Tales from the “true”-crypt

suspicious-fry So what is up with Truecrypt??  Something fishey is indeed going on, their website www.truecrypt.org has been taken down and is now just redirected to; http://truecrypt.sourceforge.net/

My initial thought was that they had been hacked, but that does not appear so – the redirect happened several days ago and had it been a hack I would have expected it to be fixed by now.  So something more serious seem to be going on.  I read and heard several different ideas on what is going on ranging from protest against the XP end of support, Lavabit a like case, to NSA infiltration.

My personal “favorite” is that it is and internal powerstruggle in the Truecrypt team, the team has always been very secretive and roumers are that then internal power balance in the team has not always been the best.  It is thus likely that the team somehow ended up imploding and subsequently just abandoned the whole thing.

I do feel that if the case is internal power struggels, then the team defaced their own gravestone, why would you not give a good explanation on your website as to what happened instead of having people be suspicious as to possible NSA infiltration etc.

Shame on you Truecrypt team, this exit is just plain irresponsible, grow up and face the music.

A summery of what is known, a repository of the “original” truecrypt files and some additional useful insights can be found on the GRC website;
http://sl.readmydamnblog.com/1xgFhIK

truecrypt-logo

/by

Stop Being Admin – the easy way :-D

, , ,

logo-512x5123Just a quick heads up on a cool new utility (free even) …

Working as an IT specialist within a large international corporate entity, we had the challenge regarding “Administrative/Non administrative” user rights on our corporate Windows machines.  We likely have all faced this question/challenge, we WANT to tighten the machines down to gain the added security and subsequently lower the support need, however the hurdle of preparing for this (as well as maintenance) puts great demand on the planning and deployment of corporate machines/software – especially if you like us have many people in the field.

See if we removed all administrative rights from users, then they would have to call the ServiceDesk whenever they needed administrative rights- this could be to install a printer, software, drivers etc. Now for some very “static” machines this would not be a real big problem, but for a large segment of our users, this would be very annoying and troublesome – especially for users in the field where the ServiceDesk may have problems connecting.

On the other hand, having users not be local administrators is a huge gain when it comes to protection against malware and exploits, according to a podcast “Security Now” on the twit network you can minimize the risk/impact of IE exploits by up to 99+% by being a non-administrative user. In other words, there is a heavy tradeoff here.

Then again, perhaps not anymore – there now seem to be a way to both “have your cake and eat it” at the same time.

One of the very talented external consultants we use on a regular basis “Thomas Marcussen”, recently told me about a FREE cool utility they developed called “Access director for Windows”.  What this “Access Director” does is actually simple yet still quite clever, after you install the utility users will have the opportunity to grant themselves temporary administrative rights whenever needed. Therefore, the user account will normally have no administrative rights, however by right clicking the utility icon in your status bar, users can grant themselves a limited period (eg. 2 min) where their user rights are elevated to local admin. Now they will be able to install that printer/driver etc. that they may need to work, and after this period then the local admin rights are automatically revoked and the machine is again secured against malware and exploits.

The optimal implementation of a utility like this would probably be to have a group of “trusted machines” (eg. traveling sales persons, management etc.) where this utility is installed, on these machines users can elevate themselves as needed. Then have another base of “regular” machines (eg. production/office pc’s) where the administrative rights are removed, and the users will still need to contact the ServiceDesk in case administrative rights are required.

Oh yeah, did I remember to mention it is a free utility 😀

 

I talked to Thomas about corporate use of this utility, and he assured me that several corporate initiatives were on the way like; Ability to customize settings via registry settings, Ability to control who can elevate (via groups) plus a manual.  He said that the reason for the lacking documentation was that the release was slightly rushed due to TechEd.  There is a little info on some registry settings here; http://sl.readmydamnblog.com/RZdo7J

Anyway, enough talk – take a look at the YouTube video and it will all be clear 🙂

Download site is (look for “Download Access Director”);
http://sl.readmydamnblog.com/1oj6KVi

YouTube Video here;
http://sl.readmydamnblog.com/1qXwECv

Thanks to Thomas Marcussen for this nice utility.

/by

Yet more free Security Training…

,

Interested in Security?

csu-logo

Free Short Course: Hacking Countermeasures

The aim of the short course is to give you a taste of what it is like to undertake Postgraduate study via Distance Education with Charles Sturt University. The Hacking Countermeasures short course covers sections of our subject ITE516 Hacking Countermeasures, an elective subject in the Information Systems Security Masters Degree at Charles Sturt University.

The short course will be run over 5 weeks with lectures being delivered via weekly after hours Webinars (recordings of the Webinar will be available if you are unable to make the live event). In between the Webinars, you will be asked to do 10-12 hours of study.

The course is free to undertake – link below..  Course begins May 28th 2014.

http://sl.readmydamnblog.com/1k4ld6s

/0 Comments/by

Free online training – multiple levels and topics

, ,

OfficialAchievementCertificateA friend of mine just joined an online Android course at the University of Meryland, from what he tell me it is actually really good.  So I did some peeking and ended up finding a source of online courses;

Among the courses I managed to find one of personal interest, it’s in Crypto – sadly it had already finished, but that turned out to be a Blessing in disguise as this let to a preview of the course videos;
https://class.coursera.org/crypto-preview/lecture

Other courses can be found here;
https://www.coursera.org/courses?orderby=upcoming&stats=upcoming&lngs=en

Below is another source (more just free videos and thus maybe not the same leauge, but still).

http://thenewboston.org/tutorials.php

 

 

/0 Comments/by

Disaster and Recovery Plan

,

Need some inspiration on your Disaster plan at work?

