Archive

Archive for August, 2009

10 Things you don’t want to know about Bitlocker…

August 28, 2009 18 comments

Nov 2015 Update – It seems bitlocker sans pre-boot has been trivially insecure for some time according to Synopsys hacker Ian Hakan, who found a simple way to change the Windows password and thus allow access to data even while Bitlocker was active. 

So, with the forthcoming release of Windows 7, the ugly beast known as “Bitlocker” has reared its head again.

For those of you who were around during the original release of Bitlocker, or as it was known then “Secure Startup”, you’ll remember that it was meant to completely eliminate the necessity for third party security software. Yes, Bitlocker was going to secure our machines against all forms of attack and make sure we never lost data again.

What happened?

Read more…

Disaster Recovery, WinTech and WinPE

August 25, 2009 44 comments

WinTechA long while ago, probably back in 2006 I wrote an article about how to add WinTech (the diagnostic and disaster recovery toolkit for the “SafeBoot”, or McAfee Endpoint Encryption for PCs) to a BartPE CD Image. At the time WinPE was only available to system integrators, and not to the likes of you and me. The steps to create custom WinPE CDs were obtuse, thanks mainly to a lack of documentation from Microsoft as to how WinPE worked, and thus many people migrated to the simple and easy BartPE system.I wanted to provide an easy way for people to make these useful bootable recovery CDs Read more…

New S.M.A.R.T Monitor Tool for Hard Drive Health

August 21, 2009 Leave a comment
Simon's SmartInfo Monitor

Simon's SmartInfo Monitor

Further to my post on S.M.A.R.T, I got around to making a simple little HTA which uses my SMART class to display useful info on your drives. You can get it from CTOGoneWild. It gives you an example of how to make a useful HTA, and how to embed VBScript classes in a way where they can be used in either a normal VBScript, or a HTA itself. You can also find the SmartDump script which does much the same thing, but outputs to a file name (either set on the command line, or in the script itself).

Categories: Programming Tags:

About Bindings in McAfee Endpoint Encryption / SafeBoot

August 7, 2009 16 comments

A few people came to me this week and independently asked how to link EEM (SafeBoot) users to directory counterparts, or how to switch them to other directories or user names. Bindings are a key part of the EEM Encryption environment, as they allow automated user management to take place by tracking changes to the user identity in some other system, most commonly Active Directory. Read more…

Army National Guard shows how much it cares about 131,000 identities…

August 6, 2009 Leave a comment

National Guard Website

A busy week in the world of data loss, with the report from the Army National Guard Leaders that a personal laptop containing the records of 131,000 former and current guard members was stolen from a contractor on 27th July 2009. The information included the usual culprits – Name, Address, Social Security Number etc.

What this information was doing on a contractors personal device, and not locked up and restricted is undisclosed, but the important thing is that the Army Guard is showing it’s eagerness to resolve the situation and protect its members. Read more…

TrueCrypt vs Peter Kleissner, Or Stoned BootKit Revisited..

August 4, 2009 59 comments

Peter Kieissner

This weeks flame war between TrueCrypt and Peter Kleissner had me both upset and laughing at the same time.

For a start, hats off to young Peter (18 years old according to his site), who recently presented at Black Hat his concept for a “universal rootkit” exploit, which, using that older-than-he-is technology of MBR replacement, manages to subvert Windows in such a way as to be able to drop a payload into memory as the computer boots.

I’m not sure, but isn’t that what MBR viruses have done since day one? I guess Peter agrees because his new “Stoned Bootkit” rootkit is named “Stoned” in homage to one of the original MBR Viruses of  1987 Read more…