ISBN-10: 9780307588685
ISBN-13: 978-0307588685
ASIN: 0307588688
An interesting book with a neutral stand on the hacker/LE point of view. You can see that real criminals have real criminals problems : money laundering, not having a snitch in your organization, reselling stolen goods etc...
Also it spans recent years so you see how security evolved compared to the Cuckoo's egg story.
You see also a real life application of a Cold boot attack (or what is a firewire DMA access ?) to recover the key of an encrypted HD from the RAM of a live system.
2011-04-30
Few tricks to sort out and present recovered pictures
Often after a recovery with photorec/testdisk or any other recovery tools, you just have a flat list of files named by their index where the tool found it on the image.
Some are corrupted, plenty are irrelevant.
Let's say you have a bunch of jpeg to sort out.
So first, a tool to check quickly which one are corrupted or not :
On Gentoo:
Then from the directory where you have your flat list of images :
In plain English : This will check the integrity of the images, find back those OK in the list, isolate the name of the file and pass the file names one by one to the mv command.
Next step, produce a nice picture composed from the thumbnails of those images:
The tool is imagemagick :
Be careful here, this can take a huge bunch of ram so don't run it with a root account or you risk to have your user processes killed :). Monitor the progress with for example htop.
If it OOM, add swap or do it subset by subset.
Some are corrupted, plenty are irrelevant.
Let's say you have a bunch of jpeg to sort out.
So first, a tool to check quickly which one are corrupted or not :
On Gentoo:
emerge media-gfx/jpeginfo
Then from the directory where you have your flat list of images :
mkdir ok_images
jpeginfo -c *.JPG | grep "\[OK\]" | cut -d " " -f 1 | xargs -I {} mv {} ok_images/
In plain English : This will check the integrity of the images, find back those OK in the list, isolate the name of the file and pass the file names one by one to the mv command.
Next step, produce a nice picture composed from the thumbnails of those images:
The tool is imagemagick :
emerge media-gfx/imagemagick
Be careful here, this can take a huge bunch of ram so don't run it with a root account or you risk to have your user processes killed :). Monitor the progress with for example htop.
montage -set label '%f' *.JPG -geometry 128x128+2+2 thumbnails.jpg & htop
If it OOM, add swap or do it subset by subset.
2011-04-22
Nice book for forensics "The cuckoo's egg"
The cuckoo's egg: Tracking a Spy Through the Maze of Computer Espionage
Cliff Stoll
ISBN-10: 0743411463
ISBN-13: 978-0743411462
It gives also some cool historical background.
I found it well written, not too edulcorated for the masses and highly entertaining.
You can get it on amazon for example :
http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463
Cliff Stoll
ISBN-10: 0743411463
ISBN-13: 978-0743411462
It gives also some cool historical background.
I found it well written, not too edulcorated for the masses and highly entertaining.
You can get it on amazon for example :
http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463
2011-04-19
Changing the really ugly clock font on the Xoom
You need to root your device, and yes that was my main motivation so far for doing this. Note : be careful to flash the correct boot partition for your wifi/3g model otherwise you will softbrick it like me :-)
With root explorer or a shell, remount / rw
Backup
/system/fonts/AndroidClock.ttf
/system/fonts/AndroidClock_Highlight.ttf
/system/fonts/AndroidClock_Solid.ttf
(you never know you suddenly want this atrocity back)
Copy over one of the other font present on those 3 files, ANY other font would look better. I took DroidSans.ttf.
Jump to the lock screen (press power button once) to testdrive the change. If it works as expected reboot the device and it will change it also on the bottom bar.
With root explorer or a shell, remount / rw
Backup
/system/fonts/AndroidClock.ttf
/system/fonts/AndroidClock_Highlight.ttf
/system/fonts/AndroidClock_Solid.ttf
(you never know you suddenly want this atrocity back)
Copy over one of the other font present on those 3 files, ANY other font would look better. I took DroidSans.ttf.
Jump to the lock screen (press power button once) to testdrive the change. If it works as expected reboot the device and it will change it also on the bottom bar.
2011-04-16
Motorola Xoom first impressions
I initially wanted to buy an ipad 2 because we already have an ipad 1.
Meanwhile I had to buy a Xoom for a friend and, yeah it basically scrapped the ipad2 buying impulse.
The pluses :
- better screen resolution and slightly larger : it is better for reading
- fast : it doesn't have those android lockups you see on phones
- simple : one login and boom, my applications I had on my phone just automagically installed on my tablet, calendar, email... No need to have to enter your credit card with the sucky windows/mac-only itunes application.
- open : standard connectors, no need of extra horrible application to be able to access your device
- battery life really on par with the ipad (good surprised compared to the various android phones I had/tried)
The minus :
- the default skin is really ugly, but people started to release new ones so it will be fixed
Overall for the usage I have, this is truly an ipad killer.
Meanwhile I had to buy a Xoom for a friend and, yeah it basically scrapped the ipad2 buying impulse.
The pluses :
- better screen resolution and slightly larger : it is better for reading
- fast : it doesn't have those android lockups you see on phones
- simple : one login and boom, my applications I had on my phone just automagically installed on my tablet, calendar, email... No need to have to enter your credit card with the sucky windows/mac-only itunes application.
- open : standard connectors, no need of extra horrible application to be able to access your device
- battery life really on par with the ipad (good surprised compared to the various android phones I had/tried)
The minus :
- the default skin is really ugly, but people started to release new ones so it will be fixed
Overall for the usage I have, this is truly an ipad killer.
2011-04-09
A simple alias to be able to update your gentoo instance unattended
Starting a large update like KDE, going to bed and discovering that it failed on the not really important 3rd package the next morning is kind of irritating.
I have this defined in my /root/.bashrc (you need to have also the .bash_profile so it is triggered by the way).
It means, update anything you need to but don't stop if one package fails.
As I have app-portage/eix installed, my update routine is :
Both with a nice feedback about what's new in the batch.
I have this defined in my /root/.bashrc (you need to have also the .bash_profile so it is triggered by the way).
alias up="emerge --keep-going --ask --update --newuse --deep world"
It means, update anything you need to but don't stop if one package fails.
As I have app-portage/eix installed, my update routine is :
eix-sync up
Both with a nice feedback about what's new in the batch.
PV (progress viewer), a computer forensics friend
On your linux command line, whether you disk image, netcat, copy a giant dd file, you often have the drawback of the no feedback = good feedback of the unix world : sometimes you simply don't know if you gonna stay in front of your blinking cursor 5 minutes or 5 hours.
It is where I find the pv tool extremely nice.
To install it under gentoo :
Example of a disk imaging session (all as root):
First make sure the targeted hard drive here /dev/sdb will be accessed read-only (for those still without a physical write blocker :P ):
pv acts by default somewhat like cat :
It is where I find the pv tool extremely nice.
To install it under gentoo :
emerge -a sys-apps/pv
Example of a disk imaging session (all as root):
First make sure the targeted hard drive here /dev/sdb will be accessed read-only (for those still without a physical write blocker :P ):
losetup /dev/loop0 -r /dev/sdb
pv acts by default somewhat like cat :
pv /dev/loop0 | tee image.dd | md5sum 10.8GB 0:01:24 [ 133MB/s] [==> ] 4% ETA 0:28:55At the end of the process it gives you nicely your md5sum:
1dec4b2b97cee8f456f5b3b6c0164d56 -
Subscribe to:
Posts (Atom)