Examples include:

• GSM mobile phones have an identifier for the phone (separate from the identifier for the user) that can be blacklisted when the phone is stolen.
• Some car radios will stop working when the battery is disconnected, and only start working again when a numeric code is entered. This is intended to deter theft of the radio.
• In Windows Vista, Bitlocker can be used to encrypt files. One of the intended applications for this is that if someone steals your laptop, it will be difficult for them to gain access to your encrypted files.

Ross told a story of what happened when he needed to disconnect the battery on his car: the radio stopped working, and the code he had been given to reactivate it didn’t work - it was the wrong code.
Ross argues that these reactivation codes are unecessary, because other measures taken by the car manufacturers - such as making radios non-standard sizes, and hence not refittable in other car models - have made them redundant.

I described how the motherboard on a laptop had needed to be replaced recently. The motherboard contains the TPM chip, which contains the encryption keys needed to decrypt files protected with Bitlocker. If you replace the motherboard, the files on your hard disk will become unreadable, even if the disk is physically OK. Domain-joined Vista machines can be configured so that a sysadmin somewhere within your organization is able to recover the keys when this happens.

Both of these situations suffer from classic usability problems: the recovery procedures are invoked rarely (so users may not know what they’re supposed to do), and, if your system is configured incorrectly, you only find out when it is too late: you key in the code to your radio and it remains a doorstop; the admin you hoped was escrowing your keys turns out not to have the private key corresponding to the public key you were encrypting under (or, more subtly: the person with the authority to ask for your laptop’s key to be recovered is not you, because the appropriate admin has the wrong name for the laptop’s owner in their database).

I also described what happens when an XBox 360 is stolen. When you buy XBox downloadable content, you buy two licenses: one that’s valid on any XBox, as long as you’re logged in to XBox live; and one that’s valid on just your XBox, regardless of who’s logged in. If a burglar steals your Xbox, and you buy a new one, you need to get another license of the second type (for all the other people in your household who make use of it). The software makes this awkward, because it knows that you already have a license of the first type, and assumes that you couldn’t possibly want to buy it again. The work-around is to get a new email address, a new Microsoft Live Account, and a new Gamer Tag, and use these to repurchase the license. You can’t just change the gamertag, because XBox live doesn’t let the same Microsoft Live account have two gamertags. And yes, I know, your buddies in the MMORPG you were playing know you by your gamertag, so you don’t want to change it.

I was reading an article in Information Week tonight about a case going to the 9th Circuit Court of Appeals about the governments right to search, seize and copy laptops and other electronic devices at our borders.  Two groups that don't often find themselves on the same side of issues, the Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) have filed briefs with the court asking them to strike down a lower courts ruling that granted the government these broad powers to confiscate laptops.

As the article points out here in the US there was quite an uproar about China "slurping" laptops from people on travel there, but we seem to think it is OK for our government to do it.  Well at least our government is telling people they are doing it.  What they are not telling us is what they are doing with the data after they search or copy it.  How do we know, no US security but nevertheless confidential data is being secured and or destroyed promptly?  The government telling us "trust me" just doesn't cut it.

However, I think technology is going to pose a bigger problem for the government regardless of whether the court upholds the governments position. I think any terrorist or other bad guy would never have confidential data on their laptop that is not encrypted.  In fact with full disk encryption coming to the masses from the likes of McAfee and others, what will the government do?  Sure they can take the encrypted data to the NSA and let them brute force the keys, but that sounds impractical.  Perhaps, the TSA will demand encryption vendors to put in a back door or secret key that will allow the TSA to decrypt the data similar to what they do with the special luggage locks now.

I know what they can do. Perhaps they can go back to Checkpoint and find out for sure about those back doors that they always suspected was in their software and see if it is there for sure. If so the government can appoint Checkpoint the official encryption vendor for laptops ;-)  Just kidding of course, but really guys.  What self-respecting bad guy is not going to encrypt their data knowing the government has a right to search their laptop.  I think it makes this whole case much ado about nothing.

I was reading an article in Information Week tonight about a case going to the 9th Circuit Court of Appeals about the governments right to search, seize and copy laptops and other electronic devices at our borders.  Two groups that don't often find themselves on the same side of issues, the Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) have filed briefs with the court asking them to strike down a lower courts ruling that granted the government these broad powers to confiscate laptops.

As the article points out here in the US there was quite an uproar about China "slurping" laptops from people on travel there, but we seem to think it is OK for our government to do it.  Well at least our government is telling people they are doing it.  What they are not telling us is what they are doing with the data after they search or copy it.  How do we know, no US security but nevertheless confidential data is being secured and or destroyed promptly?  The government telling us "trust me" just doesn't cut it.

