Professional Paranoid

My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest. To view some of the documents referenced on this page you’ll need a copy of the free Adobe Acrobat reader software (note: This link takes you to Acrobat 5.1, which avoids the very buggy and unstable Acrobat 6 or the bloated mess that is Acrobat 7 which Adobe will force on you if you get it from their main download site). Alternatively, if you’re running Windows, you can try the Foxit PDF Reader, which is what the Acrobat reader would be if it lost about 15MB of bloat and ran about 50 times faster than it does.

One of the most popular pages that I maintain is my security resource link farm, a huge (around 1/2MB) collection of links to security and encryption products, companies, papers, conferences, e-commerce and digital cash, security and intelligence agencies, smart cards, digital certificates and CA’s, standards and publications, security problems and holes, and anything else vaguely related to encryption and security. If you’re looking for anything in this area…

Peter Gutmann’s Home Page


Phoenix Airport Delays Use of ‘Backscatter’ X-Ray Machine Which Can See Through Clothing

A test of an X-ray security scanner that can see through clothing and take clear pictures of the human body along with concealed weapons, has been delayed until early this coming year at Phoenix Sky Harbor International Airport.

Critics say the high-resolution images are too invasive, and the American Civil Liberties Union has called it a virtual strip search. – Phoenix Airport Delays Use of ‘Backscatter’ X-Ray Machine Which Can See Through Clothing – Local News | News Articles | National News | US News

Best Practices For Preserving Security

The centralisation of branch office servers and storage enables enterprises to more effectively manage and secure critical business information.

By moving servers out of branch offices and consolidating IT infrastructure to fewer, purpose-built data centres, enterprises can protect vital business resources through tight physical security and well-defined access procedures.

In addition, server centralisation reduces sensitive user credential stores, helping to ensure that this information remains protected from unauthorised access.

BIOS: Technology Means Business

Cyber-security new year resolutions for 2007

Consumers have been led to believe that hacker attacks and social engineering outbreaks will be on the increase over the holiday period, but the chances are that not many users have prepared a checklist to go through to make sure they’re secure.

Security firm Perimeter eSecurity claims that users should take six key steps to ensure the maximum possible computer and network security as New Year’s Eve approaches in an era rife with data theft, record levels of spam and increasingly innovative computer…

Cyber-security new year resolutions for 2007 –

Sony BMG settles rootkit lawsuits

Music giant Sony BMG settled two lawsuits brought by the Attorneys General of Texas and California on Tuesday, agreeing to pay fines of $750,000 to each state and up to $175 per consumer impacted by the company’s decision to include invasive copy-protection software on dozens of music CDs.

The case came to light a year ago, when an antivirus company and a security researcher separately discovered that a music CD published by Sony BMG silently installed rootkit-like software on the purchaser’s computer. Sony BMG quickly became the poster boy for dissatisfied netizens’ pent-up anger over the increasing erosion

Sony BMG settles rootkit lawsuits

Intrusion recovery for databases and file systems

Recovery of lost or damaged data in a post-intrusion detection scenario is difficult task since database management systems are not designed to deal with malicious committed transactions. Recovery of lost or damaged initialization vectors for data encryption is also a difficult task since this information is critical to recover for a successful decryption of data. Self-securing data turns data-store solutions into active parts of an intrusion survival strategy. Few existing methods developed for this purpose heavily rely on logs and require that the log must not be purged. This causes the log grow tremendously and, since scanning the huge log takes enormous amount of time, recovery becomes a complex and prolonged process.

In this research, we have used data dependency approach to log only selected database columns and selected fields in flat file records. During damage assessment and recovery, we rely on a secure ‘evidence-quality’ log and skip parts of the log that contain unaffected columns. This paper introduces how self-securing data enhances an administrator’s ability to detect, diagnose, and recover from intrusions. First, data-at-rest intrusion detection offers a new observation point for noticing suspect activity. Second, post-hoc intrusion diagnosis starts with a plethora of normally unavailable information. Finally, post-intrusion recovery is reduced to recover a pre-intrusion data image retained by the server. Combined, these features can improve an organization’s ability to survive successful digital intrusions of critical data items.


