uncompiled.com

The Web threat landscape is becoming increasingly dynamic and opportunistic as hackers continue to adapt to new online functionality and trends, according to a report on online security from Zscaler, a security firm that specializes in cloud computing.

“While the goals have not changed, the techniques continue to evolve,” wrote Michael Sutton, the company’s vice president of security research, in the “State of the Web” report for the second quarter of 2010. “The attacks that we’re seeing are increasingly dynamic in nature, continually shifting locations and swapping out payloads to avoid detection.”

Attackers are using social networking functionality, exploiting current events and using techniques such as fast flux to quickly change the Domain Name System resolution for IP addresses, a tactic that allows them to evade blacklists that block malicious sites. The trends are not new, but they illustrate the continued threat posed by increasingly professional criminals with access to a growing kit of malicious tools available in the underground market.

“Attackers are quickly moving content to different locations in order to ensure that enterprises cannot simply protect themselves by blocking a specific range of IP addresses,” the report concludes. “It is clear that security vendors must be able to quickly adapt and inspect Web-based content on-the-fly in order to identify and secure against emerging threats in this continually evolving environment.”

Legal inroads are being made against organized online crime. The Secret Service announced last week that Vladislav Anatolieviech Horohorin, known online as BadB, had been arrested by French authorities on U.S. federal indictments for access-device fraud, aggravated identity theft, and aiding and abetting. According to Secret Service officials, Horohorin was one of the founders of CarderPlanet, which the agency called “one of the most sophisticated organizations of online financial criminals in the world.” The site allegedly is operated by cyber criminal organizations to traffic counterfeit credit cards and false ID information and documents. The site provides a forum for purchasing stolen data and credentials as well as attack tools.

But criminals are resilient and continue to take advantage of current events, such as the recent World Cup tournament and Apple’s release of the iPad, and of new functionality, such as Facebook’s “Like” button. Zscaler described Likejacking schemes in which invisible buttons use clicks anywhere on a Web page to drive advertising by raising its Facebook profile.

The increasingly popular Twitter is also a rich target for phishing attacks as malicious third parties solicit Twitter account information with offers to increase the number of the account’s followers.

In addition, criminals are using search engine optimization techniques to drive malicious Web sites to the top of search results on major search engines, including Google, Bing and Yahoo, Zscaler found.

The United States remains by far the top country for malicious IP addresses identified by Zscaler in the second quarter, despite dropping from 62 percent of malicious addresses in April to 48 percent in June. All the other leaders are in the single digits. China and Germany were tied for second place with 7.11 percent each.

However, those figures likely say more about the number of computers and the rate of Internet use in a country than about where attacks originated.

Source

D-Link enhanced its router security to a higher level of protection by incorporating both CAPTCHA and DNSSEC to guard against hacking, worms, viruses and other malicious Web attacks.

DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications that adds security to the DNS to provide assurance that the information received from a Domain Name Server is authentic. The security extensions are designed to protect the DNS from man-in-the-middle and cache poisoning attacks, which can occur when hackers corrupt DNS data stored on recursive name servers to redirect queries to malicious sites.

DNSSEC applies digital signatures to DNS data to authenticate the data’s origin and verify its integrity as it moves across the Internet and can provide users with effective verification that their applications, such as Web or email, are using the correct addresses for servers they want to reach.

CAPTCHA is a challenge-response test that ensures that a response during a user logon is not computer-generated but instead is truly entered by a human hand, by requiring a user to manually enter a small amount of text displayed in an image to help prevent automated registration and fraud.

To further consider security while future-proofing its routers, D-Link is migrating to IPv6 certification. With the growing number of Internet-capable devices on the market the pool of IPv4 address has dropped to six percent and is expected to run out sometime in 2011. While this is a major motivation for IPv6, other improvements are also realized.

The IPv6 specification now specifies certain security measures that were not defined in IPv4, such as IPSec. IPSec is a method of authenticating and encrypting data transferred between pairs of hosts. Although it was possible to implement IPSec with IPv4, it was not part of the specification. IPSec is now a requirement, not an option, in the IPv6 specification.

