Wednesday, December 19, 2007

Cracking passwords to web applications

Many web applications can be broken into. How?

Some common vulnerabilities that can easily lead to an attacker cracking Web passwords include the following:

  • No intruder lockout after a certain number of failed attempts
  • Intruder lockout time that's too short
  • Allowing simultaneous logins from the same or multiple hosts
  • Transmitting login traffic via HTTP and not using SSL
Want to see tools and examples? See the article by Kevin Beaver.

Monday, November 26, 2007

Avoid licensed software

Meaning, do not use software which requires a license. Why? This is why: the makers of it will screw you. See here.

Rather, invest your time in understanding open source alternatives. To quote from this article,

"It's not like they have really good software. It's just that it's widespread and it's commonly used," Gaertner said. "It's going to be a while, but eventually, we plan to get completely disengaged from those software vendors that participate in the BSA."

Tuesday, October 30, 2007

Have you ever sent an email which you immediately wanted back?

Well, this government employee revealed the email addresses of 150 secret informers by clicking on "Reply all". Then a few hours later he sent a recall notice. However, this notice also included all the email addresses again.

I am sure I could create a special rule warning one on sending such kinds of emails, and add it to most email clients. Anybody wants to take me up on that?

Wednesday, October 24, 2007

Forensics Delivery? - Why not!

Another quote from Christy Burke's article is below. Top8 has trained drivers for this, and some have concealed handgun licenses.

Sometimes, commercial carriers are perfectly adequate to transport evidence, but occasionally greater security is warranted. Computer forensics expert and Sensei Enterprises President Sharon Nelson says that FedEx is often sufficient for transporting e-discovery materials, since they require a signature on each end and record the time and date of receipt. However, Nelson has seen many more "hands-on" approaches to bringing in the data.

"A lot of our clients won't go through FedEx," Nelson says. "We have had famous people show up personally with armed guards, carrying their CPU towers in their hands. Or they sometimes send a lawyer, a trusted agent or an employee to bring it in. Once it's in our care, we're responsible for it -- we image the drive and return it to the representative." Other highly secure transportation alternatives include armored car transport and bonded messengers.

Tuesday, October 23, 2007

Who needs discovery? - Well, who does not?

In a very informative on its own right article, "Examining E-Discovery Chain of Custody", Christy Burke brings an interested quote:

"Tom O'Connor, a litigation support consultant and director of the Legal Electronic Document Institute in Seattle, says that the No. 1 request for e-discovery that he's seeing in Washington state is for divorce cases, not criminal ones. Investigators confiscate and search laptops and home computers for proof of adulterous affairs, hidden financial assets and the like -- a far cry from the notorious bloody glove in the O.J. case."

I remember a divorce lawyer, a friend of mine, telling me that "my clients only want to discover the other party's checkbook", only a year ago. It seems this has changed lot.

Monday, October 22, 2007

E-Discovery Law a Boon for Lawyers

We are at your service
clipped from www.pcworld.com
The fourth annual "Litigation Trends Survey Findings" conducted by Fulbright & Jaworski L.L.P, a global law firm based in Austin, Texas, found that corporate lawyers -- over two-thirds based in the United States and the rest mainly in Britain -- cited a big jump in use of outside vendors and outside law firms specializing in the e-discovery field. The industry sectors primarily represented are financial services, technology/communications, manufacturing, healthcare, energy and retail.
 blog it

Friday, September 21, 2007

Confidential data on hard drives turning up

September 21, 2007 (Techworld.com) -- Hard drives full of confidential data are still turning up on the second-hand market, researchers have reported.


Investigations carried out for the BT Group by the University of Glamorgan in the U.K., Edith Cowan University in Australia, and Longwood University in the U.S., found that 37% of drives surveyed had traces of personal data on them.

 blog it

Wednesday, September 12, 2007

eDiscovery tools roundup

One roundup article can't possibly address all these products, but Socha and other experts, including Enterprise Strategy Group (ESG) analyst Brian Babineau, have established guidelines for categorising and evaluating the companies and products that have already become well-known in this space.

blog it

Tuesday, September 11, 2007

Ethical Hacker Kit

http://kit.hackerscenter.com/index.html

There has been some debate on Darknet about this kit and it’s use, obviously it’s a kit for beginners but it is useful.

Wednesday, July 25, 2007

Black Hat Researchers: Forensics software can be hacked

It is a big war in court, with every side trying to attack the tools of the other side. Therefore, individual expertise is very important. You can not just say "the flawless program gave these results" if no program is flawless, but you have to prove your opinion, and in simple terms!
The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners Inc.

The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software Inc.'s EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.
 blog it


"The big risk is for someone to execute arbitrary code," he said "If there's a risk that the evidence has been compromised or if something has been planted by a third party... then you can call into question the accuracy of the software and possibly get it thrown out."

