FBI’s Operation: Bot Roast
June 19, 2007

The FBI’s Operation: Bot Roast, claims to now have identified “about 1 million” botnet infected systems in the US. See also: http://www.fbi.gov/page2/june07/botnet061307.htm.

The announcements say all the right things, but the question as to how much substance is behind them is somewhat questionable in my opinion. The intentions may be there, so lets see what impact to botnet activity this program has. It would be interesting to know how the 1 million systems were identified. Have I missed something in my readings?

Other than that, there is some good introductory information in here for individuals and businesses alike.

Related Links:
http://www.dailyinfosec.net/
http://beastorbuddha.com/category/cyber-crime/

Comments (1)
Posted in: Forensics, cyber crime


Big Galoot Diatribe – Moths bred to become cyber spies….
June 18, 2007

The rantings of Craig Chapman, Computer Forensics Geek.

Now I don’t know about you, but this latest story on moths being bred with inbuilt remote sensing chips is bordering on the ridiculous, for a whole lot of reasons.

When I grew up watching Star Trek, the nasty ‘cyborgs’ were the ugly dudes with flesh growing around computer parts. The Cyborgs certainly weren’t moths (how uncool would that have been?). But, a mob of big-brained, cutting edge defence scientists, known as The Defense Advanced Research Projects Agency (DARPA) is apparently growing computer chips around insects for use in warfare surveillance. An ‘insect-cyborg’, they’re calling it.

Now I know what you’re thinking. You’ve gotta be kidding, right ?
No way, my cyborg friends. This is science-reality, not science fiction. The big-heads at ‘DARPA’, as they are known, are implanting computer chips in moths while still in the pupa stage. The moth grows around the chip and its nervous system can be controlled by a remote control.

Trotting out yet another sexy, defence techie acronym, the project is affectionately called the ‘Hybrid Insect Micro-Electro-Mechanical Systems’ (HI-MEMS) and it also includes outfitting other insects with miniscule sensors and a wireless transmitter which could send data from places inaccessible to humans.

“It is hoped by DARPA, that one day, a sensor-enabled insect with a 100-yard range could be placed within five meters of a target using electronic remote control and, potentially, Global Positioning System technologies.” From: http://government.zdnet.com/?p=3189

Now for the best bit: “Ultimately, the moth will be able to land in enemy camps in remote locations undetected and be able to beam video and other information back via what its developers refer to as a “reliable tissue-machine interface.” I say, stuff the enemy camps – I can think of a *far* greater application of this technology. Lets just say that I hope Paris Hilton’s bedroom windows have lousy flyscreens.

According to zdnet: “This latest development will allow the moth cyborgs to spy on enemy insurgents, and is the most advanced robotic technology ever conceived by DARPA.” Latest technology? Perhaps. A great idea doomed to failure ? I believe so.

In line with (much loved) rantings of Bruce Schneier http://www.schneier.com, the most advanced technology can often be defeated by the simplest and cheapest of means. So I have two words for the big tech-heads and their multi million dollar Hi-Mems cyborg insect project at DARPA….. ‘Pea-Beau’.

More articles on moth cyborgs:
http://www.foxnews.com/story/0,2933,276182,00.html

Comments (1)
Posted in: Big Galoot Diatribe, UFOs, cyber crime


Hello Mac…the ASA says you’re okay!
June 15, 2007

The UK’s Advertising Standards Authority recently released an assessment in response to complaints lodged against some of the MAC ads. (Gees they are good ads :-) ).

It’s worth a read. While you can argue some points, the realities are pretty much close to the mark. (says a new convert to MACs). It does still freak me that I don’t have any anti-virus or spyware software on my machine (coming from 17 years of running such software on all previous machines I have owned).

Comments (4)
Posted in: MAC Security


Lets just everyone check your sites….
June 13, 2007

Regular VA and network and web app penetration testing…just throwing it out there………in particular if you are an Australian tourist attraction. SMH again.

