 |
 |
Testing... |
 |
|
|
Main Menu |
|
|
|
Topics |
|
|
|
Voice Over IP |
|
|
|
Last 10 Articles... |
|
|
|
Search this site |
|
|
| |
|
This blog is no longer updated.
Since I own the domain name for a couple more years, and the hosting was paid-in-advance, it's still here. But I've moved on to Hawaii, and no longer have the need to publish all the sorts of neat stuff that made up the contents of this website.
If you've linked to me, you are invited to unlink, as your readers will no longer be presented with new content. Thanks, Steve
This is Topic: Security
Following are the News Items published under this Topic.
|
|
|
Poor Man's BCWipe
|
|
 |
So, you've got some sensitive data on your computer, and you want to get rid of it. Tossing it in the "Recycle Bin" is insufficient - you want it gone.
[Shift]+[RightClick] the file and select delete - it bypasses the recycle bin and it's gone.
Well, sort of. You haven't done anything to actually change the data string (0001 0010 0000 0010 0100 1000 1101) , you've just notified the disk that "Sectors 724-773 are available as free space."
When you deal with sensitive or classified data, there's a whole Mil Spec on how to destroy the remnants of that binary stream. They call it a seven pass overwrite - where all the empty space on the disk is written with all zero's, and then all one's in seven cycles. (The science behind this is fascinating to about three people in the world, and they don't read this, so I'll spare you.)
Several companies offer DoD Spec file shredding programs, disk erasers, pagefile sanitizers, and the like. It is not the intent of this post to endorse any single one of those products, even though the title of this article may appear otherwise.
(We've used "BCWipe" so often and for so long that it's (probably improperly) become a verb - "Yeah, and when you're done BCWiping that box, toss it over there.")
But if you're not going to shell out the thirty or fifty bucks (or however much it costs), but still want to get rid of those sequenced ONEs and ZEROs on your Windows box, here's the cheap way to do it:
C:\>cipher /w:c:\
Naturally, cipher /? will tell you what the heck cipher.exe does: "Displays or alters the encryption of directories [files] on NTFS partitions."
Wha Huh? Read on...
" /W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed."
In essence, forget all of the encryption switches that you can use with cipher.exe - if you just want to remove data from a disk, cipher's the way to go.
Here's why you still need a commercial product: Cipher doesn't sanitize the pagefile, and if you move the pagefile from C:\ to D:\, clean C:\, move it back from D:\, clean D:\, you're going to have problems.
Additionally, cipher does NOT do a seven pass write of the disk as required by the MilSpec. I suppose you could run it seven times, but really, I bet you'd forget around the fifth time or so which pass you were on.
Here's a screenshot of cipher blasting all zero's to my hard drive:
Here's the next step - all one's to the disk:
There's a third pass where it writes random numbers, but I think you get the idea (hint: ..................................)
"Cipher /w" is a good tool if you're not too paranoid (single pass vs. seven pass). Naturally, it works much better if you clean up your windows session first (delete temp files, clear browser cache, toss your cookies (heh), and burn your taxes to CDR).
I highly recommend this tool for use prior to disposing of your hard drives, selling them on eBay, or generally losing physical control of the platform.
It is not, and let me repeat that, not, not, not, not, an approved DoD tool for declassifying data storage devices. (Is that clear?)
|
|
comments? |
Permalink |
Mail this... | Monday, November 07, 2005
|
|
 |
 |
|
 |
|
|
|
Removing Norton AntiVirus Corporate Edition (NAVCE)
|
|
|
To uninstall a managed client that has had the client options locked down, you'll need to delete the following registry key before reinstalling NAVCE, or else the user will still be unable to edit any scanning or configuration options, even in an unmanaged installation.
To allow users to make configuration changes, remove the following registry key:
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6
Usual caveats about editing the registry apply.
|
|
comments? |
Permalink |
Mail this... | Saturday, October 01, 2005
|
|
|
|
|
|
Email classification plugin
|
|
|
|
An Illustrated Guide to IPSEC
|
|
|
Via Steve Friedl's Unixwiz.net Tech Tips - An Illustrated Guide to IPSec.
One of the first things that one notices when trying to set up IPSec is that there are so many knobs and settings: even a pair of entirely standards-conforming implementations sports a bewildering number of ways to impede a successful connection. It's just an astonishingly-complex suite of protocols.
