• Upcoming Events

Attacks From the Heart of the Net
~ from BBC News Online (10/30/01)

The Computer Emergency Response Team (CERT) reports that hacker attacks are growing in frequency. Furthermore, hackers are known for shifting their strategy and focusing on new Internet vulnerabilities if older ones are closed off. A case in point is the method of smurfing, or the generation of Web traffic used to carry out denial of service (DoS) attacks; hackers once relied on predominantly manual techniques to infect machines to launch bogus data packets, but now they can do so automatically with available tools. CERT warns that there is less and less time for security experts to implement countermeasures following the discovery of a threat. The authors of the report also note the increasing use of routers to conduct DoS attacks. Routers are usually less secure than computer systems, and can be used to detect unprotected machines, launch data packets, and hide links to chat channels. http://news.bbc.co.uk/low/english/sci/tech/newsid_1627000/1627707.stm

Building a Corporate Information Protection Strategy
~ by Collins Leung, Founding Member of ISFS

This article aims to alert readers on how to build a corporate information protection strategy amid threats of cyber invasion. Solutions like incident response modelling and selected computer forensic technologies are briefly discussed. This article will also provide an introduction on the Information Security and Forensics Society (ISFS), the first professional society in Hong Kong and probably in Asia advocating both information security and computer forensics. *** (Full Content in PDF)

Computer Crimes - Threats to Information Systems
~ by Prof. Samuel Chanson, Chairman of ISFS

The heavy reliance of our daily activities and even critical services on computers and the Internet has led to the emergence of criminals of a different kind. It is important to realize how serious the threat of computer crime is, the profiles of computer criminals, their attack methods and what we can do about it before developing strategic solutions based on today's information technology. *** (Full Content in PDF)

Probing into Microsoft Encryption
~ by Anthony FUNG, Council Member of ISFS

If an attacker was able to gain physical control of a Windows 2000 machine, he could boot the machine using a different operating system irrespective of the NTFS security information. Through this method, he could potentially read the deleted data using a low-level disk editor or other tool.  A new feature in Encryption File System (EFS) of Microsoft WIN 2000 called "wipe" that ensure the deleted data is wiped from the computer, which is good for data security of sensitive material, but it turns to a different view (ie. NIGHTMARE) for computer forensic. ***(Full Content)

Search Engines as a Security Threat
~ from COMPUTER (Oct 01) Vol.34, No.10 P.25; Hernandez, Julio Cesar; Sierra, Jose Maria; Ribagorda, Arturo 

Search engines are tools hackers can use to seek out crucial information and security flaws, coordinate attacks, and keep themselves from exposure. The carelessness of users--lack of firewalls, prolonged connections, etc.--is the main reason why search engines lend themselves to such practices. Hackers locate vulnerable Web servers--particularly servers that have just been installed and not furnished with safeguards--by searching for unique text strings, images, or content that are characteristic of default installations. However, search engine bots can be programmed to not index or return default Web pages as well as purge default page files from the search engine. FTP search engines are even more capable of finding confidential or sensitive data, such as poorly encrypted passwords and standard security audits. Search engine bots could use a robot.txt file to figure out what files or directories should be indexed and what should not. Countermeasures for FTP hacking can also be found in a number of resources, including books and online sources such as Packet Storm Communications and the CERT Web site. One way hackers maintain anonymity is to use the search engine's translation machine as a proxy, although that also has its drawbacks.

Veiled Messages of Terror May Lurk in Cyberspace
~ from New York Times (10/30/01) P. D1; Kolata, Gina

Digital photos and music files can be altered to contain messages, a process known as steganography. A new emphasis has been placed on steganography in the wake of the terrorist attacks, particularly a recent revelation that terrorists used this method to plan a foiled attempt to destroy the U.S. embassy in Paris. "In the past two years, the number of steganography tools available over the Internet has doubled--it's 140 and growing," George Mason University's Dr. Neil F. Johnson reports. In fact, the potential for steganography's use as a terrorist tool has become so great that Dr. Johnson has stopped publishing research on detection techniques, fearing that criminals may use this knowledge to better hide their messages. It is particularly hard to detect steganography in one of the most frequent image formats, JPEG, because although detection tools look for statistical evidence of distortion, JPEG files are by their very nature distorted, according to Dr. Jessica Fridrich at State University of New York's Center for Intelligent Systems. http://www.nytimes.com/2001/10/30/science/physical/30STEG.html