Filed under Software
Tagged as COFEE, DECAF, forensics
The anti-COFEE computer forensic software DECAF was recently taken offline and all copies disabled. It appears to have been a media stunt to raise awareness regarding forensic security tools.
“We want to thank every media outlet, financial supporter, security expert, and forensic investigator that showed us support.
As you probably noticed, your copy of DECAF no longer works. We have disabled every copy of DECAF. We hope that as you realize this was a stunt to raise awareness for security and the need for better forensic tools that you would reconsider cutting corners on corporate security. Also, governments should not rely on a tool to automate the process of forensics but rather invest in the education of investigators and forensic tool experts. If we were able to assist every government agency in their computer crime investigations, we would. The problem is DECAF is just two people. As a security community at large, we need to band together and start relieving some of the burden off our government by giving back.”
Game Over.
The Honeynet Project has beefed up a free tool that helps spot attacks that can elude detection. The Picviz tool takes data from various log analysis sources and converts them into a multidimensional visual map of events.
Researchers have now added a graphical user interface to Picviz, which should make it easier to deploy and more attractive to a broader range of users. Picviz developers Sebastien Tricaud and Philippe Saade have published a paper (PDF) that details how Picviz works and how it gathers and renders data from traffic logs, database logs, SSH logs, syslogs, IPtables logs, Apache logs, and other sources.
Picviz’s “parallel coordinates” approach represents an unlimited number of events in multiple dimensions, such as the protocol, URL, IP address, user agent, time frames, and other parameters. Parallel coordinates are multidimensional images used in aircraft collision-detection, as well as in other network tools. Picviz was developed to automate these images.
Full article at: DarkReading
Filed under Hardware
Tagged as forensics, Malware
A startup company today launched a new hardware device that promises to prevent malware and viruses from ever entering the computer it protects.
The InZero Secure PC is essentially two computers in one: a standard computing module and a secure “InZero Gateway” module, the company says. The InZero Gateway module is directly connected to the Internet, isolating and hosting potentially dangerous network applications while transferring files to and from the computing module, which is permanently offline.
“Clearly, current software-based approaches to security are not working,” says General Wesley Clark, chairman of the advisory board for InZero. “We believe this hardware approach is a new, disruptive solution.”
“Essentially, it’s a hardware ’sandbox’ — a strictly-enforced, hardware isolation mechanism” that separates the computer from its primary source of infection — the Internet, says Phil Zimmerman, creator of PGP and an expert on data security and encryption, who has reviewed the technology and appeared at the announcement event.
“In effect, InZero’s approach is not trying to understand malware, but instead to create an environment where malware cannot execute,” the startup says.
Source: DarkReading
Filed under Security
Tagged as database, forensics
Database hacking has gone mainstream and is becoming harder to detect because of the increasingly sophisticated anti-forensic procedures hackers use to cover their tracks.
Knowing forensics inside and out, as well as the tricks hackers use to foil forensics, is essential for professionals responsible for protecting the integrity of corporate data.
Databases contain a high percentage of confidential data, yet many organizations lack the budget and management buy-in to implement protections. According to studies, 60% of organizations have experienced a breach in the past 12 months, 80% expect database attacks to increase and 40% on average fail security audits.
More at: Computer World
