Results 1 to 3 of 3

Thread: Security News Feeds?

  1. #1
    Join Date
    Mar 2005

    Question Security News Feeds?


    One of my colleagues and I were talking about emerging threats. He mentioned checking the SANS Internet Storm Center ( http://isc.sans.org/diary.php ) a couple of times a day for security news updates and threats coming in and up. There is even an entry today about emerging threats (woo - scary as we had been talking about that), here is the information they posted there:

    Emerging Threats
    As many of you know, worms, viruses, web defacements and even botnets are what we might call "last century" threats. What are we going to be facing in the coming years? The SANS ISC is interested in your ideas, so if you have time today drop us a brief note with your thoughts. Please don't send us a book, just a few lines will do. We'll include the best ones in the diary today.

    Here's a few that have arrived:

    David says, "Instead of hijacking a system to use the disk space and setup detectable FTP servers, [attackers] may end up harvesting all of the documents from the system in hopes of gaining financial or personal information for identity theft."

    John suggests, "As direct electronic invoicing becomes more popular, criminals will try to leverage poor implementations of Web Services to submit fraudulent invoices for payment. Agencies that have done away with support staff necessary for manual invoice processing will pay dearly."

    Greg offers, "With the developing trends in botnets and denial of service with them, I'm willing to bet that we'll see more frequent use of ddos for hire and malware distribution by zombie pcs. It also would be a shock to see an adaptive botnet..that can change and adapt to discovery on the fly..shutting down discovered nodes and such."

    Steve tells us, "I believe that the real threat that's only beginning to surface is internet extortion. What means by which it will happen is hard to say, but it's an increasing threat. I think we're on the brink of seeing widespread extortion happening where files will be "kidnapped", and a ransom note will be left in their places for the user to follow if they want their precious files back." (note from the HOD - this is already happening!)

    Tom thinks that these are possible emerging threats: "VoIP hacks (with social engineering and Caller ID spoofing people will give up a lot of data), Hacker "Mafias" (not just small scale people writing viruses because they can - distributed networks of hackers organizing criminal actions like stealing credit information, etc.), attacks on mobile devices (security just really is not a concern for many mobile companies)."

    Alex scares us with, "My thought is that we'll see new types of Malware that are able to correlate personal data about a selected individual that it promiscuously finds on the web. The implications of this ranging from the obvious identity theft to much more sophisticated phishing scams and even password comprimise by building very specific custom dictionaries for attack. A 50k+ botnet is great for DDoS, but it has other uses for its massive computing power and connectivity; namely a huge web spidering and correlational tool for this type of attack."

    Damian believes that, "one of the emerging trends could be cryptovirology. I believe it could have a huge impact if a nasty crypto worm is developed and it could exploit some new vulnerabilities. In fact I try not to think about it very often ... otherwise I couldn't sleep."

    CE's crystal ball says, "Two things come to mind regarding emerging threats: 1) Infection, or at least increased attempts at infecting, of popular sites (like the recent MSN News Korea story) will increase due to the lure of large amounts of victims who trust well-known sites. 2) False information that is presented in ways that a majority of readers, and possibly many experts, wouldn't doubt. This can be used for fraud, social engineering, etc. It will move beyond phishing email and stock scams into possibly more mainstream mediums."

    Gary says he is "concerned at the potential for targeted malware. Whereas today's viruses and worms are fairly indiscriminate, I forsee the emergence of malware that specifically targets a given individual, organization or some other distinctive target."

    Christian muses that, "one threat will remain for ever .. that's osi layer 8. There will always be suboptimally trained users, administrators, coders or manager that copy /etc/shadow to webserver root." (note from the HOD - I like to call this the "carbon layer" of the OSI model.)

    Matt predicts three major trends in the coming year: "The death spiral of signature-based virus detection ... a major increase in wireless network attacks, particularly man-in-the-middle spoofing/theft ... [and] a concentrated, coordinated effort to improve public understanding of basic security issues by both private and government agencies."

    Eric is concerned about "completely 'blended' and adaptive threats funded by money that is coerced/stolen electronically. Threats that morph from one form to another depending on how a system is setup to counteract attacks is a real possibilitiy. With more 'holes' being discovered I think it is wise to believe that the development of adaptive threats with blended capabilities is going to be a huge problem."

    Chip has a fatalistic outlook, telling us that, "Aside from 'individual' system administrator and 'real' security consultants, I see no cluefulness at all in the IT world, nor in oversight agencies, none." He goes on to say that, "the folks who have been wishing for a really stable platform such as BSD to host malicious applications on, have been handed a goldmine in the form of the new MacIntel platform."

