Archive for November 11, 2009

| November 11, 2009
Comments Off on Microsoft Cop Tool Leaked

Microsoft Cop Tool Leaked

Microsoft Cop Tool LeakedI recently wrote about Microsoft’s COFEE computer forensics tool here. Three weeks later, Yobie Benjamin at SFGate writes that Microsoft COFEE, “One of the most important tools in computer forensics and law enforcement,” was apparently uploaded to bit torrent site What.CD on November 09, 2009, and is now available on the Internet.

What.CD management issued a statement, “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff… And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again).

Microsoft logoDarkReading says that COFEE was so sought after in the computer underground that an enormous bounty of 1.6 terabytes of capacity was offered to the first one who would upload the software. Robert Graham on DarkReading explains that the version on COFEE om BitTorrent has only Microsoft tools, so I don’t know for certain what other tools it might run. Yet similar forensics toolkits all run the same sorts of programs. They run standard tools for grabbing the browser history (from Firefox and IE). The tools can run versions of “pwdump” to grab the password hashes for offline cracking. The browser cache can be captured by these types of tools. They look for recently changed files. They might scour the hard drive and take an MD5 hash of all the files. Similar tools look for unique device IDs, such as your MAC address or built-in hard drive ID.

Steve Ballmer is mad

Who took my COFEE

One of the worries is that now that the tool is public, criminals can now defend against it. This is nonsense according to Graham. Police forensics are already well-known, and criminals already know how to defend against them. Graham, concludes that tools like COFEE don’t do anything extra that is unknown or secret. What makes them dangerous (to criminals) is that law enforcement agents can run them without much training, in an automated fashion.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| November 7, 2009
Comments Off on IPv6 Growing Despite Economy

IPv6 Growing Despite Economy

IPv6 Growing Despite EconomyThe American Registry for Internet Numbers (ARIN) reports that demands for IPv6 address space is growing. According to the 10/19/2009 article, Next-generation Internet defies recession on NetworkWorld, during the first nine months of 2009, ARIN  received 300 requests from carriers for blocks of IPv6 address space. This compares to 250 requests received in all of 2008 and 2007.

“We’re seeing an uptick in IPv6 address space requests; it’s a very significant growth rate,” says John Curran, president, and CEO of ARIN. “We’ve seen a slight slowdown in IPv4 address space requests…It’s probably dropped off 10% or 20% year over year.

Curran says ARIN is beginning to see ISPs such as Comcast and Verizon Wireless put a great deal of effort into migrating from IPv4-based networks to those built using IPv6. “ISPs are asking for IPv6 addresses so they can make their networks IPv6-enabled so they are ready [for the future],” Curran says. “We give each ISP enough IPv6 addresses to support 4 billion networks, and each network can contain trillions and trillions of hosts.

ARIN’s Curran says the recession is not hampering carriers’ interest in IPv6. “IPv6 solves a problem that hasn’t happened yet. So seeing any demand is surprising, and it means that organizations are planning ahead,” he says. “The current weakness in the economy…is not dampening down IPv6 demand significantly because IPv6 is right around the corner for ISPs. We may be two years away from the IPv4 free pool of addresses running out, but two years, if you’re an ISP, is enough time to get one network deployed. Two years is within everyone’s planning horizon.”

ARIN plans several policy changes to push carriers towards IPv6 adoption. These include:

  • Allowing ARIN to reduce the size of IPv4 address space allocations to carriers as the industry gets closer to IPv4 address depletion.
  • Increasing access to IPv6 address space by removing the requirement for carriers to first demonstrate that they have hundreds of customers.
  • Allowing carriers to run multiple, discrete IPv6 networks that don’t have to be connected to each other, such as community networks.
  • Reconsideration of a current policy that requires the regional registries including ARIN to evenly divide up any IPv4 space they are able to recover.

This gadget has been developed by Takashi Arano, Intec NetCore

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
  Recent Entries »