Digital forensics and hardware identification

| 0 comments

I thought I would sit down and begin a series of articles surrounding digital forensics with hardware identification being the lead in. The subject of forensics is one that I personally have not placed a great deal of effort and recently I took the Computer Hacking Forensic Investigator training from EC-Council. On day one, I knew I was hooked and it may not be for reason that you may suspect. I enjoy hacking from a white hat perspective and understanding the black hats is key to being successful. Ironically on day one of the training, I quickly learned that my knowledge and skills were very quickly put to use in the area of forensics. In fact, the more I think about this, the more sense it makes. We all can learn the legal process, which includes process, paperwork, documentation and etc., but I believe the forensics investigator would perform much better with a solid understanding of programming, hardware, network security, and so much more. The Tools I am not going to get into the process of forensics itself, rather I want to cover tools, particularly on the Linux platform. For example, on my trusty MacBook Pro I go to “About …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I have done thus far. I took advantage of the vast skill and knowledge that is at this event. There are some very smart people here! Where else can you gather thousands of hackers, security professionals, and hobbyist into a single location where opportunity is everywhere around you? Personally, I have spent very little time in the speaking events with the exception being the WiFi Village where I sat in on the latest news about the Pineapple Mark V firmware that dropped today. Rather, I took a clean laptop, an external USB hard drive, a Pineapple Mark IV, and a burner …

Continue reading

Resize an image the quick and simple way

| 0 comments

It is no secret that I have been getting more and move involved with digital photography and I really enjoy shooting water landscapes with the Canon EF 70-200mm f/4 L IS USM lens. The one hurdle that I continue to face, beyond learning all that I can about photography, is being productive during post processing. The fact is it very easy to go out and shoot hundreds of photos depending on where I am. Getting back home and turning to Adobe Lightroom and Adobe Photoshop, I end up spending much more time than I should in post processing. To that end, I am sure like anything else in life the more you work at something the better you will get. To ensure that I did not start my journey in digital photography out with bad habits, I decided early on that I was going to shoot in RAW. To that end the photos are very large and while the size typically is not an issue, there are times when I do not need a photo that is 5134×3456. Therefore, I sat out looking for a way to resize my images in the most cost effective way that I could find. …

Continue reading

Email and file security using GPGTools

| 0 comments

Here we are talking about encryption again. Those men in black seem to be everywhere these days and I am not sure about you, but trust seems to be more and more difficult to come by these days. Before I get started about the use of GPGTools, I want to step up to the soapbox and talk a little bit about email phishing since this post is addressing email security. Phishing is a type of fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details or any other types confidential information. Phishing emails usually take the form of realistic looking communication from banks, providers, e-pay systems and other organizations. The communication will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. Phishing attacks are becoming more advanced in their exploitation of social engineering techniques. More often than not there is some type of underlying penalty. For example, “if you do not provide your personal data by the end of the month, your account will be locked”. Ironically, it is not uncommon to see references to the necessity of improving anti-phishing systems as …

Continue reading

TrueCrypt goes dark

| 0 comments

Today was an interesting day in term of security within the encryption community. The developers of TrueCrypt have made the following statement: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” It is not clear exactly what is driving this decision and one can only guess at this point unless the development team comes out an conclusively comments on what the driving factor was. What makes this even more interesting, at least from my perspective, is the fact a security audit was just completed in April 2014. At that time, the phase 1 audit did not report any massive vulnerabilities and the general news was while the code could be better, there was no evidence that there were any concerns about the safety and use of encryption, especially with all of the concerns and reports around the National Security Agency (NSA). I have also seen reports that the May 21st password reset notice from SourceForge may have contributed to the demise of TrueCrypt, but there is no indication that I am aware of that SourceForge may have been hacked. However, anything is possible and depending upon the level of a hack it is in fact feasible …

Continue reading