Do you believe in GHOSTs?
Certainly, the big news this month is the disclosure of a new vulnerability found in almost all Linux distributions – Called GHOST (GetHost). “…developed a proof of concept (PoC) attack in which we send a specially created e-mail to a mail server and can get a remote shell to the Linux machine”. This is not so good and falls on the heels of Heartbleed, Poodle and ShellShock vulnerabilities discovered in 2014. Apparently this bug has been with us since 2000. That may explain how foreign nation states and cyber criminals have been so successful at exploiting open source systems; those running BSD or OpenBSD do not seem to be effected.
IS takes Jihadist movement online
Last week I wrote about how geopolitical events can inspire online activity (link). Here’s an excellent example of the connection.
The Charlie Hebdo shooting moved into cyber space as several groups with extremist views launched a number of attacks on over 19,000 sites in France. On January 15th CNN reported Islamist computer hackers defaced hundreds of French websites in response to hacker collective Anonymous' declaration of war on websites that spread jihadist messages.
The Islamist hackers replaced the content with their own posts. The hackers are working under the name "United Islamic Cyber Force," which has rallied under the hashtag #OpFrance. Members include the Tunisian collective calling itself FallaGa team, which has taken responsibility for 1,222 of the attacks, and the group calling itself Anon Ghost.
French Rear Adm. Arnaud Coustilliere, the head of France's version of the National Security Administration, confirmed the attacks. The groups have vowed to continue their attacks.
Google shows Zero tolerance
Another story which lit up Twitter, especially among the infosec folks I follow, was Google’s decision to published details – including exploit code – for a vulnerability in Windows the day before Microsoft was set to make the patch available.
Microsoft publicly chastised Google for the seemingly irresponsible disclosure. However, Google originally shared the vulnerability details with Microsoft on October 13, 2014, and it adheres to a strict 90-day disclosure policy. When Microsoft's 90 days were up, Google shared the details of the bug.
Google’s Project Zero team subsequently dropped more vulnerability details on Apple iOS and (not surprisingly) Adobe Flash when the 90-day period was up. It looks like Google is trying to be the “World’s Disclosure Police Force.” Good for them to step up and try to hold vendors accountable for serious bugs in software we use every day.
There’s a new WireShark on the block
Only because it is one of the most important security and network troubleshooting tools in the world it’s big news when a new Version of WireShark (V1.12.3) drops. Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network.
FBI warns of new email scam
Although, geopolitical events are exciting to see play out in the realm of cyberspace, on January 22nd we were reminded that cyber crime continues to be an ever-present and persistent problem. The FBI and the Internet Crime Complaint Center (IC3) issued a warning about a spam scheme that netted the attackers more than US $200 million in the last three months of 2014. They are calling it the Business eMail Compromise (BEC). The scheme targets companies that conduct business with foreign suppliers and are accustomed to making wire transfer payments.
As we complete the first month of 2015 all indicators are it’s going to be a wild and dangerous year in cyberspace.
Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.
You can follow Ian on Twitter® at @phat_hobbit.