threat_severe.gif
Linux warning; Debian/Ubuntu and other linux installations are in extreme risk as a very serious vulnerability has been discovered that can allow relatively easy bruteforcing security codes generated with the affected systems.

Truth be told I don’t know much about linux so I cant really describe what the problem is and how it may affect your setup, I do however know enough to recognize that this is a very serious issue.  Actually, I used to have a Debian based VOIP server (Trixbox) up and running (guess many other are in the same situation) and the problem here is that systems like that suddenly are vulnerable.

If you have any kind of Linux installed (be that Ubuntu, Debian or just some print server in the corner office) be SURE to check the with the supplier if you have an issue and need to do some patching.

Want to know more;
http://itradio.com.au/security/?p=72

steadystate.jpg
Microsoft has (some time ago actually) released a utility (or security addon if you wish) for Windows XP called Steadystate;

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

What is does is basically to add very strict control to your desktop and to allow for guest or kiosk pc’s.
steadystate2.png
Lets say you administer a library pc, and daily have to deal with users changing settings downloading strange software/malware and basically just giving you a hard time.  Well with Steadystate you can inflict strict rules on what a user can and can not do, you can add time-limits for usage and finnaly (and this is the neat part) you can have the computer restore to a predefined setup at fixed intervals (or at every boot/logoff if you prefer).

In a corporate domain setup the software does not seem that interesting as many of the settings can be set via GPO’s, but for kiosk pc’s it’s neat.  And as the author of a commercial predecessor I should know 😉 www.security-setup.dk did basically the same thing just not in the same dept and detail.

If you have a kiosk pc environment, hared pc’s or your kids just keep messing their installations up this may be worth a look.  and the final good news, ITS FREE!!

password_1.jpg
JEROME J. NIEDERMEIER, United States Magistrate Judge. has ruled in favour of the defendant in a case of a subpoenaed Password for a laptop.

The case concerned a computer user which laptop was ceased during a border-crossing, the laptop allegedly contained child porn but was encrypted using PGP, a grand jury had subpoenaed the defendant to turn over the password but the defendant denied and claimed the “Fifth Amendment right against self-incrimination!”. This was later backed up by “JEROME J. NIEDERMEIER, United States Magistrate Judge”.

I do in no way condone any possession or usage of child pornography, but even though I am pleased with the ruling – as it in my world is a victory for personal privacy.  The issue is today of little relevance, as it could be avoided using Truecrypt with a hidden secret partition (a hidden encrypted partition within a regular encrypted partition – refer to Truecrypt.org for further details).

Links;
http://www.news.com/8301-13578_3-9834495-38.html
http://www.volokh.com/files/Boucher.pdf

468x60_uk.gif

PC Inspector a free HDD recovery software, I have not tested this (hope I never need to 😉 ) but it does sound quite nice and feature rich.

Thanks to: Torben Slaikjer for the link.

http://www.pcinspector.de/default.htm?Language=1
or just http://www.pcinspector.de/

4s.gifIf you want to manually update the definitions in MS-Forefront Client Security you can download them here;

Download (Always the latest, downloads as an .exe file ready for installation).

For further details refer to;
http://support.microsoft.com/kb/935934

Update Dec 2009;
for tips on how to do a scripted (eg. daily) download look here;
https://readmydamnblog.com/?p=1085

Just a quick note on FCS (Forefront Client Security – Microsofts antivirus solution), I was in doubt if it would be a good idea to install Windows Defender as an added security to FCS, a quick Googling revealed that;

Answer found on Technet.
Client Security cannot be used to manage Windows Defender – as a matter of fact, Client Security requires that Windows Defender be removed.

Windows Defender can be managed with a Group Policy – please see the last item here: http://www.microsoft.com/athome/security/spyware/software/about/releasenotes.mspx

–Kimborly Ditto-Ehlert

for full post;
http://forums.microsoft.com/ForeFront/ShowPost.aspx?PostID=1277937&SiteID=41

dontkeepit.gif
Just a word of caution in conjunction with my previous description of the online backup service KeepIT.com

I bought this service after a short test of their free 2gb offering, the price seemed fair and they offered unlimited storage space.  Things did not go smoothly though, at first their client software 1.0 was very poor, the client software seemed utterly unstable;

  • VERY slow (up to 10 minutes) when you tried to select what to backup. 
  • It was as good as impossible to tell what had been backuped (logging was very inadequate).
  • Client software would connect and disconnect from the server totally outside your control.
  • And the final nail in the coffin, when you need to restore you have ONE option – ALL or NOTHING, yes that is right you need to restore EVERYTHING it is not possible to just select the one file or files you need.

To top everything off a few extra actions was added to the story that forced me to discontinue my account; When I ordered the product I read the description on their website and downloaded and tested their product on my Win 2003 server, and everything seemed to be in order, however after returning from a weeks vacation in Milano I found that the backup job had stalled.  All attempts to get it back up and running failed, so at last I contacted their support mail.  The response was surprising, “our software do not support Windows 2003 server – have a nice day!” and then a link to a sub-page on their web site where this was stated.  Well what surprises me was that I never saw this while ordering and testing (we all know it is impossible to make the installer software not allowing installation on unsupported systems, sarcasm ;-)), so I can only come to the conclusion that this restriction was either added after I bought the product or very poorly described.  Anyhow the story ends somewhat satisfying, after a lot of writing back and forth KeepIT.com has agreed to return my payment and cancle my service.

A final word of caution, and perhaps the most important;
If you read the FAQ on KeepIT.com website (at least as it is today) you will find that if you loose your crypto key there is NO WAY of restoring your data, I found this very reassuring when I bought the product (as this meant my data was 100% private and secure).  However upon reading the “Terms of usage” VERY closely you will be surprised to find that not only do KeepIT.com have a ‘sparekey’ they also reserve the right to decrypt and examine your data without prior warning if they so see fit, unless you explicit request that they do not store a ‘sparekey’ (this if however NEVER an option during the orderprocess).  I find this option utterly disturbing.

I suggest you take a look at www.idrive.com instead, this service is cheaper has better client software and seem to respect your privacy.  I will see if I cant make a short review / comparison later.

A different solution for online backup is to use Jungle Disk. Jungle Disk is a software that utilize the Amazon S3 storage network which is very fair priced (approx $0.18 pr GB a month + an upload fee of about the same).

The solution has a quite good agent software (also comes in a USB version, so you can carry your online disk) which allow for scheduled backups, bandwidth throttling etc. etc. and the security seem quite convincing.

In the near future I will be comparing this with the www.Keepit.com solution, my feel for now is that Keepit is more home user aimed and Jungle Disk is usable for both, however the low FIXED price for Keepit do seem tempting.

http://www.jungledisk.com/

copyanimation.gif

Update Apr 8th, 2008: Please see warning against Keepit.com elsewhere in my blog

A company www.Keepit.com offers 2GB of free online backup-space (at least in Denmark) which may be quite nice for many users, may be enough to store your pictures and mail.

The client software is not the worlds most advanced I have been told, but again for home users it may be quite sufficient.

https://www.keepit.com/dansk/Home

Pay and get more :-), should you be willing to pay DKK 29 ($4.5 or €3.9) you get unlimited storage space. Seem like a quite reasonable solution.

I have not tried this yet so I am uncertain about security and encryption etc, but I have been told that it indeed uses encryption and your data should thus be safe from prying eyes.

keepit.png

First you get the happy news, Truecrypt will now offer system drive encryption, and you go to bed with a big grin on your face..

Sorry for being the carrier of bad news, but you might as well wipe that grin of your face and start rethinking your security plans.. Sure, we are not talking revelation of a super master key for all encryption, but still the guys at Princeton University did a good enough job of making smiles fade..

The idea is; RAM is not erased the second the computer is turned off, it will take anywhere from seconds to minutes before RAM is reset to “0”, and as the encryption key is found in ram (For most software, including Bitlocker and Truecrypt) what these people do is to boot a usb device and dump the entire ram content before it fades… They even slow down the process via an air cooling spray adding almost unlimited time to do their ‘evil’ deed.

Revealing the keys and compromising data will in most cases (not all it would seem) require a rapid response from the potential hacker, the technique require physical access to the computer within minutes after it is turned off (not true for hibernation or sleep mode mind you). However Bitlocker even in some configurations seemed ‘hackable’ even if turned completely off (cold).

Sounds like science fiction, well the you tube video they produced seem somewhat convincing.

Steps you can do to to counteract this;
DONT use hibernation or SLEEP mode.
If possible use the “enter a password” at bootup.
In bios disallow booting from USB.

These steps will not make you 100%  secure, but will make things way more difficult.

For more details;
http://citp.princeton.edu/memory/