Lost+Found: Proxies, job hunting, NSA, rootkits and BitTorrent
Too short for news, too good to lose; Lost+Found is a round up of useful security information. Today: Voluble web proxies, job-hunting bot herders, NSA document reloaded, spread of Alureon rootkit, and BitTorrent and Tor.
- If you use anonymous web proxies on the web, for example, to get around company firewall restrictions, you should assume that the proxy's operator can see where you're surfing. Incorrect configuration of web proxy Glype can even allow unauthorised users to access log files containing connection data.
- The bot herders behind the Spanish Mariposa botnet, who were arrested last year, have now apparently applied for jobs at anti-virus software company Panda Software – who declined their services.
- Brian Krebs has dug up an unpublished 600 page National Security Agency document from 2004 which deals with various aspects of defending against attacks on networks. Krebs finds it remarkable how relevant the requirements and techniques described remain six years later.
- Microsoft has published analysis of the spread of the Alureon rootkit, which causes the Blue Screen of Death. English-language versions of Windows XP SP3 were particularly affected.
- The Tor development team has pointed out implementation errors in a range of Torrent clients which undermine efforts to use BitTorrent anonymously. The article was prompted by a study by French researchers.