Sunday, August 17, 2008

In a time and place not to far away

Scenario – In a time and place not to far away

The things we took for granted back in the mid to late 80’s and 90’s simply no longer hold true in today’s times. We now like so many other countries live in a society of barriers and boundaries. The Leaders of the world’s freest nation now have to be kept further away from them, because of the potential harm and danger to them. We now live were barriers and barricades have been erected around the most public of places and buildings, most of these were once easily and freely entered, now they are called target’s and are not as accessible as before for fear of being bombed or having a gas attack against them.

This is all based on an elusive, faceless enemy that we know little about and even less how they may or will strike next, it could be another bombing or it could be an attack on our information infrastructure. The inherent danger here lies with and in the general acceptance of what we are told is the normal and standard. That we accept without question the explanation and that if you question, go against or defy the normal, then you can be automatically labeled a threat to this system, which is said to be in place to help protect you and thus labeled a terrorist and hunted down for the good of society.

It today’s society most people have not experienced the world or the internet as we have in the earlier days while still developing and in general as research tools and information sharing network, they have only recently seen how and what it can be used for, identity theft, worms, viruses distribution and exploitation. I feel that if the current trends hold true and the if we do not find a way to better control the traffic and hostilities that we have seen escalate over the years, then the internet will become, if it has not already become, one of the next major battle grounds along with the conventional style of warfare and terrorism. This will ensure that our children and our children’s children will face a world of elevated national alerts, more hostilities by unseen faceless forces and hostilities and lack of trust of foreigners.

I feel that could also lead to the destruction of certain civil-liberties which this country and other countries have lived by and were founded on, but the worst case is that we live in a constant and ever present fear of will or may happen next and this will not go away and then we turn into one of those country’s that we see on the one the many news channels. Then other countries will look to us as third world.

This is the world we live in now, and for the near future, the length and time we have these issues to face will be determined over the next few years. This is the world that we have built for ourselves a good quote is that ` We have let our advances in technology outpace and strip away at our Humanity`. This has lead us to forget about the morals and values that most our parents tried to and did teach us. The final outcome or end result will be based on decisions made by and guided by the people and the push for better controls, and the desire to seek knowledge and education to that fact. Only we will be able to determine how far over the edge and into a technological nightmare we get pulled, and thus the length and level of the online battles we fight and loose. It is my opinion that the online cyber-battles will like that of nuclear war, no one really win’s on loses

Posted by David Jobes at 20:28.41
Categories: Cyber-Warfare

Thursday, August 14, 2008

Cyber-Warfare - The New Face of Warfare and Terrorism.

Cyber-Warfare and Cyber-Terrorism

A brief History of Internet Abuses

The initial use of the internet was meant for information and knowledge sharing between the government and universities that participated in co-op research. Then came the first few who new how to access these interconnected networks and wanted to find out more information, or to see what they could do there. There were people who wrote tools and utilities to test the limits to see how far they could get without getting caught. The terms of Cyber-Warfare, Cyber-Terrorism and Cyber-Espionage are defined as:

Cyber-Warfare – This is best defined as the use of and act of conducting attacks upon computers and information based systems and networks to disrupt or cause complete or as complete of loss of communications of your opponents or targets that can result in large financial, data or transmission or intelligence tracking capabilities.

Cyber-Terrorism – This is best defined as: the mixing and converging of Terrorism and Cyberspace to conduct unlawful attacks and intrusion into networks, computers and other information stored therein to try and force changes in people or governments to further political or social changes. It can also be further stated that the attack should result in violence towards people or property enough to cause harm or fear, examples of such would be bodily injury, death, explosions, plane crashes or severe economic hardships or disruption in the financial stability.

Cyber-Espionage – This is the methods that can and will be used to hold corporate and or personal data hostage until ransom’s are offered, demanded and paid, to keep either Corporate Secrets under the company that discovered or developed the technologies in question pay for it, it the highest bidder gets it.

The internet as we know it today, is a massive group of inter-connected routers, switches and servers, that link many dissimilar computers and network types. This in turn allows for universities, business’s and various Government agencies to share information and communicate. When the system was first built it was used for research and development in new technologies. It was here when the Engineer’s and developers

This is where people were starting to exploit the systems, and crash the servers or networks, based on information they had learned from vendors, or by other research of the remote networks. These individuals also started trading the information between each other and forming groups, cliques or clubs, know as hacking clubs. These groups first started out to just learn how things worked, but soon fell victim, to in fighting and then on to conducting destructive actions and test on the internet.

Fig -1 (Internet Growth over the Years)

We then evolved into seeing viruses spread via internet communication, and this group, figured out that by careful exploiting weakness’ in not only the network security but also exploiting the lack of security on the client side, they could produce replicating viruses and worm’s to send information back to them and to also cause network outages. Then viruses and worm writers learned how to build backdoors into these programs and make them more internet aware, thus helping to expose more remote information and access to the remote networks.

This leads us to this point where we are now, lets look back, for a more detailed look, and look into the future, at what may be the new way that CyberWars and Terrorism in waged. We now see almost on a daily basis if not weekly basis where there has been a new worm, Trojan or vulnerability being exploited on the internet, causing software and hardware manufactures to rush to create and release patches. This sometimes fixes the problems and sometimes it can cause more problems or newer bugs to be found, I will explain more about this later on in the documentation. We also are all too quick to wave off alerts as not really needed or not 100% applicable in our instance, case or environment, thus we don’t patch systems that are in fact a critical or core component in our infrastructure thus creating repeaters for those systems or zombies

I feel that we have lost the main and original focus of the reason the internet came into focus, and now we are paying the price for once again corrupting a system and tool that was meant to help people communicate and share knowledge and information to make better tools, help schools in teaching and to allow us to travel places without having to leave our houses. We now have to worry about having our identities stolen, credit cards fraud, the online version of telemarketers called Spammers, plus a whole plethora of other issues and problems with more coming into light daily. The following quote is the best way to describe how I see things going from here:

"There's a war out there old friend, a world war, and it's not about who's got the most bullets. It's about who controls the information: about how we think, how we see and hear, how we work. It's all about information".
"Sneakers", MCA Universal Pictures, 1992
Posted by David Jobes at 11:02.57
Edited on: Thursday, August 14, 2008 11:04.41
Categories: Cyber-Warfare

New Cold War

This should not come as a surprise to anyone how Russia is acting. They have long been in denial of and regretful of the fact they have not so far reaped the benifits of being a democratic nation. They have felt the change and benifits are coming to slowly, this is also tied to the facts of how the world now treats and has been treating them as no longer a super power.

Well as the world has set back and just watched, the angst and ire of Russia has increased, now they have the second largest cyber warfare team, China has the largest. They have and continue to expand and conduct or sanction various cyber attacks currently agains Georgia, but they have also been doing the same to the United States and d other Erupean Nations over the past few years trying to reclaim some of their Former glory.

I will posting more on this story and these events shortly.

Posted by Renegade at 8:29.27
Edited on: Thursday, August 14, 2008 11:07.07
Categories: Cyber-Warfare, News

Thursday, August 07, 2008

Whats New

I am goign to be changing the content and focus of Xscanners to include and be more focused on the area in which i spend most of my time now, which is Cyber-warfare and Terrorism. I work in this area and i feel that along with the custom designs and technologies i am and have worked with I can offer good information and opinions on where things are going.

Posted by Renegade at 12:17.01
Categories: Cyber-Warfare

Tuesday, July 29, 2008

Updates

I will no longer be posting my personal poitical views on this site, this site is now all about Security and CyberWarfare. I will do all my personal views on my personal blog.

Posted by Renegade at 18:52.45
Categories:

Back Online

Well, as you can see i think we have all the bugs worked out, and domain fixed so we are back online. Sorry for the delay.
Posted by Renegade at 18:47.29
Edited on: Tuesday, July 29, 2008 18:50.54
Categories: News

