Archive for August, 2009

Social media DOS attack focused on Georgian blogger Cyxymu

Thursday, August 6th, 2009

Elinor Mills of cnet reports that the DOS against twitter, facebook, livejournal and blogger were focused on a single Russian blogger using the name Cyxymu.

A pro-Georgian blogger with accounts on Twitter, Facebook, LiveJournal and Google’s Blogger and YouTube was targeted in a denial of service attack that led to the site-wide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

The blogger, who uses the account name “Cyxymu,” (the name of a town in the former Soviet Republic) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly said. “We’re actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.”

According to the Register, Researcher: Twitter attack targeted anti-Russian blogger, the DOS attack was driven by spam rather than a botnet. Spam messages enticed their recipients to click on a link to one of Cyxymu’s many social media accounts.

You can try to access Cyxymu’s pages on twitter, livejournal, facebook, blogger and youtube.

DDOS on twitter, facebook and livejournal

Thursday, August 6th, 2009

It will be interesting to see what comes from today’s DDOS attacks on twitter, facebook and liveJournal. It is certainly a show of strength from whoever controls the botnets that launched the attacks. We can only assume that three three are from the same source or at lease related sources. Some sources:

Was it a test? Demonstration? Preparation for extortion (Nice little Internet you got there. Shame if something happened to it.)?

DoD conflicted about social media systems

Thursday, August 6th, 2009

The Department of Defense remains conflicted about their position on social media.

This past Sunday the US Marine Corps announced an immediate ban of Internet social networking sites on their NIPRNET network due to potential security risks. Specific examples of the sites now banned included facebook, myspace, and twitter.

Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, tweeted yesterday.

“Obviously we need to find right balance between security and transparency. We are working on that. But am I still going to tweet? You bet.”

The comment also appeared on Admiral Mullen’s facebook page.

While it’s tempting to poke fun at the apparent contradictions involved, it’s easy to see a difference. Its well known that there are many vulnerabilities on the Web that can result in compromising a computer and that they are more likely to be encountered in open, popular environments, like social media systems. So it’s prudent to limit access to some of these from networks like NIPRNET that are used for sensitive information. On the other hand, we assume that the computer used by Admiral Mullen and his staff for public announcements and PR are on conventional networks, so the risks asscociated with security problems are greatly reduced.

Still, you have to admit that it’s ironic.

EFF on location privacy

Wednesday, August 5th, 2009

The Electronic Frontier Foundation released a whitepaper, On Locational Privacy, and How to Avoid Losing it Forever, discussing problems and solutions involving location privacy. The report, written by Andrew Blumberg and Peter Eckersley, outlines how location information is being collected by devices and services and argues for solutions that maintain potential benefits without sacrificing personal privacy.

“There are nifty new location-based technologies like electronic road-toll tags and cell-phone apps that alert you when your friends are nearby — but these systems often create and store records of your movements,” said EFF Staff Technologist Peter Eckersley, one of the co-writers of the white paper. “This could make it possible for others to know when you visited a health clinic, what church or bar you spend time in, or who you go to lunch with. It is essential that privacy-protecting algorithms are built into these devices and services, so we can enjoy their convenience without making our private lives into open books.”

“The technical solution to preserving privacy in digital services lies in modern cryptography and careful design,” said Stanford University mathematician Andrew J. Blumberg, the white paper’s other co-writer. “It may seem counterintuitive, but using cryptography, these systems can function without collecting and storing personal data at all. The best way for systems to protect user data is not to collect it in the first place; then the information is not available for anyone to buy, steal, or obtain by subpoena — it would stay truly private.”