Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Light Weekend Readings SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Light Weekend Readings

Good afternoon everyone.  As it is such a nice day here, I have taken my laptop and the MotoQ outside and caught up on some light reading  and got a bit of sunshine as well.   There are a couple of items that I feel might be useful to InfoSec professionals to read.


1)  RBN `Rizing' -  The Shadowserver Foundation released a whitepaper about some research they have been conducting involving the Russian Business Network and associated entities.  From the information in this technical paper, it appears that many of the old cyber crimes have moved to the Abdallah InternetHizmetleri network and its network blocks.  From the information provided, it may be to block this network or at least closely watch for activity involving these particular IPs.


2) Phreaking Article -  Wired had an article come out this week that discusses the underworld of Phreaking which is alive and well.  The article discusses an underage hacker who is being targetted by FBI investigation for attacks against other Phreakers and swatting other individuals.  This article makes me wonder what type of preemptive training or defenses we need for our organizations for this type of activity.  No direct conclusions from this article, but would be a good thing to discuss within your organization.  I would hate to have an investigation where the forensic evidence is almost completely based on a caller-id that has been adjusted by a internal attacker/phreaker. Am I ready to stake my professional reputation on the basis of something which might have been tampered?


While thinking about the underground of phreaking, it reminded me that there is another cyber culture that there hasn't been significant discussion about security or legal or liability issues.  This cyber culture is the world of Second Life.  Anyone know of any articles or white papers discussing the security or privacy implications of SL use in any environment (corporate, home, or educational?)  For those that don't know, Second Life is a 3D virtual world where users can socialize, network, give concerts, and create any number of things.  As with any cyber culture, there are elements who attempt to attack the things others are trying to build and generally be a nuisance.  Outside of the attacks against in-world islands and avatars, i haven't played with SecondLife enough to decide what other types of activity may be harming our respective networks.



189 Posts
ISC Handler
Mar 2nd 2008

Sign Up for Free or Log In to start participating in the conversation!