UK Governement, getting digital on the digital

So the UK digital super highway is erm, slow to say the least. People dont get the speeds advertised, not everyone can get broadband, and lets face it who can be doing with 56k anyway.

Now its all going to change, the government have published the Digital Britian report and apparently the future is shiny, with blue flashing lights.

I have to admit I have not read it all yet, its 245 pages but here are the highlights as published elsewhere.

The main points outlined in the report include:

• a three year plan to boost digital participation

• universal access to broadband by 2012

• fund to invest in next generation broadband

• digital radio upgrade by 2015

• liberalisation of 3G spectrum

• legal and regulatory attack on digital piracy

• support for public service content partnerships

• changed role for Channel 4

• consultation on how to fund local, national and regional news

Not surprisingly there will be a tax :) Apparently something like an additional 50p will be charged each month to those with a landline to help pay for all this.

I wont go into my political government rant mode, but we always seem to get taxed more and more, we are supposed to be on a downturn, and we are all struggling for cash. Perhaps we could not do up some MP’s kitchens to help pay for Britians World Class Digital future.

Heres a link to the report, enjoy :) PDF Digital Britian.

June 16, 2009 | No Comments »

Honeypotting with Nepenthes

Thanks to my good InfoSec buddy Andrew Waite of InfoSanity, he prompted me to have a play with Nepenthes (Honeypot?).
So I setup a Debian VM and popped into a DMZ and went about installing Nepenthes.

Debian took about 20 mins to install (I took the minimal download updates as it installs option), then I went with the precompiled / built option.
Again this was straight forward and was up and running in no time. Had some issues getting Nepenthes running after a reboot and finding the appropriate config files (Andrew to the rescue again).

Anyway once up and running, 9 mins passed (I thought it would be less) I am already getting activity. I got hit with W32.spybot.worm and W32.virut.h. I searched the hashes on Virus Total, so they were nothing new, but you will see Andrew has found some interesting results, but hes had it running a fair while. You can see whats going on by reviewing the log files, and looking at the binaries (viruses) that have been intercepted

Great to have a mess around and see how these things work, and just prove it doesnt take long after connecting to the Internet to get owned :)
I think there is also value to deploying a honeypot within your corporate environment as another layer of detection to identify internal Malware floating about.

For those who are Linux adverse there are some Windows Honeypots like HoneyBOT, I have not tried these myself, but it might be worth a look.

What is Nepenthes?

Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilties worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular. There are module interface to

  • resolve dns asynchronous
  • emulate vulnerabilities
  • download files
  • submit the downloaded files
  • trigger events (sounds abstract and it is abstract but is still quite useful)
  • shellcode handler
| 1 Comment »