Web Host Netregistry Hit by DDoS Attack

WEB HOST INDUSTRY REVIEW) --Australian web host NetRegistry (www.netregistry.au) was hit by a DDoS attack on Monday, according to a report by ZDNet Australia.

This attack comes a few months after it acquired the customers and assets of Australian web host Distribute.IT, the web host attacked by hacker group Evil in June.

According to the report, the attack started at 10:30 am and affected its customers using shared and virtual private server hosting. Approximately 100,000 customers were likely to have been affected by the disruption, according to Netregistry CEO Brett Fenton.

Fenton says Netregistry itself was not the intended target, but it isn't sure which hosting customer the attack was directed at. According to the report, Netregistry had to fend off a similar DDoS attack last year when its customer the Australian Federation Against Copyright Theft was targeted by Anonymous.

Around 10:45 am, Netregistry announced its phone system was overloaded and had to place a limit on the number of calls it could accept. Around this time, the company confirmed it was experiencing a DDoS attack, and began to re-divert its network bandwidth and work with its upstream provider Telstra to stem the flow of traffic.

A report by iTechReport says that by lunchtime, the company believed it had resolved the issue, but the attack restarted around 2pm bringing the hosted sites offline again.

Netregistry says by 5pm access had been restored for most customers except for those using a Telstra-provided internet connection. Access to sites on the Zeus Dynamic shared hosting infrastructure remains offline, according to the report.

The report says the outage impacted its resellers and subsidiaries like ZipHosting as well.

http://www.thewhir.com/web-hosting-news/092611_Web_Host_Netregistry_Hit_by_DDoS_Attack

Massive DDoS attack mitigated

Prolexic Technologies, a company specializing in Distributed Denial of Service (DDoS) mitigation services, has announced that it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second volume. Prolexic cautions that global organizations should consider the attack an early warning of the escalating magnitude of similar DDoS threats that are likely to become more prevalent in the next six to eight months.
The attack was directed against an Asian company in a high-risk e-commerce industry. It generated larger than usual TCP SYN Floods and ICMP Floods, both of which are common DDoS attack methods. There was nothing common, however, about the magnitude of the attack.
According to Prolexic chief technology officer Paul Sop, the volume of the attack reached levels of approximately 25 million packets per second (pps), a rate that can overwhelm the routers and DDoS mitigation appliances of an internet service provider (ISP) or a major carrier. In contrast, most high-end border routers can forward 70,000 pps in typical deployments. In addition, Prolexic’s security experts found 176,000 remotely controlled PCs, or bots, in the attacker’s botnet (robot network). This represents a significant threat as typically only 5,000 to 10,000 bots have been employed in the five previous attacks mitigated by Prolexic.
“The customer attempted to mitigate these repeated DDoS attacks for many months with solutions from its ISP and its carrier before approaching Prolexic,” said Sop. “Defeating this attack is a testament to our unrivaled capacity and our unique position as the only global DDoS mitigation provider with the experience and bandwidth to successfully fight these gigantic attacks.”
To mitigate this high-magnitude attack without putting the burden on a single carrier, Prolexic distributed traffic among several of its global Tier 1 carrier partners and scrubbing network centers. Prolexic was able to help the client maintain service availability throughout the duration of the attack. While Prolexic was fighting this particular threat, it simultaneously helped another client who was experiencing a 7 Gbps DDoS attack.

Early warning and escalating threats
“Prolexic sees this massive attack in Asia with millions of packets per second as an early warning beacon of the increasing magnitude of DDoS attacks that may be on the horizon for Europe and North America in the next 6 to 8 months,” Sop said. “High risk clients, such as those extremely large companies in the gaming and gambling industries in Asia, are usually the first targets of these huge botnets just to see how successful they can be.”
Prolexic cautions that the next quantum leap in DDoS attacks will not necessarily center on bandwidth, but rather on increasing the volume of packets per second to such a high level that carriers cannot handle the overload. According to Sop, these extremely high packet-per-second DDoS attacks are especially insidious because they can cause collateral damage to carriers long before the “bad traffic” ever reaches its intended target.
Overwhelmed by the deluge of Internet traffic, carriers try to cope by passing around the excessive traffic like a “hot potato” from one to another. Ultimately, the carriers must “black hole” the IP address of the attack target and in doing so they unwittingly help the hacker to achieve the goal of creating a “zero route” which crashes the victim’s site. In addition, the continuous shifting of traffic from carrier to carrier can seriously affect the performance of multiple web sites, not just the intended target.
“Prolexic has invested millions to be ready for this type of DDoS attack and while we have only seen this botnet once in the Western Hemisphere to date, it is likely to follow a common pattern and become much more prevalent,” Sop said. “The good news is that Prolexic is already well ahead of the game and has proven that we can stop attacks of this magnitude.”

http://dateline.ph/2011/08/01/massive-ddos-attack-mitigated/

Layer 7 Application attacks - (DDoS)

Security attacks are moving ‘up the stack.’  90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’  SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10.  Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000.  These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.
Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector. 

It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended.  Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work.  Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched.  A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.

http://psilvas.wordpress.com/2011/06/22/cure-your-big-app-attack/

Financial Mogul Linked to DDoS Attacks

Pavel Vrublevsky, the embattled co-founder of ChronoPay — Russia’s largest online payments processor — has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against a top ChronoPay competitor.

KrebsOnSecurity has featured many stories on Vrublevsky’s role as co-founder of the infamous rogue online pharmacy Rx-Promotion, and on his efforts to situate ChronoPay as a major processor for purveyors of “scareware,” software that uses misleading computer virus infection alerts to frighten users into paying for worthless security software.  But these activities have largely gone overlooked by Russian law enforcement officials, possibly because the consequences have not impacted Russian citizens.
In the summer of 2010, rumors began flying in the Russian blogosphere that Vrublevsky had hired a hacker to launch a distributed denial of service (DDoS) attack against Assist, the company that was processing payments for Aeroflot, Russia’s largest airline. Aeroflot had opened its contract for processing payments to competitive bidding, and ChronoPay was competing against Assist and several other processors. The attack on Assist occurred just weeks before Aeroflot was to decide which company would win the contract; it so greatly affected Assist’s operations that the company was unable to process payments for extended periods of time. Citing the downtime in processing as a factor in its decision, Aeroflot ultimately awarded the contract to neither ChronoPay nor Assist, but instead to Alfa-Bank, the largest private bank in Russia.
According to documents leaked to several Russian security blogs, investigators with the Russian Federal Security Service (FSB) this month arrested a St. Petersburg man named Igor Artimovich in connection with the attacks. The documents indicate that Artimovich — known in hacker circles by the handle “Engel” — confessed to having used his botnet to attack Assist after receiving instructions and payment from Vrublevsky. The same blogs say Vrublevsky has fled the country. Sources close to the investigation say he is currently in the Maldives. Vrublevsky did not respond to multiple requests for comment.

The allegations against Artimovich and Vrublevsky were supported by evidence collected by Russian computer forensics firm Group-IB, which said it assisted the FSB with the investigation. Group-IB presented detailed information on the malware and control servers used to control more than 10,000 infected PCs, and shared with investigators screen shots of the botnet control panel (pictured at left) allegedly used to coordinate the DDoS attack against Assist. Group-IB said Artimovich’s botnet also was used to attack several rogue pharmacy programs that were competing with Rx-Promotion, including Glavmed and Spamit (these attacks also were observed by security firm SecureWorks in February).
This DDoS saga is the latest chapter in a fascinating drama playing out between the two largest rogue Internet pharmacies: Vrublevsky’s Rx-Promotion and Glavmed (a.k.a. “Spamit”), a huge pharma affiliate program run by Igor Gusev, the man who co-founded ChronoPay with Vrublevsky in 2003.
Gusev has been in exile from his native Moscow since last fall, when Russian authorities named him the world’s biggest spammer and lodged criminal charges against him for operating an illegal business. Spamit was forced to close shortly thereafter, and Gusev blames Vrublevsky for using his political connections to sabotage Spamit. Late last year, Gusev launched redeye-blog.com, a blog dedicated to highlighting alleged wrongdoing by Vrublevsky. In one post, Gusev charged that Artimovich agreed to DDoS Spamit.com because he believed forum members fleeing the program would join his own budding spammer forum: the still-active but largely dormant program Spamplanet.
Both ChronoPay and Glavmed/Spamit suffered hacking attacks last year that exposed internal documents, financial dealings and organizational emails. The data leaked from Glavmed/Spamit includes a list of contact information, earnings and bank account data for hundreds of spammers and hackers who were paid to promote the program’s online pharmacies. Those records suggest that for most of 2007, Artimovich was earning thousands of dollars a month sending spam to promote Spamit pharmacy sites.
The document that the FSB used to lay out the case for criminal proceedings against Artimovich, a.k.a. “Engel,” states that he was paid for the DDoS services with funds deposited into a WebMoney account “Z578908302415″. According to the leaked Spamit affiliate records, that same WebMoney account belonged to a Spamit affiliate who registered with the program using the email address “support@id-search.org.” Web site registration records for id-search.org show that the name of the registrant is hidden behind paid privacy protection services. But historic WHOIS records maintained by DomainTools.com reveal that for a two-month period in 2008 those registration records were exposed; during that brief window, records listed the registrant as Igor Artimovich from Kingisepp, Russia, a town 68 miles west of St. Petersburg.
The emails and documents leaked from the hacking intrusion into ChronoPay last year show that Artimovich and Vrublevsky exchanged numerous emails about payment for unspecified services. Among them is an email receipt from WebMoney showing a transfer of more than $9,000 from an account Vrublevsky controlled to Artimovich’s Z578908302415 purse on July 6, 2010, just days before the DDoS attacks began. The notation listed next to the payment receipt? “Engel.”


http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks/

World Cup DDoS blackmailer sentenced to jail

A court in Düsseldorf, Germany, has convicted a man who extorted money out of online gambling websites in the run-up to the 2010 Football World Cup in South Africa.

The Frankfurt man, who has not been identified, successfully blackmailed three online betting sites (and attempted to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet.
According to German media reports, the blackmailer hired a botnet for $65 per day and told the betting firms that he would make their websites unavailable during July 2010 - the month of the World Cup - if they did not pay him 2,500 Euros ($3,700). When three of the sites refused to pay any money, the man reduced the ransom to 1,000 Euros.

http://news.hitb.org/content/world-cup-ddos-blackmailer-sentenced-jail

Soca website taken down after LulzSec 'DDoS attack'

The UK Serious Organised Crime agency has taken its website offline after it appeared to be a victim of an attack by hacking group Lulz Security.

Soca said it had taken its website offline to limit the impact attack on clients hosted by its service provider.
Soca.gov.uk had been unavailable for much of Monday afternoon, with an intermittent service restored later.
Lulz Security has said it was behind the denial of service attack which had taken the website offline.
Earlier on Monday, as the agency launched an investigation, LulzSec tweeted: "Tango down - in the name of #AntiSec".
The group has hit a number of high-profile websites in recent weeks, including the CIA and US Senate.
Soca appeared to be the victim of a distributed denial of service (DDoS) attack, where large numbers of computers, under malicious control, overload their target with web requests.
In a statement given to BBC News, a Soca spokesman said: "Soca has chosen to take its website offline to limit the impact of DDoS attack on other clients hosted by our service provider.
"The Soca website is a source of information for the general public which is hosted by an external provider. It is not linked to our operational material or the data we hold."

Embarrassment

Earlier on Monday, a LulzSec Twitter posting seemed to confirm the nature of the attack.
"DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes," it said.
The latest attack will come as an embarrassment for Soca, which is tasked with investigating cybercrime.
"It is not going to please the boys in blue one bit," said Graham Cluley, senior technology consultant at security firm Sophos.

Mr Cluley added that it was wrong to confuse DDoS with the kind of hacking that can lead to confidential information being stolen.
However, he warned that LulzSec was capable of both types of attack.
"They have in the past broken into websites and stolen e-mail addresses and passwords, so there is a lot of harm can be done."



Big Lulz
When Lulz Security first appeared in May, the group portrayed itself as a light-hearted organisation, bent on creating online fun and Lulz (laughs).
Soon after, details of its hacking exploits began to emerge.
The first involved stealing and publishing a database of US X-Factor contestants, including their e-mail addresses and phone numbers.
It followed up with a mixture of website denial of service attacks and intrusions where data was taken and made available on the internet.
On June 19, LulzSec declared that it would begin targeting government systems, calling the campaign Antisec.
"Top priority is to steal and leak any classified government information, including e-mail spools and documentation. Prime targets are banks and other high-ranking establishments," said a post on the group's website.
The reason for LulzSec's greater focus on government is unclear, although it appears to have recently ended a feud with the more politically-motivated group Anonymous.

http://www.bbc.co.uk/news/technology-13848510

Is Obama Planning to Lose World War III?

In a cyberwar fought in an Internet-driven, overconnected world, things get turned upside down. The best offense is a defense. If a cyber-attacker disables your military command and control system, shuts down and catastrophically damages your power grid, makes your telecommunication system non-functional, and cripples your financial system, there isn’t much left to fight with.

