MS EFS and Vista security *features*

Everybody and their brother have commented on the chatty-ness on MS Vista. My one note on this is that the administrative dialog that appears whenever any one accesses an item that requires administrative privileges is that the solution is a dialog level. This is similar to debians DPKG prompt level setting which sets the dialogs between only serious messages (something which has the capacity to brick the computer if not answered) to trivial (Everything, no matter how trivial.)

Microsoft’s choice to do this method of alerting users is pointless clutter. It trains the user to press "OK" on everything, which is a terrible idea that is the root cause behavior to the MS in security problem. This behavior is caused by how they are handling authentication tokens. A second token is created carrying administrative privileges and adds to the users current authentication token for the purpose of using administrative functions.

We all some times say something like "... "What they ought to have done is ..." I remember saying it a lot in middle and high school, hence my concern about saying it too often. But creating a utility witch catalogs all apps, control panels requiring admin privileges which limits its access to the rest of the system. Take for instance an old version of a children’s learning software. Many schools must run the software from the server and it requires admin privileges to run. why not put it in a root jail?

The dirty solution is to use MS's virtualization software to run it on a virtual machine. Which is inelegant but it works I guess.

*SIGH*

On another note, I got some more information on MS's Bit blocker.

Bit blocker uses ether Microsoft’s TPM (Trusted Platform Module) to store an encryption key to unlock the disk at boot time.
Alternatively you can use a USB key drive to store the key. What this does is prevent some one from yanking the hard drive and digging out your data. The info is fair game once it is started, but you have server 2003 and Vista's security to contend with at that point.

Bit blocker creates a backup key when you setup the disk so that’s your only alternative if you lose the login key.
EFS which is encrypted files on the NTFS file system are encrypted with the users personal certificate AND their local administrator (if a stand alone machine) or the network administrators certificate (if in a domain). Given the reports that The federal government required MS to include keys for their own use I wouldn't put it past them to have included that too though I don’t have any evidence confirming my suspicions.

Bit blocker seems like a neat idea, it relies on the physical security of the TPM or a USB keychain. Another layer of security for physical protection cant hurt I guess. EFS I find useful only for keeping small children out of files they ought not be seeing. It has way too much big brother entwined within it to be of use to me.

Neocrypt or GPG or anything else for that matter is still the best option for WINTEL data security in my book.

Solaris

So, you've just received your gratis Solaris 10 DVD set and you already know that your hardware works and has basic drivers because you used the
Hardware Check Tool ISO. However, the DVD boots but ends up complaining -- ERROR: The disc you insterted is not a Solaris OS CD/DVD?! Try setting the DVD drive as the slave drive on the main ATA channel with the HDD. It should boot and install fine then.

Target: ECS/PC Chips M963GV mobo w/ SiS 551GX/964L chipset and a 2.8GHz HT P4.

EDIT/UPDATE:

Now that it's installed and booted, you want to move the drive back to the secondary ATA channel, so each drive can have a channel to itself. The problem is that Solaris maintains a hard-set device map. Once booted to the install with the drive back on the secondary channel, a quick run of prtconf from a root terminal shows that ide, instance #1 (driver not attached), drat! With a bit of help from Google and a good blog at blogs.sun.com called PotstickerGuru, we get the command called devfsadm that will allow us to rebuild the device map. So issue devfsadm -r / from that root session, run prtconf again and the second channel should have been recognized and now show ide, instance #1 / sd, instance #1. Reboot, and the drive will be recognized and functional. Now we can stick in a CD-RW with the sfe driver for the SiS900 Fast-Ethernet chip and finally get the system online.

We've moved - Kinda

I went ahead and switched our content the domain name that the HiR crew already had (http://www.h-i-r.net). Same people. Same content. New location!

Kansas City 2600 Meeting this Friday! Join us!

Join the HiR crew in the food court at Oak Park Mall this Friday for the monthly 2600 meeting. We're open to discussing all things technological, and some things philosophical. We usually arrive sometime around 5:00PM. When you see a bunch of guys with black T-shirts and laptops, you've found us.

Speaking of steganography...

One of the true odd ducks of the internet, Shannon Larratt, created a good proof of concept for a randomized steganography implemented by using Markov chains. His post on his blog Zetastic.com two years ago showed his method and some sample meta code for the process. Also included is a demo Win32 app that performs the functions. One of my goals of re-learning C++ lately had been to write a simple function or library to preform a Markov
chain encoding for data. The main draw back to using this process is the vast increase of space needed to store the output. Every bit will be represented by a entire word of several bytes. One way to help with that may be to use a large randomized pad of data. Then use that instead of text for the seed.

This is one form for steganography that may be useful as a publicly visible data. Through a judicious use of seed text it may be possible to use a text that is both large, and contains very few "identifier" words that would reveal the original text. Thus, without the original text (seed/key) it may be impossible to generate the Markov chains and build the separate sets needed to decode the data.

Outlaw information security tools and only the outlaws will have the security tools

While doing research into Steganography I looked at a couple of sources on wikipedia on organized crime and some of their applied uses. Organized crime still hasn’t fully adopted technology but is slowly getting there. Phishing scams and other online fraud schemes are netting a pretty penny now a day.

My point is not to illustrate organized crime as a "good" example of how to do things. My point IS to illustrate how an organization that relies on absolute secrecy to exist applies the principals that we have discussed in theory into practice.

Wikipedia has a prison tattoo section explaining prison tattoos and their meaning. Prison Tattoo’s in this context are a means to communicate social status and other intentions or proclamations. Tattooed illustrations containing metaphors such as status in a criminal gang or their intention to escape is one example. Japanese Yakuza publicly display the name of their gang on their storefront and on their clothing to identify themselves as a part of a gang.

La Cosa Nostra utilized a form of slang that baffled the FBI for a long time until the full lexicon of mafia terms was eventually discovered.

These examples show how Steganography was applied to mundane speech, body art and clothing styles that in the criminal context had a different meaning. The problem with this secret communication is that though the medium was secret, the information was not and thus vulnerable to discovery and interpretation by a third party.

It also illustrated to me the fatal flaw in Steganography which is security by obscurity which is a mantra often chanted by security guru's when addressing insecure weak proprietary security systems. However this being said, Steganography DOES buy time and help overcome passive discovery so when combined with good crypto it can be a part of a balanced communication strategy. Kind of like buying a box of SUPER ULTRA SUGAR SMACKS for your kid because its the only way you can get them to have milk in their diet.

http://en.wikipedia.org/wiki/Criminal_organization
http://en.wikipedia.org/wiki/Criminal_tattoo
http://en.wikipedia.org/wiki/Steganography

15 minutes past midnight ... and all is well

Topics covered at 2600 were:

Linksys v6+ routers not handling extended port scans with nmap.
Clustering with Open Mosix
Favorite IRC chat clients.
Legal issues with dumpster diving

Discussed several scenarios where in-appropriate bodily functions could lead to severe beatings, a triathlon through briar invested woods or side splitting laughter when observing where said items landed.

.... And how the whole world is going to end in a magnificent atomic/economic fireball of doom ... (Thank you Eugene Rabinowitch) all this over a magnificently prepared fiery Thai food. (YUM!)

It was funny, it was the first time some of my cohorts acknowledged that perhaps this whole Iraq thing was a mistake.
Naw gee? Ya think?