Catweasel
Catweasel is a universal floppy disk controller that uses unmodified PC diskdrives. The Catweasel can handle nearly any disk format, you just have to find a drive for them. Normally, these drives are just 3.5 inch and 5.25 inch drives. PC floppy drives used to be known as being able to work with PC formatted disks only, but now you can access any of the disk formats listed further below.
Wednesday, February 26, 2003
CD Data Recovery
We are experts in recovery and repair of inaccessible, unreadable or deleted data, files, pictures, documents, or AutoCad® drawings etc., from optical storage media such as: CD-ROM, CD-R, CD-RW, DVD-RAM, DVD-R/W, DVD+R/W, 3-inch Mini CD-R., (Used in Mavica® MVC-CD1000 digital cameras), Home Audio Recording CDs, Compact Flash ™(CF), Smart Media ™ (SSFDC), Sony® memory sticks and PCMCIA ATA Cards.
We are experts in recovery and repair of inaccessible, unreadable or deleted data, files, pictures, documents, or AutoCad® drawings etc., from optical storage media such as: CD-ROM, CD-R, CD-RW, DVD-RAM, DVD-R/W, DVD+R/W, 3-inch Mini CD-R., (Used in Mavica® MVC-CD1000 digital cameras), Home Audio Recording CDs, Compact Flash ™(CF), Smart Media ™ (SSFDC), Sony® memory sticks and PCMCIA ATA Cards.
Tuesday, February 25, 2003
The SPAM-L FAQ - Tracking Spam
This section deals with the technical aspects of spam, like telling where it came from. Having a UNIX shell account will be extremely helpful as a lot of the utilities are native to UNIX; however, you can perform most of these functions with other operating systems using third-party (usually shareware) tools, unlike UNIX, which comes with many of the tools mentioned already installed.
This section deals with the technical aspects of spam, like telling where it came from. Having a UNIX shell account will be extremely helpful as a lot of the utilities are native to UNIX; however, you can perform most of these functions with other operating systems using third-party (usually shareware) tools, unlike UNIX, which comes with many of the tools mentioned already installed.
Reading Email Headers
This document is intended to provide a comprehensive introduction to the behavior of email headers. It is primarily intended to help victims of unsolicited email ("email spam") attempting to determine the real source of the (generally forged) email that plagues them; it should also help in attempts to understand any other forged email. It may also be beneficial to readers interested in a general-purpose introduction to mail transfer on the Internet.
This document is intended to provide a comprehensive introduction to the behavior of email headers. It is primarily intended to help victims of unsolicited email ("email spam") attempting to determine the real source of the (generally forged) email that plagues them; it should also help in attempts to understand any other forged email. It may also be beneficial to readers interested in a general-purpose introduction to mail transfer on the Internet.
Disk Splicing
Forensic Disk Splicing for Law Enforcement is designed to teach disk splicing techniques to law enforcement personnel who are already trained in computer forensics. The course teaches how to reconstruct 3.5 inch and 5.25 inch diskettes that have been cut, segmented, bent, torn, melted and/or (in the case of 3.5 inch diskettes) removed from the disk hub and recover data from the diskette.
Forensic Disk Splicing for Law Enforcement is designed to teach disk splicing techniques to law enforcement personnel who are already trained in computer forensics. The course teaches how to reconstruct 3.5 inch and 5.25 inch diskettes that have been cut, segmented, bent, torn, melted and/or (in the case of 3.5 inch diskettes) removed from the disk hub and recover data from the diskette.
Frontline Test Equipment
Frontline Test Equipment, Inc. is the leading provider of PC-based data communication protocol analyzers in the world. Our products are used by engineers and technicians who develop, test, install, maintain, and repair equipment and instrumentation that is interconnected by a variety of communication technologies.
Currently available products include asynchronous serial data analyzers, synchronous serial data analyzers, Bit Error Rate Testers (BERT), Ethernet protocol analyzers, Industrial Automation and SCADA communication protocol analyzers, Bluetooth™ protocol analyzers and Intelligent Traffic System (NTCIP) protocol analyzers.
Frontline Test Equipment, Inc. is the leading provider of PC-based data communication protocol analyzers in the world. Our products are used by engineers and technicians who develop, test, install, maintain, and repair equipment and instrumentation that is interconnected by a variety of communication technologies.
Currently available products include asynchronous serial data analyzers, synchronous serial data analyzers, Bit Error Rate Testers (BERT), Ethernet protocol analyzers, Industrial Automation and SCADA communication protocol analyzers, Bluetooth™ protocol analyzers and Intelligent Traffic System (NTCIP) protocol analyzers.
Sunday, February 23, 2003
Stupid Security
We've all been there. Standing for ages in a security line at an inconsequential office building only to be given a security pass that a high school student could have faked. Or being forced to take off our shoes at an airport that can't even screen its luggage.
If you thought the accounting profession was bad news, just wait till you hear how stupid the security industry has become. Even before 9/11 a whole army of bumbling amateurs has taken it upon themselves to figure out pointless, annoying, intrusive, illusory and just plain stupid measures to "protect" our security.
It's become a global menace. From the nightclub in Berlin that demands the home address of its patrons, to the phone company in Britain that won't let anyone pay more than fifty pounds a month from a bank account, the world has become infested with bumptious administrators competing to hinder or harass you. And often for no good reason whatever.
The sensitive and sensible folk at Privacy International have endured enough of this treatment. So until March 15th 2003 we are running an international competition to discover the world's most pointless, intrusive, stupid and self-serving security measures.
We've all been there. Standing for ages in a security line at an inconsequential office building only to be given a security pass that a high school student could have faked. Or being forced to take off our shoes at an airport that can't even screen its luggage.
If you thought the accounting profession was bad news, just wait till you hear how stupid the security industry has become. Even before 9/11 a whole army of bumbling amateurs has taken it upon themselves to figure out pointless, annoying, intrusive, illusory and just plain stupid measures to "protect" our security.
It's become a global menace. From the nightclub in Berlin that demands the home address of its patrons, to the phone company in Britain that won't let anyone pay more than fifty pounds a month from a bank account, the world has become infested with bumptious administrators competing to hinder or harass you. And often for no good reason whatever.
The sensitive and sensible folk at Privacy International have endured enough of this treatment. So until March 15th 2003 we are running an international competition to discover the world's most pointless, intrusive, stupid and self-serving security measures.
How to protect yourself from snooping software
Beware: tiny software apps called adware or spyware may be tracking your behavior online right now. Don't like that idea? Robert tells you the best--and cheapest--way to get rid of these pests.
Beware: tiny software apps called adware or spyware may be tracking your behavior online right now. Don't like that idea? Robert tells you the best--and cheapest--way to get rid of these pests.
Fighting the enemy within
Fortunately, there is an answer to the risk of social engineering and the threats posed by employee use of company machines. Security policy automation, an emerging security software concept, removes many security risks by implementing a security policy across enterprise systems and consistently auditing and monitoring systems for compliance.
Fortunately, there is an answer to the risk of social engineering and the threats posed by employee use of company machines. Security policy automation, an emerging security software concept, removes many security risks by implementing a security policy across enterprise systems and consistently auditing and monitoring systems for compliance.
Decimalisation Table Attacks for PIN Cracking
Two Cambridge University researchers have discovered a new attack on the hardware security nodules employed by banks that makes it possible to retrieve customers' cash machine PINs in an average of 15 tries. The attack takes advantage of a weakness in the cryptographic model used by many HSMs to encrypt, store and retrieve PINs. The system, used by many ATMs, reads the customer's account number that is encoded on the magnetic strip of the ATM card. The software then encrypts the account number using a secret DES key. The ciphertext of the account number is then converted to hexadecimal and the first four digits of it are retained. Those digits are then put through a decimalization table, which converts them to a format that's usable on the ATM keypad. By manipulating the contents of this table, it's possible for an attacker to learn progressively more about the PIN with each guess. Using various schemes described in the paper, a knowledgeable attacker could discover as many as 7,000 PINs in a half hour, the authors say.
