mask.of.sanity (1228908) writes "Honeypots are the perfect bait for corporate IT shops to detect hackers targeting and already within their networks and now a guide has been published to build a dirt cheap battalion of the devices from Raspberry Pis. "By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor," the author explained."
Become a fan of Slashdot on Facebook
coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.
jfruh (300774) writes As social networks proliferated in the early '10s, so did the idea of a corporate social network — a Facebook-like community on an intranet where employees could interact. Unfortunately, corporate users are staying away in droves, perceiving the systems as one more in-box they'd have to take care of and getting their social-networking fix from Facebook and the like. From what I've seen of these internal networks, another good reason is that they're not as good as the full-time social networks are, and offer access only to a small universe of particpants anyhow. They're like a central-casting "rock band" in '80s movies — they come off as conspicuously aping the real thing.
UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
holy_calamity writes "MIT Technology Review reports on a new cryptosystem designed to protect stolen data against attempts to break encryption by brute force guessing of the password or key. Honey Encryption serves up plausible fake data in response to every incorrect guess of the password. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data. Ari Juels, who invented the technique and was previously chief scientist at RSA, is working on software to protect password managers using the technique."
Freshly Exhumed writes "TorrentFreak has broken the news that after more than a year of downtime the Demonoid tracker is back online. The tracker is linked to nearly 400,000 torrent files and more than a million peers, which makes it one of the largest working BitTorrent trackers on the Internet. There is no word yet on when the site will make a full comeback, but the people behind it say they are working to revive one of the most famous file-sharing communities. As the single largest semi-private BitTorrent tracker that ever existed, Demonoid used to offer a home to millions of file-sharers. Note that this is apparently the original Demonoid and not the d2 site that claims to be using the Demonoid database."
An anonymous reader writes "The Foursquare blog has an interesting post about some of the math they use to evaluate and verify the massive amount of user-generated data that enters their database. They need to figure out the likelihood that any given datapoint accurately represents reality, so they've worked out a complicated formula that will minimize abuse. Quoting: 'By choosing the points based on a user's accuracy, we can intelligently accrue certainty about a proposed update and stop the voting process as soon as the math guarantees the required certainty. ... The parameters are automatically trained and can adapt to changes in the behavior of the userbase. No more long meetings debating how many points to grant to a narrow use case. So far, we've taken a very user-centric view of p-sub-k (this is the accuracy of user k). But we can go well beyond that. For example, p-sub-k could be "the accuracy of user k's vote given that they have been to the venue three times before and work nearby." These clauses can be arbitrarily complicated and estimated from a (logistic) regression of the honeypot performance. The point is that these changes will be based on data and not subjective judgments of how many "points" a user or situation should get."
mrspoonsi writes "Dutch researchers conducted a 10-week sting, using a life-like, computer-generated 10-year-old Filipino girl named 'Sweetie.' During this time, 20,000 men contacted her. 1,000 of these men offered money to remove clothing (254 were from the U.S., 110 from the U.K. and 103 from India). Charity organization Terre des Hommes launched a global campaign to stop 'webcam sex tourism.' It has 'handed over its findings to police and has said it will provide authorities with the technology it has developed."
An anonymous reader writes "The administrator of file-sharing site UploaderTalk shocked and enraged his userbase a few days ago when he revealed that the site was nothing more than a honeypot set up by a company called Nuke Piracy. The main purpose of the site had been to gather data on its users. The administrator said, 'I collected info on file hosts, web hosts, websites. I suckered $#!&loads of you. I built a history, got the trust of some very important people in the warez scene collecting information and data all the time.' Nobody knows what Nuke Piracy is going to do with the data, but it seems reasonable to expect lawsuits and the further investigation of any services the users discussed. His very public betrayal is likely meant to sow discord and distrust among the groups responsible for distributing pirated files."
First time accepted submitter xavier2dc writes "TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post, this one, this security analysis [PDF], also related on that blog post from which IsTrueCryptAuditedYet? was born. One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the official binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources."
