web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: New Helix3 Forensic CD - Welcome
    1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities New Helix3 Forensic CD Welcome E fense has published a new version of their acclaimed Helix Forensic Live CD It is now in version 2 0 UPDATE Helix3 is no longer a free product e Fense decided to make it a commercial product Just as the old version the new one contains two major components A LiveCD Based on Ubuntu A full blown forensic toolkit with a nice all encompassing set of tools Windows set of tools which allow the user to use a subset of forensic tools within a running windows system most often during first response The Windows toolkit is maintaining the same interface as before but the windows based application set is coherent there are no missing applications The previous version had a number of links in the windows toolkit that weren t working which could cause a lot of grief at the wrong time Just a reminder of the Windows Helix Menu The Linux LiveCD interface has seen a major overhaul It is now based on Gnome and the overall interface is much better organized The following screenshot depicts the new Helix boot menu Unfortunately probably in search of a better overall performance it is departing the Forensic track and moving much more into mainstream The toolkit is missing a lot of nice new Forensic tools

    Original URL path: http://www.shortinfosec.net/2008/11/new-helix3-forensic-cd-welcome.html (2016-04-27)
    Open archived version from archive


  • Information Security Short Takes: TrueCrypt Full Disk Encryption Review
    CPU one CPU core active in the VM 256 MB of RAM allocated fully allocated to RAM No swap 8 GB of disk drive simulated in a file USB No FDD Windows XP Pro SP2 operating system As you can see it is a relatively slow machine for today s standard of laptops but this is on purpose since the idea is to conclude whether this configuration is useable with an encrypted drive Encryption The installation of the TrueCrypt is very straightforward and even the most inexperienced users should have no problems whatsoever Immediately after the installation choose System Encrypt system partition drive Follow the instructions on the windows Choose a very complex password since it cannot be changed The software automatically creates a rescue decrypt CD Image which you must burn on a blank CD media Truecrypt WILL NOT continue with the actual encryption unless you present a burned CD with the decryption data NOTE NEVER keep the rescue CD ROM together with the laptop since it will be used to decrypt the drive The actual encryption is lasts some 20 30 minutes After it finishes you have an encrypted system drive Performance test I have 2 identical clones of the Test Laptop one with encrypted drive and one without I did a fast performance test with PassMark 6 1 Here are the conclusions As you can see the test concludes that the overall performance of the Test Laptop is marginally better for the non encrypted disk clone However on the disk drive read performance the non encrypted disk clone shows approximately 100 better results screenshots below PassMark Result for the Non Encrypted Machine PassMark Result for the Encrypted Machine PassMark Disk Result for the Non Encrypted Machine PassMark Disk Result for the Encrypted Machine Simulated theft of encrypted laptop The encrypted laptop is stolen and following attempts to open it are performed Booting to Linux and attempting to access the file system I booted the Helix forensics toolkit knoppix and attempted to mount the encrypted drive The operating system could not identify the file system type When i forced NTFS file system type it refused to mount with a message of invalid I O The bit for bit DD copying still works however the actual copy is just as useless as the original Booting to ERD Commander 2005 and attempting to access the file system A simpler variant of the Helix attack The ERD Commander didn t succeed in mounting the drive and complained about overlapping I O Removing the drive and attempting to find strings in it I tried this with the DD copy of the encrypted virtual drive There were strings found but nothing useful Risks After the initial review of the resulting encrypted drive i came to the conclusion that the attacker will try to find a way around the encryption and to get the password or the decryption key Here are the ways an attacker will attempt to obtain the information Social engineering to

    Original URL path: http://www.shortinfosec.net/2008/05/truecrypt-full-disk-encryption-review.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: System Hardening Process Checklist
    information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities System Hardening Process Checklist Most administrators and security officers are well aware of the necessity of system hardening for corporate systems H ardening is the process of securing a system by reducing its surface of vulnerability By the nature of operation the more functions a system performs the larger the vulnerability surface Since most systems are dedicated to one or two functions reduction of possible vectors of attack is done by the removal of any software user accounts or services that are not related and required by the planned system functions System hardening is vendor specific process since different system vendors install different elements in the default install process However all system hardening efforts follow a generic process So here is a checklist and diagram by which you can perform your hardening activities Perform initial System Install stick the DVD in and go through the motions Remove unnecessary software all systems come with a predefined set of software packages that are assumed to be useful to most users Depending on your target use of the system you should remove all software that is not to be used like graphics and office packages on a web server Disable or remove unnecessary usernames and passwords most systems come with a lot of predefined user accounts for all kinds of purposes from remote support to dedicated user accounts for specific services Remove all remote and support accounts and all accounts related to services which are not to be used For all used accounts ALWAYS change the default passwords Disable or remove unnecessary services just as the two previous points remove all services which are not to be used in production You can always just disable them but if you have the choice remove them altogether This will prevent the possible errors of someone activating the disabled service further down the line Apply patches after clearing the mess of the default install apply security and functionality patches for everything that is left in the system especially the target services Run Nessus Scan update your Nessus scanner and let her rip Perform a full scan including dangerous scans Do the scan without any firewalls on the path of the scan Read through the results there will always be some discoveries so you need to analyze them If no Vulnerabilities are discovered use system after the analysis of the results if there is noting significant discovered congratulations You have a hardened system ready for use Here is the described checklist as a process diagram Talkback and comments are most welcome Related posts Checking web site security the quick approach Protecting from Meddling Web Applications Strategic Choice Proper Selection of Web Hosting Web Site that is not that easy to

