Archive for November, 2006
Author: Dave Lewis
November 30, 2006 at 10:21 pm · Filed under News
I fully appreciate the need to monitor for nefarious characters to weed them off of flights. That part is a no brainer. But, according to an article today on CNN the DHS has been assigning scores to travellers without their knowledge via computer. These scores take into account various aspects such as destinations, nationality, seating preference and…meals?
The government gets advance passenger and crew lists for all flights and ships entering and leaving and all those names are entered into the system for an ATS analysis, said Jayson P. Ahern, an assistant commissioner of Homeland Security’s Customs and Border Protection agency.
He also said the names of vehicle drivers and passengers are entered when they cross the border and Amtrak is voluntarily supplying passenger data for trains to and from Canada.
These records cannot be challenged by the people affected and are apparently earmarked to remain on file for 40 years. US tax dollars hard at work.
Privacy advocates have gone all flippity over this one.
“It’s probably the most invasive system the government has yet deployed in terms of the number of people affected,” said David Sobel, a lawyer at the Electronic Frontier Foundation, a civil liberties group devoted to electronic data issues.
He continued, “Some individuals will be denied the right to travel and many the right to travel free of unwarranted interference as a result of the maintenance of such material.”
I’d better be sure not to sit in an aisle seat or order the vegetarian meal lest I end up in Gitmo.
Article Link
Tags: DHS, Airline Security, Traveler Privacy, EFF
Author: Dave Lewis
November 30, 2006 at 10:03 pm · Filed under How To
I was recently doing some work with the Toronto police and I came across an aspect of email that I have always taken for granted. Email headers are something that I have taken as obvious until I looked at it from the perspective of a non-technical person. If you have received an email from persons unknown and you need to find out where it came from the full headers would provide a great deal of information.
From a Mindspring help article on how to interpret email headers:
Tracing the edges of your email, hiding from untrained eyes, are the fingerprints of Simple Mail Transfer Protocol … the headers. Email headers contain quite a bit of information about a message that is not apparent at first glance. I can’t guarantee that you’ll be in there with the experts, but if you would like to learn a little more about where your email has been, and who really sent it, allow me to show you the basics of what your email headers may contain.
To see all message headers for Microsoft Outlook Express:
-Double click to display the message in its own window.
-Select File menu and select Properties.
-Click the Details tab to view the entire header.
-Cut and paste the header.
You can also view the entire message (headers and contents) with the “Ctrl-F3″ shortcut.
Microsoft Outlook 2003
Outlook (not to be confused with Outlook Express) is part of the Microsoft Office suite and therefore a popular mailer. To see message headers:
-Double click to display the message in its own window.
-Go to the View menu and select Options.
-Right click in the Internet Headers box and choose Select All.
-Right click again in the Internet Headers box and choose Copy.
Mozilla Thunderbird
Thunderbird is popular email client available for Mac, Windows on Linux systems and sometimes installed to replace vendor tools on other platforms. To see verbose headers:
-Select View menu and select Headers and then All.
Mail.app
This email client for Mac comes with OS X. In order to view headers in a Mail.app message:
-Select View -> Message -> Raw Source and this will show you the complete header information.
Visualware has a demo that will allow you to paste in header information and it will do the interpretation for you. But, be aware that there is no expectation of privacy to be had if you use this tool.
Tags: Email Clients, Email Headers, View Headers
Author: Dave Lewis
November 30, 2006 at 8:47 pm · Filed under Apple
This is hilarious and sad at the same time. Hilarious that Apple managed to sell a refurbished laptop loaded with porn and sad that the laptop was a gift for an 11 year old girl.
An Apple customer was shocked, shocked, when he bought a Macbook from the London Apple Store for his 11-year old daughter, and the desktop was full of pornographic JPGs.
Now, an interesting thought would be if this was a new line of adults only MacBook. Marketing for the JackBook could begin in earnest. 
Article Link
Tags: Apple, Refurbished Mac, Porn, JackBook
Author: Dave Lewis
November 30, 2006 at 8:22 pm · Filed under App Security
The folks over at MSNBC.com managed to get their hands on a US Secret Service memo that outlines a security problem with ATM machines. The report that was the subject of research by Algorithmic Research (ARX) in a paper (.pdf) was released a couple weeks ago. This outlined flaws in PIN security.
Using the methods outlined by the researchers, a hacker could siphon off thousands of PIN codes and compromise hundreds of banks, said Odelia Moshe Ostrovsky, the report’s principal author. Criminals could then print phony debit cards and simultaneously withdraw vast amounts of cash using ATMs around the world, she said.
For the full report please follow the link.
Article Link
Tags: ATM, Banking Security, PIN, Algorithmic Research, ATM Unsafe
Author: Dave Lewis
November 30, 2006 at 7:53 pm · Filed under Intrusion Detection
We recently heard rumblings about open source security provider Sourcefire might be going public. Today we here at Security Digest heard confirmation from their Canadian rep that the company will in fact be going public in 2007. This is some good news for the company after the US government blocked the attempted purchase by Checkpoint Software Technologies. This is an interesting IPO. Sourcefire is the first open source company to go public since 1998 and the first security vendor to go public since 2001.
