Infosec Blog: 2010

Friday, November 19, 2010

Diving into windows registry for forensic data

As a forensic examiner, looking at a cloned system for possible timestamps of a drive-by-download attack, windows registry has some small foot holes to gather evidence (real or not). Atleast, will surely give an idea about how, when the attack has happened. Trusting the system time was intact and all the sole purpose for this exercise was to learn, having a look at registry keys armed with some freeware tools provide some data. Correlation plays a key role in identifying how and when the devices were connected to the system.

Freeware tools used to achieve the above are:
USB Device Viewer - A tool which provides a complete history of all removable devices connected to a Windows based host.
http://www.nirsoft.net/utils/usbdeview.zip

Direct Registry Browser from
http://www.sysdevsoftware.com/soft/dreg.php which can be used to browse the registry in case of offline image based forensic analysis.

Registry Browser from SoftSpot Software.
http://www.softspotsoftware.com/pages/downloads/RegBrowser.zip which can be used to view the timestamps on the registry key. There is a Nirsoft tool to view the same, but I prefer using this software.

And lastly, the infamous ProcMon from Microsoft Sysinternals Lab.
The latest version can be downloaded from http://live.sysinternals.com/Procmon.exe
It can used to get knowledge about the registry keys being accessed during the use of the above tools.
Tip: Set a filter on the process names to reduce the output while using the above tools.

The rest is left as an exercise to the readers (??!!!) as how find out the usb devices connection time and et all!

Happy forensics!

Wednesday, September 8, 2010

Installing IE8 without the usual update process, scanning and et all!

I recently had a requirement where I had to test an application in Internet Explorer 8, but the rig had only Windows XP SP2 with IE6. When tried installing IE8 using the official installation, it was prompting to install a bunch of updates, malware scanning and was taking forever. Thought for a moment and tried the following steps which worked:

Downloaded the IE8 installation from Microsoft.com
Used the Universal Extracter and extracted the IE8 installer executable to a directory
Copied the complete extracted directory to a thumbdrive and moved it to the testing rig
Executed the iesetup.exe inside the update directory

Double clicked on the iesetup.exe and voila! Internet Explorer Installation screen greeted with the usual update option. Neglected the warning, options and clicked on install Internet Explorer 8.

After a few minutes, the system requested a reboot and IE8 was up and running.

Wednesday, July 21, 2010

Truecrypt 7.0 gets Hardware Acceleration and more

Truecrypt - The free open source encryption tool which gives many commercial encryption tool providers to run for their money has once again proved it's worthiness! Just released Version 7.0 has got some really commendable features such as Hardware-accelerated AES, Auto Mounting of the encrypted volumes and partition/device-hosted volumes to utilise different sectors sizes. Though hardware-accelerated AES is currently applicable only for Intel Core i5 and Intel Core i7 processors, it is worthwhile to enable it because it provides up to 4-8 times faster performance compared to the normal open source version of the AES implementation.
It uses the embedded AES-NI (aka "AES New Instructions") instruction set for performing the crypto operations, but it is clear that the key generation does not use the AES-NI Instructions. (Thank god! :))
Check out more from http://www.truecrypt.org/
Use this amazing tool to safe guard your data be it confidential or not! You'll agree with me if you have the habit of carrying your portable Operating systems, Tools sets, Working data and Documents on multiple USB thumb drives wherever you go/roam! :)

Tuesday, July 13, 2010

Netsparker provides Free Web Application Vulnerability Scanner! No strings attached!!

While companies charge a hefty amount for web vulnerability scanners, Netsparker has made a difference by offering one of the best vulnerability scanner for free! (Free as in Free Beer! :)) No strings attached. The community edition of Netsparker Web Application vulnerability scanner is available for download. The community version too boasts the unique features of the commercial edition which includes False Positive Free, Javascript / AJAX / Web 2.0 support, SQL Injection, Cross Site Scripting.

It can be downloaded from: http://www.mavitunasecurity.com/communityedition/download/ site.

Metasploit 3.4.1 Released!

