Attacks on disk encryption keys - Tool in the wild

Last month I wrote about some new attacks on disk encryption, researchers at Princeton did not release any tool at that time but now people at mcgrewsecurity has released such a tool.

Attacks on disk encryption keys

As forensic practitioners whenever we deal with disk encryption, we have always known that the only theoretical way to retrieve the key was to somehow access the memory where the key is kept. Researchers from Princeton demonstrates that disk encryption can be defeated by "relatively simple methods", more details are here

Data leak

Saw this Infoworld article through Rebecca Herold’s blog , “IT managers who object to employees using unauthorized software at work have another tool to worry about: Google Apps Team Edition, which requires no IT participation to implement”

As corporate Information Security professionals, does this really worry you? If you say yes, here is a list of applications to add to this,

Pownce “Pownce is a way to send stuff to your friends. What kind of stuff? You can send just about anything: music, photos, messages, links, events, and more.”

Qipit “Qipit turns camera phones and digital cameras into mobile copy centers so people can turn photographs or written and printed materials into scan-quality digital documents they can share and store on the go.”

Meebo “Meebo is a website for instant messaging from absolutely anywhere. Whether you’re at home, on campus, at work, or traveling foreign lands, hop over to meebo.com on any computer to access all of your buddies (on AIM, Yahoo!, MSN, Google Talk, ICQ and Jabber) and chat with them, no downloads or installs required”

Willselfdestruct “You can create a secure anonymous email message to a friend or colleague by entering their e-mail address and the message to see.”

The site goes on to say that “No messages or e-mail addresses are stored after the message has been viewed. We also do not log your IP address or any information about you, your message, or the recipient. Once sent, all data disappears forever.”

DocSyncer “DocSyncer automatically finds and syncs your document files to Google Docs and your DocSyncer account. DocSyncer monitors your documents for changes and syncs the updated files as well.”

YouSendIt “Our innovative service enables users to send, receive and track files, on-demand.”

These examples make a great case for deploying DLP and other monitoring solutions but understand that many of them offer ways to bypass monitoring by allowing the users to encrypt and password protect the channels and data.

iPhone Denial of Service Vulnerability

Securityfocus reports a new iPhone Denial of Service Vulnerability. This exploit causes a kernel panic, crashing the device.

Speaking of vulnerabilities Apple (QuickTime), Adobe (Reader) and Firefox all announced patches for application flaws.

How do we check for patches like these automatically? Check my earlier post on Secunia PSI

Yahoo Jukebox zero day

McAfee Avert Labs reports a Zero day Yahoo application vulnerability, a temporary workaround has been given if your anti virus does not recognize this.

Metasploit releases Version 3.1

This new version features a graphical user interface and full featured Windows interface. This also incorporates many other useful modules, the one I am particularly interested in testing is the Lorcon 802.11 packet fuzzing module.

One of the challenges we face as corporate Information Security professionals is educating the users and make them understand the various threats in the online world. No matter how hard you try some users don't get it and they keep doing the things that jeopardizes the security of the organization. They think that the various risk analysis we do are made up and done to create FUD and justify the costs for deploying the various security devices.

Here is an example of people still doing such things as logging into their bank accounts from public computers.

Hotel hacker confesses to Trojan mayhem

Privacy tips

Apart from some of the essential tools like antivirus, anti-spyware, firefox, personal firewall, here are some of the must have tools that will help you protect against the various online threats.

Secunia PSI - check my earlier post on this

DVDburn and CDburn from windows Resource kit - a very simple command line utility to burn CDs and DVDs

sysinternals tools - a very handy set of tools

ccleaner

md5summer - check my earlier post on this

windows update - keep up to date with hotfixes and service packs

sigverif - this is a windows xp tool which verifies the file integrity of the windows files that are digitally signed by Microsoft.

Other tips,

Don't login as Administrator or as an admin user. This is the primary reason how malicious code received via email or some other means gets executed.

Use the firefox extensions no script, refcontrol, safecache and safehistory. Also use the firefox feature to create seperate profiles, one for regular use and one while logging to banking and other financial sites. This is a great way to guard against CSRF attacks

It is also a good idea to enable logging (successful and dropped connections) on the Windows Firewall and periodically check for any unusual activity.

