One of the cool things about my forensics course is that interesting people come to the university and talk to us about interesting things to do with forensics and computer security. The most recent “interesting person” to come along and share his wisdom was penetration tester Rory McCune. Most of his presentation was highlighting the use of the Metasploit framework in testing web applications (including a very cool demonstration of SQL injection), but I was most intrigued by something that was only mentioned in passing: SHODAN.
SHODAN is a search engine. A bit like Google, except that SHODAN searches for computers instead of content. Here’s an example from the SHODAN site:
Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:
apache
How about finding only apache servers running version 2.2.3?
apache 2.2.3
You can also narrow down the results using the following search parameters:
- country:2-letter country code
- hostname:full or partial host name
- net:IP range using CIDR notation (ex: 18.7.7.0/24 )
- os:operating system (ex: Windows)
- port:21, 22, 23 or 80
It’s been up and running for a few months now but the seminar was the first I’d heard of it. I just need to find the time to play with it now!
Toward the end of the first year of my undergraduate degree I read a book by Neil Barrett called Traces of Guilt, which describes the author’s involvement in computer-related crime as a security consultant and expert witness. It is written as a series of case-studies showing Barrett’s involvement in criminal cases ranging from paedophilia to murder, as well as private consultancy work such as dealing with a sociopath systems administrator at a wealthy holding company.
Despite the subject matter, it is surprisingly accessible (After all, it was my mother that recommended it to me!), but still contains enough technical information to keep a computer science student interested.
I read it again recently and even though five years have gone by since I first picked it up, very little of it seems dated. It’s definitely worth a read for anyone with an interest in computer-crime.
Traces of Guilt got me thinking about computer security from the “other side”, and is probably part of the reason that I’m studying computer forensics today.
I’ve just seen this article on The Times website (via Slashdot).
The Times article is pretty sensationalist, and I don’t get the feeling that the Slashdot discussion will be particularly balanced either judging by the ~40 comments that have been posted already, but I still think it’s a terrible idea with regards to privacy.
[Richard Clayton]said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.
Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.
I’d be interested to know how investigators would deal with someone who’s taken the time to properly secure their gear. Are the police and MI5 sitting on a stack of SSH or WPA2 0-days? Although if they can gain enough physical access to install key-loggers covertly, I don’t suppose a tightly locked-down system is going to do much good anyway.
