security

471 Articles

Yahoo! Employee Accused Of Involvement With Terrorists

October 7, 2008 by 15 Comments

[Mohammed Mansoor Asghar Peerbhoy], a software engineer at Yahoo!’s Indian facility, has been accused of involvement with one of India’s most-wanted terrorist organizations, the Islamic Mujahideen. According to investigators, [Peerbhoy] wrote and sent emails just before and after terrorist attacks in Delhi, Ahmedabad in Gujarat, and Jaipur in Rajasthan. [Peerbhoy] makes an unlikely suspect; he visited the U.S. on several occasions for work without suspicion, but authorities claim that he was a “mastermind” who hacked into wireless internet sites to send hostile emails. The local community and his family have rallied around [Peerbhoy], calling the arrest an attempt to “defame the Muslim community”. There are also claims that his arrest, and other similar arrests, were made to soothe political pressures and not based on any factual evidence.

[photo: josemurilo]

Helix V2.0 Released

October 2, 2008 by 20 Comments

Helix 2.0 has been released.  Helix is a collection of various tools for electronic forensics.  Just like on TV, you can use this to find all kinds of information on a computer.  Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.

You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3.  We have no idea why. Look at the download info to see that it says V2.0.

[Via Midnight Research labs]

System Admin Steals 20,000 Items From Work

October 2, 2008 by 32 Comments

Over the course of 10 years, [Victor Papagno] stole 19,709 pieces of equipment from the Naval Research Laboratory. He began taking stuff home in 1997 and had so much that he had to store some in a neighbors house. The report says that no secret technological information was taken.  Some items listed were CDs, hard drives, floppy disks, adding up to an estimated value of 1.6 million dollars. He could face up to two years in prison for this. We shudder to think of the total cost of all the post its, CDs, and floppy disks we’ve taken home over the years.

[via NetworkWorld]
[photo: Blude]

Remote Access Programs Are Good Security For Laptops

October 1, 2008 by 28 Comments

Don’t be [Gabriel Meija], the criminal pictured above. He stole [Jose Caceres]’ laptop, but didn’t realize that [Caceres] had installed a remote access program to track the activity on the laptop. Although the first few days were frustrating, as [Meija] didn’t seem to be using the laptop for anything but porn, [Caceres]’ luck turned when he noticed that an address was being typed in. [Caceres] turned the information over to police, who were able to find [Meija] and charge him with fourth-degree grand larceny. It’s not the first time that tech-savvy consumers have relied on remote access programs to capture the criminals who’ve stolen their computer equipment, and it certainly won’t be the last, as the technology becomes more readily available to consumers.

[via Obscure Store and Reading Room]

IPhone Forensics 101: Bypassing The Passcode

September 25, 2008 by 12 Comments

[youtube=http://www.youtube.com/watch?v=aaxSF9EOjxw]

Watch in wonder as forensics expert [Jonathan Zdziarski] takes you step by step through the process of bypassing the iPhone 3G’s passcode lock. Gasp in amazement as he creates a custom firmware bundle. [Jonathan], creator of NES.app a Nintendo emulator for the iPhone, is well respected for his work on opening the iPhone. In this presentation, he sheds some light on the forensics toolkit he helped develop for law enforcement agencies that we covered earlier.

LockCon Coming Soon

September 14, 2008 by 2 Comments

The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.

On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.

[photo: Rija 2.0]

IPhone Screengrab Issues

September 13, 2008 by 8 Comments

This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.

[via Gizmodo]