Tuesday, March 11, 2014

Recovering Luddite?

Growing up Mennonite in Lancaster County with no computer, and no television, only to become a Digital Forensic Analyst and Incident Response Specialist living in New York City, has been quite a journey. My friends tell me the uniqueness of my life requires a blog, but I tell them, I haven't changed much, really.

Personal blog, nothing on here represents my employer.

Some Links I Follow

Update: I had a request to update my lists below to include links to malware sample repositories.  Just a word of caution to be very careful with any of the links in red.  I also think that one of Lenny Zelter's pages about malware research samples says it all, and would advise reading his page before using any of the links in red.  I have also added a few more sites to the list, and can continue to do that as I come across additional pages.  Lastly, the OPML file has also been updated, but doesn't include many of the malware sample sites because most of them didn't seem to offer a feed option.

I've been meaning to share the list of links that I follow for a while now.  Below is a link to a spreadsheet that I created which lists separately the HTML URL's from the RSS URL's for sites which I follow.  I also added a link to my Feedly OPML dump.  I figured it would be a nice update to the blog since I don't have very much time to post these days.  Feel free to download and import into your readers, bookmarks, etc.  I have quite a few more that I didn't add because they were links to online sandboxes and/or malware repositories, so they really weren't RSS type links, and I also was a little hesitant about posting links to malware.  I think for the most part the list has been de-duped, so if it looks like there are doubles, you might find that a site simply has more than one feed that it offers, but send me a heads-up if you believe otherwise.  Also, if you would like the full list, contact me and I can send it out or post it.  Enjoy!

XLSX:
https://docs.google.com/spreadsheet/ccc?key=0AkCinYp-Pe4-dE9QcUNzdVlyN1ZKWHZfenBXTjRpWEE&usp=sharing

Feedly OPML:
https://drive.google.com/file/d/0B0CinYp-Pe4-ZFJHZElvb2NuLVE/edit?usp=sharing

Friday, February 28, 2014

Vehicle Cyber Security and Forensics

Update:  Today I had the wonderful pleasure of presenting to some of New York's Finest - the International Association of Financial Crimes Investigators, hosted by the United States Postal Inspection Service.  I updated the slide-deck, and replaced the older one with today's version.  I've also added a few new reference links below.  And a huge shout-out to the gentleman in the audience who enlightened me about RFID tags embedded in tires. Enjoy!

Yesterday I had the great privilege of representing the company I work for, AccessData, and presenting on the topic of “Vehicle Cyber Security and Forensics” to an esteemed audience at the New York-New Jersey Electronic Crimes Task Force.  Afterward, I received some requests to share-out the presentation, which was in fact, the impetus behind my speaking – to contribute to the community.  I double-checked with my employer, and was given a green-light to post our slide deck.  I say “our” because as I mentioned during my talk, the deck would not have been possible without a large contribution from Gloria D’Anna (our partner at Tri-Kar), and Ben LeMere (our partner at Berla Corp).

Also of interest  to the group, may be this breaking news story involving thieves breaking into cars using a mysterious electronic device, sent to me from Sergeant Christopher Then of the Morris County Prosecutor's High Tech Crime Unit, thank you Sir!

My presentation was what I call a bit of a “CliffsNotes” version of what’s been happening in the past 1-2 years with regards to vehicle cyber security and forensics.  The supporting articles are quite numerous, so I have categorized them below, along with their corresponding links.  Additionally, I played three short video snippets during the presentation; they too are listed below with their links.

If you download the PowerPoint deck, I would advise that you view the deck with the “Notes” section turned on, those were my talking points, and otherwise the slides themselves might not make a ton of sense.  I purposely create my presentations that way, so as not to cause anyone “Death By PowerPoint!”  My thinking is that the fewer slides that contain nothing but bullet-points, the better.

Lastly I should add, that below are a ton of links which take you to other Web sites of which I do not necessarily share the same opinion, nor am I responsible for their content.  I believe all of the links below to be clean, but click at your own risk.  Also, you might find that the “Comments” section of the articles add even more information to the topic, albeit keeping in mind their source might not have been vetted.