Source

You may have heard the rumor that swirled briefly last month about an Internet “kill switch” that could power down the Web in the case of a critical cyber attack. Those rumors turned out to be largely overblown, but it turns out there are now seven individuals out there holding keys to the Internet. In the aftermath of a cataclysmic cyber attack, these members of a “chain of trust” will be responsible for rebooting the Web.

The seven members of this holy order of cyber security hail from around the world and recently received their keys while locked deep in a U.S. bunker. But the team isn’t military in nature. The Internet safety program is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit watchdog group that has access to a security system designed to protect users from cyber fraud and cyber attacks.

Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site).

Most major servers are a part of DNSSEC, as it’s known, and during a major international attack, the system might sever connections between important servers to contain the damage.

A minimum of five of the seven keyholders – one each from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic – would have to converge at a U.S. base with their keys to restart the system and connect eveything once again. We’re imagining a large medieval chamber filled with techno-religious imagery where these knights cyber must simultaneously turn hybrid thumb drive/skeleton keys in a massive router, filling the room with the blinking light of connectivity.

In reality, it’s not so dramatic. The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.

Source

Looking deeper within malware yields fingerprints of the hackers who write the code, and that could result in signatures that have a longer lifetime than current intrusion-detection schemes, Black Hat 2010 attendees will be told next week.

Analysis of the binaries of malware executables also reveals characteristics about the intent of the attack code that could make for more efficient and effective data defenses, says Greg Hoglund, CEO of HBGary, whose briefing “Malware Attribution: Tracking Cyber Spies and Digital Criminals” is scheduled for the Las Vegas conference.

Hoglund says this analysis uncovers tool marks — signs of the environments in which the code was written — that can help identify code written by a common person or group based on what combination of tools they use.

For example, his research looked under the covers of one malware executable whose fingerprint included use of Back Orifice 2000, Ultra VNC remote desktop support software, and code from a 2002 Microsoft programming guide. Each program was slightly modified, but the information available amounted to a good fingerprint.

The malware was a remote access tool (RAT), and RAT generators such as Poison Ivy could have created unique RAT code for each use, but that’s not the route this attacker chose. tifying this RAT in other instances of malware can link groups of malicious code to a common author or team, Hoglund says.

He has found that these fingerprints last a long time. Once written, the binaries themselves are altered only infrequently, so employing these fingerprints as malware signatures will be more useful for longer periods. “The bad guys don’t change their code that often,” Hoglund says.

A traditional antivirus platform tifies variants of malware. This research can anchor a new form of intrusion detection that analyzes malware deeply to find these fingerprints and to assign it to a threat group based on the intent of the malware, he says.

For instance, if the malware is designed to steal credit card numbers from individuals, a corporation might rank it as a lower threat to the corporation than malware that seeks to steal the company’s intellectual property, he says.

“You are not going to succeed in keeping the bad guys out of your network,” Hoglund says. “But if you can detect them as early as possible, you can prevent losses.”

During his talk, Hoglund says he will exhibit graphs that cluster half a million pieces of malware his team has examined on a graph according to how closely their fingerprints match. He says he hopes to demonstrate that the sources of these 500,000 examples number relatively low — in the hundreds rather than the thousands, he says.

If that’s the case, using these fingerprints as signatures by which malware is detected, intrusion-detection engines could focus on filtering them rather than the wrappers in which they are sent. That would mean a more stable library of signatures since the attackers are slow to change their code. These IDS signatures would work better over a longer period.

To do this the IDS needs to be on endpoints where the code executes and can be seen in the memory of the computer as a human-readable text. At the network layer, a packed executable would not reveal these attributes.

At the conference, Hoglund plans to release a tool called Fingerprint that analyzes and compares the similarities among the underlying artifacts found in different pieces of malware. Businesses could use the tool to determine what identifiable attacker wrote the code and what its intent is.

