All posts by bradgirman

Getting back on the horse with updating and getting things up and running the way they should be. More updates to come!

A quick video of the warning…

Anonymous member claims responsibility for an attack that has crippled one of the world’s largest website hosts.
by Dan Crabtree
September 10, 2012

Millions of websites hosted by GoDaddy (including godaddy.com and godaddy hosted emails) went down today from 2pm EST to around 7pm EST due to a DNS service outage, which one alleged Anonymous leader is claiming as his handiwork.

Technically, three of GoDaddy’s DNS (Domain Name System) servers failed to resolve as a result of the hack, which Twitter user @anonymousown3r has called his doing. Shortly after GoDaddy sites started dropping by the hundreds of thousands, he tweeted, “#tangodown godaddy.com by @anonymousown3r.” Businesses all over the world struggled to recover their online presence during the five hour outage.

For the vast majority of clients hosting with GoDaddy, the DNS issue wasn’t fixable because GoDaddy holds all the MX records for these sites, and users usually have to log into the GoDaddy site in order to switch DNS providers. While the site was down, millions of site owners had to sit on their hands and wait for the GoDaddy techs to eventually get those servers back online and functioning.

On the GoDaddy site during the outage sat an apologetic message from Scott Wagner, GoDaddy’s CEO, and, of course, a picture of NASCAR Driver Danica Patrick staring into your soul.

The site’s Twitter account promised that the company was “working feverishly to resolve as soon as possible” for several hours prior to many of the sites coming back online. Around 7:30 EST, the site’s Twitter said, “We’re still working. Getting closer to normal. Thanks for all your patience and understanding.”

AnonymousOwn3r purportedly perpetrated the attack on his own, responding to the TechCrunch article on the matter saying, “the attack is not from Anonymous [collective], the attack it’s coming only from me”.

Not much is known about this attacker, but his Portuguese past actions are localized in Brazil. His hacks, also labeled #tangodown on Twitter, have taken down plenty of sites before – sites hosting child pornography, Swedish travel interest, and other domains known to support restrictions to online privacy. This is his largest hack to date.

Last December, Anonymous sent out a message through YouTube to GoDaddy warning it to stop supporting the Stop Online Privacy Act (SOPA), which the company did shortly thereafter. AnonymousOwn3r claims that the attack against GoDaddy is not because he is “anti-GoDaddy”, but that his motives will become apparent in time.

At the time of writing, users are able to get onto the GoDaddy site and log in to view or change any account settings. With this unexpected, surprising attack, many of the domain administrators affected today may be rethinking their DNS provider.

Dan Crabtree is an I.T. guy and freelance writer with words on IGN, and a league of other gaming news outlets. His dog is considered handsome and well-read. You can find him (the human) on Twitter and IGN.
by Dan Crabtree

Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas recently created Frankenstein, software that creates unique malware by combining code from the applications it finds on a PC.

“Once Frankenstein finds itself on a computer, it starts looking for specific pieces of code from programs such as popular web browsers and even Notepad,” writes Softpedia’s Eduard Kovacs. “These elements, called gadgets, ultimately create malware that’s capable of performing certain tasks. ”

“Frankenstein follows pre-written blueprints that specify certain tasks — such as copying pieces of data — and swaps in gadgets capable of performing those tasks,” writes New Scientist’s Jacob Aron. “Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.”

“In Windows Explorer alone, Frankenstein found nearly 90,000 gadgets (snippets of code that perform specific actions) in just over 40 seconds, which means that malware created by the system would have a huge number of possible variations, work quickly, and be very difficult to detect,” writes The Verge’s Kimber Streams.

“The research was part funded by the US Air Force and presented at the USENIX Workshop on Offensive Technologies in Washington earlier this month,” writes HEXUS.net’s Mark Tyson. “Kevin Hamlen, one of the researchers, said that Frankenstein could be useful to infiltrate enemy computer systems with unknown antivirus defences.”

