Year: 2007
Hacker Breaks Into Website of Canadian Nuclear Agency
As reported by the Ottawa Citizen, and numerous other sources, a hacker attacked the Canadian Nuclear Safety Commission website, littering it with dozens of photographs of a nuclear explosion and raising concerns about the security of information held by the nuclear watchdog agency.
There is no excuse for any government funded agency in Canada to be susceptible to an attack of this nature. The Communications Security Establishment (CSE) offers training to all levels of government, certifies products, and also conducts research and development on behalf of the Government of Canada in fields related to communications security.
I’ve assisted the CSE during their evaluation of a product and they were very thorough in their evaluation process. Not only do they follow their defined test plan to ensure proper validation, they also create “free form” scenarios in an attempt make the device do something unexpected, like removing key values from configuration files to see what happens.
This attack leads me to believe that the defacement of this website was due to a breakdown in process. The developers of the website, either internal developers or consultants, did not perform adequate validation of their code to ensure security. The project officer who signed off on the completion of the project should ultimately be held responsible for this breach. Part of their project goals should have been a complete inspection of the final product with respect to security using publicly available Government of Canada Publications published by the CSE.
I can’t help but think what a huge problem this breach would have been had this been anything more than a simple website defacement.
New Breakthrough in Worm Detection…Using Existing Technology???
Network World is reporting that Penn State University researchers have created technology they say can nab computer worms more quickly than traditional signature-based systems. This is done by watching for anomalous traffic patterns such as increased traffic rates to or from individual hosts.
From the article:
The Proactive Worm Containment technology watches for a packet’s rate and diversity of connections to other networks to identify worms, rather than having to wait around for a signature to be generated to spot new malware.
This technique can cut the time from identifying and capturing a worm from minutes to milliseconds, allowing for only a handful of infected packets to spread, the research team claims. That makes a big difference when you consider that notorious worms such as Slammer could issue 4,000 packets a second when attacking Microsoft’s SQL Server.
I had to read this article twice to try and understand how this “new technology” is different from present day Network Behavior Analysis (NBA) technology from vendors like Q1 Labs, Arbor Networks, Mazu Networks, and Lancope. Forcing myself to read it a third time still hasn’t convinced me that their methods are newer than anything out there today.
Also from the article:
The technology, now in beta testing and in the midst of being patented, isn’t just fast. It’s also smart. In the event that a high connection rate turns out not to be the sign of a worm, the security system can do its version of a mea culpa and release the packets upon recognizing the mistake, the researchers say.
I guess I will wait to see description used in the patent as well as a final product before I make final judgment but I fail to see how the methods being used are new.
Hacker Techniques, Exploits and Incident Handling in Fredericton, NB, Canada
After working with my contact at SANS for the last few weeks it’s finally official! From Thursday, April 5, 2007 to Thursday, June 7, 2007 I will be leading the Security 504: Hacker Techniques, Exploits and Incident Handling track here in Fredericton, New Brunswick, Canada.
I see this as a really big deal for the following reasons:
- The population of Fredericton is only around 48000 which is is the size of most big city suburbs. Trying to get this type of training is not easy in Fredericton, let alone the rest of Atlantic Canada.
- Most organizations in New Brunswick are unable to send their employees for formal training due to the cost of hotels, flights, meals, etc. Having a local training option will drastically reduce this roadblock to quality training.
- I get to give back to the security community, gain valuable teaching experience, and meet local people in the security field (this is a personal bonus for me!)
If you live in Fredericton, or the surrounding areas, and want to know more about this training sessions then please take a look at the following links:
- The SANS Institute – http://www.sans.org/
- About the Mentor Program – http://www.sans.org/mentor/about.php
- Mentor Program FAQ – http://www.sans.org/mentor/faq.php
- Security 504: Hacker Techniques, Exploits and Incident Handling – http://www.sans.org/mentor/details.php?nid=3026
- Registration Information – http://www.sans.org/registration/register.php?conferenceid=3026
If you do register please don’t forget to enter “MENTOR RECRUIT” into the Comments section during their online registration.
Also, if you’d like to learn more about the instructor (me) then please check out my About page and Resume. I look forward to seeing everyone there!