Microsoft gives cops COFEE: free computer forensic tools

Microsoft gives cops COFEE: free computer forensic tools

by Nilay Patel, posted Apr 29th 2008 at 10:02PM

Cops doing computer forensic work already have a ton of tools to choose from, but Microsoft is doing its part to help out as well -- the company just revealed that it's been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects' computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to "help make ensure the Internet stays safe." COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect's computer for evidence purposes -- officers can just plug in the drive. There's no word on when Microsoft will start widely distributing the drives, but we'd assume it'll be soon.

Source: Engadget

Huge Web hack attack infects 500,000 pages

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080580&source=rss_topic17

Apple patches $10,000 bug

Apple has issued a patch for the flaw in its Safari Web browser that earned a security researcher $10,000 during last month's CanSecWest PWN 2 OWN hacking contest.

Exibir artigo...

Bot breaks Hotmail's CAPTCHA in 6 seconds

The defenses put up by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service can be cracked by a new bot within seconds, according to a Websense security researcher.

 

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9077078&source=rss_topic17

 

Israel: Facebook é uma ameaça à segurança nacional

Um interessante notícia foi publicada no site da CNN. Oficiais israelenses estão preocupados com a utilização do site de relacionamento Facebook devido à possibilidade de militares divulgarem inadvertidamente (ou nem tanto...) informações confidenciais.

 

O caso veio á tona com a publicação de fotos de militares utilizando equipamentos confidenciais. A notícia completa pode ser acessada no site: http://edition.cnn.com/2008/WORLD/meast/04/11/israel.facebook.ap/index.html.

 

Vale à pena analisarmos se o mesmo não pode acabar ocorrendo nas empresas, com seus funcionários acessando sites de relacionamento (Facebook, MySpace, orkut) ou mesmo trocando informações em listas de discussão.

 

New Variants of the RSPlug Trojan Horse

Intego first reported on the OSX.RSPlug Trojan Horse back in October of 2007. Since then, the people behind this malware have been busy making variants in order to better trap Mac users. Most of the variants aren't really variants; they are simply disk images with different names from the original. (One antivirus vendor claimed to have found some three dozen such variants, but did not, it seems, examine the code to see that they were all the same.)

Other variants include two whose code are different, but especially variants that purport to install differently-named software. The original RSPlug Trojan horse installed "software" called MacCodec; other versions' installers claim to install MacVideo or Porn4Mac. Also, the containers - the disk images containing the installers - differ. The first version was found in a series of disk images named with four digits followed by the disk image extension: for example, 1023.dmg. Others have included operacodec1234.dmg, nitroticket2018.dmg, uincodec4264.dmg, and ixcodec1292.dmg. (Note that there may be variations in the numbers contained in these names, as well as the names themselves.)

In any case, this Trojan is alive and well, and recent posts in Mac forums show that users are still being infected. Intego VirusBarrier protects against all these variants, and will continue to protect against new ones as they are discovered.

Posted by Peter on April 11, 2008 in Intego Software, Security

Winners announced: SC Awards 2008

http://www.scmagazineus.com/Winners-announced-SC-Awards-2008/article/108722/

CPI aprova quebra de sigilo de perfis suspeitos no Orkut

http://www1.folha.uol.com.br/folha/informatica/ult124u390461.shtml.

Monitoramento no trabalho

Excelentes artigos sobre direito digital: http://tecnologia.uol.com.br/dicas/ultnot/2008/04/07/ult2665u272.jhtm

 

 

NIST Releases 2nd Draft of Special Publication 800-39

NIST announces the release of the second public draft of Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective. This publication provides guidelines for managing risk to organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of information systems. Special Publication 800-39 is the flagship document in the series of FISMA-related publications developed by NIST and provides a structured, yet flexible approach for managing that portion of risk resulting from the incorporation of information systems into the mission and business processes of organizations. Comments will be accepted through April 30, 2008. Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to:
sec-cert@nist.gov

URL to draft document:
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-39

Hacker, condenado. Quem o contrataria depois da prisão?

http://www.itweb.com.br/noticias/index.asp?cod=46784&utm_source=newsletter_20080402&utm_medium=email&utm_content=Hacker,%20condenado.%20Quem%20o%20contrataria%20depois%20da%20prisão?&utm_campaign=ITWebDirect

Durante mais de três horas, Banco Central fica sem sistema de informações

Essa notícia é para surpreender: como o Banco Central pode ficar fora-do-ar por falta de energia elétrica?!!!!

