Friday, September 26, 2008

Security Humor: Ensuring Proper Installation

Users of McAfee's e-Policy Orchestrator know that MacOS integration requires you to run a shell script on the hosts. That script, install.sh includes the following missive to potential tinkerers:

"##DO NOT PUT ANYTHING AFTER __ARCHIVE_FOLLOWS__ UNDER ANY CIRCUMSTANCE (NOT EVEN WHITESPACE). YOU SHALL BE HANGED IF YOU DO"
I think I'll leave the file alone...

If you are attempting to locate the install.sh file as part of a VirusScan for MacOS ePO build, you can find the file on your ePO server at \Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\ Install\0409. You will need to run the script as root using install.sh -i as your command.

NACUBO: The FTC's Red Flag Rule Identity Theft Prevention Rule May Affect Colleges

The National Association of College and University Business Officers notes that the FTC's Red Flag rule likely applies to colleges. For security analysts, this means that your identity theft prevention procedures and policies may get a federally mandated update.

Two parts of the rule may apply to colleges - first, that users of consumer reports must develop reasonable policies and procedures when they receive notification from a credit agency that there is an address discrepancy. Second, that financial institutions and creditors holding covered accounts must develop a written identity theft prevention program for their accounts.

NACUBO points out that many of the activities and accounts offered by higher education might cause such organizations to fit the rule. These include Perkins loans, institutional loans, and other similar activities.

NACBU also provides a nice breakdown of the FTC rules. This is a good one to point out to your university administration if they're not aware of it yet.

Monday, September 22, 2008

McAfee to acquire Secure Computing

The AP reports that McAfee will acquire Secure Computing. That gives McAfee Secure's firewall and border appliance capabilities, and helps them to match Symantec's acquisitions of the past year. This follows Secure's recent sale of their Safeword division to Alladin, and was at a premium over Secure's current stock price.

Tuesday, September 16, 2008

Identity Theft and VISA giftcards

A recent news article shows another way to use a stolen credit card: write the magstripe to a gift card that won't be questioned when it is processed. In this case, the cards were used to purchase cigarettes, which are difficult to trace. The criminals' only mistake was returning to the place that they purchased the cigarettes to make a second transaction.

With magstripe encoders a commodity item, this is an easy way to avoid questions about a name not matching on a card. Small transactions in stores without cameras would make for a very difficult to trace crime.

Friday, September 12, 2008

IPhone Pwnage and bypassing the security code

Wired's coverage of Jonathan Zdziarsk's IPhone hack which I mentioned the other day notes that the Pwnage tool can be used in combination with a custom firmware to access the phone without the code. While a local only exploit, it does give forensic investigators a potential way into locked phones without using any special hardware. O'Reilly's webcast of the event is not available yet.

Zdiarski also spoke about the cache retained for fade transitions on the phone. These leave remnant data, which can be recovered, and would show data that users might expect would not still reside on the phone - anything on screen when a transition was prepared would be recoverable.

This emphasizes the need for a secure erase capability on the phone - something that is obviously lacking in the current implementation.

Monday, September 8, 2008

IPhone Firmware Hacking: Bypassing the Security Code

According to Gizmodo by way of Wired, "Jonathan Zdziarski will guide law enforcement personnel "and anyone else who has a need to access the not-so-readily available data on an iPhone" through the process of bypassing the passcode lock security using a custom firmware bundle during a 45-minute webcast on O'Reilly.com."

Depending on how this works, Zdiarski's bypass could be an interesting tool for those who need to do IPhone forensics, or simple data recovery. I'll try to catch the webcast for further detail.

Friday, September 5, 2008

DHS Daily Reports: Another Useful Feed

The Department of Homeland Security Daily Open Source Infrastructure Report is available in feed form at http://dhs-daily-report.blogspot.com - take a look if you're interested in seeing what the DHS is reporting on a daily basis for public consumption. The PDF form is available directly from the DHS at http://www.dhs.gov/xinfoshare/programs/editorial_0542.shtm.