Firesheep lit a figurative fire under the feet of folks who otherwise weren't concerned with the security of their data as it passes to and fro over a WiFi network in a public place. That's good. You're at risk whenever you use WiFi on a public network, but thankfully it's never been easier or cheaper to secure yourself thoroughly.

Firesheep's threat is that it allows anyone with a Firefox browser to hijack the sessions of anyone on the same network using a few dozen popular content, commerce, and social-networking sites by snarfing cookies that pass in the clear. But Firesheep is only the easiest to use of a series of freely available tools that can extract and record data passing openly over networks. The only way to defeat all of them is to secure all the connections over which you pass anything personal, financial, or confidential.

The Federal Bureau of Investigation is targeting a Texas-based computer network that the government thinks was hijacked for the Anonymous group's Operation: Payback DDoS attack on PayPal.

"As part of the process of identifying the computer system that I seek to search, I may be forced to check each system belonging to the target customer until I have determined that it is the computer to be searched," the author of the FBI's Affidavit in Support of a Search Warrant of the facility explains.

The FBI's request was obtained by The Smoking Gun news site. It comes following Anonymous or 4chan's attempt to bring down various financial service companies that refused to do business with Wikileaks, most notably PayPal and the Swiss bank PostFinance.

OpenBSD project leader Theo de Raadt disclosed an e-mail earlier this month in which former NETSEC CTO Gregory Perry claimed that his company was paid by the FBI to plant a "backdoor" in the OpenBSD IPSEC stack. The allegations led to a thorough code review and historical analysis of the relevant code.

In a follow-up e-mail published this week, de Raadt outlined his current perspective on the controversy and his interpretation of the findings that have emerged from the ongoing code audit. Reviews are being conducted on the history and provenance of code in the IPSEC stack as well as the current implementation. Reviewers have uncovered several bugs that could have security implications, but the nature of the bugs suggests that they were not intentional, nor were they intended to facilitate a backdoor.

In an e-mail sent to BSD project leader Theo de Raadt, former NETSEC CTO Gregory Perry has claimed that NETSEC developers helped the FBI plant "a number of backdoors" in the OpenBSD cryptographic framework approximately a decade ago.

Perry says that his nondisclosure agreement with the FBI has expired, allowing him to finally bring the issue to the attention of OpenBSD developers. Perry also suggests that knowledge of the FBI's backdoors played a role in DARPA's decision to withdraw millions of dollars of grant funding from OpenBSD in 2003.

Ads served by DoubleClick (Google) and MSN (Microsoft) were distributing drive-by malware last week after attackers were able to trick the networks using a ploy from the phishers' playbook: they masqueraded as a legitimate advertising provider by using a domain name that looked the same as the provider's.

AdShuffle.com is a legitimate company selling ads to various ad networks, including DoubleClick and MSN. AdShufffle.com—three fs—is not, but it looks close enough to AdShuffle.com that the networks were tricked. These banner ads attempted to use a range of exploits (two Internet Explorer, one Java, and four Adobe Reader flaws—all which are currently patched), to install the HDD Plus malware. HDD Plus is bogus disk diagnostic software; it warns of impending failures, and says that to avoid trouble you should buy the full version.

Analysis of the attacks suggests that various obfuscation techniques were used to disguise the exploitation, and that as a result, antivirus software was having a hard time detecting and trapping the attacks. The offending ads have been pulled by the networks in question, but the people behind the attack have registered more domains and similar attempts are likely to occur in the future.

Phishing attacks aimed directly at end-users have long used this kind of look-alike URL to trick users into trusting content that they shouldn't, and typo-squatting, relying on users misspelling URLs when they type them into their browser, is a long-standing phenomenon. Clearly these techniques work, but it's a little disappointing that the gatekeepers at both DoubleClick and MSN fell for the same trick. The broad reach of these advertising networks means that exposure to the bad ads may have been significant, though neither network has disclosed exactly how many people were exposed to the ads in question.

In addition to exposing human flaws, the attacks show that the automated procedures used by the networks aren't good enough; though the networks do claim to have malware filtering that detected the malware in question, this was not sufficient to prevent real-world exploitation.

This is not the first time that a company has been tricked into running malicious ads; last year, the New York Times' Digital Advertising department ran Vonage ads that included drive-by malware. Tricking an advertising network like DoubleClick and MSN allows for even more widespread distribution, making it likely that other networks will be similarly targeted—indeed, they may have been targeted already.

Read the comments on this post

Not so long ago, we reported on a paper that purported to blow a hole in quantum key distribution (QKD) systems. Now, researchers at Toshiba have struck back with findings that show that the attack doesn't really work. To which the original authors have replied, "Well, it depends."

The Wikileaks website migrated to Amazon's cloud hosting service yesterday after being hit by a distributed denial of service (DDoS) attack. Amazon decided to discontinue serving the controversial website this morning in response to pressure from critics, including prominent members of Congress.

Wikileaks has received significant attention over the past week after publishing thousands of confidential diplomatic cables between the US State Department and embassies around the world. The documents, a portion of which are classified, expose US intelligence gathering efforts and details about sensitive foreign policy issues. The response from various US government officials has ranged from panic to outrage.

A DDoS attack launched against Wikileaks overwhelmed the site's Swedish hosting provider, forcing them to seek alternatives. The DDoS, which reportedly generated approximately 10 gigabits per second of bogus traffic, is thought to have been orchestrated with a botnet. A hacker calling himself "Jester" has claimed responsibility for the takedown.

Senator Joe Lieberman (I-CT), chairman of the Homeland Security and Governmental Affairs Committee, was among the congressmen who pressured Amazon to stop hosting Wikileaks. He told AFP this morning that he plans to question Amazon about its relationship with Wikileaks.

"WikiLeaks' illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world," he told AFP. "No responsible company—whether American or foreign—should assist WikiLeaks in its efforts to disseminate these stolen materials."

The site was down briefly after being ejected from Amazon, but is back up and once again running on the servers of Bahnhof, its previous Swedish hosting provider.

Read the comments on this post