AVG 2011 – Surf Shield Bug – avg_ls_dom.js

Recently I faced issues loading webpages in Chrome. Many websites failed to load including my Blog. Websites that have a lot of java scripts especially Adsense units (Image and Text) took a lot of time to load. I tested the page elements load time with firefox browser with firebug and Google Page speed addon and found a mysterious Java Script ‘/A2EB891D63C8/avg_ls_dom.js’

It looks like the problem is due to Surf Shield a part of Link Scanner module of AVG 2011. "AVG Surf-Shield actively checks web pages in real-time every time you click a link or enter a web address directly into your browser". This is done by adding a script element to the very beginning of every HTML page rendered inside the browser. This element loads a local JavaScript file called ‘avg_ls_dom.js’.

The script is injected in a non-standard way, right after the document definition and outside of the <head> element, where such resources are normally defined. This technique is most likely used to ensure that avg_ls_dom.js is loaded before any other script possibly injected by attackers into the original page. The JavaScript code inside the file is supposed to create a buffer with the content of the page and submit it via POST to another relative URL called /CC0227228D62/CheckData.

httpRequest.open("POST", "/CC0227228D62/CheckData", false);
httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
httpRequest.send(params);

This request should again be intercepted by the AVG module, which should inspect the code and give the go-ahead to display the page or tell the script to throw an error instead. However, it seems that a bug causes the proxy-like component to let requests through and get sent to the server from where the page was loaded.

Once I disabled the Surf Shield option in Link Scanner the issue got resolved.

Ref: http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml

Share

Stuxnet – The New Generation Control Systems Computer Worm

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes. (Ref: Wikipedia)

It is the first-ever computer worm to include a PLC rootkit.It is also believed to be the first worm to target critical industrial infrastructure. Furthermore the worm’s probable target has been said to have been high value infrastructures in Iran using Siemens control systems. It has also been said that the infestation by this worm might have delayed the start up of Iran’s Bushehr nuclear power plant. (Ref: Wikipedia)

As of end September 2010 the virus has widely affected Iran, Indonesia and India (Source: Stuxnet Under the Microscope)

image

(Image Source: Stuxnet Under the Microscope)

A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail.

With its ability to attack industrial control systems, Stuxnet is the first computer virus that causes real-life harm.

Being a control systems professional I can imagine how much damage these little piece of software can create. It is beyond the imagination of Hollywood movies. With its ability to modify the engineering done in Control or Safety systems it can defeat the very purpose it was built for by turning the Plant to a potential weapon of Mass Destruction (WMD). The disaster may not be a boom & fire as shown in movies. A poisonous gas leak or nuclear spill can be more dangerous, Bhopal Gas tragedy an example of it. Oops! this is more threatening than the Google Threat discussed in my earlier blog. And yes, there are new themes available for Die Hard, War Games, Enemy of State, Eagle Eye……

This also calls for nations to strengthen their Cyber Security. And soon cyber security will become a multi bullion dollar industry, multiple times its current volume. I feel the control systems should move back to proprietary operating systems. Gone are the days when these systems were designed and considered to be more secure. With these systems getting more open day by day with insecure implementation of Microsoft dominated OPC (OLE for Process Control) and integration with upper level solutions like ERP the probability of risk is even higher. The strength of the chain is as strong as the weakest link. With new versions of Windows coming up there has been no increased security. A better solution may be to design Windows operating systems catering to automation platforms.

While it is being claimed that there is remedy for Stuxnet, we really need to wait and see if it is yet to unfold. While this worm has been discovered for Siemens systems and if it is true that it is a nation state sponsored project there are many to come targeting all platforms taking a nation’s defense and economy to its control.

Share

The Google Threat

image

If you have watched movies like Die Hard 4.0 or War Games you can potentially know how much can be done with information on centralized systems. Though the themes of these movies are fiction, reality is quite close or even worse.

Consider the amount of information Google has. They have an awful lot of data. They record everything. They have your IP address, your search requests, the contents of every e-mail you’ve ever sent or received. They know the news you read, the places you go.  They’re even collecting real-time GPS location and DNS look-ups. They cache web pages, have history of pages that don’t even exist currently. They know who you friends are, where you live, where you work, where you are spending your free time. They know about your health, your love life, your political leanings. ‘They even know what you are thinking about’ – quotes Marlinspike

While it is being claimed that IP addresses is kept for 18 months and anonymized immediately, privacy experts have alleged that even with anonymized user data, where bits of the IP address are changed or deleted, it is still relatively easy to correlate those addresses with user cookies to get a lock on a search engine query author’s identity.

