security

473 Articles

Adeona: An Open Source Laptop Tracking System

July 26, 2008 by 24 Comments


Adeona is an open source internet-based laptop tracking system that is free to use. It’s available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer’s location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona’s system means that there’s ample opportunity to improve upon the release or add extensions. Here’s one user who really likes what he sees.

[via Schneier]

Five Plugins And Tips To Secure Your WordPress Blog

July 26, 2008 by 3 Comments


How do you protect your own blog from getting hacked? There’s never a foolproof answer, but with some added tools and caution, you can make your website a little safer from getting into harm’s way. Cats Who Code has five plug-ins and tips you can use to protect your WordPress install. Some of the tips are common sense advice that can apply to anything related to technology – such as making backups often and using strong passwords. Others include suggested plugins that can help you verify whether your WordPress install has any security holes, or small tricks to hide the version of WordPress you’re using. Do you have any useful plugins or tricks to share to keep your blog safe from hackers?

[via Digg]

Predictive Blacklisting With DShield

July 25, 2008 by 4 Comments


The DShield project is hoping to change how we protect our networks from malware with predictive blacklisting. Using a method similar to Google’s PageRank, DShield collects logs from network administrators to help develop a score based on maliciousness. They combine this score with information about where the malware has already hit to determine an overall threat level.

Similar to antivirus programs, the system still relies on networks being attacked to rate the threat level. They have shown though, that the predictive method is consistently more effective than manual blacklisting. The system has been available for free for the past year. Those utilizing the system have been reporting positive results. They do note that there are a few people whose network infrastructure doesn’t match up with the predictions very well. If you would like to participate, go to their site and sign up.

HOPE 2008: Methods Of Copying High Security Keys

July 24, 2008 by 4 Comments


[Barry Wels] is well known for his lockpicking talks, but this year he wanted to talk about how he copies high security keys. If a key blank is available, you could make a copy just by viewing the original. High security keys generally have profiles with more side cuts, which means you can guess at how deep a specific pin is by observing how many cuts it crosses. He also showed that you could imprint your arm with the key and use that as a guide. If a blank isn’t available, you could fill a similar key with solder and file that down.

[Barry] showed two different kits for casting keys. The first used soft clay in a clam shell to make an imprint of the original key. The form is then filled with a low melting point alloy (probably Wood’s metal) to create the new key. A second style uses a metal form and two part silicone to create the mold. This method works for most high security keys, but will not work on keys with active elements like sliders or magnets.

Finally, [Barry] talked about his favorite method: impressioning. Unlike picking a lock, when you’re done impressioning you have a funtional key. You start with key blank and file off the top layer. Place the blank in the lock and turn it till it jams. Then, you rock the key up and down. Observing the key under light you’ll see a small mark where each pin is. File a bit where the marks appear and repeat the process. You can’t use too much force or you might break the blank. This also works on dimple keys and as this video shows, laser cut keys. [Barry] highly recommends the impressioning book by [Oliver Diederichsen].

[photo: Rija 2.0]

Packet Trace Anonymization With PktAnon

July 11, 2008 by 5 Comments


If you’re a network researcher or systems administrator, you know that network traces are often necessary, but not easy to share with colleagues and other researchers. To help with both ease of use and handling of sensitive information, the Institute of Telematics has developed PktAnon, a framework that anonymizes network traffic.

It works by using a profile-based scheme that supports various anonymization primitives, making it easy to switch between different network protocols and anonymization methods. New primitives can easily be added, and several pre-defined profiles are bundled into the distro. The profiles are all XML-based.

Essentially, there are two major uses for network traces: anonymizing user traffic in order to research it, and anonymizing in-house usage, thus preventing the leakage of sensitive information. It’s a rather rigid scheme, but using profiles for this was a stroke of genius that made it a lot easier, more flexible, and as a result, more useful and powerful.

[via TaoSecurity]
[photo: mlpoulter]

Pirate Bay Hits The Road, Angles For Encryption

July 10, 2008 by 4 Comments


Piratbyrån and their hearties from The Pirate Bay are on a pan-European summer journey that will end at the Manifesta art biennial in Italy, but in the meantime they’ve been hard at work lobbying for total network encryption, a system that would protect users of a network (say, a P2P network) from deep packet inspection and other forms of activity analysis.

The system by which this will be achieved is called IPETEE, and it works by replacing the basic operating system network stack and doing all encryption and decryption itself. More details can be found in the IPETEE technical proposal.

Ars Technica pointed out numerous holes in the scheme, noting that most torrent apps already have encryption options. IPETEE applies to more than just torrents, though, so the larger problem is that encrypted packet still need source and destination IP addresses, meaning that one of the most crucial things you’d want to keep private (your destination site) is still accessible.

Major DNS Issue Causes Multivendor Patch Day

July 8, 2008 by 5 Comments


Earlier this year, our friend [Dan Kaminsky] discovered a major DNS issue that could allow hackers to compromise name servers and clients easily. The vulnerability involves cache poisoning, and [Kaminsky] plans to publish the full details of the vulnerability on August 6th. However, he has already begun his work to control it, alerting major authorities early on of the vulnerability.

As a result, engineers from many major technology vendors quickly began working on coordinated patches for DNS servers. The patches were all released today; vendors and a CERT advisory urge organizations to apply them today, before the vulnerability becomes common knowledge. More details on the DNS issue can be found in the executive overview (PDF file). [Rich Mogull] interviewed [Dan] for the Network Security Podcast. It doesn’t detail the attack but points out that services that use port randomization like OpenDNS are unaffected and that Bind8 is being deprecated.

UPDATE: Here’s the audio from this morning’s press conference.

[image: Flickr / d70focus ]