Butterworth, who has been grilled many times by defense lawyers, agreed. "I wouldn't put anything past a defense attorney ," he said.

Tuesday, July 24, 2007

Free security tool ferrets out unpatched software

useful stuff, not clear how to use it for business
A Danish security vendor is offering a free tool designed to inform users when their applications need patching.

Secunia APS has made the beta version of its Personal Software Inspector available for download.

A client program, Personal Software Inspector periodically checks to see if new updates have been issued for some 4,200 applications.
Once it is installed on a user's PC, it inventories the computer's software and versions and classifies programs as "insecure," "end-of-life" or "up-to-date." When a patch is issued for a program on a user's computer, Personal Software Inspector displays a pop-up window in the lower right-hand corner of the screen, said Thomas Kristensen, Secunia's chief technology officer. Another panel provides a download link for the patch.
 blog it

Thursday, July 19, 2007

FTester - Firewall Tester and IDS Testing tool

clipped from www.darknet.org.uk

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.

The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets.
 blog it

Tuesday, June 26, 2007

Security start-up Untangle goes open-source

One can add this to the portfolio of security services
clipped from news.zdnet.com
Untangle, a start-up that sells software for network security equipment, is making its core product open-source on Tuesday.


The company already uses a variety of open-source software projects, including the SpamAssassin spam-screening software, the Snort software that detects some network intruders and the ClamAV software that can help block "phishing" attacks that direct users to bogus Web sites. Now Untangle is adding its own framework to the mix, software that handles chores such as network management, software updates, security policy settings and processing of network traffic.

 blog it

Thursday, June 21, 2007

Forensics in Houston (litsupport)

Forensic Data Retrieval in Houston

Posted by: "enordstr" ecnordstrom@gmail.com enordstr

Wed Jun 20, 2007 5:43 pm (PST)

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

3b.

Re: Forensic Data Retrieval in Houston

Posted by: "Omar Cherry" omartyre@yahoo.com omartyre

Wed Jun 20, 2007 8:39 pm (PST)

SysInformation Inc.
2620 Fountain View Dr, Suite 440
Houston, TX 77057
Phone: 281.914.4199
Fax: 832.242.2588

Great Company!



Omar Tyre Cherry
Technology Project Manager
Keystone Document Discoverey
www.keystonedd.com



enordstr <ecnordstrom@gmail.com> wrote: Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

---------------------------------
Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.

[Non-text portions of this message have been removed]

3c.

Re: Forensic Data Retrieval in Houston

Posted by: "Capolupo, Mark" mcapolupo@UHY-US.COM mcapolupo_uhy

Wed Jun 20, 2007 9:27 pm (PST)

UHY Advisors, Houston HQ, please call 646-746-1200

Mark

----- Original Message -----
From: litsupport@yahoogroups.com < litsupport@yahoogroups.com>
To: litsupport@yahoogroups.com < litsupport@yahoogroups.com>
Sent: Wed Jun 20 15:56:07 2007
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

Confidentiality and Circular 230 Notices

IMPORTANT: If this communication contains statements concerning taxation, those statements are provided for information purposes only, are not intended to constitute tax advice which may be relied upon to avoid penalties under any federal, state, local or other tax statutes or regulations, and do not resolve any tax issues in your favor. Upon request, we can provide you with express written tax advice after necessary factual development and subject to such conditions and qualifications as we may deem appropriate in the circumstances.

This electronic mail message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.

[Non-text portions of this message have been removed]

3d.

Re: Forensic Data Retrieval in Houston

Posted by: "Dave Townsend" dave.townsend@aptaracorp.com eforinc

Wed Jun 20, 2007 9:27 pm (PST)

We can help you out in Houston. How many custodians and what is the
timeframe?

Regards,

Dave Townsend
Director, Computer Forensics & ESI Collections
Aptara Litigation Services


________________________________

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 4:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

3e.

Re: Forensic Data Retrieval in Houston

Posted by: "Robert Fitzgerald" rfitzgerald@universalmobilit.com universal_rob

Wed Jun 20, 2007 9:28 pm (PST)

Dan Dykes - 281-850-7748 We have used him and been extremely happy.

_____

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 5:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

3f.

Re: Forensic Data Retrieval in Houston

Posted by: "Charlene Agnew" cagnew@airmail.net charleneagnew

Wed Jun 20, 2007 9:28 pm (PST)

Call Dan Dykes at:

Houston Computer Forensics

(713) 660-8303

I've known him for years and have watched him work. He's excellent.

Charlene

__________________________________________________________

Charlene Agnew

CT Summation Certified Trainer

American Society of Trial Consultants, Member

Trial Director Certified Trainer and Trial Consultant

Sanction Trial Consultant

Advanced Litigation Solutions, Inc.

