Your WiFi may be the next target

According to Robert McMillan, McAfee says that your home wifi may be part of the next wave of targets by malicious hackers.  Along with attacks on infrastructure services like DNS and  municipal wifi, your home wifi will become another venue for attackers.  Not the most heartening of thoughts if you're an end user and you're already a bit overwhelmed by all the security warnings out there.

The average end user can't do all that much when it comes to infrastructure attacks against services like DNS.  They can keep their systems patched and hope their upstream provider does the same.  And the same can probably be said of most systems administrators as well: keep patched.  But the real damage control on this sort of attack is going to have to come at a higher level than the average user will understand or care about. 

On the other hand, attacks on municipal wifi and open hotspots are something every user should be aware of and take precautions against.  The standard disclaimers of 'be careful where you connect' and 'never do sensitive business over free wifi' still apply, but there's more to worry about than ever.   A man-in-the-middle attack, where an attacker's AP pretends to be a valid AP but records traffic or modifies it slightly, could be used to capture the traffic an entire downtown area. Even using a site over SSL might not be enough if the attacker is ready for it.  The only good news is that there haven't been any recorded examples of a successful attack like this being carried out.  It doesn't mean it hasn't happened, just that we haven't caught anyone at it.

I have to agree with McAfee that the home wifi will become one of the next big targets, since many users don't know enough to set up their networks properly.  Especially in urban settings where the density of personal AP's is enough to make being physically close to AP's less of a problem.  As everything from your gaming system to your new computer entertainment center become endpoints of your wireless network, it makes the attack surface for hackers that much larger.

Using Cobia to segregate your wifi access point at home will help, as will being cautious when connecting to any open access point and using the best encryption possible on your home network.  But these are thing's we should be doing anyways.  And in all likelihood, if you're already acting in a secure manner, none of these new threats will require you to change the way you act.  The people who are going to be in danger are the ones who already connect to any hotspot without a second thought and never thought about using encryption on their home wifi network.

Multi-core benefits the security industry and more

Carl Weinschenk posted an article today on ITBusiness Edge in the Network Sentry blog about how the security industry is benefiting from the multi-core architectures now available.  Carl highlights what Check Point is doing with VPN-1 and what American Portwell Technology is doing with security appliances based on dual core technology. Finally, Mindspeed Technologies recent announcement too.  The bottom line here is that with multiple cores available many processor intensive applications are able to run on off the shelf components at a fraction of what customized silicon cost.

This has application beyond security.  I know our own lab stuff has shown how Cobia can take off with multi-core technology.  When you start thinking of virtualization, multi-function and the like, multi-core processors really take it to the next level.  Our security R&D team has some amazing stuff they are playing with that takes advantage of this and I hope to be able to share that with you soon.

The question in my mind is, what does this mean for the custom silicon crowd? With this kind of horsepower available and the onward and upward march of Moore's Law, why invest in custom silicon except for the absolutely most demanding and rewarding applications.  Any appliance vendors who are not looking at running off the shelf hardware, have to be taking a long hard look and wondering why not.  Any customers who are still paying premiums for custom burned silicon that is not even upgradeable have to look at this as well.

Bad guys attacking the black hole lists

One of the downsides to being in the security business is that you become a target for the bad guys (aka hackers).  Most of the times being a target is barely a noticeable difference from the general background noise of the Internet, but once in a while a professional hacking group turns it's attention to you and things get ugly.  Which is exactly what's happening with three of the email black hole lists (BHL) right now.

After what happened last year with Blue Security, I'm afraid I can't say I'm surprised by this.  In fact, I was having a conversation with someone on the IPTables black list who made a statement that no one is safe from this type of DDoS attack.  My first thought was to dismiss his comment as hyperbole, but given the safeguards the servers at Spamhaus must have in place to prevent DDoS attacks and that this was a successful attack, the hackers obviously can get to almost anyone.

I don't think this is something the average business has to worry about.  Yet.  It 's not every hacker out there that can bring the resources to bear to perform the sort of attack that the BHL's are experiencing.  But that day may be coming.   Hopefully the feds  will be able to do something, but I'm not going to be holding my breath waiting for them to move.

I'm  curious to see what the real reason the BHL's are being attacked today.  I can't imagine an attacker who controls the resources it takes to attack these services doing it on a whim.  Either this is a general attack to try to prove to the BHL's that theirs is a business that's too hot to be involved in, or there's something going on behind the scenes that we don't know about yet.  I'm hoping for the general attack, because anything that's worth taking the risks of really rousing the federal government has to be bad for the rest of us. 

I think I'll be a little extra paranoid about email for the next few days.  Don't bother sending me any attachments or links unless I've agreed to it first. 

Banking on vulnerabilities?

I'm amazed at the risks some people are willing to take to make a profit.  Thomas Ptacek has a good article on Intellectual Weapons, a company who's business plan is to pay researchers to find vulnerabilities and then patent every possible patch.  In order to issue a patch, the vulnerable company would have to pay a licensing fee to Intellectual Weapons.  He points out why it's going to take so long for these people to see a profit, and why even then it's likely to be minor.  But he's also cautious because there's always a slim chance that this scheme will work to some degree and make life a little harder for everyone in the industry.

Without even examining the ethics of this sort of business plan, I wonder how investors could be convinced to invest their good money in a venture like this.  I doubt there are very many companies out there who are small enough to be threatened by this, but not have a big enough of a legal department to fight this out in court.  If I was a company the size of Microsoft or Apple and someone tried bringing a case like this against me, I'd squash them in court.  Even against smaller companies this is going to be a questionable tactic, which could be defeated with one judgment against IW.  I have a hard time seeing IW getting enough awards to keep the legal battles going long term.

There's obviously a market in vulnerabilities and this is one scheme to make money off of it.   But to me this is only a couple of steps above hackers selling their 0-days on the black market.  I'll be interested to see if this is a viable business plan or just a way to separate investors from their money