Not a documented case of theft, but more research into how to steal a car using antennas. Using antennas the researchers has shown that a simple relay between contact less keys and the car they protect can open the doors and start the engine.
As I read the article the designers of this system has overlooked a fundamental threat to the key lock system. This shows that threat modelling is very important and time used on that is time wisely spent. It is also in my opinion an example of what happens when you introduces new technology into tried and tested security systems in order to remove or mitigate a perceived inconvenience. Most often the tradeoff is not in the intrest of the user in the end.
Doing forensic investigations and incident response one of the most important things is to keep a good toolbox. If you have a good basic set of tools that you know well it is better than a lot of tools that you’re barely able to use.
I thought I’d share some of the tools I use for forensic investigations. This is not a complete list, but it is the basic set of tools I use nearly every time I do forensic stuff.
- dd command from linux to aquire images.
- dd_rescue for those hard to image disks with strange errors, or doing data recovery.
- The Sleuth Kit by Brian Carrier, for doing actual investigations
- Autopsy Browser by Brian Carrier, which reduces the complexity of the Sleuth Kit
- RegRipper by Harlan Carvey, very useful to dig out information from the registry.
I’ve created a page on this site where I’ll update the tools list as I remeber them and use them. But the above are the basic tools I use a lot.
CSIS Security Group has published a Carberp detection tool. The tool will detect the Carberp information stealer if present on the computer. The Carberp gang is targeting netbanks, and is a serious threat at the moment.
The detection tool is also included in Heimdal, which is another security application from CSIS. Heimdal keeps the most targeted 3rd party software like Adobe Acrobat Reader updated. It is lightweight and works mostly in the background.
So I finally decided to move the blog here. this step will merge my Alrudin identity with my real identity. Not that it was a secret but for a little while I was keeping the identities separate. Now I don’t think I care.
So now I have to spend some time to fix the site up to work as I want it to, and I’ll have to find something to blog about.
I guess I should introduce myself at this time. I’m a IT security geek and I’ve been into IT security for 14 years now. I started with firewalls and network security, but have since then been around a lot of stuff. Right now I mainly do penetration testing and IT forensic work.
The last step is actually easy, as this blog will be about IT security in it’s many forms. The reason I started to blog again is because I now are in the process of setting up a SANS mentor class in Computer Forensic Investigations and Incident Response FOR508. I’m looking forward to doing this a lot. The actual start of the class will be in August sometime. I’ll post the start date when it’s official along with a link to the SANS page.