Night Vision Equipment Company
Night Vision Equipment Company (NVEC),
a privately held company, has been a leader in the development of specialized night vision devices for over two decades. Our specialty products enjoy wide acceptance in numerous special operations organizations in the United States and abroad
Tuesday, February 12, 2002
BXDR
A DOS based application that simply lists the Geometry of any attached hard disk drives using standard BIOS calls, Extended BIOS calls and Direct Disk access (ATA) calls.
One of the more interesting features of BXDR and Direct Access calls is that it is possible to set the maximum addressable sector to an arbitary value. Future reads of the disk will then report the maximum sector to be the new value. This command can be (and via BXDR is) non-volatile - i.e. the limit will remain until reset with a subsequent command.
From a forensic viewpoint this command can defeat most modern imaging systems. To test it I performed the following test.
I took an 80GB hard disk drive and using BXDR set the max addressable sector to 999999 (1,000,000 sectors) approx 5GB. (BXDR 128 /s999999)
Removed the hard disk drive and placed it into a second machine
Attempted to image with SafeBack (using BIOS, XBIOS and Direct Access) and with Encase (DOS and FastBloc).
Both SafeBack and Encase reported the drive as a 5GB device.
I then ran BXDR to reset the max addressible sector to the maximum native addressable sector (BXDR 128 /r)
SafeBack and Encase could subsequently see the full drive.
A DOS based application that simply lists the Geometry of any attached hard disk drives using standard BIOS calls, Extended BIOS calls and Direct Disk access (ATA) calls.
One of the more interesting features of BXDR and Direct Access calls is that it is possible to set the maximum addressable sector to an arbitary value. Future reads of the disk will then report the maximum sector to be the new value. This command can be (and via BXDR is) non-volatile - i.e. the limit will remain until reset with a subsequent command.
From a forensic viewpoint this command can defeat most modern imaging systems. To test it I performed the following test.
I took an 80GB hard disk drive and using BXDR set the max addressable sector to 999999 (1,000,000 sectors) approx 5GB. (BXDR 128 /s999999)
Removed the hard disk drive and placed it into a second machine
Attempted to image with SafeBack (using BIOS, XBIOS and Direct Access) and with Encase (DOS and FastBloc).
Both SafeBack and Encase reported the drive as a 5GB device.
I then ran BXDR to reset the max addressible sector to the maximum native addressable sector (BXDR 128 /r)
SafeBack and Encase could subsequently see the full drive.
Monday, February 11, 2002
Introduction to Computer and Network Security
This page contains the table of contents for a book I'm working on, to be published by Prentice Hall. It also contains links to draft versions of several chapters and to lectures (foils) from courses I gave based on the draft book in Tel Aviv University and in the Interdisciplinary Center. The material is copyrighted, but you are encouraged to use it for personal or educational purposes (if you plan to give a course using this material, please let me know). My goal is to create a textbook which can be used for introductory courses in cryptography, secure communication and secure commerce.
This page contains the table of contents for a book I'm working on, to be published by Prentice Hall. It also contains links to draft versions of several chapters and to lectures (foils) from courses I gave based on the draft book in Tel Aviv University and in the Interdisciplinary Center. The material is copyrighted, but you are encouraged to use it for personal or educational purposes (if you plan to give a course using this material, please let me know). My goal is to create a textbook which can be used for introductory courses in cryptography, secure communication and secure commerce.
Networks and Netwars: The Future of Terror, Crime, and Militancy
The fight for the future is not between the armies of leading states, nor are its weapons those of traditional armed forces. Rather, the combatants come from bomb-making terrorist groups like Osama bin Laden's al-Qaeda, or drug smuggling cartels like those in Colombia and Mexico. On the positive side are civil-society activists fighting for the environment, democracy and human rights. What all have in common is that they operate in small, dispersed units that can deploy anywhere, anytime to penetrate and disrupt. They all feature network forms of organization, doctrine, strategy, and technology attuned to the information age. And, from the Intifadah to the drug war, they are proving very hard to beat.
Friday, February 08, 2002
ABI- CODER
This free file encryption software uses a 448 bit Blowfish and 168 bit 3DES encryption algorithms. ABI- CODER allows you to encrypt files and folders with just a click of the mouse. ABI- CODER also allows you to create self-decrypting files that allow you to send or transfer encrypted files to people that do not have our software installed on their computers. ABI- CODER is extremely easy to use. It even changes the icons of encrypted files allowing you to easily see which files are secured. The best part is that ABI- CODER is FREE- No Cost, No Nags, No Limits.