 

Planejamento para recuperação de desastres? Prevenção com geradores?

 

Leia a história completa em: http://computerworld.uol.com.br/governo/2008/03/25/durante-mais-de-tres-horas-banco-central-fica-sem-sistema-de-informacoes/

Release of NIST Draft Special Publication 800-116

Draft Special Publication 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems

The National Institute of Standards and Technology (NIST) is pleased to announce a draft publication SP 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems. This draft provides best practice guidelines for integrating the PIV Card with the physical access control systems (PACS) that authenticate the cardholders in Federal facilities. This draft includes recommendations for increasing the use of asymmetric key architecture and credential validation. Federal agencies and private organizations as well as individuals are invited to review the draft document and submit comments using the comment template form provided on the website. Comments should be submitted to PIV_comments@nist.gov with "Comments on Public Draft SP 800-116" in the subject line. The comment period closes at 5:00 EST (US and Canada) on May 12, 2008.

URL to draft:
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-116



For those of you that are interested in IPv6:
NIST Advanced Network Technologies Division has released DRAFT NIST Special Publication 500-267, A Profile for IPv6

NIST Advanced Network Technologies Division has released NIST Special Publication 500-267, A Profile for IPv6 in the U.S. Government - Version 1.0 (PDF), which is now available for public comment. This document is not part of the 800 Series Computer Security Division Publications developed specifically for standards and guidelines, including minimum requirements, for providing adequate information security for all federal agency operations and assets as stated in the Federal Information Security Management Act. Rather, the goal of the profile, and associated proposed testing program, is to provide the technical basis upon which long term USG IPv6 adoption plans and policies can be based. It should be noted that the profile is not intended to be applicable to near term uses (e.g., June 2008 requirements described in M-05-22
(http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf). Instead, as a forward looking strategic plan, the profiles recommendations are targeted for 2010 and beyond.

URL to draft: http://www.antd.nist.gov/usgv6/usgv6-v1-draft2.pdf
Comments or questions can be sent to: sp500-267-comments@antd.nist.gov

Uma piadinha para relaxar!

Five cannibals get appointed as programmers in an IT company.

During the welcoming ceremony the boss says: "You're all part of our team now. You can earn good money here, and you can go to the company canteen for something to eat. So don't trouble the other employees".

The cannibals promise not to trouble the other employees. Four weeks later the boss returns and says: "You're all working very hard, and I'm very satisfied with all of you. One of our cleaners has disappeared however. Do any of you know what happened to her?" The cannibals disavow all knowledge of the missing cleaner.

After the boss has left, the leader of the cannibals says to the others: "Which of you idiots ate the cleaner?" One of the cannibals raises his hand hesitantly, to which the leader of the cannibals says: "You FOOL! For four weeks we've been eating team leaders, managers, and project managers and no-one has noticed anything, and now YOU have to go and eat the cleaner!"

Fotos pornográficas geram indenização

Repassando post do Renato Ópice Blum.

http://www.tjmg.gov.br/anexos/nt/noticia.jsp?codigoNoticia=9823

31/03/2008 - Fotos pornográficas geram indenização

A 18ª Câmara Cível do Tribunal de Justiça de Minas Gerais (TJMG) determinou que um comerciário da cidade de Teófilo Otoni pague indenização de R$ 100
mil a uma mulher por ter divulgado fotografias pornográficas em que ela
supostamente aparecia.

A autônoma, moradora de São Paulo, recebeu e-mails anônimos com as
fotografias, que, segundo ela, são montagens feitas com o rosto dela. As
mensagens foram enviadas durante dez meses para diversos endereços
eletrônicos, inclusive de pessoas conhecidas da autônoma, a partir de uma
conta de e-mail criada com o nome dela.

