Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-05-05 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Talented and Creative Group We Are

Published: 2006-05-05
Last Updated: 2006-05-05 20:08:33 UTC
by Deborah Hale (Version: 1)
0 comment(s)
Ok - We all know what a talented and creative group our Handlers are.  Some of them may be the most intelligent and talented programmers on earth.  Ok, maybe that is an exaggeration,  however we do have 3 of the finest in our amazing group.  By that I am referring to Tom Liston, Ed Skoudis, and Mike Poor.  These 3 brilliant minds have come together and created a nifty site to test just how well your computer is protected from the perils of the Net.

These sharp chaps have developed a web site that they call Spycar.

What is Spycar?
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form.  Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.

Check it out at www.spycar.org.

There are 17 tests that can be run.  (Tom assures me that these are harmless tests). Let us know how well they have done.  Let us know what program you are using and how many reds you get.


Keywords:
0 comment(s)

Google Grants for summer of code

Published: 2006-05-05
Last Updated: 2006-05-05 19:03:35 UTC
by donald smith (Version: 2)
0 comment(s)

Google is once again sponsoring grants of $4,500 for students to work on open source software. Applications are only accepted between May 1st and May 8th 5:00PM PDT. The google summer of code site http://code.google.com/summerofcode.html is returning a 502 error code right now, possibly due to that deadline and the number of people who are interested.

Projects that qualify for these grants includes one of my favorite tools NMAP.
From: http://www.insecure.org/nmap/GoogleGrants.html
"The 2005
Google Summer of Code project was a tremendous success (project results) and benefit to the Nmap Project, so we are delighted to announce that we are participate again for their 2006 program! This innovative and extraordinarily generous program provides $4,500 stipends to hundreds of university students to create or enhance open source software during their summer break!"


Update the google summer of code site is being responsive again.
You can find a complete list of the Mentoring Organizations here now.
http://code.google.com/summerofcode.html

Keywords:
0 comment(s)

Reports of Other DDos Attacks Taking Place

Published: 2006-05-05
Last Updated: 2006-05-05 15:51:05 UTC
by Deborah Hale (Version: 1)
0 comment(s)
One of our readers emailed us saying that their website had also experienced the same type of activity earlier in the week that BlueSecurity is reporting now.  This  site also deals with  security  related issues.  The reader posed this question "Are there other security related websites that are experiencing the same type of activity?" 

So, if you have any information about other sites that have experienced a DDOS recently let us know.


Deb
Handler On Duty


Keywords:
0 comment(s)

Email from Guy Rosen at Blue Security

Published: 2006-05-05
Last Updated: 2006-05-05 11:46:45 UTC
by Deborah Hale (Version: 1)
0 comment(s)
We just received an email from Guy Rosen at BlueSecurity outlining what they have been dealing with all week.  Here is the email in it's entirety:

Hi handlers,

In the midst of us working to restore our service after the major attacks on our service, I noticed the second mention of us in the handlers' diary and thought I might give you guys an update of what's going on back here. As you can see I'm writing from my personal email since much of our access is still limited.

So, what have we seen this week?
Monday:
 - Spam-based threats and accusations
Tuesday:
 - Our website www.bluesecurity.com is cut off from outside of Israel by a mysterious routing change
 - Later on, huge DDoSes lash out at our service's servers (but NOT the www, note!), with adverse effects to several different hosting facilities in which they were located.
 - To restore access to our inaccessible www site and keep our users informed, we restore an old blog we had and point www there.
 - Within about an hour, a DDoS attacks the blog site on which that blog was located.
Wednesday:
 - A massive DDoS goes out at our domain's DNS provider, causing a service outage that affected their customers.
Thursday:
 - DDoSes continue as we relocate our service to bring it back up. One estimate was of something of the order of 10 million packets/sec coming in.
Friday:
 - Today we are slowly coming back up and hope to see the service working soon.

I have to say that the great lengths the spammers have gone to in order to bring us down are worrying, not only in the specific context in which they took place in this last week, but I think given the general idea that so much power is available to people of this nature and that they are willing to use it in order to see things go their way. Seeing us as a threat, they did not seem to care who they brought down on the way.

I'm looking forward to seeing the ideas people bring up in response to your call for anti-DDoS suggestions.

Thanks,

Guy Rosen
Blue Security


We wish Blue Security a full and successful return to the net.


Deb Hale
Handler On Duty
Keywords:
0 comment(s)
Diary Archives