Why your site could be taken down by some fridges

--Originally published at tc2027 – Ce qui est chouette

This post’s topic will be IoT botnets.

Internet of Things

Starting with the basics, IoT (Internet of Things) refers to the concept of tangible devices—fridges, cars, security cameras—being hooked up with wires, electronics—sensors—and software and having access to a network to communicate with one another, broadcast data to other. In IoT, these intelligent fridges are called a Thing; that is a device with an IP address and the ability to transmit data over a network.

SAMSUNG DIGITAL CAMERA
OMFG! It’s the EVIL FRIDGE! by Fabio on Flickr under a CC License.

What is a Botnet?

Any device that has been hijacked is called zombie or bot; an IoT Thing that has been taken over is then called a Thingbot—honestly, I think they messed up, zombie horde sounds way cooler than Botnet. Anyway, a Botnet is a distributed network made up of many of these IoT Things, that have been hijacked—by malware—to relay messages on command.

The bot part of the Botnet connects to a control center, usually just an encrypted chat room or a bot-exclusive chat room. At any moment the owner of the botnet can access the control server and ask its members to do stuff, like dance or destroy humanity. These botnets can be used perform distributed attacks, like DDoS; to steal data; to redistribe the malware that infected them, becoming the thing they swore to destroy in the first place—I trusted you . . . you were my brother, Anakin; generate bitcoins; or simply download and run a file. An example of a Botnet malware is Mirai.

How can I protect my Thing from becoming a Zombie?

Upgrade its firmware and secure access to it with smart user-and-password combos.

– Totally not a Botnet.

References
IT Security Guru. (January 21, 2014). The Internet of Things – Thingbot. On Continue reading "Why your site could be taken down by some fridges"

Los Dedos te atacan

--Originally published at tc2027 – Ce qui est chouette

This post will deal with DoS (Denial of Service) and DDoS (Distributed Denial of Service). Los Dedos te atacan comes from DDoS sounding like dedos (fingers in spanish) when reading from a spanish perspective.

9343757575_ec9f5efe75_o.jpg
Hand by Hana Tichá on Flickr under a CC License.

DDoS and DoS attacks have the same goal. Render an online service—like an API, online gaming networks like Xbox Live or PlayStation Network, or your average webpage—unavailable for its legitimate users. This is usually done by flooding the victim’s server with requests or performing a particular request that triggers some action to bring the server down. In the end, both these attacks set their aim at the Availability part of the CIA Triad.

A traditional DoS attack consists on the same computer performing these requests, so you could imagine this type of attacks would be easy to defend against. SPOILER ALERT: they are. Usually just a check for the same IP address making multiple requests in a short span of time does the trick. The real problem lies with DDoS, mainly because of the first D.

DDoS attacks are the steroid-pumped version of DoS attacks, is just mentioned, because of the Distributed part of it. A DDoS attack is based on the same idea, but instead of a single computer, the culprit of the attack is a network of computers of any type—hijacked personal computers, remote servers from all around the globe, or IoT things, like fridges or security cameras. The fact that this network could be distributed, in the geographical sense, means that identifying the attacking computers is harder and takes much more time.

Types of DoS

Now onto the details, these are the classes of DoS attacks:

TCP.

This type of attack attempts to block all the available connections to the infrastructure Continue reading "Los Dedos te atacan"

Three letters to rule them all

--Originally published at tc2027 – Ce qui est chouette

This post will deal with the CIA, but it won’t be about the usual, let’s call it fun and secretive CIA, this is about the concept of information security called The CIA Triad, which is a model that guides and evaluates policies regarding information security inside an organization. These three letters stand for ConfidentialityIntegrity, and Availability.

Spies - emory allen
Spies by Emory Allen on Flickr under a CC License.

Confidentiality

Generally, this concept refers to the rules that limit access to the provided information. This concept revolves around privilege, in the sense of user privilege—not the fuzzy SJW privilege—, like an administrator user, a public user or a specific user. Confidentiality relies on the following three principles—this is quickly becoming a tree, isn’t it . . . —: Identity, Authorization and Authentication, because if any of these is compromised, so is confidentiality. Let’s say someone steals your online credentials, your identity has been hijacked, and now they can access your stuff, so this service’s confidentiality is lost. In reality, confidentiality is all about how your data is classified and how credentials are secured.

Integrity

This concept refers to making sure that information gets to where its headed with no detours and without losing anything on the journey. That is, make sure the information hasn’t been tampered with when traveling from source to destination or whenever it makes a pit stop. One way to prove integrity is to add a hash along with the message, and on the recipient’s end the hash is calculated and compared against the one included with the message; if it matches, the data received hasn’t lost its value.

Availability

To make sure that a service is available for use. A secure service should be reliably available to the right people. This concept is the target Continue reading "Three letters to rule them all"