Vanish: Expire your cloud data

Imagine being able to set expiration dates to all of your personally identifiable information on the cloud.  Think having gmail or yahoo messages go kaput after one year.  Think about your blog postings or comments left around the internet, are they even necessary and relevant in the future?  What about your Google Docs?  What about those Flickr and SmugMug accounts with family photos that you forget about.  Another great example is those college photo’s on Facebook when you were bonging a beer.

A group of graduate students the U. of Washington (congrats on defeating USC) are working on Vanish, a project aims to do exactly that.  Basically each of your expired messages, pictures, posts uses a unique encryption key.  That key is stored across the bit torrent network with a TTL set to your expiration date.  Once the expiration date is reached the torrents begin to die and the key is ruined.  Very slick, it’s too bad this couldn’t piggy back on the existing Tor infrastructure as well.

Schneier on “The Future of the Security Industry”

Excellent video online from the recent OWASP meeting by Bruce Schneier discussing the future of the security industry: IT Security becoming a commodity and starting to see it included with products and services instead of being provided by a third party product.  What does this mean for IT Security departments especially with the rise of cloud computing?  Security as a Service is starting to take off as well (Postini, Counterpane) — companies who handle your email/spam filtering on the cloud as well as firewall and IDS oversight.

Setting up Windows Honey Pot Shares

I recently setup a honeypot share on a Windows server.  I put some very “interesting” files and directories in there (financial information, PII etc) and then enabled audit logging in Windows.  There’s a very powerful but mostly unknown Windows tool called LogParser which can be used to query your System/Security event logs.  It’s possible to write a script that will query your system security log every so often and look for requests to the honey pot.  You can get very sophisticated using LogParser, a few hand written scripts, and the Windows Task Scheduler.

  1. Create the honeypot file share.
  2. Create sexy files in the share: bank_statement.pdf, password_list.txt, 08taxes.pst, gmail.doc, megan13.jpg, etc….
  3. Enable audit logging on shared folder.
  4. Install LogParser.
  5. Learn to use LogParser here: http://128.175.24.251/forensics/logparser.htm

Modern day Captain Crunch

Matthew Weigman — a fat, lonely blind kid who lived with his mom in a working-class neighborhood of East Boston. In person, Weigman was a shy and awkward teenager with a shaved head who spent his days holed up in his room, often talking for up to 20 hours a day on free telephone chat lines.

Like a comic-book villain transformed by a tragic accident, Weigman discovered at an early age that his acute hearing gave him superpowers on the telephone. He could impersonate any voice, memorize phone numbers by the sound of the buttons and decipher the inner workings of a phone system by the frequencies and clicks on a call, which he refers to as “songs.” The knowledge enabled him to hack into cellphones, order phone lines disconnected and even tap home phones.

Read the rest of the story here.