PTK section:

New Articles

2010-07-21 - Robust Process Scanner in PTK Forensics: done!
2010-06-01 - Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference
2010-05-14 - SANS Investigative Forensic Toolkit e PTK Forensics: made simple!
2010-04-26 - DFLabs PTK Forensics new version is available Thru SANS Institute's SIFT Virtual Machine
2010-04-24 - New PTK and IncMan suite Video Available for your demo purposes.
2010-02-20 - New DFLabs YoutTube Channel.
2010-02-04 - PTK Forensics: New Webinar session.
2010-02-01 - PTK Forensics, the new website is online.
2009-11-14 17:31:11 - New PTK roadmap
2009-09-30 14:10:01 - DFLabs is proud to announce that the data carving is available

Validator:

The choice and security of XAMPP or of the PTK functioning LAMP components is demanded exclusively to the user. In any case, the PTK security Webpage includes some indications on how to manage the hardening. Vulnerability advisories (such this ISS X-Force and this CVE-2009-0919) are non-compliant and inaccurate with standards. They refer to possible exposure risks that are not directly leading to the PTK source code and will be duly marked.

DFLabs PTK Forensic vendor statement

Regarding the supposed vulnerability.

The supposed vulnerabilities underlined in the advisory have a very low impact in a real computer forensic environment, as explained in the FAQ file. Furthermore, they are actually not related to "Unauthenticated users" per se. Instead, it is more correct to use the term " a malicious user already connected to the system", since PTK makes an extensive User Auth Check since its beta version. Finally, all those supposed issues are already fixed in PTK Forensic 1.0.5 version, which has been released jan 23 2009.

Basically speaking, the fact that this latest "vulnerability" has been poorly written and researched by the originator, is also confirmed by the very low rate of criticity given by the vulnerability advisory services such as Secunia, which gave a rate of "not critical" to the entire fact.

Security

According to the Best Practices special attention should be paid to the analysis and Digital Evidence activities:
The laboratory has to comply with standards such as:

allowing access only to the authorized personnel
no contact from / to internet
internal network,Gbit preferably

The monthly releases should be monitored and PTK should be always updated in order to make the most of the product's newest features.

PTK was developed so as to secure the sanitization of possible malicious contents inside the evidence to be analyzed.
All sanitization processes comply with the OWASP rules.

We suggest, as an example, a normal exploit executed through XSS Injection and PTK's bahaviour during analysis.

XAMPP SECURITY

In order to implement xampp productively it is advisable to separately configure, after installation, the parameters relative to internal and external security:

The MySQL (root) admin doesn't have a default password. A standard password should be requested in order to access the database.

The MySQL daemon is accessible through network.

ProFTPD uses the default password 'lamp' for the 'nobody' user. Being a standard password it is easy to detect.
PhpMyAdmin is accessible through network.
Examples are accessible through network.
MySQL and Apache run with the same user (nobody)

XAMPP system hardening procedures should be run as follows:

/otp/lampp/lampp security

Here are the most important default files and folders:

/otp/lampp/bin/ : Home of XAMPP commnads
/otp/lampp/htdocs : DocumentRoot
/otp/lampp/etc/httpd.conf: Apache File configuration
/otp/lampp/etc/my.cnf : MySQL File configuration
/otp/lampp/etc/php.ini : PHP File configuration
/otp/lampp/etc/proftpd.conf : ProFTPD File configuration
/otp/lampp/phpmyadmin/config.inc.php : PhpMyAdmin File configuration