Re: Researchers: Forensics Software Can Be Hacked

[Jordan Wiens <numatrix () ufl edu>]

On Jul 26, 2007, at 8:50 PM, Don Blumenthal wrote:

> On 7/26/07, Jordan Wiens <numatrix () ufl edu> wrote:
> > It's worth noting that the metasploit antiforensics stuff is
> > different than the research discussed in the article.
> >
> > The new stuff is actually exploiting the code in the forensics
> > software directly, not just mangling the data to make it hard to
> > analyze forensically.  The best part of that is the chance for code
> > to jump out of a drive being imaged and onto the analysis workstation
> > itself.  Fun stuff.
>
> FWIW, Guidance Software posted a reply to the ComputerWorld/IDG
> article on SecurityFocus this afternoon.
>
> www.securityfocus.com/archive/1/474727/30/0/threaded.
>
> There's already one hostile response.

That is the most disparaging description of fuzzing I've /ever/ heard:

"As a result of this extensive testing regimen, they were able to  
identify six test scenarios, out of ?tens of thousands? of test  
scenarios run, that apparently revealed minor bugs"

Umm, yeah, that's what fuzzing is.  Lots and lots of failures with a  
few successes.  ;-)

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.