Firefox Updated to 7.0.1

September 29, 2011

Mozilla has released an updated version, 7.0.1, of its Firefox browser.  The new version fixes an occasional problem with version 7.0, released Tuesday, in which extensions previously installed by the user seemed to disappear.  (Their settings are preserved, and the extensions can be recovered.)  More details on this issue, and on  a recovery work-around for version 7.0, are in the Release Notes and a post on the Add-Ons blog.

You can get the new version via the built-in update mechanism (Help / About Firefox), or you can download versions for all platforms (Mac OS X, Linux, and Windows) from the Firefox download page.

Update Friday, September 30, 22:19 EDT

Mozilla’s E-mail client, Thunderbird, has also been updated to version 7.0.1 to address this same add-on issue.  More information is in the Release Notes.  As with Firefox, you can get the new version using the built-in update mechanism, or you can get the installation package from the download page.

Solid-State Disk Forensics

September 29, 2011

Earlier this year, I wrote about some of the new security issues presented by the increasing use of solid-state disk [SSD] technology.  In particular, some of the methods developed for “sanitizing” conventional disk drives — that is, deleting stored data in a manner that prevents its recovery — do not work reliably or at all for SSD devices.  Some of these devices include a “secure erase” capability, meant to address this issue, but even this is not a truly reliable solution.

The SANS Internet Storm Center has a diary entry, by Daniel Wesemann, revisiting this issue, particularly as it pertains to forensic examinations.  It turns out that the picture is also a bit gloomy from this perspective.   A forensic examiner will often want to get an exact bit-level copy of a storage device, to be used for later analysis.  Unfortunately, some of the “wear leveling” capabilities built into SSDs can autonomously rearrange and re-write data sectors as soon as power is supplied to the device, without any instructions from the host computer.  This can corrupt evidence, and can make the recovery of deleted files nearly impossible.  (Wesemann refers to an excellent paper [PDF] by Graeme Bell and Richard Boddington describing this phenomenon, which they call “self-corrosion”.)

If you use these devices for any system that stores sensitive data, or that may be subject to malicious hacking (thus perhaps requiring forensic analysis), you should tale a bit of time to familiarize yourself with their idiosyncracies.  Especially for portable devices, you should seriously consider using “full disk” encryption; this also addresses other problems, like loss of the device.  Above all, do not  assume that SSDs work just like rotating magnetic disks; they don’t, and those differences can bite you.

%d bloggers like this: