Cogburn
07-08-2009, 02:15 AM
You're telling me that the DHS can't beat a simple IP spoof?
Where's the attack coming from and why don't they just come out and say it?
[offsite=http://finance.yahoo.com/news/Federal-Web-sites-knocked-out-apf-2773092122.html?x=0&sec=topStories&pos=main&asset=&ccode=:28wi8vmq]Federal Web sites knocked out by cyber attack
Federal agency Web sites knocked out by massive, resilient cyber attack
By Lolita C. Baldor, Associated Press Writer
On Tuesday July 7, 2009, 11:41 pm EDT
WASHINGTON (AP) -- A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.
The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, according to officials inside and outside the government. Some of the sites were still experiencing problems Tuesday evening. Cyber attacks on South Korea government and private sites also may be linked, officials there said.
U.S. officials refused to publicly discuss details of the cyber attack. But Amy Kudwa, spokeswoman for the Homeland Security Department, said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."
The U.S., she said, sees attacks on its networks every day, and measures have been put in place to minimize the impact on federal Web sites.
It was not clear whether other federal government sites also were attacked.
Others familiar with the U.S. outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
Web sites of major South Korean government agencies, banks and Internet sites also were paralyzed in a suspected cyber attack Tuesday. Ahn Jeong-eun, a spokeswoman at the Korea Information Security Agency, said the U.S. and South Korean attacks appeared to be linked.
The South Korean sites included the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, Korea Exchange Bank and top Internet portal Naver. They went down or had access problems since late Tuesday, Ahn said.
Kudwa had no comment on the South Korean attacks.
Two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem.
Ben Rushlo, director of Internet technologies at Keynote Systems, called it a "massive outage" and said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.
Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.
According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.
"This is very strange. You don't see this," he said. "Having something 100 percent down for a 24-hour-plus period is a pretty significant event."
He added that, "The fact that it lasted for so long and that it was so significant in its ability to bring the site down says something about the site's ability to fend off (an attack) or about the severity of the attack."
Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."
For instance, last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian security and military intelligence agencies were involved.
Documenting cyber attacks against government sites is difficult, and depends heavily on how agencies characterize an incident and how successful or damaging it is.
Government officials routinely say their computers are probed millions of times a day, with many of those being scans that don't trigger any problems. In a June report, the congressional Government Accountability Office said federal agencies reported more than 16,000 threats or incidents last year, roughly three times the amount in 2007. Most of those involved unauthorized access to the system, violations of computer use policies or investigations into potentially harmful incidents.
The Homeland Security Department, meanwhile, says there were 5,499 known breaches of U.S. government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006.
Keynote: http://www.keynote.com/keynote(underscore)competitive(underscore)research/performance(underscore)indices/government(underscore)index/government(underscore)top40.html
Department of Transportation: http://www.dot.gov
Treasury Department: http://www.ustreas.gov[/offsite:28wi8vmq]
Wouldn't have anything to do with this... would it?
[offsite=http://blogs.zdnet.com/security/?p=3658:28wi8vmq]Remote code execution exploit for Green Dam in the wild
Posted by Dancho Danchev @ 7:52 am June 24th, 2009
The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.
However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.
Here are more details on the remote code execution flaw in the latest version:
“Green Dam intercepts Internet traffic using a library called SurfGd.dll. Even after the security patch, SurfGd.dll uses a fixed-length buffer to process web site requests, and malicious web sites can still overrun this buffer to take control of execution. The program now checks the lengths of the URL and the individual HTTP request headers, but the sum of the lengths is erroneously allowed to be greater than the size of the buffer. An attacker can compromise the new version by using both a very long URL and a very long “Host” HTTP header. The pre-update version 3.17, which we examined in our original report, is also susceptible to this attack.”
According to Green Dam’s official web site, the latest 3.17 version which still remains exploitable, has already been downloaded 426,138 times, combined with raw data on over 7,172,500 downloads of the previously vulnerable version, the current situation could easily turn the “Great Botnet of China” from theory into practice if the exploits ends up embedded within a web malware exploitation kit.[/offsite:28wi8vmq]
Where's the attack coming from and why don't they just come out and say it?
