Skype Exposes Pirates | TechSNAP 29

Skype Exposes Pirates | TechSNAP 29

Coming up on this week’s TechSNAP…

Researches have developed a way to tie your file sharing to your Skype account. We’ll share the details on how this works, and what you can do to prevent being tracked!

Plus we cover the Ultimate way to host your own email, and what happened when Chinese hackers took control of US Satellites!

All that and more, on this week’s episode of TechSNAP!


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:


[ad#shownotes]

Show Notes:

Audible.com:

Suspected Chinese Military Hackers take control of US Satellites

  • On four separate occasions during 2007 and 2008 US satellites were hijacked by way of their ground control stations.
  • The effected satellites were Landsat–7 (Terrain Mapping and Satellite Photography, example 1 example 2) and Terra AM–1 (Climate and Environmental Monitoring, 2010 Hurricane Karl)
  • While the US does not directly accuse the Chinese government in writing, these types of actions are consistent with known war plans that involve disabling communications, command and control, and GPS satellites as a precursor to war.
  • In one incident with NASA’s Terra AM–1, “the responsible party achieved all steps required to command the satellite,” however the attackers never actually took control of the satellite.
  • It was not until the 2008 investigation that the previous compromises in 2007 were detected
  • This raises an important question, are the US military and other NATO members, too reliant of satellite communications and GPS?
  • In a recent NATO exercise called ‘Joint Warrior’, it was planned to jam GPS satellite signals, however the jamming was suspended after pressure on the governments over civilian safety concerns. Story

Researchers develop a procedure to link Skype users to their Bittorrent downloads

  • The tools developed by the researchers at New York University allow any to determine a strong correlation between bittorrent downloads and a specific skype user.
  • Importantly, unlike RIAA/MPAA law suites, the researchers consider the possibility of false positives because of multiple users behind NAT.
  • The researchers resolve this issue by probing both the skype and bittorrent clients after a correlation is suspected. By generating a response from both clients at nearly the same time and comparing the IP ID (similar to a sequence number) of the packets, if the ID numbers are close together, than it is extremely likely that the response was generated by the same physical machine. If the IDs are very different, then it is likely that the Skype and BitTorrent users are on different machines, and there is no correlation between them.
  • This same technique could be made to work with other VoIP and P2P applications, and could be used to gather enough evidence to conclusively prove a bittorrent user’s identity.
  • This situation can be mitigated by using the feature of some OS’s that randomizes the IP ID to prevent such tracking. (net.inet.ip.random_id in FreeBSD, separate ‘scrub random-id’ feature in the BSD PF firewall)
  • The discovery could also be prevented by fixing the skype client such that it will not reply with its IP address if the privacy settings do not allow calls from that user. The current system employed by the researches does not actually place a call to the user, just tricks skype into thinking that a call will be placed, and skype then leaks the sensitive information by returning its IP address or initiating a connection to the attacker.
  • Read the full research paper

NASDAQ web application Directors Desk hacked

  • Directors Desk is a web application designed to allow executives to share documents and other sensitive information
  • When NASDAQ was hacked in February, they did not believe that any customer data was stolen
  • The attackers implanted spyware into the Directors Desk application and were able to spy on the sensitive documents of publicly traded companies as they were passed back and forth through the system
  • This is another example of the Advanced Persistent Threat (APT) as we saw with the RSA and South Korea Telecom hacks, where the attackers went after a service provider (in his case NASDAQ) to compromise the ultimate targets, the publicly traded companies and their sensitive documents.
  • It is not known what if any protection or encryption systems were part of Directors Desk, but it seems that the application was obviously lacking some important security measures, including an Intrusion Detection System that would have detected the modifications to the application.