    Phil predicts "a worm that actually exploits a vulnerability for which we haven't had a patch for months or even years. It's been a while..."

    Well, this is interesting. Most of today's submissions have been oriented on technologies. This afternoon we've seen quite a shift in the thinking of the evil minds. Here's what the mailbag brought us...

    An anonymous person looked into the future connected world and prognosticated, "what about crackers breaking into an automated household and manipulating all sorts of automated devices, like the fridge, locks, dishwashers, coffemakers and so on ... another one could be break-ins to car computers to ground you or worse cause an accident on purpose ... and still another one could be (or maybe already is...) hijacking devices (such as sealing harddisks with passwords and then ask for money to reopen the disk) - you could do this with all sorts of networked equipment ... a completely different approach is identity manipulation: changing information on the web about other people to create a wrong impression about them...."

    AJ steps up the heat with, "I think that the next attack could be a mobile virus that spreads between smart mobile phones. At a designated time the payload could have all the mobile phones dial a specified number DDOSing the cellular network and the target phone network."

    Jim was thinking out of the box when he wrote, "Funny you haven't mentioned terrorism yet. Why blow up a building when you can destroy a nation's economy?"

    Not to be outdone, Rick fired away with, "Nations or groups dedicated to the downfall of any given government could be compiling botnet lists and lists of the most effective malware for a coordinated distributed attack to undermine and collapse economic stability, maybe as part of other physical attacks."

    Wayne believes that, "the newer threat will be online extortion. Download a malware, encrypt your important info, and ask for money.."

    Mike was maintaining a positive outlook when he wrote, "For years, organizations have been spending a lot of money on poorly-implemented or half-baked security solutions so they can check a box on an audit finding. At the same time, auditors have been providing findings of such poor quality that the information is nearly useless to their customers. I believe some of the recent high-profile identity theft cases will bring this to light, and hopefully improve auditing practices and force the hand of large organizations to *properly* implement security technologies."

    Mark is convinced that, "a cyberattack on our electronic infrastructure is in the cards." He thinks it could happen by creating a "Coordinated attack on a predetermined time and date launched from many platforms, including zombified PCs, social engineering attacks, and insiders that were 'planted' for D-Day; [or] Indirect attack from the EMP blast from a nuclear warhead on a missile. Could be launched from offshore somewhere, or even from inside the US, with the materials having been smuggled in and assembled on location; [or] Create a crisis of such proportions (some kind of attack) that the much-increased use of the electronic infrastructure because of everyone trying to contact family, friends, etc., crashes everything." (wow, Mark, you should be a screen writer!)
    The above is speculation at this point, (in Homer's voice "Or is it?"), based or not on facts or history. I was curious if the SANS ISC is THE source for frequently updated security news and threats, or is there another good source or two, or three? I was thinking of a couple:

    1. http://www.cert.org/
    2. http://www.securityfocus.com/
    3. http://www.security-update.com/security-news/

    Any others worth mentioning? Besides AO - already have dat one! What about the ones I have mentioned above? Oooh - what about finding out information on what the other side is doing - or is that even possible without becoming a Black Hat?

    In advance -


  2. #2
    Junior Member
    Join Date
    Apr 2005
    I would say since we're talking about security (which is a complex and huge field of IT) you may need to visit a variety of sources to find information unless it's something specific your looking for. I don't think there is one single source that will contain it all. Here are a few sites that I have bookmarked relating to security information/news.

    Note: I'm just posting the website, you may have to browse to get to the specific news and information areas your looking for, these may not contain specific news feeds that your looking for.

    http://.searchsecurity.techtarget.com -General portal filled with lots of security news/info/etc
    http://www.microsoft.com/technet/Security/default.mspx -Microsoft Related Security Bulletins/Info
    www.hackinthebox.org -hacker news, exploits/etc
    www.networksecuritytech.com -security forums/info/etc

    There is gobs of stuff out there, check the hacker related sites, the ones that cater to uncovering exploits and notifying the right people (white hats) as opposed to those that just want to break stuff. I learn a lot from them. Hope this helps.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    While it is not exactly about emerging threats you really might want to look in to the "big" security lists to supplement those websites, even those with RSS on them. Check out the lists over here, and might I suggest the Full Disclosure list for intresting bits of code that haven't hit the wild yet. If you watch patterns there you can find the emerging threats before most people start talking about them

    The FD list isn't as good as it used to be, but it still has gems that are buried in there.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts