I use Google Mail. While checking email today, I ran across this error message.
“Arrgh! The page has been corrupted. If you are running security or firewall software, you might have to disable it”
I stared at it for several seconds.
WTF? Who the hell decided the wording of this error message? Is that an actual recommendation from Google? Disable security software and firewalls when you encounter a momentary glitch in a web application?
The work on QRBG Service has been motivated by scientific necessity (primarily of local scientific community) of running various simulations (in cluster/Grid environments), whose results are often greatly affected by quality (distribution, nondeterminism, entropy, etc.) of used random numbers. Since true random numbers are impossible to generate with a finite state machine (such as today’s computers), scientists are forced to either use specialized expensive hardware number generators, or, more frequently, to content themselves with suboptimal solutions (like pseudo-random numbers generators).
[…]
To ensure high-quality of the supplied random numbers (true randomness) and high speed of serving, we have used fast non-deterministic, stand-alone hardware number generator relying on photonic emission in semiconductors. The used Quantum Random Bit Generator was previously developed at Rudjer Boskovic Institute, in Laboratory for Stochastic Signals and Process Research (for details, see below).
To achieve high availability of the service, several network access modes are developed, or shall be developed. These include transparent acquisition of random numbers using C/C++ libraries, web services (access over the SOAP protocol), and Mathematica/MATLAB client add-ons.
You can visit que QRBG site, download the client of your choice, and start getting true randomness in no time (registration required)
Talking about forensics…
The new Helix v1.9 version was released yesterday (see the CHANGELOG for the updated packages)
Download Helix v1.9 here.
There is an interesting article by Scott Berinato at CSOonline about the widespread use of “antiforensics” tools, and how they are changing the information security landscape in general, and the forensics practice in particular.
This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.
The concept is neither new nor foolproof, but in the past 12 months, forensic investigators have noticed a significant uptick in the use of antiforensics. This is not because hackers are making more sophisticated antiforensic tools, though some are. Rather, it’s because antiforensic tools have slid down the technical food chain, from Unix to Windows, from something only elite users could master to something nontechnical users can operate. What’s more, this transition is taking place right when (or perhaps because of) a growing number of criminals, technically unsophisticated, want in on all the cash moving around online and they need antiforensics to protect their illicit enterprises. “Five years ago, you could count on one hand the number of people who could do a lot of these things,” says the investigator. “Now it’s hobby level.”
The article describes some tools currently used, such as Timestomp, Slacker, Sam Juicer, etc. and how the “arms race” has moved from the disk to memory.
It would seem that the forensics practice is currently sitting at the bottom of a “trough of disillusionment“.
Some months ago I prepared a presentation about “Forensics in the Corporation” (sorry, only in Spanish!) which should have been really called “Why everything you learned at forensics training won’t be really useful in the real world”. And I didn’t include anything about antiforensics, just focusing on the technical, political and organizational challenges that big corporations pose to the forensics investigator.
The forensics practice is much too focused around the PC world. That is, you normally have physical access to the “suspect” machine, you can power it off or unplug it from the network, hard drive sizes are reasonable, and some expectations are always met. That is fine. This kind of forensics work… works! But mostly in the workstation/laptop world.
What about servers? Virtualization, huge storage capacities (SAN, NAS, RAID arrays, etc.), distributed systems (as in “distributed all over the world”), business critical systems that cannot be unplugged or turned off (come on, in how many LOB servers could you do such things?)
I’m sure the forensics practice will evolve in the following years. I’m sure it’ll be damn interesting to see.
Interesting 0-day vulnerability in Firefox when installed in a box already running Internet Explorer (i.e. all Windows machines).
Firefox installs three protocol handlers, which lack some basic input validation. It seems that IE is able to launch Firefox in such a way that arbitrary commands are passed onto the shell (with the privileges of the current user)
Read the details at Jesper’s blog.
This is cool.
The approach involves building a virtual SOHO network, which is in turn connected to a virtual Internet. Both the virtual LAN and WAN are populated with virtual machines. The suspected worm is introduced into this environment, and executed therein. The whole system is closely monitored as execution progresses in the isolated environment, and data is amassed describing what the suspected worm did as it executed. This data is then processed by the system in an attempt to automatically determine whether or not the suspect programming is performing actions indicative of a worm or internet-aware malware.
You can find the complete paper here: “An Environment for Controlled Worm Replication and Analysis“
From the International Herald Tribune:
Approval by the European Aviation Safety Agency means that, from September, passengers aboard Airbus aircraft outfitted with the OnAir system will be able to send and receive phone calls, SMS messages and e-mail messages while flying at altitudes above 3,000 meters, or 9,840 feet.
Cabin staff members will be able to turn off the system or restrict usage to text services like SMS, as they see fit.
This is a good idea. The rule against use of mobile phones while in flight has to be managed as any other risk, that is, modeling the threat, understanding the risk and mitigating it. The rate of change of technological and social environment means that these rules have to be reevaluated every so often. It certainly made no sense to keep early-80’s safety rules as if written in stone.
The provision against mobile phone usage below 3000 meters (during take off and landing) makes sense, although most people will continue to ignore it, as they do now.
This is funny and disturbing. Were they trying to make a point?
Taken in a Barcelona square named after George Orwell. The sign, in catalonian, says: “Area under surveillance”
Seen at this blog.
I’ve just discovered a new security-oriented LiveCD distro called WiFiSLAX, which is basically a remastered Backtrack geared towards 802.11 wireless audits and pentest. It is oriented to Spanish-speakers, and includes support for most wireless card drivers and the latest 802.11 pentest tools.
In the website there is information regarding the supported drivers list, included applications, and bluetooth-related stuff, some videos demonstrating its use, as well as a PDF presentation which explains all features and which tools you will find there. All in Spanish, by the way.
Download the ISO image from here.
I’ve just found this while browsing public del.icio.us links tagged with “security” (you’d be surprised at how much interesting stuff can be found there).
This is such a great idea. Harnessing the power of humans solving CAPTCHAs so perform accurate OCRs of print books. Stop the web-SPAM problem and help digitize books!
“About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that’s not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day.”
[…]
“reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.
But if a computer can’t read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here’s how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.”
They have plugins for all major blog/board systems, and I plan to give the Wordpress plugin a try!
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