Two Cambridge University researchers have discovered a new attack on the hardware security nodules employed by banks that makes it possible to retrieve customers' cash machine PINs in an average of 15 tries. The attack takes advantage of a weakness in the cryptographic model used by many HSMs to encrypt, store and retrieve PINs. The system, used by many ATMs, reads the customer's account number that is encoded on the magnetic strip of the ATM card. The software then encrypts the account number using a secret DES key. The ciphertext of the account number is then converted to hexadecimal and the first four digits of it are retained. Those digits are then put through a decimalization table, which converts them to a format that's usable on the ATM keypad. By manipulating the contents of this table, it's possible for an attacker to learn progressively more about the PIN with each guess. Using various schemes described in the paper, a knowledgeable attacker could discover as many as 7,000 PINs in a half hour, the authors say.
Wednesday, February 12, 2003
Darik's Boot and Nuke
Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
Sunday, February 09, 2003
Physical Security Standards for Sensitive Compartmented Information Facilities
Physical security standards are hereby established governing the construction and protection of facilities for storing, processing, and discussing Sensitive Compartmented Information (SCI) which requires extraordinary security safeguards.
Physical security standards are hereby established governing the construction and protection of facilities for storing, processing, and discussing Sensitive Compartmented Information (SCI) which requires extraordinary security safeguards.
Thursday, February 06, 2003
The Great IDS Debate
Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary – the core tasks of an IDS. Two different IDS techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind the software. Despite the copious marketing material and fiery online debates, each method has distinct strengths and weaknesses. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.
Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary – the core tasks of an IDS. Two different IDS techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind the software. Despite the copious marketing material and fiery online debates, each method has distinct strengths and weaknesses. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.
Tuesday, February 04, 2003
LogAnalysis.Org
This is the new loganalysis.org! We're dedicated to pulling together a repository of useful information on log analysis for computer security.
Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs.
This is the new loganalysis.org! We're dedicated to pulling together a repository of useful information on log analysis for computer security.
Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs.
Monday, February 03, 2003
Macintosh Security Site
This site is devoted to the security of your Macintosh computer and the programs or servers you run on it. SecureMac started in February of 1999. Over the past years we have served thousands of people, helping them secure their networks and detect hackers.
On this site you will learn how to secure your Macintosh, detect any hackers present on it, while viewing the most reliable source of security related products, with extensive reviews and ratings evaluated by the top Macintosh security experts. We feel that to create a secure product, the product must be tested, explored, and look at thoroughly. Every product on SecureMac.com is evaluated to its fullest, from secure programming, concept and design. Every product is given a rating and explained in details, each developer or developing group is notified of any security issues or advisories before released to the public to ensure a safe transition for all of their users.
This site is devoted to the security of your Macintosh computer and the programs or servers you run on it. SecureMac started in February of 1999. Over the past years we have served thousands of people, helping them secure their networks and detect hackers.
On this site you will learn how to secure your Macintosh, detect any hackers present on it, while viewing the most reliable source of security related products, with extensive reviews and ratings evaluated by the top Macintosh security experts. We feel that to create a secure product, the product must be tested, explored, and look at thoroughly. Every product on SecureMac.com is evaluated to its fullest, from secure programming, concept and design. Every product is given a rating and explained in details, each developer or developing group is notified of any security issues or advisories before released to the public to ensure a safe transition for all of their users.
i-Catcher
i-Catcher is an innovative PC-Video integration package with sophisticated motion detection and alerting features. Originally devised as a security/surveillance product, i-Catcher is as successful in capturing wildlife images as it is in identifying intruders in your home or business.
In its simplest form i-Catcher is a single application that detects motion in a camera feed, then captures the images and posts them to a web site (look at these examples), or sends them via email (there is also an option for SMS alerting). The i-Catcher Wildlife and Sentry applications can also be connected to i-Catcher Console to provide network-wide monitoring of up to 255 cameras.
i-Catcher is an innovative PC-Video integration package with sophisticated motion detection and alerting features. Originally devised as a security/surveillance product, i-Catcher is as successful in capturing wildlife images as it is in identifying intruders in your home or business.
In its simplest form i-Catcher is a single application that detects motion in a camera feed, then captures the images and posts them to a web site (look at these examples), or sends them via email (there is also an option for SMS alerting). The i-Catcher Wildlife and Sentry applications can also be connected to i-Catcher Console to provide network-wide monitoring of up to 255 cameras.
Sunday, February 02, 2003
Saturday, February 01, 2003
TightVNC: VNC-Based Free Remote Control Solution
TightVNC is a free remote control package derived from the popular VNC software. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer.
TightVNC is a free remote control package derived from the popular VNC software. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer.
Friday, January 31, 2003
Offline NT Password & Registry Editor
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Works with syskey (no need to turn it off, but you can if you have lost the key)
Will detect and offer to unlock locked or disabled out user accounts!
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Works with syskey (no need to turn it off, but you can if you have lost the key)
Will detect and offer to unlock locked or disabled out user accounts!
Wednesday, January 29, 2003
CCIPS SEARCHING AND SEIZING COMPUTERS
Searching and Seizing Computers and Related Electronic Evidence Issues.
Searching and Seizing Computers and Related Electronic Evidence Issues.
The Smart Card Cryptographic Service Provider Cookbook
This article provides background information for Cryptographic Service Provider (CSP) developers. It brings together information already available on MSDN about smart cards, cryptography, and CSPs, then goes on to detail the calls that are made to the CSPs in typical scenarios, important design considerations, and smart card-specific error codes. (24 printed pages)
This article provides background information for Cryptographic Service Provider (CSP) developers. It brings together information already available on MSDN about smart cards, cryptography, and CSPs, then goes on to detail the calls that are made to the CSPs in typical scenarios, important design considerations, and smart card-specific error codes. (24 printed pages)
ProofSecure.com - Web Application Security
We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Tuesday, January 28, 2003
What to look for when buying a VPN
Virtual private networking is becoming an integral part of today's data networks. Virtual private network (VPN) drivers range from securing corporate communications to reducing costs by replacing leased lines. But for those who have not yet deployed a VPN, the options can be daunting. There are several approaches and dozens of products and services from which to choose, each with its own pros and cons.
Virtual private networking is becoming an integral part of today's data networks. Virtual private network (VPN) drivers range from securing corporate communications to reducing costs by replacing leased lines. But for those who have not yet deployed a VPN, the options can be daunting. There are several approaches and dozens of products and services from which to choose, each with its own pros and cons.
Monday, January 27, 2003
Saturday, January 25, 2003
Naval Surface Warfare Center
SHADOW is the result of a project that was originally called the Cooperative Intrusion Detection Evaluation and Response (CIDER) project. It was an effort of NSWC Dahlgren, NFR, NSA, the SANS community and other interested parties to locate, document, and improve security software. The material on this page is approved for public release, distribution is unlimited.
Today, SHADOW is maintained and developed by NSWC.
SHADOW is the result of a project that was originally called the Cooperative Intrusion Detection Evaluation and Response (CIDER) project. It was an effort of NSWC Dahlgren, NFR, NSA, the SANS community and other interested parties to locate, document, and improve security software. The material on this page is approved for public release, distribution is unlimited.
Today, SHADOW is maintained and developed by NSWC.
Friday, January 24, 2003
Outsourcing Managed Security Services As computer attack patterns shift and threats to networks change and grow almost daily, it is critical that organizations achieve reliable information security. Investment decisions about information security are best considered in the context of managing business risk. Risks can be accepted, mitigated, avoided, or transferred. Outsourcing selected managed security services (MSS) by forming a partnership with a Managed Security Service Provider (MSSP) is often a good solution for transferring information security responsibility and operations. Although the organization still owns information security risk and business risk, contracting with an MSSP allows it to share risk management and mitigation approaches
Secure your WLAN: Authenticate
Inherently flawed security protocols and a strong grassroots push to adopt wireless local-area networks (LANs) are creating substantial security risks for enterprises. The first priority should be to establish a comprehensive policy to address wireless deployments, with user authentication as a key component.
Inherently flawed security protocols and a strong grassroots push to adopt wireless local-area networks (LANs) are creating substantial security risks for enterprises. The first priority should be to establish a comprehensive policy to address wireless deployments, with user authentication as a key component.
SMAC
SMAC is a free GUI tool, which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems, whether the manufactures allow this option or not.
SMAC is a free GUI tool, which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems, whether the manufactures allow this option or not.
Monday, January 20, 2003
Computer News: The Mother of All Linux Servers
The SGI Altix is a new approach to Linux clustering that puts up to 64 processors in each node -- a far cry from the one or two processors per node in typical cluster systems.
The SGI Altix is a new approach to Linux clustering that puts up to 64 processors in each node -- a far cry from the one or two processors per node in typical cluster systems.
KnownGoods Database Information
Unless you've built your OS from source (more than likely you have not),the executable applications from the original distribution should never change in content, and/or size. The checksums in this database can quickly tell you if a file has been modified since it was first installed from the distrubution.
Of course, applications installed after the distribution will be different, or possibly not in this database. This repository is meant to provide a quick check of known goods.
Unless you've built your OS from source (more than likely you have not),the executable applications from the original distribution should never change in content, and/or size. The checksums in this database can quickly tell you if a file has been modified since it was first installed from the distrubution.
Of course, applications installed after the distribution will be different, or possibly not in this database. This repository is meant to provide a quick check of known goods.
Avoid Wireless LAN Security Pitfalls
Wireless Local Area Networks (WLANs) are taking off. Enterprises are turning to WLANs in droves because they offer mobility and huge cost advantages. In fact, studies show that wireless workers are more productive, less pressured and save businesses money. Gartner, Inc., for instance, finds WLANs to be cheaper to install than wired LANs, especially for small organizations. And once they're in, wireless LANs are less expensive to operate and maintain.
Wireless Local Area Networks (WLANs) are taking off. Enterprises are turning to WLANs in droves because they offer mobility and huge cost advantages. In fact, studies show that wireless workers are more productive, less pressured and save businesses money. Gartner, Inc., for instance, finds WLANs to be cheaper to install than wired LANs, especially for small organizations. And once they're in, wireless LANs are less expensive to operate and maintain.
Saturday, January 18, 2003
Technical Analysis Group (TAG) - The Law Enforcement Tools and Technologies for Investigating Cyber Attacks
What are the technological impediments facing law enforcement when investigating and responding to cyber attacks, for which research and development might provide solutions?
What are the technological impediments facing law enforcement when investigating and responding to cyber attacks, for which research and development might provide solutions?
Friday, January 17, 2003
Computer Secure-It, Inc.
Secure-It, Inc. has been providing the highest quality computer security products since 1983. With it's new array of computer security products including access control, motion alarms, tracking and recovery software, enclosures, and more, Secure-It knows it can be your one source for all your computer security solutions.
Secure-It, Inc. has been providing the highest quality computer security products since 1983. With it's new array of computer security products including access control, motion alarms, tracking and recovery software, enclosures, and more, Secure-It knows it can be your one source for all your computer security solutions.
Thursday, January 16, 2003
Transmeta builds crypto into Crusoe
Transmeta yesterday said it has begun sampling versions of its Crusoe TM5800 processor embedded with proprietary security technologies. The chip designer claims its approach offers increased security for wireless computing, protects sensitive data, "deters intellectual property theft" (read Digital Rights Management (DRM) Inside) and delivers tamper-resistant, x86 storage environments. Putting security onto the main processor increases security over existing multi-chip solutions, it argues. Initially, the TM580 will feature technologies including "secure hidden storage of confidential information" (initially tamper-resistant storage of crypto keys) and crypto acceleration. Transmeta's hardware support for DES, DES-X and Triple-DES is designed to accelerate security applications such as file and disk data encryption and the Internet Protocol Security (IPSec) algorithm commonly used in VPNs. The company reckons its processor architecture will make an extension of this to support the recently approved Advanced Encryption Standard (AES) straightforward. Intel and AMD plan to introduce security functions directly into their microprocessors, but Transmeta argues its ahead in building these technologies into chips thanks to its combined software and hardware approach to microprocessor design.
Transmeta yesterday said it has begun sampling versions of its Crusoe TM5800 processor embedded with proprietary security technologies. The chip designer claims its approach offers increased security for wireless computing, protects sensitive data, "deters intellectual property theft" (read Digital Rights Management (DRM) Inside) and delivers tamper-resistant, x86 storage environments. Putting security onto the main processor increases security over existing multi-chip solutions, it argues. Initially, the TM580 will feature technologies including "secure hidden storage of confidential information" (initially tamper-resistant storage of crypto keys) and crypto acceleration. Transmeta's hardware support for DES, DES-X and Triple-DES is designed to accelerate security applications such as file and disk data encryption and the Internet Protocol Security (IPSec) algorithm commonly used in VPNs. The company reckons its processor architecture will make an extension of this to support the recently approved Advanced Encryption Standard (AES) straightforward. Intel and AMD plan to introduce security functions directly into their microprocessors, but Transmeta argues its ahead in building these technologies into chips thanks to its combined software and hardware approach to microprocessor design.
Wednesday, January 15, 2003
Instant Insecurity: Security Issues of Instant Messaging
Instant messaging is an increasingly popular method for communicating over the Internet. Instant messaging (IM) is a real-time supplement to and, in some regards, a replacement for e-mailing. Unlike e-mail, instant messaging allows users to see whether a chosen friend or co-worker is connected to the Internet. Typically, the instant messaging service will alert a user if somebody on the user's list of correspondents is on-line. Instant messaging also differs from e-mail in that messages are exchanged directly almost instantly, allowing for a two-way communication in real-time.
Instant messaging is an increasingly popular method for communicating over the Internet. Instant messaging (IM) is a real-time supplement to and, in some regards, a replacement for e-mailing. Unlike e-mail, instant messaging allows users to see whether a chosen friend or co-worker is connected to the Internet. Typically, the instant messaging service will alert a user if somebody on the user's list of correspondents is on-line. Instant messaging also differs from e-mail in that messages are exchanged directly almost instantly, allowing for a two-way communication in real-time.
VOICE TRUST
VOICE.TRUST enables secure user authentication via the voice as a valuable alternative to unreliable password mechanisms or technologically complex and costly authentication systems. The easy-to-install VOICE.TRUST Server makes it possible for the user to authenticate himself via existing telephone hardware - secure, convenient and inexpensive.
VOICE.TRUST enables secure user authentication via the voice as a valuable alternative to unreliable password mechanisms or technologically complex and costly authentication systems. The easy-to-install VOICE.TRUST Server makes it possible for the user to authenticate himself via existing telephone hardware - secure, convenient and inexpensive.
Monday, January 13, 2003
How Warchalking Died
The purpose of this article is to explain how Warchalking has become obsolete. It is being replaced by Wi-Fi Zones that are being fueled by home networks, corporate networks, and even payphones. The internet will be all around you in all places but you won't ever need to care about Warchalking. Let's bury the idea and move along.
The purpose of this article is to explain how Warchalking has become obsolete. It is being replaced by Wi-Fi Zones that are being fueled by home networks, corporate networks, and even payphones. The internet will be all around you in all places but you won't ever need to care about Warchalking. Let's bury the idea and move along.
SLAM
Slam is a module based concept tool providing techniques of brute force logon. The slam concept is to inherit knowledge from previously executed modules and previously assased targets in order to gain as much access as possible with little information.
Slam is a module based concept tool providing techniques of brute force logon. The slam concept is to inherit knowledge from previously executed modules and previously assased targets in order to gain as much access as possible with little information.
Sunday, January 12, 2003
The Open Web Application Security Project
Invalidated parameters and broken access control are among the most serious security vulnerabilities in today's Web applications, according to a list released today by the Open Web Application Security Project (OWASP).
In an attempt to aid developers' project planning and boost security for Web sites, dozens of leading application security experts have devised a top 10 list of the most significant problems with Web apps today. These flaws are far from new but remain serious threats to enterprises.
For starters, information from Web requests isn't being validated before being used by a Web application, a situation being actively exploited by attackers. Similarly, authentication flaws can allow attackers to access user accounts and view or steal sensitive information.
Invalidated parameters and broken access control are among the most serious security vulnerabilities in today's Web applications, according to a list released today by the Open Web Application Security Project (OWASP).
In an attempt to aid developers' project planning and boost security for Web sites, dozens of leading application security experts have devised a top 10 list of the most significant problems with Web apps today. These flaws are far from new but remain serious threats to enterprises.
For starters, information from Web requests isn't being validated before being used by a Web application, a situation being actively exploited by attackers. Similarly, authentication flaws can allow attackers to access user accounts and view or steal sensitive information.
Friday, January 10, 2003
Group aims to strengthen Web services
A group of information technology companies published a specification Thursday designed to improve the reliability of business applications that use Web services.
WS-Reliability, if accepted as a standard and adopted by Web services providers, will let a company ensure that a message sent between two different applications is delivered reliably. For example, a company could send a purchase order to a supplier via a Web service and be guaranteed that the message was either successfully delivered and performed its function, or that the transmission failed.
A group of information technology companies published a specification Thursday designed to improve the reliability of business applications that use Web services.
WS-Reliability, if accepted as a standard and adopted by Web services providers, will let a company ensure that a message sent between two different applications is delivered reliably. For example, a company could send a purchase order to a supplier via a Web service and be guaranteed that the message was either successfully delivered and performed its function, or that the transmission failed.
Wednesday, January 08, 2003
E-Evidence Info
Welcome to the E-Evidence Information and Resource site. Within these pages, you will find a compilation of links to material related to all aspects of Digital Forensics and Electronic Evidence.
This site is a 'side effect' of my research and learning process conducted in connection with my position as Project Manager at the Computer Forensic Research and Development Center at Utica College, and in my ongoing search to find timely material to present to the students enrolled in the Computer Forensic course that I have been teaching here at Utica College.
I had found few sites providing more than a handful of resources, or links to other sites that may contain such material (see 'Links to Links' for a compilation of other such sites). So, I have decided to share this compilation of resources with the Digital Forensics community.
Welcome to the E-Evidence Information and Resource site. Within these pages, you will find a compilation of links to material related to all aspects of Digital Forensics and Electronic Evidence.
This site is a 'side effect' of my research and learning process conducted in connection with my position as Project Manager at the Computer Forensic Research and Development Center at Utica College, and in my ongoing search to find timely material to present to the students enrolled in the Computer Forensic course that I have been teaching here at Utica College.
I had found few sites providing more than a handful of resources, or links to other sites that may contain such material (see 'Links to Links' for a compilation of other such sites). So, I have decided to share this compilation of resources with the Digital Forensics community.
Tuesday, January 07, 2003
Flaw Found in Ethernet Device Drivers
Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks.
According to the IEEE's Ethernet standard, packets transmitted on an Ethernet network should be a minimum of 46 bytes. If, as sometimes happens with protocols such as IP, a higher layer protocol requires less than 46 bytes, the Ethernet frames are supposed to be padded with null data. However, researchers at @stake Inc., in Cambridge, Mass., have discovered that many drivers instead pad packets with data from previously transmitted Ethernet frames.
Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks.
According to the IEEE's Ethernet standard, packets transmitted on an Ethernet network should be a minimum of 46 bytes. If, as sometimes happens with protocols such as IP, a higher layer protocol requires less than 46 bytes, the Ethernet frames are supposed to be padded with null data. However, researchers at @stake Inc., in Cambridge, Mass., have discovered that many drivers instead pad packets with data from previously transmitted Ethernet frames.
Monday, January 06, 2003
LogAnalysis.Org
Loganalysis.org is a volunteer not-for-profit organization devoted to furthering the state of the art in computer systems log analysis through dissemination of information and sharing of resources.
The work on this site is based on tbird's log analysis page that has been a work-in-progress for a number of years. Marcus Ranum expanded it into a full-blown website. Today the information on loganalysis.org is managed by tbird and Marcus as a community resource.
Loganalysis.org is a volunteer not-for-profit organization devoted to furthering the state of the art in computer systems log analysis through dissemination of information and sharing of resources.
The work on this site is based on tbird's log analysis page that has been a work-in-progress for a number of years. Marcus Ranum expanded it into a full-blown website. Today the information on loganalysis.org is managed by tbird and Marcus as a community resource.
Sunday, January 05, 2003
rpat - Realtime Proxy Abuse Triangulation
A customer in the web hosting business was experiencing repeated attempts at password guessing for a subscription site on his servers. The source IP addresses were scattered all over the world, and a bit of investigation showed that they were unrelated anonymous web proxies: clearly the perpetrator was trying to avoid detection.
He had methods to detect hacked accounts, so in practice this wasn't impacting his business too much, but it was an annoyance nevertheless. He asked me to investigate.
A customer in the web hosting business was experiencing repeated attempts at password guessing for a subscription site on his servers. The source IP addresses were scattered all over the world, and a bit of investigation showed that they were unrelated anonymous web proxies: clearly the perpetrator was trying to avoid detection.
He had methods to detect hacked accounts, so in practice this wasn't impacting his business too much, but it was an annoyance nevertheless. He asked me to investigate.
Friday, January 03, 2003
File Signature Database
This is the first release of the File Signature Database, designed to assist examiners primarily for the process of searching unallocated space. With the ever growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for use on the majority of the leading forensic computing tools.
This is the first release of the File Signature Database, designed to assist examiners primarily for the process of searching unallocated space. With the ever growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for use on the majority of the leading forensic computing tools.
Thursday, January 02, 2003
F.A.C.T.
The Forensic Association of Computer Technologists was formed in 1993 as a not-for-profit association for the purpose of training law enforcement in the scientific techniques of examining computers. The association originates from Des Moines, Iowa, and holds annual training conferences that provide introductory and advanced instruction in the areas of computer forensics.
F.A.C.T. is made up primarily of law enforcement personnel from federal, state, and local agencies from around the United States. Membership is available to those involved in corporate security for companies which support law enforcement goals.
The Forensic Association of Computer Technologists was formed in 1993 as a not-for-profit association for the purpose of training law enforcement in the scientific techniques of examining computers. The association originates from Des Moines, Iowa, and holds annual training conferences that provide introductory and advanced instruction in the areas of computer forensics.
F.A.C.T. is made up primarily of law enforcement personnel from federal, state, and local agencies from around the United States. Membership is available to those involved in corporate security for companies which support law enforcement goals.
PMDump
PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.
PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. This can be useful in a forensic investigation.
Burn-Eye
Teso has a program (“burn-eye”) that encrypts binaries, and it can be used with machine fingerprinting (virtual memory, routing table, partitioning, hostname) so it cannot be run on another machine.
Teso has a program (“burn-eye”) that encrypts binaries, and it can be used with machine fingerprinting (virtual memory, routing table, partitioning, hostname) so it cannot be run on another machine.
Digital Forensic Links
This is a growing list of [digital/cyber/computational] forensic related resources.
This is a growing list of [digital/cyber/computational] forensic related resources.
Anti-keylogger.com
Anti-keylogger™ for Microsoft® Windows® 95/98/ME/NT/2000/XP is the FIRST product of its kind in the world that can provide every computer with strong protection against most types of unauthorized activity monitoring software, both KNOWN and UNKNOWN.
Anti-keylogger™ is a program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide.Unlike the typical "antivirus" approach, it does not rely on pattern-matching, so it may work on new or unknown types of monitoring programs.
Our applications are the result of extensive mathematical research and modeling carried out by in-house specialists. They are based on operating principles common to all types of activity monitoring programs running under full range of Microsoft® Windows® operating systems.
Anti-keylogger™ for Microsoft® Windows® 95/98/ME/NT/2000/XP is the FIRST product of its kind in the world that can provide every computer with strong protection against most types of unauthorized activity monitoring software, both KNOWN and UNKNOWN.
Anti-keylogger™ is a program designed to combat against various types of intrusion and monitoring programs currently in use or presently being developed worldwide.Unlike the typical "antivirus" approach, it does not rely on pattern-matching, so it may work on new or unknown types of monitoring programs.
Our applications are the result of extensive mathematical research and modeling carried out by in-house specialists. They are based on operating principles common to all types of activity monitoring programs running under full range of Microsoft® Windows® operating systems.
