A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. The name of the virus is yet to be known, as details are still emerging about how the malicious code got into the systems in the first place. Could this be a belligerent enemy to US forces attacking their main weapon in use for remote regions? Ars Technica has the story after the jump.
An interesting article over at The Register shows how the now infamous ~6 million strong Conficker botnet/worm stays ahead of the curve in terms of Information Security by staying proactive and paranoid in how it is managed. Although the classification of the worm only goes from A through E, the botnet itself is ever-evolving; creating a nightmare for researchers world-wide in detection and cleansing of infected machines. It is unknown who runs the botnet, but it is known that the technical skill behind its command is very much on the bleeding-edge of security as well as social engineering. For instance, the worm uses simple exploits to infect Windows machines, but it phones home to domain names which can no longer be predicted and shut-down to receive new instructions and updates to the code that infects the machine. It has used scareware in the past to spread as well, such as bogus security software. It has even gone so far as to actually remove or fix other security threats on an infected machine to avoid detection. It constantly stays up-to-date and often mitigates even the newest anti-malware tools designed to remove it.
What makes it so hard to remove is its inability to be cracked. It has used the MD6 cryptographic hash function that was a candidate for the NIST SHA-3 Hash Competition with a 4096-bit RSA key. Even when a buffer-overflow vulnerability was discovered in MD6, the botnet’s owner corrected the implementation within a matter of days. There is an entire working group called The Conficker Working Group tasked entirely to the botnet, which has yet to break-in and take any sort of control away from whoever runs it.
Bruce Schneier writes about a new cryptanalysis attack published recently brings the SHA-1 hashing algorithm increasingly closer to a realistic collision. Considering the SHA-1 algorithm is designed closeley to the principles of MD4 and MD5 hashing algorithms, it seems not a question of if, but a question of when. Bruce writes:
A new attack can, at least in theory, find collisions in 252 hash operations — well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.
This has little immediate real-world implications on data security since most have moved on to stronger or the SHA-2 family of algorithms which, for now, are safe. Nontheless, the NIST has already begun development on a “SHA-3″ algorithm with publication to be expected in 2012.
My name is Kyle Jones, M32 Security is my collection of noteworthy IT and Network Security news, links, resources, and various other NetSec tidbits. If you find something interesting, feel free to register and make a comment on it or contact me.
