Friday, October 04, 2002

Laptop Disassembly
Pictures of several laptops taken apart.
DNSSEC - Securing the Domain Name System
DNSSEC (short for "DNS Security") is a technique for securing the Domain System. It is a set of extensions to provide end-to-end authenticity and integrity and was designed to protect the Internet from certain attacks.
There are several distinct classes of threats to the DNS, most of which are DNS-related instances of more general problems, but a few of which are specific to peculiarities of the DNS protocol.
Wireless Security & Hacking
This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.
Computer Forensics Tool Testing (CFTT)
The CFTT is designed to provide a measure of assurance in the results of investigations based on automated tools used in computer forensics examinations. These tools are used by law enforcement, government, and industry organizations to examine disk drives seized in computer crime investigations and to analyze the files found. Examples of tools may include disk imaging software, password crackers, image analysis tools, and others.
National Software Reference Library (NSRL)
This project is supported by the U.S. Department of Justice's National Institute of Justice (NIJ), federal, state, and local law enforcement, and the National Institute of Standards and Technology (NIST) to promote efficient and effective use of computer technology in the investigation of crimes involving computers. Numerous other sponsoring organizations from law enforcement, government, and industry are providing resources to accomplish these goals.
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS. This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations.

Thursday, October 03, 2002

Unix tools track hackers
If you find you've been cracked use these old-school Unix tools to help track down the perpetrators.

Tuesday, October 01, 2002

Evaluating Network Intrusion Detection Signatures
In this series of articles, we present recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well selecting attacks to be used in testing. This article will conclude the discussion on criteria for choosing attacks and then provide recommendations for generating attacks and creating a good testing environment. We begin by discussing some methods of acquiring attacks and attack traffic.
DFRWS
The Digital Forensic Research Workshop, or DFRWS, was initiated in August 2001 to bring academic researchers and digital forensic investigators and practitioners together for active discussion that addresses three major objectives:
Define the need and create the processes for the incorporation of a rigorous scientific method as a fundamental tenant of the evolving discipline of Digital Forensic Science

Develop a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability

The discovery, explanation and presentation of conclusive, persuasive evidence that will meet the heightened scrutiny of the courts and other decision-makers in military and civilian environments
Special Applications - Port ListList of ports that commonly used applications make use of.

Monday, September 30, 2002

Security and Encryption Links
The following are security-related resources (aka "the crypto link farm") that I've found on the net. If there's anything which needs updating or correcting, please let me know. Because of its large size, I only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.
poorsniff - a command line windows sniffer
no pcap, winpcap, packet driver required, only a 9k executable (at present), all code public domain.

Sunday, September 29, 2002

Secret Service agents probe wireless networks
Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital.

The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks.