Tag Archive for 2009

| November 11, 2009
Comments Off on Microsoft Cop Tool Leaked

Microsoft Cop Tool Leaked

Microsoft Cop Tool LeakedI recently wrote about Microsoft’s COFEE computer forensics tool here. Three weeks later, Yobie Benjamin at SFGate writes that Microsoft COFEE, “One of the most important tools in computer forensics and law enforcement,” was apparently uploaded to bit torrent site What.CD on November 09, 2009, and is now available on the Internet.

What.CD management issued a statement, “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff… And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again).

Microsoft logoDarkReading says that COFEE was so sought after in the computer underground that an enormous bounty of 1.6 terabytes of capacity was offered to the first one who would upload the software. Robert Graham on DarkReading explains that the version on COFEE om BitTorrent has only Microsoft tools, so I don’t know for certain what other tools it might run. Yet similar forensics toolkits all run the same sorts of programs. They run standard tools for grabbing the browser history (from Firefox and IE). The tools can run versions of “pwdump” to grab the password hashes for offline cracking. The browser cache can be captured by these types of tools. They look for recently changed files. They might scour the hard drive and take an MD5 hash of all the files. Similar tools look for unique device IDs, such as your MAC address or built-in hard drive ID.

Steve Ballmer is mad

Who took my COFEE

One of the worries is that now that the tool is public, criminals can now defend against it. This is nonsense according to Graham. Police forensics are already well-known, and criminals already know how to defend against them. Graham, concludes that tools like COFEE don’t do anything extra that is unknown or secret. What makes them dangerous (to criminals) is that law enforcement agents can run them without much training, in an automated fashion.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| November 7, 2009
Comments Off on IPv6 Growing Despite Economy

IPv6 Growing Despite Economy

IPv6 Growing Despite EconomyThe American Registry for Internet Numbers (ARIN) reports that demands for IPv6 address space is growing. According to the 10/19/2009 article, Next-generation Internet defies recession on NetworkWorld, during the first nine months of 2009, ARIN  received 300 requests from carriers for blocks of IPv6 address space. This compares to 250 requests received in all of 2008 and 2007.

“We’re seeing an uptick in IPv6 address space requests; it’s a very significant growth rate,” says John Curran, president, and CEO of ARIN. “We’ve seen a slight slowdown in IPv4 address space requests…It’s probably dropped off 10% or 20% year over year.

Curran says ARIN is beginning to see ISPs such as Comcast and Verizon Wireless put a great deal of effort into migrating from IPv4-based networks to those built using IPv6. “ISPs are asking for IPv6 addresses so they can make their networks IPv6-enabled so they are ready [for the future],” Curran says. “We give each ISP enough IPv6 addresses to support 4 billion networks, and each network can contain trillions and trillions of hosts.

ARIN’s Curran says the recession is not hampering carriers’ interest in IPv6. “IPv6 solves a problem that hasn’t happened yet. So seeing any demand is surprising, and it means that organizations are planning ahead,” he says. “The current weakness in the economy…is not dampening down IPv6 demand significantly because IPv6 is right around the corner for ISPs. We may be two years away from the IPv4 free pool of addresses running out, but two years, if you’re an ISP, is enough time to get one network deployed. Two years is within everyone’s planning horizon.”

ARIN plans several policy changes to push carriers towards IPv6 adoption. These include:

  • Allowing ARIN to reduce the size of IPv4 address space allocations to carriers as the industry gets closer to IPv4 address depletion.
  • Increasing access to IPv6 address space by removing the requirement for carriers to first demonstrate that they have hundreds of customers.
  • Allowing carriers to run multiple, discrete IPv6 networks that don’t have to be connected to each other, such as community networks.
  • Reconsideration of a current policy that requires the regional registries including ARIN to evenly divide up any IPv4 space they are able to recover.

This gadget has been developed by Takashi Arano, Intec NetCore

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 30, 2009
Comments Off on 2010 Not Any Better – Maybe

2010 Not Any Better – Maybe

2010 Not Any Better - Maybe it spendingGartner says that IT spending experienced its worst year ever in 2009. The Stamford, CT research firm says the enterprise space saw a spending decline of 6.9%. ChannelInsider reports that the industry won’t reach 2008’s spending levels again until 2012. In the meantime, there will be some growth in 2010. Gartner sees a 3.3% increase over 2009 levels to $3.3 trillion.

IT spending prediction

2010 is about balancing the focus on cost, risk, and growth,” says Peter Sondergaard, senior vice president at Gartner and global head of research, in a prepared statement. “For more than 50% of CIOs the IT budget will be 0% or less in growth terms. It will only slowly improve in 2011.” On the other hand, Forrester has a rosier picture. In their report released 10-08-09 “US and Global IT Outlook: Q3 2009,” Forrester analyst Andrew Bartels, says the global IT market will see an upturn, starting Q3 2009 in an article on Campus Technology.

Hardware is hard hit

According to Gartner, things have been toughest on the hardware side of the computer market. Gartner says that worldwide computer hardware spending will total just $317 billion this year, a 16.5% decline, and in 2010 hardware spending will remain flat. Forrester says computer equipment sales will increase by 8.3% in 2010. Worldwide telecom spending is on pace to decline 4% this year and is forecast to grow by 3.2% in 2010 according to Gartner. Forrester claims communications equipment sales will show a bump at 3.6%.