Metasploit - One of the most widely used penetration testing framework has released the Version 3.4.1 with adding 16 exploits, 22 auxiliary modules, and 11 meterpreter scripts. All 587 exploit modules have been updated to include the Disclosure Date field. Major features added since 3.4.0 include the RAILGUN meterpreter extension by Patrick HVE and the PHP Meterpreter payload by egypt. The Windows installer now ships with support for PostgreSQL database backends.

Get it from: http://www.metasploit.com/

v3.4.1 Release notes (copied from the above site):

Statistics

Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
Over 40 community reported bugs were fixed and numerous interfaces were improved

General

The Windows installer now ships with a working Postgres connector
New session notifications now always print a timestamp regardless of the TimestampOutput setting
Addition of the auxiliary/scanner/discovery/udp_probe module, which works through Meterpreter pivoting
HTTP client library is now more reliable when dealing with broken/embedded web servers
Improvements to the database import code, covering NeXpose, Nessus, Qualys, and Metasploit Express
The msfconsole "connect" command can now speak UDP (specify the -u flag)
Nearly all exploit modules now have a DisclosureDate field
HTTP fingerprinting routines added to some exploit modules
The psexec module can now run native x64 payloads on x64 based Windows systems
A development style guide has been added in the HACKING file in the SVN root
FTP authentication bruteforce modules added

Payloads

Some Meterpreter scripts (notably persistence and getgui) now create a resource file to undo the changes made to the target system.
Meterpreter scripts that create logs and download files now save their data in the ~.msf3/logs/scripts folder.
New Meterpreter Scripts:

enum_firefox - Enumerates Firefox data like history, bookmarks, form history, typed URLs, cookies and downloads databases.
arp_scanner - Script for performing ARP scan for a given CIDR.
enum_vmware - Enumerates VMware producst and their configuration.
enum_powershell - Enumerates powershell version, execution policy, profile and installed modules.
enum_putty - Enumerates recent and saved connections.
get_filezilla_creds - Enumerates recent and saved connections and extracts saved credentials.
enum_logged_on_users - Enumerate past users that logged in to the system and current connected users.
get_env - Extracts all user and system environment variables.
get_application_lits - Enumerates installed applications and their version.
autoroute - Sets a route from within a Meterpreter session without the need to background the sessions.
panda_2007_pavsrv53 - Panda 2007 privilege escalation exploit.

Support for a dns bypass list added to auxiliary/server/fakedns. It allows the user to specify which domains to resolve externally while returning forged records for everything else. Thanks to Rudy Ruiz for the patch.
Railgun - The Meterpreter "RAILGUN" extension by Patrick HVE has merged and is now available for scripts.
PHP Meterpreter - A protocol-compatible port of the original Meterpreter payload to PHP. This new payload adds the ability to pivot through webservers regardless of the native operating system
Token impersonation now works with "execute -t" to spawn new commands with a stolen token.

Known Issues

Interacting with a meterpreter session during a migration will break the session. See #1360.
There is no simple way to interrupt a background script started by AutoRunScript
Command interaction on Windows causes a PHP Meterpreter session to die. See #2232

Using NK2Edit to edit Oulook Autocomplete entries

When Outlook is used as an email client, at times, there might arise a need to edit the auto complete entries while selecting users. If any of the attributes needs to be changed in the selected email addresses or if an old entry needs to be removed, Microsoft has not provided any direct method. In such cases Nirsoft's NK2Edit comes in handy.
It can be used to edit the outlook's .NK2 files for any duplicate entries, stale entries, or for modifying any existing entries.
It can be downloaded from : http://www.nirsoft.net/utils/outlook_nk2_edit.html page.

Information from the site:

Every time that you type an email address or name in the message window of MS-Outlook, it automatically offer you a list of users and email address that you can choose. This feature is known as 'AutoComplete' and Outlook automatically build this emails list according to user activity and save it into a file with .NK2 extension.

In some circumstances, you may need to repair or modify the values appeared in the AutoComplete list, or you may want to remove unwanted email addresses and/or to add new email addresses. MS-Outlook doesn't provide any ability to edit this AutoComplete list, so this is where NK2Edit software can help you.

