Microsoft gives cops COFEE: free computer forensic tools

Microsoft gives cops COFEE: free computer forensic tools

by Nilay Patel, posted Apr 29th 2008 at 10:02PM

Cops doing computer forensic work already have a ton of tools to choose from, but Microsoft is doing its part to help out as well -- the company just revealed that it's been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects' computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to "help make ensure the Internet stays safe." COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect's computer for evidence purposes -- officers can just plug in the drive. There's no word on when Microsoft will start widely distributing the drives, but we'd assume it'll be soon.

Source: Engadget

Huge Web hack attack infects 500,000 pages

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080580&source=rss_topic17

Apple patches $10,000 bug

Apple has issued a patch for the flaw in its Safari Web browser that earned a security researcher $10,000 during last month's CanSecWest PWN 2 OWN hacking contest.

Exibir artigo...

Bot breaks Hotmail's CAPTCHA in 6 seconds

The defenses put up by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service can be cracked by a new bot within seconds, according to a Websense security researcher.

 

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9077078&source=rss_topic17

 

Israel: Facebook é uma ameaça à segurança nacional

Um interessante notícia foi publicada no site da CNN. Oficiais israelenses estão preocupados com a utilização do site de relacionamento Facebook devido à possibilidade de militares divulgarem inadvertidamente (ou nem tanto...) informações confidenciais.

 

O caso veio á tona com a publicação de fotos de militares utilizando equipamentos confidenciais. A notícia completa pode ser acessada no site: http://edition.cnn.com/2008/WORLD/meast/04/11/israel.facebook.ap/index.html.

 

Vale à pena analisarmos se o mesmo não pode acabar ocorrendo nas empresas, com seus funcionários acessando sites de relacionamento (Facebook, MySpace, orkut) ou mesmo trocando informações em listas de discussão.

 

New Variants of the RSPlug Trojan Horse

Intego first reported on the OSX.RSPlug Trojan Horse back in October of 2007. Since then, the people behind this malware have been busy making variants in order to better trap Mac users. Most of the variants aren't really variants; they are simply disk images with different names from the original. (One antivirus vendor claimed to have found some three dozen such variants, but did not, it seems, examine the code to see that they were all the same.)

Other variants include two whose code are different, but especially variants that purport to install differently-named software. The original RSPlug Trojan horse installed "software" called MacCodec; other versions' installers claim to install MacVideo or Porn4Mac. Also, the containers - the disk images containing the installers - differ. The first version was found in a series of disk images named with four digits followed by the disk image extension: for example, 1023.dmg. Others have included operacodec1234.dmg, nitroticket2018.dmg, uincodec4264.dmg, and ixcodec1292.dmg. (Note that there may be variations in the numbers contained in these names, as well as the names themselves.)

In any case, this Trojan is alive and well, and recent posts in Mac forums show that users are still being infected. Intego VirusBarrier protects against all these variants, and will continue to protect against new ones as they are discovered.

Posted by Peter on April 11, 2008 in Intego Software, Security

Winners announced: SC Awards 2008

http://www.scmagazineus.com/Winners-announced-SC-Awards-2008/article/108722/

CPI aprova quebra de sigilo de perfis suspeitos no Orkut

http://www1.folha.uol.com.br/folha/informatica/ult124u390461.shtml.

Monitoramento no trabalho

Excelentes artigos sobre direito digital: http://tecnologia.uol.com.br/dicas/ultnot/2008/04/07/ult2665u272.jhtm

 

 

NIST Releases 2nd Draft of Special Publication 800-39

NIST announces the release of the second public draft of Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective. This publication provides guidelines for managing risk to organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of information systems. Special Publication 800-39 is the flagship document in the series of FISMA-related publications developed by NIST and provides a structured, yet flexible approach for managing that portion of risk resulting from the incorporation of information systems into the mission and business processes of organizations. Comments will be accepted through April 30, 2008. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to:
sec-cert@nist.gov

URL to draft document:
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-39