Good Always Comes Out of Bad

[David Farber <dave () farber net>]

________________________________________
From: bobr () bobrosenberg phoenix az us [bobr () bobrosenberg phoenix az us]
Sent: Saturday, June 28, 2008 7:34 PM
To: David Farber
Subject: ISC:  Good Always Comes Out of Bad

Dave

Perhaps for I.P.

This item comes from the Internet Storm Center run by sans.org.

Bob


 Good Always Comes Out of Bad
Published: 2008-06-28,
Last Updated: 2008-06-28 20:12:37 UTC
by Lorna Hutcheson (Version: 1)
http://isc.sans.org/diary.html?storyid=4637


In the past couple of days, reports have surfaced on the hijacking of the domains
for ICANN and IANA attributed to the group NetDevilz.  According to news articles,
an ICANN spokesman stated they were unaware of the events.  The total time for the
redirection before the entry was corrected was about twenty minutes.  However it
will take 24 to 48 hours after the correction to ensure all the DNS entries are
updated.  In that time, users were redirected to a site that stated the follow:

“You think that you control the domains but you don’t! Everybody knows wrong. We
control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish
hackers group)”

What triggered the changing of the DNS entries has not been disclosed that I have
found.  Dancho Danchevs blog shows an email address listed in the updated records
and note the email address in the entry called "foricann1230 () gmail com" as well as
the date they were updated as June 26.  Regardless of how it happened (though I'm
sure everyone would like to know) there is a big concern here.  Nothing on the
internet is safe and if this can happen to these folks, it can happen to anyone.

It is events such as this that make me more determined to stay a hard nose when it
comes to security and protecting the
organization I am supporting.  These events actually do have good that comes out of
them.  I always print out these articles and do a screenshot of the article and save
it to a file with the url of where I got it.  I can then add them to a presentation
and also use them as pass arounds during a presentation or simply highly key points
and discuss them with the group.  It is very useful to show to management that the
threat is real and we can't let our guard down.  As managers and users alike, they
don't understand security, the threats, how they work and the dangers that are
lurking on the Internet.  It's hard for management to understand why your security
officer sounds like a paranoid lunatic and wants more money for security:>)  Doing
this has really helped me to get their attention and to justify the funding to help
plus up weak points in our security posture.

So, take advantage of events that have high publicity such as these, include them in
reports to your management and use them to help educate people.  Even though the bad
guys may gained an inch, let use it against them to gain a mile in the world of
security. We can do this by learning from it and working to use it to increasing
awareness and move our own security posture forward.




-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com