Houston, Texas

(281) 485-4025

cagnew@airmail.net

_____

From: litsupport@yahoogroups.com [mailto: litsupport@yahoogroups.com] On
Behalf Of enordstr
Sent: Wednesday, June 20, 2007 4:56 PM
To: litsupport@yahoogroups.com
Subject: [litsupport] Forensic Data Retrieval in Houston

Does anyone have a recommendation of a good electronic discovery /
forensic data retrieval outfit in Houston?

[Non-text portions of this message have been removed]

Wednesday, June 20, 2007

Fake NetBIOS Tool - Simulate Windows Hosts

clipped from www.darknet.org.uk

Some cool free tools made by folks from the French Honeynet Project.

FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

  • FakeNetbiosDGM (NetBIOS Datagram)
  • FakeNetbiosNS (NetBIOS Name Service)
  • Each tool can be used as a standalone tool or as a honeyd responder or subsystem.

    FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate Windows hosts bradcasts. It sends periodically NetBIOS announces over the network to simulate Windows computers. It fools the Computer Browser services running over the LAN and so on.

    FakeNetbiosNS is a NetBIOS Name Service daemon, listening on port UDP 137. It responds to NetBIOS Name requests like real Windows computers: for example ‘ping -a’, ‘nbtstat -A’ and ‘nbtstat -a’, etc.

    You can download the tools here:

    FakeNetBIOS-0.91.zip

    There are a few others things here:

    http://honeynet.rstack.org/tools.php

    blog it

    Wednesday, June 13, 2007

    Hacking video

    if down, get it directly http://www.mediafire.com/?cxpyxwktnfh
    clipped from www.darknet.org.uk

    I was thinking that the darknet authors should create videos when they write about different tools… It should be fun to see presentations… and also would bring darknet more hits…
    I made a video for my previous article, and uploaded it to youtube: stealth techniques - syn

    …for better quality download it: here

     blog it

    Monday, June 11, 2007

    Using industry best practices for effective security training

    security consultant needed
    clipped from www.cgisecurity.com

    "Improved employee understanding of appropriate behaviors and best practices for enhanced information security reduces security risks and helps ensure compliance with regulations such as Sarbanes-Oxley, HIPAA, the Payment Card Industry Data Security Standards (PCI DSS) and others. But merely providing security training is not enough. Organizations need to know if training programs have been successful in changing behavior.

    In order to provide an effective security training program, metrics must be set in place from the start. Measurements help establish a baseline of individual and organizational competencies in enterprise security. Additionally, metrics help identify gaps in current training initiatives that should be remedied and improve the methodology and/or content of training programs. Measuring training effectiveness can also be useful in validating the competency of the training entity itself."
     blog it

    No help from my friends

    Microsoft is telling the world how to attach its customers. Suggestion? Upgrade to the next version, or else.
    clipped from www.cgisecurity.com
    Microsoft is telling the world how to exploit their products being used by their customers. Not that the worst of those interested in it did not already know, but the one thing we need from Microsoft is not the exploit, but the patch or at least a decent work-around. And that patch is lacking. Their only defensive advice is to upgrade to IIS 6.0."
     blog it

    Volunteers do not do security

    who is the guy to rely on but hired help?
    clipped from www.cgisecurity.com

    "What if a Web researcher found a bug on your Website today -- but was too afraid of the law to tell you?

    The Computer Security Institute (CSI) recently formed a working group of Web researchers, computer crime law experts, and U.S. Department of Justice agents to explore the effects of laws that might hinder Web 2.0 vulnerability research. And the CSI group's first report -- which it will present on Monday at CSI's NetSec conference in Scottsdale, Ariz. -- has some chilling findings.

    In the report, some Web researchers say that even if they find a bug accidentally on a site, they are hesitant to disclose it to the Website's owner for fear of prosecution. "This opinion grew stronger the more they learned during dialogue with working group members from the Department of Justice," the report says. "
     blog it

    Friday, June 8, 2007

    Priamos Project - SQL Injector and Scanner

    clipped from www.google.com
    PRIAMOS is a powerful SQL Injector & Scanner
    You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module.
    You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously).
    The first release of PRIAMOS...