Network World — There’s a growing threat of attacks on computer basic input/output system (BIOS) firmware, and to deter it, the National Institute of Standards and Technology (NIST) is putting in place new security guidelines for updating the BIOS. And in doing this, NIST is getting high-tech manufacturing to raise the bar on security.

“Last September, the first BIOS-based rootkit in the wild was discovered, called Mebromi,” notes Andrew Regenscheid, math researcher and project leader in NIST’s computer security division. While criminals creating malware have spent far more time over the years targeting Windows applications and operating systems (OS), the potential for wreaking serious havoc by subverting the BIOS, which typically works to do jobs such as load the OS, is of growing concern.

IN THE NEWS: New NIST encryption guidelines may force fed agencies to replace old websites

So through new security guidelines that will influence what computers the federal government buys in the future, NIST is setting standards that require authentication of BIOS update mechanisms.

Just this week NIST put out for public comment its proposed federal standard, “BIOS Protection Guidelines for Servers,” with comment sought through mid-September. The intent is to stop any cyberattack related to “unauthorized modification of BIOS firmware by malicious software.”

The NIST document basically says government buyers of servers in the future — whether these are basic servers, managed servers or blade servers — will be checking to see if gear they are thinking of getting has any way to “authenticate BIOS update mechanism,” “secure local update mechanisms,” and if there’s “firmware integrity protection” and “non-bypassability features.”

Encryption-based digital signatures and public-key certificates, among other techniques, are viewed as means of creating these security controls, but NIST isn’t dictating specific processes, according to Regenscheid.

He says the concern is that manufacturers haven’t uniformly applied strong security controls over BIOS in the past. This may be because BIOS updates tend to occur far less often than other kinds of computer software updates. But with the malware threat growing, it’s time to focus on the BIOS, Regenscheid points out.

NIST already issued BIOS security standards for desktops and laptops in April 2011, and the Department of Homeland Security has told federal agencies to use them as a basis for purchasing laptops and desktops, starting this October. The U.S. Department of Defense has issued similar instructions, says Regenscheid. Manufacturers are aware of NIST’s direction in all this and are responding. “Microsoft Windows 8 has BIOS protection for the desktop,” he points out.

The Twitter feed for YourAnonNews just alerted everybody to a PasteBin dump that claims to have hacked the PSN. The guy behind it says that he’s not on Twitter, Facebook or IRC. I’ve never heard of an Anonymous member not on IRC, but let’s indulge him for now.

Here’s the statement from the alleged hacker on PasteBin:

Think outside the box.

I am a man with no name, I’m the man behind Anonymous, hence “master & card visa takedown in 2010”

FBI, will you seize the innocent doors,or a devil behind that door whos staring right at’cha?

I got no twitter,facebook, neither I go in IRC.. if someone takes credit for this pwnage, he’s a faggot.

What’s the target?…It’s SONY, MOTHERF*CKER.

The hacker claims to have the entire PSN database of 10 million accounts. What’s strange is that there were over 70 million accounts compromised in last year’s attack. Regardless, he says that the entire thing is sized at 50 GB and is willing to give it to anybody who emails him.

The PasteBin dump includes a list of alleged usernames, passwords and email addresses for a number of users. The usernames and passwords are all encrypted, while the email addresses are not.

If true, this would be the second time that Sony’s PSN has been hacked by Anonymous. The first time saw the service go down around the world for more than a month as Sony worked to get everything back up.

Kotaku points out that the PasteBin list is similar to one from a few months back. The dump contained credentials for people working at Universal Music Group. Add to that the fact that the suspected hacker gets the number of PSN accounts wrong, and you have a troll trying to get a rile out of people.

For now, it looks like this is all just a ruse to get a reaction out of PSN gamers. It wouldn’t be a bad idea to change your password, but it looks fake for now.

UPDATE: Shane Bettenhausen at Sony just told Kotaku that Anonymous’ claim is “totally fake.” You can go back to playing your games now.