Saturday, June 27, 2009
Friday, June 19, 2009
Log reader and parser for pf
I am working on a new parser and reporting tool for Open/FreeBSD to parse and build reports based on the following log file.
Jun 19 05:10:02 gandalf pf: Jun 19 05:09:04.736659 rule 49/(match) pass out on dc1: 71.62.139.73.17159 > 96.17.171.19.80: S 2165519495:2165519495(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,[|tcp]> (DF)
this is a pipe command right now to get the logged entries into this format, and i will soon build a OS X interface to pull the data right from the firewall. I am still thinking of wether to write it in Obj-C or Realbasic. Looking at the toolsets avail for both.
Sunday, April 12, 2009
The Past – mid 80’s - 1999
A brief history of the online battles and how they have advanced over the Past 10 years and tools we have developed to fight against them. Hacking, worms and viruses, and how the two have melded into the new face of internet and Cyber-Warfare/Terrorism. The current Status of the new online battles and the many different worms and viruses, and the rapid development of new exploit development code also the rapid development of transport mechanism’s to help spread or infect systems or more of a global or larger scale based on the intended targets or the desired affects that the individuals are going after. The primary categories of computer criminals are Crackers/Hackers, Criminals or vandals.
Our primary focus will be that of the Computer criminal such, that these are the individuals that are most likely and interested in creating, causing or benefiting from disruption of internet or network traffic. Thru this time we saw the emergence of the internet as more of a public tool, whereas prior to this time very few people actually used the internet directly. Most connections were either from universities, large companies or government it was mainly for research and development as well, with some large online communities like TheWell, on the west coast, and a few others. During this time we also saw a rise in the types of viruses and other network based threats. It was not considered as major of a problem back then, it was primarily a more of an annoyance more than anything else, and most of the users just wrote it off as people playing or testing what could be done, turning a blind eye so to speak.
The problem was that by allowing most of this initial activity and hacking to go unchecked, we helped to determine the path of the future of these types of attacks, we also by not initially make security a higher priority helped to shape the level and scale at which some of these attacks would grow to or evolve into. Let’s look at some of the first and majors issues from the start. The first of the major outages or disturbances on the internet was the Morris Worm ; this was designed to expose the security defects in operating systems, with out attaching itself like a virus does, In Nov 98, when he released the worm it immediately went out of control due to what he claims was a programming error that caused the worm to start a catastrophic rate of replication and reinfection. It did have a large impact on the infrastructure, and caused widespread degradation and outages on the backbone at the time. This was and can be considered the start of the mass mail worm, and was only a sign of things to come and in light of recent events it will be come apparent why I say this. This was just the beginning of the new wave of internet based attacks and cyber-battles that would cause us to redefine the way we conduct ourselves and business on the internet. This also led to a document called the Hacker Manifesto or Mentor’s last words In the late 80’s and starting in the early 90’s we started to see an increase in the amount of information trafficking as well as an increase in the knowledge and skills being used in breaking into systems and networks.
Individuals started using know flaws and vulnerabilities which till then, had never been tested or truly exploited for personal gain or notoriety, one such instance was that in which a group of German based hackers where using university computers to scan and break into government and military networks in the United States, these tracked and found by a University Researcher working in the Data Processing Center for a university found accounting errors, which lead him to this discovery, his name was Clifford Stohl .
Another well known case is that of convicted hacker Kevin Mitnick , breaking into several computer systems to steal information and source for operating systems and other tools used by network security and telecommunication engineer’s as well as so called making threats against the Engr. The result of this was his incarceration as well as the subsequent conviction of multiple counts of Computer Fraud and Theft. The basic cause of these events can be summed up into the fact, that no matter how people try to organize or form groups like the hacker groups, that ego’s, differing thoughts or motivators will eventually drive them to seek other goals, hence we have the problems we have today.
This is in the truest form, nothing more than teenagers and now older generation of earlier hackers are trying to one up each other. Thus they battle online or even now sell their services to others for fame, fortune or both. The other reason why it continues today is that these individuals have realized that by selling the secrets or information or in many times performing the services themselves that they can make lots of money hence getting respect from their peer’s. These are all problems that will be around for a long time, based on the current trends in technology and politics.
The true hackers are those have come up with most of the technological advances and technologies that we enjoy in our everyday lives, but the script kiddies and modern day virus and worm writers have and will continue to cause major problems for the internet of today and the future as long as we continue to ignore the importance of security first and build in security from the very start of projects and applications.
Sunday, March 15, 2009
IA Controls
<pre>
class Controls < ActiveRecord::Base
belongs_to :controls_lists
def self.find_control_all
find(:all, :order => "control")
end
end
class Controls_Lists < ActiveRecord::Base
def item
@item = ControlsLists.find_by_sql("
select * from iacontrols iac
join controls c
order by ControlName
where c.id = 'iac.id'")
end
end
</pre>
Thursday, March 12, 2009
New App on the Way - CA-Track
I am starting work on a new application that will run from a thumb drive(Secured and Un-Secured) and will allow Analyst and Consultants or anyone who has to track, manage and monitor DIACAP Based C&A Packages. It will be a stand-alone web app, as well as a Mac OS X, Linux and eventually a Windows Application.
Will add more details later.......
Book on Hold
The book is on hold for awhile, work has had me running all over the place, and has not left much time for all my projects. I plan on trying to make more tie to keep the sites up and running, but it may be a little sparse, just hopefully not as much as it has been lately.
Sunday, August 17, 2008
In a time and place not to far away
Scenario – In a time and place not to far away
The things we took for granted back in the mid to late 80’s and 90’s simply no longer hold true in today’s times. We now like so many other countries live in a society of barriers and boundaries. The Leaders of the world’s freest nation now have to be kept further away from them, because of the potential harm and danger to them. We now live were barriers and barricades have been erected around the most public of places and buildings, most of these were once easily and freely entered, now they are called target’s and are not as accessible as before for fear of being bombed or having a gas attack against them.
This is all based on an elusive, faceless enemy that we know little about and even less how they may or will strike next, it could be another bombing or it could be an attack on our information infrastructure. The inherent danger here lies with and in the general acceptance of what we are told is the normal and standard. That we accept without question the explanation and that if you question, go against or defy the normal, then you can be automatically labeled a threat to this system, which is said to be in place to help protect you and thus labeled a terrorist and hunted down for the good of society.
It today’s society most people have not experienced the world or the internet as we have in the earlier days while still developing and in general as research tools and information sharing network, they have only recently seen how and what it can be used for, identity theft, worms, viruses distribution and exploitation. I feel that if the current trends hold true and the if we do not find a way to better control the traffic and hostilities that we have seen escalate over the years, then the internet will become, if it has not already become, one of the next major battle grounds along with the conventional style of warfare and terrorism. This will ensure that our children and our children’s children will face a world of elevated national alerts, more hostilities by unseen faceless forces and hostilities and lack of trust of foreigners.
I feel that could also lead to the destruction of certain civil-liberties which this country and other countries have lived by and were founded on, but the worst case is that we live in a constant and ever present fear of will or may happen next and this will not go away and then we turn into one of those country’s that we see on the one the many news channels. Then other countries will look to us as third world.
This is the world we live in now, and for the near future, the length and time we have these issues to face will be determined over the next few years. This is the world that we have built for ourselves a good quote is that ` We have let our advances in technology outpace and strip away at our Humanity`. This has lead us to forget about the morals and values that most our parents tried to and did teach us. The final outcome or end result will be based on decisions made by and guided by the people and the push for better controls, and the desire to seek knowledge and education to that fact. Only we will be able to determine how far over the edge and into a technological nightmare we get pulled, and thus the length and level of the online battles we fight and loose. It is my opinion that the online cyber-battles will like that of nuclear war, no one really win’s on loses
Thursday, August 14, 2008
Cyber-Warfare - The New Face of Warfare and Terrorism.
