Wednesday, July 25, 2007

Black Hat Researchers: Forensics software can be hacked

It is a big war in court, with every side trying to attack the tools of the other side. Therefore, individual expertise is very important. You can not just say "the flawless program gave these results" if no program is flawless, but you have to prove your opinion, and in simple terms!
The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners Inc.

The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software Inc.'s EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.
 blog it


"The big risk is for someone to execute arbitrary code," he said "If there's a risk that the evidence has been compromised or if something has been planted by a third party... then you can call into question the accuracy of the software and possibly get it thrown out."

Butterworth, who has been grilled many times by defense lawyers, agreed. "I wouldn't put anything past a defense attorney ," he said.

Tuesday, July 24, 2007

Free security tool ferrets out unpatched software

useful stuff, not clear how to use it for business
A Danish security vendor is offering a free tool designed to inform users when their applications need patching.

Secunia APS has made the beta version of its Personal Software Inspector available for download.

A client program, Personal Software Inspector periodically checks to see if new updates have been issued for some 4,200 applications.
Once it is installed on a user's PC, it inventories the computer's software and versions and classifies programs as "insecure," "end-of-life" or "up-to-date." When a patch is issued for a program on a user's computer, Personal Software Inspector displays a pop-up window in the lower right-hand corner of the screen, said Thomas Kristensen, Secunia's chief technology officer. Another panel provides a download link for the patch.
 blog it

Thursday, July 19, 2007

FTester - Firewall Tester and IDS Testing tool

clipped from www.darknet.org.uk

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.

The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets.
 blog it