Always wipe your devices/drives before selling them. The McCain campaign found this out the hardway.
Some people may never find out what they've released.
Defense in Depth, Medieval Style
15 hours ago
Monday, December 15, 2008
Implications of the Myspace Suicide case
Robert Graham raises some interesting points about the Myspace bullying/suicide case. He suggests that sometimes our personal views can cloud our judgment, leading to a bending of the law. Consider if he might be right. Accounts of jury reactions are noted elsewhere.
When reading about this case, try to think if the punishment achieves one of the four goals and consider the aftermath and what it might mean for you in the future.
When reading about this case, try to think if the punishment achieves one of the four goals and consider the aftermath and what it might mean for you in the future.
Doppleganger (again)
Related to a previous post on this subject, some might suggest that you're nobody unless someone is faking you
Sunday, December 14, 2008
Young people as a security threat?
Apparently the younger generation is seen as a threat:
Generation Y user behavior could endanger security of enteprise systems, studies say
Generation Y user behavior could endanger security of enteprise systems, studies say
Monday, December 8, 2008
Agent.btz visits the Pentagon
The Pentagon banned USB devices due to Agent.btz. While speculations run high, I particularly enjoyed this idea about how Agent.btz got on the network.
Friday, December 5, 2008
Your face is easy to fake
A Vietnamese security firm has demonstrated that facial recognition software can be spoofed. Enhanced pictures are used to bypass the software. Perhaps you should remove that Facebook photo now?
Perhaps we should move on to a more robust biometric system.
Perhaps we should move on to a more robust biometric system.
Wednesday, December 3, 2008
Linux vs Windows DOS commands
Here is a comparison between Windows DOS and Linux commands:
For more information on Linux commands check out this tutorial or this tutorial (scroll past the ssh stuff).
| Windows DOS | Linux/Cygwin |
|---|---|
| dir | ls |
| cd | pwd |
| cd [path] | (same) |
| cls | clear |
| copy [old] [new] | cp [new] [old] |
| del [file] | rm [file] |
| move [old] [new] | mv [old] [new] |
| tree | tree (Linux only) ls -R |
| mkdir [dir] | (same) |
| rmdir [dir] | (same) |
| help [cmd] | man [cmd] |
| type [file] | cat [file] |
| date /t | (same without /t) |
| time /t | date |
| netstat -an | (same Linux only) |
| netstat -rn | (same Linux only) |
| ipconfig /all | ifconfig -a (Linux only) |
For more information on Linux commands check out this tutorial or this tutorial (scroll past the ssh stuff).
Windows DOS Commands
In the last two classes we have been playing around with command line on windows. We learned a few useful commands:
| dir | list out files |
| cd | show current working directory |
| cd [path] | change to [path] directory |
| cls | clear screen |
copy [old] [new] | copies the old file to new |
| del [file] | deletes the file |
move [old] [new] | moves the old file to new |
| tree | shows the tree of the current directory |
| md | creates new directory |
| mkdir | creates new directory |
| rmdir [dir] | deletes directory dir |
| help | lists help information |
| type [file] | outputs file contents to screen |
| date /t | outputs date to screen |
| time /t | outputs time to screen |
| netstat | gives us network connection information |
netstat -an | -a: all connections -n: IP addresses |
netstat -rn | -r: routing information |
ipconfig /all | gives us network information |
Cygwin Installation
For class we used Cygwin which is a Linux-like environment for windows. Since most of you have Windows machines, this will allow you run tools that normally run under Linux/Unix environments.
The setup file is here.
When you download setup, double click it. You should see the following:
Press ``Next'' and choose ``Install from the Internet'' :
Choose where to install Cygwin (by default it is in C:\Cygwin):
Cygwin will create a directory in which it will store the its files during installation. After installation you can delete the folder. The default location is the desktop:
Select your internet connection. The default is OK:
Select a mirror (mirrorservice.org is good):
Press ``Next'' You should see the following:
Next you will see a list of packages you can download. By default these are organized by category:
If you press the plus signs on the left hand side, it will open up the category and you can select specific packages:
Here is a list of packages you need organized by category:
After you have made your selections, press next for installation to begin. This part is the actual installation, and may take some time. Just let it finish. After it finishes you will be asked if you want to create shortcuts on the desktop. Make sure to click Finish.