Using Linux, VMware and SMART to create a virtual computer to recreate a suspect's computer
An interesting whitepaper on some of SMART's acquisition options.
An interesting whitepaper on some of SMART's acquisition options.
MS Exchange Server Security
Microsoft Exchange Server runs on Windows NT Server platform and is using Windows NT security features. In addition to this it is using a custom mechanism to control access to its MAPI public folders. Also, Exchange offers advanced security on top it by providing means of encryption and digital signatures for messages. These advanced features require installation of Key Management Server (can be installed from Microsoft Exchange Server CD). It provides its features to end users via Exchange client programs such as Outlook. Key Management Server does not expose any documented API. Because of this it will not be discussed here, as well as advanced security features offered through it.
When describing Exchange server security the following topics need to be addressed:
How logon to Exchange server is secured? What exactly protects user's mailboxes against attacks?
How the Directory is protected? How can one observe and change security attributes associated with Directory objects?
How access to public folders is controlled?
Microsoft Exchange Server runs on Windows NT Server platform and is using Windows NT security features. In addition to this it is using a custom mechanism to control access to its MAPI public folders. Also, Exchange offers advanced security on top it by providing means of encryption and digital signatures for messages. These advanced features require installation of Key Management Server (can be installed from Microsoft Exchange Server CD). It provides its features to end users via Exchange client programs such as Outlook. Key Management Server does not expose any documented API. Because of this it will not be discussed here, as well as advanced security features offered through it.
When describing Exchange server security the following topics need to be addressed:
How logon to Exchange server is secured? What exactly protects user's mailboxes against attacks?
How the Directory is protected? How can one observe and change security attributes associated with Directory objects?
How access to public folders is controlled?
Windows XP Baseline Security Checklists
These checklists outline the steps you should take to reach a baseline of security with Windows XP Home Edition and Windows XP Professional computers, either on their own or as part of a Windows NT or Windows 2000 domain.
These checklists outline the steps you should take to reach a baseline of security with Windows XP Home Edition and Windows XP Professional computers, either on their own or as part of a Windows NT or Windows 2000 domain.
Windows XP Security Checklist
Although Windows XP Professional is built on the Windows 2000 kernel, there are significant differences between the operating systems - especially when it comes to security. This checklist is partially based on our popular Windows 2000 security checklist and covers both Windows XP Professional and XP Home Edition. Unfortunately, Windows XP Home Edition doesn't have all of the security features of XP Professional, so not all of the options are available for both versions. If you're concerned about your data, we strongly recommend upgrading to XP Professional as soon as possible. When implementing these recommendations, keep in mind that there is a trade off between increased security levels and usability for any Operating System. To help you decide how much security you need, we've divided the checklist into Basic, Intermediate, and Advanced Security options. You should assess your potential security risks, determine the value of your data, and balance your needs accordingly.
Although Windows XP Professional is built on the Windows 2000 kernel, there are significant differences between the operating systems - especially when it comes to security. This checklist is partially based on our popular Windows 2000 security checklist and covers both Windows XP Professional and XP Home Edition. Unfortunately, Windows XP Home Edition doesn't have all of the security features of XP Professional, so not all of the options are available for both versions. If you're concerned about your data, we strongly recommend upgrading to XP Professional as soon as possible. When implementing these recommendations, keep in mind that there is a trade off between increased security levels and usability for any Operating System. To help you decide how much security you need, we've divided the checklist into Basic, Intermediate, and Advanced Security options. You should assess your potential security risks, determine the value of your data, and balance your needs accordingly.
Friday, December 13, 2002
How to setup a Linux Router/Firewall
Following up on our Windows ICS article, we look at setting up a Linux router/firewall. It'll allow you to share your Internet connection and provide some protection to your home network.
Following up on our Windows ICS article, we look at setting up a Linux router/firewall. It'll allow you to share your Internet connection and provide some protection to your home network.
Microsoft Security Tools and Checklists
Computer security over the Internet is a worldwide concern fundamental to the way we live and do business. To help ensure this security, Microsoft is mobilizing its people and resources in the Microsoft Strategic Technology Protection Program, which integrates products, services, and support.
Computer security over the Internet is a worldwide concern fundamental to the way we live and do business. To help ensure this security, Microsoft is mobilizing its people and resources in the Microsoft Strategic Technology Protection Program, which integrates products, services, and support.
Thursday, December 12, 2002
Lepton's Crack
Lepton's Crack can crack:
* Notes/Domino HTTP passwords (only Release 4, not the new ones used in
R5/6)
* pure MD4
* pure MD5
* NT hashes (MD4/Unicode)
Using either:
* dictionary attack
* "intelligent permutations" on dictionary words attack
* "login mode" attack, that tries userID, userIDuserID, etc., as the
password
Lepton's Crack can crack:
* Notes/Domino HTTP passwords (only Release 4, not the new ones used in
R5/6)
* pure MD4
* pure MD5
* NT hashes (MD4/Unicode)
Using either:
* dictionary attack
* "intelligent permutations" on dictionary words attack
* "login mode" attack, that tries userID, userIDuserID, etc., as the
password
Black Ops of TCP/IP: Paketto Keiretsu 1.0 DoxPara Research is proud to announce the release of the Paketto Keiretsu, Version 1.0, for general use.
scanrand
Scanrand is a proof of concept, investigating stateless manipulation of the TCP Finite State Machine. It implements extremely fast and efficient port, host, and network trace scanning, and does so with two completely separate and disconnected processes -- one that sends queries, the other that receives responses and reconstructs the original message from the returned content. Security is maintained, in the sense that false results are difficult to forge, by embeddeding a cryptographic signature in the outgoing requests which must be detected in any received response. HMAC-SHA1, truncated to 32 bits, is used for this "Inverse SYN Cookie".
minewt
Minewt is a minimal "testbed" implementation of a stateful address translation gateway, rendered so entirely in userspace that not even the hardware addresses of the gateway correspond to what the kernel is operating against. Minewt implements what is common referred to as NAT, as well as a Doxpara-developed technique known as MAT. MAT, or MAC Address Translation, allows several backend hosts to share the same IP address, by dropping the static ARP cache and merging Layer 2 information into the NAT state table. Minewt's ability to manipulate MAC addresses also allows it to demonstrate Guerilla Multicast, which allows multiple hosts on the same subnet to receive a unicasted TCP/UDP datastream from the outside world. Minewt is not a firewall, and should not be treated as such.
lc
Linkcat(lc) attempts to do to Layer 2 (Ethernet) what Netcat(nc) does for Layer 4-7(TCP/UDP): Provide direct, bidirectional, streaming access to the network. Lib cap/tcpdump syntax filters may be specified in either direction, but no filtering is enabled by default. Two separate syntaxes are supported; one accepts and emits libpcap dump format(raw binary w/ a fixed size file header and a fixed size packet header), the other accepts and emits simple hex w/ backslash line continuation. Several other features are also implemented; specifically, early work involving the embedding of cryptographic shared- secret signatures in the Ethernet Trailer is demonstrated.
phentropy
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space. This process is reasonably straightforward: Take four numbers. Make X equal to the second number minus the first number. Make Y equal to the third number minus the second number. Then make Z equal to the last number minus the third number. Given the XYZ coordinate, draw a point. It turns out that many, many non-random datasets will have extraordinarily apparent regions in 3-space with increased density, reflecting common rates of change of the apparently random dataset. These regions are referred to as Strange Attractors, and can be used to predict future values from an otherwise random system.
paratrace
Paratrace traces the path between a client and a server, much like "traceroute", but with a major twist: Rather than iterate the TTLs of UDP, ICMP, or even TCP SYN packets, paratrace attaches itself to an existing, stateful- firewall-approved TCP flow, statelessly releasing as many TCP Keepalive messages as the software estimates the remote host is hop-distant. The resultant ICMP Time Exceeded replies are analyzed, with their original hopcount "tattooed" in the IPID field copied into the returned packets by so many helpful routers. Through this process, paratrace can trace a route without modulating a single byte of TCP/Layer 4, and thus delivers fully valid (if occasionally redundant) segments at Layer 4 -- segments generated by another process entirely.
