So I remember sitting in a class in Graduate School talking about vulnerabilities via the Operating System when they started to theorize about exploits subverting using crazy methods like RAM and BIOS chips and graphics cards... weird how now all of these things have come to fruition.
Context IS wrote a blog about the vulnerabilities inherent in WebGL (Web Graphics Library) and what can be done with it. Basically WebGL allows for the rendering of 3D objects in the browser with Javascript. The issue is HOW it accomplishes this, digging into the GPU in the highly coveted and sacred kernel mode.
Khronos actually has a web page which is a PoC for causing a denial of service.CAUTION: This will probably crash your system. You have been warned.
Interestingly enough, another issue is the stealing of images. Context show a video of using the WebGL to basically scan an image line by line (its not that easy, but I am trying to get you to read their article), therefor ripping it from a site. I wonder if this could be used to snag those images used in mobile banking? How about 'watermarked' images?
Another indicator as to the potential danger of this, Microsoft does not seem to want to implement WebGL on IE (or at least by default as far as I can see) because of these very concerns. However, Chrome and Mozilla have it in their browsers.
It's crazy to think about all the ways a hacker can now pwn a system. My interest in this one is: what forensic artifacts (if any) would remain on the machine if this was used? Memory? Would we now have to somehow read the GPU to see what is in there?
An analysts job is never done.
Tuesday, June 21, 2011
Sunday, June 19, 2011
Well... thats one down
Autorun is still an issue? I thought people learned their lesson like 5 years ago? Apparently not but Microsoft has finally helped us all out by doing its best to disable autorun viruses and malware from working. Now using Micrsoft's Malicious software Removal Tool, ComputerWorld states there has been a "68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft's Malicious Software Remove Tool".
That is pretty impressive.
Of course this does not stop the malware that embeds itself in DLL's or in the registry, but it is helping to rid the 'low hanging fruits' and protect the Janes and Joes of the internet.
That is pretty impressive.
Of course this does not stop the malware that embeds itself in DLL's or in the registry, but it is helping to rid the 'low hanging fruits' and protect the Janes and Joes of the internet.
Friday, June 17, 2011
In an article in Livescience.com, the writer talked about if its necessary to pay for anti-virus. Now the article states (and I concur based on my own research) that there seems to be not a super huge difference in which one performs better. McAfee and Symantec, as well as other pay-for anti-virus companies, do seem to squeeze out better in newer threats (they seem to pump out heuristic signatures better), I really feel no one should really depend on anti-virus to be their last line of defence.
As any computer security person will say security needs to have layers (like an onion!) to be effective. Plus even if you have a free AV (I personally like AVG) you can still get some of those supposed 'bell and whistle' features some AV companies offer when you pay.
What I am trying to say is no matter what AV vendor you go for... you need to make sure you have additional features (host based or network based) to defend yourself.
As any computer security person will say security needs to have layers (like an onion!) to be effective. Plus even if you have a free AV (I personally like AVG) you can still get some of those supposed 'bell and whistle' features some AV companies offer when you pay.
- Firewall type behavior: why not jut GET a firewall? Comodo gives you a free firewall (its also AV) and even tells you when connections are attempted inbound/outbound. This will annoy people who just like to have a 'hands off' experience. Or those who got annoyed by Vista asking you permission to do things all the time. Microsoft also offers a free firewall for (duh) Windows users.
- Sandbox: When you sandbox an application, it protects itself (and other applications) in case something goes awry... like a buffer overflow. So in theory, if your IE gets pwned, it can't inject itself into other running processes. Google Chrome using sandboxing isolation by default to help prevent malicious attacks. You can run IE and Mozilla (or any browser) in a sandbox like SandBoxie to keep your internet browser 'isolated'. Consider it the black sheep of the family.
- Web Surfing: There are many sites you can visit which check the legitness of a website. McAfee has SiteAdvisor, Symantec has Norton has SafeWeb. However Web of Trust has a add-on for the major browsers which lists right next to the link if its been considered 'trusted' by the community (which anyone can join) and other sites (like PhishTank). AVG also offers this type of service as well for web browsing.
What I am trying to say is no matter what AV vendor you go for... you need to make sure you have additional features (host based or network based) to defend yourself.
Photo Fun
Lightroom is an amazing piece of software. Think like Photoshop but for the poor(ish). Sure it does not have some of the super spanky features like the absolutely insane "highlight something and we can make it disappear and render what we think would be there" button but for most (normal) editng needs, Lightroom does the trick.
This tutorial on earthboundlight.com shows how to use the sharpening tools in Lightroom. I also found out I can use the 'ALT' key to show a photo in black & white as sometimes color skews your judgement.
Photojojo also had some fun ideas on with shadows. Shadows are one of those things you just can't avoid (yay science!) so why not play with them? Another idea which I find fun is going to your local Science Museum and finding a photo-sensitive wall and photographing your shadows doing some silly things.
Thursday, June 16, 2011
Back in the Saddle Again..
Current Mood: unemployed
Current Movie: Indiana Jones and the Last Crusade
So I have been unemployed now for about a month. For two weeks though I was hiking the Coast to Coast trail, a 191 mile trek from the Irish Sea to the North Sea in England. You can read all about that here if you'd like. It was freaking awesome. I know its weird for a geek to be out actually enjoying the outdoors, but, well I guess I am a bit different :)
So I have already become tired of daytime television and at the moment do not feel like walking too much right now. So I decided it would be best to maybe stay semi-involved in the computer security realm so my brain does not become like mushy peas (which are quite tasty!)
So back when I was working as a contractor for Symantec I wrote a perl script which automated many of the processes of Rob Lee's SuperTimeline. Basically enter a few parameters and then go for a coffee break. Theoretically when you came back (some might say this is dependent on the size of the image you are parsing, I say its based on the distance to the coffee shop) you have a nice Excel spreadsheet waiting for you to look at.
Now this was helpful in a few of the investigations I did, so now I suppose I have to rewrite it. This is fine because now it can be bigger, faster, stronger. I have seen a lot of interesting tools out there which would make the timeline more interesting, or if anything automate forensic analysis to make life just a tad easier.
I hope to use this blog to highlight the interesting things going on in the security/forensics community.
So sit tight... and let the games begin.
Current Movie: Indiana Jones and the Last Crusade
So I have been unemployed now for about a month. For two weeks though I was hiking the Coast to Coast trail, a 191 mile trek from the Irish Sea to the North Sea in England. You can read all about that here if you'd like. It was freaking awesome. I know its weird for a geek to be out actually enjoying the outdoors, but, well I guess I am a bit different :)
So I have already become tired of daytime television and at the moment do not feel like walking too much right now. So I decided it would be best to maybe stay semi-involved in the computer security realm so my brain does not become like mushy peas (which are quite tasty!)
So back when I was working as a contractor for Symantec I wrote a perl script which automated many of the processes of Rob Lee's SuperTimeline. Basically enter a few parameters and then go for a coffee break. Theoretically when you came back (some might say this is dependent on the size of the image you are parsing, I say its based on the distance to the coffee shop) you have a nice Excel spreadsheet waiting for you to look at.
Now this was helpful in a few of the investigations I did, so now I suppose I have to rewrite it. This is fine because now it can be bigger, faster, stronger. I have seen a lot of interesting tools out there which would make the timeline more interesting, or if anything automate forensic analysis to make life just a tad easier.
I hope to use this blog to highlight the interesting things going on in the security/forensics community.
So sit tight... and let the games begin.
Subscribe to:
Posts (Atom)