This free file encryption software uses a 448 bit Blowfish and 168 bit 3DES encryption algorithms. ABI- CODER allows you to encrypt files and folders with just a click of the mouse. ABI- CODER also allows you to create self-decrypting files that allow you to send or transfer encrypted files to people that do not have our software installed on their computers. ABI- CODER is extremely easy to use. It even changes the icons of encrypted files allowing you to easily see which files are secured. The best part is that ABI- CODER is FREE- No Cost, No Nags, No Limits.
Internet anonymity for Windows power users Our previous article, "Do-it-yourself Internet anonymity" was targeted towards average Windows users. It generated a startling number of e-mail requests for some advanced tactics, which I'm happy to supply. However, power user or not, I'd recommend at least skimming the earlier article if you haven't read it, just to ensure that you're not forgetting something obvious and useful. I'm not going to re-cap much of it here.
Thursday, February 07, 2002
Microsoft's Really Hidden Files: A New Look At Forensics
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments) And believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments) And believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
Wednesday, February 06, 2002
Australasian Information Security Evaluation Program
The products in the following section have been accepted into the Australasian Information Security Evaluation Program (AISEP) run by the Defence Signals Directorate. The AISEP is a commercial program in which evaluations are performed by licensed commercial facilities, known as AISEFs (Australasian Information Security Evaluation Facilities).
While there is no guarantee that products in the following section will complete evaluation successfully, acceptance into the program indicates that both the AISEF performing the evaluation and DSD believe that the product has a reasonable likelihood of meeting the requirements of the target evaluation level.
Monday, February 04, 2002
Wednesday, January 30, 2002
The Computer Security Institute
Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
Explosive Possibilities for Silicon
Still, the most intriguing aspect of the research is the ability to blow up the same material that powers computers and other devices using a small electrical charge. "Now, you can program a chip to self-destruct," Sailor said. "There's no firing pin, just a little current that runs through the part of the chip that has the explosive in it."
Still, the most intriguing aspect of the research is the ability to blow up the same material that powers computers and other devices using a small electrical charge. "Now, you can program a chip to self-destruct," Sailor said. "There's no firing pin, just a little current that runs through the part of the chip that has the explosive in it."
Tuesday, January 29, 2002
Biological Network Security
A recent article on securityfocus.com discusses the future of Intrusion detection, and how it may include a central management center where intrusion alerts are reported for greater analysis. This is the first step towards a biological network. What better way to handle security on a living-breathing and highly complex network than by modeling it after the evolution of biological systems?
A recent article on securityfocus.com discusses the future of Intrusion detection, and how it may include a central management center where intrusion alerts are reported for greater analysis. This is the first step towards a biological network. What better way to handle security on a living-breathing and highly complex network than by modeling it after the evolution of biological systems?
Thursday, January 24, 2002
Secret Service's Little-Known Role: Protecting Citizens as Well as Leaders It may surprise readers to learn that the United States Secret Service is actively engaged in the fight against Internet crime and computer-based fraud.
If asked what they know of the Secret Service, most Americans would likely point to the special agent with the sunglasses and earpiece standing behind the president. They would not imagine that many of those same agents who protect our highest elected leaders are also responsible for protecting consumers against criminal activity on the Internet.
Although the Secret Service has had the statutory responsibility for protecting the president, vice president and other designated officials since 1901, the origins of the Secret Service actually date back to 1865. We were created as a small bureau in the Department of the Treasury to suppress widespread counterfeiting during a time of financial crisis in our country.
Over the years this investigative mission has evolved into a statutory mandate to protect our nation's banking and financial infrastructure. While the Secret Service remains the lead federal agency for investigating counterfeit scams, our investigative jurisdiction has expanded to include credit card fraud, identity theft, bank fraud and telecommunications fraud. Congress has authorized us to protect the president, but it has also authorized us to protect your pocketbook.
As much as the PC has revolutionized our economy and our culture, it has also become the gateway into a new dimension of criminal activity where consumer protections are few and sophisticated methods to steal and defraud are many.
If asked what they know of the Secret Service, most Americans would likely point to the special agent with the sunglasses and earpiece standing behind the president. They would not imagine that many of those same agents who protect our highest elected leaders are also responsible for protecting consumers against criminal activity on the Internet.
Although the Secret Service has had the statutory responsibility for protecting the president, vice president and other designated officials since 1901, the origins of the Secret Service actually date back to 1865. We were created as a small bureau in the Department of the Treasury to suppress widespread counterfeiting during a time of financial crisis in our country.