NK2Edit Features
Easily modify or fix all information stored in the NK2 file, including the display name, the email address, the exchange string, the Drop-Down display name, and the search string.
Easily remove unwanted single quote characters from the display name and from the Drop-Down list.
Delete unwanted emails, as well as add new emails, by typing them manually, or by choosing them from the address book of Outlook.
Copy NK2 records from one NK2 file to another - simply by copy and paste !
Build a completely new NK2 file and add the desired emails into it, by typing them manually, by adding them from your address book, or by copying records from another NK2 file.
Extract data from corrupted NK2 files that Outlook cannot read anymore (When Outlook AutoComplete stopped working) and even repair them so Outlook will be able to read them again.
Export all data stored in the NK2 file into a special Unicode text file in a stucture similar to .ini file of Windows. You can open it any text editor you like, make the changes you need, and then convert it back into NK2 file that Outlook can use.
Export the emails information stored inside NK2 file into HTML/Text/csv/xml file.
Copy the selected NK2 records in tab-delimited format and then paste the information into Excel.
Change the order of the records in the NK2 file, which also affects the order they appear in the drop-down. You can also sort the list in alphabetical order of the Drop-Down display names. (However, be aware that Outlook change the order again when the user send emails)
Command-Line Support: Write simple scripts that can add, remove, or modify records inside the NK2 file, without displaying any user interface.
NK2Edit is a portable application that can be used from any computer with Windows operating system (Starting from Windows 2000) without need of any installation process, and without making changes in the Registry.

System Requirements
NK2Edit works on any version of Windows, starting from Windows 2000 and up to Windows 7/2008. NK2Edit is a Unicode based application, and thus it cannot work under Windows 95/98/ME.
NK2Edit can read, write, and create NK2 files for Outlook 2003, Outlook 2007, and Outlook 2010 Beta.
Outlook installation is not required on the computer that you run NK2Edit, except of "Add Records From Address Book" feature, which cannot work without Outlook. NK2Edit can also be used to open, edit, and save NK2 files on remote computers in your network, as long as you have read/write permission to the remote NK2 file.

Thursday, June 24, 2010

X-Setup Pro: RIP! and a last GIVEAWAY!

Many a times, X-Setup professional (X-Setup Pro) has helped in identifying and addressing computer problems. Due to an insolvency, the company has stopped updates to this wonderful tool. As a gesture, the tool is offered free!

An excerpt from the website. http://www.x-setup.net/

All comes to an end ...

Dear Customers,
Because of the insolvency of WUG all operations regarding X-Setup Pro have been shut down.
We thank all customers, partner and friends for their support during this time. We hope you had as much fun using X-Setup Pro as we had making it.
We wish you all the best,
TeX and Eric

P.S.:
You can still download the last version from MajorGeeks or BetaNews. The portable edition and the U3 version are available from MajorGeeks as well.
In case you lost your serial number use this one instead: XSA092-11TA9R-8K12YT

-
May god show some light on the souls!

WebCruiser - Simple and effective Web Vulnerability Scanner

When you need a simple and effective tool with a very minimal footprint for performing web vulnerability testing, WebCruiser comes in handy! It makes a very valuable tool for the on the go toolkit arsenal either on a USB Kit or on a custom DVD Vulnerability Kit.

More on the tool from the developers!

WebCruiser - Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools.

It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!

Key Features:

Crawler(Site Directories And Files);
Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc.);
POC(Proof of Concept): SQL Injection, Cross Site Scripting, XPath Injection etc.;
GET/Post/Cookie Injection;
SQL Server: PlainText/Union/Blind Injection;
MySQL: PlainText/Union/Blind Injection;
Oracle: PlainText/Union/Blind/CrossSite Injection;
DB2: Union/Blind Injection;
Access: Union/Blind Injection;
Post Data Resend;
Administration Entrance Search;
Time Delay For Search Injection;
Auto Get Cookie From Web Browser For Authentication;
Report Output.