Running Cygwin
When you run Cygwin for the first time, it might take a little longer to start up. This is because it is configuring
a few more files for your environment. Then you should get a command line prompt that looks like:
You are now able to work on your programs at home on your windows machines.
The setup file is here.
When you download setup, double click it. You should see the following:
Press ``Next'' and choose ``Install from the Internet'' :
Choose where to install Cygwin (by default it is in C:\Cygwin):
 |
Cygwin will create a directory in which it will store the its files during installation. After installation you can delete the folder. The default location is the desktop:
 |
Select your internet connection. The default is OK:
 |
Select a mirror (mirrorservice.org is good):
 |
Press ``Next'' You should see the following:
Next you will see a list of packages you can download. By default these are organized by category:
 |
If you press the plus signs on the left hand side, it will open up the category and you can select specific packages:
 |
Here is a list of packages you need organized by category:
- From the Base category
- Everything
- From the Devel category
- Gcc: C, C++, Fortran compilers
- gcc-mingw: Mingw32 support headers and libraries for GCC
- gcc2: Version X.XX.X [whatever is latest] of C, C++, Fortran compilers
- gdb: The GNU Debugger
- make: The GNU version of the `make' utility
- mingw-runtime: MinGW Runtime
- openssl-devel: The OpenSSL development environment
- From the Editors category
- Nano: A pico clone text editor with extensions [works like pico]
- vim: Vi Improved – enhanced vi editor
- From the Interpreters category
- Perl
- Python
- From the Utils category
- until-linux: Random collection of Linux utilities
- file
- ELFIO
- From the Text category
- less: A file pager program, similar to more(1)
After you have made your selections, press next for installation to begin. This part is the actual installation, and may take some time. Just let it finish. After it finishes you will be asked if you want to create shortcuts on the desktop. Make sure to click Finish.
Running Cygwin
When you run Cygwin for the first time, it might take a little longer to start up. This is because it is configuring
a few more files for your environment. Then you should get a command line prompt that looks like:
You are now able to work on your programs at home on your windows machines.
Tuesday, December 2, 2008
Memory Images
Here's an XP memory image.
Edit 12/3/08: Here are some more XP images
Full Screen
To make it easier for you to sort through the output of Volatility I've written a little perl script to create an html report of running processes, open files and dlls.
This is not finished as there is more information that I would like to correlate from the output of Volatility. But if you are somewhat curious, this is what I have so far: vol2html.pl. You can see an example report here. The output files for this report and the perl script are bundled together here. There is minimal error checking.
To use, first redirect the output of Volatility for pslist, dlllist and files to text files:
Then feed the perl script these files:
Edit 12/3/08: Here are some more XP images
Full Screen
To make it easier for you to sort through the output of Volatility I've written a little perl script to create an html report of running processes, open files and dlls.
This is not finished as there is more information that I would like to correlate from the output of Volatility. But if you are somewhat curious, this is what I have so far: vol2html.pl. You can see an example report here. The output files for this report and the perl script are bundled together here. There is minimal error checking.
To use, first redirect the output of Volatility for pslist, dlllist and files to text files:
./volatility pslist -f mem.dd > pslist.txt
./volatility files -f mem.dd >files.txt
./volatility dlllist -f mem.dd >dlllist.txt
Then feed the perl script these files:
./vol2html.pl -pslist pslist.txt \
-files files.txt -dlllist dlllist.txt
Monday, December 1, 2008
Security Breaches
We've come to this topic in our class. So here are some links that should be useful for your notes:
What To Do if Compromised - Visa (pdf)
The Breach Blog (information about recent incidents)
IR Preparedness
Changing the Face of IR
Let the Class Action Suit Begin
What To Do if Compromised - Visa (pdf)
The Breach Blog (information about recent incidents)
IR Preparedness
Changing the Face of IR
Let the Class Action Suit Begin
MIT Boston Transit Talk
Last week we had discussed this talk and I said I would post a link. Make sure to check out the slides.
Article about this talk's cancellation
Enjoy!
Article about this talk's cancellation
Enjoy!
Subscribe to:
Comments (Atom)