Seems like we have some amateurs giving the bad guys a bad name….pretty bad if Google’s able to pick you up guys.

Google Hacking?!……..why not Google VA?! – Remember where you heard it first!

Comments (4)
Posted in: Dumb Security, Web Application Security


Not the Opera House?!………
June 12, 2007

Interesting one from Patrick Gray today on the SMH news re: the Opera House site being hacked.

Nice to see our friends at Pure Hacking being called in to help. A good bunch of guys! As an aside, some people like their site so much, they’ve decided to……well…..this explains it all. What can you say?

Comments (0)
Posted in: Web Application Security


Disclosures in NZ…..momentum seems to be gathering….

As reported in the News side bar, the discussions/thought we have been driving in NZ is gaining momentum: http://www.stuff.co.nz/stuff/4091268a28.html

Stay tuned…..this seems to be a hot topic now in New Zealand up to Government layers.

Comments (0)
Posted in: Disclosure Laws


Big Galoot Diatribe – The Trojan Defence…the sleeping giant for computer forensics?
June 10, 2007

The rantings of Craig Chapman, Computer Forensics Geek.

A couple of recent cases, including http://www.securityfocus.com/news/11469 in the US have highlighted malware and trojans as an emerging problem for the computer forensics community – testing the validity of the expert evidence and calling into question the practise as a whole.

In this most recent case, problems emerged after a teacher was wrongly convicted following an
incident where her classroom PCs became infected with pop-up ads displaying pornographic images. The prosecution alleged that the pop-ups were caused by the teacher’s activity on her PC following expert testimony from a computer forensics detective.

Problems in the case emerged after the defence’s computer forensics expert successfully argued that a harmless hairstyling web site had actually re-directed the PC’s browser to pornographic sites, setting off a chain of offensive pop up ads (a sub-argument was also presented about access control).

With the benefit of hindsight, this case was perhaps more about poor forensics practises – the investigating detective was apparently not thorough enough.

But it raised a bigger issue: What about really hard-core trojans & malware? How do we prove that malware didn’t exist on a suspect’s system? Recent studies into the potential problems facing computer forensics community of malware\trojans\viruses suggests this problem is not going to go away any time soon.

Highlighting this problem, some conceptual tools developed by Security-Assessment.com and Joanna Rutowska from www.invisiblethings.org have shown the ability already exists for
malware to defeat ‘volatile’ memory forensics. Make no mistake, this is a big threat facing computer forensics practises and its ability to withstand rigorous cross-examination in the witness box.

The really big questions facing the computer forensics community right now
must be:

- How can the trojan defence be negated? and;
- What practises can be put into place by the corporate world to assist computer forensics ?

The nitty-gritty of ‘The Trojan Defence’ is that we don’t know what we don’t know. In other words, how do we prove that something (a trojan) didn’t exist?……The mere possibility of the existence of a trojan may itself be enough for a case to be thrown out, in the absence of any corroborating evidence.

The solution? (Is there any?)

In terms of hard-drive forensics, (and even perhaps volatile memory?) the ability exists to make a ‘known good’ copy of a system prior to it’s deployment & have it locked away in a safe. In an attempt to negate the trojan or malware defence argument, the ‘known good’ copy could be dragged out of the safe & compared to the original, and forensically examined for changes to that system. Operating system active processes, dlls etc could all be mapped & compared against those of the ‘known good’ system. This practise could also be a really good tool for very quickly detecting what is going wrong with a particular system when the IT Security guys are called in following an ‘incident’, say, an intrusion where their system became owned or whatever.

In reality though, this practise is unlikely to be adopted in the short term. But I’d be very interested to learn if some companies out there are already adopting the practises of having a secured, ‘known good’ copy for forensics or IT Security purposes. Has anyone heard of this being done ?

Or, perhaps someone has some other ideas about how ‘The Trojan Defence’ argument can be (relatively expeditiously) negated in a forensic manner ?