Think of what the state of the country would be without these systems. Without power and telecommunications, there would be no logistic systems, supermarket shelves would be empty, credit cards wouldn’t work and money would be unavailable from ATM’s. Water would stop flowing to your home, and since gasoline would be unavailable from electric powered pumps, your car would not work. Among the other systems subject to attack: pipelines, sewage, and water supply. You get the idea.

If President Obama and the rest of our nation’s leaders aren’t actively implementing our cyber-defenses, they are implicitly planning to lose World War III.

For a long time I thought the idea of software designed to cause great physical damage to systems was fanciful. Then I came across a story in Thomas C. Reed’s 2004 book, At the Abyss: An Insider’s History of the Cold War. Reed was a former Secretary of the Air Force and told a story about a massive, three-kiloton explosion of a Soviet pipeline–the most massive non-nuclear explosion ever observed from outer space.

According to Reed, Russian agents stole software used to control the pipeline. As it happened, the CIA had anticipated the theft and deliberately programmed the software to go haywire. Sure enough, in 1982, when the Soviets deployed the stolen software, the pumps kepts pumping while valves were shut, producing pressure in excess of those the pipeline joints and welds could stand. The massive explosion soon followed.

I certainly hope there will never be a third world war, but I know there will be an increase in cyber-warfare, cyber-terrorism, cyber-crime, and cyber–vandalism. One only has to read the newspapers to be convinced that such incidents are on the rise.

In early 2007, Estonia came under cyber-assault. Estonia is one of the most Internet-dependent countries in the world. Ninety-six percent of its banking transactions are online. Citizens pay for parking using their cell phones. The attacks first targeted government sites and then were used to knock news sites offline. They culminated on May 10 when Hansabanka, the country’s largest bank, was forced to shut down its online operations shutting down ATM’s and severing the bank’s connections to the rest of the world.

South Korea has been attacked on numerous occasions. In 2009 a series of DDOS (Distributed Denial of Service) attacks were launched against government, news media, and financial web sites. More attacks occurred early this year. The April 12 attack paralyzed the Nonghyup Bank network for a week. The attacks were believed to have been originated by the North Koreans.

On April 19, 2011, Sony began investigating a cyber-attack that was a “very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes.” Sony discovered that credit card data and email addresses had been stolen from 77 million user accounts. Further investigation revealed that information was stolen from another 24.6 million online gambling accounts.

These assaults take two general forms. The first are attacks from the outside and usually take the form of DDOS (Distributed Denial of Service) attacks. In these attacks, an unauthorized remote user seizes control of thousands of computers and orders these “zombies” to flood websites with millions of messages. The overloaded systems become saturated and can no longer carry out routine operations. This type of attack brought down the Hansabanka and Nonghyup Banks.

The second form of attack is far more dangerous. The attacker gets inside the system and seizes control of the system operation or disables the system. The attacker may plant a “logic bomb” that will wake up on command or at some time in the future and might erase the system or perform some function that will injure the system under its control.

Stuxnet is a worm that was introduced into the Siemens programmed logic controllers at the Natanz uranium enrichment facility in Iran. It is believed the worm rapidly cycled the centrifuges to 1410 cycles per second and then slammed on the brakes, slowing them to 2 cycles. The rapid deceleration tore centrifuges apart. The same type of logic controller is used in numerous SANDA (Supervisory Control and Data Acquisition) systems in nuclear power and chemical plants. In a nuclear plant, such a logic bomb could cause a meltdown.

It is also possible for an attacker to use software trap doors to seize control of a command and control system and cause it to issue orders. In this scenario, troops might be ordered to attack the wrong target.

We are planning to lose World War III because we are unwilling to aggressively confront the cyber-defense issue. Confronting it is inconvenient, costly, involves regulation, and gives the government a potential window into our private lives.

But in an overconnected Internet-driven world, we must think about our current systems differently.

Here’s the problem we face: The Internet was never designed to be secure. It was designed by academics to serve the needs of trusted colleagues. While it will be impossible to make any system no matter how carefully conceived entirely secure, it is inconceivable that the existing Internet and systems based on it can be made more than marginally secure. This is not to say that the security of these systems cannot be improved.

The current activity of cyber-criminals offers convincing evidence that existing systems can be easily penetrated, and many of those systems have already been compromised. Infected computers and portable memory devices may have already introduced malware to numerous existing systems. The structure of the Internet makes it virtually impossible to identify the source of a well-executed attack.

