A Django site.
July 26, 2010

Inside Security News
insecnews
is about »
» iPad and iTunes file recovery of Smart Recorder Files

This solution is only for Mac’s. Use the following information at your own risk. If you have an iPad (I would imagine it is the same for iPhones) and you have recorded something with Smart Recorder (or Smart Recorder Lite) and … Continue reading

December 4, 2009

Inside Security News
insecnews
is about »
» MS COFEE for live comp. forensics

It is all about the COFEE [1] that will keep you awake. In this case, ahead of the game. Microsoft’s COFEE (Computer Online Forensics Evidence Extractor) [1] is out and about, making the rounds on the Internet underground (and overground, “freedom of speech” sites). This is what happens when you try to keep something secret, everyone wants it.

I understand the motives to keep it hush hush, but from what I hear the tool set is compromised of basic programs you can find on a Windows OS and at Microsoft online (old Sysinternals tool set, now part of Microsoft).

Will Anti-forensics kick in and destroy your acquisition? Well to be honest if the tools are the ones you find on a Windows OS, then any rootkit installed on the machine will feed any tool talking to the OS false data anyway. Nothing new there! Once again proving that usual computer forensics still will be required to extrapolate the information.

What about the volatile information lost after a shutdown, that has been captured by this tool set. That is why it is called volatile (it lives for a short period) and good luck in piecing things together after imaging the drive. It will provide valuable information that you would not have otherwise but how will it be proven in court is another matter altogether. It would not be a hard subject if everything was handed to you in a silver-platter-report every time.

[1] – http://wikileaks.org/wiki/Microsoft_COFEE_%28Computer_Online_Forensics_Evidence_Extractor%29_tool_and_documentation%2C_Sep_2009

November 9, 2009

Inside Security News
insecnews
is about »
» iPhone: myPhone on lock-down

…and you thought you were the only person to have the privilege of locking your iPhones screen. Think again. Once again a stunt and proof of concept demonstrates that high tech. mobile devices can be manipulated and possibly locked down by malicious people, leaving the users at their mercy. In some cases even try to get you to part with your money. This was demonstrated with the iPhone ‘Your iPhone’s been hacked’ stunt as reported [1] by Wired.

It appears that jailbroken iPhones have SSH and a default root password (if not changed), allowing full remote access to the phone. It is that easy. The users are lucky that the creator didn’t start locking the devices as we have seen with ransomware (malware that requests ransom to decrypt data or unlock a pc).

I would not be surprised if Apple didn’t try to use this problem to demonstrate to people that jailbreaking the iPhone will mean that you are taking avoidable risks and that you are not being protected to the fullest.

[1] Wired – Hacker holds Dutch iPhones for EUR5 ransom – http://www.wired.co.uk/news/archive/2009-11/04/hacker-holds-dutch-iphones-for-EUR5-ransom.aspx