Some Notes Indicating That We Are, Fiscally, In The Best Of Hands

Heartland From A Security Perspective

There’s some interesting stuff out regarding the Heartland Institute document dump.  Megan McArdle has a detailed analysis of one fake (obviously fake) document, but I want to emphasize something she kind of downplays:  the security and forensic aspect here.

The original breach was a classic social engineering maneuver:  convince the person on the other end that you’re someone else, and gain access or information that you otherwise would not be privileged to have.  The general answer to this particular type of attack is to have a level of confirmation involved.  In a small enough organization, you have the “everyone knows everybody else” advantage, but in a larger and potentially more disparate organization—particularly, an organization with board members who are not day-to-day participants in regular activities—you need something else.  That something else could be a key phrase, an identification number, driver’s license, or some other form of positive identification.  People can still get around this (for example, by pretending to be Heartland and extracting the passphrase or identification number from a board member, or making a false license), but the level of difficulty is a bit higher.

Finding out about the phony document took a bit of forensic investigation.  McArdle did her own sleuthing, which provided rather strong circumstantial evidence in favor of the hypothesis that one particular document was a fake.  Combine that with reading PDF metadata and you can see that the person who pulled this off was good enough to avoid leaving incriminating metadata, but not good enough to cover all of his tracks.  McArdle ends her second post by thinking about who potentially could be the culprit, given what we know.  She draws a number of quality inferences (being a reporter helps a lot in sleuthing), and other investigators could follow up on these clues to try to get to the bottom of the story.

Incidentally, the next day, Peter Gleick admitted to stealing documents (and thereby fraud).  He denies having created the forged document, however.

The Case Against Santorum (And A Counter-Argument)

Alana Goodman points out Rick Santorum’s nanny statism and wonders where the conservative outrage is.  Allahpundit makes roughly the same point.

This is a pretty good summation of the case against Santorum:  like George W. Bush, he’s a big-government conservative.  I’m not arguing either way here whether he’s more conservative, less conservative, or a better or worse potential candidate than Mitt Romney, but I will say that big government conservatism needs to die.  A multi-trillion dollar deficit and already-invasive regulatory State are too much; bringing in yet another person who wants to expand the reach of Leviathan (but in a somewhat different way than the current President) does not help.

In contrast, Jeff G. over at Protein Wisdom has a solid counter-argument, noting that Santorum had a very high grade from the NTU during his two terms in the Senate.  He also had a lifetime rating of 88.1 with the American Conservative Union.

Computer Forensic Case Studies

Just about a week ago, I finished up a course on computer forensics.  The course itself was interesting and I learned several things, including just how difficult computer forensics can be (particularly when you have to take the stand in a civil or criminal case) and the combination of maddening frustration combined with the intense satisfaction of finding hidden or “lost” information.

As part of the course, we went through a number of case studies using various tools.  I’m listing them here in case anybody else is interested and wants to take a crack at them.

One of the first case studies we did was a live incident response from Real Digital Forensics (a book which I plan on purchasing).  After that, we spent a lot of time on the 2010 CSI Challenge from Long Island University.  This is a rather tricky one, and unfortunately, I wasn’t able to break the case.  I think that if I spent a weekend on it, I’d probably get a little closer, but they did a good job.

Taking a break from the Frodo challenge, we went to the CFReDS Project and performed a Rhino Hunt to get some experience reading packet traces.  It was a relatively easy challenge and it was nice having answers.  I plan on trying out some of the other data sets to improve my skills a bit.  Digital Corpora has a few free scenarios, too, including M57-Jean, which I plan on working through.

On the last day, we spent a lot of time on the CHFI Al-Queda Challenge.  There were a few things that I was unable to complete in time—such as cracking the stego password used on images or a text file—but I did crack most of that case in time.

All of these case studies were interesting and informative, showing me that I’ve got a lot to learn yet…