Digg and Microsoft

This is not about my research but I found interesting to comment about it.

Few days ago Digg and Microsoft signed an agreement where Microsoft will be the provider of contextual advertising.

I predict some change in Digg during the next six months:

- You won't be able to criticize Microsoft, if you do that, then you will be banned
- You will need to use IE with DRM
- If you comment about Linux, you could be sued by infringement of bogus MS pattens
- You could get infected by a worm just to click in posts
- You won't be allowed to submit news about Linux, Apple or Google
- The site sometimes will display a blue screen

True Random Generator Service

  It is based on the " 'Quantum Random Bit Generator' (QRBG121), which is a fast non-deterministic random bit (number) generator whose randomness relies on intrinsic randomness of the quantum physical process of photonic emission in semiconductors and subsequent detection by photoelectric effect".

  Why is this good? well because software cannot generate real random numbers, they just can generate pseudo random numbers.

 

  If interested there is a QRBG Service that you can access it online. Today there are C++ libraries, MathLab toolbox and CLI access. They are also planning to support web access. 

Spammers using DDoS attacks

I read in a post in the SANS website that ansti-spam groups websites are under a DDoS attack. It is interesting the point of view of the post's author about seeing this as a desperate action from the spammers groups.

AI to train Firefigthers

Computer Science researchers of the University of Southern California (USC) have developed an artificial intelligence systems based in agents to train firefigthers. The software creates escenarios and it evaluates the response of the trainees in a 3D environment created with maps and images (I imagine the use of Google's street view in this kind of applications). The system is currently used by Los Angeles Fire Department.

P2P networks used to launch DDoS attacks

I read a pair of notes about P2P networks (using DC++) hijacked to create botnets. The problem is caused by a vulnerability in the code of the P2P software that allows the injection of malicious code. The compromised host can be used to launch DDoS attacks.

Netcraft
Net-security

Some Security Tools

In the ISC SANS website, Jim Clausing publish a list of tools to capture, analyze, generate, modify and replay packets (the note does not mention "analyze but I think some of the tools cab be used to do it)

I wonder why are not there tools such as tcpreplay and vomit (used in Voice over IP). For more information about security tools a good resource is secure.org.

To use secure linux distros I would recommend Backtrack (based on slackware) and S-T-D (based on Kanoppix).

-as

Distributed Denial of Service (DDoS) Attacks are Back

Yes, the Distributed Denial of Service (DDoS) Attacks are not in the past as pointed by Symantec's Yazan Gable in the enterprise blog. Some examples after his comments:

Finnish Website prey of DoS
DDoS/DoS to myBulgaria.info
Computer Terrorism For Sale

And that is not at all. Yesterday the British's Daily Telegraph website was knocked out by a DDoS (the note). In my opinion the more critical event was the apparent Russian's Cyber Attack against Estonia's network infrastructure some days ago. There are not yet enough information to clarify the incident but it would not be the first time that hackers from different countries attack each other after some political events (China v.s Taiwan). This remind me the comments of Professor Dorothy Denning in her book Information Warfare and Security. (Professor Denning was one of the first research works on Intrusion Detection Systems (IDS), her paper).

My opinion is that DDoS will be there no matter what security companies say. While the motivation exists, the problem will remain.

-as