Forensic tool detects pornography in the workplace

November 9, 2008 – 9:04 PM

The viewing of porn at work can result in lost time, creativity, productivity, and employer profitability. More importantly, it can help create a hostile work environment and can be considered sexual harassment, in violation of Title VII of the Civil Rights Act of 1964. Naturally, corporations want to avoid the potentially serious legal consequences and protect their bottom line.

On Sunday, Orem, Utah-based forensic-software maker Paraben plans to introduce a unique piece of enterprise software developed to detect and analyze images on workplace networks and computers for suspect content. The system looks for a number of sophisticated parameters and grades images at three levels, based upon their correlation with criteria that have been programmed into the system.

The software, according to CEO Amber Schroeder, will also aid in the development of evidence for internal or criminal investigations in such cases. It’s expected to cost about $17,000 for 500 computers.

I interviewed Schroeder last week, during the Techno Forensics seminar at the headquarters of the National Institute of Standards and Technology (NIST), near Washington D.C. From personal experience, I can attest to the difficulty in analyzing large hard drives. Searching terabytes of data is incredibly time-consuming and difficult, so this software should provide a welcome tool for administrators and investigators.

Schroeder told me that the program cannot discriminate between child and adult pornography, but it is extremely effective at rapidly identifying suspect images, either online or offline. The system is capable of providing an effective real-time monitor, as images are downloaded to individual workstations, and can definitely aid in shielding employers from extremely costly lawsuits.

Source:
http://news.cnet.com/8301-1009_3-10084938-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Once Thought Safe, WPA Wi-Fi Encryption Is Cracked

November 7, 2008 – 11:51 AM

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

Source:
http://www.pcworld.com/article/153396/

Fake WordPress steals data

November 6, 2008 – 10:14 AM

Yesterday evening amid the researching the Barack related malware our friends at The Register pointed out an interesting article on Craig Murphy’s blog.

Craig talks about how when he logged in to his admin account in WordPress he received a “High Risk Vulnerability Warning” from a spoofed WordPress domain. (The last ’s’ in WordPress.org has been replaced by a ‘z’.) The Warning suggests upgrading to the ‘new’ version 2.6.4 of WordPress.

Downloading this ‘new’ version of WordPress I found that of the 638 files in version 2.6.4, 637 were identical to the same files in the official 2.6.3. The only difference was in the file pluggable.php.

The hacked version of the file pluggable appears to be stealing the content of cookies on larger installations of WordPress. Sophos are now detecting this file as Troj/WPHack-A.

Source:
http://www.sophos.com/security/blog/2008/11/1942.html

Private Browsing in Firefox

November 5, 2008 – 6:36 AM

Today, a major feature was added to the pre-release versions of Firefox 3.1, called Private Browsing. I’ve been working for quite some time on this, so I thought it may be a good time to write about what this feature is and how to use it.

As you may know, while you browse the web, your browser usually records a lot of data which will later be used to improve your browsing experience. For example, it records a history of all the web pages you have visited, so that later if you need help remembering a site you visited a while back, it can assist you in finding that site. Now, that is great, but there is a downside: those data can be used to trace your online activities. For example, if your coworker sits at your computer, she can view all of your browsing history, which may not be what you want.

Suppose you’re doing something online, and you don’t want your coworkers know about it. An example scenario would be looking for a new employer while at work! One option would be to do your work, and then clear the data that Firefox has stored for you, such as history, cookies, cache, …. But the problem is that this action will also remove the parts of your online activities data which you don’t want to hide, so the history that Firefox records can no longer be used to find a web site you had visited a month before. Private Browsing will help you here.

Private Browsing aims to help you make sure that your web browsing activities don’t leave any trace on your own computer. It is very important to note that Private Browsing is not a tool to keep you anonymous from websites or your ISP, or for example protect you from all kinds of spyware applications which use sophisticated techniques to intercept your online traffic. Private Browsing is only about making sure that Firefox doesn’t store any data which can be used to trace your online activities, no more, no less.

Source:
http://www.google.com/reader/view/#stream/user%2F09644878457569632877%2Flabel%2FTechnology

Ruby On Rails Security Guide published as free ebook

November 4, 2008 – 7:19 AM

The Ruby on Rails Security Project have published a Ruby on Rails Security Guide as a free e-book and also made it available as HTML. The guide covers how to secure Ruby on Rails applications, looking at, sessions and how to manage them securely, cross site forgery, redirection and other common attacks.

It also provides practical advice on securing administration consoles, password management and CAPTCHAs, protecting against SQL injection attacks, securing MySQL when used with Ruby on Rails and the value of monitoring your Rails servers. The Rails specific “mass assignment” issue, which allows attackers to manipulate any column in a database model unless precautions are taken, is explained and countermeasures to the problem detailed.

Source:
http://www.heise-online.co.uk/news/Ruby-On-Rails-Security-Guide-published-as-free-ebook–/111863