Jupiter Broadcasting

Skype Exposes Pirates | TechSNAP 29

chris

Coming up on this week’s TechSNAP…

Researches have developed a way to tie your file sharing to your Skype account. We’ll share the details on how this works, and what you can do to prevent being tracked!

Plus we cover the Ultimate way to host your own email, and what happened when Chinese hackers took control of US Satellites!

All that and more, on this week’s episode of TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:


[ad#shownotes]

Show Notes:

Audible.com:

Suspected Chinese Military Hackers take control of US Satellites

  • On four separate occasions during 2007 and 2008 US satellites were hijacked by way of their ground control stations.
  • The effected satellites were Landsat–7 (Terrain Mapping and Satellite Photography, example 1 example 2) and Terra AM–1 (Climate and Environmental Monitoring, 2010 Hurricane Karl)
  • While the US does not directly accuse the Chinese government in writing, these types of actions are consistent with known war plans that involve disabling communications, command and control, and GPS satellites as a precursor to war.
  • In one incident with NASA’s Terra AM–1, “the responsible party achieved all steps required to command the satellite,” however the attackers never actually took control of the satellite.
  • It was not until the 2008 investigation that the previous compromises in 2007 were detected
  • This raises an important question, are the US military and other NATO members, too reliant of satellite communications and GPS?
  • In a recent NATO exercise called ‘Joint Warrior’, it was planned to jam GPS satellite signals, however the jamming was suspended after pressure on the governments over civilian safety concerns. Story

Researchers develop a procedure to link Skype users to their Bittorrent downloads

  • The tools developed by the researchers at New York University allow any to determine a strong correlation between bittorrent downloads and a specific skype user.
  • Importantly, unlike RIAA/MPAA law suites, the researchers consider the possibility of false positives because of multiple users behind NAT.
  • The researchers resolve this issue by probing both the skype and bittorrent clients after a correlation is suspected. By generating a response from both clients at nearly the same time and comparing the IP ID (similar to a sequence number) of the packets, if the ID numbers are close together, than it is extremely likely that the response was generated by the same physical machine. If the IDs are very different, then it is likely that the Skype and BitTorrent users are on different machines, and there is no correlation between them.
  • This same technique could be made to work with other VoIP and P2P applications, and could be used to gather enough evidence to conclusively prove a bittorrent user’s identity.
  • This situation can be mitigated by using the feature of some OS’s that randomizes the IP ID to prevent such tracking. (net.inet.ip.random_id in FreeBSD, separate ‘scrub random-id’ feature in the BSD PF firewall)
  • The discovery could also be prevented by fixing the skype client such that it will not reply with its IP address if the privacy settings do not allow calls from that user. The current system employed by the researches does not actually place a call to the user, just tricks skype into thinking that a call will be placed, and skype then leaks the sensitive information by returning its IP address or initiating a connection to the attacker.
  • Read the full research paper

NASDAQ web application Directors Desk hacked

  • Directors Desk is a web application designed to allow executives to share documents and other sensitive information
  • When NASDAQ was hacked in February, they did not believe that any customer data was stolen
  • The attackers implanted spyware into the Directors Desk application and were able to spy on the sensitive documents of publicly traded companies as they were passed back and forth through the system
  • This is another example of the Advanced Persistent Threat (APT) as we saw with the RSA and South Korea Telecom hacks, where the attackers went after a service provider (in his case NASDAQ) to compromise the ultimate targets, the publicly traded companies and their sensitive documents.
  • It is not known what if any protection or encryption systems were part of Directors Desk, but it seems that the application was obviously lacking some important security measures, including an Intrusion Detection System that would have detected the modifications to the application.

SEC says companies may need to disclose cyber attacks in regulatory filings

  • The new guidance from the SEC spells out some of the things that companies may need to disclose to investors and others, depending upon their situation.
  • Some of the potential items companies may need to disclose include:
  • Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences
  • To the extent the registrant outsources functions that have material cyber security risks, description of those functions and how the registrant addresses those risks
  • Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences
  • Risks related to cyber incidents that may remain undetected for an extended period
  • “For example, if material intellectual property is stolen in a cyber attack, and the effects of the theft are reasonably likely to be material, the registrant should describe the property that was stolen and the effect of the attack on its results of operations, liquidity, and financial condition and whether the attack would cause reported financial information not to be indicative of future operating results or financial condition,” the statement says.
  • From the SEC guidance: The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision”
  • CF Disclosure Guidance: Topic No. 2 – Cybersecurity

Feedback:

It is definitely advantageous to own the domain that your email address is on. On top of looking more professional than a hotmail, or even gmail address, it also allows you to choose your host and have full control over everything. There are some caveats though, of course you must remember to renew your domain name, else your email stops working (just ask Chris about that one), you also have to be careful about picking where to host your domain, having your site or email hosted by a less reputable service can result in your domain being included on blacklists and stopping delivery of your mail to some users. The biggest problem with hosting your own email, from your home, is that you must keep the server up 24/7, and it must have a reasonable static IP address. If you are going to host from your home, I recommend you get a ‘backup mx’ service, a backup mail server that will collect mail sent to you while you are offline, and then forward it to your server when it is back up. Even if you are using a dedicated server or VPS, this is important, because email is usually the most critical service on your server. The other major issue with hosting your email from home, is that most ISPs block port 25 inbound and outbound, to prevent infected computers from sending spam. This means that you will not be able to send or receive email to other servers. Usually your ISP will require you to have a more expensive business class connection with a dedicated static IP address in order to allow traffic on port 25. Also, a great many spam filtering systems, such as spamassassin, use blacklists that contain the IP ranges of all consumer/home Internet providers, designed to stop spam from virus infected machines, because email should not be send from individual client machines, but through the ISP or Domain email server.

Round Up: