Hackers have managed to jailbreak T-Mobile's new G1 phone by exploiting a gaping loophole in Android, the open source operating system supplied by Google.
22:54 Tips for starting a security careerI know I’m not the only security professional who get’s the question “How do I get started in Information Security?” It’s not a simple question to answer; you don’t simply go get a degree in security then get a job. Every one I know has taken their own, unique path to get into information security [...] >>>
21:30 Obama-related spammed trojan propagating worldwideSeveral security companies including F-Secure, Sunbelt, and my employer Cloudmark (disclosure) are reporting a large volume of Obama-related spam that links to malware. This is just the latest twist on the long-running theme of social engineering end users into installing web-based malware.
The lures consist of e-mails with subject lines like:
Obama win preferred in [...] >>>
Sophisticated overseas hackers broke in to the computer systems of both the Barack Obama and John McCain campaigns and stole a large amount of data, according to an article published Wednesday by Newsweek.
19:40 Newsweek: Obama, McCain campaigns hacked by foreign entityNewsweek is reporting that the computer systems of the campaigns of both Barack Obama and John McCain were compromised in a “sophisticated cyberattack” by an unknown “foreign entity.”
At Obama headquarters, what was originally believed to be a virus planted in a phishing attack turned out to something more ominous. After an investigation, the FBI and [...] >>>
Technology that claims to pick up traces of illicit images on PCs has attracted the interest of Australian cops. The software, developed in an Australian University, might eventually be used to screen PCs for pr0n during border inspections.
19:03 Remote buffer overflow bug bites Linux KernelA remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases [...] >>>
06:29 I hope you votedI had to leave a client site early today to vote, but they understood. I hope you didn’t let anything stand in the way of you voting today. >>>
03:33 Security World: Critical vulnerability in Adobe ReaderCore Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobes Reader PDF file viewing software. Engineers from CoreLab... >>>
A New York man has been charged with aiding the alleged leader of the hacking gang accused of stealing more than 40 million credit and debit card numbers from stores owned by TJX Companies and other companies.
02:27 GOP gearing up legal attack on e-voting machinesAccording to TPM Muckraker and this press release, the Republican National Committee is lining up the computer forensics firm Forensicon to provide analysis on e-voting machines to form the basis of a legal attack against the validity of the 2008 presidential election.
Briefly, Forensicon’s press release says:
[it] was contacted last Thursday by a security firm [...] >>>
Really interesting post by Orin Kerr on whether, by taking hash values of someone's hard drive, the police conducted a "search":
District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It's a child pornography case involving a warrantless search that raises a very interesting and important question of first impression: Is running a hash a Fourth Amendment search? (For background on what a "hash" is and why it matters, see here).
First, the facts. Crist is behind on his rent payments, and his landlord starts to evict him by hiring Sell to remove Crist's belongings and throw them away. Sell comes a cross Crist's computer, and he hands over the computer to his friend Hipple who he knows is looking for a computer. Hipple starts to look through the files, and he comes across child pornography: Hipple freaks out and calls the police. The police then conduct a warrantless forensic examination of the computer:
In the forensic examination, Agent Buckwash used the following procedure. First, Agent Buckwash created an "MD5 hash value" of Crist's hard drive. An MD5 hash value is a unique alphanumeric representation of the data, a sort of "fingerprint" or "digital DNA." When creating the hash value, Agent Buckwash used a "software write protect" in order to ensure that "nothing can be written to that hard drive." Supp. Tr. 88. Next, he ran a virus scan, during which he identified three relatively innocuous viruses. After that, he created an "image," or exact copy, of all the data on Crist's hard drive.
Agent Buckwash then opened up the image (not the actual hard drive) in a software program called EnCase, which is the principal tool in the analysis. He explained that EnCase does not access the hard drive in the traditional manner, i.e., through the computer's operating system. Rather, EnCase "reads the hard drive itself." Supp. Tr. 102. In other words, it reads every file-bit by bit, cluster by cluster-and creates a index of the files contained on the hard drive. EnCase can, therefore, bypass user-defined passwords, "break down complex file structures for examination," and recover "deleted" files as long as those files have not been written over. Supp. Tr. 102-03.
Once in EnCase, Agent Buckwash ran a "hash value and signature analysis on all of the files on the hard drive." Supp. Tr. 89. In doing so, he was able to "ingerprint" each file in the computer. Once he generated hash values of the files, he compared those hash values to the hash values of files that are known or suspected to contain child pornography. Agent Buckwash discovered five videos containing known child pornography. Attachment 5. He discovered 171 videos containing suspected child pornography.
One of the interesting questions here is whether the search that resulted was within the scope of Hipple's private search; different courts have approached this question differently. But for now the most interesting question is whether running the hash was a Fourth Amendment search. The Court concluded that it was, and that the evidence of child pornography discovered had to be suppressed:
The Government argues that no search occurred in running the EnCase program because the agents "didn't look at any files, they simply accessed the computer." 2d Supp. Tr. 16. The Court rejects this view and finds that the "running of hash values" is a search protected by the Fourth Amendment.
Computers are composed of many compartments, among them a "hard drive," which in turn is composed of many "platters," or disks. To derive the hash values of Crist's computer, the Government physically removed the hard drive from the computer, created a duplicate image of the hard drive without physically invading it, and applied the EnCase program to each compartment, disk, file, folder, and bit.2d Supp. Tr. 18-19. By subjecting the entire computer to a hash value analysis-every file, internet history, picture, and "buddy list" became available for Government review. Such examination constitutes a search.
I think this is generally a correct result: See my article Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005), for the details. Still, given the lack of analysis here it's somewhat hard to know what to make of the decision. Which stage was the search — the creating the duplicate? The running of the hash? It's not really clear. I don't think it matters very much to this case, because the agent who got the positive hit on the hashes didn't then get a warrant. Instead, he immediately switched over to the EnCase "gallery view" function to see the images, which seems to be to be undoudtedly a search. Still, it's a really interesting question.
01:38 Security World: Two new Sourcefire security appliancesSourcefire announced two new appliances, increasing customers' flexibility to deploy the exact security solution to meet their specific network demands. With a complete product portfolio of purpose-bu... >>>
USA '08 More than 35,000 students, faculty, and staff at George Mason University in Virginia awoke on Tuesday to a find an urgent email purporting to be from their provost.
