On February 3rd the last blocks of IPv4 addresses were assigned to regional registries. There are no more blocks to allocate. Yet IPv6 still isn't taking off.

Arbor Networks completed a six month study of IPv4 and IPv6 traffic. They observe that "Accurate metrics around IPv6 adoption remain a significant challenge for the industry." Arbor Networks conducted an earlier study in 2007 which generated a lot of negative feedback for them. This report will no doubt generate additional arguments about methodology and conclusion because it shows IPv6 traffic decreased.

The report provides a lot of data and some interesting graphs. For example, P2P traffic is 8% of IPv4 but 61% of IPv6.

The bottom line is "the IPv6 migration effort has largely been unsuccessful to date."

We'll see if World IPv6 Day (http://isoc.org/wp/worldipv6day) on June 8th, 2011 helps change anything.

Arbor Networks blog on their study is here: http://asert.arbornetworks.com/2011/04/six-months-six-providers-and-ipv6

 

 

From an article by Dan Goodin, for a short time on Tuesday (March 22d, 2011) internet traffic between subscribers on AT&T's internet service and Facebook passed through AS4134, the Autonomous System belonging to China Telecom.

This isn't the first time China has possibly diverted traffic. This happened on a larger scale in March or April of 2010.

Most discussions of the Internet and how it works never even mention Autonomous Systems. It's an arcane and dense tutorial that may mention what these are and how they work. The world of "default-less routing" and "peering" and "hotels" is unknown to most technical users of the Internet.

As we move into a new future of "splinter-net" the role of ASN's and core routing will matter more and more. There's probably an app for that.

http://www.theregister.co.uk/2011/03/23/facebook_traffic_china_telecom 

 

As a related note to the post about peak oil - McAfee has gained some press around their disclosure of the "Night Dragon" attacks. Not unlike the Aurora attacks that Google highlighted, these attacks are from China (maybe). However, these are "incredibly sloppy" or "coordinated, covert, and targeted" - take your pick. They targeted Western oil and gas, which is the connection with the previous post about peak oil.

The first reaction of one associate when we talked about this was - why?

My answer, and one that many with more knowledge of the industry than I will also make, is that oil and gas is a scarce and expensive commodity. The amount of money spent to discover reserves, estimate them, negotiate for rights, and extract them is staggering. Anytime that much is involved there will be incentives for bargaining leverage, for access to results, for negotiating positions. It's human nature. And as more of this is kept on computers, the more critical computer security becomes.

http://blogs.mcafee.com/corporate/cto/global-energy-industry-hit-in-night-dra...

A leaked draft document by the German military complements the JFCC report on future security challenges. The German report anticipates we are at "peak oil" now, with a supply crunch and ensuing instability to have a significant impact in 15 years.

The British military is also reportedly preparing their own analysis but no public documents have been released or leaked.

NYTimes Article in English: http://green.blogs.nytimes.com/2010/09/09/study-warns-of-perilous-oil-crisis/

Der Spiegel article in English: http://www.spiegel.de/international/germany/0,1518,715138,00.html

On March 15, 2010 USJFCOM released their Joint Operating Environment
2010 (JOE 2010) report.

The command releases these reports periodically, the last in 2008.
They are intended to provide a forward look at the world and how these
forecasted changes and trends may shape US strategy.

Dry stuff so far. But the report is a surprisingly good read. Page 9
looks at how strategic estimates have changed by taking a snapshot in
time every 10 years from 1900 to the present. Page 13 has some world
population pyramids that show population by age for key regions, and
which highlight the massive growth in India. The defense spending
graph on page 23 isn't something typically seen.

Computers and cyberspace are addressed, though not in depth or with
much evidence to backup the usual optimistic claims. Like we'll all be
able to download the entire library of congress in 2 seconds by 2030
from our average home computer over our average internet connection.
As if.

The bad news starts on page 25 with future world oil production (it
doesn't look good). World oil choke points on page 28. Growing world
demand for grain on page 30. World water scarcity on page 31.

The political instability index on page 51 is amusing. Apparently
Canada, Australia and Japan are low risk. The US, China and Brazil are
moderate risk.

They also sprinkle in some quotes. The best one being "With two
thousand years of example behind us, we have no excuse, when fighting,
for not fighting well." by T.E. Lawrence.

A good quote, and if the same people or even the same team had done
all those years of fighting they should fight well. But the people,
environments, resources, and ideas keep changing. The only resource
we'll never run dry is ideas. So far two thousand years of ideas have
changed the face of the world, and of warfare, a lot. The ideas we
have now are shaping the world again.

What keeps me excited about work and the future is seeing how ideas
shape the present and future. And maybe contributing a few of my own
to the mix. Hopefully for the better.

Link to Joint Forces Command press release:
http://www.jfcom.mil/newslink/storyarchive/2010/pa031510.html

Link to the report, JOE 2010:
http://www.jfcom.mil/newslink/storyarchive/2010/JOE_2010_o.pdf

Cyber privateering, the misuse of social networking and cloud computing platforms, and other evolutions in signals intelligence are conjectured in "Shadows in the Cloud: Investigating Cyber Espionage 2.0" [http://shadows-in-the-cloud.net]. This builds on research published in "Tracking Ghostnet: Investigating a Cyber Espionage Network" and "The Gh0st in the Shell: Network Security in the Himalayas". The researchers used a fusion methodology combining interviews, field-based investigations, open source data mining and historical analysis.