I was myself surprised to see that Google web history not only records what I search but also what I browse. With it wide rage of services and rising popularity Google will be set to have more information about the whole world than sum of other organizations put together. While Google is an organization people trust, security of its systems especially from Chinese hackers is a big question?

Ref: http://www.zdnet.com/blog/security/google-even-knows-what-youre-thinking/6291

 

Share

India’s gateway to Internet

During a casual discussion with friends I was imagining how Governments are able to block web content. During my visits to countries abroad I was frequented by government notifications stating the site visited is banned (worse was that even Google apps was banned), but not such a single website was showing such notification in India. Curious to know I googled it to find such ones.

Indeed Government of India has its own short list of banned sites with its 13th July 2006 circular.

  1. http://www.soniamaino.com/ not working since Aug 25, 2006
  2. http://www.hinduunity.org
  3. http://mypetjawa.mu.nu
  4. http://pajamaeditors.blogspot.com
  5. http://exposingtheleft.blogspot.com
  6. http://thepiratescove.us
  7. http://commonfolkcommonsense.blogspot.com
  8. http://bamapachyderm.com
  9. http://princesskimberley.blogspot.com
  10. http://merrimusings.typepad.com
  11. http://mackers-world.com
  12. http://www.dalitstan.org
  13. http://hinduhumanrights.org/hindufocus.html
  14. http://nndh.com http://bloodroyaltriped.com
  15. http://imagessearchyahoo.com (should probably be http://image.search.yahoo.com)
  16. http://imamali8.com
  17. http://rahulyadav.com

These websites could not be accessed but however no notifications came up. The following message came up on a chrome browser.

image

It seems the system of blocking is not without loop holes. The cached copy of page from Google gives latest updates of the website. One such blog with banned in India can be seen below.

image

I was also curious to know how internet is brought to India and how many gateways the Government should control to censor web content. While I imagined several gateways there are only  eight gateways (called landing stations) that connects India to the world of internet.

  

  1. SMW3w : Stands for  South East Asia – Middle East – Western Europe this cable connects Western Europe, Middle East and South east Asia. There are a total of 39 landing points through the cable’s journey and it touches India at Mumbai first and connects the rest of Asia through Cochin. The landing station in Mumbai is owned by VSNL/Tata.
  2. SMW4 : Stands for South East Asia – Middle East – Western Europe, this cable connects Western Europe, Middle East and South east Asia. It has around 17 landing points and touches India in Mumbai and Chennai. Landing station in Mumbai is owned by VSNL/Tata and landing station in Chennai is owned by Bharti Airtel.
  3. SAFE : South Africa Far East Cable. This cable comes from Melkbossstrand in South Africa, linking Durban, Mauritius on the way to Cochin, India. Landing station in Cochin is owned by VSNL/Tata.
  4. FLAG : Stands for Fiber Optic Link Around the Globe. This cable runs through the Suez canal connecting middle east and touches India at Mumbai. The cable network is owned by FLAG Telecom which is bought by Reliance and is now a Reliance company. The landing station in Mumbai is owned by VSNL/Tata. From Mumbai the cable goes to  south east Asia.
  5. i2i : Airtel SIngtel joint venture company is responsible for this 3100 km long cable from Singapore to Chennai. The landing station is in Chennai. From Singapore it will connect to SEA-ME-WE 3 and APCN 2.
  6. TIC : Following the same route as i2i, TIC stands for  Tata Indicom India Singapore Cable. It  connects Chennai and Singapore. TIC is owned by VSNL with the landing station in Chennai. In Singapore the landing station is in Changi.  The cable is 3175 km long.
  7. Falcon : Europe-Middle East- India cable with landing station in Mumbai. The cable and the landing station is owned by Reliance.
  8. Indo-Sri Lanka Cable : Landing station is owned by BSNL and this cable connects Tuticorin and Colombo, Sri Lanka.

image

and finally some stats

Note: The contents of this article are from various web sources. I have not done any research to verify the correctness of the information presented.

Share