The biggest problem in making net safe is the people. It is very hard to make sure that there are no robberies if people leave their houses unlocked and a sign on the porch saying it is so, when they go out. Because this is what people are doing. The sad thing is that most of the time they are unaware of this. These are a few thumb rules one should live by… readers add more…

1) Don’t use public computers for financial transactions or logging into accounts with sensitive information.
2) Never open an attachments with a funny extension… (you think this is obvious… Rolls Royce are going through a major revamp because one of their employees didn’t follow this simple rule).
3) Never use your computer in admin mode when you are online. If you need to install something, go offline log into admin install, log off, log into a user account and go online. Malware can do very little if the account is it activated on has next to zero privileges.
4) Selling or getting rid of a old hard disk… formatted it… safe now… NO!… even after formatting your information can be taken off it… degauss it… or take the safer route destroy it… or you might find it on ebay….
5) Use multiple passwords, a single password for all accounts is cutting it a little toooo close…
6) I know you hate MS… but if your program crashes and it asks you whether you want to send the info to MS… do it… and always update the OS… best option put it on automatic update…
7) Use Antivirus… prevention is better then cure…
Everyone loves to download for free…. but nothing is free ever… some of the most frequent malware sources are free download site… especially the ones with pornographic content…
9) If your computer is slowing down, it is probably infected with malware…
10) People using wireless networks… make sure it is a secure link…
11) People using MS… your systems are mostly the ones targeted, you need to be extra careful…
12) Never ask Why me? You might think no one is interested in you… but you might never know…
13) No SSN is not a good password… neither are dictionary words… nor is your birthday…

For those who have been in their labs, struggling with embedded devices, plundering the JTAG hole to their advantage. I have news for you, manufacturers are wising up to thy game. American giant Motorola has taken the first step by putting time money and initiative into something they are calling Secure JTAG. This functionality not only allows for limited access, it allows for authenticated priority based access. It is quite amazing when you think about it.

The whole security feature of course had to be behind the JTAG so as to block the latter. It cannot be software implemented, or can be easily overridden. So the whole system is hardware based and has been implemented inside the processor it seems. To even if I manage to remove the chip from the circuit I can for the life of me not disable the mechanism even physically.

It is primarily a three party challenge response based protocol. It is based on elliptic curve cryptography. Interested people might want to go check out the paper… the research is cool… cant say the same for the writing… :sigh:….

www.motorola.com/techpubs

The strip below is once again brought to you by asofterworld.com… brilliant… make some time in your sorry life and discover how sorry it really is… go explore that site…

As the titles says this is about JTAGS. What are JTAGS? Well laymen language, since all processor designs are prone to screwups, they keep a port for testing and debugging which is called JTAG. These ports I believe are also there on… well memory chips and likes, but unlike in mobile processors they are not accessible, relatively speaking of course.

So you say… so what, right? I have a testing and debugging port, big deal… what do I do with it? Well Mr. Breeuwsma from the Netherlands Forensics Institute published a paper (titled: Forensic Imaging of Embedded Systems using JTAG). This paper explains how you can use this little functionality to get all the data off the memory chips of your mobile.

Wait you said Memory chips’ JTAGs can’t be accessed. True but the JTAG on the processor can be, and since the memory is connected to the processor we can figure out a way to get the data from the memory off the JTAG port of the processor.

To begin a JTAG has three modes of operation: Normal, Extest, Debug. I have no clue what Normal does. Extest is obviously the testing mode. And Debug is well… the debug mode. We are interested in the extest and debug mode and I will discuss each of these in future posts.

Meanwhile why JTAGS?
1. Forensically secure. Since memory is accessed directly data doesnt change.
2. Bypasses any user level passwords.
3. Works for crashed systems.
4. Desoldering a chip works only for non-volatile chips, is risky and in my view is simply barbaric. JTAG analysis has none of these issues.
5. Works for SDRAM as well. (SDRAM can not be removed from the board cause they lose data as soon as they lose power.)

Blah Blah Blah… I think I made my point. This is not full proof, not by a long shot, but looks extremely promising…

Mobile Forensics is one of the upcoming fields in the area of Information Security. While initially it was bundled with Computer Forensics, it posed problems which were unique in many aspects. Thus we had something called Small Scale Digital Device Forensics. I could have used that term in the title, but I kind of like pithy titles. Anyways I am going to blabber on the what sort of problems are being faced by officers in the field and researchers in the labs when analysing these devices.

The first rule of forensics is that evidence obtained on the site should be preserved in exactly the same condition as it was found. So suppose an officer (say Mr. Goon) finds a mobile on the scene of a crime. What does he do with it (apart from trying to keep the fingerprints intact… think of technology situations)? Does he switch it off or does he leave it on? If he leaves it on there might be a string of incoming messages which might overwrite existing data on the mobile. If I switch it off… well for all I know when I turn that thing back on.. it might ask for a password. These are a couple of examples, however the thing is you can not switch it off because you are changing the state of the device, which goes against the law of Forensics. And you can not leave it on cause not only can new data overwrite data but also the device being on network is open to intrusion of different types.

One of the solutions is that you put the mobile in specially built bags which block signals, thus taking the device off the network. The issues with this approach are multifold. One these bags are very expensive. So if you are a small time Inspector in India, you can not afford to have one of these bags. Two these bags do not work for the better part (irrespective of how costly the bag is). Technology like jamming is unfortunately banned in many countries (including the United States). Even if you somehow block the signal (assuming the bag works). The problem is that the device will keep on trying to find a network which is a very energy intensive task. So basically your battery runs out and you have a dead device on you. And you thought this would be simple… welcome to wonderland…

P.S. look at the pic below and if u like it search for ” A SOFTER WORLD”…

No… this is not about what Robin Williams calls the ‘Central Intuitive Agency‘ . This is about the three basics of Information Security – Confidentiality, Integrity and Availablilty. Confidentiality refers to the information being secret, being accessible only to a few chosen ones. Some people take this further and rather than the just the information being secret even the existence of information is kept secret. This is called Stegnography. Integrity is the assurance that the information available is correct. Sometimes people might strengthen this property and demand that the origin of information is also correct this is called authentication. Integrity assurance itself has two types of mechanisms. The first weaker kind just ensures that if the information is tampered with, this tampering comes to light. The second stronger kind does not allow tampering at all. Finally we come to availability. This particular property has relatively been a new design requirement. Denial of service attacks some famous ones like the syn flood attack have made this very very important. Any information that is not available is as good as no information.

Now once we are done with the security requirements we need to sort out the kind of threats or attacks we are faced with. Shirey divides them into four broad classes:
Diclosure – Unauthorized Access
Deception – Falsifying Data
Disruption – Abortion, interruption or prevention of a process or operation
Usurpation – Unathorized control of system resource

This is really basic stuff… yes… but it is good to begin at the begining.

I enter the blogging world with two of the most cliche words of the Information Technology world. This place I hope shall become a outlet (I hope) of my endeavors in the world on Information Security (of course once in a while there might be posts of my mundane existence). I will ponder on Security Protocols, Cryptography, Computer Forensics, Mobile Forensics, Network Security… blah… you get the idea… while I am by no means an expert in these fields, I would like to become one… if you find my observations or statements to be inaccurate at all please do correct me.