encryption

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has released their free anti-virus/anti-malware tool.
    Microsoft's New Tool in the Fight Against Malware Free to Consumers - Technology News - redOrbit
    Tags: ( anti-virus anti-malware free microsoft )
  2. Eric has a couple of interesting tools that might be fun to play with. One is an HTTP based SSH client. It runs on the server with no client other than a browser. The other is called Sockets Over HTTP (SOHT)
    EricDaugherty.com - Eric Daugherty's Open Source Projects
    Tags: ( tools evasion )
  3. Mike Murray is a cool dude. He made a promise and followed through on it. Check out this post to see the full version of the talk he gave at Hacker Halted.
    Hacker Halted Redux
    Tags: ( social-engineering video )
  4. Need to get around Green Dam censorship for some reason. Check out Dam Burst.
    jon.oberheide.org - blog - disabling green dam with dam burst
    Tags: ( green-dam dam-burst )
  5. I have pointed out the other articles in Alec's investigations into using entropy to detect encrypted sessions in live network traffic. Here is a continuation of that study. This is extremely cool and has the geek in me all excited 🙂
    Detecting encrypted traffic with net-entropy, part two << wirewatcher
    Tags: ( encryption network-forensics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adrian takes a look at a few database encryption myths.
    Securosis Blog | Database Encryption Misconceptions
    Tags: ( database encryption )
  2. The Infosec Cynic interviews Anton Chuvakin.
    Anton Chuvakin - Stuck In the Lift With The Cynic | The Infosec Cynic
    Tags: ( interview )
  3. A new free encryption tool is available. This one is provided by Sophos. That's pretty cool.
    Guest blog: Sophos Free Encryption | Graham Cluley's blog
    Tags: ( encryption tools sophos )
  4. Mark points out that Federal CIO Council's Information Security and Identity Management Committee released a document titled "Guidelines for Secure Use of Social Media by Federal Departments and Agencies." This is good stuff even if you aren't in the public sector.
    New Social Media "Guidelines" - Securing GovSpace
    Tags: ( social-networking guidelines )
  5. This is worth a read and a watch. It is the talk given by Matsano and Nate McFetters at last year's C4 conference. It is some guidance for independent Apple software developers. It also applies to non-apple developers too.
    Matasano Security LLC - Chargen - Indie Software Security: A ~12 Step Program
    Tags: ( sdl )
  6. Jack gives his perspective of the recent Massachusetts 201 CMR 17.00 public hearing. He was not impressed.
    Uncommon Sense Security: Making sausage, one hearing at a time
    Tags: ( law policy )
  7. The BruCon videos are up on the wiki and Xavier is also hosting a local copy.
    /dev/random >> BruCON Talks Video Mirror
    Tags: ( brucon videos )
  8. If you are having some issues with sqlninja and metasploit, take a look at this post.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Sqlninja & Metasploit
    Tags: ( sqlninja metasploit )
  9. Malware, like all software, tends to have common traits. This article talks about what some of them are.
    Categories of Common Malware Traits
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NSS Labs has published their third quarter Browser Security Test.
    Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
    Tags: ( browser )
  2. The Call for Speakers for RSA USA 2010 has been extended a week. Deadline is now August 21st.
    Call for Speakers
    Tags: ( rsa cfp )
  3. Brian talks about hype in the information security market.
    Hyper Security - fudsec.com
    Tags: ( fud )
  4. It has been talked about quite a bit over the last year or more. Can a cloud based solution be PCI compliant? Looks like the answer to that question has been given and by one of the larger cloud providers.
    Network Security Blog >> Cannot achieve PCI compliance with Amazon EC2/S3
    Tags: ( pci cloud )
  5. This is interesting. A botnet being controlled via Twitter.
    >> Twitter-based Botnet Command Channel * Security to the Core | Arbor Networks Security
    Tags: ( twitter botnet )
  6. Is your cell phone telling tales on you? Looks like the Palm Pre might be.
    Is Your Palm Pre Watching You? : Liquidmatrix Security Digest
    Tags: ( surveillance )
  7. Dave offers up a tutorial on encrypting your data backups on the cheap.
    IT Security Expert: Secure Encrypted Data Backup on a Budget Tutorial
    Tags: ( backup encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great list of state and country links to privacy information. Via @PrivacyProf
    Links to Privacy Laws
    Tags: ( privacy regulation )
  2. Rsnake has updated his XSS cheat sheet.
    XSS (Cross Site Scripting) Cheat Sheet
    Tags: ( cheatsheet xss )
  3. Per ISC, PacketLife is updating their cheat sheets. Must have stuff.
    Cheat Sheets - PacketLife.net
    Tags: ( cheatsheet )
  4. Want to play around with CRSF? Here is a tool that lets you do so. Don't forget, only use it in your lab or on sites you have permission to test.
    Neohaxor.org >> Blog Archive >> MonkeyFist Fu: The Intro
    Tags: ( tools csrf )
  5. Here is the answer to the hard version of the recent I Smell Packets challenge.
    Solution to The Crypto Kitchen Packet Challenge (Hard Version) << I Smell Packets
    Tags: ( challenge answer )
  6. An interesting exploration of a possible way to detect encrypted sessions.
    Detecting encrypted traffic with frequency analysis << wirewatcher
    Tags: ( encryption detection )
  7. Bill Brenner had the opportunity to interview Robert Carr, the CEO of Heartland Payment Systems Inc., regarding the massive breach that occurred. Mr. Carr's responses have generated quite a bit of conversation. The I find most disturbing about Mr. Carr's responses is that someone is his position would take this approach to dealing with the situation. Seems like a lot of finger pointing and 'it wasn't me' language for an issue which is ultimately his responsibility.  Please read the next few links after you read the interview to see what others, who are much more eloquent than I, have to say.
    Heartland CEO on Data Breach: QSAs Let Us Down - CSO Online - Security and Risk
    Tags: ( heartland )
  8. Rich's response to the Heartland CEO's comments.
    Securosis Blog | An Open Letter to Robert Carr, CEO of Heartland Payment Systems
    Tags: ( heartland )
  9. Alan's take on the Heartland issue.
    StillSecure, After All These Years: Heartland CEO thought QSAs would make him compliant and secure
    Tags: ( hearland )
  10. Mike's take on the Heartland issue.
    One Man's View: Heartland CEO Must Accept Responsibility - CSO Online - Security and Risk
    Tags: ( heartland )
  11. Andy's take on the Heartland issue.
    Will the real leader please step forward >> Andy ITGuy
    Tags: ( heartland )
  12. Jeff tells it like it is! Actually, he does, but read the whole article to know what I mean.
    The Auditor's Prerogative : The Security Catalyst
    Tags: ( audit )
  13. David may call it an incomplete thought, but I don't.
    Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We're Doing It Wrong << The New School of Information Security
    Tags: ( grc )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I find this a little alarming. Particularly with the number of recent Facebook worms that have cropped up.
    Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr | Danger Room | Wired.com
    Tags: ( social-media army )
  2. More on database encryption. Good stuff.
    Securosis Blog | Database Encryption, Part 2: Selection Process Overview
    Tags: ( database encryption )
  3. Good stuff, but remember making the boss look stupid is a career limiting move 😉
    A chat with the boss | The Infosec Cynic
    Tags: ( general )
  4. Here is an output of Project Quant. The first phase of the patch management cycle. Rich is looking for feedback.
    Details: Monitor for Advisories
    Tags: ( patch-management )
  5. Like a pet rock, a pet risk doesn't really help you much. Check out Ron's suggestions below.
    Pet Risks - A New View of Risk Management : The Security Catalyst
    Tags: ( risk-management )
  6. Chris was looking for some incident response templates and hit the motherlode of suggestions. He put them all together in a blog post. A very good reference page.
    Dr. InfoSec: Incident Response Templates, Cheat Sheets, and more
    Tags: ( incident-response )
  7. A couple days ago I pointed to the crossword puzzle challenge/contest being put on by Sophos. Well, it's all done and there is a winner. The link below contains the answer sheet if you are interested.
    Solution to computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Setting up TrueCrypt on Backtrack 4