Comments (4)
Posted in: Big Galoot Diatribe, Forensics


Test before you buy…..
June 6, 2007

When buying a new car, you test drive it…….to see if it floats your boat and performs as you hope it will. A big factor is the security the car comes with nowadays. If you’re in the market for a Rex, Evo or the luxury sports models (I like my cars as you can tell), you expect the security now as standard, because you know you’re a target.

Why not do the same in terms of security of new applications you’re buying……in addition to ensuring the functionality is there which you do as standard? Hey, the analogy fits.

This story from SearchSecurity is worth a read, but somehow, it looks like the last part of the journo’s story has warped into another plane and has been replaced by the end of another article, (which looks interesting in its own right).

We are seeing this trend growing and that is good! The last thing anyone wants is this. But, unfortunately, there’s still more “this”.

Comments (4)
Posted in: Bad Developers, Dumb Security, Web Application Security


SA continues to drive thought leadership and debate around Data Breach Disclosure Laws
June 5, 2007

Peter Benson continues to be a leading voice in NZ for the introduction of disclosure laws, as covered in the News side bar and today’s Computerworld story.

You have to love Solicitor Michael Wigley’s comment; “Wigley described most of the “accepted use” policies he had seen as “shit”.”

Related story from previous post.

Comments (0)
Posted in: Disclosure Laws


Big Galoot Diatribe – Financial Darwinism
June 4, 2007

The rantings of Craig Chapman, Computer Forensics Geek.

To kick off my first article in beast or buddha – my controversial thoughts
on the victims of Nigerian email scams.

I have this theory about people who send their hard earned savings to
Nigerian email scammers in the hope of huge financial gains, but end up
losing the lot. What really amazes me is, these victims, many of whom are
presumably intelligent, and some of whom occupy highly paid positions
(lawyers, doctors, etc) send their money away – even *after* being told by
police that the whole thing is a scam & they’ll never see their money
again. Its truly incredible. Its mind-bogglingly stupid. I call this
phenomenon – Financial Darwinism. Survival of the financially fittest.
For the victims of these frauds, it seems making money is the easy part,
actually holding onto it is the tough bit.

What the Nigerian email scammers do is not rocket science. But they do
prey upon two very powerful human frailties – greed and stupidity. After
mass emailing their incredulous letters with offers of vast amounts of
money, the first part of the scam involves playing the percentages, ie, a
very small percentage of people will actually believe their incredible
letters instead of hitting the delete button (or having their spam filter
kill it before it hits their in box). Secondly, an even smaller percentage
of victims will begin to participate in their scam, continuously and
robotically sending money to them in the greedy and stupid hope of vast
riches. These are the people the Nigerians are targeting.

And it seems even in the face of losing their entire life savings, some
victims coldly refuse to believe they have been a victim of a Nigerian
email scam. That is, even after they’ve been presented with the factual
evidence by the investigating police. But we shouldn’t give the Nigerians
all the credit for preying on these human frailties. Preying upon greed
and stupidity has probably been happening for thousands of years. Look at
another recent example – poker machines.

Recent estimates in Australia suggests there are a lot of financially-dumb
people out there. In the State of Queensland alone, losses to Nigerian
emails is currently thought to run around $500,000 per month. We don’t
know for sure, but if the Queensland example is a representative figure of
humankind’s stupidity, it must be an awful lot of money when you consider
that Nigerian scammers are operating on a global scale.

All of which raises interesting questions about our species. Is there some
part of the human brain within some people that switches off all financial
common sense and logic ? Or perhaps, is there something within the
victims’ DNA that has a greed override switch, completely overriding
competing factual stimuli ? Looking at this phenomenon from a Darwinism
perspective – perhaps this phenomenon is really not so amazing, but simply
a case of financial evolution taking place. The dumbest of our species
will inherently lose their money and fail, the smarter will keep their
money and prosper.

See article -
http://www.computerworld.com.au/index.php/id;660142320;fp;16;fpid;2

Comments (5)
Posted in: Big Galoot Diatribe


« Newer PostsOlder Posts »