Security roundup: Crazy Microsoft botnet takedown; hot biometrics; not so hot romance scams; Facebook in trouble again

Also: Cisco issued a number of security warnings this week

In one of the  bigger security news stories Microsoft struck a blow against an emerging  botnet called Kelihos by using a legal tactic to take down the botnet's domain names.

More news: 2011 Ig Nobel Prizes honor offbeat research

Microsoft got an order from the U.S. District Court for the Eastern District of Virginia, Alexandria Division, telling top-level domain registrar Verisign to take down the domain, on Sept. 22, but it was sealed until Monday. At that time, Dominique Piatti, who runs a domain-name business called Dotfree Group out of the Czech Republic, was served with a court summons in the case by Microsoft lawyers in the Czech Republic, according to IDG news. The site takedown occurred just after midnight, Pacific Time, last Monday.

Microsoft has used this legal tactic effectively in the past against the botnets Rustock and Waledec as well.

We can be glad that Microsoft lawyers are being put to good use in these cases! However, Microsoft apparently did get some help from Kaspersky Lab's global research analysis team in its takedown effort.

"Kaspersky Lab played a critical role in this botnet takedown initiative, leading the way to reverse engineer the bot malware, crack the communication protocol and develop tools to attack the peer-to-peer infrastructure," said Tillmann  Werner, a senior virus analyst with Kaspersky in Germany. "We worked closely with Microsoft's Digital Crimes unit, sharing the relevant information and providing them with access to our live botnet tracking system."

Microsoft later said not crediting Kaspersky in its original announcement was the result of poor communication between the two companies. Of course, it was a Microsoft lawyer saying that…

Biometrics: Rapid advances in capturing face and iris biometrics, DNA

The Biometric Consortium Conference in Tampa is an annual event that brings together the industry, including biometrics researchers and one main constituency, the U.S. government, especially the Department of Defense and the Federal Bureau of Investigation among other agencies.

The top news from there centered on remarkable advances being made in technologies that can capture iris and face scans of people in a crowd as they move, at a distance of about 5 meters or so. It's suggested that some of this on-the-go biometrics capture is going to be used in the fight against terrorism, and might even end up one day in automated war machines, a controversial subject…

Some other big news from the conference came in the form of companies and universities showing so-called "Rapid DNA" prototype kits that can accept a cotton swab with human DNA on it and spit out the individual subject's unique DNA profile in about an hour or two.

The FBI says it still has a long way to go before any of these "Rapid DNA"  kits are certified for use, but the DoD and local police in Florida can't resist kicking the tires with their own early tests on a technology that's likely to revolutionize DNA forensics since everything today has to be done in a lab setting with trained experts.

Mobile device security

IBM's X-Force "2011 Mid-Year Trend and Risk Report" published last week said exploits against mobile devices are on track to double this year in comparison with 2010. The report points out that one difficulty with mobile devices, particularly phones, is that users are at the mercy of their phone manufacturer to patch known system vulnerabilities. Known vulnerabilities may go unpatched, not because patches don't exist, but because they aren't provided by individual phone makers. "Many mobile phone vendors don’t push out security updates for their devices," the report says.

Also last week, Russian firm Elcomsoft said it has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices.

And now, from the "usual mischief" department

A data breach impacting about 4.9 million active and retired U.S. military personnel was disclosed last week by healthcare system TRICARE. Sensitive information including Social Security numbers, names, addresses, phone numbers and personal health data for these 4.9 million individuals may be compromised because backup tapes containing the date went missing recently., it said. TRICARE downplayed the issue, saying the risk of the data being misused was low "since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure." Sounds like classic Mad Magazine Alfred E. Neuman "What - me worry?" stuff  you might hear…

Call it the "Sgt. Pepper’s Lonely Heart’s Club" scam, but research out of the United Kingdom last week says perhaps as many as 200,000 people have been victims of online romance scams. The research from the UK's University of Leicester found that 52% of people surveyed online  had heard of the online romance scam when it was explained to them and that one in every 50 online adults know someone personally who has fallen victim to it. This romance fraud involves cultivating a victim with lies in order to get money. The scams occur worldwide, with the Army Times newspaper detailing how this types of scams target soldiers, too.

NAC saves University of North Carolina money, keeps illegal file sharing in check

Network access control (NAC) is saving the University of North Carolina at Chapel Hill $40,000 per year by keeping students from illegally using peer-to-peer file-sharing applications. When the school's Enterasys NAC agents discover any of about a dozen such apps like BitTorrent and LimeWire, a popup warns against using them to violate copyright laws by downloading copyrighted music, for instance.

If the students uninstall the app, they get access to the dorm network. Or they can keep the application installed and use it over the network so long as they digitally sign a statement that they understand that misusing it is illegal and agree not to do so, says Jim Gogan, director of networking at the university.  If they misuse it anyway, they get reported to the dean of students and could face charges in student honor court, he says.

Facebook tracking prompts call for FTC probe

Facebook's tracking technology has landed the social network in hot water, with two lawmakers calling for a Federal Trade Commission (FTC) investigation. Rep. Ed Markey (D-Mass.) and Rep. Joe Barton (R-Tex.) wrote an open letter Wednesday urging FTC Chairman Jon Leibowitz to look into Facebook's tracking of its users even after they log out of the site. The issue came to light just days after an Australian blogger published data showing that Facebook is gathering information on the online activities of its users.

Cisco issues security warnings

Cisco this week issued a slew of security advisories on several vulnerabilities in its IOS software. In all, there look to be eight or nine advisories on IOS, dealing with issues like IPv6 over MPLS, IP service level agreements, SIP, NAT, IPv6 DoS and more. Cisco also issued advisories on a DoS condition with its 10000 series routers, a SIP memory leak in its Unified Communications Manager VoIP software, and a DoS condition in its Jabber instant messaging software. For some of the vulnerabilities, Cisco has already issued bulletins on how to identify and mitigate the conditions.

The IPv6 DoS vulnerability is one in which no mitigation bulletin has yet been published. The condition could allow an unauthenticated, remote attacker to cause a reload of an IPv6 device, and it may be triggered when the device processes a malformed IPv6 packet. Repeated exploitation could result in a sustained DoS condition, the Cisco advisory states.

The vulnerability affects any IOS device in which IPv6 is enabled. IOS XR and IOS XE systems are not affected. Cisco has released free software updates that address this vulnerability but there are no workarounds to mitigate it, the company says.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022