Fortress Firefox II

The browser is the most used outward facing software you will use. It interacts with suspect web sites and other internet sites. Firefox is still my first choice for security and plug-ins, even though Chrome offers a speed advantage that adds-up over the course of many hours of research, while this little problem makes me avoid MS Internet Explorer: Microsoft warns of critical IE9, IE10 zero-day-Just visit the wrong web site and get remote-code execution.

No matter which browser you use, it will require proper configuration. No browser blocks JavaScript and all third-party cookies by default. These are my first security concerns.

In Firefox, go to Tools>Add-ons>Plugins and set the Java Script and Toolkit to Ask to Activate. I also set all the other plugins to Ask to Activate as well. This prevents a plugin from activating at the wrong time and thereby sending out data to the site that caused it to activate. A malicious site may activate a plugin to have it to transmit data that can be used to thwart your investigation.

Third party cookies compile a long-term record of your browsing history. This is dangerous as it can reveal what you are investigating. In Options>Privacy>History select Never for third party cookies. In my sandbox, I have several versions of the browser with different settings. For example, I prefer to never accept cookies of any kind, but some sites need them to function so I have a version with normal cookies enabled.

Exif Viewers

In a past article, I explained Exchangeable Image File or Exif data and pointed you to www.regex.info, an easy to use exif viewer with a geo-locator. The regex.info Exif viewer allows you to enter the image URL or to upload an image for analysis. It doesn’t require JavaScript and it doesn’t have any widgets.

Another easy to use online exif viewer may be found at www.fotoforensics.com, but you must enable JavaScript to use it. You can use the URL of the picture instead of uploading the image.

The online exif viewer at www.gbimg.org has a lot of widgets on it.

My last discovery was the Exif site at http://www.findpicturelocation.com. Just upload the picture and it will show the location where it was taken. It only works with .jpg or .tif files. You must upload the image to the site, so who knows where it might end-up. This uses the Google API for the mapping. Not all pictures have the GPS coordinates in them.

Financial Incentives for False Crime Lab Test Results

A recent analysis published in the Criminal Justice Ethics academic journal suggests when technicians perform forensic analysis of blood and other evidence for cases such as drunk driving, the results can be influenced by built-in financial incentives to produce a conviction. If false conviction rates are very low, a 3 percent error rate could put 33,000 innocent individuals behind bars (in the U.S.) every year.

The primary problem, according to the paper, is that fourteen states reward crime labs with a bonus for each conviction they generate. When there is a reward for a guilty result, a lab technician will not double-check test results that are in the guilty range, though he would be more likely to double-check results that show innocence.

For example, in 2009, a crime lab in Colorado Springs, Colorado was caught certifying at least 82 DUI blood tests with falsely high readings. A whistleblower in Washington, DC revealed in 2010 that the city had been using faulty breathalyzer machines for more than a decade.

View the full text at http://www.tandfonline.com/doi/full/10.1080/0731129X.2013.817070

New Standard for Privacy on Ontario Work Computers

I think R V. Cole, 2011 ONCA 218 will become the leading case on an employee’s expectation of privacy on a work-provided computer. This appeal was a partial victory to a Sudbury high school teacher charged with possession of child pornography. The Ontario Court of Appeal ruled that police violated his Charter rights when they searched his laptop without a warrant.

A search of Cole’s computer by the high school’s IT staff found sexually explicit photos of a Grade 10 student that he acquired from the student’s email account. The laptop was then turned over to the police and searched without a warrant. The proceeds of the police search were excluded while the IT technician’s search was proper as it was for the purposes of maintaining the school board’s network and the laptop.

Justice Karakatsanis wrote for the Ontario Court of Appeal which found the employee had a reasonable expectation of privacy in the contents of his laptop based on the following factors:

  • he had exclusive possession of the laptop;
  • he had permission to use it for personal use;
  • he had permission to take it home on evenings, weekends and summer vacation;
  • there was no evidence the board actively monitored teachers’ use of laptops;
  • the school board had no clear and unambiguous policy to monitor, search, or police the teacher’s use of his laptop.

This seems consistent with the prevailing case law regarding the recognition of an employer’s right to govern the use of their systems through policy, but it also recognises the rising privacy expectations of employees in the personal use of an employer’s system.

Erase Data with a Hammer

Flash-based solid-state drives nearly impossible to erase

Researchers from the University of California at San Diego delivered a paper at the FAST-11 Conference in San Jose, Calif., last week that shows it’s almost impossible to reliably erase data from a solid state drive.

The report, Reliably Erasing Data from Flash-Based Solid State Drives (PDF), goes through all of the known techniques for erasing data and they found the best method was a big hammer.