Tuesday, 16 June 2009

Kiaat pod

Solitary Kiaat seed pod on the tree with a pine plantation in the background. Nikon D80, f8, 1/160 and -0.3ev.

Cycad Fronds

The cycad at home sprouted new fronds. Nikon D80, f7.1, 1/100 and 0ev.


This butterfly let me get closer and closer and closer to it until it took up most of the image. Nikon D80, f8, 1/400 and -0.3ev.

Sunday, 07 June 2009

Earthhour fish

I took these on earth hour day (28 March 2009) while the house was lit with candles. The fish's shadows on the wall provide a fascinating allure. Taken with a Nikon D80, tripod, F7.1, 6s, -1.0ev. 

The black and white conversion and the original colour, to me, are both great. I can't decide which I prefer more.

Tuesday, 31 March 2009

Searching for phishing - the quick win

My quick win for searching for confirmation that a person visited a phishing is to check the Internet history of the browser(s) on the imaged workstation. I use an Encase condition to to search the url names for host names of known phishing sites. We have a comprehensive list going back to the start of Feb 2005.

Start by searching for the Internet history and the email on the workstation. Internet history first and then the email.

The condition code looks like (all from a default condition):
f() Main
  if Url Name find []
  or Url Name find []

When you run this code, it'll ask you the sites. If you have a large list like us you may need to do this in batches. If this yields results, look for the email that the person received as having the email and proof that the site was visited is what you need, but to really seal the deal make sure that you know the structure of the phishing site. Someone can only visit the second page of the site or post to a url if they capture details...

If you don't get a hit in the Internet History - time to pull out the full keyword search and comeback in the morning.

Get in touch if you want screenshots of the process...

Sunday, 15 March 2009

A mini digital forensic rant

I am a great admirer of Google, but it doesn't even know everything. I am tired of working late hours and on the week trying to conduct a forensic analysis on a workstation and need to find out how to extract information (yes, I am a noob) and not being able to find it on the interweb.

So going forward, I'll include the basic things that I find out. They will be mostly based on FTK and Encase as those are the tools that are available to me.

Thursday, 12 March 2009

Phishing and Trust in a Brand.

I have had the opportunity to meet some some people that have fallen victim to phishing. The experience for me was some sometimes uncomfortable, difficult and an interesting exercise in marketing.

Some people take the knock on the chin and will learn from the experience and be sad and hang on the glimmer of hope of getting their loss back. Others are aggressive and demand that the Bank make it right. I use the analogy of a set of car keys. If you left your car keys in your car, go into the shop and come back and your car is stolen, do you demand that the vehicle manufacturer replaces your car?

The problem, I believe, is that cars have been around for a long time, at least three to four generations and the ins and outs of car ownership, not the oily ins and outs, but the day to day ones have become a part of life's lessons. Take the internet, its only really been in mainstream existance for lets say at most 20 years. This means that our parents don't really comprehend it and our grandparents probably think that it is bordering on voodoo.

How ingraned has the internet and all the ins and out become in our lives? Not a lot. Add in the great work that marketing does, they have built trust. Huge amounts of it, so much in fact that if a customer sees their Bank's logo, that is sufficient. It is all they need to trust the site - no matter how dubious the site looks.

This trust is perfect for criminals, it is very good for the Bank in terms of customer loyalty, but it is horrendous in terms on trying to teach people about the dangers of an online life. The problem that we face is that as we tell customers to scrutinise their banking tool, the marketers are launching new products and campaigns touting the safest and most secure product offering.

Whilst, yes, the banking tool is safe and secure - think about it no one is going to offer a solution that is not secure, the risk is just too high. So where does the tool fall down? The same place that cheques, credit cards and other scams do - People. The people that we are offering a service are the weak point.

Is phishing different from card fraud, or smaller scale Ocean's 11 type scams? Nope. The problem is that when you have a tool, you need to learn how to use it. Driver's license. Should we be making clients get an Internet license? I can hear the marketing people choke on their creative "enhancer".

Interesting thing is, is that the most difficult and aggressive of the interviewees who nearly socked me thought that it was a brilliant idea.

Thursday, 12 February 2009

IT Web Security Summit Abstract Accepted

My abstract that I submitted to the 2009 IT Web Security Summit has been accepted. The title of the presentation and the abstract are below.

Title: "Policy, process and mandate for a successful eCrime / eDiscovery unit in large corporates."

