Lesestoff: Ron Deibert
Completed: Maintenance work on Tuesday, Sep. 30th, 2014
Wir leben nicht nur in einer technisch interessanten Zeit, sondern auch die gesellschaftliche Diskussion rund um Geheimdienste, Privatsphäre, Verschlüsselung, 0-Days bis hin zu "Cyberwar" ist für die Zukunft des Internets sehr relevant.
Dazu wird viel geschrieben und publiziert, ich will hier auf einen aktuellen Artikel von Ron Deibert
hinweisen, weil er auch die Rolle der CERTs in diesem Kontext anspricht:
There are international implications of the cyber security syndrome. Top-down, secretive approaches breed vicious cycles of mutual suspicion and hostility that stifle numerous forms of lower level cooperation. Consider the deleterious impact on the information sharing practices of national-level computer emergency response teams (CERTs). In an ideal world, CERTS are entirely apolitical and operate as early-warning systems that share network threat information with each other seamlessly. But as Asia Pacific CERT coordinator Yuri Ito explained at the 2013 Bali IGF, the growing influences of national security agencies and the rivalries and suspicion they engender have eaten into the system of international trust and cooperation. If CERTs are seen as "instruments of state competition," says Ito, "it can become very hard to share information." Jeopardizing the integrity of CERTs in this way -- the frontline sensors for computer security threats worldwide -- is a clear indication that we are down the wrong path.
Ich kann nur empfehlen, den ganzen Text
Author: Otmar Lendl
Elastic Search being hacked automatically today
Because of required changes in our firewall infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Tuesday, September 30th, 2014, starting at about 9am CEST. An "emergency" website with restricted functionality will be made available.
In urgent cases please contact us by telephone: +43 1 505 64 16 78.
We will update this post once the work is completed.Update
: work was completed at around 10am; overall outage was about 15 minutes.
Author: Robert Waldner
Transforming JSON to CSV
At the moment we are seeing a lot of automatic scanning and hacking of Elastic Search installations worldwide. Â Please make sure that port 9200 is locked down in case you run ES.IOCs:
- C&C IP address: Â 126.96.36.199 Â (China)
- C&C Port:Â 10991
- AV analysis:
Avast: ELF:Elknot-H [Trj]
VIPRE: Backdoor.Linux.Elknot.f (v)
Scanned: 2014-07-09 00:47:38 - 53 scans - 9 detections (16.0%)
- Analysis of similar malware:Â http://blog.malwaremustdie.org/2014/05/linux-reversing-is-fun-toying-with-elf.htmlÂ
Author: L. Aaron Kaplan
<< Previous Next >>
CERTs are all about processing information security notifications. Most of the time, these arrive in the form of CSV files. However, occasionally we do get some JSON data. While CSV is line oriented, JSON allows for more complex structures (arrays, objects, objects in objects, etc.)
So how to you easily transform complex JSON structures to CSV? Most programmers would look at the specific JSON format and start writing a converter. However, there is a smarter way: JQ
JQ is a JSON filter / transform mechanism.
To quote JQ's homepage: "A jq program is a 'filter': it takes an input, and produces an output. There are a lot of builtin filters for extracting a particular field of an object, or converting a number to a string, or various other standard tasks."
In short: JQ is like awk and xargs for JSON. Mightly practical stuff!
Author: L. Aaron Kaplan