Forensic Discovery - a (free) book by Wietse Venema and Dan Farmer about forensic techniques for gathering digital evidence

I accidentally stumbled over this today: the book Forensic Discovery, written by two security gurus — Wietse Venema and Dan Farmer - has been published by Addison-Wesley.

Which is nice and all, but even nicer is the fact that the book is freely available for online reading. There's also a ZIP-file, if you want to get the whole thing.

This should make for some interesting reading during the next few weeks...

EFF cracks the DocuColor Tracking Dot code

If you haven't yet read about it, some printer brands place tiny, almost invisible yellow dots on every page you print. These dots encode certain information (date, time, printer serial number, or similar things). I think you can easily imagine the security and privacy implications. The EFF has now cracked the DocuColor Tracking Dot code.

They have also written a program which decodes the dot patterns. The code is released under the terms of the GPL.

(via Boing Boing and CCC)

More Firewall / Iptables Script Updates

I have updated my iptables scripts again.

This time fw_laptop got support for limiting logging in case of flooding, blocking of known-bad IP addresses (e.g. from, optional blocking of certain outbound ports (e.g. X11 server, VNC, NFS etc.), and a few minor tweaks...

Thanks to Ryan Giobbi for several hints and comments. Further comments and suggestions are welcome!

Exploited Exploits

Someone on the security mailinglist Full-Disclosure has posted an interesting warning regarding proof-of-concept exploit code. It seems that multiple published exploits have been replaced with more malicious versions by unknown attackers.

The attackers replaced the shellcode in the demo exploits (which usually opens a root-shell) with more malicious versions like 'rm -rf /*'. As such shellcode usually consists of hex-encoded assembler instructions, most people don't have the slightest chance to understand it, and hence cannot verify what it really does. People who want to "just try out whether I'm vulnerable", might end up with a wiped hard drive (or worse).

The lesson (one of them, that is) we should learn here is to never execute any code we don't trust and/or fully understand.

(via Heise)

Syndicate content