Skip to main content

Posts

Showing posts from April, 2016

Misgivings about the Internet of Things and hyper-interconnectedness

Last night I heard a lecture delivered by a chap from HPE - HP Enterprise for those of you who forget about their big breakup. He is in charge of innovation in the Asia Pacific region and he spoke a lot about the Internet of Things (IoT), drones, driverless cars etc. Sure, we really are moving towards a world where human interaction becomes far less of a factor when driving, delivering packages or even turning on the lights at home... It really got me thinking about the impact to humanity and whether the pros will outweigh the cons. The hyper-interconnectedness of the world has it's upside but I think it's darker downside needs light shone on it. If your whole house is wired with sensors, motors and control units, then is it a stretch to muse on when the first house is compromised? If an attacker took control of your home just what could he do with it? Annoy you with the lights going on or off, tracking your movements throughout the place, knowing when you're asleep and t

More on Digital Forensics

So the SIFT workstation is up and running - almost. My slow internet connection is making the updating take a long time. Yesterday it ran almost all day to get SIFT on the machine. Lots of changes from stock Ubuntu - app installs, timezone changes, and the theme has been tarted up. I looked at the digital images yesterday and thought about how to go about all of this. It's a little bit more complex than I thought. I know what I want, and I know what the output should be, its the pesky bits in the middle that are causing me some annoyance. Specifically the steganography output and how to carve the text files to get into what is clearly inside them. They are far too large for the text that they have. I understand the methodology - it's quite clearly outlined in the text book, but there's a big difference between having your head around that and applying it. In order to write the report I have step through things fairly systematically - it's the way the old brain works

The Foray into Digital Forensics

As part of  my tertiary studies I'm now working on Digital Forensics. Our latest assignment includes some steganography, some bit shifting and writing a forensic report on a made-up or actual scenario that we find or invent. I thought it might of use to write a bit about the experience I'm having getting into this. From the course we are supplied a variety of different tools with a variety of different capabilities. Being a Linux chap, I thought it would be cool to go into the open source tools. Running ElementaryOS on laptop has made this difficult and more than a little frustrating. Perhaps because I'm not big on what the best tools are, or the install methods - but I'm experiencing annoyance. I'm currently downloading Ubuntu 14.04 Desktop to put the SANS Investigative Forensic Toolkit (SIFT) version 3 on it. Details on SIFT can be found at  http://digital-forensics.sans.org/community/downloads . I'll work this later - I'm still waiting on Ubuntu to down

The rise of ransomware and the devil that is Cryptolocker

Over time, with advancements in anti-virus and anti-spyware, the ne'er do wells would eventually evolve. Their cunning and understanding of human behaviour has resulted in the devil that is ransomware . An innocent email from Australia Post arrives or a letter from the Australian Federal Police turns up in your inbox - most people are curious, even excited by an unexpected package, or concerned about a letter from the AFP and so they click the link. Boom! All their data starts to be infected - encrypted with heavy encryption and a lovely letter to say pay us or never get your stuff back. We've seen it live and in the field on at least 5 occasions and had one or two clients actually pay the ransom - buying their Bitcoins and getting their decryption key back. Sadly, we've had people try this only to find out the website they need to talk to has been closed down by the authorities and their data irretrievably lost - until we restore it from backups that is... but sometimes

XenServer 6.5 and Windows Server 2012 Slowness

Recently at more than one site we've been experiencing slowness with file transfers, and general 2012 behaviour. It's maddening because task manager, the performance monitor and XenCentre show very little to no load across the servers. Having reviewed it more thoroughly and turned off Windows file security and made no progress, we've started looking into the hardware that makes up our XenServers. It's a bit of a mis-mash of gear - an IBM x3650 and a generic sort of a server make up the two physical hosts. They don't have a huge amount of power under the hood, but run a couple of VMs quite well. The 2012 server runs appalling though and I think I've figure it out. The x3650 has a Broadcom chipset on the network cards and this doesn't play well with others. The other generic beast of a machine has an Intel chipset on it's network cards and it runs fine. Yesterday I installed an Intel network adaptor into the x3650 and lo and behold, it's running be