SSL and internet security news

penetrationtesting

Auto Added by WPeMatico

Websites Conducting Port Scans

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors.

Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known for (with a few blanks for ones I am unfamiliar with):

  • 5900: VNC
  • 5901: VNC port 2
  • 5902: VNC port 3
  • 5903: VNC port 4
  • 5279:
  • 3389: Windows remote desktop / RDP
  • 5931: Ammy Admin remote desktop
  • 5939:
  • 5944:
  • 5950: WinVNC
  • 6039: X window system
  • 6040: X window system
  • 63333: TrippLite power alert UPS
  • 7070: RealAudio

No one seems to know why:

I could not believe my eyes, but it was quickly reproduced by me (see below for my observation).

I surfed around to several sites, and found one more that does this (the citibank site, see below for my observation)

I further see, at least across ebay.com and citibank.com the same ports, in the same sequence getting scanned. That implies there may be a library in use across both sites that is doing this. (I have not debugged into the matter so far.)

The questions:

  • Is this port scanning “a thing” built into some standard fingerprinting or security library? (if so, which?)
  • Is there a plugin for firefox that can block such behavior? (or can such blocking be added to an existing plugin)?

I’m curious, too.

Powered by WPeMatico

CIA Network Exposed through Insecure Communications System

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure:

Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected — and there would be no way to trace the communication back to the CIA. But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.

In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.

U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official — links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA’s own website, according to the former official.

People died because of that mistake.

The moral — which is to go back to pre-computer systems in these high-risk sophisticated-adversary circumstances — is the right one, I think.

Powered by WPeMatico