That in turn can give businesses an idea of whether they are under a concerted assault from a common group rather than being the victim of random attacks. Using this type of analysis, Hoglund says he found that one identifiable attacker was responsible for targeting the Department of Defense as well as a particular military base five years before.

That indicated the attacker was the same, and use of a Chinese-language development environment indicated the attacks came from there. Some of the source code used was exact copies of code traded on China hacker sites.

Source

Imagine a world where code used by the biggest clouds is freely available to any developer, anywhere. A world where that code was a standard used to build private clouds as well as a variety of new service offers. In this world, workloads could be moved around these clouds easily – you could fire your cloud provider for bad service or lack of features, but not have to rewrite the software to do it. Imagine an open source cloud operating system that lifts IT to the next level of innovation, just as Linux drove the web to new heights.

Today, we at Rackspace launched an ambitious project called OpenStack that aims to make this new world a reality.

I want to lay out the thinking that got us here and why we think this moment will change computing forever.

“The cloud” at its most fundamental level is all about a massive supply increase in computing power. The PC era was all about putting a computer on every desk. The cloud era goes a step further, putting the power of supercomputing at the literal fingertips of every individual at anytime. Whether it’s enabling a youth soccer coach to schedule practice across the online calendars of 18 families, or helping a scientist fold proteins to design new cancer drugs, or encouraging a frontline employee to instantly and cheaply test a new marketing campaign, the exponential growth in computing power and applications is changing every corner of our economy and society. And, this era is truly just beginning. We have seen only a tiny fraction of the potential gains that arise from cheap, ubiquitous computing power.

As this landscape has evolved, some have dismissed cloud computing as just a return to the mainframe era. This view is fundamentally wrong. Mainframes were available to only the smartest employees at the richest companies. The cloud is accessible to all, and usable by anyone, at low cost. Its ubiquity is the source of its power.

However, there is one area where mainframe concepts are intruding into the cloud – the vertically integrated technology stack. As hardware and software merge into services, the danger of locked down proprietary software stacks are emerging in the cloud space. The cloud world changes everything, and that is not good to many entrenched interests of the old guard. Core technologies from operating systems to hypervisors to databases are being used to tie cloud customers into an integrated view of the world.

If the web has taught us anything, it is that open systems, portability, and choice drive innovation. The open Linux system brought us a mountain of software and tools to help accomplish almost any task. And, each component, whether a database or a widget could be moved in and out freely based on the job getting done.

We at Rackspace have long talked about an “open” cloud. And as a service provider built on our Fanatical Support difference, we have never had an interest in creating technical walls around our service. But, given that no standards tools have emerged to build massively scalable clouds, we too have had to build custom software that creates some level of wall around our cloud offerings. For months we have debated how to drive greater standards and increase the velocity of cloud technologies in general. We finally converged on the obvious answer: open source our cloud technology.

Today, we announced a new open source project that includes those core technologies: OpenStack. And, we are not alone. As we looked at all the projects that already existed to drive standards we saw that other efforts were underway that complemented what we have done. We saw a ton of promise in the Nebula computing project built by NASA and are making it a core part of the project. Taking the contributions of Rackspace and NASA as a starting point, OpenStack forms a powerful foundation of technologies including, a scalable compute provisioning engine – OpenStack Compute – and a fully distributed storage engine – OpenStack Object Storage.

The community, which we plan to actively support and drive, is live today at openstack.org with code available for download.

Last week we assembled a strong group of cloud community leaders and developers to meet and review the architecture, engage on technology direction and contribute code. The effort attracted more than 100 participants from 25 companies including hosting companies, telecom providers, hardware manufacturers, cloud ecosystem companies and beyond. This enthusiasm and collaboration around OpenStack has laid the foundation for a vibrant and innovative approach to building the core software to power the future cloud world.

What do we expect OpenStack to mean for the cloud community? Some pretty major things. One, anyone will be able to run this cloud and do it anywhere. Enterprises and governments will be able to build private clouds. Service providers will have the same technology used by Rackspace and NASA to build new offers. Choice and portability are inevitable in this world. Two, the whole tech ecosystem can build around this foundation. With wide adoption, there will be a market for new services all around this core engine. From storage systems to monitoring tools to management systems, there is no end to what can be attached to the core project. Three, the cloud will advance faster than ever. Between just NASA and Rackspace, an army of developers are committed to the continued advancement of OpenStack. With our emerging supporters in the project, we expect to dramatically expand that army. Finally, a core set of standards will be freely available and totally open. New technologies can be attached. Better solutions will be driven into the product. And, the use of this powerful technology will not tie you to the use of any other technologies.

For our customers, we think there are many benefits that flow from these community gains. Not only will this help our offers develop faster and more transparently, but our customers can run private editions of our core systems in house or in our managed hosting operation.

We could not be more excited about the launch of this project and the enthusiasm around it. As a company that has invested a great deal in the development of cloud technologies, we did not take the decision to open source lightly. We think this decision will serve our interests and those of our customers. While we at Rackspace hire top developers and engineers to make sure our technology is second to none, seeking a technology advantage has never been our approach. We have our own vision about how to deploy this technology and serve customers – by giving them seamless access to scalable computing with the trusting partnership that comes through Fanatical Support. But, there will be many approaches and winning formulas. We think by welcoming those approaches and driving standards and more rapid innovation we will all win.

We hope you join us in this cause. We know there are many parties who might want to join us in the effort, please reach out to us.

We look forward to updating you as we make progress.

Source

Web Development Framework is a software framework that is designed to support the development of a Websites, Web applications and Web services. Many frameworks provide libraries for database access, templating frameworks and session management, and they often promote code reuse.

Web development can be little tough if there had been no frameworks to make our life easier. Any Web Framework is a boon to a web developer as it provides so many options, flexibility and its a big time saver.

Here, we have compiled the best of web development frameworks in PHP, CSS, JavaScript, Python and Java. All these frameworks have there pros and cons, they can help you make your project look clean and robost. For future reference, you can bookmark this post and share it with your friends and web-programmers.

Source

It should be no surprise that the SSL security certificate business is big business, considering how SSL certificates are seen as being on the frontlines of securing Web transactions against fraud. But new data suggests that SSL certificates are not all being configured correctly.

Security research firm Qualys is attempting to paint a detailed picture of SSL deployments and their shortcomings with a new, still under-development study that aims to deliver a deeper degree of information on the state of the SSL marketplace than what is currently known. Most industry intelligence on the subject thus far has come from Netcraft research reports and from vendor reports.

In its study, Qualys scanned 119 million domain names, but found that only 92 million were active. Approximately 12.4 million domains failed to resolve properly and 14.6 million failed to respond. Of the active domains that did respond, nearly 34 million responded to the Qualys scan on both port 80 and port 443. Port 80 is typically used for HTTP while port 443 is typically used for HTTPS-, SSL-secured Websites.

Digging a layer deeper into the active sites on Port 443, Ivan Ristic, director of engineering at Qualys, said in a Webcast that he found that only about 23 million of the sites were actually running SSL.

SSL certificates can be generated for any domain name. It is considered to be a best practice that the name on the SSL certificate matches the name of the domain on which the SSL certificate is being used, though Ristic’s research shows that’s not always the case.

“Only about 3.17 percent of the domain names matched,” Ristic said. “So we have about 22 million SSL servers with certificates that are completely invalid because they do not match the domain name on which they reside.”

Detecting invalid SSL certificates
In a preview of a talk set to be delivered at this summer’s Black Hat USA conference, Ristic explained that his company has had an SSL security-checking service available publicly for some time. However, the Qualys SSL checker required that users came to the site to check their own SSL status. With the new research conducted by Ristic, Qualys set about scanning the Internet to collect information on how sites are implementing SSL.

“For us, the question is: How exactly is SSL used on the Internet as a whole?” Ristic said during the Webcast. “Interestingly enough, as popular as SSL is, no one had made public the information about how it is used.”

According to VeriSign, there are currently approximately 193 million domain names. In terms of SSL, Netcraft reports that there are 1.5 million SSL certificates. Ristic decided to focus his research on the total number of .com, .net, .org, .biz, .us and .info domains, which total 119 million domain names in total.

