Open a Padlock With a Coke Can

January 17, 2012

Well, I wish I’d known about this technique the last time I forgot my gym lock combination.


Nmap Bundling

December 7, 2011

Cnet’s download.com site has apparently begun bundling toolbars and spyware with nmap and other open source tools.


Columbia FOG

November 8, 2011

An interesting, DARPA-funded project over at Columbia: FOG allows for false documents to be created which then “beacon” a message back to the originator when they are opened. Clearly, the intent is twofold – to seed places like Wikileaks with false information, and to ferret out people who are trading in stolen documents.


BEAST

September 26, 2011

Poor SSL. It’s been the standard for so long, but it’s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and now this.

In particular, security researchers Juliano Rizzo and Thai Duong have built a tool that’s capable of decrypting and obtaining the authentication tokens and cookies used in many websites’ HTTPS requests. “Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing,” they said.

To illustrate the vulnerability they’ve discovered and automatically harvest authentication tokens and cookies, the researchers said they’ve also built a JavaScript-based tool dubbed BEAST, for Browser Exploit Against SSL/TLS. “It is worth noting that the vulnerability that BEAST exploits has been [present] since the very first version of SSL. Most people in the crypto and security community have concluded that it is non-exploitable, that’s why it has been largely ignored for many years,” Duong told Threatpost.

 


Apache Killer

August 25, 2011

A new Apache denial-of-service tool, named “Apache Killer”, has been posted on Full Disclosure and usage has been observed in the wild. Both the 1.3 and 2.0 codebases are affected – the Apache project says that a patch is upcoming. More details at the link.

 


SIFT

August 15, 2011

The SIFT Workstation forensic toolkit is a freely available set of tools for forensic analysis of computers and networks. And it comes highly recommended.

Although the commercial tools maintain advantages over SIFT in some areas, the free SIFT tool exceeds the capabilities of the commercial tools in other areas. “Even if SIFT cost tens of thousands of dollars,” says, Alan Paller, director of research at SANS, “it would be a very competitive product.” At no cost, it should be part of the portfolio in every organization that has skilled forensics analysts.


Linux 3.0

July 22, 2011

Not strictly security related, but a huge technical news story today: version 3.0 of the Linux kernel has been released.

As a relative latecomer to Linux (I’ve only been running it on my personal machines for eight or ten years), I won’t be regaling anyone with stories of installing Slackware off of a stack of 3.08 x 1019 floppy disks or anything. But it is pretty amazing to think that, in twenty years, a grad student’s terminal emulator and toy kernel has turned into one of the most widely used operating systems on the planet.


iOS Encryption Cracked

May 26, 2011

Elcomsoft, the well-known Russian security company, has released a new tool that allows users to brute-force the encryption keys used by iOS 4 devices. Apparently the usual time to crack an iPhone or iPad is about forty minutes.


Partition Encryption in Linux

May 17, 2011

Last week, I started getting errors from the external hard drive that I use for backing up my workstation. Since this is probably the sign of an impending failure, I ordered a new one immediately. Also, since external hard drives are lightweight and easy to steal, both the replacement and the drive being replaced are encrypted to protect their data.

In Linux, the most common solution for drive encryption is a combination of dm-crypt and LUKS. If you’re interested in setting up an encrypted drive yourself, you might find this walkthrough useful – I wrote it a few years ago, and still refer to it every time I need to refresh my memory on the command syntax for working with encrypted filesystems under Linux.


Cluster Stego

April 27, 2011

Coincidentally enough after this week’s Definition Monday on steganography, researchers have come up with yet another new stego scheme: this one is based on the cluster fragmentation of particular files on the hard drive. An Open Source implementation is upcoming.

While this doesn’t seem as robust as a system like the (sadly defunct) Linux stegFS project, it’s still a pretty interesting innovation.