InfoSec Daily Podcast Episode 607 for February 29, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Boris Sverdlik, Beau Woods, Adrian Crenshaw, Karthik Rangarajan, Geordy Rostad, Themson Mester, Dr. Bonez, and Varun Sharma.
Announcements:
Social Engineering Training
When: March 5-9, 2012
Where: Seattle, Washington
When: July 21-24, 2012
Where: Black Hat Vegas
When: August 20-24, 2012
Where: Bristol, UK
When: November 12-16, 2012
Where: Columbia, MD
http://www.social-engineer.com/social-engineer-training
InfoSec Southwest
When: March 30-April 1
Where: Austin, TX
http://www.Infosecsouthwest.com
Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!
AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu
LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!
Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek
When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA http://www.sans.org/mentor/details.php?nid=28014
Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html
Defcon 20
When: July 26-29, 2012
Where: Rio Hotel and Casino – Las Vegas, NV
http://defcon.org/
CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion
When: September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go to and locate the Affiliate Program link on the right hand side.
Pentest Lessons:
- During a pentest, if you upload a web shell to a website, at least password protect it so someone else does not make use of it too.
- If you tell the customer you will have their report on a particular date, then you better make every effort to make that deadline!
- After a pentest, make sure you clean up after yourself (i.e. do not leave the systems worse than you found them).
- Popping a server with the same account as the one you previously created, the year before, is probably more than just cheating.
- If you IP is included in the assessment scope (internal NVA/PT), make sure to remove any findings from the report that relate to your box.
- When performing a pentest, make sure that the box you are targeting is not your box (or a VM on your box).
- Always back up your pentest/assessment data. You never know when the hard-drive in your system will decide to die!
StoriesSource: http://www.wired.com/threatlevel/2012/02/laptop-decryption-unconstitutional/
Forcing a criminal suspect to decrypt hard drives so their contents can be used by prosecutors is a breach of the Fifth Amendment right against compelled self-incrimination, a federal appeals court ruled Thursday.
It was the nation’s first appellate court to issue such a finding. And the outcome comes a day after a different federal appeals court refused to entertain an appeal from another defendant ordered by a lower federal court to decrypt a hard drive by month’s end.
Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.
The case at hand concerns an unidentified “Doe” defendant believed to be in possession of child pornography on 5 terabytes of data on several drives and laptops seized in a California motel with valid court warrants.
The Atlanta-based circuit held:
First, the decryption and production of the hard drives would require the use of the contents of Doe’s mind and could not be fairly characterized to a physical act that would be non-testimonial in nature. We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control and access to the encrypted portions of the drives; and of his capability to decrypt the files.
The court added: “Requiring Does to use a decryption password is most certainly more akin to requiring the production of a combination because both demand the use of the contents of the mind, and the production is accompanied by the implied factual statements noted above that could prove to be incriminatory.”
….