Ristic explained that he built a virtual machine that was able to run 2,000 threads in parallel to scan those millions of domain names. The process took him two days at a speed of 1,000 servers scanned per second.

In response to a question from InternetNews.com about his testing hardware and software infrastructure, Ristic noted that the scanning software had been custom-written for the task.

“The hardware was nothing special — I’m using a virtual server in the cloud and it’s just a medium-sized box,” Ristic said. “The trick to why the tests are quick is that it’s only a couple of network packets that are being exchanged, and that’s enough to determine if the server on the other side is capable of supporting the protocol.”

As part of the complete report that he is working on, Ristic said that he’ll be doing a deeper analysis of 720,000 SSL certificates that he uncovered in his initial scan and considers valid. The plan is to collect up to 300 data points on each SSL server to better understand how the certificates are deployed and configured.

Source

ARIN is deploying an improved Whois service called Whois-RWS on 26 June
2010. Included in the deployment are the following services that provide
the general public with access to ARIN’s registration data.

* a RESTful Web Service (RWS)
* a NICNAME/WHOIS port 43 service
* a user-friendly web site (http://whois.arin.net)

When using Whois-RWS you will notice some differences in behavior for
certain queries and corresponding result sets on the NICNAME/WHOIS TCP
port 43 service. These minor differences are documented at:

https://www.arin.net/resources/whoisrws/whois_diff.html

ARIN’s Directory Service for registration data has used the
NICNAME/WHOIS protocol since its inception. The limitations of the
NICNAME/WHOIS protocol are well known and documented in RFC3912.
Whois-RWS was created as an alternative to the ARIN Whois and will
provide much richer functionality and capability to the community.

Whois-RWS can easily be integrated into command line scripts, or it can
be used with a web browser, which makes it applicable for programmatic
consumption and accessible for interactive use. ARIN will continue to
maintain services for the NICNAME/WHOIS protocol on TCP/43. This is
achieved by using a proxy service to translate traditional ARIN Whois
queries into Whois-RWS queries. However, ARIN recommends use of the
RESTful Web Service.

Those who choose to use the Whois-RWS Proxy will find it has many
features unavailable over the existing Whois service, including:

* Support for new query types such as CIDR queries
* Better feedback for ambiguous queries
* More finely scoped record type queries
* Options for NICNAME/WHOIS clients that re-interpret traditional
parameters used by ARIN’s service.
* RESTful URL references, useful for embedding into documents and e-mail
* Better grouping of record types and delineation of results

Another major benefit is that data from ARIN’s registration database is
distributed to the Whois-RWS servers many times throughout the day,
versus the once-a-day update of ARIN’s previous Whois service. Changes
will be reflected more quickly through Whois-RWS, so query results will
be more current than the previous Whois service.

ARIN continues to welcome community participation on the Whois-RWS
mailing list, and we invite you to subscribe and provide feedback to:

http://lists.arin.net/mailman/listinfo/arin-whoisrws

Source

A recently published e-book penned by the self-proclaimed “world’s No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family.

How to Become the World’s No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm. Released by the obscure Cyber Crime Media publishing house, the 342-page PDF is a comprehensive, step-by-step guide for consumers who want to learn how to harden their networks against attackers. Unix security, Wi-Fi cracking, and web service configuration are all covered.

But it turns out that huge chunks of the book weren’t written by Evans at all, even though no other authors are credited. For instance, virtually all of Chapter 12 – 5,894 words, to be exact – is identical to this tutorial on port scanning written by Armando Romeo and published on the hackerscenter.com website in early 2008. And 1,750 words found in Chapter 9 were lifted from this manual posted to ethicalhacker.net, including screenshots that make reference to Chris Gates, the original author.

In all, at least 13 of the e-book’s 26 chapters were lifted almost entirely word-for-word from other sources without attribution, according to this analysis from Ben Rothke, a senior security consultant for a professional services firm, who ran the portions through iThenticate, an online tool for spotting plagiarism. Other sources that were used without credit include Security Focus, Auditmypc.com, and Squidoo.com.

