By now we’ve all heard that Twitter was offline for a couple of hours today, and that FaceBook was running slowly. The reports are that they both were victims of a Distributed Denial of Service (DDoS) attack.

While this was limited to sites that, admittedly, have little measurable business value, what if it was a business-critical site that was knocked off-line?

Now, stay with me while we take a bit of a leap…

Many small businesses and individuals are moving to “cloud computing”. Working documents are in the “cloud”. Software as a Service (SaaS) is finally starting to take off.

Now, if the “cloud” and SaaS provider that you are using are being hit with a DDoS, what plans do you have for your business?

Lessons for the small business…

1. Know the risks associated with your technological model – in this case “cloud” vs local.
2. Make your DRP/BCP include plans in the event your providers are unavailable.
3. Finally, know what response you will have if your providers never return.

Here’s hoping you have a weekend full of availability!

- Dan

UPDATE: The reports now are that many more sites were affected as a result of targeting ONE user (from cnet.com) !

Twitter hacked by old technique — again by AP: Yahoo! Tech

This article came out yesterday. The short description is that a compromised personal email account led to a compromise at Twitter.

Although the article is written with the focus on Twitter, this can just as easily happen to you and your organization.

Tip: Keep work email and data separate from personal email and data.

We need to constantly remind folks that there needs to be separation between work and personal email and storage. The selling point is that it protects both the employee and the company in the event the other is compromised.

Once again, the weakest link is The Human.

- Dan

Tweet This!

Have you seen this on a website?

Twitter is often called a microblogging platform. I suppose it is. But, it also can be thought of as broadcast SMS (short message service). It’s kind of like text messaging on your cell phone.

I’ve been asked my opinion of using Twitter. What follows is a pseudo-random list of some of my thoughts. Not all of these are InfoSec related, but many of them are…

1. Don’t tweet things like, “I’m heading to the bathroom now”. Who really cares?
2. Twitter helps to foster a false sense of intimacy with others. Just like Facebook, you can follow many people you don’t really know. But by following them you get an idea of who they are the things they do or care about. This is a false intimacy.
3. Remember, everything you put on Twitter is searchable. The standard tweets are not private. Anyone can find what you tweet.
4. Many of your followers are bots. Put some popular words in a post – try “Obama” or “democrat” or “Rush” – in a post and watch the new followers. Many of these will be bots, not real people.
5. Don’t use your email address in a post. There are folks who have programs running that harvest these email addresses for the purpose of sending spam and phishing email.
6. Be aware of the picture you are painting with your tweets. I follow some folks who tweet about where they are at the moment, talk about their kids and activities, mention where they work, etc. By filtering out only their posts, I can put together a pretty accurate picture of their lives and loved ones. Not good… especially if a Bad Guy is gathering info.
7. If you hope to get your tweets re-tweeted, limit your tweet length to no more than 120 characters. This gives the re-tweeter room to add their own information.
8. Watch out for link spam. Don’t click on every link you seen in tweets from people you don’t really know.
9. Spend some time looking at current thoughts and trends on Twitter. Get an idea of how others are using it and why they are using it. If you want to use Twitter for your non-profit, research how other non-profits are using it. You will get some good ideas!
10. Realize that by default, anyone can follow you. If you don’t want someone to follow, you can block them.
11. Don’t share personally identifiable information – phone numbers, addresses, etc – in posts.
12. Use “Protect my updates” on your Twitter account page if you don’t want your posts to be on the public timeline.
13. Understand that you will see inappropriate words and language as you view the public timeline, and also from many folks you choose to follow.
14. There is a lot of noise. Your important broadcast message can get lost in the meaningless drivel. If expect someone to follow you for critical notifications, you need to keep in mind that if they follow more than just a few other folks, they will be swamped with tweets and most likely will miss your critical update.
15. If including URL’s, use a URL shortening service, like bit.ly, to shorten the URL. Bit.ly also provides some capabilities for gathering metrics about each shortened URL and the number of clicks on it.

And yes, I do Twitter. Here’s the link to me.

- Dan

Update: A friend suggested some other “use” types of thoughts that he would like to see on this list. Here they are…

1. Even though bots will follow, you need to remember that there are also real people. (This balances #4 above.)
2. Twitter can be used to host real-time chats, often bringing together opposing views on a common topic. The Tuesday evening #agchat discussions are an example of this.
3. The global search capabilities can be used to find like-minded people and foster on-line relationships.
4. Creative uses for Twitter, and other social networks, are up to the users. Twitter is medium. The message is up to you.
5. Finally, it is not unusual to have followers, or for you to follow, people with wildly divergent views. Use Twitter can be used to get your message out to folks who might not normally listen.

Happy Twitter-ing!

If you are interested in a real-world botnet analysis, take a look at the work being done with Torpig at UC Santa Barbara.

Taking over the Torpig botnet

This botnet is used for the normal activities of harvesting sensitive information from computers that are controlled. Using Domain Flux, the botnet generates lists of servers for drive-by spreading by using information from Twitter trends. Pretty clever.

If you are interested in the details, be sure to download The Report.

Thanks to my bro, Steve for pointing this project out to me.

- Dan