Friday, August 28, 2009

Defeating Acoustic Weapons

Wired covers the BBC show Bang Goes The Theory's designs to defeat acoustic weapons like the LRAD and other systems used to help protect cruise ships and for crowd control. As the article points out, simply defending from non-lethal systems may make users more of a target. Does this mean we'll see pirates attacking cruise ships while wearing giant fishbowl sound dampening helmets? Only time will tell...

Wednesday, August 26, 2009

Details: The Most Notorious Counterfeiter

Details has Albert Talton's story online - he produced over 7 million dollars in counterfeit bills using commodity hardware. An interesting story, and a great lesson about how even the Secret Service can have problems finding counterfeiters, and how easily some of our currency protections can be avoided. Talton's process was ingenious, if flawed - he used the same scan for every bill, making them easier to identify. In the end, a series of mistakes, including those made by those he recruited to help him resulted in his capture.

Thursday, August 13, 2009

Lessons Learned: Test Your Forensic Tools

Creative Commons attribution licensed image courtesy AlexWitherspoon

A recent call for a forensic drive copy which had to be done in a limited timeframe prompted a co-worker to dig out his USB to IDE/SATA bridge. Since we were asked to provide some time estimates, and to brush up on our imaging process, he ran a couple of tests on drives we keep for just those purposes. A quick boot of Helix on one of our laptops and he was ready to image the drive.

As you would expect, he dd'ed the drives, and then checked MD5 sums. For the first test on a small partition, the MD5 sums matched. For the second, larger partition, the MD5 sums didn't. That's not normal - and not something we frequently see. Testing showed that this appeared to be repeatable.

A repeat, with another USB bridge device returned a correct MD5 sum. If we had used the first bridge device for our image, we might have found out that our image wasn't provably correct hours after we began.

The moral of the story? Test any device you use for forensic imaging before you have to face a real event. It will help you provide realistic time estimates, allows you to test your process, and might just save your day.

As for the device? The manufacturer is sending a newer model - apparently this isn't an unknown issue.

Friday, August 7, 2009

The CompuTrace LoJack and Organizational Security Practices

Many of the usual security sites have picked this story up - ZDNet's Ryan Naraine covers Alfredo Ortega and Anibal Sacco's discovery of vulnerabilities and issues in CompuTrace LoJack for Laptops. The duo, both from Core Security Technologies, explain that the BIOS level theft recovery tool can be exploited allowing a persistent compromise. The fixed strings used in the program for remote connections make it an easier target - and worse, because it is a common security program, compromises of it pose an even greater threat - Naraine notes that it is whitelisted by AV vendors, meaning that in many cases a compromise may go unnoticed.

As a security professional, I now have to ensure that we track whether laptops are shipped with a BIOS level recovery tool, and I need to work with our desktop support staff to make sure that another utility gets patched. Since this ships on many laptops, we may not even be aware of its existence in many cases.

Is it a major threat? Probably not. Is it worth watching and preparing for? Quite probably. For now, I'll check our major vendors default installs so that I can advise the appropriate management members.

Thursday, August 6, 2009

Water Gate - Replacing Turnstyles Using Psychology

The Water Gate turnstile replacement that Yanko Design covers makes an interesting use of human psychology to make a turnstile that allows greater access and better response to emergencies. This looks like something that Bruce Schneier would appreciate. It gives up the ability to lock, preventing easy access, but has its own advantages.

USB Input Devices As A Threat Vector

Engadget, via OS News reports that the HardwareUpdaterTool for Apple keyboards can be used to make them into a keylogger. The video is a simple demonstration, but I know that most environments I'm in don't check their keyboard firmware versions and checksums. As our input devices become smarter, we may have to think about how we can keep their firmware and memory safe too.

Wednesday, August 5, 2009

Security Humor: McAfee DATs From The Future

McAfee's ePO central AV management tool can be quite useful. Today, however, it threw me for a bit of a loop when I logged in to find this:

Note the current DAT I have, and the DAT that ePO claims is current. The good news? If I can keep this up, I can really stay ahead of those pesky viruses.