System Requirement: .Net FrameWork 2.0 or higher.
If you can not run WebCruiser, please Download .NET FrameWork V2.0 From Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en

Application Download:

RAR: http://sec4app.com/download/WebCruiser.rar

User Guide:

Online: http://sec4app.com/help.htm

RAR: http://sec4app.com/download/WebCruiserUserGuide.rar

PDF: http://sec4app.com/download/WebCruiserUserGuide.pdf

SQL Injection Introduction(PDF): http://sec4app.com/download/SqlInjection.pdf

XPath Injection Introduction(PDF): http://sec4app.com/download/XPathInjection.pdf

Friday, May 28, 2010

Opera browser does not erase all the tracks while clearing history

People who use opera, just be(a)ware!

Clearing the history completely does not erase all the readily available tracks. Opera caches the site icons from almost every visited site and it remains on the system forever!

Clearing the history and deleting all the cookies does not clear these files.

Check it out yourselves if using opera.

In a normal desktop installation of the opera browser, the favicon files cache is available at "C:\Documents and Settings\\Local Settings\Application Data\Opera\Opera\icons" folder. This is applicable for Windows XP Operating systems and for Windows 7 this folder location will be different. The folder can be easily accessed using "%HOMEFOLDER%\Local Settings\Application Data\Opera\Opera\icons\" string typed at the RUN dialog box. If the folder cannot be located, type, opera:config#UserPrefs

OperaDirectory which will contain the location of the User Preferences directory for the opera installation.

The folder contains the http location and favicon files of almost all the sites ever visited by a user. If not to get a glimpse of the history or for forensic purposes, the folder can be looked at to know when the user has visited a particular website. Though there is no way of telling if the user has visited a site more than once, but at least one can clearly get a list of visited websites. This is of great help while performing forensics.

The above is applicable to Opera browser v9.x and above.

Thursday, May 27, 2010

Google's SSL Search Compromises security

Well, Well, Well! Google's SSL search compromises the user's desktop security to a large extent.

When a user searches using google, user's local desktop security applications such as McAfee's Site Protector or such similar suites will not have any clue on the content of the results. And the links cannot be verified for genuine and security. This is applicable for all such applications and it can be overridden as the applications are local, but would McAfee care to release an updated version to the existing suite? And all other applications which provides link security would really care to release an update? If at all it can be overridden. ( I have not done any research on IE8 to validate the claim if it can be overridden, but on older versions of IE, it can be.)

So, if a malicious site is returned by Google, (Well, Google is not too good in site classification / user protection. Are they? :)), the user is at risk of getting the infection. In case of any 0-day exploits getting a chance to infect the user's system via Google's "secure" search results, the user is doomed. For what? Using the Google's secure search?

I can clearly visualise the long term monopoly google is going to have on everything that is connected! :D

Do you?

Goggle's introduction of SSL to search has been a deliberate move to curb third party access it contents. Though they can talk about privacy issues, sniffing, blah blah blah, any one who relied on the referrer information is doomed when the site gets redirected. Any non-google analytics will not have any data on the referrer/search terms which the user has used to get to the site.

As long as you stay with google, you will have access to a wealth of information. But once you are out of it, there might practically be nothing!

A recent comment from one of the netizen, I thought it is nice to be quoted here! :D

"GOOGLE IS NOT BE TRUSTED, INVESTIGATIONS IN THE USA STATES GOOGLE IS PURCHASING KNOWLEDGE , BOOKS , ETC. COPYRIGHTS . WITH A VIEW OF HAVING FUTURE GENERATIONS TO ACCESS OF ANY COPY RIGHT MATERIAL. WHICH MEANS A PRICE WILL BE PLACED ON KNOWLEDGE.???
STUDENTS, RESEARCHERS , IF FACT ALL WILL HAVE PAY FOR ACCESS.
MEAN WHILE GOOGLE IS SELLING EMAIL ADDRESSES, PLUS ANY INFORMATION RECEIVED. HOME LAND SECURITY AND OTHER GOVERNMENT AGENCIES ARE INVESTIGATING. ZERO CONCLUSIONS WILL BE REACHED , DUE TO THE ENORMOUS SUMS GOOGLE GIVES TO POLITICAL PARTIES AND LOBBYISTS."