One cause of the complexity is that IPSec provides mechanism, not policy: rather than define such-and-such encryption algorithm or a certain authentication function, it provides a framework that allows an implementation to provide nearly anything that both ends agree upon.
Also, please note that this "is not a deployment guide or best-practices document — we're looking at it strictly at the protocol level on up, rather than from the big picture on down."
|
|
comments? |
Permalink |
Mail this... | Monday, September 12, 2005
|
|
|
|
|
|
Security Flaw in Acrobat Reader.
|
|
|
Saw this on Yahoo!, PCConnect, and a couple other places... From Adobe, Acrobat Reader contains a security flaw that allows hackers access to your box.
Overview: A vulnerability within Adobe Reader has been identified. Under certain circumstances, remote exploitation of a buffer overflow in Adobe Reader could allow an attacker to execute arbitrary code.
Adobe has solutions available that can rectify these issues. Please refer to the "Recommendations" section for further information.
Effect: If exploited, it could allow the execution of arbitrary code under the privileges of the local user. Remote exploitation is possible if the malicious PDF document is sent as an email attachment or if the PDF document is accessed via a web link.
Details: The vulnerability is within the Adobe Reader control. Under special circumstances, if a malicious PDF file is opened using Adobe Reader, a stack buffer overflow could occur resulting in the execution of arbitrary code.
Yeah. If you're running Reader 5.x on a *nix machine. Move along, folks, nothing to see here..
|
|
comments? |
Permalink |
Mail this... | Thursday, July 07, 2005
|
|
|
|
|
|
|
|
|
Twelve minutes to infection?
|
|
|
Have you heard of that security study that says an unprotected workstation connected to the internet gets compromised in 12 minutes?
Uh, no.
Sophos published a press release this week that says:
There is now a 50% chance of being infected by an internet worm in just 12 minutes of being online using an unprotected, unpatched Windows PC.
Still, that's pretty nasty. But you saw it here first - the next time some security bubba says "Twelve Minutes" - slap 'em around with the press release.
|
|
comments? |
Permalink |
Mail this... | Tuesday, July 05, 2005
|
|
|
|
|
|
How much is your password worth?
|
|
|
How about three bucks?Security vendor VeriSign found 66 percent would choose to give up their passwords for a Starbucks coffee, during an informal on-the-street survey conducted Thursday in San Francisco.
...
Those that revealed their password or gave hints received a $3 gift card for Starbucks--the price of a latte.
Am I shocked, shocked at this revelation? No, because (a) you can't trust users, (ever); (b) they make no claims that this is scientific; (c) a hint doesn't mean a whole lot, if you ask the wrong guy (e.g. here's my hint: my password uses extended ascii) and (d) there doesn't appear to have been any verification that the guy on the street actually gave them a real password in exchange for the gift certificate ("Yeah, sure, it's, uh... GoYankees05! - now gimme my free coffee...").
But still, no doubt some of these passwords were valid and some of these users need to be re-educated. Don't complain when you're assigned a 14-character random password that changes every 3 months or so...
|
|
comments? |
Permalink |
Mail this... | Thursday, May 05, 2005
|
|
|
|
|
|
|
|
|
Auditors Find IRS Workers Prone to Hackers
|
|
|
More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.
...
The auditors called 100 IRS employees and managers, portraying themselves as personnel from the information technology help desk trying to correct a network problem. They asked the employees to provide their network logon name and temporarily change their password to one they suggested
Anyone who asks for any password is up to no good. Anyone who asks for your password over the phone is a liar. Anyone who needs to know your password already knows it, can reset it, or can bypass it entirely.
|
|
comments? |
Permalink |
Mail this... | Thursday, March 17, 2005
|
|
|
|
|
|
Browsing the Web and Reading E-mail Safely as an Administrator
|
|
|
You're a top-notch Systems Administrator, with a whole bunch of acronyms after your last name to prove it. You're the king. There's nobody that can run Windows better than you.
You're sure as heck ain't going to log on to your box with some piddly "normal" user account - your SID's *-500! You're the man!
And then you go and browse the web with FullControl of the System32 directory, able to terminate any processes on your box, configuring the Windows Firewall, and adding or removing registry keys.
Well, doesn't that sound just like a recipe for disaster? Do you think that someone might just take advantage of your awesome credentials to install some nasty crap on your box?
