Secure Tomorrow

Let me start by saying I am not endorsing the use of P2P for illegal uses. The goal of my blog is to raise security awareness as a whole. Now, that said…

Arstechnica is running a story right now about a team of California researchers looking at the impact of using a blocklist when connecting to P2P networks and how that coincided with how likely you were to be tracked. Their findings?

“The old cliché “You’re not paranoid if they really are out to get you” turns out to apply quite nicely to the world of P2P file-sharing. A trio of intrepid researchers from the University of California-Riverside decided to see just how often a P2P user might be tracked by content owners. Their startling conclusion: “naive” users will exchange data with such “fake users” 100 percent of the time.”

I will highlight the conclusions for those who do not wish to read the whole article.

1. If you don’t use a blocklist, you will be tracked. Every one of the researchers’ test clients that did not use a blocklist soon connected to an IP address found within those lists. It turns out that 12 to 17 percent of all IP addresses on the network belonged to these blocklisted ranges.
2. Trackers aren’t that hard to avoid. While “naive” clients may all connect to blocklisted users, it wasn’t that hard to stay away from the vast majority of such “fake users.” Researchers found that “avoiding just the top 5 blocklisted IPs reduces the chance of being tracked to about 1 percent.”
3. Content owners hide their tracks. Much of this tracking work is farmed out from content owners to companies like SafeNet and BayTSP, and these companies in turn take care to hide their tracks. When the researchers ran reverse DNS lookups on the blocklisted ranges, they found that only 0.5 percent of those addresses resolved back to media companies in an obvious way.
4. Meet the BOGONS. One of the strategies for remaining anonymous is to operate from BOGON IP ranges. These ranges are unallocated blocks of addresses that should ordinarily not be used on the public Internet. Of the top fifteen blocklist entities that were discovered during testing, 12 were in BOGON ranges. The researchers note that “these sources deliberately wish to conceal their identities while serving files on P2P networks,” and reverse DNS queries on these addresses produce little useful information.

If you are using a P2P network, know the value of a blocklist. Using a blocklist isn’t a silver bullet by any means. Whether it be someone gathering information for a future lawsuit or a malicious user or group doing information reconnaissance, it will at least give you an additional layer of security.

The original article isn’t very long (one page). If you wish to read the full article you can find it here: P2P researchers: use a blocklist or you will be tracked… 100% of the time

If you wish to read the the results of the study they are outlined in a recent paper here: “P2P: Is Big Brother Watching You?” (PDF)

Kevin Blanchard blocklist, p2p, research

Forbes is running an interesting article right now about the weaknesses in many of the critical points in our countries infrastructure.

“The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant’s owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM’s Internet Security Systems, found otherwise.”

“It turned out to be one of the easiest penetration tests I’d ever done,” he says. “By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant. I thought, ‘Gosh. This is a big problem.’”

It’s a dangerous combination. Unpatched and outdated control software, plus a poor understanding of needed security and a splash of good old fashioned US ego(tm). The Achilles heal in many of these cases is the Supervisory Control and Data Acquisition software, or SCADA. With more and more of our infrastructure connected to the internet along with vendors making it difficult or impossible to patch SCADA software, it puts key locations within our infrastructure at serious risk.

This article covers the problem but doesn’t go into talking about solutions. Security is, or at least should be a multi-layered approach. For the incident in the article it seems the nuclear power plant was incredibly vulnerable. I imagine the security put in place was far below what most of us would consider adequate for a mid to large sized company, more less a nuclear power plant. Hopefully articles like this will open the eyes more about how vulnerable we really are. Whether it be a terrorist attack, Russian mafia, or just another nasty worm like Slammer, we need to start looking at ways to seal these small holes huge gaps in security, in a consistent and secure manor, esp when it comes to critical pieces of our countries infrastructure.

Kevin Blanchard national security, research