Video Links:

  • DefCon Forbes Interview:
http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video

Video Only:
http://www.youtube.com/watch?v=oqe6S6m73Zw&list=PLpndQ-APwbNW0iOqmP6EK8OOw2XCaJcTS&index=6

  • Lock and Unlock Remote Hack:
http://www.youtube.com/watch?v=bNDv00SGb6w
  • Senator Markey News Item:
http://www.dailymotion.com/video/x1802gt_ed-markey-write-letter-to-auto-makers-demanding-answers-on-car-hacking-threats_tech

DefCon Research Related Articles:

Opens to PDF:  http://illmatics.com/car_hacking.pdf

http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video

http://www.pcworld.com/article/2045895/researchers-reveal-methods-behind-car-hack-at-defcon.html

http://www.afterdawn.com/news/article.cfm/2013/07/28/white_hat_hackers_to_release_software_used_to_crack_critical_car_systems_at_def_con

http://www.caranddriver.com/features/can-your-car-be-hacked-feature

http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to

http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-at-defcon

http://www.computerworld.com/s/article/9241352/Researchers_reveal_methods_behind_car_hack_at_Defcon

http://www.sciencefriday.com/segment/08/02/2013/hacking-under-the-hood-and-into-your-car.html

http://www.motoring.com.au/news/2013/hacker-safety-risk-for-new-cars-37930

Opens to PPTX:  http://www.canbushack.com/defcon19/workshop.pptx

http://vehicle-reverse-engineering.wikia.com/wiki/Vehicle_Reverse_Engineering_Wiki

https://autos.aol.com/article/hackers-def-con-cyber-security-ford-toyota

http://www.carknow.me

WiFi Research Related Articles:

http://www.dfinews.com/news/2013/10/israeli-tunnel-hit-cyber-attack

http://blogs.discovermagazine.com/d-brief/2013/07/30/networked-cars-and-their-hacks-are-right-around-the-corner

http://www.its.dot.gov/research/v2v.htm

http://www.its.dot.gov/research/v2i.htm

http://www.networkworld.com/research/2012/080612-car-hacking-bluetooth-and-other-security-261422.html

Police Cruiser Pen-Test:

Opens to PDF:  http://www.digitalmunition.com/OwningCopCar.pdf

http://www.theregister.co.uk/2011/05/03/cop_car_hacking

WebTech Plus Wireless Repo:

http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars

http://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issues

On-Board Intelligence Systems and GPS:

Opens to PDF:  http://www.berla.co/downloads/ive_datasheet.pdf

http://www.dfinews.com/articles/2011/04/enhancing-investigations-gps-evidence

http://gizmodo.com/5540029/no-kidding-onstar-cars-can-be-hacked-remotely-controlled

http://hackaday.com/2013/10/21/can-hacking-introductions

http://hackaday.com/2013/10/22/can-hacking-the-in-vehicle-network

http://hackaday.com/2013/10/29/can-hacking-protocols
 

http://hackaday.com/2013/11/05/can-hacking-the-hardware

http://hackaday.com/2009/12/26/hacking-the-onstar-gps-v2

http://hackaday.com/2005/03/29/gm-onstar-hacking

https://sites.google.com/site/radioetcetera/home/onstar-gps

Apps:

http://www.caranddriver.com/news/ford-introduces-next-gen-connectivity-suite-called-myford-should-be-awesome-car-news

http://blog.caranddriver.com/toyota-entune-infotainment-system-to-challenge-fords-sync

http://news.cnet.com/8301-13772_3-20104962-52/ford-unveils-openxc-invites-open-source-applications

http://gigaom.com/2013/01/10/forget-apps-fords-openxc-project-will-produce-open-source-car-hardware

Naval Jet Pen-Test:

http://www.businessinsider.com/naval-hackers-broke-into-the-f-35-logistics-system-exposing-more-huge-weaknesses-2012-11

http://www.dailykos.com/story/2012/11/16/1162245/-The-F-35-Fighter-an-example-of-failure

Cisco:

http://www.scribd.com/doc/153781644/Fedex

http://gigaom.com/2013/08/06/ciscos-remedy-for-connected-car-security-treat-the-car-like-an-enterprise

Driverless Safety and Vehicles:

http://www.forbes.com/sites/joannmuller/2013/03/21/no-hands-no-feet-my-unnerving-ride-in-googles-driverless-car

http://www.itsinternational.com/sections/nafta/features/city-safety-reduces-low-speed-accidents-on-volvos-xc60-and-s60

http://www.scmagazine.com/google-joins-with-automakers-to-put-android-connected-cars-on-road/article/328124

Opens to PDF:  http://www-nrd.nhtsa.dot.gov/pdf/esv/esv21/09-0371.pdf

http://www.techhive.com/article/2043878/driverless-cars-yield-to-reality-its-a-long-road-ahead.html

http://www.techhive.com/article/2010645/self-driving-cars-could-bring-a-new-world-of-hacking.html

http://online.wsj.com/article/SB10001424127887323407104579038832031956964.html

Lock and Unlock Remotely:

http://www.carscoops.com/2011/08/hacking-your-car-through-your-smart.html

http://www.networkworld.com/news/2011/072711-war-texting-lets-hackers-unlock.html

http://usatoday30.usatoday.com/tech/news/story/2011/08/Cars-vulnerable-to-theft-by-hacking/50057610/1