Any computer system that is connected to a network is vulnerable to information attacks. In spite of all preventive measures, savvy intruders manage to sneak through and damage sensitive data. Initial damage later spreads to other parts of the database when a legitimate transaction updates valid data…

Security Park – Intrusion recovery for databases and file systems

Establish a strategy for security breach notification

Even if your organisation takes every possible precaution to protect its data, a security breach is often inevitable. What do you do if it happens? Mike Mullins offers some pointers for notifying those affected.

News broke recently about one of the largest known security breaches at a university. A database break-in at the University of California, Los Angeles has reportedly exposed the private information of about 800,000 people.

While this is the latest in a long line of similar stories, don’t let the huge number of potential victims sway your attention. When it comes to security breaches, it’s important to remember that old adage about quality vs. quantity.

Data breaches aren’t just about a hacker breaking into a network and stealing information. In fact, they come in all shapes and sizes:

* A data breach can occur with a lost or stolen laptop that has someone’s social security number.
* A data breach can occur with a lost BlackBerry that has personal information about employees or customers.
* A data breach can occur with a fax that includes financial information that’s thrown away instead of shredded.

Establish a strategy for security breach notification: ZDNet Australia: Insight: Security

Cracking WEP with Windows XP pro.

Cracking WEP with Windows XP Pro SP2

There is a Video Counterpart to this which is in the format of me describing what I am doing and how to carry out all the actions in this paper from start to finish. It will be available as soon as I can secure my web site adequately and will only ever be available to registered TAZ members. This paper should be considered the pre-reading for the video tutorial.

This is part one in a two part paper on Cracking WEP with Windows XP. This first part covers sniffing wireless traffic and obtaining the WEP key. Part Two will cover associating with a Wireless AP, spoofing your MAC address, trying to log on administratively to the AP and further things you can carry out on the WLAN once authenticated successfully.

What is WEP:

Wired Equivalent Privacy (WEP) is often mistakenly thought of as a protocol designed to 100% protect wireless traffic, when this is not the case.
As its name suggests it was designed to give wireless traffic the same level of protection as a wired LAN, which when you think about it is a very hard thing to set out to do.

LAN’s are inherently more secure than Wireless LAN’s (WLAN) due to physical and geographical constraints. For an attacker to sniff data on a LAN they must have physical access to it – which is obviously easier to prevent than to prevent access to traffic on a WLAN.

WEP works at the lower layers of the OSI model, layers One and Two to be exact, so it therefore does not provide total end to end security for the data transmission.

WEP can provide a level of security between a Wireless Client and an Access Point or between two wireless clients.

WEP Standards:

WEP is commonly implemented as a 64 bit or 128 bit encryption. These encryption strengths can sometimes be referred to as 40 bit or 104 bit due to the fact that each data packet is encrypted with an RC4 cipher stream which gets generated by an RC4 key. This RC4 key for say a 64 but WEP implementation is composed of a 40 bit WEP key and a 24 bit Initialization Vector (IV) – hence the 64 bit RC4 key, however the actual WEP part of it is only 40 bits long, the IV taking up the other 24 bits, which is why a 64 bit WEP key is sometime referred to as a 40 bit WEP key.

This resultant cipher is ‘XOR’d’ with the plain text data to encrypt the whole packet. To decrypt the packet the WEP key is used to generate an identical ‘key stream’ at the other end to decrypt the whole packet but more about this later on, I will also go over the IV’s in more detail later on as well.

Failures of WEP:

We have heard everyone say WEP is easy to crack and should not be used, can be cracked in 10 minutes etc but why is this?

Well in my opinion WEP is seriously flawed for the following reasons:

1) Initialization Vectors are reused with encrypted packets. As an IV is only 24 bits long it is only a matter of time before it is reused. Couple this with the fact you may have 50 + wireless clients using the same WEP key and the chances of it being reused improve even further.
An IV is sent in clear along with the encrypted part of the packet. The reuse of any encryption element is always a fundamental flaw to that particular encryption and as an IV is sent in clear this further exposes a significant weakness in WEP.

