A new law in Georgia on private investigators now extends to computer forensics and computer incident response, meaning that forensics experts who testify in court without a PI license may be committing a felony.

Coverage at Security Focus.

Forensic felonies

dc0de wrote:

For those of you who care about Computer Forensics, please see the current situation in Georgia.

There is a bill before the GA Legislature -- HB 1259

If passed, it will make it a Felony to perform and testify in a State Court about any computer forensics performed, unless you are a licensed Private Investigator.

Here is some more discussion of the issue. Here is the actual text of the legislation. The Atlanta High Technology Crime Investigation Association is holding a meeting on this subject on May 8th. Calvin Hill, Representative who sponsored the bill, and John Villanes, Chairman, Georgia Board of Private Detectives will be at the meeting.

Georgia Law to put Computer Forensics experts in Jail -- HB 1259

Brokers that disclose bugs to their selected list of subscribers are necessarily withholding important information from the rest of the public. Brokers may eventually issue public advisories, but in the meantime, only the vendor and subscribers know about the problem.

An interesting discussion of bug brokers.

Wired News: Bug Bounties Exterminate Holes

In January, a vulnerability in WMF surfaced that let attackers use the Windows' graphics rendering engine that handles WMF images to launch malicious code on users' computers via these images. A number of security researchers posted information about the vulnerability to their mailing lists. Within a few hours, researcher H.D. Moore posted a working example of a WMF exploit--a piece of code written to take advantage of a software flaw--on his Metasploit Web site. Some defended the action, saying it offered insight into the rules security pros needed to put on intrusion-detection systems to avoid getting hit. Others argued that what Moore did enabled the average hacker to more easily exploit the flaw.

Information Week published a long, sensational, and patently dishonest article on security research today. This text makes it seem as if malware authors used the information H.D. Moore published. The fact is that this vulnerability was being exploited by criminal organizations in the wild before anyone in the security research community knew about it. The article fails to make this fact clear because it doesn't fit into the narrative that the reporter is aiming for and undermines the questions the reporter is raising. Would any major news media organization be interesting in a peice that discusses whether intentially dishonest reporting is good or bad for society?

InformationWeek | Security | The Fear Industry | April 17, 2006

Fine example of a WW II Enigma cipher machine in a very good condition and a great history; full functional.

Holy fuck!

eBay: Enigma 3 Walzen Chiffriermaschine Chiper Weltkrieg 1941

AOL claims that mail from non-spammers will continue to be delivered. But that inherently contradicts its other statements, for a simple reason: If mail from non-spammers can get through, then who is going to pay for Goodmail?

AOL, Yahoo, and Hotmail do a real good job of flagging bulk or commercial email as spam, regardless of whether or not its unsolicited and apparently without regard to things like SPF compliance. If you have a financial interest in having that email not get flagged as spam, you'll pay. If you don't have the means to pay, you're fucked.

Peacefire Joins Open Letter Slamming AOL “E-Mail Tax” (Internet)

The prankster decides to unwittingly enlist his cat in the fun. The cat has a subdermal pet ID tag, which the attacker rewrites with a virus using commercially available equipment. He then goes to a veterinarian (or the ASPCA), claims it is stray cat and asks for a cat scan. Bingo! The database is infected. Since the vet (or ASPCA) uses this database when creating tags for newly-tagged animals, these new tags can also be infected. When they are later scanned for whatever reason, that database is infected, and so on. Unlike a biological virus, which jumps from animal to animal, an RFID virus spread this way jumps from animal to database to animal.

I ignored this article this morning but its actually pretty cool. SQL injection, CSS, and buffer overflows from data stored in RFIDs is a vector that few people have really looked at. I wonder if the new U.S. Passports are vulnerable?

RFID Viruses: Is your cat infected with a computer virus?

"Whitedust is running a very interesting article with the DEF CON speaker and cryptographer Elonka Dunin. The article covers her career and specifically her involvement with the CIA and other US Military agencies."

Slashdot | Interview With Cryptographer Elonka Dunin

Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning.

hehehe.... The problem with a lot of automated tools that try to respond to attacks is that an attack can trigger them intentionally. Dropping in a firewall rule to block anyone who port scans you? Why don't I spoof a port scan from your favorite website? Even worse is the idea of automatically retaliating. Retaliating security software is Texan for distributed denial of service zombie.

Leveraging automated attack response

Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

Wardriving is the new pop.