“Mr Evans has never asked any permission from me and I’m the only owner of the copyrights of my website,” said Armando Romeo, CEO of eLearnSecurity who says in all five Chapters in How to Become the World’s No. 1 Hacker “have been literally copied and pasted from my guides” on the Hacker Center website. He added that this is the second run-in he’s had with Evans, who regularly appears on local and national TV shows to talk about computer security.

Chris Gates and Donald Donzal, the author and editor respectively of the articles on the Ethical Hacker site, are also steadfast that Evans never had permission to use their content, which was first published published in 2007. Donzal said he’s in the process of filing a take-down demand under the US Digital Millennium Copyright Act.

Evans – who in 2002 was sentenced to 24 months in federal prison after pleading guilty to wire fraud – has vociferously defended his use of the previously published articles. In an interview with The Register, he said he began work on the book in 2008, and largely drew on ghost writers who by contract agreed to submit “original content.” He insisted the submissions were vetted for authenticity by a service he declined to name. But he nonetheless went on to challenge the authors who have stepped forward to complain their work has been misappropriated.

“What you’re doing is you’re saying Greg, you put other people’s stuff in your book, but if I go out on the internet, you cannot tell me who owns those other people’s stuff,” he said. “All you’re doing is you’re telling me that who owns a website where other people publish at that website, but they’re not the owners of the content.”

‘Mitnick under my wing’
Evans, who is African American, has pushed back equally hard against other people asking hard questions about the true origins of his book. In a reference to another company Evans leads, he published a this rebuttal headlined “National Cyber Security Uncovers Racism Within the Computer Security Industry,” and continued to refer to himself as the author of the book.

In an accompanying video blog that was posted late last week, Evans went on to defend his hacker credentials, noting the he was incarcerated on the same floor as Kevin Mitnick during the latter’s five-year prison stint for hacking and fraud crimes.

“When I get in there, I take Kevin Mitnick under my wing,” Evans said in the video. “We used to turn around and have contests like who can get free phone calls, who can get away with making a three-way call without getting caught.”

Evans went on to claim that he advised Mitnick on a plea bargain he was negotiating with federal prosecutors and was in the same room as Mitnick when he learned he was going to be interviewed on the CBS News show “60 Minutes.” Mitnick denies the account.

“He basically misrepresented our relationship, our meetings” Mitnick told The Register. “He certainly didn’t take me under his wing, whatever that means. I didn’t really discuss my case with him because you don’t discuss your case with other people in jail because they’ll become informants.”

According to Mitnick, by the time he was approached by “60 Minutes,” he had been transferred to the Lompoc Federal Correctional Complex and hadn’t seen Evans in months.

Evans “made that whole story up,” Mitnick said. “He was never there.”

Mitnick also challenged the hacking skills of Evans, whose previous books include Memoirs of A Hi-Tech Hustler and Hi-Tech Hustler Scrap Book 2004-2005.

“What I recall of him, he wasn’t too savvy with hacking, but he did understand phone phreaking,” Mitnick continued. Evans’s 1998 prosecution “was a typical fraud case. It wasn’t hacking or phone freaking, really. He seemed to be a nice guy, a very evangelist type personality. I kind of sized him up kind of like a hustler, a grifter.”

Indeed, in video blogs promoting Ligatt Security to potential shareholders, Evans comes across at some points as a high-pressure salesman and at others as a class clown. In this video from last year discussing a deal involving a property known as spoofem.com he shares this nugget:

“I got the news this morning on my way to work, got here late because I caused an accident when I was reading my email and I saw it and I started screaming and I swerved and then this tractor trailer fell over and hit this bus full nuns and it was just [a] mess, but I took off real quick because I got a fast car. They didn’t know it was me, so I’m here doing this video blog. Pray for me.”

Be like ‘Googles’
In the same video a few minutes later, he compared Ligatt shares to those of Google – which he mistakenly refers to as “Googles” – before the stock hit sky-high prices: “It’s just like buying Googles,” he said. “You could have bought Googles years ago. Just imagine if you bought Googles at a penny or less than a penny how trillionaire you’d be today. I’m trying to give you that same vision.”

But it’s fair to say Evans, who says he’s 41 years old, has a temper as well. About a half hour into his interview with The Register, after growing increasingly agitated with the questions, he abruptly stopped the conversation and, through a spokeswoman, refused to continue.

And according to this account from security blogger and podcaster Chris John Riley, someone left a post threatening “to go after you family [sic]” less than 15 minutes after he spoke with Evans on the phone to arrange a taped interview regarding the allegations of plagiarism.

“I will have my friend in your country tracked down [sic] everyone you are friends with and your family and see what you are all about,” the posting stated. The person didn’t sign the message, but the IP address used to leave the message belongs to a Bell South customer in the Atlanta area, where Ligatt Security is headquartered.

Evans – who often refers to himself as the “world’s No. 1 hacker” and is regularly interviewed by various Fox News anchors and affiliates – has yet to say whether he played any role in posting the comments. He terminated his interview with The Register before the issue could be addressed.

Riley said that nothing during his brief conversation with Evans on Wednesday gave any indication there were any hard feelings. But when the time they had arranged to conduct the podcast came, Evans was a no-show.

Said Riley: “I did log onto Skype and I did wait and nothing ever came around. I thought it was funny. To be honest, I think Greg is more bark than bite.”

Source

The federal agency in charge of securing the government’s computer systems is unable to monitor the networks or analyze threats in real time, and it lacks the authority and staff it needs to do its job, according to an internal report.

The U.S. Computer Emergency Readiness Team must share information about threats and trends more quickly and in greater detail with other federal departments so they can better protect themselves, the audit said.

Issued Wednesday by the Homeland Security Department’s inspector general, the report lays out criticism that long has been aired by U.S. officials and outside experts who say the government’s computer systems are vulnerable to attacks, are persistently probed, and lack the needed management and security standards.

And it highlights many of the problems Congress is trying to address in a number of bills aimed at creating a more effective government structure to improve and enforce security standards.

Cyber security has become a top priority for the government, bolstered by President Barack Obama’s declaration last year that it is “one of the most serious economic and national security challenges we face.” Officials say U.S. networks are scanned and probed millions of times a day, and in some cases breached by hackers, cyber criminals and other nations.

The 35-page report said the Computer Emergency Readiness Team, which is a part of DHS, has made progress helping federal agencies protect against computer-based threats, including the creation of a cyber center. But it said the team does not have the enforcement authority it needs to get other federal agencies to take the steps required to secure their systems.

In a detailed response to the report, DHS Undersecretary Rand Beers noted that the inspector general did not make a recommendation on how the agency could gain more enforcement authority. But he said the agency agrees that giving DHS more formal authority would be helpful.

Members of Congress currently are tussling over legislation that would give Homeland Security greater power to draft and enforce standards, and require federal agencies to more quickly address gaps in their computer systems. Other lawmakers say that authority should reside in the White House and with the National Institute of Standards and Technology.

Sen. Susan Collins, R-Maine, who along with Sen. Joe Lieberman, I-Conn., has legislation to increase the DHS’ power, said the agency needs “precise authorities with real teeth.” That effort got a boost Wednesday as key House members said they would introduce a similar bill.

The report also said the Computer Emergency Readiness Team has been plagued with staff shortages and leadership turnover, hindering its ability to retain qualified staff. And due to the security clearance process, it can take nine months to 12 months for a new hire to begin work.

DHS is in the middle of a major boost in staffing. In early 2009, the readiness team had 16 employees, but the number jumped to 31 by October, and is now at 55, with another 25 workers in the hiring process.

The report notes that officials from other federal agencies have complained that the readiness team doesn’t quickly share data on cyber threats or incidents. DHS officials responded that much of the data is from intelligence agencies and is classified at various levels, making it difficult to coordinate and share.

Source