In the past couple of days, reports have surfaced on the hijacking of the domains for ICANN and IANA attributed to the group NetDevilz. According to news articles, an ICANN spokesman stated they were unaware of the events. The total time for the redirection before the entry was corrected was about twenty minutes. However it will take 24 to 48 hours after the correction to ensure all the DNS entries are updated. In that time, users were redirected to a site that stated the follow:

“You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha (Lovable Turkish hackers group)”

What triggered the changing of the DNS entries has not been disclosed that I have found. Dancho Danchev’s blog shows an email address listed in the updated records and note the email address in the entry called “foricann1230@gmail.com” as well as the date they were updated as June 26. Regardless of how it happened (though I’m sure everyone would like to know) there is a big concern here. Nothing on the internet is safe and if this can happen to these folks, it can happen to anyone…. (and maybe it already has, in which case they better run to their national government and get some retroactive law enacted.)

Source: SANS ISC.

:: Good ::

:: Bad ::

More Info:

• Perils of popular Facebook @ MaltaInfoSec.
• Explenations in plain English @ YouTube.

www.securitytube.net

Learn Security through videos, like this one:

Original Post: Here.

“Security through Obscurity”

Wikipedia definition:

Security through obscurity is a controversial principle in security engineering, which attempts to use secrecy to provide security. A system relying on it may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them.

What (I think) is wrong…

Let’s say Software owners conceal (or at least try to conceal) information about specific vulnerabilities for example:

A vulnerability of Importance “X” was found in “Software A” which exploits “Threat X”.

So far so good. But let’s apply this to Latest Firefox Vulnerability.

So let’s review:

Critical: Highly critical || Impact: System access || Solution Status: Unpatched || Software: Mozilla Firefox 2.0.x, Mozilla Firefox 3.x

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page.

And the irony ..err…solution:

Do not follow untrusted links nor browse untrusted web sites.

So in other words: If you’re one of the 8 million+ using Firefox without “NoScript” and accidentally happen to access a “specifically crafted website” then we deeply sympathise with you. (well definately it’s not your lucky day).

Obviously as a preventive solution please keep away from those ’specifically crafted websites’ until you’re vaccinated.

The thought behind it…

With software like Firefox isn’t this kind of useless since people can get to the code easier and find out anyways?

Wouldn’t it have been better if we knew what to look out for?

Just asking.

Tech Specs - here.

Features:

• Fast 3G wireless technology;
• GPS mapping;
• Enterprise feature support (like Microsoft Exchange);
• App Store;
• Wide screen iPod;
• Internet device with rich HTML email and a desktop-class web browser.
• 2MPx Camera
• Improved battery lifetime
• Flush headphone jack
• 8GB & 16GB models (incl. white exterior for 16GB only)
• 8GB Model costs only $199.

… and then the “was it really necessary?” list:

• Documentation (made in China)
• Cleaning/polishing cloth (for your sunglasses)
• SIM ejector tool - looks like this

.

What it lacks (not that I care):

• Ability to browse flash websites
• Video recording & Photo Flash
• Non-changeable battery (battery inbuilt)
• Cut and paste
• MMS / SMS Forwarding
• Bluetooth file exchange

… and then the “bottom of the wish-list” list:

• Weather proofing (for the ‘Dirty Jobs‘ guy)
• Inbuilt photo-printer to fill in the gap of what Polaroid had left us.
• Front facing camera… for cam-whoring

.

Rumor: Possibly ’software’ stuff it lacks will be addressed by 3rd party add-ons through the new App-Store. (Sorry, no Polaroid-like printer).

Inspired by: GeekBazaar.