However, I think technology is going to pose a bigger problem for the government regardless of whether the court upholds the governments position. I think any terrorist or other bad guy would never have confidential data on their laptop that is not encrypted.  In fact with full disk encryption coming to the masses from the likes of McAfee and others, what will the government do?  Sure they can take the encrypted data to the NSA and let them brute force the keys, but that sounds impractical.  Perhaps, the TSA will demand encryption vendors to put in a back door or secret key that will allow the TSA to decrypt the data similar to what they do with the special luggage locks now.

I know what they can do. Perhaps they can go back to Checkpoint and find out for sure about those back doors that they always suspected was in their software and see if it is there for sure. If so the government can appoint Checkpoint the official encryption vendor for laptops ;-)  Just kidding of course, but really guys.  What self-respecting bad guy is not going to encrypt their data knowing the government has a right to search their laptop.  I think it makes this whole case much ado about nothing.

Enjoy.]]> Mon, 19 May 2008 02:36:31 +0000 nemesis nemesis-ip nemesis-rip nemesis-igmp nemesis-icmp nemesis-arp nemesis-tcp ettercap plugins ettercap BackTrack Beta 3 Man Pages http://securityratty.com/article/40186d92f5cac8291c8e4722ba6916a4 http://securityratty.com/article/40186d92f5cac8291c8e4722ba6916a4 aircrack-ng, airdecap-ng, airdriver-ng, aireplay-ng, airmon-ng, airodump-ng, airolib-ng, airpwn, airsev-ng, airsnort, airtun-ng, amap, ascii-xfr, atftp, bison, bsqldb, buddy-ng, cabextract, catdoc, catppt, datacopy, dcfldd, decrypt, defncopy, dhcpdump, dmitry, dos2unix, dupemap, easside-ng, etherape, flex, foremost, freebcp, gencases, getattach.pl, hexedit, httpcapture, ike-scan, ivstools, kstats, mac2unix, macchanger, magicrescue, magicsort, makeivs-ng, mboxgrep, minicom, nemesis-arp, nemesis-dns, nemesis-ethernet, nemesis-icmp, nemesis-igmp, nemesis-ip, nemesis-ospf, nemesis-rip, nemesis-tcp, nemesis-udp, nemesis, netcat, nmap, nmapfe, obexftp, obexftpd, p0f, packetforge-ng, psk-crack, rain, runscript, scrollkeeper-config, scrollkeeper-gen-seriesid, sipsak, socat, tcptraceroute, truecrypt, tsql, unicornscan, vomit, wesside-ng, wordview, xls2csv, xminicom, xnmap, gdbm, etter.conf, scrollkeeper.conf, sudoers, scrollkeeper,  80211debug, 80211stats, arpspoof, atftpd, athchans, athctrl, athdebug, athkey, athstats, ath_info, dnsspoof, dnstracer, dsniff, ettercap, ettercap_curses, ettercap_plugins, etterfilter, etterlog, filesnarf, fping, fragroute, fragtest, hping2, hping3, in.tftpd, macof, mailsnarf, msgsnarf, netdiscover, packit, scrollkeeper-preinstall, scrollkeeper-rebuilddb, scrollkeeper-update, sing, sshmitm, sshow, sudo, sudoedit, tcpick, tcpick_italian, tcpkill, tcpnice, tinyproxy, urlsnarf, visudo, webmitm, webspy, wlanconfig

Enjoy.

Enjoy.]]> Mon, 19 May 2008 02:36:31 +0000 nemesis nemesis-ip nemesis-rip nemesis-igmp nemesis-icmp nemesis-arp nemesis-tcp ettercap plugins ettercap BackTrack Beta 3 Man Pages http://securityratty.com/article/e297067f93f6acf9398b990863e184c6 http://securityratty.com/article/e297067f93f6acf9398b990863e184c6 Really:

More news here. Commentary here.

How long before this device is in the hands of the hacker community? Days? Months? They had it before it was released?

EDITED TO ADD (4/30): Seems that these are not Microsoft-developed tools:

COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.

Microsoft wouldn't disclose which tools are in the suite other than that they're all publicly available, but a forensic expert told me that when he tested the product last year it included standard forensic products like Windows Forensic Toolchest (WFT) and RootkitRevealer.

With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.

And it's certainly not a back door, as TechDirt claims.

But given that a Federal court has ruled that border guards can search laptop computers without cause, this tool might see wider use than Microsoft anticipated.