Some of my favorite sessions from Microsoft’s Ignite Conference (Mark Russinovich & Paula Januszkiewicz)

Malware Hunting with Sysinternals Tools
Date: May 6, 2015 from 5:00PM to 6:15PM Day 3 Arie Crown Theater BRK3319
Speakers: Mark Russinovich

Adventures in Underland: What Your System Stores on the Disk without Telling You
Date: May 8, 2015 from 12:30PM to 1:45PM Day 5 E450 BRK3320
Speakers: Paula Januszkiewicz

Recalling Windows Memories: A Useful Guide to Retrieving and Analyzing Memory Content
Date: May 8, 2015 from 9:00AM to 10:15AM Day 5 S102 BRK2342
Speakers: Paula Januszkiewicz

Hidden Talents: Things Administrators Never Expect from Their Users Regarding Security
Date: May 7, 2015 from 3:15PM to 4:30PM Day 4 N231 BRK3323
Speakers: Paula Januszkiewicz

The Ultimate Hardening Guide: What to Do to Make Hackers Pick Someone Else
Date: May 7, 2015 from 10:45AM to 12:00PM Day 4 S503 BRK3343
Speakers: Paula Januszkiewicz

Hackers Bring Down D.C Government Websites

Hackers launched a DoS denial of service attack on D.C. government websites today, clogging the system with a flurry of requests so that it operates extremely slow or is impossible to load.

“The District government has detected an attempted intrusion into it’s technology infrastructure system,” the D.C. Department of Homeland Security and Emergency Management said in an email to specified recipients around noon.

A DDOS or Distributed Denial of Service is one attack that is very difficult to thwart. Often a website can be brought down by attackers using many computers to send a synchronized flurry of requests toward specific ip addresses. “These attacks are not very difficult to construct and rely more on having a bevy of attacking machines under control at once, often Botnets are used to carry out these Denial of Service attacks.” Often, the only defense against these attacks is to simply throw more bandwidth at the problem. Networks that cannot handle the excessive traffic often just have to wait out the attack.

Homeland Security warned “Customers may experience intermittent difficulties in accessing the District’s web site as we attempt to address the issue. We are aggressively working to resolve this matter.”

In January the group launched a similar attack against the UFC for its support of the controversial Stop Online Piracy Act that was debated by Congress earlier this year. DDoS attacks have been launched by a variety of groups such as Anonymous and LulzSec against federal government websites and servers, including the FBI and CIA.

Google raises Hackers’ bounties to 20,000

Google has decided to raise the price they will pay to any hackers that report software bugs and vulnerabilities in Google’s online services.  Google has experienced success in the past rewarding hackers for exploiting and reporting bugs in Google Chrome.  The maximum reward for exposing a vulnerability that would let an intruder’s code get up to mischief in a Google data centre was increased from the U.S. $3,133 payout set when the bounty program was launched in November of 2010.

     Vulnerabilities that allow for Remote code execution found in Google’s Web apps will also be rewarded $20,000.  The term “remote code execution” refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system or inject malware on a machine.  Google has also stated that a $10,000 bounty will be paid for SQL injection bugs or significant authentication bypass or for leaks that allow the leakage of data.

At Google’s Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome browser. Two people managed to do so, and collected the money.  Google’s $20,000 top payment is likely still far below the market rate.  Many security researchers have said that Google is not offering enough money and that malicious hackers are able to get much more money on the black market.  By raising the bounty, Google hopes to inspire software savants to hunt for difficult-to-find, and exploit bugs hidden deep in Google’s sites, software, and services.  (