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic – Tutorial – Cracking WEP with Windows XP pro.

Tutorial For Beginners – Windows XP Security

This Windows XP tutorial is for those who are first time computer users or users who have had NO training. This is not a blind HOW TO. The first thing you need to know about computer security is that no matter how secure a system, if the system connects to another system it is vulnerable to attack. And by vulnerable I mean it’s there. Just like your car is vulnerable to theft, even though it’s locked away in your garage with the doors locked and the alarm on, someone can still try to steal it.

All words in bold are key words you should search on if you are interested in learning more about the topic.

Please post any questions in this thread and I will do my best to answer them. I will not respond to PM’s unless I post asking you to.

First of all, let me address something I’ve heard in bars, at parties, my parent’s house and all over the Web.

“Instead of using Windows, switch to something more secure like Linux”.

O.K. There are two problems with that statement.

First: Someone who just picked up their new PC from the local computer store is not going to be able to reinstall Windows much less any other Operating System (OS).

Secondly: Every flavour of *nix (like Linux, BSD, UNIX, etc) has its own unique flaws that can be exploited. It’s not just the OS you have to secure, as with any OS, but it’s also the Applications.

When it comes to which OS is more secure there is only one thing you must know. Microsoft is the biggest software company because THEY WERE FIRST TO MARKET! Let me say that again: FIRST TO MARKET.

Microsoft has the largest percentage of market share because it got there first. It beat Apple and IBM (the major software companies at the time). Microsoft got on the home PC and the rest is history. This is important because the virus writers and “Hackers” – in the beginning, wanted the prestige that came along with defacing, deleting and basically screwing up as many computers as they could with one piece of malicious software. Nowadays, the same types are turning toward making as much money as possible. So if you want to be a bad guy, what are you going to exploit? An operating system installed on 10% of the world’s computers or 90%? If you said 10% … well your program isn’t going to work anyway. The next thing to remember is that first to market means “ship the stuff and well fix the bugs later”. So in the beginning, Microsoft’s software wasn’t that good. But after gaining a dominant position in the market, Microsoft realized that, in order to keep it, they had to produce quality software, instead of quick, bug-ridden software.

Cookies, File Encryption, and Erasing Files.
Not really security as such, but privacy. Cookies are often discussed as a bad thing that steals your information. Well, here’s the scoop. Cookies are given to your computer browser when it visits a web site. When you check “remember me next time I log in”, the cookie is what remembers that. Now there are ways to modify a local cookie and use it to do bad things on the server, but that’s outside the scope of this tutorial. For the most part, don’t worry about cookies. However, a type of cookie can also be issued to you that will collect more data than you wish, but here’s the kicker: you have to visi a website run by unethical individuals. So avoid sites that offer free copies of Microsoft Office and other things that seem too good to be true. “There’s no such thing as a free lunch”. ‘Twas true before the Internet, will be true after the Internet. The most important thing to remember about cookies is that they can be deleted. If you’re reading this from a public computer – don’t forget to clear your browser’s cache!

Ports and Services.
So you’re trying to find out how to “secure” your PC and everything you read says turn off all unnecessary services and close unused ports. Yea RIGHT, what’s a port? Where are these services and how do I turn them off? Do this, give your PC the good ‘ol three finger salute – CTRL+ALT+DELETE (hold down the three keys at once). Now click on the Task Manager Button. Now click the Processes tab. You see all of those weird names listed in the box? Those are services, well at least some are. The majority of the Processes end with .exe, and control how you computer works. For example, see the services.exe process. services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping other services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of services during shut-down. Google or is a great resource for finding out what all of these services do. Be warned – if a virus ever used any of these services, that will be noted. Don’t freak out thinking you have a virus. I know of at least 50 viruses that infected or used the services.exe program.

Now before I get to showing you how, I have to explain what is known as TCP. This is not an exact description – but just a loose definition. The terminology is something you will need to research yourself as you get further along and become more comfortable with networking. I have put the keywords for your search in bold.

by dinowuff

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic – Tutorial For Beginners – Windows XP Security