Re: [Full-disclosure] Disk wiping -- An alternate approach?

Enough noise, Lets wrap up: Someone said: "Forensics requires more than merely finding a phrase or file on a hard drive - it requires establishing the context. If a court accepts evidence without that context, then the defendant should appeal on the basis of having an incompetent lawyer." So, any

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

On Mon, Jan 25, 2010 at 14:11, wrote: > On Mon, 25 Jan 2010 20:03:03 -0200, Rafael Moraes said: >> This is a subject that need to be discussed very carefully. I agree, It >> should be "controlled", but, how far? > > In particular, one must be *very* careful to not create unintended > consequences

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

Rafael, Well, either Windows will no longer exist, or Windows will be the only thing that will exist. Remember, very few people in the government have the necessary technical knowledge to evaluate operating systems accurately. Therefore, they will rely on private industry for input. In practice,

[Full-disclosure] U.S. enables Chinese hacking of Google

http://edition.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1978-1 secur...@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 26, 2010

[Full-disclosure] [USN-890-4] PyXML vulnerabilities

=== Ubuntu Security Notice USN-890-4 January 26, 2010 python-xml vulnerabilities CVE-2009-3560, CVE-2009-3720 === A security issue affects the following Ubuntu releases: Ubunt

Re: [Full-disclosure] Disk wiping -- An alternate approach?

> I must suggest your experience is quite limited - the case below is not > unique: > Yes it is. Rarely do you get a group of 28 computer scientists to volunteer their time/money in a criminal case. Cheers, Michael Holstein Cleveland State University ___

Re: [Full-disclosure] [funsec] Corporate espionage in the news: Hilton and theOil industry

> > > Is anyone calling espionage by means of computers > > > cyber-espionage yet? I hope not. At least they shouldn't > call it cyber war. > > > > E-spionage? =P > > That is so great it is almost worth the fact that it will, > eventually, start to be used Can you put that up on Facebook so

Re: [Full-disclosure] Disk wiping -- An alternate approach?

On Tue, Jan 26, 2010 at 11:26, Michael Holstein wrote: > >> I must suggest your experience is quite limited - the case below is not >> unique: >> > > Yes it is. Rarely do you get a group of 28 computer scientists to > volunteer their time/money in a criminal case. > > Cheers, > > Michael Holstein

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Unknown malware? Infections recently deleted by A/V? The realm of data ownership is ridiculous. If I run an wifi AP with WEP or no auth, my router keeps no logs, and my computer is a host to malware then I would imagine that I cannot be convicted of a computer crime without verification by physica

Re: [Full-disclosure] Disk wiping -- An alternate approach?

On Tue, Jan 26, 2010 at 00:11, Charles Skoglund wrote: > This discussion is getting weirder and weirder. If an examiner finds > evidence on YOUR computer / cell phone / usb disks / whatever, please do > tell me how it's not necessarily yours? By claiming your computer has been > hacked? You do kno

[Full-disclosure] Paper: Weaning the Web off of Session Cookies

Hello, I've just posted a new paper some of you may be interested in: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf While it's primarily an argument for fixing HTTP authentication, it does contain information on a few weaknesses common in browsers, including

[Full-disclosure] [ MDVSA-2010:026 ] openldap

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:026 http://www.mandriva.com/security/

Re: [Full-disclosure] Disk wiping -- An alternate approach?

I should have brought up the increased density problem Valdis, excellent points. -Travis On Tue, Jan 26, 2010 at 1:26 PM, wrote: > On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said: >> Overwritten files require analysis with a 'big expensive machine.' > > Assuming a disk drive made this century, i

Re: [Full-disclosure] Disk wiping -- An alternate approach?

> Yes, but what if I overwrite the device with random data from the very > first to the very last byte? Suppose the size of the device hasn't > decreased I'd think that wear-levelling has no chance to spare blocks in > this case. > > Research paper on forensics for flash media : http://www.ss

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Hi, Am 26. Januar schrieb Michael Holstein: > No, wear-leveling (done at the memory controller level) will dynamically > re-map addresses on the actual flash chip to ensure a relatively > consistent number of write cycles across the entire drive. > > The only way to completely "wipe" a flash dis

Re: [Full-disclosure] Disk wiping -- An alternate approach?

On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said: > Overwritten files require analysis with a 'big expensive machine.' Assuming a disk drive made this century, if the block has actually been overwritten with any data even *once*, it is basically unrecoverable using any available tech. Proof: In a d

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Are you suggesting that consumer magnet-based storage solutions use the same technology that the recovery machines use to store more than one bit in what you consider a 'single bit location' ? I think it would be cost and space prohibitive, not dependent on any algorithm. If I'm thinking correctly,

Re: [Full-disclosure] Disk wiping -- An alternate approach?

2010/1/26 Michael Holstein : >> By the way, does somebody knows about the flash memory? >> Is zeroing a whole usb key enough to make the data unrecoverable? >> > > No, wear-leveling (done at the memory controller level) will dynamically > re-map addresses on the actual flash chip to ensure a relati

Re: [Full-disclosure] Disk wiping -- An alternate approach?

