Forgot your password?
typodupeerror

Comment: Re:FUD (Score 2, Insightful) 86

by crypticwun (#33521706) Attached to: DHS CyberSecurity Misses 1085 Holes On Own Network
Actually, reading the report tells me that the problems were almost certainly Windows desktop systems lacking a cohesive patch management solution. Also, if you read further the IG even states that as of the time this report was published all the problems were already remediated including acquisition and deployment of a "software management" solution. Further, the IG claims that NCSD is not following FISMA. NSCD is not a legally recognized entity (agency) under statute, so that means *DHS* is the responsible party for FISMA reporting. FINALLY, US-CERT != the troubled network. US-CERT uses that network, but has no control over the operations of that network. Both the IG and Wired go out of their way to NOT make the distinction on that.

Comment: Re:Entropy depletion (Score 3, Interesting) 64

by crypticwun (#30995586) Attached to: Botnet Targets Web Sites With Junk SSL Connections

1) The code function does NOTHING with any data returned by the server.
2) This version of pushdo is using SSLv3 to phone home (HTTP over SSL) to its C2 (Command & Control).
3) When looking purely at netflow records or using tcpdump/wireshark, you will see 30+ SSL connections taking place at once. Only 1-2 of those connections is to the C2.
3.5) Many admins don't set up matching PTR records in DNS, so you won't easily be able to map back the IPs to the "common"/well-known hostnames.
4) ... ?
5) profit!
The idea is to make it HARD, not impossible to identify the C2 systems. Note well that the C2's might never connect back to the botnet client systems. Instead another tier of slightly more disposable hosts are likely to perform that function.

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant

Working...