FBI: Silk Road mastermind couldn’t even keep himself anonymous online

What will get you in the end is sloppy opsec. Short for operations security, it encompasses a sprawling list of disciplines, including keeping PCs free of malware, encrypting e-mail and other communications, and placing an impenetrable firewall between public and personal identities.

The latest high-profile criminal defendant to get a first-hand lesson in the perils of poor opsec is Ross William Ulbricht. The 29-year-old Texan was arrested on Tuesday on allegations he was the kingpin behind Silk Road, an online drug bazaar prosecutors said arranged more than $1 billion in sales of heroin and other illicit substances to hundreds of thousands of buyers. A 39-page complaint alleges that he was known as "Dread Pirate Roberts" in Silk Road forums. An FBI agent went on to say Ulbricht controlled every aspect of the site, including crucial server infrastructure and programming code that used the Tor anonymity service and Bitcoin digital currency to conceal the identities of operators, sellers, and buyers.

Despite the elaborate technical underpinnings, however, the complaint portrays Ulbricht as a drug lord who made rookie mistakes. In an October 11, 2011 posting to a Bitcoin Talk forum, for instance, a user called "altoid" advertised he was looking for an "IT pro in the Bitcoin community" to work in a venture-backed startup. The post directed applicants to send responses to "rossulbricht at gmail dot com." It came about nine months after two previous posts—also made by a user, "altoid," to shroomery.org and Bitcoin Talk—were among the first to advertise a hidden Tor service that operated as a kind of "anonymous amazon.com." Both of the earlier posts referenced silkroad420.wordpress.com.

Read 6 remaining paragraphs | Comments


    






Cisco Releases Security Advisory for Cisco IOS XR

Original release date: October 02, 2013

Cisco has released a security advisory to address a vulnerability in Cisco IOS XR Software version 4.3.1. If successful, this exploitation could result in complete packet memory exhaustion, rendering critical services on the affected device unable to allocate packets, resulting in a denial of service (DoS) condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates or workarounds to help mitigate the risk.


This product is provided subject to this Notification and this Privacy & Use policy.


Book Review: Delivering enterprise architecture with TOGAF and ArchiMate

Delivering enterprise architecture with TOGAF® and ArchiMate® (english version)I wanted to share with all of you a great learning resource if you're interested and understanding the  Enterprise Architecture modeling notation called ArchiMate. If you follow my blog you have seen me talk about ArchiMate in the past as the “go to” standard for EA’s. But I have also warned EA’s about taking these notations too far with my latest post entitled, “Don’t Get Caught Up In The Architecture Modeling Debate”.

I would like to provide you with a link to a book that I think is worth while looking at. It’s called, Delivering enterprise architecture with TOGAF and ArchiMate

Full disclosure, I did an early review of the book and wrote the forward for it.

However, I believe the book was written by the authority for ArchiMate, the Chair of the ArchiMate forum within the Open Group. Based on that and other facts I feel very comfortable endorsing this book.

Personally, I believe ArchiMate is extremely well-suited for enterprise architects and their modeling needs. It provides the right level of semantics for engaging at the level of abstraction that enterprise architects typically work at. But again, this is a tool used by and for EA’s not all stakeholders.

 

This book will help you in these two primary ways:

  1. General Purpose Learning Aid
    1. Scenarios. What really sets this book apart from other books is that it takes a set of scenarios and applies it to the ArchiMate body of knowledge. 
    2. TOGAF as the Method. Most of us know TOGAF, which means we should be able to relate to the concepts illustrated. In my opinion this is a very helpful learning aid and will be immediately relatable to your current work.
  2. EA Practice Accelerator. This book can also serve as a accelerator to our current architectural work. Given all the rich models and tie back to TOGAF we can continuously go back to map the things we do as EAs to the illustrations shown in the book. It’s like a handbook of sorts.

 

Below is a link to the book and some other supplemental resources.

Slideshare Presentation

Spammers Take Advantage of US Government Shutdown

The latest news making headlines around the world is about the partial shutdown of the US government, which failed to agree on a new budget. Ever quick to take advantage of a situation, cybercriminals have begun to send various spam messages related to the government shutdown. These spam messages have started flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the included URL will automatically redirect the user to a website containing a bogus offer.

US_Gov_Spam.png

Figure 1. US government shutdown themed spam email

In the messages Symantec has observed, the spammers are using a random email header, which may be an attempt to evade antispam filters. Some of the headers used in this latest spam campaign can be easily recognized:

  • Subject: Half-off our autos for each day the US Govt is shut down
  • Subject: Get half off MSRP on new autos for each day of govt. shut down

The following pattern was observed in the links contained in the spam emails:

  • [DOMAIN NAME]/[RANDOM CHARACTERS]govt-shut[RANDOM DIGITS]do.wn_event[RANDOM DIGITS]

Symantec advises users to be cautious when handling unsolicited or unexpected emails. Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.