I do not make any claim or support of the above quoted, bold comments as it is not mine, but forewarned, the above is true and already in the making.

Thought for time?

Monday, May 24, 2010

Search and Replace across multiple files

Some times, it becomes a tedious process to do a string search and replace across multiple files. If one is comfortable with Regular Expressions or not, V-Grep from http://www.vgrep.aionel.net/ can be used for the operations.

It is very fast and small standalone application which can be used to perform search and replace across multiple text files with ease.

Check it out!

Easily transfer files between Linux and Windows systems

Some like me work across multiple platforms like Linux and Windows operating systems. Some times, it becomes easier on one platform to perform certain functions on some files and then move it to the required platform rather than struggling there.

For example, some would prefer to edit the source code on Windows systems using some Windows specific editors rather than in Linux. To move the files across the systems, normally one would either use Samba based network mapping or a FTP server or any other method. But, for some with command line fu skills, SCP is god sent. This method only covers execution of the commands on Windows systems. (i.e., Windows will be host for the to and fro transfer of the files).

Enable SSH on the Linux box, get Putty utilities on the windows system.

Add the putty utilities to the path and create a small batch file for copying from Windows system to Linux system with the following command.

Say, name the batch file as CPF.BAT

@pscp -pw %1 @:/home/

Now, you can copy files from Windows system to the Linux system using the following command.
CPF

The file will be copied to the directory under the credentials.

Similarly to copy from the Linux to Windows, use the same command. Explore the command and parameterise whatever you need, like the destination directory Etc,.

Simple productivity tips and utilities

There are thousands of utilities to help in productivity. But using the following improves it a lot.

Essential PIM - A nice portable freeware which can store all notes, addresses, schedules and appointments. Available from http://www.essentialpim.com/

Flashnote - A quickly accessible background application which can be used to store and access all immediately accessible content in a categorical manner using a short cut key. With little organisation, this utility can rock. Portable version of the application is available. Available from http://softvoile.com/flashnote/

Clipdiary - A quickly accessible background application which captures whatever is copied on to the clipboard using Ctrl+C. It orders the copied content in a chronological manner helping in retrieving older content in an easier manner. Unfortunately, now the product has been made commercial from freeware. If you could find a freeware version, use it. Can be made portable. Available from http://clipdiary.com/ (Note: Only commercial version is available from the given link.)

More utilities will be added soon.

Saturday, May 22, 2010

Private file sharing with SSL Tunneling - Part 1

How of us want to share information across multiple computers which are miles apart?

For example, to transfer some stuff from home computer into work computer or from work laptop to home computer or from home computer to mom's computer?

While there have been multiple simple ways to do it by creating a FTP server or even a SFTP server or any other file server technology where the files can be uploaded and downloaded, the following method is virtually limitless in terms of it's offering.

It can be used to access the system remotely, access the file system and everything else. It is more likely to be used across the systems that is managed by a single user, but physically at different locations. Yet there is not dependency on any third party remote control applications like Logmein etc and is definitely has its own merits and demerits.

This article will be spread across multiple posts.

Following are some of the pre-requisites:

One free dynamic dns account for creating host dns records.
Preferably a direct Internet connection. (Broadband connection with a addressable public ip address is sufficient as long as the router can be configured for port forwarding)
A computer (just kidding! :))
SSL Tunnel from http://www.stunnel.org/
Open SSL from http://www.openssl.org/
Any of the free VNC Servers
Any of the free FTP Servers
Any of the free File Serving Applications. My favorite is HFS.

Rest in next post.

Extracting images from Word documents

Occasionally, we might need to extract images from the documents. Traditionally, it involves copying the images from the document and pasting it in an image editor was the way. With the ODF (Open Document Format), life gets much easier.

In Word 2007 and above, the document is stored in ODF format which is nothing but essentially an zip archive of all the needed information. It contains the images, text and formatting neatly tucked as a document.