There is a lot of good material in the report, but some of the more interesting to me are the following. These caught my attention and do not represent a synopsis of the report. Some of these may not even be intentional.

* Espionage follows in crime's wake, borrowing techniques and tradecraft. This may be true to some extent but I expect it's a two way exchange.

* Privateering [http://en.wikipedia.org/wiki/Privateer] is being used by governments to avoid active or direct computer network exploitation. Given sometimes blurred distinctions between contractors, government employees and military personnel this may be a matter of definitions. Instead of letters of marque there are RFPs, contracts, and grey markets. But it's an interesting comparison.

* Collateral traffic collected from a WiFi mesh network revealed beaconing activity. Investigation led to discovery and analysis of one compromised host, resulting in approval for a network tap, leading to additional hosts on other networks. This makes an interesting argument for the benefits of overcollection.

* Exfiltrated data was compressed, split, and encoded using utilities and functionality already resident on the host. A nice demonstration of how malware can stay smaller and reduce detectability.

* Infected systems checked in with command and control servers on free services such as twitter, yahoo mail, Baidu Blogs, and other "Web 2.0" services. They received instructions to beacon to new command and control servers that were setup and managed by the attackers. This was a mistake, as some of these managed servers were personally registered. The researchers also connected additional malware to the attack through shared use of these servers.

* Twenty-seven malicious binaries were collected during the research. That's a larger number than I would expect. It represents a focus on signature diversity. Analysis revealed some functionality differences as well, representing command and control diversity. This additional effort (and therefore cost) may support the privateering or signals intelligence attribution.

* The Tor Anonymity Network was used to exfiltrate data in some cases. This was independently discovered by Dan Egerstad, who was raided by the Swedish FBI and CIA in 2007 when he published his research [http://www.schneier.com/blog/archives/2007/11/dan_egerstad_ar.html]

Link to the full report: http://shadows-in-the-cloud.net

Researchers:
The Information Warfare Monitor -- http://www.infowar-monitor.net/
The Shadowserver Foundation -- http://shadowserver.org/wiki/

It's still crude in many ways, but look at the video (bottom image) and you can see the potential.

For anyone who's been on a long slog with a full pack, the idea of BigDog is very attractive. However, they've got to do something about the noise. That machine hum just isn't going to work in a tactical environment.

What I see happening is the squad will load up BigDog, program in where to go, then take an alternate route. That way the noise and rhythmic foot steps of BigDog won't jeopardize the people.

http://www.nxtbook.com/nxtbooks/cmp/eetimes_robotics_20100329/index.php#/18/O...

From EFFector 23.09 (website eff.org):

---------- cut ----------
So if, after reading EULAs for most of your adult life, you still
believe you have the right to simply cut and paste this text and use it
for whatever devious purpose you can come up with, then just go ahead.
Really. GO RIGHT AHEAD! We won't stop you. That's our new EULA. Just do
it!

We're throwing in the towel. Because no matter how many times we tell
you that you CAN'T COPY, that it is ILLEGAL to do so, that our ownership
over the content covers the work, secondary works, derivative works and
all interpretations of the work, throughout the universe in perpetuity
in any and all media, now known or hereafter developed, you continue to
trample on our IP rights.

So just go ahead, copy this EFFector and paste the bits you want into
your email browser or your blog or your Facebook profile or what have
you and share with your friends. Go ahead, take our ideas and run with
them. Make them your own. See if we care.
---------- cut ----------

Thanks!

I did.

Not sure if this rises to the level of "devious purpose", but I'll try
harder next time.

Or "Can you still trust your network card?" Several researchers presented a talk on remotely taking full control of a particular network card. The vulnerability has been patched, but still they did not release the proof of concept.

This was an unauthenticated remote exploit that ran arbitrary code on the network card. The card has access to the host memory, or could rewrite inbound packets, making full control of the host also feasible.

I'm interested in the tools used during discovery and development of the proof of concept. They had the interesting challenge of setting up a debugging environment around the NIC so they could understand why the card failed and how to leverage that. This is trivial on a well supported platform like a standard PC running Windows, Linux, or even OS X. But it gets real interesting on embedded systems, especially if they are hard real time. Lots of trial and error. Lots of reverse engineering hardware.

So it would have been good to hear how they approached this and what solution they found.

Readers are also advised to follow CERT advisories, e.g CERTA-2010-AVI-121, at http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-121/index.html

Writeup and link to slides at http://www.ssi.gouv.fr/site_article185.html

Vendor patches at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471

The researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux.

http://linux.slashdot.org/story/10/03/04/1954259/Researchers-Find-Way-To-Zap-...

http://www.networkworld.com/news/2010/030410-rsa-security-attack.html

They claim to "expose and exploit a severe flaw on the implementation of the RSA signature algorithm on OpenSSL."

The process used collects corrupted signature outputs from the system for off-line analysis. They perturb the fixed-width modular exponentiation algorithm by manipulating the voltage supply to cause transient faults in the SPARC processor's multiplier.

Some disclaimers are needed. First, the SPARC system is a actually a "SPARC-based" system implemented in VHDL and running on a Xilinx FPGA. Second, the off-line analysis was run on an 81-machine cluster of Intel systems. Finally, there is no assertion this technique applies to commodity x86 systems.

So, you can still shop e-bay, go banking, whatever. Just keep an eye out for odd voltages. And don't trust your UPS since it may be manipulating your voltage supply.