Well Dilbert surely has one for you 😉

/0 Comments/by

Forefront Endpoint Protection – fustrations

,

2013-06-28_14h08_52I just updated our “Microsoft Forefront Endpoint Protection” client software, this in turn caused several of my scripts to stop working 🙁

Digging led to the discovery that the PATH has changed :-/ omg why change that…

Namely I ran two commands weekly on all our servers;

"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate -MMPC"
"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -scan -scantype 2"

The first foreces Forefront to update it’s definitions straight from the Internet repository, and the second forces a full scan.

but the “Antimalware” part of Forefront (or at least MpCmdRun.exe) seem to have moved from;

C:\Program Files\Microsoft Security Client\Antimalware” to “”C:\Program Files\Microsoft Security Client

But why 🙁  – anyhow, if you update your Forefront Endpoint Protection be sure to check any manual scripts you have running.

 

Downloading the updates manually;

You can still download the update file manually (80mb aprox), it’s the same file as for Endpoint Protection –  get them here;
http://www.microsoft.com/security/portal/definitions/howtomse.aspx
or try this undocumented one (direct download link); http://go.microsoft.com/fwlink/?LinkID=121721

 

 

/0 Comments/by

WordPress Security -> Wordfence

, , ,

WordFence

You are likely familiar with WordPress, if not well – interesting 😉  anyhow, you may also have heard about the recent attacks on wordpress blogs by a worm like virus/malware?  Attacks on WordPress installations is not something new, it has always been there as it’s such a popular platform however time has revealed some not so smart features with wordpress security, one thing is that you can try to log in as many times as you like without any action being taken – hence there is nothing to stop a brute force attack on your wordpress installation’s login!?

Well Wordfence to the rescue, a simple plugin you install on your wordpress installation that all of a sudden offers you a ton of cool security features, I will just mention a few here – for the complete listing visit their website..

Features;

  • Login limiter – limit how many incorrect passwords/usernames are accepted
  • Site and theme scanner – scan your wordpress blog for changes
  • Block unwanted IP’s from accessing your site
  • Manage crawlers (search engine index bots)
  • and many many many more cool features

You can define what the reaction to different attacks, eg. block IP/Lock account for xx min/throttle traffic.

Wordfence1

Now a thing like that must cost a fortune you say!?  well no, there is a TOTALLY FREE version with basic functionality (enough for most I would say) and the deluxe version which cost a bit.

Now after adding this you should also add Two Factor Authentication, eg using “WordPress Google Authenticator Plugin” – http://wordpress.org/extend/plugins/google-authenticator/screenshots/ Or one of the other TwoFactor authentication solutions out there.

So, what are you waiting for 🙂 protect your WordPress blog now 🙂

/0 Comments/by

iPhone Configuration Utility – easy configuration of iPhones/iPads

, , ,

You may be an IT administrator or just the person in charge of helping your users (or friends for that matter) configuring iPhones.  Now setting up an iPhone is not hard once you have tried it once or twice, but it is still time consuming and lets face it not very fun, well imagine that you had a piece of software in which you could prepare the configuration and then just sms the configuration to anyone?  Well it is almost as easy as that 🙂  and best of all, I will show you how 😀

What you need is the “iPhone configuration utility” from Apple, you will find it here;
http://www.apple.com/support/iphone/enterprise/

Now you install this and are set to go, with this software you can create configurations for the iPhone (or iPad) and by connecting the device to your machine you can transfer the settings directly, this is easy enough but as mentioned you can do even better – you can send the configuration over the internet – the latter however require a web-server and maybe a little more skill that the average home user.

Anyhow, if you are an IT administrator etc. and need to setup a log of iPhones, then this is interesting for you..  You create a configuration with “iPhone configuration utility” and upload this to a web-server, eg. as http://www.webserver.com/iphonesettings.mobileconfig and now you can just sms the link to this page/file to new employees or BOD “bring your own device” users.  Now one word of caution though, if you publish your config this way you MUST omit ANY sensitive information like email, domain name, username and passwords, this however is not a problem – any information not entered will just be prompted – so if you omit the username and password the user will just be prompted for this when installing the configuration (information like this is likely known by the user, or could be included in the sms).  That some outside user may be able to read what mailserver you use is not really a problem, this information is already public knowledge via eg. NSLOOKUP – so there is really no security issue with this unless you include passwords etc. which you should avoid as mentioned.

The settings set this way are entered into the phone as a “Profile”, you can configure that this “Profile” can be removed “Anytime”, “Via Password” or “Never” (never mean that you need to reset the device to remove), if you remove the “Profile” it will also remove all data related to the profile (eg. if email settings was part of a profile, it will also remove the emails as part of the removal – but if you setup additional email’s manually these will be left alone).

What can you configure;
Almost anything, just to mention a few things; Email, VPN, WiFi, Policies (you can enforce password etc. etc.).

See my walktrough here for more details etc;

 

Ps.
If you upload the configuration to a webserver, you may need to set the mime type and remember to NOT change the extention of the file (.mobileconfig).

/0 Comments/by

Kristina Svechinskaya the worlds sexiest hacker

According to http://www.techpraveen.com Kristina Svechinskaya has been elected the sexiest computer hacker in the world.  Sadly not for some white hacker scheme but rather for being a mule related to Zeus Trojan attacks in the range of $12.5+ million.

And I must say, she does look cute..  sad she chose this kind of business 🙁

 
Read more here;
http://www.techpraveen.com/2011/12/kristina-svechinskaya-is-the-worlds-sexiest-computer-hacker.html

/0 Comments/by

How to install Malwarebytes and remove malware/virus easy

,

Here is a short video guide to removing malware using Malwarebytes.org’s free scanner.

English language version;

Danish language version;

For more details on how to remove malware and viruses then look here;

https://readmydamnblog.com/?page_id=1222

/0 Comments/by