“The SNORT® open source intrusion prevention and detection technology was created in 1998 by Martin Roesch, the founder of Sourcefire. With its dramatic speed, power and performance, Snort® quickly gained momentum to become the single most widely deployed intrusion prevention and detection technology in the world.”
Here is the link to their SEC filing. Here is a less than motivational quote from the “certain risk” section “As we have had operating losses since our inception and we expect operating expenses to increase in the foreseeable future, we may never reach or maintain profitability.”
Now, where’s my brokers number?
UPDATE: Wow, I really missed the boat on this one. People having been talking about this one for over a month now…sigh.
Site Link
Tags: Sourcefire, Checkpoint, IPO, Snort
Author: Dave Lewis
November 30, 2006 at 6:32 pm · Filed under Wireless
Well no. But, I frequently get into this discussion with some friends of mine. Some are wary of wi-fi as an unknown. Here is a great article on Guardian that delves into this question.
So for those of a scientific, and thus sceptical, demeanour, that means there’s no proof of any effects. That doesn’t mean, however, that people are making it up if they claim that they feel ill in a Wi-Fi network - as the author Kate Figes did last week. It simply means that there have been no scientific studies to investigate whether people who claim such symptoms are indeed affected by the electromagnetic radiation, or some other effect - or not at all, but just think they are.
Hmm, interesting. Read on.
Article Link
Tags: Wi Fi, Wireless, Wi Fi Sickness, World Health Organization
Author: Dave Lewis
November 30, 2006 at 6:20 pm · Filed under Physical Security
Engadget has a great post on lock picking.
I described a method of rapidly compromising the security of almost all of the pin tumbler locks in this country and just about everywhere else in the world. This technique was punctuated by the actions of an eleven year old girl that I interviewed at Defcon 14 in Las Vegas this past August. As a result, a tremendous amount of media coverage on the security (or more to the point the insecurity) of mechanical locks has been generated, achieving the purpose for which I and my associates decided to publicize the vulnerability: public awareness.
Read on.
Article Link
Tags: Locks, Lockpicking, Physical Security
Author: Dave Lewis
November 30, 2006 at 5:34 pm · Filed under Humour
The folks over at F-Secure are looking for some input on sticker ideas. I personally like “Tell me your password. It’s ok”
Article Link
Tags: F-Secure, Laptop Stickers, Geek Humour, Humor
Author: Dave Lewis
November 30, 2006 at 5:15 pm · Filed under SCADA Security
Yes, I’m serious. Not only must control systems be scanned, but they must be scanned aggressively to determine if servers and workstations can be taken down or have their integrity compromised.
We have been scanning control systems since 2000, taken many control system devices down, but never affected operations. There are only three reasons (and none of them acceptable) not to scan control systems.
- Lack of redundancy
- Lack of recovery
- Improper scanning methodology
An excellent post by Dale Peterson from Digital Bond. Read on.
Article Link
Tags: SCADA, SCADA Security, Control Systems
Author: Dave Lewis
November 30, 2006 at 5:08 pm · Filed under Forensics
According to Simon Perry, VP of Security for CA, with the
launch the Microsoft Vista platform, which will encrypt systems at the disk level by default. If successful investigation of a security breach relies on the data on a computer’s drive being accessible to an investigator, then locking out that investigator by encrypting the data means all bets are off. While encryption has been a capability for years, most people doing bad things don’t take the steps necessary to cover their tracks. Encryption by default means that without user credentials it will no longer be possible to investigate user behaviour at a disk level.
The result? Network forensics is rapidly becoming the next big thing in IT security.
And we have already seen a great deal of traction with vendors like Paraben and Guidance Software. The greatest threat these days (and this has been discussed for some time now) is the insider threat. We see issues time and again like the problem of USB devices and iPods in the workplace. Now as the technology improves we see the ability to tie products such as EnCase together with intrusion detection systems like ISS Siteprotector that will allow security staff to automate some of their responses. As well, we have the growing use of centralized logging. Now this is a practice that most (if not all) enterprises should really be leveraging. Not just for a tick box on an audit but, to be used for forensic investigation and troubleshooting. A couple of vendors that I like are Network Intelligence and ArcSight. None of this is new. Rather, this is something that is gaining a greater acceptance in the marketplace.
Some large organisations, particularly in the financial services sector, have had dedicated forensics departments for years, investigating activity such as employee fraud. Within the conventional law-enforcement community, the lack of expertise and resources for investigating computer crimes has meant private organisations have to take it upon themselves to investigate suspected cases of IT fraud or misuse, gathering the necessary evidence to take action against employees or hand over for prosecution.
For the rest of Perry’s article read on.
Article Link
Tags: Vista, Network Forensics, Insider Threat
Next entries »
Explore
Security Bloggers Network
