Live View

Hello Folks,after some hard working days on Electronic Voting Machines (uVote by CINECA) I want to present one of my best forensic friends: Live View.

Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.

The software is based on 2 simple steps:
1) Configure your program, this means where to carve information (from phisical Disk of from ISO)



2) Run the result into VMWare.



You will run your accused system.

Passions Unforgettable

After a great running on z1000. I wanna lose the control of this picture by publishing it online. I wanna do it, because I wanna see it whenever I want, remembering beautiful days on my Z ! You know.... I gonna leave again to Washington DC. (without her ...)

The italian Answer to Cybersecurity Agency

Hi folks,
today I wanna show you CNAIPIC (Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche): the italian's answer to CyberSecurity Terrorism.



I'm glad that Italy is sensible to these problems, too many times people tends to forget how it's important Computer Security or, let me say "Internet Security". Having some "police experts" who try to investigate online it's a really useful service for each citizen. Actually I've just some doubts (maybe questions) about who will teach the "security police experts" what is Computer Security ?

Yeat another ClickJacking Example

Hi Folks,
hereI've just added a nice ClickJacking example.

The page seems to be a normal HTML page, no Javascript and Flash scripts are embedded, even a smart user may think that everything is legal but an attacker can still steal clicks doing whatever he wants. In other words the attacker tricks the user to clink in something she cannot see by clicking in something she can see. This fraud is possible through three easy steps which every web developer should know. The first one is to load the malicious page on background through an ”iframe” where he sets properly the CSS opacity value at 0. This makes the iframe content invisible. The next step is to create an artificial web page which fits perfectly with the underground one. If the created page doesn’t fit properly on the backgrounded one, the mouse cursor might change going out to the iframe, alerting the user that something wrong is happening. As last step the attacker makes an HTML element that wants to get clicks, putting it on the hidden link and setting the CSS z-index property to be behind the invisible iframe.

(http://deisnet.deis.unibo.it/CJK/)

Say hello to RoboAdmin !

Hi Folks,
today I wanna present one of my research field. His name is RoboAdmin.
We have presented him in same places like for example the International Workshop on Security in Information Systems 2007 and Computer Standards & Interfaces, Elsevier. This october we will be in Network and System Security in Australia, presenting his new architecture (tanks to apache felix project )and new experiment results. I really appreciate your impression about him.

In all of the commonly adopted system administration schemes, a service runs on the target system, either providing a remote view of the locally available administration tools (e.g: remote terminal, remote desktop), or implementing a back-end for the execution of complex commands received through a corresponding front-end (e.g.: web-based administration interfaces).
The service usually exposes a single access point, which is the obvious target of attacks like DoS or brute-force authentication attempts. Limiting the impact of these attacks can be difficult: usually, the more effective any proactive measure gets, the higher the risk of lock-out even for legitimate administrators (and the greater the complexity of the access interface). RoboAdmin aims at solving this problems by reversing the connection giving access to the server. An administration engine replaces the classical service, originating connections to an intermediate system rather than listening for connections. The immediate advantage arising from this design choice is that there is nothing to attack on the remote host.
The intermediate system should act as a meeting place between the system and its administrator. For this reason, the obvious choice is to exploit the widely available instant-messaging systems as the communication infrastructure. A RoboAdmin installation sends one or more agents on predetermined IRC channels (or, in the future, any other platform) where the administrator can meet it, authenticate him/herself, and start interacting as he/she were chatting with the server. Of course there is the need for taking care of many implementation details for making the system really practical and secure: stay tuned for a more comprehensive documentation and to-do list in the near future!

You can download him here, also new sources are available. The following example refers to a two-year old prototype, we actually have no video examples, but we're working on it.



I tend to represent RoboAdmin as human (by using him/her and so on...),btw I know that's wrong....

Andrew S. Tanenbaum on Voting System.

The interesting reading on Voting System written by Tanenbaum is available for free here. He wrote:

Electronic voting has real advantages over paper ballots as long as the focus is on a voting system, not a voting machine.

I think this sentence is really important for who's researching in that field, too many time people focalize the "security properties" on voting devices (aka voting machines) forgetting that having all the part of the system secured doesn't mean having a secure system.

Ontologies Such Important Things !

This morning during one class of mine, I discussed about Software Security. The main topic was Software-Engineering-Security, that is the art of building secure applications. After some hours I understood that students didn't understand what I was talking about. That was shocking. Suddenly I remembered that are available plenty ontology dictionary around the world so I started a little web research on that topic which produced:
1) NRL
2) Security Ontology


I think that these are great results but are they complete ? Can you really map everything is necessary to explain security issues ? For instance a vulnerability is a particular kind of bug, can you explain that using the previous ontologies ?