Archive for January, 1970
Digital Image Ballistics from JPEG Quantization
"Most digital cameras export images in the JPEG file format. This lossy compression scheme employs a quantization table that controls the amount of compression achieved. Different cameras typically employ different tables. A comparison of an image's quantization scheme to a database of known cameras affords a simple technique for confirming or denying an image's source. Similarly, comparison to a database of photo-editing software can be used in a forensic setting to determine if an image was edited after its original recording."
[read .pdf]
[read .pdf]
Caller ID Spoofing Hits Pennsylvania Rep
"Last fall, U.S. Rep. Tim Murphy's office started getting phone calls from constituents who complained about receiving recorded phone messages that bad-mouthed Murphy.
The constituents were especially upset that the messages appeared to come from the congressman's own office. At least, that's what Caller ID said.
'People thought we were making the calls,' Murphy said.
The calls, which the Pennsylvania Republican estimated in the thousands, were apparently placed with fake Caller ID. That has been possible for a long time, but it generally required special hardware and technical savvy.
In the last few years, Caller ID spoofing has become much easier. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several Web sites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware."
[read full article]
The constituents were especially upset that the messages appeared to come from the congressman's own office. At least, that's what Caller ID said.
'People thought we were making the calls,' Murphy said.
The calls, which the Pennsylvania Republican estimated in the thousands, were apparently placed with fake Caller ID. That has been possible for a long time, but it generally required special hardware and technical savvy.
In the last few years, Caller ID spoofing has become much easier. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several Web sites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware."
[read full article]
VoIP and Distributed Denial of Service Attacks
"Internet telephone applications like Skype and Vonage could become hacker hideouts, a group of technologists and academics funded by MIT and Cambridge University said Thursday.
According to the Communications Research Network (CRN), voice-over-Internet (VoIP) software could give perfect cover for launching denial-of-service (DoS)
According to the Communications Research Network (CRN), voice-over-Internet (VoIP) software could give perfect cover for launching denial-of-service (DoS)
attacks.
Jon Crowcroft, a Cambridge professor and the lead CRN researcher on the problem, noted that if botnet 'herders,' the term given to attackers who control large numbers of bot-infected PCs, turn to VoIP applications for command and control, security experts might find it impossible to trace back an attack to the perpetrator.
Current practice by most botnet herders is to issue commands to their armies of 'zombie' machines over IRC (Internet Relay Chat) channels, or less frequently, via instant messaging (IM).
Crowcroft argued that attackers could use VoIP's ability to dial in and out of its overlays to make their tracks impossible to trace. In addition, proprietary protocols -- in some cases used by VoIP software to ensure ISPs can't block their applications -- make it tough for providers to track DoS attacks. Ditto for the encryption these applications offer and their peer-to-peer approach to routing packets."
[read full article]Podcast: Digital Forensics and Hacking Investigations, Part 4
In Part 4 of this series, we discuss network forensics and misuse investigations; different types of devices that may hold suspect data or evidence; introduction to the 7-layer OSI model; network forensics and the role of sniffers and protocol analysis software; the function of network interface cards and layer-2 content inspection; overview of how a NIC works; overview of how a sniffer works; introduction to promiscuous mode; the 4 ways to capture traffic for network forensics; introduction to spanning and mirroring switch ports; introduction to buffered and unbuffered network taps; layer-2 transparent bridging concepts; 8-track hubs and building a receive-only ethernet cable; reasons why ARP cache poisoning shouldn't be used for network forensics; defeating name resolution-based promiscuous mode detection; defeating specially crafted ARP and malformed multicast-based promiscuous mode detection; default snaplengths and configuring a sniffer for full packet capture; introduction to tcpdump and windump; issues with Win32-derived packet capture libraries; introduction to the Network Toolkit from CACE Technologies; and more.
This LiveAmmo Podcast is in .mp3 format, 00:36:15 in duration, and a 17.4 MB download.
Copy and paste our Podcast feed URL into your Podcasting client to subscribe:
http://feeds.feedburner.com/LiveAmmoRadio
Apple iTunes users click here:
LiveAmmo Odeo Channel:
For past episodes, visit the LiveAmmo Podcast Archives.
New to Podcasting? Download a free software client today and tune in on your MP3 player or PC:
Apple iTunes (Windows or Mac)
Doppler (Windows, Windows PocketPC, Windows Mobile)
Juice (Windows, Mac, FreeBSD, and Linux)
[download .mp3]
This LiveAmmo Podcast is in .mp3 format, 00:36:15 in duration, and a 17.4 MB download.
Copy and paste our Podcast feed URL into your Podcasting client to subscribe:
http://feeds.feedburner.com/LiveAmmoRadio
Apple iTunes users click here:
LiveAmmo Odeo Channel:
For past episodes, visit the LiveAmmo Podcast Archives.
New to Podcasting? Download a free software client today and tune in on your MP3 player or PC:
Apple iTunes (Windows or Mac)
Doppler (Windows, Windows PocketPC, Windows Mobile)
Juice (Windows, Mac, FreeBSD, and Linux)
[download .mp3]
Fuzzy logic behind Bush’s cybercrime treaty
"Bush claims the treaty, formally approved by a Senate committee this month, will 'deny safe havens to criminals, including terrorists, who can cause damage to U.S. interests from abroad, using computer systems.'
But in reality, the Convention on Cybercrime will endanger Americans' privacy and civil liberties--and place the FBI's massive surveillance apparatus at the disposal of nations with much less respect for individual liberties.
For instance, if the U.S. and Russia ratify it, President Vladimir Putin would be able to invoke the treaty's powers to unmask anonymous critics on U.S.-based Web sites and perhaps even snoop on their e-mail correspondence. This is no theoretical quibble: The onetime KGB apparatchik has squelched freedom of speech inside Russia and regularly muzzles journalists and critics.
There's an easy fix. The U.S. Senate could attach an amendment to the treaty saying the FBI may aid other nations only if the alleged 'crime' in their country also is a crime here. The concept is called dual criminality, and the treaty lets nations choose that option."
[read full article]
But in reality, the Convention on Cybercrime will endanger Americans' privacy and civil liberties--and place the FBI's massive surveillance apparatus at the disposal of nations with much less respect for individual liberties.
For instance, if the U.S. and Russia ratify it, President Vladimir Putin would be able to invoke the treaty's powers to unmask anonymous critics on U.S.-based Web sites and perhaps even snoop on their e-mail correspondence. This is no theoretical quibble: The onetime KGB apparatchik has squelched freedom of speech inside Russia and regularly muzzles journalists and critics.
There's an easy fix. The U.S. Senate could attach an amendment to the treaty saying the FBI may aid other nations only if the alleged 'crime' in their country also is a crime here. The concept is called dual criminality, and the treaty lets nations choose that option."
[read full article]