So you couldn’t make it. No worry, you have undoubtedly been going through the videos from shmoocon already. If you haven’t yet, you should, they were well done and better than last year. But, what you might not have done yet is the Hack or Halo contests.

Update: We’ve determined the images have become corrupt during one of the transfers and have been taken offline until the problem has been fixed. It should be fixed by Wednesday night.

For the “Hack” portion of the contest, you can find the images for the contest machines here:

(DISCLAIMER: THIS IS A 1.8 GB DOWNLOAD) http://blog.vulnerableminds.com/2007/04/shmoocon-07-hack-or-halo-virtual.html Fastest (FTP) Faster (HTTP) Fast (HTTP) Fast (HTTP)

And the Halo portion you can find here: Halo

The contest that won two “hackers” PS3s at ShmooCon is now open to the public. I found this post on http://hkashfi.blogspot.com/index.html

ShmooCon07 “Hack it” Contest During Shmoocon2007 there was a contest open to interested hackers. If you’re curious about it but hadn`t chance to join the con, well it’s still open for you to check your skills but don’t expect any reward :> If you like to get familiar with challenges in Cons, you can try this one. It’s consisted of 8 levels, each one require different class of skills. you can try it HERE . If you’re not 31337 enough to solve them, here’s the answers for you but I highly recommend you NOT to get it before giving the challenge a try . Such challenges are cool until you do not have the answers and should get them yourself . Finally because this challenge comes from ShmooCon does NOT mean it’s something magical or hard to solve. By S. Hamid Kashfi

I suppressed the link to the answers. You can go to Kashfi’s page if you want those, you cheater. mubix

So, it’s over. ShmooCon and the meet up is finally over. I had a blast, but it put a tax on my time like you wouldn’t believe. I can’t imagine what life is like for the Shmoo group, especially Heidi. I will be posting all of the pictures on flickr shortly. I got to do a lot of other things at ShmooCon other than just the meet up. I had the distinct opportunity to help bag over 1000 bags with swag, Shmooballs, and adverts. And, yes, if you are reading this Freshman, I AM COMPLAINING! However, I will not complain about doing ShmooCon Labs. Here is the network diagram if you wanna see the extent of what would would have paled most enterprise networks. Ok, as for the meet up, I need a name for it, and I am totally not creative, so those 3 who read my blog, I charge you to help a fellow Internet addict out. We had people come from Pauldotcom, Hak.5, Cyberspeak, Martin Mckeay, SploitCast, Simple Nomad, Rodney from the Shmoo Group, Render Man, and a surprise showing of two other security podcasts you should definitely check out, Secthis and Cmdln. It went great except for a few things, which didn’t make it bad, just a little more interesting. Lets just say Murphy tried very hard. The manager that knew about our reservation, that gave us the ok to keep the place open late, and have a tab, went MIA. So we improvised by using a gift card that kept being passed around, taking over the whole place so that a reservation wasn’t needed, and moving the party to another bar after they forced us out. The travel to the bar was another story all by it’s self. We walk about 1.5 miles to the next bar, which no one was sure where it was. Now, “WE” is about 40 of the 50 to 60 people that were at Chipotle, all walking on the side walk, half drunk, a mile and a half. You are now thinking one of two things: 1. That would have been hilarious to see, or 2. People will walk the desert for free beer/drinks. Check out all the media coverage of the event: http://www.technorati.com/photos/tag/shmoocon mubix

I know that I said this was going to be a security blog, but I figured I would continue on my rant on Vista after this happened.

Ok, so there I was…

I saw on Betanews.com a article on Vista Hardware Assessment Tool Addresses Upgrade Dilemmas by Scott M. Fulton, III of Betanews, which toted of a Windows XP tool to check for hardware compatibility for Vista. Curiosity got the best of me, so I downloaded it (25.5 MB). I simply wanted to see if my machine could handle Vista. Installation starts and tells me that it needs SQL Server 2005 Express and that it is going to download and install it for me. And I’m thinking (Oh great, my computer is now going to have an outdated Microsoft SQL server on my system. yay me!) I click ok, whatever. It downloads, then installs SQL Server 2005 Express, and starts to install “Windows Vista Hardware Assessment” (just a tangent, but shouldn’t there be something like “tool” or “wizard” on the end of that?) and it gets to a certain point and stops for a bit. It continues after about 10 minutes. And then stops again at about 65%. At this point I need to go to bed and I do so. I wake up the next morning to be greeted with the following screen:

Yes it was still at around 65% and no my computer wasn’t frozen. So I came to the conclusion that if I can’t even install the “Assessment” then my computer isn’t compatible. I also get the added treasure of a failed install of SQL Server 2005 Express. I wouldn’t suggest this tool until it gets looked at again, or some third party makes the same tool without the need of a insert expletive here SQL Server.

But, that’s just my take on things, I’m just another security guy in a room with a small sign on the door that says “IT Dept”. What would I know?

jd

P.S. Richmond has tried it’s hand at WGA again. Check out my digg article here:
http://www.digg.com/tech_news/Windows_Genuine_Advantage_Part_2

First of all, every blog entry on every blog, is in fact a RANT. So, stating that one is, is kind of pointless. That being said. Here is my rant:

Now that I have changed this part of my blogisphere, I have been getting guff about not covering certain exploits and 0-days. So here it is:

Microsoft Excel 0-day The easiest way to make a unix based system (Mac) insecure: • Step 1: Install a Microsoft Product as for the Windows Versions; DON’T OPEN ATTACHMENTS -While I am on the topic. Word users, watch out as well. milw0rm exploit #3260

I troll all the security sites with my RSS reader, and as soon as I find something that hasn’t been covered to death (i.e. ANOTHER Excel/Word exploit) I’ll post it up.

