Jul 022011

The infosec world was a buzz (or a tweeting) this morning with news that the popular file service dropbox has changed their legalese. The key paragraph that is now getting attention is as follows:

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

Many professionals have now deleted their accounts.  We will see how the general public reacts to this change in terms of service.  Personally, I never used the service and certainly never will on those terms.

For those of you who need to store data “in the cloud” (in other words, on the Internet), there are some alternatives out there.  Here is a google+ post: https://plus.google.com/u/0/115846783938665223975/posts/LnxqCCTtjVV.  And here is an older article before this issue: http://techpp.com/2010/07/05/dropbox-alternatives-sync-files-online/.

Keep in mind, this is occurring shortly after dropbox had a serious authentication issue which essentially removed any passwords from all accounts for four hours.  There was evidence that that was exploited while the vulnerability existed.

Mar 102011

Fortinet has recently posted a blog post on the history of computer viruses at 40th Anniversary of the Computer Virus | Fortinet Security Blog. From a historical perspective it is a fascinating read. A couple of ones from a personal note:

Creeper: Catch me if you can. This was an experimental virus developed in 1971. It is the grand daddy of viruses. It was a relatively benign virus. And, it was actually a demonstration of mobile code. It would pick itself up and move to the next computer, vs. replicating like today’s viruses.

The article does not deal with The Morris Worm. However, I feel it needs to be mentioned in any discussion about malware. The worm utilized known vulnerabilities in a variety of UNIX services. Unfortunately, it got out of control and ended up performing a Denial of Service attack across the young Internet in 1988. The CERT was created by DARPA as a result of this worm.

When I was a UNIX administrator back in the mid 1990s, we would laugh about all of the forwards people would send about warning of viruses from email. After all, how could you get a virus from reading an email in Pine or Elm. The I Love You virus in 2000 changed all of that with help from Microsoft’s desktop security model. This was one of the first full scale viruses to affect normal users.

In 2001, IIS, Microsoft’s web server was attacked via Code Red. This is different than the traditional virus or worm which attacks the desktop. It exploited a buffer overflow in the indexing system of IIS. I remember being on the front end of the fight of this battle. Our Internet connection was acting slow. While troubleshooting, we decided to reboot our firewalls. When this happened our IIS servers crashed. Funny coincidence we thought. An hour later, we did it again. They crashed again. It was not until the chatter on the security mailing lists picked up late that afternoon that we figured out what was going on. At that point, we were able to take the appropriate action.

Just last year, Stuxnet appeared and targeted Iran’s nuclear industrial machines in a very subtle way. I am not going to get into the details of Stuxnet, as there are plenty of sources out there who can explain it better than I. What is fascinating about it is that it appears to be the start of nations writing malware to directly attack another nation’s specific resources. The effort, skill, and knowledge needed to implement this malware successfully is quite amazing… and scary.