SEC says companies may need to disclose cyber attacks in regulatory filings

  • The new guidance from the SEC spells out some of the things that companies may need to disclose to investors and others, depending upon their situation.
  • Some of the potential items companies may need to disclose include:
  • Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences
  • To the extent the registrant outsources functions that have material cyber security risks, description of those functions and how the registrant addresses those risks
  • Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences
  • Risks related to cyber incidents that may remain undetected for an extended period
  • “For example, if material intellectual property is stolen in a cyber attack, and the effects of the theft are reasonably likely to be material, the registrant should describe the property that was stolen and the effect of the attack on its results of operations, liquidity, and financial condition and whether the attack would cause reported financial information not to be indicative of future operating results or financial condition,” the statement says.
  • From the SEC guidance: The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision”
  • CF Disclosure Guidance: Topic No. 2 – Cybersecurity

Feedback:

It is definitely advantageous to own the domain that your email address is on. On top of looking more professional than a hotmail, or even gmail address, it also allows you to choose your host and have full control over everything. There are some caveats though, of course you must remember to renew your domain name, else your email stops working (just ask Chris about that one), you also have to be careful about picking where to host your domain, having your site or email hosted by a less reputable service can result in your domain being included on blacklists and stopping delivery of your mail to some users. The biggest problem with hosting your own email, from your home, is that you must keep the server up 24/7, and it must have a reasonable static IP address. If you are going to host from your home, I recommend you get a ‘backup mx’ service, a backup mail server that will collect mail sent to you while you are offline, and then forward it to your server when it is back up. Even if you are using a dedicated server or VPS, this is important, because email is usually the most critical service on your server. The other major issue with hosting your email from home, is that most ISPs block port 25 inbound and outbound, to prevent infected computers from sending spam. This means that you will not be able to send or receive email to other servers. Usually your ISP will require you to have a more expensive business class connection with a dedicated static IP address in order to allow traffic on port 25. Also, a great many spam filtering systems, such as spamassassin, use blacklists that contain the IP ranges of all consumer/home Internet providers, designed to stop spam from virus infected machines, because email should not be send from individual client machines, but through the ISP or Domain email server.

Round Up:

12 Responses to “Skype Exposes Pirates | TechSNAP 29”

  1. MaTachi Says:

    Fun that you mentioned the hack on http://www.bloggtoppen.se (The Blog Top in English). Even a guy working at the Swedish government got his Twitter account trashed and was posting inappropriate stuff. There were also a lot of people working at different newspapers who got their accounts hacked. So it’s possible that they got confidential from these hacks. :/

    The Swedish website Gratisbio.se (Free Cinema in English) was hacked during the summer, and the hackers published the password dump from this site just the other day too, which consisted of 210 000 passwords. I think they only were hashed with MD5, if they weren’t in plain text.
    http://www.pcworld.com/businesscenter/article/242700/massive_swedish_hacks_leak_400000_account_details.html

    Both password dumps are possible to download from the Swedish forum http://www.flashback.org – which I did, just to check that I weren’t in those. 😛

  2. Fredo Says:

    You used the same background on LAS!

  3. gameman733 Says:

    Just wanted to add some of my thoughts on the host your own email segment. I’m currently doing it from a Comcast home connection. If port 25 outbound is blocked, you can usually route email through another smtp server. I know exchange can do this and can’t imagine other smtp servers on Linux not being able to.
    Also, static IP is definately helpful, but not required. I have a dynamic hostname through no-ip and through my DNS registrar and have my mx records pointed to that dynamic host.
    Make sure you monitor the mail server for nefarious activity. I learned this the hard way when I discovered I had left relaying turned on.

  4. Anonymous Says:

    LIES!

  5. consultingforme Says:

    I disagree with your statements about rootkits. I have successfully removed dozens of rootkits from my customers computers. There are quite a few good tools on the net for this. Even though they may be hidden from the OS, they are not hidden from good anti-rootkit software.

  6. Anonymous Says:

    Ya it’s a tough call. I guess each situation should be judged on it’s own.