Tuesday, April 22, 2008

IDS/IPS Sensor Administration Utility

Introduction

This is the InfoSec Sensor Administration Utility Users Guide.
The application is designed to allow for the automated updating of the
remote sensors rules and map files. It will soon also update the master
snort.conf files as well and thus allow for easy admin of multiple ses-
nors. This application is designed to allow for the automated updating of
the remote sensors rules and map files. It will soon also update the mas-
ter snort.conf files as well
The main file here is the /etc/snort/sensors file which has a list of the
sensors that are monitored and will be updated by the script, the con-
tents of the file is as follows:
/etc/snort/sensors
New sensors can be added to this file, on the server side, the only thing
that has to be setup for the ssh keys is as follows, on the new sensors
copysensors key sensor-xxx.pub to the remote sensor into the
/root/.ssh2/hostkeys directory, and then add the following line to the
/root/.ssh2/authorization file
Key hostkeys/sensor-xxx.pub
Thats it, now go to control system and run script, it should update the new
sensor/s without a password being needed.
Program Explanation
These are the steps and procedures we use to update the rules and signa-
tures on the currently deployed Snort Sensors.
Log into sensor as root, and cd into the /etc/snort directory
Make the required commenting out of rules from the appropriate files that
END in .rules and comment the reason for change, then save the file.
Add the new custom signature to the local.rules file located in this
directory, then save the file
Then test the configuration and signatures locally before deploying, this
will ensure the correct syntax has been used, and that the daemon process
will correctly shutdown and restart when the update is done.
Comment out any other signatures that needed to be due to false positives
or for testing from the signature files in this directory, they are all
named as normal with a .rules extension, then write and quit the file
Then while in the /etc/snort directory execute ./control, then using the
passwords in the following order to log into the sensors
Once the last sensor update is done it will go back to a shell prompt
The first subroutine goes out and updates all the standard and bleeding
edge rules as needed, this is done each time the program is run. 
here is the p-code for the update routine
int update_rules() { /* Will work for any file length */ 
char command[512]; 
char command2[512]; 
printf("Getting New Rules.........................%s\n"); 
system("rm log"); 
sprintf(command,)-- ("/bin/oinkmaster -q -C /etc/snort/oinkmaster.conf -o snort > log" ) 
code from control script 
sprintf(command2); <-- ( ,"/bin/oinkmaster -q -C /etc/snort/bleeding-rules.conf -o snort >> log"; ) 
system(command); system(command2); exit(1); }



The next two subroutines used in this application are process_rules and
restart_daemons, the names should self explanatory, the first sync's the
local rules and map files to the remote system, and the second routine,
log's into each remote system and restarts the daemos on the sensors.

process_rules

  1. call remote sensors
  2. have rules changed on sensors
  3. update/sync only changes rules
  4. display rules that have changed
  5. disconnect from sensor, repeat

restart_daemons

  1. connect to sensors
  2. issue restart command
  3. display remote restart status
  4. disconnect from sensor, repeat
The last routine then goes out and check to insure that each of the sen-
sors successfully restarted and is functioning properly.
check_sensor_status
  1. call sensors from sensor list
  2. send status check command
  3. read into buffer
  4. display input buffer locally and copy results to log file
  5. disconnect from sensor and go to next one, repeat process
Merged and added logic for rules file and log file contents, If the log
file is empty, it will send an email with the following message to the
admins:
Daily Sensor Rules Update Notice
No Rules updated Today
If the logfile is not empty, it will email the resulting logfile con-
tents.
Posted by Renegade at 11:12.34
Edited on: Tuesday, July 29, 2008 18:45.41
Categories:

Thursday, March 13, 2008

Domain failure

Well, I think we have the Domain fixed and back online now, will update the site soon.

Posted by Renegade at 10:50.18
Edited on: Tuesday, July 29, 2008 18:50.20
Categories: News

Saturday, November 10, 2007

Apple Releases Darwin 9 Source Code

From OSNews

Apple has released the source code to Darwin 9, the underlying open source operating system ofMac OS X 10.5 Leopard. "Darwin is the open source UNIX-based foundation of Mac OS X. Darwin integrates a number of technologies, including the Mach 3.0 microkernel, operating system services based on FreeBSD 5 UNIX, high-performance TCP/IP networking, and support for multiple integrated file systems. Because the design of Darwin is highly modular, you can dynamically add device drivers, networking extensions, and new file systems."

Apple Releases Darwin 9 Source Code
Posted by Renegade at 6:47.43
Edited on: Tuesday, July 29, 2008 18:50.13
Categories: Code

Monday, September 24, 2007

Mobile Mac: Grand stands

From MacWorld:

Three new aluminum stands let you use or stow your laptop at home.

>

Mobile Mac: Grand stands
Posted by Renegade at 6:42.45
Edited on: Tuesday, July 29, 2008 18:50.08
Categories: News