scanrand
Scanrand is a proof of concept, investigating stateless manipulation of the TCP Finite State Machine. It implements extremely fast and efficient port, host, and network trace scanning, and does so with two completely separate and disconnected processes -- one that sends queries, the other that receives responses and reconstructs the original message from the returned content. Security is maintained, in the sense that false results are difficult to forge, by embeddeding a cryptographic signature in the outgoing requests which must be detected in any received response. HMAC-SHA1, truncated to 32 bits, is used for this "Inverse SYN Cookie".
minewt
Minewt is a minimal "testbed" implementation of a stateful address translation gateway, rendered so entirely in userspace that not even the hardware addresses of the gateway correspond to what the kernel is operating against. Minewt implements what is common referred to as NAT, as well as a Doxpara-developed technique known as MAT. MAT, or MAC Address Translation, allows several backend hosts to share the same IP address, by dropping the static ARP cache and merging Layer 2 information into the NAT state table. Minewt's ability to manipulate MAC addresses also allows it to demonstrate Guerilla Multicast, which allows multiple hosts on the same subnet to receive a unicasted TCP/UDP datastream from the outside world. Minewt is not a firewall, and should not be treated as such.
lc
Linkcat(lc) attempts to do to Layer 2 (Ethernet) what Netcat(nc) does for Layer 4-7(TCP/UDP): Provide direct, bidirectional, streaming access to the network. Lib cap/tcpdump syntax filters may be specified in either direction, but no filtering is enabled by default. Two separate syntaxes are supported; one accepts and emits libpcap dump format(raw binary w/ a fixed size file header and a fixed size packet header), the other accepts and emits simple hex w/ backslash line continuation. Several other features are also implemented; specifically, early work involving the embedding of cryptographic shared- secret signatures in the Ethernet Trailer is demonstrated.
phentropy
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space. This process is reasonably straightforward: Take four numbers. Make X equal to the second number minus the first number. Make Y equal to the third number minus the second number. Then make Z equal to the last number minus the third number. Given the XYZ coordinate, draw a point. It turns out that many, many non-random datasets will have extraordinarily apparent regions in 3-space with increased density, reflecting common rates of change of the apparently random dataset. These regions are referred to as Strange Attractors, and can be used to predict future values from an otherwise random system.
paratrace
Paratrace traces the path between a client and a server, much like "traceroute", but with a major twist: Rather than iterate the TTLs of UDP, ICMP, or even TCP SYN packets, paratrace attaches itself to an existing, stateful- firewall-approved TCP flow, statelessly releasing as many TCP Keepalive messages as the software estimates the remote host is hop-distant. The resultant ICMP Time Exceeded replies are analyzed, with their original hopcount "tattooed" in the IPID field copied into the returned packets by so many helpful routers. Through this process, paratrace can trace a route without modulating a single byte of TCP/Layer 4, and thus delivers fully valid (if occasionally redundant) segments at Layer 4 -- segments generated by another process entirely.
Friday, December 06, 2002
Burglars target 'out of office' emails
Thieves are using information contained in 'out of office' auto-reply emails and cross-referencing it with publicly available personal information to target empty houses.
Thieves are using information contained in 'out of office' auto-reply emails and cross-referencing it with publicly available personal information to target empty houses.
Thursday, December 05, 2002
Ethics in Data Mining and Cryptography
In recent years, computer science has become more of an applied science than a pure discipline. It is true that much of the driving force behind proliferation of computing devices is commercial. However, over-commercialization has begun cultivating products that give rise to ethical issues.
In this brief article, I shall mention two such areas which require our immediate attention in both making the public aware and warning the future researchers of the implications.
In recent years, computer science has become more of an applied science than a pure discipline. It is true that much of the driving force behind proliferation of computing devices is commercial. However, over-commercialization has begun cultivating products that give rise to ethical issues.
In this brief article, I shall mention two such areas which require our immediate attention in both making the public aware and warning the future researchers of the implications.
KisMAC, a wireless stumbler for MacOS X
KisMAC is a stumbler application for MacOS X, that puts your card into the monitor mode. For that purpose we are using the viha driver. Unlike other applications we are completely invisible and send no probe requests.
KisMAC is a stumbler application for MacOS X, that puts your card into the monitor mode. For that purpose we are using the viha driver. Unlike other applications we are completely invisible and send no probe requests.
Secure Interaction Design
Criticizing bad user interfaces is easy. Designing good ones is tough. The paper tries to give some new ideas on how to think about secure interaction design and some positive design suggestions, not just criticism. (I'm sure some readers will think the design principles are obvious. That's great; then the question is: why are they so often ignored in software and how can we improve? Others will disagree with the principles. That's great too; let's start talking about it, because this topic desperately needs more thought and attention!)
Criticizing bad user interfaces is easy. Designing good ones is tough. The paper tries to give some new ideas on how to think about secure interaction design and some positive design suggestions, not just criticism. (I'm sure some readers will think the design principles are obvious. That's great; then the question is: why are they so often ignored in software and how can we improve? Others will disagree with the principles. That's great too; let's start talking about it, because this topic desperately needs more thought and attention!)
IDE RAID round-up
AS IDE HARD DRIVE manufacturers squeeze more and more storage capacity onto new drives, they're hacking the warranty coverage for standard drives down to one year. You get more data to use, but manufacturers seem less and less willing to guarantee the integrity and safety of all those extra bytes. RAID can help you take back some of that reliability, but that's not all. A RAID array can also dramatically increase your overall hard disk performance. In some cases, IDE RAID can even offer you the best of both worlds: redundancy to protect against drive failure and better overall storage performance to pry open the bottleneck.
AS IDE HARD DRIVE manufacturers squeeze more and more storage capacity onto new drives, they're hacking the warranty coverage for standard drives down to one year. You get more data to use, but manufacturers seem less and less willing to guarantee the integrity and safety of all those extra bytes. RAID can help you take back some of that reliability, but that's not all. A RAID array can also dramatically increase your overall hard disk performance. In some cases, IDE RAID can even offer you the best of both worlds: redundancy to protect against drive failure and better overall storage performance to pry open the bottleneck.
Wednesday, December 04, 2002
DansGuardian - True Web Content Filtering for All
DansGuardian is a web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primay school might want but DansGuardian puts you in control of what you want to block.
DansGuardian is a web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primay school might want but DansGuardian puts you in control of what you want to block.
Tuesday, December 03, 2002
Forensicsweb Online Services List
The following list is updated about once a month and posted monthly. This list contains a variety of ISPs and similar information services, specifically, contacts at the legal departments for service of subpoenae, court orders, and search warrants.
The following list is updated about once a month and posted monthly. This list contains a variety of ISPs and similar information services, specifically, contacts at the legal departments for service of subpoenae, court orders, and search warrants.
Reptile
Reptile is a P2P (peer to peer) application designed to locate and filter the best news on the Internet. Reptile provides a distributed and decentralized mechanism to search, cache, subscribe, and publish news and other content. Reptile also provides an infrastructure for increasing information diversification and reducing censorship and bias.
Reptile is decentralized. No single point of failure should deny a user from quality news. To this end, we also to 'bind' across multiple network architectures. Reptile runs over the conventional "web" (HTTP) but also runs over more modern and distributed P2P architectures (JXTA).
Reptile is designed around a hybrid infrastructure which supports the advantages of both client/server and P2P systems. For example, one could run Reptile as a P2P system on a laptop. One could also run Reptile as a client/server application from a home computer and access it over SSL from a web browser from an outside location. Reptile also supports rendezvous nodes (supernodes) which bridge this functionality with the rest of the world. For example a major website can run a search request via a stable Reptile node running on a known host (AKA openprivacy.org).
Reptile is a P2P (peer to peer) application designed to locate and filter the best news on the Internet. Reptile provides a distributed and decentralized mechanism to search, cache, subscribe, and publish news and other content. Reptile also provides an infrastructure for increasing information diversification and reducing censorship and bias.
Reptile is decentralized. No single point of failure should deny a user from quality news. To this end, we also to 'bind' across multiple network architectures. Reptile runs over the conventional "web" (HTTP) but also runs over more modern and distributed P2P architectures (JXTA).
