BREAKING
Looks pretty neat… for free…
…a tool that could take timeline analysis to a new level. That is to create a single tool that could parse various artifacts found on a suspect drive and include them in the timeline, a some sort of super timelining…
via log2timeline.
The Irrelevancy of Industry Accepted Malware Testing Standards
tan : June 30, 2010 4:34 pm : Breaking News
I have to say that DannyQuist has it right. The AV industry is not real world and not effective. The fact remains that the AV industry is about selling signatures, not about preventing malware from infesting your PC. The fact that they can take a finger print of what they’ve found “in the wild” is NOT proof that they are effective. It only proves that they are blinded by the model of selling signatures to customers. If they could detect bad behaviors or do more intelligent signature matches, they might actually pass the types of tests that DannyQuist is proposing. But the AV industry is happy to only protect you against yesterday’s threat, and keep playing casualty vampire to feed their need for more things to take signatures of.
The primary reason that the AV industry is so sensitive about their software is because it is not as effective as they would like you to believe. Case in point is the recent Anti-Malware Testing Standards Organization’s document titled Issues involved in the ‘creation’ of samples for testing. If you want to find a document listing all the hot-button issues that particularly perturb the AV community, here it is.
via The Irrelevancy of Industry Accepted Malware Testing Standards | Offensive Computing.
We are proud to announce that we are finally approaching a beta release of the first BackTrack Mobile operating system for the Nokia N900! The release will be public shortly before the Blackhat and Defcon conferences in July 2010.
via NeoPwn Mobile Pentesting – First Ever Network Auditing Distribution for a Mobile Phone Platform.
This looks like a really cool contest – other cons take note. There are all sorts of variations on this theme – who’s going to do the counterfeiting competition? I know one year HOPE held one with their badges – whether they realized it or not – LOL. I suppose counterfeit DEFCON badges would be… heh. It seems that this would be a great way for hacker spaces to participate in their local cons. I could see the Hackerbot labs folks doing an ariel photo intel competition similar to the oogle guys but based off their AHAB captures, at… Bluehat? LOL. Anyway, you get the idea – now get thinking!
There are various tamper evident technologies out there, including tape, seals, locks, tags, and bags, to name a few. This contest will test your ability to perform “defeats” (Described below) against a range of inexpensive commercial low to medium security products. I will list the exact products I am buying so you can go buy them as well to practice in advance if you want to.
via Dark Tangent’s Tamper Evident Contest RULES – Defcon Forums.
THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED (Washington DC) | Intelligence Squared US
tan : June 15, 2010 9:49 pm : Breaking NewsInteresting debate – it starts off all over the road but eventually gets to the point – that even though our new Cyber Czar talks about making us more secure, the policies he is pushing are not secure software, and not about shaking up an industry that perpetuates the problem. Instead they’re about establishing power for the government.
There’s also a great part in here where Mike McConnell says something about such powers having accountability behind them – much to the chagrin of the audience who DOES still remember the Bush administration. Turns out, the legislation he’s trying to push was something he was working on when he was at NSA, UNDER the Bush administration.
THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED (Washington DC) | Intelligence Squared US.
THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED from Intelligence Squared US on Vimeo.
So audio forensic techniques have only been around since Watergate and haven’t really progressed since then… until now. It would be very interesting to read up on the details but it appears that the “grid” has a fingerprint that constantly changes. It appears there is also a way to find this signature in an audio recording and that the signature is the same throughout a given electrical grid, at any given moment. So, no, they’re not listening in over your power lines as the Register headline had me concluding prematurely – this is just a way to authenticate that a recording happened at a certain time and I guess also, within a certain geography. I guess we need someone collecting up the data points off the U.S. grid.
ENF relies on frequency variations in the electricity supplied by the National Grid. Digital devices such as CCTV recorders, telephone recorders and camcorders that are plugged in to or located near the mains pick up these deviations in the power supply, which are caused by peaks and troughs in demand. Battery-powered devices are not immune to to ENF analysis, as grid frequency variations can be induced in their recordings from a distance.
At the Metropolitan Police’s digital forensics lab in Penge, south London, scientists have created a database that has recorded these deviations once every one and a half seconds for the last five years. Over a short period they form a unique signature of the electrical frequency at that time, which research has shown is the same in London as it is in Glasgow.
On receipt of recordings made by the police or public, the scientists are able to detect the variations in mains electricity occuring at the time the recording was made. This signature is extracted and automatically matched against their ENF database, which indicates when it was made.
The technique can also uncover covert editing – or rule it out, as in the recent murder trial – because a spliced recording will register more than one ENF match.
The Met emphasised that ENF analysis is in its infancy as a practical tool, having been used in only around five cases to date. Proponents are optimistic about its uses in counter-terrorism investigations, for example to establish when suspects made reconnaissance videos of their targets, or to uncover editing in propaganda videos.
Met lab claims ‘biggest breakthrough since Watergate’ • The Register.
HNN DOES NOT ENDORSE THESE NEWS ARTICLES AS VALID. WE SIMPLY AGGREGATE THE MOST INTERESTING HACKER RELATED NEWS STORIES OF THE DAY IN HOPE OF LETTING THE COMMUNITY SHAPE THE VIEWS THAT GO INTO HNNCAST. FEEL FREE TO LEAVE RESPONSES ON ANY STORY.
