My ramblings on the stuff that holds it all together
Category Archives: Security
If you use an Apple Mac (like I do), then maybe you’re happy not to have to be too bothered about all those virii, malware, worms and hackers attacks so don’t bother spending too long on your personal IT security like you did in the Windows days.
However, please think about this – I’m currently in a hotel, I can see all the other Mac users on the WiFi, because they are broadcasting their hostnames, which in OS X defaults to what you told it your name was at setup time.
If I were that sort of person, not only do I have the ability to look at some of the files you’ve made public in your dropbox folders, your shared iTunes library (Stephen – Princess Bride sound-track, really?!) more importantly I have your real full-name, you’re probably staying in the same hotel as me, so just think of all the social engineering japes I could have with that..
“I’ve forgotten my room key – here is my Employee photo ID (that I’ve just doctored with your information), can you remind me what my room number is?”
“Hi, reception – can you put me through to Mr Adam ABC please.. Hello? Hi – FedEx here I’m at reception and I have a package to deliver to you, which room number are you in please?”
“Can I put these drinks on my room tab please?”
I found you on Facebook
I found you on LinkedIn
Believe me, hotel front-desk’s aren’t too clever about protecting this stuff and the “customer” is always right.
In the interest of balance, Windows has slightly more secure defaults and corporate laptops typically have group policies to enforce certain network behaviors, although I can still see all your company domain names in the netbios broadcasts you make, even if your name is something less personal like PC03432.
Turn this stuff off, just because you have a Mac doesn’t mean you don’t need to be sensible!
Look under System preferences Security and Sharing for options
Think about it.
As the Hoff posts here and on VMTN here. the proposed vulnerability that you can manipulate and possibly compromise a VM during a VMotion process isn’t exactly major, it’s clever.. but – like anything if you don’t follow the best-practice recommendations then you expose yourself to these risks… same reason they recommend you lock your server room or don’t have blank passwords – this attack is akin to gaining physical access to the hardware or being able to sniff a physical switch port – in this instance, it’s “virtual” hardware.
VMWare have always recommended keeping the VMotion traffic on a separate VLAN or network.
the other vulnerability where VMTools can be compromised on is different, but again preventable.. and not enabled on server instances of VMWare.
Goal: keep a single .WIM file, Multiple instances of the same build in the .WIM file
Build001 non-sysprep’d version for maintenence with all latest patches and corp apps
Build002 sysprep but no domain for home workers/3rd party
Build003 sysprep + domain joining and scripted OOBE for corp machines
Build004…etc. tweaks to the sysprep – for different domains/customers or OOBE settings like language etc.
Build a bootable WinPE DVD with ImageX and the large .WIM file stored on it so no network connectivity required to install (at this stage) just a single DVD.
Reboot from Win PE to start Vista MiniSetup/OOBE
I hit a problem as when I restored build001 to my reference machine it wouldn’t boot and immediatley gave a 0xc000000e error
This was because my automated build DVD runs diskpart with a scripted set of commands (WIPEDISK.TXT) which includes the clean command
select disk 0
create partition primary
select partition 1
format fs=ntfs quick
This caused problems in this instance because The clean command erases the partition table ID.
If an image has not been-sysprep’d it still looks for the original partition table ID (which diskpart removed) hence the stop error at boot.
Sysprep’d images don’t have this problem as the “/generalize” switch resets this dependency on the partition table entries and mini-setup runs at 1st boot to fix it up.
So, if you need to do maintenance on a non-sysprep’d reference image then
- You need to restore it via imageX and your usual process (in my case a bootable PE DVD)
- It won’t be able to boot – it will give an 0xc000000e error
- Boot the reference machine from your original Vista install DVD and choose to repair
- This puts back the partition table ID and it will boot again
- Once it’s booted you can carry out any online maintenance, add extra software etc. to customise it
- Then sysprep /generalize /oobe /shutdown your reference machine
- Map a drive to your master .WIM file, or a USB disk etc.
- Append the changes to the master .wim file (remembering to use the /APPEND switch; if you just use /CAPTURE you will OVERWRITE your .wim file and be very sad.. Did it twice before I learnt to backup the .WIM file before hand!
- Then re-master your DVD – with the appropriate files – I just inject the .WIM file to the Windows PE DVD I made using PowerISO.
Rinse and repeat.
Thanks to this post http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1099145&SiteID=17 and this post http://www.svrops.com/svrops/articles/winvistape2.htmI figured it out…eventually!
Interesting article here and here on “side-jacking”; discussing people snooping session ID’s from URL strings to possibly bypass SSL security which is normally only applied at logon and then content typically reverts to non-SSL.
I’ve seen similar issues several times at airport or public Internet “Kiosks” and have accidentally walked into people’s airline reservations, webmail etc. by looking in the browser cache – and sometimes even in the address bar drop-down! as those machines don’t get wiped when you start/stop using them (easyInternet used to do a total wipe/re-provision of the OS once you’d finished using their machines)
Moral of the story? public kiosks are bad for doing anything you don’t want to share with other people even if you’re clever and choose the “secure session” option and if you can “sniff” a public WiFi connection you can get all of this over the air so game over anyway.
Of course session time-out typically means this is only vaid for “fresh” data… but still worth bearing in mind.
This is nothing new and has been around since the Internet started; but you’d think all the hip ‘2.0 tech companies and users would be up on this by now..
Argh, I hate this kind of thing .. give us £5.99 and we’ll send you some PDFs to allow you to claim compensation from the govt. for identity fraud arising from the loss of confidential data, if you read around a little bit I doubt they’ll be paying much out unless something serious really does happen but the ambulance chasers with the website will have made a few quid. And even then if they did get forced to pay some kind of compensation – don’t you people get it? if you sue the Govt. where do you think the money comes from? that’s right – your own pocket, we fund the govt. they don’t really “earn” money; they are not Comet, or Sofa Warehouse, we are the share-holders – you might as well take an extra £10 out of your monthly salary and put it in the bank as compensation; as if the govt. have to pay the entire nation compensation they’ll pay for it one way or another via via your tax money, or by shutting down a hospital etc; it’s like fining police forces and the NHS for not performing.. by doing so you reduce their capacity to pay for improving things and give them a further excuse to grumble about how they don’t get enough funds.
I think it would be better for the govt. to do some kind of deal with Equifax’s identity watch scheme to give people a cheap/free subscription to their service for ID fraud detection.
This would be a good thing to do on a national level as the trouble with ID fraud is that it goes un-noticed for so long, it might also be better for the people that seem totally incapable of working out their monthly finances and don’t realise what impact missing payments/defaulting really has on their future pans to buy a house, TV, car “bling” etc. on finance. All those ad’s for sub-prime loans etc. are not cheap money and lenders don’t really just “write off” your debts just because you say you can’t pay them back and say “never mind… don’t worry about it”.
Seeing your credit report really makes it plain to see what criteria lenders use to assess your credit-worthiness, rather than making it such a dark secret; I guess the other side of the argument is that it gives people some scope to “game” the system; but this information is already available on request from the credit scoring agencies (£10 IIRC) so anyone wishing to do so already has the tools available.
Anyway, rant over.. must get back to the paracetemol, this cold is making me cranky!