going forward? Well, regardless of the sophistication of the attack all computers natively generate electronic fingerprints. For every event that takes place in a computer or a network or a security system, or applications, databases or OS etc. a small record of that event is kept, it’s called a log. 

This is your electronic fingerprint. Just like a fingerprint, properly managed logs enable us to carry out forensics, and get us the visibility required to know exactly what happened, who did what, how the attack originated, how it spread, where are the attackers, what has been compromised.

So could the key to solving and preventing IT crime lie in properly managed logs? Could it be that log management could be of some use?

Yes, certainly. But the trouble is that with the explosion of corporate systems the number of logs has exploded to a difficult-to-manage number and few companies are truly geared up to manage them all – meaning that things inevitably slip through the net. Only companies using the most sophisticated log management systems such as LogLogic’s Open Log Management Platform which – with our new Quad-core hardware can monitor up to 250,000 records per second – can really hope to identify and act upon these new subtle, sophisticated and well-disguised attacks on their infrastructure.

The hackers’ game has moved on. We all need to be prepared to respond to this.

RSA Show And What It Says About….

As previously mentioned, LogLogic enjoyed huge success at RSA last week, and really enjoyed introducing our customers to our Nerd Herd over beers. As the Chief Marketing guy at LogLogic,  its interesting to me the casual way in which vendors treat their brand image. I had a chance to walk the floor and assess their self-inflicted damage.”

In some ways, tradeshows like this have not changed. I have been apart of the JavaOne show since the beginning back in 1997. The RSA crowd is a bit different…namely more suits and better hygiene.  You can always tell how the economy was doing by what kind of giveaways are on the show floor. Here are my best and worst for 2010.

Hand Sanitizer? Really?

I did notice that a bunch of people had hand sanitizer. Really? Does this really send the right message? To Whom? Howard Hughes?


(sorry for the picture quality….its from my blackberry).

For Cutesiness, this injection-molded safe was pretty interesting, if a bit dated in a 19th century kind of way:


The Cell Phone stand was cool, but it did not fit my Blackberry:


The Winner: Giveaway Of The Year: RSA 2010

But the winner (for me at least) is the N-in-one tape measure/level/pencil/notepad thingy from a company called Howard:


The type of booth also has a lot to say about the economy, and what the company wants to portray. Some companies have WAY TO MUCH money and were giving it out by the barrel full. Some were trying to get attention my showing you picture of PhotoShopped mutants.

Meet The Beetles

But my favorite, and most cringe inducing was the secure laptop crawling with *live* African beetles. I am not making this up:


They got my attention, but I am not sure this was the best way to do it.

If this is the type of show that is being put on these days, then it appears the economy is on its way to a recovery.

© 2023 Bill Roth

Theme by Anders NorenUp ↑