Mytob, Zotob, Diabl0, and Coder Roundup

The big news of the weekend was the arrest of two guys related to the Zotob worms (“Diabl0” and “Coder”).

But who are these guys really? And who's behind the other PnP worms that were found during the last two weeks?

Get the details of these guys on F-Secure's BlogSecurity Fix has information “that these two guys were a key piece in a much larger money-making conspiracy”:

Speaking at the High-Tech Crime Investigation Association's annual conference in Monterey, Calif. yesterday, Louis Reigel III, assistant director of the FBI's Cyber Division,
said Turkish police and intelligence officials told him they had
promising leads on 10 to 15 other individuals who may have been
connected with the worms.

The actual legal charges against the two are not yet known.  The Computer Crime Research Center has has bit more info:

The bureau alleges that Essebar [Diabl0] wrote both the Mytob and Zotob worms
and then sold them to Ekici [Coder]. “We believe that there was financial gain
on (Essebar's) part,” Louis Reigel, assistant director of the FBI's
Cyber Division, said in a conference call with the media. He did not
provide further details.


Majestic Photos of Katrina

“This shot was taken by a scientist aboard the NOAA-43…since I was
flying on a different plane in the rainbands (and thus not really able
to see much, as you can see in IMG-0949), I handed my camera off to him
so that I could share what they saw there. I'm participating in the
RAINEX (hurricane rainband and intesity change experiment) project, so
I'm really lucky to be able to fly into these incredible
storms…although it is sad to know the devestation that they cause

See the full Flickr photo set.  Amazing stuff.

Side-band attack tips virtual Blackjack dealer's hand

Here's a fascinating account of a “side-band” attack on online
Blackjack. At a certain point in the gameplay, the software dealer
appeared to need substantially more calculations if there was a ten in
the dealer's hole than if there wasn't. Players who timed the pause
could therefore get a partial peek at the dealer's cards and so gain an
edge over the house.

In Poker, this is called a “tell” — the propensity of a player with
junk to mop his brow, or of a player to unconsciously tap his foot when
he's bluffing. Computers are generally considered not to have tells,
because they're not sentient and hence not prone to subconscious
fidgeting, but computer tells do arise in those situations where they are doing something computationally intensive.

The code itself may have been completely correct in the sense that it
did what it was supposed to do. It was the amount of time the code
needed to execute that ended up being the tell. No different than when
a poker player twitches when holding a great hand.

The fix may have been to change the execution profile of the code
so that it made the same pause no matter what was in the hole. Talk
about a challenge for game developers. Not only does the code need to
be bug free in syntax and semantics, but they now need to worry about
the execution profile for their games.

Found on Boing Boing.

An Illustrated Guide to IPSec

This Tech Tip means to give bottom-up coverage of the low-level protocols
used in an IPv4 context (we provide no coverage of IPv6). This is
not a deployment guide or best-practices document — we're
looking at it strictly at the protocol level on up, rather than from
the big picture on down.

This is the first of two papers, the second of which covers key exchange,
the Security Parameters Database, and other finer points of an IPSec
configuration: in this paper we'll touch on them only

Nice explaination.  I find myself explaining technologies like
this all the time.  So, it's great to get another way to do
so.  Read the article on Steve Friedl's Tech Tips.

Michal Zalewski on the Wire

Recently the eccentric security researcher Michal Zalewski published his first book,
entitled Silence on the
Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
Because the book is everything except a security manual, Federico Biancuzzi
chose to interview Michal and learn more about his curious approach to
information security. Among other things, they discussed the need for
randomness, how a hacker mind works, unconventional uses for search engines
such as Google, and applying AI to security tools.

Great book and a great interview on… And I fell for this one last year too:

Sometime ago you played a joke claiming to have founded a company
called eProvisia LLC that provided a 100 percent guaranteed antispam service. The
very interesting fact was that its antispam technology used human beings who
manually analyzed email.

Yes, of course the company is not real; it was just a silly joke that got
out of hand (and was carried as a true story by ZDNet, Yahoo, Slashdot,
and others).