Archive for Security

Testdisk – a tool for data recovery for an external usb hard drive

My 120GB Western Digital external USB hard drive is dying a slow death. I have suspected for the past few weeks that there was an issue as it would be detected on a haphazard basis my Windows and Linux.Scandisk and chkdsk had revealed bad sectors and these had been patched so as to not to be used.

Yesterday morning it decided to not cooperate at all and refused to display its contents. I downloaded the Western Digital Diagnostic software for the drive and it confirmed my worse fears when it displayed a status of fail for the hard drive. Extended tests revealed numerous bad sectors.
Some urgent research was carried out a number of apps were downloaded and trialed. Diskgator looked promising as it was mentioned on a website as being free, it worked with the hardware, analysed the file structure and offered to restore the data if I purchased a single app for 69 USD. I decided not to and used stricter search filters to indentify an open source app.
TestDisk by CGSecurity caught my attention, the interface is ms-dos/linux which suited me fine, the app analysed the drive and detected that the boot sector was corrupt but the backup boot sector was fine. I instructed testdisk to copy the backup boot sector to the original which it did. The drive then appeared under windows and I am copying all the files I possibly can from the disk.
I think my trusty western digital drive’s days are numbered and after 2.5 yrs of hard labour it may soon meet its just reward in sector heaven.
Update – Recovery of data is ongoing, have decided to name the task Project Lazerus – bringing a usb external drive back from the dead.

Schneier: Many security products offered the feeling of being secure rather than actual security

Bruce Schneier told delegates at the RSA security conference in London that “For every supplier with a good product or service, there is at least one more out to make a quick buck before customers find out”
The over statement of particular types of threats and the use of your heart i.e a hunch rather than your head can result in the wrong product being selected. Even when the right product is bought the use of default or minimal configuration means that the product is not performing its role properly and the user has a false sense of security.

Looking forward to Cosac 2007

I will be attending Cosac in Killashee house tomorrow (Tue 25th Sept 2007). My expectations for this event are quiet high as it is costing my employer 909 euros for one days attendance.
I plan to attend the following talks.
0930 – 1015 It’s not about the technology Jim Gamble Child Exploitation and On-line Protection Centre
10.15 11.50 Anatomy of an Incident: An Interactive Workshop Lawrence D. Dietz Tal Global
1150 – 1300 A Unique Approach to Attack Trace-back Dr. Peter Stephenson Norwich University
14.00 – 15.10 Information Security Metrics is Coming of Age: Will You Be At The Party Gerry O’Neill Inforisca Services Limited
1530 – 1640 Self-Defeating Networks – Using NAC to Hack Aaron Earle AE&E Corporation
1650 – 1800 Strategic Roadmapping & Planning for Security, Risk & Governance – a Refresh Gerry O’Neill Inforisca Services Limited
1810 – 1900 Issues of the Day Hot Topic Forum John O’Leary Computer Security Institute

Confess that you have suffered a security breach and ask for forgiveness

This is what Boston College did in 2005 when it suffered a data breach. The full story including the details of the forensics and the team they had to put in place is presented in a Network World Article. This team included both legal and PR people as the 100,000 records of Alumni was affected. It turned out that it a rogue server in a utility closet was hacked. Boston College maintains that ethically they were obliged to tell the affected individuals. Even though the actual database wasn’t compromised a series of scratch files for bulk mailing had been.
What was interesting with regards to informing them was that they chose the traditional letter in the post signed by management option. They felt that this approach worked and helped to regain trust.
This example should server to highlight that customers needs should be placed first.

IEEE begins work on security standards for printers and copiers

The IEEE has begun work on a series of four security standards for printer, copiers and other hardcopy devices. The four new hardcopy-device standards projects are part of the IEEE 2600™ standards family and address security for these devices and systems in different environments. IEEE 2600 standards define authentication, authorization, privacy, physical and information security, and other security requirements in selecting, installing, configuring and using such devices.
IEEE Standards Press Release
The new projects are:

Read more

Storage Media Encryption launched by Cisco and RSA

A number of our BSc in IT Support students undertook research projects in the area of storage and encryption. Both these areas are merging in a number of different ways.
At EMC World in Orlando Cisco and RSA launched Storage Media Encryption. It runs on a Cisco Storafe Blade and uses RSA’s Key Manager technology to control access and deployment of encrypted systems.
Storage Media Encryption is being touted as an alternative to appliance-based approaches from Decru, NeoScale, Vormetric and CipherMax.
Initially, Storage Media Encryption will be available only for magnetic tapes. Cisco expects to roll it out by the end of the year. A subsequent release will extend it for use with other storage media.
Cisco will also offer an open API to develop key management.
The RSA Key Manager will ease deployment, management and operation of enterprise wide encryption. It is used to generate, store and broker access to cryptographic keys, and manage their life cycle.
Network World