Over the years this investigative mission has evolved into a statutory mandate to protect our nation's banking and financial infrastructure. While the Secret Service remains the lead federal agency for investigating counterfeit scams, our investigative jurisdiction has expanded to include credit card fraud, identity theft, bank fraud and telecommunications fraud. Congress has authorized us to protect the president, but it has also authorized us to protect your pocketbook.
As much as the PC has revolutionized our economy and our culture, it has also become the gateway into a new dimension of criminal activity where consumer protections are few and sophisticated methods to steal and defraud are many.
Information Security URLography
Inforensics: Information Forensics, Reconstructions & Recovery:
the application of forensic techniques to investigate crimes involving, either directly or indirectly, information, computer and/or communication technology.
Inforensics: Information Forensics, Reconstructions & Recovery:
the application of forensic techniques to investigate crimes involving, either directly or indirectly, information, computer and/or communication technology.
ENCRYPTION SOFTWARE with forensic software countermeasures
Forensic software exploits Windows® security leaks for computer evidence recovery and for electronic discovery in litigation. This is usually the real method by which "the suspect's encryption was cracked." It's also commercially available to industrial spies and criminals, who use it to defeat hard drive data encryption by side channel attacks.
Most e-mail encryption software (such as PGP®) is vulnerable to forensic software attacks, if (mis-)used to encrypt files for secure storage rather than for transmission. Most "Windows® encryption software" has no forensic software countermeasures, making the strength of their ciphers (encryption algorithms) or key-sizes irrelevant .
If you're concerned about practicing due diligence in protecting sensitive information, but you're forced to keep it on a Windows® PC, perhaps we can help. We supply standards-compliant cryptosystems with forensic software countermeasures, specifically designed to protect sensitive data on Windows® PCs and laptops.
Forensic software exploits Windows® security leaks for computer evidence recovery and for electronic discovery in litigation. This is usually the real method by which "the suspect's encryption was cracked." It's also commercially available to industrial spies and criminals, who use it to defeat hard drive data encryption by side channel attacks.
Most e-mail encryption software (such as PGP®) is vulnerable to forensic software attacks, if (mis-)used to encrypt files for secure storage rather than for transmission. Most "Windows® encryption software" has no forensic software countermeasures, making the strength of their ciphers (encryption algorithms) or key-sizes irrelevant .
If you're concerned about practicing due diligence in protecting sensitive information, but you're forced to keep it on a Windows® PC, perhaps we can help. We supply standards-compliant cryptosystems with forensic software countermeasures, specifically designed to protect sensitive data on Windows® PCs and laptops.
PGP creator: Surveillance must be curbed
Phil Zimmermann, the creator of the Pretty Good Privacy encryption tool, says that widespread surveillance is leading us into an Orwellian future
Phil Zimmermann, creator of Pretty Good Privacy encryption -- better known as PGP -- was in Italy this week for the InfoSecurity conference. ZDNet Italy caught up with him to discuss the technical, social and politic implications of his encryption tool.
Phil Zimmermann, the creator of the Pretty Good Privacy encryption tool, says that widespread surveillance is leading us into an Orwellian future
Phil Zimmermann, creator of Pretty Good Privacy encryption -- better known as PGP -- was in Italy this week for the InfoSecurity conference. ZDNet Italy caught up with him to discuss the technical, social and politic implications of his encryption tool.
Tuesday, January 22, 2002
Inside Encrypting File System, Part 1
Securing a computer system entails employing measures that protect the computer's data from viewing or manipulation by unauthorized users. Security measures at the network interface prevent intruders from gaining entry to the computer, and file-system security prevents the computer's authorized users from accessing data they're not supposed to access. However, a computer that is isolated from the Internet behind a firewall and that has stringent file-system security policies in place remains unsecured if no strategy exists to guard the computer's physical security. If unauthorized users have physical access to a computer, they can remove the computer's hard disks and perform offline analysis of the disks' data. When users can view a hard disk's contents on a different computer, file-system security (e.g., the kind NTFS ACLs provide on Windows NT or Windows 2000— Win2K—systems) is of no value. This problem is especially acute for laptop computers because two NTFS file-system drivers that ignore NTFS security—NTFSDOS and an NTFS driver for Linux—let even casual thieves easily view NTFS files.
