TrueCrypt Possible Hacking Technique

The guys over at The Invisible Things Lab have posted a possible attack vector on Truecrypt volumes using a modified bootloader that could possibly capture the volume password. If you have a computer that can boot (or be set to boot) from USB or if it has a possible accessible hard drive (my computer has neither), then it is possible for a hacker who has physical access to a box to possibly compromise it.

Take it as you may…

TrueCrypt Hacking Technique

Coding Break

Sorry guys, but I’ve been on a web programming spree the past few days that has kept me busy and away from researching and new postings. (Combined with helping a friend do network security work during the day…).

Network Forensics Puzzle Contest

While browsing the discussion board concerning a particular security conference currently underway today in Las Vegas, I came across an interest contest site that could be excellent in helping build ones forensic skills – The Network Forensics Puzzle Contest. They have a contest currently underway at the said conference that hasn’t been posted to the website, but it will be posted at a later time.

In general, the contest involves you analyzing a hard drive image and a network packet capture and find the answers to a series of questions based on what you find. Skills involved can include (but are not limited to) packet analysis, crypto, protocol analysis, dump file analysis, and even some rudimentary programming. It seems like it could provide a good challenge or contest for a network security group (or groups) to hone ones skill. Most of it is still over my head at this time, but I expect that I could probably do a much better job towards the end of the year when I get nitty-gritty into Network Communication and Security at school.

For more information on the Network Forensics Puzzle Contest, click on the button below:
Forensics Contest

P.S., while browsing the site and looking at Puzzle # 10, I found an “interesting” security podcast that I’m going to start following:
PaulDotCom Security Podcast Blog

Cleanup

I started cleaning up some of the old links on the site. Like most of my former MVP brethren, we mostly all stopped publishing information a few years ago. I have a few more people to add, but that is going to happen later this weekend.

Thank you for visiting.

Site Heads-Up: Public Key Encryption Series Starting Soon

This is a heads up notice that I will be starting a series describing how public key encryption works. Public Key encryption systems are in everyday use – ranging from your SSL connections in the browser to sending secure emails. A properly implemented public key encryption system can be difficult to break in a timely manner. In addition, the larger your key size, the longer it would take to theoretically break the key.

In order to do this and be able to keep the topic understandable, I will begin with a review of basic Discrete Mathematics concepts that are important in the discussion of Public Key systems. Discrete Mathematics is a realm of mathematics that computer scientists are required to study in order to accomplish many tasks. Most of the techniques used in Public Key encryption systems can be easily understood by people who have completed high school math.

Coming Soon:
Prime Numbers and Modulus Arithmetic

Warning: Update VirtualBox before Upgrading to Mountain Lion

Note to the wise:

If you are upgrading to Mac OS X Mountain Lion, make sure that your copy of VirtualBox is up-to-date.  If it isn’t, and if you are running a VBoxHeadless session to start a VM at login, you will be in a boot loop as the Mac will bugcheck and do a soft reboot.

That’s why if you visited my weather website this afternoon and didn’t see up-to-date information – my VBoxHeadless instance running my XP VM (for the Weather Station software) was causing a reboot.  All is fixed now.  :)

Tool: Cuckoo Sandbox (Malware Analysis Tool)

OK, today’s first tool came from Blackhat Conference underway right now.  Note that this isn’t a “blackhat” tool – it is a diagnostic tool for any investigator to determine exactly what a particular malware does – by tracking the following (from the Cuckoo Sandbox homepage):

  • Native functions and Windows API calls traces
  • Copies of files created and deleted from the filesystem
  • Dump of the memory of the selected process
  • Screenshots of the desktop during the execution of the malware analysis
  • Network dump generated by the machine used for the analysis

This tool runs under a Linux system of some type (the installation manual recommends Ubuntu) and requires that you use a virtualization system with it (KVM, VirtualBox, etc).  Will this entire system run as a VM guest?  I’m not sure on that one yet and I haven’t set up my home lab to test a scenario like that as of yet..  It works fine running locally on my system and using VBox.

Tool Information