To extract the images, just rename the .docx to a .zip file and extract the contents. One can find all the needed images, text and formatting XML as individual files under various folders.

From there one could use the embedded images.

Synthia - End of life for humans?

While numerous bright minds around the world are talking about the creation of life by Biologist Craig Venter, the human who played god, some things are to be noted. For centuries, humans have tried mutating various species of organisms for profit (yes... for profit. be it political, medical, research, military or for else), it has been always with the help of other carrier organism or a substrate.

This is the first time a completely synthetic organism has been brought to life after which it has continued it's biological life. As there is always two sides of the coin, the risks out weigh the benefits in this case. Once some body has done it, it finds its way into the most dangerous, cunning minds around the world who would replicate it for profit. People argue about the benefits of creating complex organisms to turn the world into a better place. Creating an organism that can reduce CO2 from atmosphere, turn waste into fuel, bla bla and what not. As seen so far in human history and with the other so called inventions, human life it put at more risk than ever. With the advent of artificial life, the natural habitat of humans on this so called Planet Earth has started the count down.

It is not being overly sarcastic or pessimistic about the developments / advancements, but as humans we are causing a slow death to the planet by consuming it's natural resources and causing the system to fail slowly but steadily, yet but rant only at the face value while continuing to do whatever.

While the research has been on for almost 15 years before a life form could be created. But once it has been, it will continue to emerge some where on the planet in near future. The worry is how deadly / lethal it could get? What if an organism could make a targeted human population to disappear? What control / protection do a normal person has over a deadly lab organism soon to be delivered into his food chain? Was it really necessary to create something like this? What if the technology gets into wrong hands? Would there be chaos everywhere? It looks like soon there will be.

At least as played as natural disasters or unknown epidemics, a plague will definitely engross the world costing the lives of many. Was this the case with almost any technology that could be weaponised? Yes, but most were not so deadly. For years, there have been biological and chemical warfare and even there are excellent footages in Discovery Channel dating back to the pre world war 1 and 2 times, but nothing will be more deadly as it will get in near future.

This is like breaking the security of the already weaker humans.

Update: Now scientists are claiming whatever Venter has done is not exactly artificial life. Following explanation is quoted from a popular indian daily news paper:

Are the bacterial cells created in J Craig Venter’s laboratories in the US actually synthetic life? After the hype and hoopla over the announcement of the world’s first “manmade living cells”, scientists are getting down to answering that question. And this is what most of them have to say: Venter’s team has achieved a stupendous technical feat, but the cells cannot be called synthetic.

Using an analogy from everyday life, what the team did is akin to completely reprogramming a computer, but not building one from scratch. Here’s why.

As the first step in the decadelong work, Venter and his researchers mapped the genome of a simple bacteria, Mycoplasma mycoides. Genome is the ‘brain’ of any cell and contains sequences of DNA which carry all the genetic information needed for the cell — and by extension, the organism — to function.

Like all living matter, the genome is made of chemicals. What Venter’s team did next is being hailed as a tour de force. It manufactured the M mycoides’ genome, step by step in the lab, using, in Venter’s words, “four bottles of chemicals”. This synthetic genome, identical in every way to the ‘original’ except for certain harmless ‘signatures’ the team put in to mark it as a builtin-the-lab version, was then inserted into another type of bacteria after the bacteria’s own genome had been sucked out.

Venter describes what happened next: “As soon as the genome goes into the cell, it starts making new proteins encoded in its DNA and converts it into a new synthetic species. It’s a completely synthetic cell now, it has replicated over a billion times. The only DNA it has now is the synthetic one that we made.”

In other words, the once the synthetic M mycoides genome is introduced in the bacterial cell, it transforms into an M mycoides. When it replicates, the off-springs too are M mycoides, carrying copies of the man-made genome. Venter believes, for all practical purposes, this is synthetic life. But other experts are saying that though the cell’s control station is artificial, the cell itself isn’t. Neither is it a new form of life —the artificial genome is an exact replica of a M mycoides genome.

