Friday 5 August 2011
Wednesday 9 March 2011
SSD firmware destroys digital evidence, researchers find Forensic analysis of drives by investigators now uncertain
By John E Dunn | Techworld
Published: 10:48 GMT, 01 March 11
A technology built into many new solid state drives (SSDs) to improve their storage efficiency could inadvertently be making forensic analysis at a later date by police forces and intelligence agencies almost impossible to carry out to legally safe standards, researchers have discovered.
The detailed findings contained in Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Discovery? by Graeme B. Bell and Richard Boddington of Murdoch University in Perth, Australia, will make unsettling reading for professionals in the digital forensics field and beyond.
After conducting a series of experiments comparing a sample Corsair 64GB SSD with a conventional Hitachi 80GB magnetic hard drive (HDD), the team found a layer cake of data recovery problems caused by the ‘garbage collection’ or purging algorithms used in SSDs to keep them at peak performance.
After examining an SSD for traces of data after it had been quick formatted, the team expected the purging routines to kick in around 30-60 minutes later, a process that must happen on SSDs before new data can be written to those blocks. To their surprise, this happened in only three minutes, after which only 1,064 out of 316,666 evidence files were recoverable from the drive.
Going a stage further, they removed the drive from the PC and connected a ‘write blocker’, a piece of hardware designed to isolate the drive and stop any purging of its contents. Incredibly, after leaving this attached for only 20 minutes, almost 19 percent of its files had been wiped for good, a process the researchers put down the ability of SSDs to initiate certain routines independent of a computer.
.... MORE HERE
Published: 10:48 GMT, 01 March 11
A technology built into many new solid state drives (SSDs) to improve their storage efficiency could inadvertently be making forensic analysis at a later date by police forces and intelligence agencies almost impossible to carry out to legally safe standards, researchers have discovered.
The detailed findings contained in Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Discovery? by Graeme B. Bell and Richard Boddington of Murdoch University in Perth, Australia, will make unsettling reading for professionals in the digital forensics field and beyond.
After conducting a series of experiments comparing a sample Corsair 64GB SSD with a conventional Hitachi 80GB magnetic hard drive (HDD), the team found a layer cake of data recovery problems caused by the ‘garbage collection’ or purging algorithms used in SSDs to keep them at peak performance.
After examining an SSD for traces of data after it had been quick formatted, the team expected the purging routines to kick in around 30-60 minutes later, a process that must happen on SSDs before new data can be written to those blocks. To their surprise, this happened in only three minutes, after which only 1,064 out of 316,666 evidence files were recoverable from the drive.
Going a stage further, they removed the drive from the PC and connected a ‘write blocker’, a piece of hardware designed to isolate the drive and stop any purging of its contents. Incredibly, after leaving this attached for only 20 minutes, almost 19 percent of its files had been wiped for good, a process the researchers put down the ability of SSDs to initiate certain routines independent of a computer.
.... MORE HERE
Tuesday 20 July 2010
WPA Cracker
http://www.wpacracker.com/
WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.
An Introduction
WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks. WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.
Monday 12 July 2010
Facebook to launch child safety 'panic button'
Facebook has announced it is to launch a "panic button" application on its social networking site.
The button, aimed at children and teenagers, will report abuse to the Child Exploitation and Online Protection Centre (Ceop) and Facebook.The application will also appear on their homepage to say that "they are in control online".
The launch follows months of negotiation between Ceop and Facebook, which initially resisted the idea.
Ceop, the government law enforcement agency tasked with tracking down online sex offenders, called for a panic button to be installed on social networking sites last November.
Bebo became the first network to add the button with MySpace following suit, but Facebook resisted the change, saying its own reporting systems were sufficient.
Pressure mounted on Facebook following the rape and murder of 17-year-old Ashleigh Hall by a 33-year-old convicted sex offender, posing as a teenage boy, who she met on Facebook.
Forty-four police chiefs in England, Wales and Scotland, signed a letter backing Ceop's call for a panic button on every Facebook page.
'Reassurance for parents' The agreement to launch a child safety application is the culmination of months of negotiation between Ceop and Facebook.
Jim Gamble, Ceop's chief executive, said in a statement: "Our dialogue with Facebook about adopting the ClickCeop button is well documented - today however is a good day for child protection.
"By adding this application, Facebook users will have direct access to all the services that sit behind our ClickCeop button which should provide reassurance to every parent with teenagers on the site."
Facebook's head of communications in the UK, Sophy Silver, told BBC News that the new app would integrate reporting into both Facebook and Ceop's systems.
"Both sides are happy of where we have got to," she said.