    Original URL path: http://www.shortinfosec.net/2009/01/system-hardening-process-checklist.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Scalpel - File Carving from Partially Wiped Evidence Disk
    when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Scalpel File Carving from Partially Wiped Evidence Disk On the previous article on proper information disposal a visitor suggested that Darik s Boot and Nuke DBAN can be used for emergency evidence destruction While it is quite correct DBAN takes time to finish So what evidence can be recovered from a disk on which someone interrupted the DBAN process Example Scenario We created a simulation of an interrupted information destruction Here is the scenario An employee has been collecting illegal material on his corporate computer The employee is accidentally notified that internal audit investigators will review his computer in several minutes The employee boots to a Darik s Boot and Nuke to destroy the disk contents The investigators intercepts and disconnect the power to the computer before DBAN finishes Analysis Since DBAN will overwrite information it can be assumed that the File Allocation Tables are destroyed as well as some of the data The investigator creates a DD image of the disk drive as presented in the Tutorial Computer Forensics Evidence Collection The DD image is loaded into the Helix investigator computer All strings are extracted from the image using the string s command this activity creates

    Original URL path: http://www.shortinfosec.net/2009/01/scalpel-file-carving-from-partially.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: The Cloud - time for serious consideration - Web services
    Since this article will become too long if we discuss all possible cloud applications let s start with the simplest one Web hosting From it s inception web hosting was in a sense hosted in the cloud but a very simple cloud Very few people or even companies own and operate web servers and others host their web sites on provider servers throughout the world But hosting is not exactly the cloud The cloud offers so much more for web hosting Now this is not the time to start thinking I m thinking of upgrading my web host and I ve been checking some web hosting reviews It s pretty hard to decide which host especially when reading the editorial and user reviews since all of them have good reviews Let s go on and choose the most expensive one When reviewing moving the web to cloud understand the strengths and weaknesses of the cloud Strengths Availablity any cloud service is distributed over multiple servers datacenters and sites And the cloud systems can transfer the hosted applications sites near instantly between this infrastructure So even if a server fails your availability will be nearly unharmed Coping with large load variations again since there are multiple servers and datacenters if your application site suddenly become very popular the cloud infrastructure won t fall to it s knees under the load of additional requests Timely and consistent updates the underlying servers of the cloud infrastructure need to be fully consistent with each other Also since they are running many customers applications sites a failure due to a patch is not something the cloud service will accept So you can rely on the fact that all servers will be very quickly and consistently updated Extremely fast scaling out If your application site has a sustained high visit rate it needs more servers to run on This is very easy to implement in a multi server multi site environment of a cloud service Weaknesses Custom platform each cloud service provider designs the cloud service environment with it s specifics like underlying operating system databases application server and development platform These are fixed across the entire cloud platform and if you wish your application site to run on the cloud service you must make it work with the cloud service Lock in once you have adjusted the entire application site to run on the cloud service environment it may be difficult to move it to another cloud service provider since then you ll need to re adjust everything to run on the new cloud service This is even more difficult if the application site was developed from scratch with specific cloud service in mind Isolation breach your application service is not the only one running on the cloud service systems A breach between the isolation controls of different applications customers can cause access to proprietary data use of other party s resources and in general a very large amount of grief for everyone involved At

    Original URL path: http://www.shortinfosec.net/2011/06/cloud-time-for-serious-consideration.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: January 2014
    2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Do you actually value your privacy Many years ago on a great satire TV show named Top Lista Nadrealista The Surrealists Top Chart I watched a sketch named Do you want to be anonymous The sketch presented a TV crew walking through Sarajevo asking random people do they want to be anonymous Everyone on that sketch claimed to want to be anonymous while wilfully giving all kinds of personal information just to be on TV Today I witnessed the same level desire for anonymity by more than 500 people on Linkedin A user on Linkedin posted the image below and it got more than

    Original URL path: http://www.shortinfosec.net/2014_01_01_archive.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: November 2013
    for idiots and others that care blogarama the blog directory Hardware and Software Tutorials that Count Blog Archive 2014 1 January 1 2013 2 November 1 October 1 2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities We are all Persons of Interest We provide a huge amount of information about us to many different online services Naturally these companies use

    Original URL path: http://www.shortinfosec.net/2013_11_01_archive.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: October 2013
    April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Mac OS X Mavericks still cannot fully escape the ghost of Steve Jobs Yesterday evening I took the early adopter plunge and upgraded to Mac OS X Mavericks My primary curiosity as well as most others was the battery life management I followed the very useful preparatory tips on CNET and clicked on Install in AppStore Mavericks Beach by Shalom Jacobovitz via Wikimedia Commons How did it go The upgrade was seamless and took a total of 1 hour including the 30 minutes of downloading the OS from AppStore The installer reported two incompatible apps Paralels which I m not using anyway just installed a trial once and forgot it and Onyx which will be upgraded soon My aftermarket SSD continued running happily with TRIM enabled which is great news and Safari seems blazing fast Even some AppStore games are still running

    Original URL path: http://www.shortinfosec.net/2013_10_01_archive.html (2016-04-27)
    Open archived version from archive