This is a must read if you’re a pen tester or PHP developer. Some great things on PHP security including file include, upload vulnerabilities, command execution, and of course SQL injection…
Assault on PHP Applications
Author: Aelphaeis Mangarae
Date: June 13, 2009
There’s a new GPS forensics community starting up here: http://www.gpsforensics.org/ Some additional information can be found here: http://www.forensicswiki.org/wiki/GPS
I’m going to examine my Garmin 200W this evening. It looks like a simple text editor will reveal raw trip data including waypoints, date & time stamps, latitude & longitude coordinates and elevations.
Imagine being able to set expiration dates to all of your personally identifiable information on the cloud. Think having gmail or yahoo messages go kaput after one year. Think about your blog postings or comments left around the internet, are they even necessary and relevant in the future? What about your Google Docs? What about those Flickr and SmugMug accounts with family photos that you forget about. Another great example is those college photo’s on Facebook when you were bonging a beer.
A group of graduate students the U. of Washington (congrats on defeating USC) are working on Vanish, a project aims to do exactly that. Basically each of your expired messages, pictures, posts uses a unique encryption key. That key is stored across the bit torrent network with a TTL set to your expiration date. Once the expiration date is reached the torrents begin to die and the key is ruined. Very slick, it’s too bad this couldn’t piggy back on the existing Tor infrastructure as well.
Excellent video online from the recent OWASP meeting by Bruce Schneier discussing the future of the security industry: IT Security becoming a commodity and starting to see it included with products and services instead of being provided by a third party product. What does this mean for IT Security departments especially with the rise of cloud computing? Security as a Service is starting to take off as well (Postini, Counterpane) — companies who handle your email/spam filtering on the cloud as well as firewall and IDS oversight.
I recently setup a honeypot share on a Windows server. I put some very “interesting” files and directories in there (financial information, PII etc) and then enabled audit logging in Windows. There’s a very powerful but mostly unknown Windows tool called LogParser which can be used to query your System/Security event logs. It’s possible to write a script that will query your system security log every so often and look for requests to the honey pot. You can get very sophisticated using LogParser, a few hand written scripts, and the Windows Task Scheduler.
- Create the honeypot file share.
- Create sexy files in the share: bank_statement.pdf, password_list.txt, 08taxes.pst, gmail.doc, megan13.jpg, etc….
- Enable audit logging on shared folder.
- Install LogParser.
- Learn to use LogParser here: http://188.8.131.52/forensics/logparser.htm
Matthew Weigman — a fat, lonely blind kid who lived with his mom in a working-class neighborhood of East Boston. In person, Weigman was a shy and awkward teenager with a shaved head who spent his days holed up in his room, often talking for up to 20 hours a day on free telephone chat lines.
Like a comic-book villain transformed by a tragic accident, Weigman discovered at an early age that his acute hearing gave him superpowers on the telephone. He could impersonate any voice, memorize phone numbers by the sound of the buttons and decipher the inner workings of a phone system by the frequencies and clicks on a call, which he refers to as “songs.” The knowledge enabled him to hack into cellphones, order phone lines disconnected and even tap home phones.
Read the rest of the story here.
I previously wrote about Flash cookies which many folks are not aware of. Well, I’ve just stumbled across a great article which describes how to manage your Flash cookies and other settings. The “control panel” is located on Adobe’s website: Flash control panel.
If you navigate to the Global Storage Settings tab you can disable “Allow third-party Flash content…”
You can read the article here.
Update: There’s a forensic goldmine in C:Documents and Settings[username]Application DataAdobeFlash Player#SharedObjects