    Read the full post at darknet.org.uk
     blog it

    Tuesday, June 5, 2007

    How Online Criminals Make Themselves Tough to Find, Near Impossible to Nab

    clipped from www.cio.com
    “Business leaders start to say,
    ‘I can’t be paying $400 an hour for forensics that
    aren’t going to get me anything in return,’”
     blog it

    Friday, June 1, 2007

    IBM: Public vulnerabilities are tip of the iceberg

    Lots of work for individual pen testers
    clipped from news.zdnet.com
    IBM's Internet Security Systems division has warned that there is a "colossal difference" between the number of publicly disclosed security vulnerabilities and the number of flaws that are discovered but not publicly disclosed.
     blog it

    Thursday, May 17, 2007

    LAN test plan

    i got the paper

    Wireless test vendor VeriWave has released a "master test plan" to guide enterprises in testing wireless LAN gear for performance, behaviors and characteristics.

    The 190-page free downloadable document is designed to help network administrators know what to test in order to verify their equipment purchase decisions, according to the Portland, Ore., vendor.

     blog it

    Wednesday, May 16, 2007

    Incident management in the age of compliance

    The basics of doing what the laws tell you to do

    Security incidents can wreak catastrophic results on organizations. Such incidents may involve hacking, malware outbreaks, economic espionage, intellectual property theft or loss, network access abuse, theft of IT resources, or many other issues.  Recent regulatory mandates directly affect how organizations should deal with such occurrences.

    The well-known security maxim, "prevention-detection-response," covers three components, all crucially important for an organization’s security posture.  "Prevention" seems favored by many as the primary component with "detection" following close behind.  However, "response" has a unique characteristic lacking in the other two components: it is impossible to avoid.  While it is not uncommon for an organization to have weak prevention and nearly non-existent detection capabilities, response will always be present, since organizations are forced into response mode by attackers.

     blog it

    Tuesday, May 15, 2007

    Computer Forensics Catches a Criminal

    Self-promotional article, but still an interesting read
    clipped from www.law.com

    In the case of U.S. v. Duronio, the bomb was the standard Unix remove command hidden amongst other legitimate commands. The payload was triggered in such a way that it would delete all of the files on the important stock trading servers on the morning of March 4, 2002, which in turn would render them useless to UBS-PW employees and stock traders.
     blog it

    Saturday, May 12, 2007

    Silica hacking device

    SAN FRANCISCO — The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference.

    more...

    Sunday, May 6, 2007

    A 13B company with weak security

    clipped from www.cgisecurity.com

    "A wireless network that employed less protection than many people use on their home systems appears to be the weak link that led TJX Companies, the US-based retailing empire, to preside over the world's biggest known theft of credit-card numbers.

    Despite a market capitalization of almost $13bn, it appears the company couldn't afford to secure its Wi-Fi network with anything more robust than the woefully inadequate Wired Equivalent Privacy protocol.

    According to a front-page article in today's Wall Street Journal, the nonfeasance allowed hackers to use a simple telescope-shaped antenna and a laptop to intercept data flowing through a Wi-Fi network used at a Marshalls discount clothing store near St. Paul, Minnesota."
     blog it

    Friday, May 4, 2007

    Scapy

    clipped from www.secdev.org

    Scapy is a powerful interactive packet manipulation program. It is able to forge
    or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and
    replies, and much more. It can easily handle most classical tasks like
    scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace
    hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).
    It also performs
    very well at a lot of other specific tasks that most other tools can't handle,
    like sending invalid frames, injecting your own 802.11 frames,
    combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on
    WEP encrypted channel, ...), etc.
     powered by clipmarksblog it

    Wednesday, May 2, 2007

    UHY Advisors

    If we go strong, these guys will get in touch
    clipped from www.sys-con.com


    The lab is unique for its flexibility to be used for both high-volume
    electronic data discovery -- including data processing, culling with search
    terms, de-duplication and file conversion -- and complex digital forensics
    activities. The facility is secured with biometric locks and the evidence
    storage "vault" is also secured with advanced motion detectors.

    HOUSTON, TX -- (MARKET WIRE) -- 05/02/07 -- UHY Advisors today announced the opening of its
    newly constructed electronic data discovery lab, a state-of-the-art
    facility for processing large volumes of electronic evidence and conducting
    sophisticated computer forensics investigations, at a secure location in
    downtown Houston.

    powered by clipmarksblog it

    Tuesday, May 1, 2007

    Security tool for federal agencies

    can individuals get it?

    May 01, 2007 (Computerworld) -- The Center for Internet Security (CIS) this summer will release a free tool designed to help federal agencies check whether their Windows systems configurations comply with security requirements mandated recently by the White House's Office of Management and Budget.

     powered by clipmarksblog it

    Building a semi-custom eDiscovery solution

    How about a customizable solution like Google domains?
    clipped from www.law.com
    INEFFICIENCIES IN TODAY'S E-DISCOVERY PROCESS
    Because of an expanding caseload, we needed to integrate a variety of media -- including paper and electronic files --
    into a centralized management system. Each person on the case also required up-to-date information on case schedules,
    correspondence completed or needed, and
     powered by clipmarksblog it