[SecurityRatty] tag: boot-time

Quick Notes On Getting Bart's PE/Ultimate Boot CD For Windows To Boot From A Thumb Drive

Wed, 03 Sep 2008 17:07:07 +0000

Just what the title says, it's just a lot easier to carry around a UFD on you keychain than it is a CD. I use mine for password resets, removing spyware and other odds and ends.

Also, on other security topics check out my buddy Lee's page on hacking apps for the iPhone / iPod Touch.

Quick Notes On Getting Bart's PE/Ultimate Boot CD For Windows To Boot From A Thumb Drive

Wed, 03 Sep 2008 17:07:07 +0000

Just what the title says, it's just a lot easier to carry around a UFD on you keychain than it is a CD. I use mine for password resets, removing spyware and other odds and ends.

Also, on other security topics check out my buddy Lee's page on hacking apps for the iPhone / iPod Touch.

MadMACs Ver. 1.2: Update to my MAC address and host name changer / randomizer / spoofer

Wed, 06 Aug 2008 20:13:25 +0000

Qwasty let me know that if host name randomization is used with MacMACs, and the host name is over 15 characters (or has certain bad illegal characters) it can cause all sorts of lsass.exe errors on boot up. To fix this, I've updated the code to do some sanity checks on the possible hostnames given to it in dic.txt. Hopefully this fixes the problem. I also compiled it with the newer Autoit3 v3.2.12.1.

Damage control rule # 1, shift the blame.

Mon, 28 Jul 2008 11:29:19 +0000

Wow, they must have taken classes from our Government.

clipped from vista.blorge.com

Microsoft blaming PC manufactures & their added software for Vista misconception

clipped from vista.blorge.com

In the minds of Microsoft execs, the problem lies with the fact that Vista is deployed on such a wide variety of PC builds, from a variety of manufacturers.? A configuration from one brand might yield completely different results then that of another.? For example, you can take the same laptop and pre-configure it one way and you get almost instantaneous boot-times, and fantastic battery life. If you pre-configure it with software in another way you get long boots, and much less battery life.? Microsoft, as part of their restructuring plan, plans to educated its OEM providers on these subjects to try an curb any negative compatibility issues at the source.

For your hacking pleasure - Cold Boot utilities released!

Wed, 23 Jul 2008 09:32:00 +0000

Interesting news over the weekend. Looks like one of the original researchers from the Princeton Cold Boot attack work, Jacob Applebaum, published all the utilities they used to break full disk encryption products.

We, at BitArmor, have talked a bit about cold boot and how we protect against it. Our CEO Patrick and a few of our senior engineers will be presenting at Black Hat on techniques to prevent this attack - check out his perspective as well from his Princeton days.

Google relents, adds privacy link to spartan homepage

Tue, 08 Jul 2008 23:10:06 +0000

Google has agreed to add a "privacy" link to its famously pure home page, but on the condition that the total word count remains the same. What gets the boot?...

2% of all laptops sold every year are stolen from airports?

Tue, 01 Jul 2008 12:58:00 +0000

Interesting analogy from NetworkWorld on rising rates of laptop loss, but it works! Apparently laptop loss is giving IHOP a run for its money. From the article...

"Some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey."

Over 630K laptops lost each year just within airports! From IDC's Quarterly PC tracker (Dec 2007) we see that over 31M laptops were projected to be sold in 2007. This means that over 2% of all laptops sold in the US were lost or stolen from airports!

Hard to believe. Am I exaggerating or is this for real? Makes me think about how cold boot can be a weapon of choice for criminals to gain access to sensitive data.

Canadian farmer personal information on stolen CCGA laptop

Sun, 08 Jun 2008 15:32:52 +0000

Technorati Tag: Security Breach

Date Reported:
6/4/08

Organization:
Government of Canada

Contractor/Consultant/Branch:
Canadian Canola Growers Association (CCGA)

Victims:
Farmers

Number Affected:
~32,000

Types of Data:
"social insurance numbers, bank account numbers and other data"

Breach Description:
"OTTAWA, June 5 (UPI) -- Prairie farmers in Canada are upset the federal government waited two months to tell them a laptop computer containing their personal data was missing."

Reference URL:
Winnipeg Free Press
CBC News
United Press International

Report Credit:
Lindsay Wiebe, Winnipeg Free Press

Response:
From the online sources cited above:

About 32,000 Canadian farmers are on the alert after learning a laptop containing their financial information has been stolen.

The laptop was stolen when a programmer working for the Canadian Canola Growers Association took the machine off-site for routine maintenance.
[Evan] No offense to programmers, but in my experience the ways they use information can be some of the most dangerous threats to information security. There is no reason for a programmer to EVER have access to confidential production information. Programmers should only be permitted to work with scrubbed information in a test and/or development environment.

CCGA general manager Rick White described the theft as a classic "smash and grab."
[Evan] Also classic as in another organization that either does not know how or is unwilling to properly secure confidential information.

The laptop has the bank account numbers and social insurance numbers of farmers who applied for Agriculture Canada's advance payments program, which is administered by the CCGA on behalf of the federal government.