Reptile is designed around a hybrid infrastructure which supports the advantages of both client/server and P2P systems. For example, one could run Reptile as a P2P system on a laptop. One could also run Reptile as a client/server application from a home computer and access it over SSL from a web browser from an outside location. Reptile also supports rendezvous nodes (supernodes) which bridge this functionality with the rest of the world. For example a major website can run a search request via a stable Reptile node running on a known host (AKA openprivacy.org).
the Peekabooty Project
The goal of the Peekabooty Project is to create a product that can bypass the nation-wide censorship of the World Wide Web practiced by many countries.
The free, easy and quick exchange of information possible on the Internet is seen as a threat by governments in countries where a free press and freedom of expression are not considered to the parts of their people's rights. Such a government would have two options. The first would be to completely ban use of the Internet. This is an impractical measure, as it would close off that country to business opportunities and technological innovation. The preferred option is to make use of filtering computers and software - called firewalls in technological parlance - that make only those Web pages approved by the government available to their citizens.
In layperson's terms: firewalls act as intermediaries between users and the rest of the Internet. In countries where the Web is censored, the only way to access the Internet is through the firewalls. A user enters a URL - the address of a Web page - into his or her browser. This URL gets passed to the firewall, which checks to see if it is one of those banned by the government. If the URL is not on the list, the firewall forwards the request for the Web page and the contents of the page are relayed back to the user, who can then read it. If the URL is on the banned list the firewall refuses to forward the request and sends a page back to user2
The goal of the Peekabooty Project is to create a product that can bypass the nation-wide censorship of the World Wide Web practiced by many countries.
The free, easy and quick exchange of information possible on the Internet is seen as a threat by governments in countries where a free press and freedom of expression are not considered to the parts of their people's rights. Such a government would have two options. The first would be to completely ban use of the Internet. This is an impractical measure, as it would close off that country to business opportunities and technological innovation. The preferred option is to make use of filtering computers and software - called firewalls in technological parlance - that make only those Web pages approved by the government available to their citizens.
In layperson's terms: firewalls act as intermediaries between users and the rest of the Internet. In countries where the Web is censored, the only way to access the Internet is through the firewalls. A user enters a URL - the address of a Web page - into his or her browser. This URL gets passed to the firewall, which checks to see if it is one of those banned by the government. If the URL is not on the list, the firewall forwards the request for the Web page and the contents of the page are relayed back to the user, who can then read it. If the URL is on the banned list the firewall refuses to forward the request and sends a page back to user2
InvisibleNET - Invisibility is the best defense.
Invisible IRC Project is a three-tier, peer distributed network designed to be a secure and private transport medium for high speed, low volume, dynamic content.
Invisible IRC Project is a three-tier, peer distributed network designed to be a secure and private transport medium for high speed, low volume, dynamic content.
Hacker Log: Pathway to Successful Site Attack
A few fairly simple practices would have prevented my successful attack on eWeek's OpenHack site. The bottom line is that application security can be attained, but it must be consistently applied and methodically checked to be effective.
A few fairly simple practices would have prevented my successful attack on eWeek's OpenHack site. The bottom line is that application security can be attained, but it must be consistently applied and methodically checked to be effective.
Xinetd - Part 1
Xinetd is a secure, powerful and efficient replacement for the old Internet services daemons named inetd and tcp_wrappers. Xinetd can control denial-of-access attacks by providing access control mechanisms for all services based on the address of the remote client that wants to connect to the server as well as the ability to make services available based on time of access, extensive logging, and the ability to bind services to specific interfaces.
Xinetd is a secure, powerful and efficient replacement for the old Internet services daemons named inetd and tcp_wrappers. Xinetd can control denial-of-access attacks by providing access control mechanisms for all services based on the address of the remote client that wants to connect to the server as well as the ability to make services available based on time of access, extensive logging, and the ability to bind services to specific interfaces.
Schneier: No "magic security dust"
Tech entrepreneur Bruce Schneier is one of America's best-known computer security experts. His testimony before Congress helped defeat legal restrictions on cryptography sought by the FBI and the National Security Agency when an appellate court ruled in 1999 that crypto algorithms were a form of speech covered by the First Amendment.
Tech entrepreneur Bruce Schneier is one of America's best-known computer security experts. His testimony before Congress helped defeat legal restrictions on cryptography sought by the FBI and the National Security Agency when an appellate court ruled in 1999 that crypto algorithms were a form of speech covered by the First Amendment.
Friday, November 29, 2002
SQL Injection and Oracle, Part Two
This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment offered an overview of SQL injection and looked at how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at enumerating the privileges, detecting SQL injection attacks, and protecting against SQL injection.
This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment offered an overview of SQL injection and looked at how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at enumerating the privileges, detecting SQL injection attacks, and protecting against SQL injection.
Thursday, November 28, 2002
Secure Programming with .NET
At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. However, with all the concerns regarding security and privacy of data, many individuals and companies are reluctant to connect their business systems and place their data in reach of hackers thousands of miles away. Microsoft understands the challenges and concerns facing early adopters of their technology, and has made security one of their top priorities. The fundamental pillar for building applications is the security surrounding the .NET framework and the security services it provides. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.
At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. However, with all the concerns regarding security and privacy of data, many individuals and companies are reluctant to connect their business systems and place their data in reach of hackers thousands of miles away. Microsoft understands the challenges and concerns facing early adopters of their technology, and has made security one of their top priorities. The fundamental pillar for building applications is the security surrounding the .NET framework and the security services it provides. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.
The Open Web Application Security Project
The Open Web Application Security Project (OWASP) is an Open Source community project staffed entirely by volunteers from across the world. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services. Much of the work is driven by discussions on the Web Application Security list at SecurityFocus.com. All software and documentation is released under the GNU public licenses.
The Open Web Application Security Project (OWASP) is an Open Source community project staffed entirely by volunteers from across the world. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services. Much of the work is driven by discussions on the Web Application Security list at SecurityFocus.com. All software and documentation is released under the GNU public licenses.
CodeSeeker
So what is CodeSeeker ? It is an application level Firewall and Intrusion Detection System, written in Java and C/C and runs on Windows NT, Solaris and Linux (beta). It intercepts HTTP traffic off the TCP/IP stack (immediately after its been decrypted by SSL if its HTTPS), and applies a set of security rules to determine if the traffic is legitimate or malicious. CodeSeeker can either sit in a passive mode simply alerting your console of attacks (IDS) or in an active mode blocking traffic (firewall).
So what is CodeSeeker ? It is an application level Firewall and Intrusion Detection System, written in Java and C/C and runs on Windows NT, Solaris and Linux (beta). It intercepts HTTP traffic off the TCP/IP stack (immediately after its been decrypted by SSL if its HTTPS), and applies a set of security rules to determine if the traffic is legitimate or malicious. CodeSeeker can either sit in a passive mode simply alerting your console of attacks (IDS) or in an active mode blocking traffic (firewall).
Butterfly Security Releases CodeSeeker as Open Source
Butterfly Security released CodeSeeker as open source through the
Open Web Application Security Project (OWASP). CodeSeeker is a Web application firewall and Intrusion Detection System (IDS) tool that
runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
Butterfly Security released CodeSeeker as open source through the
Open Web Application Security Project (OWASP). CodeSeeker is a Web application firewall and Intrusion Detection System (IDS) tool that
runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
Wednesday, November 27, 2002
Location, location, location-based services
Studies by industry analysts forecast even greater demand for wireless and mobile devices, creating substantial opportunities for wireless device application and service providers. Faced with an increasingly difficult challenge in raising both average revenue per user (ARPU) and numbers of subscribers, wireless carriers and their partners are developing a host of new products, services, and business models based on data services. We'll have a look at location-based services and how they boost both service and revenue.
Studies by industry analysts forecast even greater demand for wireless and mobile devices, creating substantial opportunities for wireless device application and service providers. Faced with an increasingly difficult challenge in raising both average revenue per user (ARPU) and numbers of subscribers, wireless carriers and their partners are developing a host of new products, services, and business models based on data services. We'll have a look at location-based services and how they boost both service and revenue.
ngSniff
Some time ago, NGSEC released a command line sniffer for win2k or higher (no packet driver requeired). It was developed for penetration tests once you have access for a cmd.exe shell.