I present: DropMyRights [msdn.microsoft.com].
The "right" way to run your system is to run as JoeUser, and then elevate your privileges when you need to. DropMyRights does the opposite - it allows you to run as Admin, and then drops your rights when you're about to engage in potentially hazardous activity (e.g. surfing the web and reading email).
|
|
comments? |
Permalink |
Mail this... | Monday, January 31, 2005
|
|
|
|
|
|
|
|
|
AOL (and all Internet) Users: Education first
|
|
|
Tom Liston, SANS' ISC handler on duty, writes in the Daily Diary (scroll down to "Up on My Soapbox"):
Every time I see one of the current spate of AOL television ads portraying their customers as clueless morons I want to scream. It’s not that I have some sort of deep-seated respect for the intelligence of AOL users, but rather, these ads represent, far too well, the current industry mindset, which treats computers as home appliances.
"Don’t worry about viruses and spyware," AOL explains, "we’ll take care of that for you... Plug it in, turn it on, and disengage your brain..."
Pay attention, you’re about to read something vitally important: COMPUTERS ARE NOT APPLIANCES. THEY ARE TOOLS. Tools require that their user be skilled. Tools require education and training to use. Tools require a level of involvement beyond that of an appliance because "tool use" carries with it an inherent danger.
And yet, over the past decade, the computer industry has deliberately ignored the nature of its product. It has attempted to grind off the sharp edges, to put padding on the corners, and to make a "consumer safe" appliance from these inherently dangerous tools.
The current state of security on the Internet is simply reaping the seeds we have sown.
Indeed.
I went home for Thanksgiving, and was amazed that my father, Unix Guru Extraordinaire since I was a wee lad, didn't have XP SP2 (yet), his antivirus definitions were almost a year old, there was no firewall nor spyware-fixer installed, and he hadn't locked down the box.
I was unprepared - my fix-it CD's were at home, and I spent more time than necessary downloading and installing stuff.
Lesson learned: a guy that can singlehandedly manage a huge datacenter with one eye closed needed a XP 101 crash course (no pun intended).
Another series of posts to follow about XP 101, but for starters, read Robert Scoble's 14 point article on The layers of security I use to keep criminals at bay. Excerpt:
Let's get out of the computer world. Let's talk about heirloom jewelry. My wife, Maryam, has a bit of jewelry. Does she store it here in the house? No. Why not? It's not secure enough. Where does she store it? In a safe deposit box in a bank. Let's talk about a bank's security and how many layers it has.
Explaining IT stuff using metaphors like "heirloom jewelry" is immediately grasped by non-tech folks. More to follow.
And if you think you've got nothing on your machine worth protecting - "I just surf the internet" - you might be surprised what an unprotected box is worth to the dark side of the 'net.
Update 2005.03.20: Changed link for locking down XP from DISA [.mil/.gov users only] to NSA [open to all].
|
|
1 Comment |
Permalink |
Mail this... | Wednesday, December 29, 2004
|
|
|
|
|
|
|
|
|
MS Excel - removing internal passwords
|
|
|
|
NAV Corporate Password Recovery
|
|
|
Run this command to recover NAV Corporate domain password:
\\ <nav server> \ c$ \ program files \ symantec \ symantec system control \ tools \ iforgot.exe
Yeah, yeah - Air Power!
Update 2005.01.23: This is one of the most frequently read articles on this site, so here's some amplifying information:
1. If you've forgotten the password, run iforgot.exe. Some hash comes out, you mail it to your Symantec Account Rep, and they un-hash it, and tell you what it is.
2. Look at HKEY_LOCAL_MACHINE - SOFTWARE - INTEL- LanDesk - VirusProtect - CurrentVersion[*], there's a registry key about Console Password. Delete this, and the password reverts back to its default of "symantec" (minus the quotes).
[*] I'm not sitting on console now, so you'll need to be creative when interpreting this registry key location.
Update 2005.07.07: This article continues to be the most popular on this site, so here's some more good info from Symantec themselves:
- Password Management in Symantec System Center
- How to change the password to uninstall Norton AntiVirus Corporate Edition clients
- Norton AntiVirus Corporate Edition or Symantec AntiVirus Corporate Edition prompts for password when uninstalling clients
|
|
6 Comments |
Permalink |
Mail this... | Monday, November 01, 2004
|
|
|
|
|
|
|
| | |
|
|
|