It would be a part of the algorithm, to make sure the overwritten file is readable. But if those machines get any smaller, I guess these would be the next generation of storage media take bluerays vs dvds for example. On Tue, Jan 26, 2010 at 5:11 PM, T Biehn wrote: > Overwritten files require

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Overwritten files require analysis with a 'big expensive machine.' I doubt they ever recover the full file. -Travis On Tue, Jan 26, 2010 at 11:04 AM, Christian Sciberras wrote: > I was thinking, since all this (reasonable) fuss on wiping a disk over 10 > times to ensure non-readability, how come

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Oh yeah, another note: If you use a chaining block cipher than you only need to wipe the first block to make the rest of your data unrecoverable. Most FDE's actually use a pw to decrypt the actual decryption key, that block functions much the same, if you can wipe that then the rest of the data is

Re: [Full-disclosure] Disk wiping -- An alternate approach?

Entropy vs zeros vs random content. Plausible deniability will only be there if there is legitimate data that looks like it's been used and the prosecutor cannot construe any of your data as that used for wiping or otherwise obscuring the data on your drive. If you don't have this you better reque

Re: [Full-disclosure] Disk wiping -- An alternate approach?

I was thinking, since all this (reasonable) fuss on wiping a disk over 10 times to ensure non-readability, how come we're yet very limited on space usage? If, for example, I overwrote a bitmap file with a text one, what stops the computer from recovering/storing both (without using additional space

Re: [Full-disclosure] Disk wiping -- An alternate approach?

> If the police or spies look for determined words or sentences > (presumed not encryptered), at an unknown point on an unknown layer of > the disk, it will be much easier for them to find it if the rest was > random data (or video or whatever) than if it was random text that can > have a meaning

Re: [Full-disclosure] Disk wiping -- An alternate approach?

> By the way, does somebody knows about the flash memory? > Is zeroing a whole usb key enough to make the data unrecoverable? > No, wear-leveling (done at the memory controller level) will dynamically re-map addresses on the actual flash chip to ensure a relatively consistent number of write c

Re: [Full-disclosure] [funsec] Corporate espionage in the news: Hilton and the Oil industry

> > Is anyone calling espionage by means of computers > cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. E-spionage? =P ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html H

Re: [Full-disclosure] e107 latest download link is backdoored

How they didn't noticed that, so obvious right? There're so many spam links on the source page. They should fix it ASAP and check logs for other possible modifications. 2010/1/26 Carsten Eilers : > Hi, > > Bogdan Calin schrieb am Mon, 25 Jan 2010 12:58:50 +0200: > >>The latest version of e107, ve

Re: [Full-disclosure] e107 latest download link is backdoored

Seems as if e107.org now is spreading some bad stuff: Virus/Spyware Mal/ObfJS-CB! - at least that's what Sophos is telling me Wondering why the admins of e107.org still keep this site up & running - the site should have been taken down right after they saw that it ws compromised. Irresponsib

Re: [Full-disclosure] e107 latest download link is backdoored

Hi, Bogdan Calin schrieb am Mon, 25 Jan 2010 12:58:50 +0200: >The latest version of e107, version 0.7.17 contains a PHP backdoor. >http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip The start page of e107.org, , contains suspect, probable malicious JavaScript-Co

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

Not even Linux or OSX for the matter On Tue, Jan 26, 2010 at 11:07 AM, Rafael Moraes wrote: > Valdis, > > That's the way The government must have a kind of protocol to allow OS > to be released. > I believe that Windows will no longer exist after that. LOL. > > 2010/1/25 > > On Mo

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

Valdis, That's the way The government must have a kind of protocol to allow OS to be released. I believe that Windows will no longer exist after that. LOL. 2010/1/25 > On Mon, 25 Jan 2010 20:03:03 -0200, Rafael Moraes said: > > This is a subject that need to be discussed very carefully. I

[Full-disclosure] Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability

== Secunia Research 26/01/2010 - Google Chrome Pop-Up Block Menu Handling Vulnerability - == Table of Contents Affected Software...

[Full-disclosure] Corporate espionage in the news: Hilton and the Oil industry

Corporate espionage in the news, and not just because of Google: Hilton and the Oil industry. Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, reg

[Full-disclosure] [SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1977-1 secur...@debian.org http://www.debian.org/security/Giuseppe Iuculano January 25, 2010

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

On Sat, Jan 23, 2010 at 08:57:12AM +0200, Gadi Evron wrote: >...(such as the Google attacks 0day apparently was) i hope m$ products have something to do with http://www.theregister.co.uk/2010/01/25/oil_companies_attacked/ Oil companies hit by 'state' cyber attacks, says report Petrol reserves data

Re: [Full-disclosure] e107 latest download link is backdoored

Here is my speculation on what happened: A few days ago, somebody found and exploited a e107 0day (for 0.7.16) on some websites. The e107 guys were informed about this and released 0.7.17 to fix this problem. However, at this point I suspect they were already hacked because they are running e107

Re: [Full-disclosure] Disk wiping -- An alternate approach?

This discussion is getting weirder and weirder. If an examiner finds evidence on YOUR computer / cell phone / usb disks / whatever, please do tell me how it's not necessarily yours? By claiming your computer has been hacked? You do know an examiner usually knows how to double-check your story for m

Re: [Full-disclosure] e107 latest download link is backdoored

If that is so, being silent on the matter is not good at all... On Tue, Jan 26, 2010 at 9:28 AM, Bogdan Calin wrote: > Here is my speculation on what happened: > > A few days ago, somebody found and exploited a e107 0day (for 0.7.16) on > some websites. The e107 guys were informed about thi