Language Selection

English French German Italian Portuguese Spanish

Worms could dodge Net traps

Filed under
Security

In a pair of papers presented at the Usenix Security Symposium here Thursday, computer scientists said would-be attackers can locate such sensors, which act as trip wires that detect unusual activity. That would permit nefarious activities to take place without detection.

Internet sensor networks, such as the University of Michigan's Internet Motion Sensor and the SANS Internet Storm Center, are groups of machines that monitor traffic across active networks and chunks of unused IP space. The sensor networks generate and publish statistical reports that permit an analyst to track the traffic, sniff out malicious activity and seek ways to combat it.

Just as surveillance cameras are sometimes hidden, the locations of the Internet sensors are kept secret. "If the set of sensors is known, a malicious attacker could avoid the sensors entirely or could overwhelm the sensors with errant data," a team of computer scientists from the University of Wisconsin wrote in its award-winning paper titled "Mapping Internet Sensors with Probe Response Attacks."

But the Wisconsin researchers discovered that the sensor maps furnish just enough information for someone to create an algorithm that can map the location of the sensors "even with reasonable constraint on bandwidth and resources," John Bethencourt, one of the paper's authors, said in his presentation.

Full Story.

More in Tux Machines

Security News

  • Security updates for Wednesday
  • Cisco learned from Wikileaks that the CIA had hacked its systems
    When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems swung into action. The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco's widely used Internet switches, which direct electronic traffic, to enable eavesdropping.
  • Exposed files on Microsoft's document-sharing site
    Confidential documents, passwords and health data have been inadvertently shared by firms using Microsoft's Office 365 service, say researchers. The sensitive information was found via a publicly available search engine that is part of Office 365. Security researchers said many firms mistakenly thought documents would only be shared with colleagues not globally. Microsoft said it would "take steps" to change the service and remove the sensitive data.
  • Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware
    The US Department of Justice announced yesterday that Maxim Senakh, 41, of Velikii Novgorod, Russia, pleaded guilty for his role in the creation of the Ebury malware and for maintaining its infamous botnet. US authorities indicted Senakh in January 2015, and the law enforcement detained the hacker in Finland in August of the same year.
  • Changes coming to TLS: Part One
    Transport layer Security version 1.3 (TLS 1.3) is the latest version of the SSL/TLS protocol which is currently under development by the IETF. It offers several security and performance improvements as compared to the previous versions. While there are several technical resouces which discuss the finer aspects of this new protocol, this two-part article is a quick reference to new features and major changes in the TLS protocol.

Red Hat and Fedora

Android Leftovers

CUPS 2.2.3 Adds Support for PPD Finishing Keywords, IPP Everywhere Improvements

CUPS 2.2.3 is the third point release to the stable 2.2 series of the project, bringing a bunch of IPP Everywhere improvements, such as support for all print qualities and media types that a printer supports, in the print queues. Additionally, it makes IPP Everywhere finishings support work correctly with common command-line and UI (User Interface) options, and updates the PPD generator to return helpful error messages. Support for PostScript Printer Description (PPD) finishing keywords was also introduced in this release. Read more