Banking Trojan

Symantec reports the emergence of a banking trojan capable of variety of attacks. Make sure the virus definitions are kept up to date

Privacy and MySpace

I have written multiple time about privacy and social networking sites and I don't recommend people add their profiles on these sites. However, I do welcome the recent announcement that calls for new protection for Teens and tools for parents. Some of the key principles are,

"making the profiles of 14 and 15 year old users automatically private and protecting them from being contacted by adults that they don’t already know in the physical world, and deleting registered sex offenders from MySpace. Examples of improvements MySpace will make include defaulting 16 and 17 year old users’ profiles to private and strengthening the technology that enforces the site’s minimum age of 14."

"MySpace will explore the establishment of a children’s email registry that will empower parents to prevent their children from having access to MySpace or any other social networking site."

"As part of the Principles, MySpace will organize, with the support of the Attorneys General, an industry-wide Internet Safety Technical Task Force to develop online safety tools, including a review of identity authentication tools."

More on expectation of privacy

More on my earlier post, do you expect any privacy on social networking sites? Here is another instance

http://www.startribune.com/local/west/13663951.html

Before registering at these sites (if you absolutely have to) I suggest you read their privacy policy.

I want to list some of the very important ones

• "Facebook helps you share information with your friends and people around you. You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join"

• "When you enter Facebook, we collect your browser type and IP address. This information is gathered for all Facebook visitors. In addition, we store certain information from your browser using "cookies.""

• "We recommend that minors over the age of 13 ask their parents for permission before sending any information about themselves to anyone over the Internet."

• "Facebook Beacon is a means of sharing actions you have taken on third party sites, such as when you make a purchase or post a review, with your friends on Facebook. In order to provide you as a Facebook user with clear disclosure of the activity information being collected on third party sites and potentially shared with your friends on Facebook, we collect certain information from that site and present it to you after you have completed an action on that site. You have the choice to have Facebook discard that information, or to share it with your friends."

iPhone Trojan

The first Trojan targeting the iPhone is out confirming my fears for 2008. More information here,

http://www.f-secure.com/weblog/archives/00001355.html

Critical Microsoft Security update

The first update of the new year from Microsoft starts with a critical update affecting all the Windows platforms. Microsoft lists two vulnerabilities on this Bulletin, the more critical one is the IGMP vulnerability which is enabled by default on all Windows XP SP2 machines. On corporate networks, even though IGMP could be blocked at the perimeter, a worm infected PC could be used as a jumping point to exploit other machines. So patch ASAP

More information here,

http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx

http://www.frsirt.com/english/advisories/2008/0069

Expectation of Privacy

When you register with sites like Facebook and Google Talk, do you expect any privacy? Check the recent news items from WSJ

"The program, which Facebook CEO Mark Zuckerberg unveiled last month, allows Facebook to track its users' activities, such as purchases, on third-party Web sites that partner with the social-networking site and broadcast them to the users' friends."

More here,

http://online.wsj.com/article/SB119687856122414681.html


"Last month, Google introduced a new feature that essentially guesses who your friends are—based on chatting habits in its Google Talk service, among other things—and automatically shows those people your shared items."

More here,

http://blogs.wsj.com/biztech/2008/01/02/the-hazards-of-using-google-reader/


These are some of the reasons why I don't put my profile out at these sites

MBR Rootkit

Prevx has identified a new Master Boot Record Rootkit, read their blog here

http://www.prevx.com/blog/75/Master-Boot-Record-Rootkit-is-here-and-ITW.html

Secunia PSI

One of the best ways to keep your PC safe is by regularly patching the applications, windows update patches the Microsoft applications but what about third party softwares like Adobe and WinZip? The answer is Secunia PSI, I have been using this for about 6 months now and the recent update has many new features which makes it a comprehensive tool for keeping all the applications in your PC up to date.

Once installed the software searches for all the installed packages and verifies if they need any software updates to make it secure. The software identifies what the updates are and provides you a link where the latest updates can be found.



The new version tracks the performance week by week and gives a score of how secure the applications installed in the system is.




Download and install the software today, it is a must have software for all the home PCs.