IPv6 Tabloid Headlines

I am used to reading tabloid headlines about security and the internet. IPv6 has now become the latest victim to this particular type of sensationalist journalism. The Register reports on a potential flaw in IPv6 which if we are to believe could mean the end of the world.
IPv6 supports an extension header concept called the Type 0 Routing Header (RH0), which allows computers to tell IPv6 routers to send data by a specific route. My 3rd year datacomms students would tell you that this is known as strict source routing it is also supported in IPv4 in the TOS field of the header.
So what’s the fuss about? Well during a presentation at the CanSecWest conference on 18 April, researchers Philippe Biondi and Arnaud Ebalard pointed out that RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80.
“In rough terms, it makes everything we thought was bad, a thousand times worse,” Paul Vixie, president of the Internet Systems Consortium, said in an email interview with SecurityFocus. “It can be exploited by any greedy Estonian teenager with a $300 Linux machine.”
Now this is bad piece of PR on several fronts, a basic networking property is being hyped and Estonia is being bashed.
Could a greedy capitalistic American Kid attempt this?
Is Paul Vixie stating that only the Estonians have the ability to use IPv6?
Well I have news for you Paul, you better add Irish graduates to your list of potential list of IPv6 network hackers as they know how it functions.

Computer Networks Magasine special issue Web Traffic

TIPPINST – Elsevier’s magasine Computer Networks has a special issue on web traffic which may be of interest to the community.
Computer Networks Volume 48 issue 5 (5th Aug 2005)
Articles include
Web security
Pages 697-699
P. McDaniel and Aviel D. Rubin
Remote timing attacks are practical
Pages 701-716
David Brumley and Dan Boneh
A multi-model approach to the detection of web-based attacks
Pages 717-738
Christopher Kruegel, Giovanni Vigna and William Robertson
A testing framework for Web application security assessment
Pages 739-761
Yao-Wen Huang, Chung-Hung Tsai, Tsung-Po Lin, Shih-Kun Huang, D.T. Lee and Sy-Yen Kuo
SSL splitting: Securely serving data from untrusted caches
Pages 763-779
Chris Lesniewski-Laas and M. Frans Kaashoek
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Pages 781-807
Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra and Dan Rubenstein
XPref: a preference language for P3P
Pages 809-827
Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant and Yirong Xu

Despamming Movable Type Trackback pings

TIPPINST – A while back I wrote how I had managed to despam my blog using mt-blacklist. It turns out that my comments were being despammed but trackbacks were not. I discovered this morning that my site was riddled with trackback pings. It seems that I am not the only movable type user who suffers from this problem. One solution is to upgrade to movable type 3.0, if you don’t wish to upgrade another solution to consider is the plugin TrackBackAntiSpam which has been developed by James Seng
James describes the solution as simple one “if the incoming trackback does not come from the host as stated in the URL, we reject the trackback.”
The install is simple as only 1 file needs to be placed in the plugin folder.
Time will tell how effective it is.

Is Satellite the solution for broadband access for rural communities ?

TIPPINST- I commented earlier this week on the release of phase 1 community broadband figures. 43% of communities elected to use satellite as their preferred method of access. I was quiet surprised by the high adoption rate.
I can understand if you are in a rural area with no other option than to use satellite, what has me surprised are some of the benefits that you miss out on if you do choose satellite.
There are two big problems with satellite they are bit error rate and latency. The latter is usually more noticable than the former. From talking to people who have employed satellite in business and educational premises, they have remarked upon how it can be slow.
There is confusion as to how much latency there really is, point out that delay is 240ms (0.24 seconds) this is true based on the maths of calculating the length of time it takes a signal to travel from satellite earth station to another
(22300 miles uplink + 22300 miles downlink) / 186000 miles per second = 0.24 seconds (240 ms).
This answer however is deceptive as is does not take into account the additional time required for processing by electronic equipment at the originating, receiving, and repeater stations, which adds to the total delay. In practice, round trip transaction time can easily exceed 750 milliseconds
Satellite Internet access providers such as vsat systems are more open about the problem and point that the latency is in the 600 ms range , they offer tcp spoofing as a means to combat this problem.
So the 750 ms delay that satellite experience does have an impact on certain technologies, these include Voice Over IP (products such as skype), video conferencing and VPNS.
The phrase caveat emptor springs to mind when considering broadband products, all aspects must be considered. If VOIP, video conferencing and VPNS are not a requirement then satellite might well be the suitable choice for you.