Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:FUD (Score 2, Insightful) 86

Actually, reading the report tells me that the problems were almost certainly Windows desktop systems lacking a cohesive patch management solution. Also, if you read further the IG even states that as of the time this report was published all the problems were already remediated including acquisition and deployment of a "software management" solution. Further, the IG claims that NCSD is not following FISMA. NSCD is not a legally recognized entity (agency) under statute, so that means *DHS* is the responsible party for FISMA reporting. FINALLY, US-CERT != the troubled network. US-CERT uses that network, but has no control over the operations of that network. Both the IG and Wired go out of their way to NOT make the distinction on that.

Comment Re:Entropy depletion (Score 3, Interesting) 64

1) The code function does NOTHING with any data returned by the server.
2) This version of pushdo is using SSLv3 to phone home (HTTP over SSL) to its C2 (Command & Control).
3) When looking purely at netflow records or using tcpdump/wireshark, you will see 30+ SSL connections taking place at once. Only 1-2 of those connections is to the C2.
3.5) Many admins don't set up matching PTR records in DNS, so you won't easily be able to map back the IPs to the "common"/well-known hostnames.
4) ... ?
5) profit!
The idea is to make it HARD, not impossible to identify the C2 systems. Note well that the C2's might never connect back to the botnet client systems. Instead another tier of slightly more disposable hosts are likely to perform that function.

Slashdot Top Deals

No amount of careful planning will ever replace dumb luck.