I’m getting off my soap box. For those that have found my previous ‘rants’ informative and did not send me an email wining that I didn’t cove the aforementioned exploit. I apologize.

But, that’s just my take on things, I’m just another security guy in a room with a small sign on the door that says “IT Dept”. What would I know?

jd

P.S.

Now that I am sorta in the eZine world with the release of Analog.5 for Hak.5. I wanted to tag another eZine well worth reading. Rattle and the folks from .aware created the .aware eZine or lovingly called .behold check it out.

Alright, before you start sending hate mail or posting comments on how you hate my mother for giving birth to me, bare with me.

So, Microsoft puts out their new operating system that is “A New Day”. Microsoft at the launch states that they are already “full speed ahead on SP1”. Microsoft releases that they will be releasing Vienna’s successor in 2009.

Those are the facts. Or, as I like to call them “Time-insensitive” facts. Now time to as you a question:

Who is Microsoft’s biggest customer?

That’s RIGHT! Big business.

Now, what am I thinking as a “Big business” executive that is looking to upgrade my infrastructure?

Right again! I am going to think that Vista has held up this long, I am going to wait for Vienna and save myself the time and money of upgrading to an OS that already has vulnerabilities that aren’t patched, “a la SP1”, that will cost me millions to deploy globally, and it’s server counterpart is still in beta, or, just wait for Vienna and hope for the best.

It’s a hard decision and that is why they get paid the big bucks, but come on Microsoft. The whole wow, shock and amaze factor is gone and these corporate execs are put between a rock and a hard place.

But, that’s just my take on things, I’m just another security guy in a room with a small sign on the door that says “IT Dept”. What would I know?

jd

I’m going to start this whole security thing by taking a look at the new BitLocker technology built in to Vista. Before I begin, I want to specify that I am by no means an expert on BitLocker and all of my information comes from the Microsoft site and a face to face with the engineers at Launch Tour 2007. So lets begin with requirements. You must have a modern motherboard which has a “TPM” or Trusted Platform Module. The reason I say must, is that there IS a third mode where you store your keys on a USB drive. However, if you do this, you are carrying around your keys in clear text on a USB drive. If that didn’t scare you in the least bit, then you are either a rather large individual who scares people enough for them not to want to get near you, or you don’t care about security, in which case you don’t need BitLocker.

So, now that we have the disclaimer out of the way, here is a thousand word on how Bitlocker works:

Basically, your keys are stored on this TPM and are used to unlock the MFT, which has the full volume keys that unlocks the rest of the drive. Cool, we’re in the clear, right?

Q1: What if I want to put the HD into another computer? The new computer’s TPM will not have the correct keys. Well, if the computer was connected and a part of an AD domain err.. I mean “tree”, then you can supposedly find those keys and “PUSH” them to the new TPM. No, the engineer did not know how to “PUSH” said keys. However you could also unlock it using a 36 hex value key. That you can right down.. on a piece of paper… that you might keep near or with your laptop…

Q2: What are the other two modes, and which one do I want?

Transparent operation mode: In this mode, BitLocker is completely transparent to the user. You just boot and log in. Bitlocker still encrypts the whole drive as you see above. But the “authentication” step is where Bitlocker checks to see if “boot files” have remained unmodified. I would be interested in finding out exactly which files it checks and what it checks for.

User authentication mode: In this mode, during boot, before any HD files are accessed, the user is prompted for a PIN. In my opinion, if your boss is dead set on using Bitlocker on all of your drives, you should insist on this one. (But guess what, for all those roadies that keep your computers in “Sleep”, BitLocker doesn’t mean anything. With a U3 device and a cool cygwin script, I can make a unencrypted copy of the system, even if it’s locked out)

So to break it down in conclusion: You have to have newer hardware, AD, roadies who don’t rely on “SLEEP” and educated users. Something tells me the last part of that would be a bit hard to accomplish.

But, that’s just my take on things, I’m just another security guy in a room with a small sign on the door that says “IT Dept”. What would I know?

jd

For more info, check out the wikipedia article: Wikipedia –> Bitlocker

Well, since they mentioned room362.com on Hak.5 live, I guess I have to update this more often. At first I was updating my Vox and this with the same stuff, and then it became just Vox. So I have decided to separate the way I use each. From now on this will be a security blog. More to come. (Yes, actually)

Boss! I can’t come in today. I woke up this morning and found 20 inches of snow in front of my drive way.

Don’t we all wish it was this simple. Anyways, I went home for Christmas, back to Oregon. Had a good time, got some good presents, yup… everything was good.

New Years is coming up. 2007… yeah, the whole millennium thing is wearing off.

As for the key chain, I got a cool skeleton key chain for Christmas that is almost impossible to fit in my pocket, but oh so worth it.

To put a little bit of tech into this boring excuse for a post, I just learned of something called the Microsoft Action Pack. This is a 300 dollar investment that gets you dozens of copies of all of Microsoft’s products, legit, from Microsoft. Check out this link for more information. Or you can digg it.

jd

It has been decided that I, yes, yours truely has been officially inducted into the Killer Coding Ninja Monkey University. There, I will study CS-AH2HC-B. I chose the ‘B’ track over the ‘A’ track because of the professorship at on ‘B’ campus. Being a freshman at KCNM U is quite an honor, and I look forward to good times, and possible joining a frat. Dare I say, even the Lamda Lamda Lamda frat may find me worthy.

Enough of that, I am off to get my books. Come visit some time.

jd