Dealing with Flash Cookies

If you are surfing the web have you ever noticed that sometimes the pop up ads at different web sites all start to look the same? I did. So I began to write down what ads i was seeing at different sites and determined that no., I wasn’t going craz…

If you are surfing the web have you ever noticed that sometimes the
pop up ads at different web sites all start to look the same? I did.
So I began to write down what ads i was seeing at different sites and
determined that no., I wasn’t going crazy. I was seeing the same ads
time after time. Trying to figure out why I learned about flash
cookies.

http://bit.ly/g37uuK (from the Orzeszek Blog)

Flush.app for Mac OS:
http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-os-x/
(from MacHacks.tv)

Good reporting from Wired’s Epicenter clog:
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

Flash Player Help

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_…

Well written article specifically about the use of flash cookies for tracking web users by Dan Tynan for IT World.

http://www.itworld.com/internet/118784/how-murder-a-flash-cookie-zombie

 

How the Gawker hack may impact the future of passwords

Great read. Roman takes a look at the difference between standard practice for authenticating users to a web site and better security practices. Tip of the hat to Cisco Security for tweeting this! http://bit.ly/e1OcbH

Great read. Roman takes a look at the difference between standard
practice for authenticating users to a web site and better security
practices. Tip of the hat to Cisco Security for tweeting this!

http://bit.ly/e1OcbH

Tracking Malware

Next-generation banking malware emerges after Zeus http://www.computerworld.com/s/article/9207940/Next_generation_banking_malwar… Exploit Kits ??? A Different View http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View

Next-generation banking malware emerges after Zeus

http://www.computerworld.com/s/article/9207940/Next_generation_banking_malwar…

Exploit Kits ??? A Different View

http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View

US Cybersecurity Enhancement Act 0f 2010

“Cyber-threats are not on the horizon, they are upon us,” Democratic Senator Robert Menendez, who is introducing the bill, said in a statement on Thursday.http://news.yahoo.com/s/nm/20110210/wr_nm/us_congress_hackers_menendez Here is a pointer to …

“Cyber-threats are not on the horizon, they are upon us,” Democratic Senator Robert Menendez, who is introducing the bill, said in a statement on Thursday.

http://news.yahoo.com/s/nm/20110210/wr_nm/us_congress_hackers_menendez

Here is a pointer to the full text of the Cybersecurity Enhancement Act of 2010

http://www.govtrack.us/congress/bill.xpd?bill=h111-4061

Why Firewalls Don’t Weaken a Website Against Attacks

A couple of days ago SecurityNewsDaily offered an article titled “Firewalls May Weaken Websites Against Attacks” (http://bit.ly/f54HWT ) written by that site’s managing editor Paul Wagenseil. Let me start by saying that SecurityNewsDaily is a good…

A couple of days ago SecurityNewsDaily offered an article titled “Firewalls May Weaken Websites Against Attacks” (http://bit.ly/f54HWT ) written by that site’s managing editor Paul Wagenseil.  Let me start by saying that SecurityNewsDaily is a good site and I look at it almost every work day.  This article discusses Arbor Networks recently released 2010 Infrastructure Security Report and more precisely some guidance in the Arbor report that “placing firewalls – software or physical devices that filter incoming and outgoing Internet traffic – in “front” of Internet-facing servers just creates bottlenecks that make DDoS attacks more efficient.”.  The article goes on to quote someone who I’ve known for a long time; Arbor Networks Roland Dobbins as stating that firewalls are placed in front of servers because “folks” are “programmed” to do that.  Needless to say I don’t agree with this guidance.

I do agree with Roland that network and network security staff are often trained to position firewalls in between server and the Internet.  I think there is good reason for that.  Firewalls are network devices that are designed to examine network traffic; protocols and connections being created, used and torn down between network devices and apply policies to that traffic.  Those policies might be to allow; to deny; to route or rate limit; or to log particular identified connections and or types traffic.  Firewalls are specialized devices that are inserted into those designs to server a specialized function.  Can we do this same type of filtering on an web or application server?  Probably depending on the server operating system.  Should servers have policies to filter traffic?  Definitely.

Roland goes on to make the case against that putting a firewall in front of a server because the firewall becomes the target of a DDoS.  Can this happen?  Yes.  Definitely.  But again using the best practices for managing and monitoring firewalls an typical admin will recognize that DDoS quickly.  Recognizing a DDoS quickly is important because the sooner the conditions are recognized the sooner network staff can work with their upstream providers to try and mitigate the attack.

One of the best documents I’ve read about time proven mitigating DDoS is “Closing the Floodgates: DDoS Mitigatrion Techniques” by Matthew Tanese and published back in 2002-2003.  A more recent (2009) paper, “A Survey of Botnet Technology and Defenses” (http://www.merit.edu/networkresearch/papers/pdf/2009/catch09_botnets_final.pdf) covers newer, cooperative techniques for combating the botnets that generate DDoS traffic.

As DDoS attacks grow more potent it’s not reasonable to think that a server or a firewall alone can stand up to these attacks.  Going forward there is much to learn and do prepare to fight the next generation of DDoS attacks. We’ll need all of tools in order to combat these threats.