Cyber-Warfare and Cyber-Terrorism
A brief History of Internet Abuses
The initial use of the internet was meant for information and knowledge sharing between the government and universities that participated in co-op research. Then came the first few who new how to access these interconnected networks and wanted to find out more information, or to see what they could do there. There were people who wrote tools and utilities to test the limits to see how far they could get without getting caught. The terms of Cyber-Warfare, Cyber-Terrorism and Cyber-Espionage are defined as:
Cyber-Warfare – This is best defined as the use of and act of conducting attacks upon computers and information based systems and networks to disrupt or cause complete or as complete of loss of communications of your opponents or targets that can result in large financial, data or transmission or intelligence tracking capabilities.
Cyber-Terrorism – This is best defined as: the mixing and converging of Terrorism and Cyberspace to conduct unlawful attacks and intrusion into networks, computers and other information stored therein to try and force changes in people or governments to further political or social changes. It can also be further stated that the attack should result in violence towards people or property enough to cause harm or fear, examples of such would be bodily injury, death, explosions, plane crashes or severe economic hardships or disruption in the financial stability.
Cyber-Espionage – This is the methods that can and will be used to hold corporate and or personal data hostage until ransom’s are offered, demanded and paid, to keep either Corporate Secrets under the company that discovered or developed the technologies in question pay for it, it the highest bidder gets it.
The internet as we know it today, is a massive group of inter-connected routers, switches and servers, that link many dissimilar computers and network types. This in turn allows for universities, business’s and various Government agencies to share information and communicate. When the system was first built it was used for research and development in new technologies. It was here when the Engineer’s and developers
This is where people were starting to exploit the systems, and crash the servers or networks, based on information they had learned from vendors, or by other research of the remote networks. These individuals also started trading the information between each other and forming groups, cliques or clubs, know as hacking clubs. These groups first started out to just learn how things worked, but soon fell victim, to in fighting and then on to conducting destructive actions and test on the internet.
Fig -1 (Internet Growth over the Years)
We then evolved into seeing viruses spread via internet communication, and this group, figured out that by careful exploiting weakness’ in not only the network security but also exploiting the lack of security on the client side, they could produce replicating viruses and worm’s to send information back to them and to also cause network outages. Then viruses and worm writers learned how to build backdoors into these programs and make them more internet aware, thus helping to expose more remote information and access to the remote networks.
This leads us to this point where we are now, lets look back, for a more detailed look, and look into the future, at what may be the new way that CyberWars and Terrorism in waged. We now see almost on a daily basis if not weekly basis where there has been a new worm, Trojan or vulnerability being exploited on the internet, causing software and hardware manufactures to rush to create and release patches. This sometimes fixes the problems and sometimes it can cause more problems or newer bugs to be found, I will explain more about this later on in the documentation. We also are all too quick to wave off alerts as not really needed or not 100% applicable in our instance, case or environment, thus we don’t patch systems that are in fact a critical or core component in our infrastructure thus creating repeaters for those systems or zombies
I feel that we have lost the main and original focus of the reason the internet came into focus, and now we are paying the price for once again corrupting a system and tool that was meant to help people communicate and share knowledge and information to make better tools, help schools in teaching and to allow us to travel places without having to leave our houses. We now have to worry about having our identities stolen, credit cards fraud, the online version of telemarketers called Spammers, plus a whole plethora of other issues and problems with more coming into light daily. The following quote is the best way to describe how I see things going from here:
"There's a war out there old friend, a world war, and it's not about who's got the most bullets. It's about who controls the information: about how we think, how we see and hear, how we work. It's all about information".
"Sneakers", MCA Universal Pictures, 1992
Edited on: Thursday, August 14, 2008 11:04.41
Categories: Cyber-Warfare