[offsite=http://finance.yahoo.com/news/Federal-Web-sites-knocked-out-apf-2773092122.html?x=0&sec=topStories&pos=main&asset=&ccode=:28wi8vmq]Federal Web sites knocked out by cyber attack
Federal agency Web sites knocked out by massive, resilient cyber attack
By Lolita C. Baldor, Associated Press Writer
On Tuesday July 7, 2009, 11:41 pm EDT
WASHINGTON (AP) -- A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.
The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, according to officials inside and outside the government. Some of the sites were still experiencing problems Tuesday evening. Cyber attacks on South Korea government and private sites also may be linked, officials there said.
U.S. officials refused to publicly discuss details of the cyber attack. But Amy Kudwa, spokeswoman for the Homeland Security Department, said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."
The U.S., she said, sees attacks on its networks every day, and measures have been put in place to minimize the impact on federal Web sites.
It was not clear whether other federal government sites also were attacked.
Others familiar with the U.S. outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
Web sites of major South Korean government agencies, banks and Internet sites also were paralyzed in a suspected cyber attack Tuesday. Ahn Jeong-eun, a spokeswoman at the Korea Information Security Agency, said the U.S. and South Korean attacks appeared to be linked.
The South Korean sites included the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, Korea Exchange Bank and top Internet portal Naver. They went down or had access problems since late Tuesday, Ahn said.
Kudwa had no comment on the South Korean attacks.
Two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem.
Ben Rushlo, director of Internet technologies at Keynote Systems, called it a "massive outage" and said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.
Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.
According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.
"This is very strange. You don't see this," he said. "Having something 100 percent down for a 24-hour-plus period is a pretty significant event."
He added that, "The fact that it lasted for so long and that it was so significant in its ability to bring the site down says something about the site's ability to fend off (an attack) or about the severity of the attack."
Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."
For instance, last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian security and military intelligence agencies were involved.
Documenting cyber attacks against government sites is difficult, and depends heavily on how agencies characterize an incident and how successful or damaging it is.
Government officials routinely say their computers are probed millions of times a day, with many of those being scans that don't trigger any problems. In a June report, the congressional Government Accountability Office said federal agencies reported more than 16,000 threats or incidents last year, roughly three times the amount in 2007. Most of those involved unauthorized access to the system, violations of computer use policies or investigations into potentially harmful incidents.
The Homeland Security Department, meanwhile, says there were 5,499 known breaches of U.S. government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006.
Keynote: http://www.keynote.com/keynote(underscore)competitive(underscore)research/performance(underscore)indices/government(underscore)index/government(underscore)top40.html
Department of Transportation: http://www.dot.gov
Treasury Department: http://www.ustreas.gov[/offsite:28wi8vmq]
Wouldn't have anything to do with this... would it?
[offsite=http://blogs.zdnet.com/security/?p=3658:28wi8vmq]Remote code execution exploit for Green Dam in the wild
Posted by Dancho Danchev @ 7:52 am June 24th, 2009
The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.
However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.
Here are more details on the remote code execution flaw in the latest version:
“Green Dam intercepts Internet traffic using a library called SurfGd.dll. Even after the security patch, SurfGd.dll uses a fixed-length buffer to process web site requests, and malicious web sites can still overrun this buffer to take control of execution. The program now checks the lengths of the URL and the individual HTTP request headers, but the sum of the lengths is erroneously allowed to be greater than the size of the buffer. An attacker can compromise the new version by using both a very long URL and a very long “Host” HTTP header. The pre-update version 3.17, which we examined in our original report, is also susceptible to this attack.”
According to Green Dam’s official web site, the latest 3.17 version which still remains exploitable, has already been downloaded 426,138 times, combined with raw data on over 7,172,500 downloads of the previously vulnerable version, the current situation could easily turn the “Great Botnet of China” from theory into practice if the exploits ends up embedded within a web malware exploitation kit.[/offsite:28wi8vmq]