Azure is Microsoft’s big foray into Cloud Computing, and it is worth paying attention to not because it is novel, but that it leverages the Windows ecosystem and programmers. People will go to AWS or Rack Space because those systems exist already, making Azure a critical must win or at least get decent market share to be considered successful. One of the earliest issues I had with Azure was the lack of open source support for PHP and other systems. The release of language specific SDK’s for PHP, Ruby, Java and Eclipse helps provide support for those companies that have made the investment in something other than dot net.

The SDK’s are libraries that help programs and the back end support services of Azure work with many of the queuing, database, and blob management that happens when dealing with SOAP, REST and some XML files. The image above is from the Microsoft site that specifically discusses how the SDK’s help programmers call and use Azure services from within PHP and other systems code. The site also describes interoperability with Python, but there is no visible SDK for Python on the web site.

The good part is that Microsoft is trying, and while there are some issues in the error reporting process on how to compile in support for the PHP.INI file, and how to modify the file for the build process in Visual Studio this is going to end up being a good thing for interoperability between the various cloud and internal services to a company. There is good consistent support and data on the codeplex.com web site for many of the SDK’s and how to use them. There is also a bug and issue tracker on the site to help the community work out how to prioritize the issues so that the more important ones get fixed quicker. This is not a bad start, and while you still cannot get a Linux OS, you can at least use PHP, Java, and Ruby if you use the SDK’s they provide.

Comments

This shows that cyber warfare is not just for nation states, two underground or unauthorized gaming services in China used a DDOS attack against the national DNS system (DNSPod) as a way to disrupt game play and attract more players to the competing services. Rather than actually going out to get more members, the DNS DDOS attack ended up causing a chain reaction failure of the national DNS infrastructure.

According to the ministry, the motive for the attack was fierce business competition between unauthorized online gaming service providers, which attracted gamers from official providers with less limited and free access. In order to sabotage other “competitors”, the suspects launched the attack against DNSPod, which provides access to some of those unauthorized gaming sites. Source: China.org

Dark reading reports that:

Internet users in more than 20 provinces were affected on May 19, the ministry said. It was described as the “worst Internet incident in China” since an earthquake damaged undersea cables near Taiwan on Dec. 26, 2006. Internet access returned to normal several hours later. But the incident caused widespread calls in China for increasing safety measures of Internet, according to the report. Source: Dark Reading

The interesting part is that this is one of the few occasions that commercial interests ended up being the reason that four Chinese nationals are in jail facing charges of hacking in china. Under China’s new hacking laws, the defendants can face upwards of 7 years in jail for the DDOS attack. The motive was completion and it is not unusual for competitors to get hostile about content, and people who are coming along to visit a service.

What makes this interesting was the cascade failure of the DNS system in china, something that many DNS systems have inside corporations. We rely on one primary DNS server that can be easily overwhelmed by a sustained DDOS attack. Hit enough of those servers and you will cause a degrading cascade to the DNS service, while maybe not as wide spread as the events in china, this is still something to think about in cyber warfare. You go against the weakest target in the link, and often times it will be the DNS system that gets hit first on a national level.

While the recent use of DNSSEC at the national level via ICANN is good, it would be interesting to see if anyone is going to stress test this system so that angry gamers can’t take down the system. There are already incidents of DDOS attacks on the Xbox live network via a Man in the Middle attack (does not involve DNS), with the proliferation of botnets, it would be very bad if the Sony, Xbox, and other online game networks could have the same thing happen to them because of a few angry gamers.

Comments

Much like RIAA, MPAA, BSA, and a host of other groups or companies that are busy trying to enforce their copyright on the software they make malware writers have been trying to do the same thing. The humor part is that in following the examples of RIAA, MPAA et al, they are leaving off as flame wars for a simple reskin and adding of some additional exploits. With money as a motive, these malware kits are in their own right becoming multi-purpose hacking tools, of value not just to the information security community, but to the money motive of hackers as well.

Where there is money to be made, contention is going to happen. The good part on this is it is not like the hackers have an arsenal of lawyers standing by to enforce Intellectual Property Rights, they probably have something grimmer in the longer run.

monitoring ongoing communications between sellers and buyers reveals actual attempts of intellectual property enforcement in the form of exchange of flames between an author of a original kit, and a newly born author who seems to have copied over 80% of his source code, changed the layout, re-branded it, added several more exploits and started pitching it as the most exclusive kit there is available in the underground marketplace. Source: Ddanchev

Web hacker kits are big business; they can rent them, charge off on the development time, and otherwise truly emulate the full software process. There is time and energy involved in making these, often with a profit as a motive. Since you can still rent a bot net, buy and sell credit card information, or otherwise use the information you get to make money, it is no surprise that the hacker underground is looking like computer software in the 1980′s, where burning and ripping were part of the game.

What will be even more interesting is what forms of DRM or other rights management, obfuscation, encryption of the code base, or other techniques that hacker kit developers will use to keep their products more secure. If anything this will help develop a legion of hackers who understand they need to break the DRM system first, then go and redo the hacker kit. The war between hacker software groups and folks who break that software to do something else is turning into the biggest playground of them all. Hackers are focused on each other trying to make tools that work for them, then rebranding them and sending them out on the internet. The part that should be grabbing everyone’s attention is the idea of Intellectual Property enforcement amongst hackers.

If someone installs something on your computer that is controlled by DRM, it will be harder for the AV companies, and users to find, and remove this kind of software. While it is unlikely that click wrap EULA’s will ever accompany the end portion of the malware kit, the process is following what the software development systems looked like in the 1980′s and 1990′s. DRM in addition to encryption is just going to make the AV companies work harder, but expect to see this bit coming along as malware writers get more frustrated with their users “ripping off their stuff”.

Comments