Professional services is up

Additionally, Gartner forecasts IT services spending to total $781 billion in 2009 and to grow 4.5% in 2010.  In their report, Forrester predicts IT consulting services will increase by 11.7% in 2010 Software spending will decline 2.1% in 2009 but is expected to grow by 4.8% in 2010. Forrester says software purchases will be up by 9.3% in 2010.

Three big trends will shape the IT spending and operational infrastructure in 2010, according to Gartner—a shift in IT budgets to more opex from capex, the ramifications of an older infrastructure made up of older IT hardware, and the need for IT to create business cases for spending.

Spending trends

Gartner says the shift from capital expenditure to operational expenditure in IT budgets will be accelerated by emerging cloud services and will make IT costs more scalable and elastic. The second trend comes from delays in computer hardware upgrades. As the business has delayed buying servers, PCs, and printers, and is expected to continue to keep wallets closed in 2010, they need to look at the impact of increased equipment failure rates. “Approximately 1 million servers have had their replacement delayed by a year. That is 3% of the global installed base. In 2010 it will be at least 2 million,” Gartner says.

If replacement cycles do not change, almost 10 percent of the server installed base will be beyond scheduled replacement by 2011,” Sondergaard says. “That will impact enterprise risk. CFOs need to understand this dynamic, and it’s the responsibility of the CIO to convey this in a way the CFO understands.”

Third, Gartner says that IT needs to build compelling business cases, “2010 marks the year in which IT needs to demonstrate a true line of sight to business objectives for every investment decision. IT leaders can no longer look at IT as a percentage of revenue. CIOs must benchmark IT according to business impact.”

rb-

From where I stand, the Gartner predictions seem more rational than Forrester’s. Forrester seems to base their optimism on two fleeting factors, Obama-money and Microsoft. The only real beneficiaries of Obama-money has been Wall Street, not the rest of America, so stimulus spending is irrelevant to most American business. Forrester seems to believe that Windows 7 will save IT spending, another large leap of faith that businesses are going to jump on the bandwagon, but none of my clients seem ready to leap yet.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 23, 2009
Comments Off on WordPress Security Help

WordPress Security Help

WordPress Security HelpWith all of the hubbub over the recent Labor Day WordPress worm. The worm caused every installation not hosted at WordPress.com to be suspected of being at risk. In response to the worm, WordPress pushed out WordPress 2.8.5, a “hardening patch” it is time to get some help with WP security.

Wordpress logoOne of the tools I found is the WordPress Exploit Scanner plugin by Donncha O Caoimh. The Exploit Scanner does a number of things to help you manage your WordPress installation. The scanner installs on the WP dashboard and compares your sites’ files against an MD5 hash of the WordPress files for the version of installation you’re running. The scanner ignores files that are present but it does not have a hash for. If your hash’s don’t match then you have a problem. It also looks for suspicious code in your files that may have been deposited by attackers. It looks for “invisible” text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there’s anything suspicious or spammy about them.

This tool is not designed to identify new files, it identifies altered core WordPress files. According to the author’s website, It will not stop someone from hacking into your site, but it may help you find any uploaded or compromised files left by a hacker.

rb-

Besides staying current on patches (déjà vu MSFT) and implementing a tool like the Exploit Scanner, turning off “user registration” is probably one of the simplest and most effective ways of “hardening” WordPress. Hopefully, WP will fix this in version 2.9 so the community aspect of WP can be securely turned back on.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 17, 2009
Comments Off on Microsoft Serves COFEE to Cops

Microsoft Serves COFEE to Cops

Microsoft Serves COFEE to CopsAccording to an article on the Seattle Post Intelligencer website, Microsoft has teamed up with the National White Collar Crime Center (NW3C) to distribute a computer forensics tool to U.S. police for free.

The Computer Online Forensic Evidence Extractor (COFEE) makes it easy for any officer, not just digital forensics specialists, to record the current processes of a suspect’s computer. An officer can plug in a COFEE-formatted USB thumb drive, run COFEE, and download data that would have been lost if the computer were turned off for transit to the police station according to the article.

Microsoft logoCOFEE can be used to identify parts of a computer’s hard drive that a criminal might use for identity theft, online fraud, child pornography or other crimes. It can speed up the forensics process when a computer-crime specialist takes over the investigation. COFEE  requires Windows XP for configuration and works best at downloading data from machines running XP or earlier. However, it does have some Windows Vista support. Microsoft plans to release a new version of COFEE next year that fully supports Vista and Windows 7, a spokesperson said.

It’s a rather straightforward tool and it uses a lot of off-the-shelf technology already,” said Richard Boscovich, a senior attorney for Microsoft’s World Wide Internet Security Program. “That’s the beauty of the tool – that you don’t need that forensics expert at the scene.” Michael Merritt, assistant director of the U.S. Secret Service told an audience at Microsoft’s Digital Crime Consortium, “The difference now with technology is that many companies like yours house valuable information  … And that now has become the target of many criminals.

Boscovich said Microsoft is offering the tool for free because it helps police cut down on the larger problem of high-tech crime. Microsoft software, because of its ubiquity, is usually considered the most at-risk for digital attacks.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
« Older Entries   Recent Entries »