The guys over at The Invisible Things Lab have posted a possible attack vector on Truecrypt volumes using a modified bootloader that could possibly capture the volume password. If you have a computer that can boot (or be set to boot) from USB or if it has a possible accessible hard drive (my computer has neither), then it is possible for a hacker who has physical access to a box to possibly compromise it.
Take it as you may…
TrueCrypt Hacking Technique
Sorry guys, but I’ve been on a web programming spree the past few days that has kept me busy and away from researching and new postings. (Combined with helping a friend do network security work during the day…).
While browsing the discussion board concerning a particular security conference currently underway today in Las Vegas, I came across an interest contest site that could be excellent in helping build ones forensic skills – The Network Forensics Puzzle Contest. They have a contest currently underway at the said conference that hasn’t been posted to the website, but it will be posted at a later time.
In general, the contest involves you analyzing a hard drive image and a network packet capture and find the answers to a series of questions based on what you find. Skills involved can include (but are not limited to) packet analysis, crypto, protocol analysis, dump file analysis, and even some rudimentary programming. It seems like it could provide a good challenge or contest for a network security group (or groups) to hone ones skill. Most of it is still over my head at this time, but I expect that I could probably do a much better job towards the end of the year when I get nitty-gritty into Network Communication and Security at school.
For more information on the Network Forensics Puzzle Contest, click on the button below:
P.S., while browsing the site and looking at Puzzle # 10, I found an “interesting” security podcast that I’m going to start following:
PaulDotCom Security Podcast Blog
Happy SysAdmin Day 2012 today on July 27, 2012. :)
I started cleaning up some of the old links on the site. Like most of my former MVP brethren, we mostly all stopped publishing information a few years ago. I have a few more people to add, but that is going to happen later this weekend.
Thank you for visiting.
This is a heads up notice that I will be starting a series describing how public key encryption works. Public Key encryption systems are in everyday use – ranging from your SSL connections in the browser to sending secure emails. A properly implemented public key encryption system can be difficult to break in a timely manner. In addition, the larger your key size, the longer it would take to theoretically break the key.
In order to do this and be able to keep the topic understandable, I will begin with a review of basic Discrete Mathematics concepts that are important in the discussion of Public Key systems. Discrete Mathematics is a realm of mathematics that computer scientists are required to study in order to accomplish many tasks. Most of the techniques used in Public Key encryption systems can be easily understood by people who have completed high school math.
Prime Numbers and Modulus Arithmetic
OK, here is my second round of tools. This time it is for diagnostics and security of IPV6 connections.
These files are source-based so they need to be compiled by a C compiler (gcc, etc). These files are intended to be compiled and run on a UNIX/Linux system.
Tool Information. Download Tool
Note to the wise:
If you are upgrading to Mac OS X Mountain Lion, make sure that your copy of VirtualBox is up-to-date. If it isn’t, and if you are running a VBoxHeadless session to start a VM at login, you will be in a boot loop as the Mac will bugcheck and do a soft reboot.
That’s why if you visited my weather website this afternoon and didn’t see up-to-date information – my VBoxHeadless instance running my XP VM (for the Weather Station software) was causing a reboot. All is fixed now. :)
OK, today’s first tool came from Blackhat Conference underway right now. Note that this isn’t a “blackhat” tool – it is a diagnostic tool for any investigator to determine exactly what a particular malware does – by tracking the following (from the Cuckoo Sandbox homepage):
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis
This tool runs under a Linux system of some type (the installation manual recommends Ubuntu) and requires that you use a virtualization system with it (KVM, VirtualBox, etc). Will this entire system run as a VM guest? I’m not sure on that one yet and I haven’t set up my home lab to test a scenario like that as of yet.. It works fine running locally on my system and using VBox.
Hey everyone. Guess what?
I’m ready to relaunch the Network Blog!!!
So where have I been? A lot of changes have taken place in my life since my last posting. I have left my job as IT Manager and Engineer at the company I was working at for 16 years and have decided to go back to school and get a Masters degree in Computer Science specializing in Networking and Security. I’m no where near done (working on CS and EE undergraduate pre-requisites right now which requires me to not pursue full-time employment at this time), but I’ve learned much and have a much better appreciation for the lower-level technologies that I have barely understood in the past. To keep my IT chops up to date, I’m currently doing contract IT work as time allows which has presented me with much greater challenges and opportunities to learn that what I was able to accomplish at my original job.
So, expect a change in the focus of the blog. I’ll keep things at a level for both small business IT people and will attempt to teach some more technical concepts at a level for everyone to understand. I’m going to go much more in depth in security (my specialty) and will also bring back tidbits that I’ve learned from school and the real world. I’ll also be posting on tools as I find them.
Please feel free to send me feedback anytime and I’ll do my best to accommodate suggestions for improvements.
Again, thank you for reading.