There’s been a bit of a back and forth discussion on one of our mailing lists regarding Ed Felten’s recent cold-booting attacks on software FDE (BitLocker, FileVault, dm-crypt etc.). I thought it might be worthwhile to collect some of the potential software-only modifications that would protect against his attacks.
Archive for the 'Forensics' Category
In a recent incident a school server (not an ISIS server) was compromised. PHP code was injected that listened to and executed commands passed through a POST request with ‘www’ user privileges. Some of the commands that were run include id, pwd as well as directory searches and wgets of various files. The compromised machine also served as a hop in a pharmacy ad delivery scheme. It redirected HTTP requests for medications to a possible ‘mothership’ server. There is evidence that links to our server were posted as ads on websites like MySpace.
At ShmooCon ‘08 Simple Nomad heavily advertised the cause of forensiclicensing.com. Unknown to me and many others, many states are requiring that all practitioners of computer forensics become licensed, in this case by becoming a licensed Private Investigator. Simple Nomad described this as one of the greatest threats currently facing our community, however, I contend that this is not necessarily such a bad thing.
Nasir Memon, the professor who oversees much of our lab, was quoted in the above article relating to Adobe’s decision to include forgery detection plugins with the next version of Photoshop. Among the areas of research currently ongoing in ISIS, multimedia forensics, watermarking, and stegonography are some of the top for PhDs.
Loading ...
Recent Comments