TrueCrypt – not as secure as I thought.

TrueCrypt LogoOn Wednesday, I wrote about TrueCrypt, and the requirement to create a Rescue Disk if you were going to use System Encryption.  I  looked into that, as I was setting up a test laptop so I could try the “Evil Maid” attack on TrueCrypt System Encryption.

And by Jove!  The Evil Maid attack works.

In short, the Evil Maid attack is a way to grab someone’s TrueCrypt’s passphrase.  Have a look at this photo of my test laptop:
Evil Maid - Can this password be hacked

Continue reading

Bypassing the TrueCrypt Rescue Disk check requirement.

Update: TrueCrypt 7 and later will allow you to bypass this check.

TrueCrypt, the freeware open source disk encryption product, allows you to encrypt your whole hard drive.  TrueCrypt calls this “System Encryption”.  Another name for it is Full Disk Encryption.  Just like Microsoft Bitlocker.
When you encrypt your system drive, TrueCrypt prompts you to create a Rescue Disk.  Should the TrueCrypt Boot Loader be corrupted, the Rescue Disk will help you fix that problem.
But TrueCrypt requires a CD/DVD drive to create the Rescue Disk, and if you don’t have one, it won’t let you continue:
Truecrypt - Full Disk Encryption - ISO check

Continue reading

Semi-regular web-link clearance – March 2010

Five Pervasive Myths About Older Software Developers

I recently celebrated my 40th birthday.  A friend joked to me, “Hey, guess that means you’re too old to program anymore!”  I laughed on the outside, but it gave me pause.  Age discrimination is nothing to laugh about in our field.  COBOL guys faced this problem years ago as Java guys like me were ascending the ranks, and we laughed heartily about legacy code and their inflexibility with new technology.

The Art of Negotiation According to Pawnstars

The other day I caught a marathon of the show Pawnstars. On the surface, it’s kind of a blue collar version of Antiques Roadshow and at first I thought it was a pale rip-off of the original. But after watching a dozen or so episodes and a couple Antiques Roadshows, I’m convinced I like this Pawnstars show more, mostly due to the more modern items being discussed that I can recognize versus the Roadshow saying an ugly broken victorian chair is worth $250k which makes no sense to me.

Download YouTube Videos the Easy Way

There are some programs and browser extensions to do this, but we’ve found that the easiest and quickest method is a bookmarklet that was originally posted on the Google Operating System blog (it’s since been removed). It will let you download standard quality and high-definition movies as MP4 files. Also, because it’s a bookmarklet, it will work on any modern web browser, and on any operating system!

Firefox: Massive Extender 0.9.1

Extends the Mozilla Add-on Collector with batch actions making it possible to install, uninstall, enable and disable entire collections or personalized selected items en masse.

SQL Injection Attacks By Example

A customer asked that we check out his intranet site, which was used by the company’s employees and customers. This was part of a larger security review, and though we’d not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

Bookmark and Share

Default security permissions on Windows Registry keys.

Registry keys with permissions

At work, I’m working on a registry key permission error.  Something which worked on Windows 2000, now doesn’t work on Windows XP.  It’s security related, hope to solve it today.

One of the questions I had was: “What are the default registry security permissions for Windows 2000 and Windows XP?”  Couldn’t find anything.

So I created my own, using the Microsoft Sysinternals AccessEnum tool.  The above graph just shows how much Microsoft has tighten registry security, from operating system to operating system.

You can find the attached spreadsheet summary here.

Bookmark and Share

Ecclesiastes 1:9

as I said to a co-worker, applies.

The problem?

We were running out of network drive space.  The network drive, where our 2000 customers store their roaming profiles, had 80MB left.  Roaming profiles, very simply put, are copies of your “My Documents” and “Desktop”, which “roam” to every computer you logon to.  To do this, they need to be stored on the network.

Co-worker: “I think we have a lot of unused user accounts taking up space”
Me: ‘Wouldn’t think so.  More like porn and music files.”

Some time later, “There was one guy with 7GB of movies on his desktop.”

There is nothing new under the sun.

Back in the 1990’s a particular Power & Water company would run out of home drive space.

The workers knew they were doing the wrong thing.  So did their management.  Management were afraid of the workers going out on strike so they wouldn’t take action.

The IT Admins took the easy way out to solve the problem, just delete the porn!

It’s not as if the workers would actually complain.

Bookmark and Share

Semi-regular web-link clearance (2) – January 2010

Dealing with VMs, Snapshots and the dreaded broken security channel

The problem with that perfect world is that you might want to snapshot a single machine to perform a what-if test and then be able to roll back if the idea is a bust. But if you do not snapshot all the VMs at the same instance, you run the risk of one of the machines changing it’s secure channel password during the what-if period. When you revert the changes during that session and you attempt to login, you will get an error message saying that the trust relationship with the domain controller is broken. You only option is to remove and re-add the machine to the domain.

Windows 7 Application Compatibility List for IT Professionals

We released the Windows 7 Compatibility Center a few weeks ago. This lets you look up one application at a time. You can find that at

Today, we have a downloadable list indicating vendor support. If you want to write some automated matching against your list of application, you can use this – it is an Excel download of all known information from vendors. You can find that at

Support for Windows 2000 and Windows XP SP2 will end on July 13, 2010

How to open a parachute during free-fall: Introducing Quick Security References (QSRs)

A QSR is designed to provide the information necessary to quickly understand and address specific security threats from the perspectives of four IT-focused job roles (business decision makers, architect/program manager, developer, and tester). QSRs will also help establish security practices and provide a framework for addressing future incidents.

Package This

Package This is a GUI tool written in C# for creating help files (.chm and .hxs) from the content obtained from the MSDN Library or the TechNet Library via the MSDN Content Service. You select the content you want from the table of contents, build a help file, and use the content offline. You are making personalized ebooks of MSDN or TechNet content. Both help file formats also give full text search and keyword search.

Bookmark and Share

VBscript to uninstall a Microsoft security patch

This is a small script I wrote many years ago to uninstall security patches.  I customise it when I need it.

In this example, I’ve customised it for MS09-032, but the principles apply to most patches.

Note that I don’t check for admin rights, I’m assuming that I’ll be using a desktop software deployment tool to run it on the user’s desktop.

' VBscript to roll back a security patch, in this case MS09-032.
‘ Dale Robinson – 2006 –> 2009

Option Explicit
On Error Resume Next

Dim bUninstallFileExists, OSSystemRoot, objWSHShell, objEnv, sMS09032Installed, sPatchCmd,sUninstallExe

Set objWSHShell = WScript.CreateObject("WScript.Shell")
Set objEnv = objWSHShell.Environment("Process")

' MS09-032 sets this registry key if it's installed.

Continue reading

The case of the broken Microsoft Word VBA application

It was a Microsoft Word (VBA) application written back in 2001.

Essentially what it does is:

  1. user selects a letter type.
  2. the user then enters some customer reference numbers.
  3. the VBA application does an Oracle database lookup to convert those customer reference numbers into names and postal addresses.
  4. which the VBA then uses to “mail merge” into whatever number of letters need to be sent out.

And it was broken.

I had a feeling that writing about patch management policy would come back to bite me (and it did).

Continue reading

It could only happen in?

Ron Goodin Power Station Imagine this.

You are a power generating company (PGC).

You have a virus outbreak on your network.

It infects your SCADA PCs.


SCADA.  Supervisory Control And Data Acquisition.  In other words, the PCs which monitor and control your power generating turbines.  Sure, you have staff who monitor these turbines as well, in-between downloading Ralph screensavers.

So it was a major WHOOPS.

The back-story was this:

  • PGC had a network of un-patched, out of scope (ie. not managed by us), machines without anti-virus software, running one of their regional power stations, in (a town of 25,000+ people).
  • The network was meant to be separate from the rest of the general computer network.
  • A hardware-base firewall WAS purchased to isolate the power station SCADA machines.
  • But the person driving the project left and the firewall was not implemented.

Not that PGC should have felt so bad.  In the same virus outbreak, a whole town lost their traffic lights.  A month before, they had switched from using a MicroVax controlling the traffic lights, to a Windows PC.

Bookmark and Share

Me?, I just want a “Susie” poster

One thing I have noticed is that the shelf-life of a Ralph modem seems rather limited.
So, for your consideration, this is a screenshot from an “inappropriate software report”.

Now, in the interests of research folks, I’ve googled those names, and I’ve come up with Zilch.  Nada.  Nothing.


Conclusion: being a Ralph model leads to a short shelf life as a model.

“Why is the Ralph screensaver” on an ‘inappropriate software’ report?”, you might ask.

Well some organisations take a dim view of photos of scantily clad men/women in the workplace, and therefore ask for software asset reports.

Behaviour that is unwelcome and offensive and that makes the person feel distressed, humiliated, or persecuted.  Includes, public displays of pornography, bullying, derogatory jokes or comments

So they ban inappropriate software & images.

And subject their staff to disciplinary proceedings.

Proofing that people don’t learn, almost five years later, the Ralph screensaver still shows up in reports.

Me?  I just wish I had a copy of the Australian Motorcycle News “Susie”* motorcycle poster.
That was sure one fine ZXR750R race bike.

* Sue Ellen Underwood, former Penthouse Pet.  The poster was widely known as the “Susie” poster.

Bookmark and Share