Says Delhi University Vice-Chancellor Deepak Pental, himself a biotechnologist, “In this case, the bacterial cell is being seen as a shell, an envelope into which man-made genome is inserted. But the shell is much more than an envelope.”

Nobel-winning British biologist Paul Nurse elaborates the point. In an conversation with BBC, he says, “Venter’s work is a major advance. But it’s not a creation of synthetic life...Creation of synthetic life would be to make an entire bacterial cell through chemicals.” Nurse, Venter’s rival in many ways, believes creating an entirely new cell from scratch, though theoretically possible, would require a level of technology likely to be reached “long after we are dead”. He points out that in Venter’s method, there’s very little scope of deviating from nature’s script. “In an earlier attempt, Venter’s team got just one genetic ‘letter’ wrong — out of a million — and this cell simply didn’t function,” he says.

THESE CELLS AREN’T SYNTHETIC

Craig Venter's team created the genome of an M mycoides bacteria in the lab and inserted it into another type of bacteria. The recipient bacteria started behaving like an M mycoides. Its offspring too carried copies of the man-made genome
Venter says the cells are synthetic since they are controlled by genes made in lab
Other experts say that for any cell to be called synthetic, all its components should’ve been created artificially — perhaps possible in theory, but as yet technically impossibl.

Friday, May 21, 2010

Photocopier privacy issues

Photocopiers used at offices pose a serious threat to the privacy. With nearly all models of the photocopiers manufactured after 2002-03 comes with a built-in Hard Disk. Whether it was used as a temp buffer to store the scanned documents for printing or for serving the scanned documents over the network as most devices have a in-built file server, it throws a surprise. While this was done to improve the performance as to use the HDD as a scratch pad for multiple copies, the image stays there forever!

Once written to the HDD, the images can be very easily recovered revealing all the details. Right from CC (Credit card) numbers to personal information such as SSN, Addresses, Telephone Records, Medical Records, Blue prints, Internal official documents and whatever was scanned, photocopied!

It is a must to erase the HDD on the devices (Desktops, Laptops, Personal Media/Music Players, Storage units, Cell phones, Printers, Photocopiers, Multi function devices) before disposing it off. This requires removing the storage unit from the device and erasing using one of the secure erasing tools available in the market. There are numerous freeware applications available in the market to erase the data permanently off the magnetic storage devices and even a single pass erasure is sufficient to thwart the most common data theives.

A recently published article reveals the amount of spine shocking information mined through such storage units salvaged from old, disposed photocopier machines.

Another Apple Leak - This time it is iPod Touch!

Apple has been in the top news recently for leaked versions of their prototype gadgets. Be it because of the media frenzy surrouding their devices or else, Apple has a tough time in protecting their prototypes being released on to the world.

Though this has nothing to do with the security article of the blog, it also iterates the importance of having a secure environment for prototype devices, right from the conception, design, development, testing till release. This might spur fakes to release a new version of the device much before the official launch of the device.

This time, the new iPod Touch has been leaked by vietnamese. Not sure what's cooking with Vietnam these days and whether Apple has been moving the factories from China to Vietnam for even cheap labour.

Foxconn, one of the Apple's major device assembler has been in the news recently for unsafe and substandard working conditions with staggering lower wages. Check out that article here.

The new iPod Touch sports a camera and found running the same diagnostic utility as seen with the devices assembled by Foxxconn.

While the physical dimensions appear to be the same, Foxconn label appears to indicate a 64GB model ("64G") along with a 2 MP camera by Omnivision. Though camera was a long desired feature on iPod, Apple has finally decided to add it to the iPod family!

The DVT-1 label denotes that this is a design verification test unit for production testing probably a first model. Albeit, this may not be the final design that will be revealed whenever Apple chooses to officially release, or until the next leak!.

It seems cheap labor is costing Apple more than they had bargained for, with the recent leak of their refreshed MacBook and the 4th gen iPhone in Vietnam as well. Device Manufacturers have to make a note of it!

Check out a hands-on video below, along with more images:

Front Face:

Back

In comparison with the current 2G model. Note the addition of the Camera.

Diagnostic Video: