Well, I wish I’d known about this technique the last time I forgot my gym lock combination.
Open a Padlock With a Coke Can
January 17, 2012
Leave a Comment » | 
Syndicated, Tools | 
Permalink
Posted by matt
Nmap Bundling
December 7, 2011Cnet’s download.com site has apparently begun bundling toolbars and spyware with nmap and other open source tools.
Leave a Comment » | Legal, Tools | Permalink
Posted by matt
Columbia FOG
November 8, 2011An interesting, DARPA-funded project over at Columbia: FOG allows for false documents to be created which then “beacon” a message back to the originator when they are opened. Clearly, the intent is twofold – to seed places like Wikileaks with false information, and to ferret out people who are trading in stolen documents.
Leave a Comment » | Syndicated, Tools | Permalink
Posted by matt
BEAST
September 26, 2011Poor SSL. It’s been the standard for so long, but it’s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and now this.
In particular, security researchers Juliano Rizzo and Thai Duong have built a tool that’s capable of decrypting and obtaining the authentication tokens and cookies used in many websites’ HTTPS requests. “Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing,” they said.
…
To illustrate the vulnerability they’ve discovered and automatically harvest authentication tokens and cookies, the researchers said they’ve also built a JavaScript-based tool dubbed BEAST, for Browser Exploit Against SSL/TLS. “It is worth noting that the vulnerability that BEAST exploits has been [present] since the very first version of SSL. Most people in the crypto and security community have concluded that it is non-exploitable, that’s why it has been largely ignored for many years,” Duong told Threatpost.
Leave a Comment » | Exploits, Tools | Permalink
Posted by matt
Apache Killer
August 25, 2011A new Apache denial-of-service tool, named “Apache Killer”, has been posted on Full Disclosure and usage has been observed in the wild. Both the 1.3 and 2.0 codebases are affected – the Apache project says that a patch is upcoming. More details at the link.
Leave a Comment » | Exploits, Tools | Permalink
Posted by matt
SIFT
August 15, 2011The SIFT Workstation forensic toolkit is a freely available set of tools for forensic analysis of computers and networks. And it comes highly recommended.
Although the commercial tools maintain advantages over SIFT in some areas, the free SIFT tool exceeds the capabilities of the commercial tools in other areas. “Even if SIFT cost tens of thousands of dollars,” says, Alan Paller, director of research at SANS, “it would be a very competitive product.” At no cost, it should be part of the portfolio in every organization that has skilled forensics analysts.
Leave a Comment » | Tools | Permalink
Posted by matt
Linux 3.0
July 22, 2011Not strictly security related, but a huge technical news story today: version 3.0 of the Linux kernel has been released.
As a relative latecomer to Linux (I’ve only been running it on my personal machines for eight or ten years), I won’t be regaling anyone with stories of installing Slackware off of a stack of 3.08 x 1019 floppy disks or anything. But it is pretty amazing to think that, in twenty years, a grad student’s terminal emulator and toy kernel has turned into one of the most widely used operating systems on the planet.
Leave a Comment » | Tools | Permalink
Posted by matt
iOS Encryption Cracked
May 26, 2011Elcomsoft, the well-known Russian security company, has released a new tool that allows users to brute-force the encryption keys used by iOS 4 devices. Apparently the usual time to crack an iPhone or iPad is about forty minutes.
Leave a Comment » | Smartphones, Tools | Permalink
Posted by matt
Partition Encryption in Linux
May 17, 2011Last week, I started getting errors from the external hard drive that I use for backing up my workstation. Since this is probably the sign of an impending failure, I ordered a new one immediately. Also, since external hard drives are lightweight and easy to steal, both the replacement and the drive being replaced are encrypted to protect their data.
In Linux, the most common solution for drive encryption is a combination of dm-crypt and LUKS. If you’re interested in setting up an encrypted drive yourself, you might find this walkthrough useful – I wrote it a few years ago, and still refer to it every time I need to refresh my memory on the command syntax for working with encrypted filesystems under Linux.
Leave a Comment » | Tools | Permalink
Posted by matt
Cluster Stego
April 27, 2011Coincidentally enough after this week’s Definition Monday on steganography, researchers have come up with yet another new stego scheme: this one is based on the cluster fragmentation of particular files on the hard drive. An Open Source implementation is upcoming.
While this doesn’t seem as robust as a system like the (sadly defunct) Linux stegFS project, it’s still a pretty interesting innovation.
Leave a Comment » | Tools | Permalink
Posted by matt