Opens to PDF:  https://www.usenix.org/sites/default/files/conference/protected-files/verdult_sec13_slides.pdf

https://www.usenix.org/conference/usenixsecurity13/dismantling-megamos-crypto-wirelessly-lockpicking-vehicle-immobilizer

http://www.washingtonpost.com/world/armored-suv-could-not-protect-us-agents-in-mexico/2012/02/13/gIQACv1KFR_story.html

ODB-II Consumer Products:

http://www.popularmechanics.com/cars/how-to/repair/every-car-can-be-connected-to-the-cloud-15657579

http://www.wired.com/autopia/2013/03/automatic-car

https://buy.garmin.com/en-US/US/prod38354.html


http://cannonfire.blogspot.com/2012/04/why-is-progressive-insurance-lying.html

University of California, San Diego Researchers:

Opens to PDF:  http://www.autosec.org/pubs/cars-usenixsec2011.pdf

http://www.nytimes.com/2011/03/10/business/10hack.html

Opens to PDF:  http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf

Opens to PDF:  http://www.autosec.org/pubs/cars-oakland2010.pdf

http://www.just-auto.com/interview/car-infotainment-hacking_id141351.aspx

http://www.informationweek.com/security/vulnerabilities/your-cars-next-enemy-malware/231600981

http://www.bbc.com/autos/story/20130621-car-hacking-gets-real

http://www.techhive.com/article/196293/car_hackers_can_kill_brakes_engine_and_more.html

http://gizmodo.com/5781966/now-cars-are-vulnerable-to-malware

http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car

http://blog.malwarebytes.org/whats-in-the-news/2013/07/hacking-cars-subverting-onboard-computers-in-modern-vehicles

Opens to PDF:  http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf

Opens to PDF:  http://www.ethernettechnologyday.com/downloads/archive/3rd/13_Wolf_Escrypt_Security.pdf

Black Boxes and Senator Markey:

http://www.nytimes.com/2013/07/22/business/black-boxes-in-cars-a-question-of-privacy.html

http://www.forbes.com/sites/kashmirhill/2011/02/09/mans-suv-shouldnt-have-been-able-to-testify-against-him

http://www.reuters.com/article/2013/12/03/us-hacking-cars-markey-idUSBRE9B213620131203

http://www.forbes.com/sites/kashmirhill/2012/04/19/hate-to-break-it-to-you-but-your-car-likely-has-a-black-box-spying-on-you-already

http://www.forbes.com/sites/andygreenberg/2013/12/04/heres-the-letter-a-senator-sent-to-20-auto-makers-demanding-answers-on-car-hacking-threats

AutoDownload Markey Full Letter: http://www.scribd.com/document_downloads/189258686?extension=pdf&from=embed&source=embed

https://www.schneier.com/blog/archives/2013/02/automobile_data.html

http://mfes.com/cdr.html

http://nakedsecurity.sophos.com/2013/12/04/car-manufacturers-quizzed-over-their-anti-hacking-measures

http://www.forbes.com/sites/kashmirhill/2013/02/19/the-big-privacy-takeaway-from-tesla-vs-the-new-york-times

http://money.cnn.com/2013/02/15/autos/tesla-model-s

Thursday, December 19, 2013

Requested for my 2014 training allowance. Thought I knew it fairly well, but the more I use it, the more I realize I can go way deeper!

Tuesday, November 26, 2013

Great lunch w/  from  - if you've got data/media you want destroyed securely, he's your guy!

Tuesday, October 29, 2013

Happy Halloween?

Either my next-door neighbors are really getting into the spirit of Halloween, or it's !

Wednesday, January 26, 2011

Batch ip Look-Up Tool (Automated)

I first met Garth Bruen over a year ago after hearing him speak at a security conference. His company KnujOn has pioneered some interesting methods for fighting illegal online activity.

Recently tasked with culling an investigative report involving several thousand ip addresses (after de-duping), I Reached-out to Garth to ask him if he was aware of any automated ip look-up tools. I had found a few ip look-up Web sites that spit back all the information I needed for my report
(http://ip-adress.com/ip_tracer and http://whatismyipaddress.com/ for example), however my report was quite detailed, and the look-up sites placed limits on their number of daily inquiries as well as the type of data one could extract from those queries.

Turns out, Garth and team had run into a similar issue a few years ago, so they decided to write their own tool to perform the aforementioned types of extractions. KnujOn charges a reasonable fee to perform batch ip look-ups and extractions, but I am confident you won't be disappointed with what you get for the price.