Abstract: "Large corporate networks are filled with sources of infomration taht may be required to be successfully defend or promote the organisations position in legal dispute. eCrime can affect an organisation from an internal threat perspective to external attackers attempting to breach the permiter, is these cases the organisation needs to able to extract all the information availavle to it to successfully prosecute offenders. In the case of eDiscovery the organisation needs to locate information that is relevant to the issue at hand and not, as in the of eCrime, of finding as much as possible.
What are the policies and processes that need to be in place for an organisation to successfully be able to gather eCrime evidence and to process eDiscovery requests, pass it onto the relevant authorities in a legally sound manner and cost effectively?
Where should the unit be placed in the organisation, what are the benefits of having such a unit and what skills are required to successfully process the large amounts of incidents generated in a large corporate community?"

Sunday, 25 January 2009

Spaghetti and meatballs

I made this tonight. It is a really simple dish to make and tastes delicious. The amount of chilli I used was a bit hot for my wife, but was spot on for me.

Ingredients (for 2 servings, in theory can be easily doubled):
- Spaghetti for 2 - home made pasta will be a lot better - but I didn't have time to make it.
- 1 tin of whole, peeled tomatoes.
- 1 handful of parsley and thyme, chopped.
- 2 cloves garlic, finely chopped.
- 1 red onion, finely chopped.
- 1 tsp light soya sauce (green kikoman...).
- 6 pork sausages (the better quality the better the dish).
- 1 red chilli, finely chopped and de-seeded.
- salt and black pepper to season.
- Parmesan to sprinkle.

  1. Chop the garlic, onion and herbs.
  2. Squeeze out the sausage meat from the sausages. You need to squeeze the meat out of the casing into "balls". You should get 3 balls per sausage. Don't worry too much about getting the sizes all the same or getting the shapes uniform.
  3. Start the pot of water that you will cook the pasta in, remember the salt(at least two teaspoons per litre of water).
  4. Place the sausage "balls" into a frying pan and fry until golden on one side, then turn over and fry till golden. Use a medium hot heat, should take about 4 minutes on the first side and 2 the next. I put the frying pan lid on. You will get a lot of fat from the sausages, I poured the fat out just before the turning the balls for the first time.
  5. Take the meat balls out and keep warm.
  6. Fry garlic and onion in left over fat. Add some black pepper - a few twists of the grinder.
  7. When the garlic is aromatic, add the tomatoes.
  8. Break up the tomatoes with a wooden spoon, put the lid on and let it simmer for 5 minutes.
  9. Add the soy sauce, simmer for another 5 minutes.
  10. Add the herbs, chilli and put the spaghetti into the boiling water to start cooking.
  11. Add the meat balls to the sauce. Reduce the heat and cover with a lid. By now the sauce should be relatively thick. Taste and season accordingly.
  12. Soon as the spaghetti is done, take the sauce off the heat. Drain the pasta, get in trouble with the wife by testing if it is done by throwing a small piece onto the ceiling (if it sticks its done, actually an old wives tale - pasta is done when you just feel a slight resistance when you bite into it - al dente. And don't worry, the spaghetti strand will fall off eventually.
  13. Dish up, sprinkle the Parmesan and enjoy.
Comments invited...

Monday, 19 January 2009

Banking Commission's redaction failure.

A long time ago in a land a long way away I wrote a paper for ISSA that is titled "An Investigation into Unintentional Information Leakage through Electronic Publication". Please forgive the youthfulness of the writing, but I think that it is still relavant and should make an interesting read, specially the section on PDF's.

The Banking commission made the one fatal mistake that you can make when trying to redact documents - they left the confidential material in the document - perhaps hidden, but still there. Same applies for office documents (all types, not only Microsoft), emails, anything electronic can reveal a lot if not cleaned and sanitised.

I expect that things like this will always crop up every now and again...

Saturday, 17 January 2009

Gymnopilus junonius

Caught this hallucinogenic "Laughing Jim" growing in the parents-in laws garden. For more info: Click here.

Gnocchi needs to made with heart

The wife and I went to Fratelli's in Blairgowrie on Thursday night for a bite to eat. I had the Pesto gnocchi and was not impressed. It was tough and fried (why, I have no idea - I didn't order potato fritters). The pesto wasn't bad though. Next time I'll have a Pesto Penne, or stick to the Pizza.

Gnocchi has to be made with heart, you need to take your time, feel the dough, shape each piece and cook it gently in boiling water and then dip in the sauce and then serve. As soon as you don't put some TLC into it, it'll go tough and very stodgy.

Places to have gnocchi in JHB are my house and Primi on Rivonia Boulevard.

Update: Col’Cacchio at Benmore is another place to have gnocchi.