It’s been a little while since there had been any changes to the website so I took a little time this week to spruce things up a little bit. Before I make a flurry of posts to push the old stuff off the first page here are a few excerpts from the change log…
*All of the old content from bitninja.org has been migrated and (in theory) should remain accessible via the old URLs as well as the new. That stuff is really old, but I keep it there because at least until I fell asleep at the DNS server people were still regularly accessing the content. I know I hate it when I run into linkrot and want to do my part to keep links, bookmarks, and citations working.
*I’ve created a collection of documentation and other short articles which talk about some commonly conducted forensics and electronic discovery tasks. It’s the kind of thing that I give out at CLEs and it doesn’t really make much sense to just dump into a blog post. I really hope to revisit these pages from time to time to keep them current. If you see something that is no longer accurate, or has simply become woefully outdated, drop me a line.
*I put together a categorized list of talks that I’ve given over the past few years. This was taken from the old website and is not current.
*If you happened to be one of the probably no people that had subscribed to the RSS feed, you may want to update your feed to reflect the john-benson.com domain instead. The old one should continue to work just fine for now, but I don’t plan on working around that in the future.
*For those of you who use Twitter, you can also follow me @john_benson which will have links to any new posts that I make
*Comments are on. I guess we’ll see how that works out, right?
This fall a new file system is coming to Apple computers. It’s already been deployed to iOS with little impact on the digital forensics community, but APFS on the desktop is fairly big news.
If you’re someone who uses a Mac to analyze Macs, then getting support is easy. Upgrade your machine to High Sierra. If you use tools on Windows to analyze Macs I’m not sure what you’ll be looking at in terms of support.
On 27 June, our advanced-warning system detected suspicious activity in our network, which, based on our investigation to date, appears to be related to a new variant of the “Petya” malware. Our IT team acted quickly to prevent the spread of the suspected malware by taking down our systems as a precautionary measure. We immediately began our investigation and remediation efforts, working closely with leading forensic experts and relevant authorities, including the FBI and UK National Crime Agency.Our experts are working to bring our systems back online as quickly and safely as possible and we are aiming for our email system to be up and running today, 29 June. This is really bananas. A huge part of that firm has been without email for two days right before a holiday weekend. Hopefully they find some sympathetic ears when they have to ask for extensions for filing deadlines, although I’m not sure a small firm who’s compromise might not be so public would receive the same. Best of luck to everyone working to respond to this incident.
Usually when I’m doing some writing, whether it be for formal publication or just reminders and notes to myself I’m writing in Markdown. It’s easy to read, permanent, and can be turned into other useful formats like PDF or RTF. When I first got into Markdown, I was using the old reliable TextMate along with a number of scripts and triggers. TextMate has gotten some real competition in recent years and has really struggled to keep up with editors like Sublime Text or Atom. I’ve spent a fair amount of time working in both of those editors and they’re really something to consider, especially if you’re used to using older editors like UltraEdit or TextPad which still see pretty wide distribution in Businesstown. But even as I basked in the power provided by Sublime’s column editing and the ease of use from Vintage Mode, Sublime lacked some of the Markdown editing chops that I really liked in Textmate like footnote support. Recently I’ve migrated from using Sublime as my primary editor to using Atom. The add-ons for Atom have matured quite nicely and with the right combination of tools and some configurations tweaks, Atom might be the best Markdown editor out there right now. The other fairly interesting editor that folks seem to like is Bear. I like bear. It’s super friendly and it’s a great spot to keep notes that you need on a regular basis. I do wish it would sync out to plain text files though.
Dan Kaminsky:>It always seems like a good idea in security to emphasize prudence over accuracy, possible risk over evidence of actual attack. And frankly this policy has been run by the privacy community for some time now. Is this a positive shift? It certainly allows an answer to the question for your average consumer, “What am I supposed to do in response to this Internet ending bug?” “Well, presume all your passwords leaked and change them!”I worry, and not merely because “You can’t be too careful” has not at all been an entirely pleasant policy in the real world. We have lots of bugs in software. Shall we presume every browser flaw not only needs to be patched, but has already been exploited globally worldwide, and you should wipe your machine any time one is discovered? This OpenSSL flaw is pernicious, sure. We’ve had big flaws before, ones that didn’t just provide read access to remote memory either. Why the freak out here?Because we expected better, here, of all places. I recall the days of hearing from people that open source software was dangerous because anyone could add any code. The usual counter was that because it was open, someone would see something that was inserted that was malicious. While it doesn’t look like the Heartbleed bug was introduced purposefully, the problem code wasn’t found soon enough.
subscribe via RSS