Although the theft happened March 30, Canadians weren't sent letters until last week informing them

The federal department has sent letters out to all farmers affected by the theft.

The letter said the laptop was stolen from an undisclosed, remote location in Manitoba.

"We treat this very seriously," White said. "This is an unfortunate incident, a very low-risk one."
[Evan] Mr. White is probably not well versed in risk analysis. Or incident response for that matter.

the strict security measures being used on the laptop reduce the chances of information being misused, White said.
[Evan] Like what?

"There was a very strong password protection on it, [and] there was a biometric fingerprint reader on it," he said. "That would prohibit anyone other than the user or the person with the password to access the data on the laptop."
[Evan] These are "strict security measures"? My emphatic answer is NO! These "strict security measures" are easily bypassed.

but the data was not encrypted
[Evan] The missing piece of the puzzle. Why go through all of the (self-proclaimed) "strict security measures" and not employ encryption. What you get with full-disk encryption is pre-boot authentication and this defeats the boot to CD attack.

Agriculture Canada spokesman Sean Malone said there were security features on the laptop, but a sophisticated hacker could likely bypass them.
[Evan] No sophistication required. A novice could figure it out with Google, a CD, and 15 minutes.

So far, there have been no reports of identity theft among the farmers, the report said.

Pitblado LLP privacy lawyer Brian Bowman said the CCGA and agriculture department deserve credit for notifying people of the breach -- a move not required by Manitoba law.
[Evan] Just because CCGA is not required by law, doesn't mean that they deserve any credit for notification. The information belongs to the victims not CCGA, and as owners of the information don't you think they should be informed of an incident that has the potential affect them personally?

Victim Reaction:
"If they're devilish enough to steal a computer, maybe they're devilish enough to do something with the information,"

"What frustrates me is that they've treated this like it's no skin off their back,"

"They've known this since then and they're only getting the letters out now?"

"I don't want to find out a mortgage has been taken out on our farm."

Commentary:
It is bad enough for an organization to lose confidential information on a poorly protected laptop, but what makes this more troubling is the apparent fact that they still view the practice that led to the breach as a low risk. Clueless and sad.

Past Breaches:
Government of Canada:
December, 2007 - Passport Canada web site suffers serious breach
November, 2007 - Service Canada stolen laptop affects more than 1,600

Offtopic: 0xe0030005

Thu, 29 May 2008 18:09:00 +0000

Question: What is the sound of a disk drive crashing?
Answer: Not much.

Question: What does it do?
Answer: It spits out "disk0s2: 0xe0030005 (UNDEFINED) and then it just locks up and won't boot.

Question: When/Why does it do this?
Answer: If its a Macbook whose hard drive just went bad.

Delightfully Apple's Disk Utility still shows the drive as good, as does the S.M.A.R.T. monitoring.

Alas - off to the store for a replacement drive.

Ok, I can't let this post go by without making some sort of web security note....

The above "dialog" would have been much better if your browser supported the draft HTML5 spec. Then I'd have been able to use the

10 Ways To Cheat At Being An IT Security Professional.

Sun, 18 May 2008 18:36:01 +0000

photo credit: нσвσ

Be A Security Cool Cat: Place penguin stickers on every surface in your cubicle. Stick at least 3 on the dual boot company issued laptop (that hasn’t had a kernel upgrade in 6 months). Use BlackHat stickers for bonus points.
Be An Undercover Open Source Evangelist: Unfailingly, recommend open source solutions as more secure. Be sure to quote ‘more eyes, less vulnerabilities’. Recite frequently . Always forward security advisories about commercial products to your boss.
Walk the Tech Talk: Learn at Least 10 Bash Keyboard Shortcuts. Treat this as a party trick. Perform rapidly in sequence whenever anyone watches your screen. Giggle and pass the keyboard over and say ‘Your turn!’.
Be All Knowing, Jedi Warrior!: Say ‘Trust but verify’ whenever you are asked a question you do not understand. Make it clear in meetings that you trust no-one and “verify” solely through a Google/Secunia search.
Impress with a Penetration Test!: Download Metasploit, spend 7 hours modifying the web interface: create custom graphics and hack up the CSS files. Start Metasploit running before you leave for the day. Use Camtasia to capture all screen activity so you can review in the morning. If all went well upload to YouTube and link out via facebook.
Practice Defense In Depth’: When you are asked ‘What is the Risk?’, grin inanely and say ‘I’ll tell you after I break out the vulnerability scanners’. Run at least 3 vulnerability scanners to get ‘defense in depth’.
Latest *Is* Greatest!: Clipboard stealing attacks are *always* a bigger issue than the CISCO infrastructure with default passwords (how did they get there?!).
Educate The Great Unwashed with a Deep Dive Security Awareness Program. Educate end-users about Cross Site Scripting and SQL injection attacks. Don’t invite the outsourced developers - they already know this stuff and have deadlines to meet.
Impress Your Peers - Perfect the RFC Shoutout: Pick at least 10 common protocols and learn the associated RFC numbers. Intimidate IT colleagues by shouting out the RFC numbers whenever they mention the protocol.
Start A Security Blog: What Can I Say?