May 2009 Archives

The Polish Institute of Telecommunications have found a way to send hidden messages using the retransmission functionality of TCP and wrote a paper on the subject. As reported on Slashdot, it might help people to avoid Internet censorship, but as I see it this creates a new challenge when performing network forensics. A fun and interesting challenge, though :)

Sean, over at F-Secure, came with a brilliant idea to put passwords on post-its. No, seriously, not being sarcastic here!

"And once you write them down, put them in your wallet. Think about it. What else do you carry in your wallet? That's right, your bank cards. And your bank cards contain your account name and account number."

He continues to explore his idea by explaining you need a PIN to use the bank card, and suggests a similar way for creating 2-factor passwords in a really simple way. Take a generic part, identifying for example the website it's for, then add a hard to remember random part, and the last part you don't write down but you keep it somewhere in the back of your head and this part you use for all your passwords. Than insert that last part in a manner you only know into the other parts which you have written down, and there you go.

Of course now don't all go using the same naming convention he uses in the example, invent your own, otherwise it's still quite obvious that passwords starting with 'ama' are for Amazon and those with 'gma' are for GMail. Pretty clever idea, I wish I had thought of it.

Piotrbania.com released a boot CD, Kon-Boot, that allows logging in to Linux and Windows systems without knowing the password by virtually making the necessary modifications to the kernel during the boot process.

Both the Grand Stream Dreams and the TinyApps blogs have explored the use of the CD, and tried to determine if there was anything malicious about it, in the sense that it might install a rootkit or something. So far no bad stuff has happened yet, but of course test thoroughly before you want to use it yourself. I'll have a play with it as well, and think this could be a very nice tool in a forensic toolkit.

Darknet reported that a new release from Technitium MAC Address Changer is available for free download at the Technitium website.

I never came across a free tool that can change the MAC address in Windows, and didn't realise it was as easy as changing a registry setting! Anyway, a must-have for infosec people, but probably a nightmare for network forensics.

Via 8 Bits I discovered Forensic Innovations' blog. What especially interested me was that they found a method for detecting TrueCrypt (and other headerless) encrypted data. Up till now TrueCrypt containers were the hardest to detect, as they don't have a specific file header that gives away their presence. Forensic Innovations have created a tool to find these containers based on certain patterns they recognised, and included it in their FITOOLS kit as of version 2.23. Just use the 'Encrypted Data (Headerless)' option and let it search the hard disk. Of course it can't decrypt the container, but detecting it is nevertheless very very useful indeed. I wish I had this tool at hand during a certain practical exam for a forensics cert ;)

Looks like I missed another fun quote last week:

Often, we in Security need to deal with
C - Criticism
R - Rejection
A - A$$h0l3s
P - Pressure

By reader Ron W on the Andy ITGuy blog.

Found this nice quotes via 1 Raindrop, who in turn got it from someone on Twitter. It's SO true!