My guess is that we can improve existing systems enough so they can continue to serve the Public and Private system users but that the current system can never be made secure enough to protect Secure and Mission Critical systems.

It is critical that we protect to the highest degree possible our Mission Critical systems. Among them are military command and control systems, systems controlling financial networks and the transfer on money within the network, networks that control our electric power. And, to a lesser extent, we need to protect other systems as well.

A few suggestions: We should consider physically disconnecting our Mission Critical systems from external networks. We should consider requiring all major ISP’s (Internet Service Providers) to install the capability to do deep packet inspection. In the case of a DDOS attack, these systems could quarantine the packets used to barrage and choke Internet systems. And we should give regulatory agencies the power to impose certain standards for cyber-security on businesses.

Doing these things will be expensive and create many inefficiencies. Many businesses will oppose these actions. Liberals and conservatives alike will worry about the potential loss of privacy and government intrusion into our lives that could result from the abuse of information collected with deep packet inspection. But realistically, it is hard to see many businesses and utilities going to the trouble and inconvenience of taking these types of actions unless they are forced to do so.

In an Internet-driven, overconnected world, power has become asymmetric. Small groups can do immeasurable amounts of damage with relatively small efforts.

Right now our country is the most vulnerable and most tempting target for cyber-terrorists and criminals. We have a highly developed physical and commercial infrastructure that is heavily dependent on the Internet. We cannot function if the Internet is shut down.

North Korea is possibly the country best positioned to attack us. They can launch cyber-attacks but their national infrastructure is so primitive that there is nothing for a cyber-warrior to attack. Cyber-terrorist are in a similar position. They have no banks or power stations for us to disable.

Our Defense Department is probably in a position to launch the most devastating and comprehensive cyber-attacks of any nation. Unfortunately, those attacks will not do much to defend many of our important systems. Probably all of them are not secure enough to withstand a sophisticated assualt.

So let’s get on with building the type of offense an Internet-driven, overconnected world requires. The new rule for that environment is “The best offense is a superior defense.” Relying as we currently do on having the best offense is a plan for losing World War III. Let’s start playing defense.

http://blogs.forbes.com/billdavidow/2011/05/24/is-obama-planning-to-lose-world-war-iii/

DDoS Attacks: Your Customers At Risk

Distributed denial of service (DDoS) attacks are an increasing concern for organizations large and small, according to new survey results out released from the Interop computer networking show. Among the findings: organizations reported that they've been unable to keep up with attacks that have plagued them more frequently over the past year, according to the survey, commissioned by Symantec's VeriSign and conducted by Merrill Research. Researchers polled 225 IT decision makers. Security remains a top concern in organizations, as IT professionals struggle to keep up with the mounting threat. Here's a look at the results.

• 78 percent of respondents reported that they are extremely or very concerned about DDoS attacks.
• 67 percent say that they expect the frequency and strength of denial of service attacks to increase or stay the same over the next two years.
• Close to two-thirds of respondents who experienced a DDoS attack in the past year said they sustained more than one attack.
• 11 percent said they had experienced six or more DDoS attacks in the past year.
• 60 percent of the respondents rely on their web sites for at least 25 percent of their annual revenue.
• 53 percent of the respondents said they experienced downtime in the past year, with DDoS attacks accounting for one-third ? 33 percent of all downtime incidents.
• More than two-thirds said their downtime impacted customers and half reported they lost revenue.
• 87 percent of IT pros believe that DDoS protection is very important for maintaining availability of websites and services.
• 71 percent of respondents who don’t have DDoS protection said they plan to implement a solution in the next year.
• 40 percent plan to outsource their DDoS protection, 31 percent plan to implement an in-house solution, and 29 percent are still undecided on their approach for protection.

http://www.channelinsider.com/c/a/Security/DDoS-Attacks-Your-Customers-At-Risk-212836/

Anonymous' Operation Empire State Rebellion Releases "Civil Disobedience" Video #2

Two weeks ago the Anonymous hacker collective released a video indicating it was moving to a peaceful form of civil disobedience, until such time as the Fed is abolished, to be preceded by the "sign of good faith" that is Bernanke's stepping down. Needless to say, so far Bernanke has not quit. So today Anonymous' OpESR has released a second video which unlike the previous one is more or less a collage of hacker-friendly video clips. Hopefully there is some more to this latest form of anonymous activism than the clever use of iMovie...

http://www.zerohedge.com/article/anonymous-operation-empire-state-rebellion-releases-civil-disobedience-video-2