Some time ago, NGSEC released a command line sniffer for win2k or higher (no packet driver requeired). It was developed for penetration tests once you have access for a cmd.exe shell.
Kyle's Instruction on MAC Spoofing in Windows 2000 and XP
Can you really change (Spoof) the MAC address in a Windows 2000 or XP system? YES (Almost all of them, whether Manufacturers allow it or not!).
Can you really change (Spoof) the MAC address in a Windows 2000 or XP system? YES (Almost all of them, whether Manufacturers allow it or not!).
Packet Excalibur
It is a multi-platform graphical and scriptable network packet engine with extensible text based protocol descriptions.
In short this is a network tool to built and receive custom packets.
With Packet Excalibur you will be able :
to decide packet attributes from physical layer to the top,
to sniff and spoof packets (packet generator) in a single interface,
to build scripts in the gui,
to define additional protocols in simple text files.
It is a multi-platform graphical and scriptable network packet engine with extensible text based protocol descriptions.
In short this is a network tool to built and receive custom packets.
With Packet Excalibur you will be able :
to decide packet attributes from physical layer to the top,
to sniff and spoof packets (packet generator) in a single interface,
to build scripts in the gui,
to define additional protocols in simple text files.
Transparent Cryptographic File System
Secure file sharing' is a kernel service to help user applications in sharing secure files among a group of users. Each file is given a unique file_id and a user chosen level by means of which users can choose to forbid or to permit access to it.
Secure file sharing' is a kernel service to help user applications in sharing secure files among a group of users. Each file is given a unique file_id and a user chosen level by means of which users can choose to forbid or to permit access to it.
Monday, November 25, 2002
National Institute of Justice - Technology Programs
NIJ Sponsors technology research, development, assessment, and implementation to improve public safety.
NIJ Sponsors technology research, development, assessment, and implementation to improve public safety.
Thursday, November 21, 2002
Tuesday, November 19, 2002
Inside OE
Inside Outlook Express is a source of technical information, help and tips for users of Microsoft Outlook Express® for Windows, versions 5, 5.01, 5.5 and 6. All articles are valid for all these versions unless otherwise stated.
Inside Outlook Express is a source of technical information, help and tips for users of Microsoft Outlook Express® for Windows, versions 5, 5.01, 5.5 and 6. All articles are valid for all these versions unless otherwise stated.
The Unofficial 802.11 Security Web Page
Lots of people are interested in IEEE 802.11 security nowadays. Given that level of interest, there's a need for accurate information on how the current standards work, what's wrong with them, and the current thinking on how to fix the problems. This page tries to gather relevant papers and standards in a single place.
Lots of people are interested in IEEE 802.11 security nowadays. Given that level of interest, there's a need for accurate information on how the current standards work, what's wrong with them, and the current thinking on how to fix the problems. This page tries to gather relevant papers and standards in a single place.
CRAZYTRAIN.COM
For your reference, my little nook on the Internet will house information pertaining to the Information Security arena, with a few other tidbits here and there.
For your reference, my little nook on the Internet will house information pertaining to the Information Security arena, with a few other tidbits here and there.
Saturday, November 16, 2002
When firewalls and intrusion detection just aren't
Firewalls alone are not enough to thwart today's more sophisticated range of attacks, while Intrusion Detection Systems detect and record attacks, but do not block them. AV products, properly updated, can help protect against malicious code but are necessarily limited in their scope.
So enterprises and telecoms operators face a security gap which vendors are trying to plug with a fresh breed of security appliances, dubbed Intrusion Prevention Systems (IPS).
Into this arena comes Top Layer Networks, which is extending its line of appliances that guard against Denial of Service attacks to provide in-line protection against a wider range of Internet attacks. Top Layer's high speed ASIC-based appliances have impressed in tests on their effectiveness against DoS attacks so its entry into what is becoming a crowded marketplace is nonetheless significant.
Firewalls alone are not enough to thwart today's more sophisticated range of attacks, while Intrusion Detection Systems detect and record attacks, but do not block them. AV products, properly updated, can help protect against malicious code but are necessarily limited in their scope.
So enterprises and telecoms operators face a security gap which vendors are trying to plug with a fresh breed of security appliances, dubbed Intrusion Prevention Systems (IPS).
Into this arena comes Top Layer Networks, which is extending its line of appliances that guard against Denial of Service attacks to provide in-line protection against a wider range of Internet attacks. Top Layer's high speed ASIC-based appliances have impressed in tests on their effectiveness against DoS attacks so its entry into what is becoming a crowded marketplace is nonetheless significant.
Wi-Fi Encryption Fix Not Perfect
The biggest security risk for "Wi-Fi" wireless Internet networks is that users sometimes fail to turn on their encryption software.
But even the responsible ones who use the encryption program -- Wired Equivalent Privacy -- aren't immune to malicious attacks.
A growing trend on the streets of Manhattan are WarDrivers who break into wireless networks for fun. A professional hacker or anyone with significant programming knowledge can hack through WEP and even steal data off the network.
"WEP provides a level of security too low for me to take seriously," said Niels Ferguson, a cryptography consultant in Amsterdam who helped come up with an alternative encryption to WEP.
The WEP replacement, Wi-Fi Protected Access, adopts a more rigorous standard for authenticating users in order to eliminate the former's security flaws.
However, WPA comes with its own set of problems: denial of service attacks that can shut down the network and leave people without wireless Internet access.
Ferguson said that all wireless protocols are susceptible to DoS attacks, but WPA "is subject to all of them plus one extra type of DoS attack."
The biggest security risk for "Wi-Fi" wireless Internet networks is that users sometimes fail to turn on their encryption software.
But even the responsible ones who use the encryption program -- Wired Equivalent Privacy -- aren't immune to malicious attacks.
A growing trend on the streets of Manhattan are WarDrivers who break into wireless networks for fun. A professional hacker or anyone with significant programming knowledge can hack through WEP and even steal data off the network.
"WEP provides a level of security too low for me to take seriously," said Niels Ferguson, a cryptography consultant in Amsterdam who helped come up with an alternative encryption to WEP.
The WEP replacement, Wi-Fi Protected Access, adopts a more rigorous standard for authenticating users in order to eliminate the former's security flaws.
However, WPA comes with its own set of problems: denial of service attacks that can shut down the network and leave people without wireless Internet access.
Ferguson said that all wireless protocols are susceptible to DoS attacks, but WPA "is subject to all of them plus one extra type of DoS attack."
The Peon's Guide To Secure System Development
Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems. Enjoy.
Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion. The author feels that a step toward washing himself clean of responsibility is by writing this document. Checking your memcpy() and malloc() calls have been lectured to death. It's not working. The approach used by this document is to instead shame developers into producing better systems. Enjoy.
Thursday, November 14, 2002
WLAN
Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic.
Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic.
Wednesday, November 13, 2002
SecNet11 -- Secure Wireless Local Area Network
Harris Corporation provides a revolutionary Type 1 encrypted Secure Wireless LAN (SWLAN) solution that allows COMSEC-approved government agencies to rapidly communicate multimedia information (data, voice, and video) in a secure environment.
The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN.
Harris Corporation provides a revolutionary Type 1 encrypted Secure Wireless LAN (SWLAN) solution that allows COMSEC-approved government agencies to rapidly communicate multimedia information (data, voice, and video) in a secure environment.
The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN.
Monday, November 11, 2002
Forensic Acquisition Utilities
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
Using the Java Cryptography Extension in WebSphere Studio Application Developer 4.03
This article also provides step-by-step instructions and help with the Java™ Cryptography Extension (JCE), which is a set of packages that provides a framework and implementation for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. JCE also supports secure streams and sealed objects.
This article also provides step-by-step instructions and help with the Java™ Cryptography Extension (JCE), which is a set of packages that provides a framework and implementation for encryption, key generation, key agreement, and Message Authentication Code (MAC) algorithms. JCE also supports secure streams and sealed objects.
Subscribe to:
Posts (Atom)
