Author Archives: Dale

British Airways IT Security Awareness Fail

1 Reply

I recently stumbled across a British Airways given at the ENISA Conference on the 19th June 2009. You can find the presentation BA-IT-Security-Awareness-presentation if your interested in having a read, its actually a good presentation for the intended audience.

I did learn from this presentation something new (every day is a school day after all), that an alternative for the standard CTRL+ALT+DEL and then pressing ENTER to lock your workstation is to press the WINDOWS KEY + L to instantly locking your machine (I think this may be XP and above).

So BA created an excellent poster to share this information, and to encourage people to lock the workstation when they step away for a cuppa. One small problem, from the imagery they want you to press the G key??? I assume this is an accidental mistake, and I have contacted BA to hopefully help them save some face, however its is a funny fail.

Please vote for my fail finding to appear on the Fail Blog.

BAFail

The Anti-Sec Movement

Leave a reply

So you may or may not have heard of the Anti-Sec movement. Most people will be familar due to their hack on ImageShack recently.

imageshackhack

Their Manifesto from the image is as follows:

Anti-sec. We’re a movement dedicated to the eradication of
full-disclosure. We wanted to give everyone an image of what we’re
all about.

Full-disclosure is the disclosure of exploits publicly – anywhere.
The security industry uses full-disclosure to profit and develop
scare-tactics to convince people into buying their firewalls,
anti-virus software, and auditing services.

Meanwhile, script kiddies copy and paste these exploits and compile
them, ready to strike any and all vulnerable servers they can get
a hold of. If whitehats were truly about security this stuff would not be
published, not even exploits with silly edits to make them slightly
unusable.

As an added bonus, if publication wasn’t enough, these exploits are
mirrored and distributed widely across the Internet with a nice
little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public.

It’s about money. While the world is difficult to change, and
money will certainly continue to be a very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its
consequences.

It is our goal that, through mayhem and the destruction of all
exploitive and detrimental communities, companies, and individuals,
full-disclosure will be abandoned and the security industry will be
forced to reform.

How do we plan to achieve this? Through the full and unrelenting,
unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits…

“you are a target and you will be rm’d. Only a matter of time.”

This isn’t like before. This time everyone and everything is
getting owned.

Signed: The Anti-sec Movement
“No images were harmed in the making of this… image.”

Now I am all for people being able to speak their mind, and thats fine. The thing that I find a contradiction is that they are hacking sites to spread the word. Isnt this the pot calling the kettle black?

Sure this movement will be interesting to follow.

BitLocker To Go in Windows 7. How To In 5 Easy Steps.

2 Replies

Encryption is becoming more and more important with the increased usage of electronic media, especially when it comes to removable media.

Windows Vista was the first Microsoft OS to feature inbuilt encryption in the form of BitLocker, however ideally you need a TPM (Trusted Platform Module), and it wasn’t really all that good to implement due to how the partitioning was setup at install.

With the release of Windows 7 they have made some improvements to the BitLocker implementation making it much easier to turn on as they have made a small partion as standard to store the relevant information. In addition they have also implemented BitLocker To Go, so that you can easily encrypt your removable storage.

Below is a simple step by step how to:

You will need a Windows 7 Ultimate Installed (Not clear what other versions will have this feature at release), a USB Storage Device, and about 5 mins of your time. Time will increase based on the size of the storage device.

* It is important to note that BitLocker only supports Windows volumes, so currently you will be unable to open these on a Mac, Linux or Unix platforms.

Step 1 – Insert your storage device into your machine. There is no need to remove data from the device, no information loss should occur as part of the encryption process.

MyComp

Step 2 – Open up control panel and select “System and Security” and then select “BitLocker Drive Encryption”. Once the BitLocker screen has opened identify the removable storage device and click on the associated “Turn on BitLocker”.

Bitlocker

BitLocker will now review the size and contents of your removable media, before starting the pre-encryption process.

StartBL2Go

Step 3 – You will now be prompted to set an Encryption Password, or associate a smart card to unlock your key. BitLocker uses a strong encryption algorithm (AES-CBC + Elephant Diffuser), but it is still important to set a strong passphrase. I would recommend 20 characters or more and included numbers, letters, and special characters (@!£#).

Enter your password in both boxes and select next.
A short password was used for this demonstration.

blpw

Step 4 – Create a recovery key. This is important so that in the event you forget your password you have an alternative method to access your data. You can print or save a file containing this key. What ever option you select, store the outcome somewhere safe, and do not keep it with your removable storage device. Once you have stored or printed your key, continue by clicking next.

recovery key

Step 5 – Encrypting your device. Once your sure you want to encrypt your device, click “Start Encrypting” if you have any doubts now is the time to cancel.

enc

You can monitor the encryption process. Obviously the time taken will depend on the size/capacity of the removable storage.

encpro

Once the process has completed, the below message will be displayed. All you need to do is press close and your done.

enccomp

To verify the encryption was successful you can go back into the BitLocker section in Control Panel.

comp

Or in My Computer you will see your removable device has a new “open” padlock associated with it.

nowenc

From now on when you insert your device you will be prompted to enter your passphrase or insert your associated smart card. It is possible to associate your removable media with your computer, but I would not recommend this.

enterpass

You will also notice if you dont enter the password, you have a closed padlock in My Computer.

nowenccomp

If you decide to remove the encryption, simply open up control panel and select “System and Security” and then select “BitLocker Drive Encryption”. Once the BitLocker screen has opened identify the removable storage device and click on the associated “Turn off BitLocker”. Obviously you will need to have authenticated yourself to the drive to allow this activity.

BU-353 GPS Receiver… New Toy :D

1 Reply

So I ordered a BU-353 GPS Receiver from Taiwan and it arrived in 4 days, not bad going if I do say so myself.

I plan on hooking this up to my laptop to do some tracking, and perhaps do some wardriving mapping, so lets see how it goes.

CIMG2262

CIMG2263

Google Chrome OS. Should Microsoft be worried??

Leave a reply

So Google have announced they are going to be releasing their own OS.
So in about 12 months time we should be seeing the Chrome OS available, and its apparently firstly going to be aimed at the growing netbook market.

The aim is to get something out there thats basic and gives a user what they need, and gets them up and running super smartish. I guess this is going to compete against the likes of Ubuntu Remix, Linpus and other light weight OS’s used on netbooks. I guess Microsoft has a little to worry about, but personally I dont think its going to have a bigger effect than now, as windows is fairly weight for what I believe a netbook was originally designed for.

Look forward to seeing the beta for this, and seeing how many vulnerabilities are found in the first week.

118 800, all your mobiles are belonging to us. New UK Mobile Directory to go live.

1 Reply

I guess anyone visiting this blog knows we dont have any privacy, but just to add to this a new service is being setup called 118 800. This service is going to be a directory of every UK mobile number. The idea is that you type in the name and home location of someone whos mobile you would like to contact, they then search the database and then offer to connect you to this person for £1. Apparently they dont share the actual number with the requestor, but send a txt to the owner of the number with the details of the requestor asking you to contact them, or they call you directly and ask if you want to accept a call from the requestor if you were to dial the number (like when you call the operator and reverse the charges I guess).

I am probably being overly paranoid as I guess its no different to the fact landlines are registered and you can be ex directory, but just feels abit odd to me with it being a mobile. You can become ex directory from the service by texting E to 118 800, or completing an online form. They say they wont be handing out numbers or selling them to anyone (hmmm), time will tell I guess.

How about they set up a service with no information, and if I want all my information shared with the world I will submit it to them 🙂