Thursday, October 30, 2008

Memoryze

Info about a new memory analysis tool has been hitting a couple of the listserves. I haven't check it out yet, but would like to soon.

http://www.mandiant.com/software/memoryze.htm

Here's a review:
http://www.darkreading.com/blog/archives/2008/10/memoryze_this.html?cid=RSSfeed_DR_ALL?cid=nl_DR_DAILY_T
Posted by Matt C at 12:07 PM 1 comments Links to this post
Labels: ,

Wednesday, October 29, 2008

What’s Travelling on the Wire (part 2)

Besides the “normal” attacks we’ve seen, the longest ones appear to be FTP dictionary-based attacks. These can take up to several minutes or more, as in some cases we’ve seen attacks with 10,000+ passwords.

Aside from the usual passwords (mostly common names/words) we’ve seen birthdates, comic books/movie characters (anyone fancy Batman, Spiderman or Shrek ? :D ), and even Internet browser names as passwords. As a concern for some admins, some of the commonly used passwords like “q1w2e3r4” were in the lists.

Read More from Microsoft® Malware Protection Center

Posted by Matt C at 8:04 AM 0 comments Links to this post
Labels: , ,

Hash Values = Search?

District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It's a child pornography case involving a warrantless search that raises a very interesting and important question of first impression: Is running a hash a Fourth Amendment search? (For background on what a "hash" is and why it matters, see here).
Read More!
Posted by Matt C at 7:47 AM 0 comments Links to this post
Labels: , ,

Tuesday, October 28, 2008

Live Forensics

The days of performing only traditional “dead” forensics on a host after a security incident are over.

A shift to “live” forensics and incident response investigations is underway, with a round of new tools focused specifically on collecting volatile data and memory analysis, and forensics experts demonstrating new ways to leverage these tools to fight malware and cybercrime at the recent SANS WhatWorks in Forensics and Incident Response Summit.

Read more from Dark Reading
Posted by Matt C at 2:26 PM 0 comments Links to this post
Labels: ,

Monday, October 27, 2008

New Website

This will be the new home of Nebraska HTCIA. The move serves several purposes, with the most important being that it will now be easier to follow us and receive meeting notices by utilizing RSS.

We also look forward to being able to provide more content in a quicker and easier fashion.

Plus, word on the street is that blogs are cool.
Posted by Nebraska HTCIA at 9:18 AM 0 comments Links to this post
Labels:
Subscribe to: Posts (Atom)