Sandman – Read the Windows Hibernation File

May 5, 2008 – 5:26 AM

This is a pretty new tool and a very cool one, Hibernation is a fairly new feature for Windows so it’s good to see a new tool targeting that.

Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered on. Live forensics analysis is used to use physical memory dump to recover information on the targeted machine.

One of the main problems is to obtain a readable physical memory dump, hibernation is an efficient way to save and load physical memory. Hibernation analysis has notable advantages. System activity is totally frozen, therefore coherent data is acquired and no software tool is able to block the analysis. The system is left perfectly functional after analysis, with no side effects.

The hibernation file opens two valuable doors:

The first one is forensics analysis for defensive computing. Hibernation is an efficient and easy way to get a physical memory dump. But the main issue about it was: How to read the hiberfil.sys? This is why SandMan was born.

The second one is a new concept we will be introducing and called “offensics” which is a portmanteau from “offensive” and “forensics”. If we can read hiberfil.sys, can we rewrite it? The answer is: Yes, with SandMan you can.

Sandman is a C Library that aims to read the hibernation file, regardless of Windows version. Thus, it makes possible to do forensics live analysis on the dumped file.

For a good explanation and technical info I suggest you read the whitepaper:

SandMan Project, Whitepaper [PDF]

You can download Sandman here:

SandMan-1.0.080226.zip

Or read more here.

Source: Darknet

Posted in Privacy, Security, Windows | No Comments

Simple Pharming

May 5, 2008 – 5:17 AM

Today I decided to give a very brief example on pharming and why it’s so easy to pharm surfers with little or no skills. Usually, browser exploit writers give simple examples on how to read the boot files, or launch a calculator. There is so much you can do with Javascript that the best way to describe the toxic mix of browser exploits with Javascript will be an example to launch a pharming attack. The sheer beauty of pharming is that the surfer will almost never know that he has been compromised, because it is very silent. One way of quickly pharm surfers is to modify the hosts file on Windows.

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security | No Comments

Safest Way to Bank Online? Your Cell Phone

May 5, 2008 – 4:54 AM

So you want to bank safely online? Then ditch your computer and make the transaction via your cell phone instead.

Using a mobile handset for this most sensitive online act might sound counterintuitive, given that phones are prone to being lost or stolen, but your cell phone might actually be safer than your computer for paying bills or checking your statement online.

Some phone malware does exist, and examples tend to make headlines due to their novelty. But the main threats to online security, such as keyloggers, Trojan horses, and other data-stealing software, don’t exist for phones–yet.

“The risk of being infected on a mobile phone is tiny in comparison [with a PC],” notes the security firm Sophos in its annual threat report.

Remote Control

Security firms have long marketed antimalware products for mobile phones. One such company, Kaspersky, acknowledges the lack of threat from mobile malware (at least in the United States). Recently, as a way to appeal to the market here, it added the ability to remotely wipe out sensitive data on a lost or stolen handset to its mobile security product.

“There’s a whole lot of upside and security advantages to mobile devices,” says James Van Dyke, president of Javelin Strategy and Research, a financial services research firm.

Financial services for cell phones are plentiful. PayPal lets you send money to another person via your phone. Companies including Obopay, mChek, and KushCash are joining in. Bank of America, Wells Fargo, and others also offer services.

Cell phones dodge malware because they run many different operating systems. Security experts agree that crooks stand to steal much more by investing their time in writing a new Windows virus that is capable of infecting millions of PCs than in constructing a Trojan horse that can target only a certain type of phone.

Source: PC World

Posted in Internet, Privacy, Security | No Comments

The ABCs of securing your wireless network

May 4, 2008 – 9:26 AM

Ars Technica’s original Wireless Security Blackpaper was first published back in 2002, and in the intervening years, it has been a great reference for getting the technical lowdown on different wireless security protocols. As a sequel to the original blackpaper, we wanted to do something a little more basic and practical, because the number of devices with 802.11x support has greatly expanded since 2002. Wireless security is no longer the domain of geeks and system administrators, but is now an issue in the lives of everyday users, from the worker with a home office who wants to keep sensitive files secure to the homemaker who wants to avoid an RIAA lawsuit because the teen next door is a wireless-leeching P2P addict.

In this practical introduction to the basics of securing your home wireless network, we’ll cover the important, high-level points that ordinary users need to know in order to secure a network of game consoles, phones, and PCs. Along the way, we’ll also recap some of the relevant information from the original wireless blackpaper, which I recommend if you want to pursue the topic further. So look through the guide, and if you’re already technically savvy then send it along to your uncle or your sister-in-law, and you may get one less phone call when it comes time for them to set up their new WLAN.

Read the rest of this story…

Posted in Hardware, Internet, Networking, Privacy, Security | No Comments

Microsoft Abandons Yahoo Acquisition

May 3, 2008 – 7:24 PM

Microsoft has dropped its nearly three-month-long pursuit of Yahoo, ending a historic acquisition attempt whose failure takes Microsoft back to square one in its quest to boost its online business to better compete against Google.

“We continue to believe that our proposed acquisition made sense for Microsoft, Yahoo and the market as a whole. Our goal in pursuing a combination with Yahoo was to provide greater choice and innovation in the marketplace and create real value for our respective stockholders and employees,” said Microsoft CEO Steve Ballmer in a statement distributed early Saturday evening.

Yahoo did not immediately reply to a request for comment.

Microsoft had raised its initial bid by about US$5 billion, but that didn’t convince Yahoo to accept the revised offer, Microsoft said. “After careful consideration, we believe the economics demanded by Yahoo do not make sense for us, and it is in the best interests of Microsoft stockholders, employees and other stakeholders to withdraw our proposal,” said Ballmer.

All parties with a stake in the deal had been waiting for Microsoft to announce its next move, after Yahoo failed to agree to a deal by last Saturday, the deadline Microsoft had set three weeks earlier.

But Microsoft stayed silent for days, as observers speculated whether it would walk away or prepare a hostile takeover. However, on Friday anonymously sourced reports in The Wall Street Journal and The New York Times said that Microsoft and Yahoo had turned a corner and were for the first time negotiating merger terms in earnest.

Ultimately, it seems that Microsoft’s management, fatigued by Yahoo’s resistance and demands, decided that engaging in a proxy fight to oust Yahoo’s directors would be an arduous and nasty process. After all, for Microsoft, the goal of the massive acquisition was to quickly become a mightier competitor to Google in online advertising.

Read the rest of the story…

Posted in General BS, Internet | No Comments