"We still have the Facebook reporting system and by having a pre-packaged application that users play an active part in, you not only help keep them safe, it makes all of their friends aware too, and acts as a viral awareness campaign.
"Ultimately though, this makes for a safer environment for users and that's the most important part," she added.
In addition to the online reporting application, a new Facebook/Ceop page is being set up, with a range of topics that, it is hoped, will be of interest to teenagers - such as celebrities, music and exams - and will link these subjects to questions about online safety.
http://news.bbc.co.uk
Thursday 20 May 2010
Quantum teleportation achieved over ten miles of free space
Quantum teleportation has achieved a new milestone or, should we say, a new ten-milestone: scientists have recently had success teleporting information between photons over a free space distance of nearly ten miles, an unprecedented length. The researchers who have accomplished this feat note that this brings us closer to communicating information without needing a traditional signal, and that the ten miles they have reached could span the distance between the surface of the earth and space.
"Quantum teleportation" is quite different from how many people imagine teleportation to work. Rather than picking one thing up and placing it somewhere else, quantum teleportation involves entangling two things, like photons or ions, so their states are dependent on one another and each can be affected by the measurement of the other's state.
When one of the items is sent a distance away, entanglement ensures that changing the state of one causes the other to change as well, allowing the teleportation of quantum information, if not matter. However, the distance particles can be from each other has been limited so far to a number of meters.
Teleportation over distances of a few hundred meters has previously only been accomplished with the photons traveling in fiber channels to help preserve their state. In this particular experiment, researchers maximally entangled two photons using both spatial and polarization modes and sent the one with higher energy through a ten-mile-long free space channel. They found that the distant photon was still able to respond to changes in state of the photon they held onto even at this unprecedented distance.
However, the long-distance teleportation of a photon is only a small step towards developing applications for the procedure. While photons are good at transmitting information, they are not as good as ions at allowing manipulation, an advancement we'd need for encryption. Researchers were also able to maintain the fidelity of the long-distance teleportation at 89 percent— decent enough for information, but still dangerous for the whole-body human teleportation that we're all looking forward to.
Science, 2010. DOI: 10.1038/NPHOTON.2010.87 (About DOIs).
"Quantum teleportation" is quite different from how many people imagine teleportation to work. Rather than picking one thing up and placing it somewhere else, quantum teleportation involves entangling two things, like photons or ions, so their states are dependent on one another and each can be affected by the measurement of the other's state.
When one of the items is sent a distance away, entanglement ensures that changing the state of one causes the other to change as well, allowing the teleportation of quantum information, if not matter. However, the distance particles can be from each other has been limited so far to a number of meters.
Teleportation over distances of a few hundred meters has previously only been accomplished with the photons traveling in fiber channels to help preserve their state. In this particular experiment, researchers maximally entangled two photons using both spatial and polarization modes and sent the one with higher energy through a ten-mile-long free space channel. They found that the distant photon was still able to respond to changes in state of the photon they held onto even at this unprecedented distance.
However, the long-distance teleportation of a photon is only a small step towards developing applications for the procedure. While photons are good at transmitting information, they are not as good as ions at allowing manipulation, an advancement we'd need for encryption. Researchers were also able to maintain the fidelity of the long-distance teleportation at 89 percent— decent enough for information, but still dangerous for the whole-body human teleportation that we're all looking forward to.
Science, 2010. DOI: 10.1038/NPHOTON.2010.87 (About DOIs).
Friday 14 May 2010
Single group did 66% of world's phishing
A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said.
The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for half the world's phishing attacks before fizzling out in late 2008. Driving the success of both groups is their use of state-of-the-art technology for mass-producing imposter websites and distributing huge amounts of crimeware for automating identity theft.
There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.
Curiously, Avalanche may turn out to be a victim of its own success.
"During an Avalanche campaign, it was not unusual for the target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time," the report stated. "As a result, Avalanche attacks had a much shorter average uptime than non-Avalanche phishing attacks, and community efforts partially neutralized the advantage of the fast-flux hosting."
White hats briefly shut down the Avalanche infrastructure in mid November, and ever since then phishing attacks generated by the group have dropped precipitously. Last month, the gang launched just 59 attacks, each one with a separate domain.
A PDF of the report is here. ®
By Dan Goodin
The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for half the world's phishing attacks before fizzling out in late 2008. Driving the success of both groups is their use of state-of-the-art technology for mass-producing imposter websites and distributing huge amounts of crimeware for automating identity theft.
"Avalanche uses the Rock's techniques but improved upon them, introducing greater volume and sophistication," the report, released by the Anti-Phishing Working Group, stated.
Central to Avalanche's success is its use of fast-flux botnets to host phishing sites. The use of peer-to-peer communications makes it impossible for a single ISP or hosting provider to to pull the plug on the infrastructure. The gang also excels at launching attacks from a relatively small number of domain names that often appear confusingly identical to each other, such as 11f1iili.com and 11t1jtiil.com. Those abilities also fuel the success.There were 126,697 phishing attacks during the second half of 2009, more than double the number in the first half of the year or from July through December of 2008, the APWG report said. Avalanche, which was first identified in December of 2008, was responsible for 24 percent of phishing attacks in the first half of 2009 and for 66 percent in the second half. From July through the end of the year, Avalanche targeted the more than 40 major financial institutions, online services, and job search providers.
Curiously, Avalanche may turn out to be a victim of its own success.
"During an Avalanche campaign, it was not unusual for the target institutions, the relevant domain name registrar(s), a domain name registry, and other responders and service providers to all be aware of the campaign and working on mitigation at the same time," the report stated. "As a result, Avalanche attacks had a much shorter average uptime than non-Avalanche phishing attacks, and community efforts partially neutralized the advantage of the fast-flux hosting."
White hats briefly shut down the Avalanche infrastructure in mid November, and ever since then phishing attacks generated by the group have dropped precipitously. Last month, the gang launched just 59 attacks, each one with a separate domain.
A PDF of the report is here. ®
By Dan Goodin
Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts
A Florida dentist lost $400,000 from his retirement account last year in this manner, and the FBI said the attacks are growing.
A spokeswoman for the Communication Fraud Control Association — a telecom industry organization — told Threat Level that although fraudulent transfers have been halted in a number of cases, the losses are increasing.
“I know it’s in the millions,” said Roberta Aranoff, executive director of the CFCA. “It has exceeded a million dollars easily.”
Last November, Robert Thousand Jr., a semi-retired dentist in Florida, received a flood of calls to several phones. When he answered them, he heard a 30-second recording for a sex hotline, according to the St. Augustine Record.
In December, he discovered that $399,000 had been drained from his Ameritrade retirement account shortly after he’d received the calls. About $18,000 was transferred from his account on Nov. 23, with a $82,000-transfer following two days later. Five days after that, another $99,000 was drained, followed by two transfers of $100,000 each on Dec. 2 and 4. The thieves withdrew the money in New York.
Thousand’s son, who shares his name, received similar harassing calls, though his financial accounts were not touched. Thousand did not respond to a request from Threat Level for comment.
The FBI says the calls were a diversionary tactic, meant to tie up Thousand’s line so that Ameritrade couldn’t reach him to authenticate the money transfer requests. FBI spokesman Bryan Travers said AT&T, Thousand’s phone carrier, contacted the agency’s New Jersey office to help investigate the matter. The agency has since seen at least 16 similar cases since November, most of them occurring in the last few weeks.
In some cases, the victims simply heard dead air when they answered their phone or heard a brief advertisement or other recorded message. Some victims had to change their phone numbers to halt the harassing calls.
The perpetrator who targeted Thousand created a number of VoIP accounts, which were used with automated dialing tools to flood the dentist’s home, business and cellphone with calls.
Generally in these cases, Travers said, the thief obtains the victim’s account information through some other means — perhaps through a phishing attack or other method — and then contacts the financial institution to change the victim’s contact information. In this way, the institution will call the thief instead of the victim to verify a money transfer request.
Many banks, however, now contact customers at their previous phone number when contact information on their account has changed.
But with these attacks, the institution’s calls are prevented from reaching the victim, whose phone is tied up with a flood of diversionary calls.
AT&T spokesman Marty Richter told Threat Level that the perpetrators then generally contact the financial institution posing as the victim to complain that a requested money transfer hasn’t gone through. When the institution discloses that it tried unsuccessfully to contact the victim to authenticate the transfer, the perpetrator says he’s been having phone troubles and verifies that the transfer should proceed.
Richter says that other telecommunication companies have been alerted to the problem and are warning customers when they call to complain about harassing calls that the issue may be related to their financial accounts. The victims are warned to place fraud alerts on their financial and credit bureau accounts and block any electronic fraudulent money transfers that may be in the works.
“This may appear to some people that they’re just having a connect issue with their phone carrier,” he said, “and we want to alert them that this may not be the case.”
Travers said that in most cases so far, the victims have acted quickly enough to prevent money from being drained from their accounts, but he says there may be many other cases that haven’t yet been reported to the FBI. He urged consumers who may have been victims to contact the FBI.
Read More http://www.wired.com/threatlevel/2010/05/telephony-dos/#ixzz0nt0tgdrn
By Kim Zetter
Subscribe to:
Posts (Atom)