This was looking like it could have been a great story for the conspiracy theorists in all of us: Microsoft is helping law enforcement agencies by giving them USB keys with forensics tools to help with cybercrime investigations. It can ‘decrypt passwords and analyze a computer’s internet activity’, something every good law enforcement agent needs. The Computer Online Forensic Evidence Extractor (Cofee) offers up 150 commands (what do they mean by ‘command’? Is that 150 tools or one tool with 150 commands?) and makes it easier for beleaguered cops to perform an investigation.
A number of people, most notably Mike Masnick, have jumped to the conclusion that this offers some sort of back door to law enforcement. Ed Bott fires back calling this inflammatory and rants a bit against the echo chamber that is the blogosphere. I can see why Mike would jump to the conclusion he did, that Microsoft was offering up some special sauce for criminal investigators, but as Ed points out, the tools included on the USB drive are all available elsewhere, MS has just made easier by putting them on one USB key.
Ed also points out another thing: the bad guys have had USB keys that do most, if not all, of the same things for years. The USB Switchblade works wonders, is freely available and probably is more dangerous than any of the tools in the Cofee suite. I wouldn’t be surprised if some of the more savvy forensics investigators haven’t been carrying USB Switchblades around for a couple of years.
This is twice in a week that I know of computer crime stories got blown out of proportion. Is it a trend or just a blip in the statistics? All I know is it feels weird to not be on the side being called paranoid.
One of the things I have always hated about blogging is having to administer the web site. Moving to a hosted solution (Bluehost) earlier this year made life much easier, but there are still some issues I have to manage. One example is upgrading the WordPress version, which Bluehost helps with by providing Fantastico and SimpleScripts to do scripted updates. Fantastico is good, but they’re a little slow to provide updates. SimpleScript also looks good, but the verbiage in the update makes it sound like they overwrite the whole directory, not a good thing. So I found a WordPress plugin that handles all the messy stuff for me, Automatic Upgrade.
I’m not a total wimp when it comes to this sort of upgrade, but I’d rather have it done by a script that hopefully won’t hit the wrong key at the wrong time, something I’m prone to do. I like the fact that it backs up both the WordPress directories and the database for you before proceeding with the upgrade. It was good at disabling all of the other plugins I had running on the site, but was no where near as good about bringing them back up. That was a minor concern and gave me a good reason to update all the plugins too.
With a vulnerability in the WordPress 2.x installation that can result in admin access to your site, you’ll want to get upgraded as quickly as possible. I like my hosting company, but I can’t expect them to make upgrades to my site their first priority. So I have to make it one of mine.
I had high hopes for The Evolution of Security when the TSA first started letting their personnel blog. I was hoping they would be able to explain what, if any, impact the policies currently in place at airports have. I expected to see enlightening posts about how taking off our shoes not only represents a tiny inconvenience but makes us measurably more secure. I wanted something other than cute puppies.
Okay, they are cute. And the article does explain little about what the puppies will be used for. But the main thrust of the post is about how cute the puppies are and how you can adopt one if you live in the San Antonio area (or in prison). Definitely makes me feel safer when I’m flying the annoying skies.
I flew to DC and back last week and I’ve learned how to get through the lines in the least amount of time, barring the use of a Clear card. I wear slip on dress shoes, I leave my keys in my carry-on bag and I leave the knives home on the dresser. I never take my toiletry bag out of my luggage, I’ve never used a 1-quart bag for liquids and I’ve accidentally slipped a knife through over a dozen x-ray machines before it was ever found. So tell me how these security measures which I bypass almost every flight make me safer?
I know there’s a fine line between revealing enough to make cynics like me happy and telling so much that the bad guys are able to come up with countermeasures. But the reality is, someone who’s a bad guy is probably taking a lot more time to examine airport security measures than I am and could come up with a dozen other easy to bypass security measures. As a flight attendant told me last week, if a bad guy really wanted to attack planes, the real security weakness is the flight crew and other personnel, not the passengers. They’re the one’s who have nearly unlimited access to the planes.
Don’t even get me started on ‘passenger engagement‘. Everyone flying is stressed, so a process that relies on observing stress factors by the average TSA agent is just ludicrous. How do you tell stressed because they’re carrying a bomb from stressed because the TSA wants them to try their own baby food?
Researchers at the University of Washington want to use their own botnet to fight malicious botnets on the Internet. Basically, the paper suggests using a swarm of the Phalanx, the name of their system, computers as proxies with a small crypto-puzzle being required of the connecting computer at the start of the conversation. It would hopefully slow down or eliminate DDoS attacks by making the attacking botnet perform a massive amount of aggregate computations, thus limiting their effectiveness.
I see a number of problems with this approach, not the least of which is the fact that it would need to have a distributed DNS architecture that trusts the Phalanx system to work. If the Phalanx system itself was compromised, the potential for damage far outweighs any benefit that it might have created. While DDoS is still a problem, it’s not a common problem and it’s one that there are already a number of solutions for. The changes this would require and the potential vulnerabilities far outweigh the potential gain. Additionally, the thought of adding home computers to this proxy botnet adds a whole additional layer of security concerns, primarily more worries about the whole system being compromised and used to promote the exact sort of DDoS it was designed to prevent.
All in all, this is an interesting intellectual exercise, but nothing that’s actually going to see the light of day. At least it’s not a rehash of the ‘let’s infect computers with a friendly virus to combat malicious viruses’ concept.