    -Chris

  7. Sean Says:

    An alternative to no-ip would be
    http://freedns.afraid.org/

    Allan may like it since its powered by freeBSD

  8. variaatio Says:

    Some comments about the satellite hacking and relying on technologyin civilian and military enviroment. Firstly this news came actually at a very good moment, because ESA just launched two first satellites in the European GALILEO positioning system, also russian GLONASS system just went online.

    Atleast GALILEO has been received critical comments for a) being redundant with GPS and b) being a security risk for U.S.A.. Second is mostly hypocritical boasting and not very interesting, but the first one is interesting from a reliability point of view. Some americans have been laughing for EU for using billions to developing their own system, because EU could just use GPS. EU answer to this is very interesting, Their point is that GPS is a military system, friendly military, but still military. All allied militaries of course get access to military hardware from USA, if civilian GPS would be shutdown for extreme reasons. This is not EU’s main problem (Countries outside NATO,like Finland where I live, might have some problems with military hardware).

    EU’s main problem is civilian side, for example airplane autopilot systems and other similar life critical civilian system rely on navigation data. To use these on large scale EU requires system, which will not be shutdown even on the case of war, so they are building a civilian contolled system. To order shutdown of GALILEO you would basicly need permission from the whole EU with multiple goverments and interest. Offcourse EU militaries will change to GALILEO or both GPS and GALILEO.

    The level of indepence and reliability needs is probably demonstrated most clearly by a incident in the manufacturing of the first satellites. ESA ripped out the SAR receiver system from the first satellites, because the system had electronic components from a chinese factory and they didn’t trust them to be untampered. Following satellites will have SAR system, that is produced from European parts. Actually all components are european, even components from friendly nations like USA very avoided. Every nut, bolt and microchip had to be produced inside Europe, even though it raises costs. So that is the length to which goverments are willing to go on very critical system like satellites.

    Comment about military reliance on high tech. We still have conscription, so I went through military service. I was trained as an artillery forward observer teams measurer. The most critical information for the FO team is the location of their observing position, because all targeting information send to batteries is based on that locatation. You get that wrong and  the shells will drop on your own neck. The minimum ordering distance is only couple hundred meters, so there is not much room for error. Also more importantly, if you can’t measure your locatation, you can’t order artillery strikes and are just dead weight for your unit.  

    This brings us to the reliability. Even though we had GPS receivers available and we even used them, we were trained to do the measuring in the way it has been done since WW II.Highly accurate compass and a 50 meter measuring cable. Go to the nearest known landmark, like road crossing.From there simply measure the direction of every 50 meter leg until you are at the observing position. It takes long time, is cumbersome and is less accurate. Sometimes we had to measure for couple kilometers through thick vegetation, because landmarks were not available and it would take an hour. All this only because we were never told to trust, that the satellite system is available. You could lose your receiver, run out of batteries (expecially in winter),  High terrain could make you lose sight of the satellites, satellites could be shutdown, jammed or destroyed. You can allways find map, compass and long piece of rope or cable. So yeah, if GPS shutsdown and your soldiers are not trained to handle it, they will be toast. If they are trained for FUBAR situation, well you will slow down, lose effectiness, but can still operate.

  9. designer handbags Says:

    There are various styles of Knockoff designer handbags on our online shop,you can wholesale replica handbags with low price and free shipping,our cheap replica handbags are AAA quality and popular styles,enjoy your shopping now!
    we offers large amounts of newest and best fake designer handbags , Each high quality Replica Chanel Handbags comes in a great variety of colors and models. The most amazing thing is the superior quality and the similar design as the replica designer jewelry which help us win many customers’ praises. Moreover, we still take proud in our competitive price and the best service! Created by Thomas Burberry in 1856, Burberry enjoys a long history of fashion. It is one of the oldest designer brands. knockoff handbags represents luxury and it enjoys a strong global recognition. If you want to wholesale replica handbags, undoubtly, the finest knockoff jewelry are the best choice for you! You are surely going to turn many heads by carrying these beautiful replica designer handbags around!

     

  10. Anonymous Says:

    Very insightful, thank you!

    -Chris

  11. yuye Says:

    3月27日MBT 靴早くラジオのニュース速報:MBT ブーツ3月27日早くサッカースパイク新聞摘要を通じて、運転手の車に誘導装置で注文支払い。という交通システムITSの無線交通ニュースネットワークシステム。車の通りいかなる1家のMcDonald、GPSと自動的にメニューが出る、あなたが直接上記注文の支払い、その後また自動指示システムはあなたを連れて最近の1家のMcDonald領の食事。アディダス スパイク サッカー唸る可能に及ぶ関東南部地域と東海地方東京電力会社3月26日、
    ナイキ バスケシューズ 会社の傘下に17原子炉を全部止まって。現在の日本は運行の原子炉の殘り北海道電力会社の泊原発3号機が、同ユニットも5月5日から定期検査のため、ナイキ ジョーダンもし当該ユニット5月末で復帰運転できないのなら、日本は「核の夏を迎える」。このニュースをスパイク停止の柏出力を135.6万キロワットjordan スニーカー 。同日、北海道電力会社によると、トリーバーチ 店舗5月5日運休泊原発3号機北海道泊村、出力91.2万キロワット。同ユニットの前に一度は定期検査の最終段階調整運転は昨年3月7日スタート、予定の約1か月後の商業運転が、福島原発の危機が発生したため、スパイクその商業運転延期されてから昨年8月。トリーバーチ シューズ日本の共同通信の分析によると、通常の状況では、ネイティブ フィッツシモンズ原発からは商業運転後の13ヶ月以内に検査を定期的に行う義務があるナイキ エアズーム。泊原発3号機は昨年3月から調整機能によって、サッカースパイクウラン燃料のし泊原発3号機は5月末復帰運転、日本原子炉、すべてを運休し、各界から夏の電力不足の懸念をさらに加熱。昨年3月11日ユニフォーム 通販、すぐさま福島原発の放射能漏れの危機。その後、日本の主な電力運営商の傘下に原子炉が相次いで運休し、2153円の10分の1。北海道電力最新の価格ラインは1244円と、昨年と比較し3月10日の終値1766円ダウンほぼ30%。他の大規模な電力運営商中部電力と関西電力などの株価も基本的に登場する「打ち切り」ジョーダンシューズー。日本の電力供給再臨「みたい」東日本大地震発生前に、日本の約30%の供給に原子力、日本政府は計画はこの割合は2030年前から50%高めだが、Nike サッカースパイク大地震とそのによる原発危機をすべて「水の泡になっただけでなく、ニューバランス日本の電力供給」は「みたいに直面する」。

  12. saasas Says:

    ナイキMercurialのミラクルIIは蒸気と同じデザインを共有しています。スピードとvisability用に構築。超軽量、超強力な、ガラス繊維複合ヒールシャーシ、スタッドの圧力を軽減し、サッカー場でインスタントNike サッカースパイク accellerationを提供し、直接クリートへの転送エネルギーを支援しますhttp://www.mercurialjapan.com。

    アッパー:プレミアム帝人マイクロファイバー合成材料の単層が支持と自然の快適さを提供し、足の形状に合わせてソフトでしなやかです。最後の解剖学的に正しい、輪郭速度が強化された、ぴったりフィットの足の形状を反映しています。内部ヒールカウンターはロックダウぴったり、Adidas サッカースパイク しっかりとフィット足に役立ちます。

    ミッドソール:EVAの中敷きコンタードはかかとと前足の下に柔らかく、快適なフィット感と減少スタッド圧力のための付加的なクッション性を提供します。

    アウトソール:デュアル密度はかかとを通してスタッドを直接注入する耐久性のあるトラクション、サポート、最適な速度とフィールド上のパフォーマンスのための軽量のパッケージでインスタント加速を提供します。ミズノ サッカースパイク mulitdirectionalスタッドパターンとインスタント加速度および方向に迅速に変更するための二次的な牽引要素と蒸気牽引システム。

Leave a Reply