Securing a computer system entails employing measures that protect the computer's data from viewing or manipulation by unauthorized users. Security measures at the network interface prevent intruders from gaining entry to the computer, and file-system security prevents the computer's authorized users from accessing data they're not supposed to access. However, a computer that is isolated from the Internet behind a firewall and that has stringent file-system security policies in place remains unsecured if no strategy exists to guard the computer's physical security. If unauthorized users have physical access to a computer, they can remove the computer's hard disks and perform offline analysis of the disks' data. When users can view a hard disk's contents on a different computer, file-system security (e.g., the kind NTFS ACLs provide on Windows NT or Windows 2000— Win2K—systems) is of no value. This problem is especially acute for laptop computers because two NTFS file-system drivers that ignore NTFS security—NTFSDOS and an NTFS driver for Linux—let even casual thieves easily view NTFS files.
Encrypting File System Primer: Basics and Best Practices
With the introduction of Windows 2000, Microsoft implemented a number of security-based improvements aimed at making their flagship operating system (OS) more robust and attractive for enterprise deployment. They’ve built on existing technology from NT 4.0 and added several features, which take advantage of standards that for years have been proven effective in the industry. The result is an OS less dependent of flawed proprietary standards, such as NTLM and WINS, which have been plagued with numerous vulnerabilities and over the years have made the job of system security an even more difficult task.
Among the many improvements in Windows 2000, one of the more notable ones is the addition of the Encrypting File System (EFS). EFS is a means of protecting user data which takes advantage of two well known industry standards: Data Encryption Standard X (DESX) and RSA public key exchange. It is supported in all versions of Windows 2000, and works transparently (without user input) to encrypt and decrypt files for user access. In the past, a user would have to encrypt and decrypt files using a third party application which had to be purchased and installed separately on their system, and which most often depended on the user entering a correct password. With EFS, this is no longer a necessity. As always however, most security measures are only effective if your users are properly informed, and EFS is no exception. As such, we’ll take a look at EFS, what it is how it works, and more importantly, what you need to know to make it work effectively for you.
With the introduction of Windows 2000, Microsoft implemented a number of security-based improvements aimed at making their flagship operating system (OS) more robust and attractive for enterprise deployment. They’ve built on existing technology from NT 4.0 and added several features, which take advantage of standards that for years have been proven effective in the industry. The result is an OS less dependent of flawed proprietary standards, such as NTLM and WINS, which have been plagued with numerous vulnerabilities and over the years have made the job of system security an even more difficult task.
Among the many improvements in Windows 2000, one of the more notable ones is the addition of the Encrypting File System (EFS). EFS is a means of protecting user data which takes advantage of two well known industry standards: Data Encryption Standard X (DESX) and RSA public key exchange. It is supported in all versions of Windows 2000, and works transparently (without user input) to encrypt and decrypt files for user access. In the past, a user would have to encrypt and decrypt files using a third party application which had to be purchased and installed separately on their system, and which most often depended on the user entering a correct password. With EFS, this is no longer a necessity. As always however, most security measures are only effective if your users are properly informed, and EFS is no exception. As such, we’ll take a look at EFS, what it is how it works, and more importantly, what you need to know to make it work effectively for you.
Monday, January 21, 2002
Turning Snooping Into Art
It’s a privacy-busting boogeyman to civil libertarians, an anti-terror panacea to lawmakers. And now Carnivore, the FBI’s infamous Internet surveillance program, has become an inspiration to a group of the Web's leading artists.
In a collaborative art project called, creatively enough, "Carnivore," Flash guru Joshua Davis and digital artist Mark Napier, along with other artists, have crafted programs that create audiovisual representations of data traffic that’s observed and hijacked from a local area network.
It’s a privacy-busting boogeyman to civil libertarians, an anti-terror panacea to lawmakers. And now Carnivore, the FBI’s infamous Internet surveillance program, has become an inspiration to a group of the Web's leading artists.
In a collaborative art project called, creatively enough, "Carnivore," Flash guru Joshua Davis and digital artist Mark Napier, along with other artists, have crafted programs that create audiovisual representations of data traffic that’s observed and hijacked from a local area network.
Virtual lies face foolproof software
Software that can detect when people are lying in their e-mails sounds a bit far-fetched, but its manufacturers declare it is true.
SAS Institute, which makes fraud-detection systems for banks and phone companies, will on Monday announce a product that can sift through e-mails and other electronic text to catch elusive nuances such as tone.
Software that can detect when people are lying in their e-mails sounds a bit far-fetched, but its manufacturers declare it is true.
SAS Institute, which makes fraud-detection systems for banks and phone companies, will on Monday announce a product that can sift through e-mails and other electronic text to catch elusive nuances such as tone.
Subscribe to:
Posts (Atom)