Despite being part of public court proceedings, Comcast sent a notice of infringement ordering Torrent Freak to stop hosting a letter linking a subscriber to Prenda Law. From the article: "Comcast has sent TorrentFreak a cease and desist letter, claiming copyright over contents of an article which revealed that Prenda Law was involved in operating a pirate honeypot. Failure to comply will result in a lawsuit in which the Internet provider will seek damages, a Comcast representative informs us. In addition, Comcast also alerted our hosting provider, who is now threatening to shut down our server."
lightbox32 writes "Porn-trolling operation Prenda Law sued thousands for illegally downloading porn files over BitTorrent. Now, a new document from Comcast appears to confirm suspicions that it was actually Prenda mastermind John Steele who uploaded those files. The allegations about uploading porn to The Pirate Bay to create a 'honeypot' to lure downloaders first became public in June, when an expert report filed by Delvan Neville was filed in a Florida case. The allegations gained steam when The Pirate Bay dug through its own backup tapes to find more evidence linking John Steele to an account called sharkmp4." The problem for Prenda being that initiating the torrent would give anyone who grabbed it an implied license.
holy_calamity writes "MIT Technology Review reports that APT1, the China-based hacking group said to steal data from U.S. companies, has been caught taking over a decoy water plant control system. The honeypot mimicked the remote access control panels and physical control system of a U.S. municipal water plant. The decoy was one of 12 set up in 8 countries around the world, which together attracted more than 70 attacks, 10 of which completely compromised the control system. China and Russia were the leading sources of the attacks. The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."
snydeq writes "Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security, writes Roger A. Grimes, introducing his five true tales of (mostly) white hat hacking. 'Three guys sitting in a room, hacking away, watching porn, and getting paid to do it — life was good,' Grimes writes of a gig probing for vulnerabilities in a set-top box for a large cable company hoping to prevent hackers from posting porn to the Disney Channel feed. Spamming porn spammers, Web beacon stings with the FBI, luring a spy to a honeypot — 'I can't say I'm proud of all the things I did, but the stories speak for themselves.'"
msm1267 writes "Conpot, short for Control Honeypot, is one of the first publicly available honeypots for industrial control systems (ICS) and SCADA gear. Built by two researchers from the Honeynet Project, the hope is that others will take what they started, deploy it on their own critical infrastructure networks and share the findings. 'The main goal is to make this kind of technology available for a general audience,' said Lukas Rist, one of the developers. 'Not just for security researchers, but also for people who are sysadmins setting up ICS systems who have no clue what could happen and want to see malware attacks against their systems and not put them in any danger.'" Unlike previous ICS Honeypots, this one simulates the control systems rather than requiring that you happen to own an actual industrial control system.
CowboyRobot writes "Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information. That's the thinking behind the 'honeywords' concept first proposed this month in 'Honeywords: Making Password-Cracking Detectable (PDF),' a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest (the 'R' in 'RSA'). Honeywords aren't meant to serve as a replacement for good password security practices. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users' passwords have been compromised."
First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."
hypnosec writes "Red Hat has announced the availability of a preview version of its OpenStack Distribution that would enable it to compete with the likes of Amazon which is considered one of the leaders in infrastructure-as-a-service cloud services. The enterprise Linux maker was a late entrant into the OpenStack world where players like Rackspace, HP and Internap have already made their mark. Red Hat's OpenStack distribution enterprises can build and manage private, public, and hybrid infrastructure-as-a-service clouds. These companies will not only be competing with the likes of Amazon, but will also be competing against themselves to get a bite out of the IaaS cloud. What started as a project has quickly developed into an open source solution that enables organizations to achieve performance, features and greater functionality from their private and/or public clouds. The announcement of OpenStack Foundation acted as a catalyst toward the fast-paced development of the platform."
tsu doh nimh writes in with news of a major sting operation against carders. From the article: "The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of 'UGNazi,' a malicious hacking group that has claimed responsibility for a flood of recent attacks on Internet businesses." The trick: the FBI ran a carding forum as a honeypot.