Last 50 'Forensics' Tagged Posts

Security Industry Plagiarism: Finding 3 examples in 5 minutes with Google

UPDATE: One of the authors has posted two responses including an apology (accepted). I was taught in grade school that if you plan on writing something, never plagiarize. If you want to republish portions of existing content ensure you properly quote/reference them, and never represent this content as your own original work....

Paper: Feasibility and Real-World Implications of Web BrowserHistory Detection

Artur Janc and Lukasz Olejnik have published a whitepaper outlining CSS history techniques along with results of what they found from real world users. From the whitepaper"Browser history detection through the Cascading Style Sheets visited pseudoclass has long been known to the academic security community and browser vendors, but has been largely...

Generic Remote File Inclusion Attack Detection

"A big challenge for identifying web application attacks is to detect malicious activity that cannot easily be spotted using using signatures. Remote file inclusion (RFI) is a popular technique used to attack web applications (especially php applications) from a remote server. RFI attacks are extremely dangerous as they allow a client to...

Metasploit Decloaking Engine Gets User's Real IP

"This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed." Essentially this uses...

FBI CIPAV Spyware Snaring Extortionists and Hackers for Years

"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed...

IT admin plotted to erase Fannie Mae Data

"A fired computer engineer for Fannie Mae has been arrested and charged with planting a malicious software script designed to permanently destroy millions of dollars worth of data from all 4,000 servers operated by the mortgage giant. Rajendrasinh Babubahai Makwana, 35, of Virginia, concealed the Unix script on Fannie Mae's main administrative...

Heartland Sniffer Hid In Unallocated Portion Of Disk

"The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic investigators...

Single drive wipe protects data, research finds

An article at securityfocus claims a single drive wipe is enough to prevent electron microscopes from recovering drive data. "A computer forensics specialist has a message for security-minded computer users: A single wipe will make drives impossible to read. In research published on Thursday, auditor Craig Wright tested the ability of a...

FBI issues code cracking challenge

"The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said. A number of sites host such cipher challenges,...

Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations

David Litchfield has published a new tool and paper on forensics on Oracle Databases. From his email to the Websecurity mailing list. "I've just posted a new tool and paper for Oracle forensics. The tool, orablock, allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's...

Oracle Forensics Papers Released

David Litchfield has published multiple papers on Oracle Database Forensics. From his site "Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security...

Decoding Javascript Malware

One of the SANS guys drafted up a quick document on decoding Javascript malware providing four methods. Good read. Article Link: http://handlers.sans.org/dwesemann/decode/index.html

MRTG for Intrusion Detection with IIS 6

I found this interesting article on securityfocus which explains how to use mrtg (a popular traffic monitor tool) to monitor intrusion attempts against a IIS 6.0 machine. "But MRTG is also a very effective intrusion detection tool. The concept is simple: attacks often produce some kind of anomalous pattern and human brains...