| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bcs2005 at bellua.com (Anthony Zboralski) Subject: Re: [ISN] Book Review: Forensic Discovery > This article in Phrack is being cited as this guys > qualifications for conducting a security seminar? > Getting fired for writing an article (an article so > clueless --devoid of substance-- as this one) is cited > as a good thing (just because it appeared in phrack)? > Phrack Editors: please apply some standard in choosing > articles, because people do think that having an > article published in phrack amounts to something, and > mostly your articles are superb (except when you plug > articles like this because your friend wrote it) > > Just because one tool does not check bad cluster, > doesn't mean that you can use this method of data > hiding to defeat forensics as a whole. It seems that Dan Farmer and Wieste Venema are less than forthcoming regarding the problems their forensic package, 'The Coronor's Toolkit' (TCT) has had in the past, and still has today. The Phrack 59 article's old! Have you checked the latest slides and articles or watch the grugq's speech before posting your flame bait? http://www.hert.org/z/grugq.torrent A lot of incompetent people buy commercial products like encase or download TCT and improvise themselves "Forensic Experts". In the Art of Defiling, Grugq talks about: * Trivial ways to defeat file system forensic tools, e.g. sanitizing deleted inodes and directory entries * TCT specific issues (some of them have been fixed): incorrect ext2 implementation bad bounds checking lame pseudo codes, and more * Most forensic tools don't look for data in: Journals (e.g. ext3 journal), directory files, OLE2 files, bad blocks, inode reserved space, null directory entries, file system meta data structures (reserve space, padding) * Simple ways to avoid using the file system, e.g. using gdb stubs (libgdbrpc) http://www.phrack.org/show.php?p=62&a=8 and ul_exec() http://www.hcunix.net/papers/grugq_ul_exec.txt > Anthony Zboralski: We would expect yot to plug some > article with substance when you promote your speaker > and conference in a lot of security mailing lists. Oh > yeah and you are going to jail if you talk about > anti-forensics in US, you stupid promoter. If the PATRIOT ACT makes discussing these problems illegal!? Is the future of security research in jeopardy because only a one sided view can legally be presented to us. Anthony -- Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005 21-22 March - The Workshops - 23-24 March - The Conference bcs2005@...lua.com - Phone: +62213918330 HP:+628159102495
Powered by blists - more mailing lists