Wikileaks DDoS spawns security arms race

Ever since supporters of Julian Assange took to the internet to launch DDoS attacks against Wikileaks naysayers, companies have woken up to a need to protect their entire infrastructure, and F5 Networks and their customers are now preaching the need to wrap all network applications into a secure environment.
Jason Needham, senior director of product management for F5, said that companies now more than ever need to protect every part of their online infrastructure, not just mission-critical applications.
"Wikileaks has woken up the industry to the fact that it's not about [protecting against] losing content, but it's also [protecting against] virtual protesting where flash crowds come in and try to take a service offline based on an agenda and protest of sorts," Needham said.
The real challenge in the conflict, he went on, is identifying who is a valid user and who intends to do the organisation harm online.
"One of the things F5 goes into organisations talking about is how to solve the DoS problem and its many faces. One of the faces it takes is from the unintelligent brute force attack, another face it takes is valid application-based attacks."
These application-based attacks work to disguise themselves as normal user interactions in order to exploit security vulnerabilities like SQL injections, Needham said.
The solution, according to Kurt Hansen, F5 Network's local managing director, is to deploy a breadth of security activities "from intelligent filtering to dynamic security policies to really trying to decipher good users from bad users and help organisations stay online".
Hansen said that the bar had been lowered for people to take to the internet as hacktivists, with the only prerequisite being a working internet browser.

IPv6 isn't riding to the rescue

Needham also said the implementation of IPv6 wouldn't raise the bar for application-level security.
"The application security problem does not go away with IPv6. It's not going to solve the problem of DoS [attacks] and it's not going to solve the problem of application-based threats," Needham said, adding that the design of IPv6 may in fact make security enforcement more difficult.

"One of the inherent security functions of IPv6 is a point-to-point security tunnel between two devices, which means you're now encrypting all of your application-layer traffic from the attacker through to whatever they're attacking," he added.

According to F5, the only way to effectively deal with evolving security threats is to respond swiftly and implement faster technology with staff like Mark Wallis, who is a network administrator for credit card payment company Qvalent.
Wallis recently implemented a quick fix to a Java exploit without having to write a software patch, which, in the banking industry, can take time due to regulatory constraints.
Instead, Wallis wrote a rule into Qvalent's application firewall as a line of defence against the global Java exploit.
"We now look for that magic number within [our application firewalls]. It's never a number you're going to see in day-to-day transactions … and it's the type of thing we can get a fix out for within a 24-hour period," Wallis said.
Wallis went on to predict that the exploit may find its way into a new worm before a software patch comes to hand.
"What everyone is betting is that [the exploit] is going to pop up in a worm very quickly. I guarantee you that the next Stuxnet is going to be looking for that [exploit] and it's just so dead simple," Wallis said.

http://www.zdnet.com.au/wikileaks-ddos-spawns-security-arms-race-339309259.htm

Anonymous targets American Israel PAC: Operation Palestine

OpPalestine
Sunday those claiming to represent the Internet hacktivist group known as "Anonymous" launched a cyber attack against The American Israel Public Affairs Committee (AIPAC). The attack is aimed at the website, aipac.org, and conducted via a modified LOIC (Low Orbit Ion Cannon) used to execute DDoS attacks. A distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
According to the announcement from Anonymous:

America's Pro-Israel Lobby (AIPAC) is known for being one of the most powerful lobbies, keeping politicians in their pockets. During 2009, the U.S. provided Israel with at least 8.2 million per day in military aid and $0 in military aid to the Palestinians.
We are having none of it.

The notice goes on to give "attack instructions" on the installation and utilization of the LOIC (low orbit ion cannon).
Currently Anonymous is experiencing something of a renaissance, with numerous operations running as well as a robust recruitment drive in full swing. Using social media sites like Twitter and Facebook as well as Internet Relay Chat rooms (IRC) the group has conducted successful campaigns against such targets as Scientology, Visa and MasterCard, the Westboro Baptist church and the Internet security firm HBGary.

Nevertheless, it is important to recall that Anonymous is a mysterious organization - a headless monster, lacking any identifying hierarchy or command structure. No one press release, no one statement, no one tweet, no one blog post, speaks for all who pledge allegiance to the group. While there apparently are leaders and followers involved in particular operations, there is no leadership in the traditional sense.

At the time of posting, the AIPAC website was still up and running. The announcement and other information is available via Twitter search: #OpPalestine, as well as a Facebook page "Operation Palestine."

http://www.examiner.com/anonymous-in-national/anonymous-targets-american-israel-pac-operation-palestine