Well, I wish I’d known about this technique the last time I forgot my gym lock combination.
Cnet’s download.com site has apparently begun bundling toolbars and spyware with nmap and other open source tools.
An interesting, DARPA-funded project over at Columbia: FOG allows for false documents to be created which then “beacon” a message back to the originator when they are opened. Clearly, the intent is twofold – to seed places like Wikileaks with false information, and to ferret out people who are trading in stolen documents.
Poor SSL. It’s been the standard for so long, but it’s had a rough go of it the last few months. First there were the breaches at Comodo and Diginotar, allowing intruders to generate seemingly-authentic certs to trick users, and now this.
In particular, security researchers Juliano Rizzo and Thai Duong have built a tool that’s capable of decrypting and obtaining the authentication tokens and cookies used in many websites’ HTTPS requests. “Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing,” they said.
A new Apache denial-of-service tool, named “Apache Killer”, has been posted on Full Disclosure and usage has been observed in the wild. Both the 1.3 and 2.0 codebases are affected – the Apache project says that a patch is upcoming. More details at the link.
The SIFT Workstation forensic toolkit is a freely available set of tools for forensic analysis of computers and networks. And it comes highly recommended.
Although the commercial tools maintain advantages over SIFT in some areas, the free SIFT tool exceeds the capabilities of the commercial tools in other areas. “Even if SIFT cost tens of thousands of dollars,” says, Alan Paller, director of research at SANS, “it would be a very competitive product.” At no cost, it should be part of the portfolio in every organization that has skilled forensics analysts.
Not strictly security related, but a huge technical news story today: version 3.0 of the Linux kernel has been released.
As a relative latecomer to Linux (I’ve only been running it on my personal machines for eight or ten years), I won’t be regaling anyone with stories of installing Slackware off of a stack of 3.08 x 1019 floppy disks or anything. But it is pretty amazing to think that, in twenty years, a grad student’s terminal emulator and toy kernel has turned into one of the most widely used operating systems on the planet.
Elcomsoft, the well-known Russian security company, has released a new tool that allows users to brute-force the encryption keys used by iOS 4 devices. Apparently the usual time to crack an iPhone or iPad is about forty minutes.
Last week, I started getting errors from the external hard drive that I use for backing up my workstation. Since this is probably the sign of an impending failure, I ordered a new one immediately. Also, since external hard drives are lightweight and easy to steal, both the replacement and the drive being replaced are encrypted to protect their data.
In Linux, the most common solution for drive encryption is a combination of dm-crypt and LUKS. If you’re interested in setting up an encrypted drive yourself, you might find this walkthrough useful – I wrote it a few years ago, and still refer to it every time I need to refresh my memory on the command syntax for working with encrypted filesystems under Linux.
Coincidentally enough after this week’s Definition Monday on steganography, researchers have come up with yet another new stego scheme: this one is based on the cluster fragmentation of particular files on the hard drive. An Open Source implementation is upcoming.
While this doesn’t seem as robust as a system like the (sadly defunct) Linux stegFS project, it’s still a pretty interesting innovation.