A vítima conseguiu na Justiça paulista que a operadora de telefonia
fornecesse os dados do usuário do computador de onde partiram os e-mails.
Assim, foi verificado que as mensagens eletrônicas foram enviadas a partir
do computador do comerciário de Teófilo Otoni. Foi feita busca e apreensão
nos computadores da residência e do trabalho do réu, constatando-se que
parte das fotos enviadas estava realmente nos discos rígidos de máquinas
dele.

Em 1ª Instância, o comerciário foi condenado a pagar indenização de R$ 5 mil
por danos morais. O juiz também determinou que o réu se abstivesse de
divulgar o nome ou a suposta imagem da autora, por qualquer meio, sob pena
de multa de R$ 1 mil por cada vez que a proibição fosse infringida.

A autônoma recorreu então ao TJMG pedindo o aumento da indenização. Ela
argumentou que, além das fotografias de cenas pornográficas contendo seu
rosto e nome, foram divulgadas ainda "diversas mensagens de conteúdo
degradante, de caráter extremamente agressivo e pejorativo". Ela alegou
também que o valor arbitrado é desproporcional aos danos causados, e pediu
ainda a revogação do benefício da justiça gratuita ao réu e a remessa de
cópias dos autos ao Ministério Público para que seja oferecida denúncia
contra o comerciário, ante os indícios da prática de ilícito penal.

Os desembargadores Unias Silva (relator), Elpídio Donizetti e D.Viçoso
Rodrigues concordaram que, diante dos danos sofridos pela jovem, a
indenização fixada em 1a Instância configura-se insuficiente. De acordo com
o relator, o valor de R$ 5 mil pode ser considerado "não apenas ínfimo, mas
desmoralizante se observada a repercussão da veiculação das citadas imagens
ao nome da autora, não atendendo ao seu caráter repressivo-pedagógico,
próprio da indenização por danos morais". Dessa forma, os desembargadores
aumentaram o valor da indenização para R$ 100 mil, conforme indica a
jurisprudência sobre o assunto.

Os magistrados também revogaram o benefício da justiça gratuita ao réu,
visto que ficou comprovado no processo que este possui capacidade econômica
suficiente para arcar com os gastos. Os julgadores determinaram ainda a
remessa de cópias dos autos e documentos necessários ao MP para que, se for
o caso, seja oferecida denúncia contra o comerciário.

Renato Opice Blum
Opice Blum Advogados Associados
<http://www.opiceblum.com.br/> www.opiceblum.com.br
As informações contidas nesta mensagem são CONFIDENCIAIS, protegidas pelo
sigilo legal e por direitos autorais. A divulgação, distribuição, reprodução
ou qualquer forma de utilização do teor deste documento depende de
autorização do emissor, sujeitando-se o infrator às sanções legais. O
emissor desta mensagem utiliza o recurso somente no exercício do seu
trabalho ou em razão dele, eximindo-se o empregador de qualquer
responsabilidade por utilização indevida ou pessoal. Caso esta comunicação
tenha sido recebida por engano, favor avisar imediatamente, respondendo esta
mensagem. The information contained in this message is CONFIDENTIAL. If the
reader of this transmittal is not the intended recipient or an agent
responsible for delivering it, you are hereby notified that you have
received this communication in error, and that any dissemination,
distribution, retention or copy of this communication is strictly
prohibited. In this case, please immediately reply this message to the
sender.

Two vulnerabilities found in Safari browser for Windows

http://www.scmagazineus.com/Two-vulnerabilities-found-in-Safari-browser-for-Windows/article/108450/

New rogue software targeting Mac users

http://www.scmagazineus.com/New-rogue-software-targeting-Mac-users/article/108552/

Hacker tenta vender laptop com código de ataque completo do Vista

http://idgnow.uol.com.br/seguranca/2008/04/01/hacker-tenta-vender-laptop-com-codigo-de-ataque-completo-do-vista/