About the fineprint in Software patents (Motorola vs. Apple)

Mika/ February 24, 2012/ High Entropy, Internet

Recently Motorola sued Apple because of Patent EP0847654 and Apple deactivated the push function for e-mails. Only on mobile platforms. Only for iCloud and MobileMe. Only within the borders of Germany. See http://support.apple.com/kb/TS4208. What happened? While everyone in the blogosphere is ranting about e-mail pushing being patented etc. I dared to search for the original patent text and was a little bit surprised: The Patent goes back to 1996 The title is “Multiple Pager Status Synchronisation System and Method” In my opinion it describes something unrelated to modern e-mail systems. The patent describes a trivial three-message exchange over radio communication to ensure that multiple pagers in a group reflect the same status whether a message has already been read. Nothing about e-mail in general can be found. This is the reason for affecting only

Read More

Five Million, quick and easy!

Mika/ February 19, 2012/ High Entropy, Odd, Security Intelligence

A good friend and former colleague of mine asked me recently, whether I could give him a tip how to make 5M quick and easy. My answer was “Nothing I could think of which doesn’t involve a lot of nasty things and imply a long stay in jail”. But that’s not what I wanted to discuss here, although it’s somehow related: We had a couple of talks at the DeepSec which shed a little light on the underground economy and I also started to take some dives into the “Deepnet” to get acquainted with jargon, topics, trends and so on. Btw: NO, no details on this: not what I have visited, not when or how I registered there, I don’t wanna get doxed (1), these guys can get nasty and we don’t need another

Read More

DeepINTEL: Security Intelligence Event in Late Summer 2012

Mika/ January 20, 2012/ Conference, Internet, Security Intelligence

We are currently finalizing our new event in Summer 2012, focusing on Security Intelligence. Security Intelligence is one the newest disciplines in the IT security zoo and not yet fully defined (e.g. there is no Wikipedia article or rich bibliography of works dealing with the topic). We have been monitoring the Security Intelligence scene now for more than 3 years and found many different approaches, ranging from standard security advisories and alerts to deep insight into the current threat landscape. While some organizations (mostly network equipment vendors) seem to view Security Intelligence just as a new buzz-word for marketing others do a more thorough job: Especially software and anti-virus vendors like Microsoft, McAfee, IBM, Symantec and some ISPs like Verizon and AT&T provide valuable intelligence to the community. Also voluntary groups, free-of-charge spin-offs from

Read More

Security Intelligence, two different Approaches

Mika/ October 20, 2011/ Internet, Report, Security

We are monitoring activities around Security Intelligence since a while and found quite different understandings and approaches. Security Intelligence is one the newest disciplines in the area of Information Security and the goals seems to be quite vague. Different organizations seem to have totally different understandings of what Security Intelligence should be about. To illustrate this I would like to compare two of the leading IT vendors and what they publish as “Security Intelligence”: Cisco Security Intelligence Operations http://tools.cisco.com/security/center/home.x Cisco lists on the Security Intelligence Portal mainly security advisories, alerts, responses and information about Cisco product updates, signature updates, mitigation bulletins virus watch and similar topics. To provide this kind of information is in my humble opinion the task of a CERT (Computer Emergency Response Team) or a PSIRT (Product Security Incident Response Team).

Read More

When Blackholes backfire…

Mika/ September 15, 2011/ Internet, Odd, Stories

According to our current scientific folklore nothing will ever come out of a black hole, no matter or particles, no light, no information. But black holes in networking  can backfire from time to time. Of course I’m talking about “black-holing” Internet traffic, a strategy often used on backbones to defend against attacks, specifically flooding, DDoS and the like. Here is a little story about black hole routing that actually happened, the involved ISP and the victim will not be disclosed for hopefully obvious reasons: Black Hole Routing The specific case I want to talk about is not the common black hole routing explained nicely by Jeremy Stretch on Packetlife which drops traffic to a victim of a DDoS attack. Instead I focus on the “advanced” version of this: RFC 5635: Remote Triggered Black Hole

Read More

It’s tiem*) again: NAT66

Mika/ August 29, 2010/ Internet, Security

ITT *) : NAT66 (picture unrelated) In this thread we discuss NAT Maybe the picture is related. We all want to have our communications as safe as possible and we choose appropriate security mechanisms to achieve this goal. We follow “Best Current Practices”, recommendations from security experts and we follow traditions in our own organization. And there is an old tradition, maybe too old to get it out of our heads: NAT will add to security. It will not. Full stop. No Discussion. The topic has been closed long ago and there is no need to microwave it and serve it as a quick midnight-snack just because you feel a little bit hungry, just because you have the feeling there is something missing. We are living on a new diet in the IPv6 world.

Read More

Are Hackers Speeding on the Information Highway?

Mika/ August 27, 2010/ High Entropy

(or “Has our Security Crashed?”) I just came back from a discussion with our national CERT and took some thoughts back home: (TL;DR section at the end) I have the impression, that some of our security mechanisms, which seemed so sturdy and and healthy until recently, are turning soft and weak in our hands. The developments in the last few years were definitely on the fast lane, breaking all speed limits and no data-highway patrol was there to stop them from speeding. The traditional approach to define security mechanisms (let’s call them technical controls) doesn’t really seem right to me any more: Raise the bar to a level, where the remaining risk is acceptable for the next “X” years, assuming that technology advances at a certain rate. (Use a reasonable number of years for

Read More

Hole196 debunked?

Mika/ August 1, 2010/ Security

(Warning: some technical details, not suited for the TL;DR type of audience) “WPA2 vulnerability discovered” was a headline that caught my attention for several reasons: Someone detected a security flaw in 802.11 RSNA (vulgo “WPA2”) that slipped Chuck Norris’ attention for 3 years (replace the name with any respected security researcher). It’s from a Best-of-breed, Award-winning, World-market-leader etc… company. Reminds me of the CfP submission we received from Ligatt Security. But maybe (hopefully) I’m wrong. Virtually all results of the search engine you prefer point to a copy&paste of the press release without any details (as of Jul 28th). Is this just a result of our copy&paste journalism? I have the impression, that nobody verified the possibility in detail. For example JJ from “Security Uncorked” writes (although expressing clear doubt about the impact): “Without

Read More