by kriggins on March 24, 2009

in Uncategorized

In my previous post, we setup an encrypted private directory to address being able to keep the data from a pen test safe. I also found that TrueCrypt works great on Backtrack 4. It also addresses the issue of file and directory names not being encrypted. Of course the downside is that the volume must be manually mounted each time or at least I haven't worked out how to automatically mount it yet.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root.
  3. The following is performed with a windows manager active, e.g. KDE.
  4. You are familiar with TrueCrypt

Installing TrueCrypt

Installing TrueCrypt is almost as easy as setting up encrypted private directories. The following steps will get TrueCrypt installed and ready to be configured.

First we need to download the install package. I picked the 'Ubuntu - x86 .deb' option on the TrueCrypt download page. I used Firefox and saved the file to root's home directory.

Next execute the following commands from a terminal session in root's home directory:

tar zxvf truecrypt-6.1a-ubuntu-x86.tar.gz

chmod +x truecrypt-6.1a-setup-ubuntu-x86

./truecrypt-6.1a-setup-ubuntu-x86

At this point, you will have a gui install window with a couple options on it. Click on 'Install TrueCrypt' and follow the prompts.

Now it's time to setup up our TrueCrypt volume. To do so, either from the 'run' command option on the menu or from a terminal session execute truecrypt. You should end up with a window like the following.

truecrypt_1

The next step is to create our encrypted volume. We do that by clicking on the 'Create Volume'' option above and using the following screen.

truecrypt_2

Follow the prompts and create a volume. Once that is done you can mount the volume and begin using it.

As always, feel free to leave a comment with your thoughts and/or questions.

-Kevin

{ 1 comment }

Steff left the following comment on the Backtrack 4 how-to page.

...next thing is now to figure how to have the second partition encrypted so that every collected info will stay safely encrypted on the “change” partition....

I hadn't really thought about that and promptly started kicking myself repeatedly in the rear end. Having the output of a penetration test on a USB drive is an awfully good reason to make sure that data is not accessible should we lose said drive.

This got me started on a search for a method to encrypt data on our thumb drive. I found two that work although I am sure there are plenty of other ways to accomplish the same thing. This post describes how to setup an Encrypted Private Directory. A later post will describe the second method.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root. You can do this with a non-root user also, just make sure to perform the apt-get install as root and then execute the ecrypt  setup as the user.

Encrypted Private Directory

Backtrack 4 is built on Ubuntu 8.10. This is great news for us because Ubuntu 8.10 supports something called encrypted private directories. This is a directory in your home directory, ~/Private by default, with a nifty feature. Any file written to this directory is automatically encrypted using the AES algorithm by default.

Setting this up is very easy and the Ubuntu documentation has almost all the information you need. I found you will need to perform an initial 'apt-get update' before you will be able to install the packages. Don't be concerned when you receive an error during the apt-get update. This is normal and can be fixed, but isn't vital at this point. Here are the steps to take:

apt-get update
apt-get install ecryptfs-utils
ecryptfs-setup-private

After you execute the last command, you will be prompted to enter your login password and either choose a mount pass phrase or generate one.

Logout and log back in to establish the mount

There you have it. You now have a directory in your home directory called Private. Any files written into that directory will be encrypted. Those changes will also be persisted into the changes folder.

Caveat: File and directory names are not encrypted. Be careful what you use for file and directory names.

The Ubuntu documentation gives more details of how you can use the directory such as setting up symlinks to common files. Those directions should be taken into account with your Nessus install. Nessus by default saves information in the users home directory.

As always, feel free to leave a comment with your thoughts and/or questions.

-Kevin

Reblog this post [with Zemanta]

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Via Bruce Schneier. Another one to add to the reading pile.
    Probing the Improbable: Methodological Challenges for Risks with Low Probabilities and High Stakes
    Tags: ( risk measuring )
  2. Part three of Rich and Alane's model for justifying data security to the business. Interesting reading.
    The Business Justification for Data Security: Risk Estimation | securosis.com
    Tags: ( risk management )
  3. Time to buy that shielded wallet or purse.
    Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses - DarkReading
    Tags: ( rfid cloning )
  4. Playing with XSL injection. Looks like some interesting things can be done there.
    Acunetix Web Application Security Blog >> The hidden dangers of XSLTProcessor - Remote XSL injection
    Tags: ( injection xsl )
  5. I pointed out an article yesterday that talked about a common encryption standard being adopted by hard drive manufacturers. The flip side of that is mentioned in this article, data recovery and forensics could get much harder.
    New disk encryption standards could complicate data recovery
    Tags: ( forensics encryption data recovery harddrive )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nice tutorial on starting to use scripting with nmap. Good stuff.
    /dev/random >> Blog Archive >> Introduction to Nmap Scripting
    Tags: ( nmap scripting )
  2. Need some ammunition to justify the cost of that DLP solution? Take a peak at this article. Seriously, some good usable information.
    Data Breaches More Costly Than Ever - Security Fix
    Tags: ( data breach cost )
  3. Some interesting tidbits in there. Nothing to deep since it is a quick slide show, but worth clicking through.
    10 Things You Need to Know NOW About ... Laptop Security
    Tags: ( general )
  4. Looks like there may be a standard for integrated hard drive encryption.
    Drive Makers Agree on TCG Encryption Standard - Network World
    Tags: ( encryption harddrive )
  5. I wonder if we are going to start seeing more of this type of thing. Banks and financial institutions are definitely the largest targets. One note, make sure you read the licensing agreements carefully. Don't give away your rights just for some free software.
    Barclays offers free mobile banking security : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( general banking )
  6. Yup. Google was saying that the entire internet was hosting malicious software last Saturday morning. Oops.
    Google mistakes entire web for malware * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }