Archive for September 2008

« Previous Entries

Make Love not Cyberwar

September 29, 2008, 11:04 pm

UPI had an article Monday, titled U.S. Urged to go on Offense in Cyberwarfare.

“The best defense is a good offense and an offensive [cyberwar] capability is essential to our national defense,” Rep. Jim Langevin told United Press International, calling it “a necessary deterrent.”
“Warfare is forever changed. … Never again will we see major warfare without a strong cyber component executed as part of it,” the Rhode Island Democrat added, citing the assault on Georgian government Web sites that accompanied Russia’s invasion last month.

Oh you’ll see the enemy quaking in their boots when they see the Cyber Corps coming.
This should have a familiar ring, because back in May 2008 there were articles about the USAF wanting to establish a military botnet so they can ping carpetbomb our enemies back into the stone age.

Tags:
Category: Uncategorized  |  Comment

Circuit City Warranty Anguish

September 24, 2008, 3:40 pm

This post is completely off topic for this blog. I beg your indulgence while I rant for a bit.
In 2005 I bought a Samsung DLP at Circuit City and purchased Circuit City’s extended warranty as well. I normally don’t buy those, but given the price of the TV and the newness of the technology I thought it was worth having a little bit of insurance. The Circuit City Advantage Protection included a bulb replacement which would almost pay for the warranty by itself, so it seemed worth it. Little did I know that I was buying months without TV and many days waiting for a TV repair guy.
In January of 2008, I began to hear buzzing for a extended period of time when I turned on the TV. I called for warranty service and was told that a local TV repair show would call me within 24 hours to schedule an appointment. I did not receive the promised call but the TV difficulties were still tolerable so I didn’t followup.
In April 2008, I found that I could not longer put up with the noise (apparently from a failing color wheel). I called for service and an appointment was set up with G&E Television. On April 7th, a technician from G&E put in a light bulb and left quickly before verifying that the problem was solved. I found that the picture on my TV was actually worse than before. The screen was very dark and was shaded on one side. A followup appointment occurred and G&E replaced the color wheel, light bulb and ballast on April 9th.
While I continued to hear the occasional grinding/buzzing noise at startup it was brief and occasional enough that I considered the problem solved, but was glad to have more time on my warranty in case the situation worsened.
Unfortunately the situation did worsen. My TV began to spontaneously reboot while watching shows. The reboots often occurred at startup and once it rebooted a handful of times it would perform normally. It later progressed to continuous reboots that would not be solved until the plug was pulled. These reboots could occur immediately when the machine is turned on or it might occur an hour after the TV is on.
I called Circuit City Warranty in July to resolve the reboot issue. They scheduled Advance Video to come out on July 9th to look at the problem. It should be noted that G&E Television provided a TWO hour window and Advance Video provided a 5 hour appointment window. Advance Video is located in Baltimore MD according to their website. The technician, Jimmy, said he only comes to Virginia a couple days a week (further slowing response times).
Jimmy could not reproduce the rebooting problem during the brief time he was here, but explained that given what was already swapped out, the problem is likely the light engine. He said I should call him directly if the problem recurs within the next two weeks. Jimmy said he would order the light engine so it would be ready when I called. By Friday the problem had recurred. When I called Jimmy he had not yet ordered the light engine. Jimmy called me on 7/15 and let me know that the part was ordered and would take 5-10 days.
When the part came in Jimmy set up an appointment for 7/31 from 10am-1pm. Jimmy said he would try to work it in on the early side of that. At 1:10pm when I hadn’t heard from Jimmy, I called him. I found out that he was in Woodbridge, which by my estimation is more than 30 minutes away. Since I couldn’t continue to take off work to wait for a TV repairman, I called Circuit City Warranty. They asked if I was available on Saturday 8/2/08 at 11am for Jimmy. At 1:10 pm I received a call from Jimmy who was just leaving Waldorf, MD (50 miles away). Around 2:30 Jimmy finally arrived.
He put in a new light engine and the TV would not power up. He put in the old light engine and it wouldn’t power up. Since it would power up before he arrived I questioned just what he did to the TV. I offered to show him a video I took demonstrating the problem to show that the TV did power up before it just rebooted spontaneously. For some reason he declined to see the video. I would think a technician would want to see that. Jimmy now tells me it will be another 5-10 days to get a power supply in. He claims that he will hold onto the light engine.
I am not happy about the large appointment window times of Advance Video.
I am not happy with the technician missing the large appointment times.
I am not happy this problem has not yet been resolved. It appears to me that rather than having Samsung certified technicians we have jack-of-all-trades technicians who throw parts in the TV until either the consumer gives up or Circuit City declares the TV a total loss.
I am not happy that it takes 5-10 days to get necessary parts for the TV.
8/20 – 2.5 weeks after Jimmy ordered the power supply I still haven’t heard anything.
I call Circuit City Advantage and find I can no longer speak to a human. Instead a automatic ticket is put in for another TV repair company from Maryland to call me! (I eventually get that canceled since my parts are already on order through Advance Video.
I call Jimmy, the part has apparently come in, but they only come to Virginia on Tuesdays and Thursdays.
So I take yet another day off of work as with an appointment window of 12-5 there isn’t much point in going into work.
8/21/2008
“its not the power supply.” exclaims Jimmy
I never thought there was a power supply issue unless he blew it. Turns out there was a loose wire. I suspect he knocked it loose when he was putting in the new light engine
So now it powers up. Because Jimmy had put the original light engine back in it on August 2nd I am still at the original problem reported on July 9th.
Jimmy no longer had the light engine that was ordered for me. Since its a $650 part I wonder what happened to it. He did have a light engine destined for another customer and he received authorization to put that light engine into my TV. It still didn’t work, so he put my original light engine back and diagnosed (guessed) that the problem was the analog and digital circuit boards (those are pretty much the only things left). I asked Jimmy if it would be another 2 weeks to order the boards, he replied “oh no, since we know what the problem is now, it will be much quicker.” That makes no sense.
9/3 I called Advance Video since I haven’t heard back yet.
Oh goody another 12-5 appointment.
9/4
Waiting for jimmy. Fortunately he shows on the early side of the window. Puts in the two boards and a new light bulb.
TV stays up two minutes before rebooting.
Jimmy comments “that the light engines are on back order. Since we already tried a light engine this TV should be declared a loss.”
He tries to call someone for guidance and gets voicemail. Says he will call me back.
9/8
I call Jimmy since he did not call me back. He says that I should have heard back from “victor”. I need to call victor.
9/9
I call Advance Video and ask for Victor.
Victor is on a week of vacation. According to my file I need a light engine.
I told them we already tried one new light engine. I’ve been without a tv for two months and have taken numerous days off work due to their incredibly large appointment window.
They will email victor and call me back.
9/10
I got a call back from advantage video. They say I need to call my warranty people.
9/11
calling circuit city warranty.
They tell me I need to call
888 615 8156 consumer relations option 2 twice
The person at customer relations says “they will send to the exchange dept to get an auth number. It will take 7-10 days. They will call me.”
9/24/2008
Since 14 days have passed, I called them. Jessica says that it will be 14 business days from 9/11.
This post will be updated as the saga continues. As I’ve googled, I’ve found plenty of experiences posted to the web about Circuit City Warranty ripoffs. The best written one is at Made by Mark..
From what I’ve read online, I have several things to look forward to still.
1. Assuming I ever get a “authorization number” rather than being able to use it at my local store, they will pick a random store within a 45 mile radius.
2. Rather than giving me a dollar amount toward a new TV, they will attempt to stick me with some refurb/open box item. I spent months researching HDTV models (look where that got me) and they expect to replace my TV with some random TV that has been kicked around their store room?
9/30/2008 – Progress
I got a call from Circuit City Warrenty and now have a claim number. I’m told to call the entertainment manager at my local circuit city.
So I’ve dodged two bullets 1) its approved, no more long waits 2) its a store of my choice rather than of their selection. That had been a concern.
So the next hurdle is making sure I get money towards a TV of my choice or at the least a TV that is acceptable.

Tags: , ,
Category: Offtopic  |  3 Comments

Firefox 3.0.2

September 23, 2008, 10:14 pm

Firefox 3.0.2 is out with 5 associated security vulnerabilities.
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag

Tags:
Category: General  |  Comment

Adobe Reader Updates Fail in interesting ways.

September 23, 2008, 4:13 pm

I’ve found some of the computers here don’t have Security update 1 for Adobe Reader 8.1.2. There are two different causes.
In case 1, Adobe Reader 8.1.2 is installed but not actually listed in Add/Remove Programs. Because of the way our patch advertisement is written, the computer does not get patched.
In case 2, the security update is listed in Add/Remove programs but annots.api is not updated.
In case 1, depending on how you query the inventory you don’t know you have vulnerable computers. In case 2 you think you are patched but you actually are not. Adobe sure makes things interesting.

Tags:
Category: General  |  1 Comment

Bitlocker podcast with Paul Cook

September 17, 2008, 2:01 pm

Today I listened to a recording of Paul Cooke posted at MyitForum, Director in the Windows Client division specializing in security, where he discusses BitLocker Drive Encryption, and how it has been extended in Windows Vista SP1.
Its been a while since I’d read anything on bitlocker. Since GuardianEdge did a number on my laptop I am interested to see if its worth continuing with GE if we ever upgrade to Vista.
SP1 enhancements:
- Can now require TPM, PIN and USB all together.
- Can now encrypt data volumes instead of only the OS/primary volume.
TPM 1.2 is required (if you use the TPM option). That sounds like quite a hassle, making sure the TPM chip is enabled on the computers that are coming in.
Recovery involves a 48 digit PIN. That sounds like a real joy to read off to the end user. What rights does the helpdesk need to access that number anyway? With our current product while you are reading off numbers to the user, there is a check digit returned to verify correct entry.

Tags: ,
Category: Microsoft  |  1 Comment

Guardian Edge 8.7 upgrade saga

September 15, 2008, 2:42 pm

Recently I decided to look at upgrading our Guardian Edge Hard Disk Encryption to version 8.7. I was hoping it would resolve some of the flakiness with the version we currently have deployed.
What I found instead was more flakiness and tech support that I’m pretty sure must be sent through the babelfish before it sent to me.
One of the first things I ran into is that when upgrading you need to copy the old installation MSIs into the new installation directory. I sent Guardian Edge support an email and asked them:

  • Why are the old files needed?
  • Isn’t it normal for a MSI install to keep the installation files cached locally for repair and/or uninstall
  • Isn’t it normal if the original install files are needed and they aren’t cached locally to silently check the original install source?
  • Isn’t it normally to then prompt the user for the needed files rather than exiting the install with a “file not found” error
  • If some clients are on 8.2.4 and others are on 8.5 and I’m upgrading to 8.7 can I just put the 8.5 install files in the directory or do I need to make a separate install package for upgrading from 8.2.4 (since 8.2.4 and 8.5 install files use the same name.

Which one of these questions was answered by support? If you answered not a one, you are correct.
Next I ran into a couple of strange issues. On a few XP computers, the Guardian Edge Framework upgraded to 8.7 but the Guardian Edge Hard Disk did not upgrade.
On my Vista computer, it would not install at all. I opened a ticket about the second case and was told that when creating the MSI install package the destination folder needs to be “full control”. Having read the install/upgrade guide, I had seen that. I asked what is meant by full control. The install directory already had permissions of Administrators:Full Control and System: Full Control. Guardian Edge support then wanted to set up a phone call for followup. I felt I’d asked a rather vanilla question, and decided to review the manuals. I found that the permissions on the folders where the MSI files are created is actually incorporated into the MSI. I’ve never seen anything like that before! I set the destination folder for the MSIs to Everyone:Full Control and recreated the install packages. This time I was able to install Guardian Edge Hard Disk Encryption onto my Vista computer.
At this point I thought everything was ok, in spite of the lack of support I’d received from Guardian Edge. A reasonable explanation was found for my install errors. I’d be able to go forward with a 8.7 upgrade.
Monday morning came and I booted the Vista laptop on which I had installed GE 8.7. Instead of booting I received an error “The EAFS volumes contain errors. Run Recover.”
I booted to a USB drive and ran “recover /a” to repair the Guardian Edge databases. This did not solve the problem so I opened another case with Guardian Edge. First I attempted to call their 866 number. That resulted in a long pause followed by a fast busy signal. Next I opened a case through salesforce.com. I described the error and what I had done thus far and asked if it was ok to use the 8.2.0 Hard Disk Access Utility on a 8.7 client. The response I got was to use the latest version but it didn’t answer what is the latest version or where to get it. I’m following up on that. I’m concerned because last time I asked for this utility they sent it FedEx rather than providing a ISO download.
I was so hoping to write something positive about Guardian Edge this month.

Tags:
Category: FDE  |  4 Comments

Missing Remote Registry Permissions

September 13, 2008, 8:54 am

I found that I couldn’t remotely access the registry or event viewer on my kiosk computers. I was rebuffed with a “Access Denied” error message. My kiosk computers are locked down via Group Policy so that was my first suspect.
I looked through the kiosk Group Policy and didn’t find anything obvious so I checked with a co-worker. He found a KB article that pointed out that the permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg control remote access to the registry and event log. That had slipped my mind.
It turned out that the group policy (originally a Windows 2000 group policy) had applied permissions to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg. The setting removed the native XP permission and replaced it with a more restrictive permission . Windows XP uses the local service account for remote registry access. My policy removed that necessary permission. To resolve the problem, I gave local service read access to the registry value. See MSKB892192 for step by step instruction.

Tags:
Category: Microsoft  |  1 Comment

Virginia High Court Strike Down Anti-Spam Law

September 12, 2008, 12:01 pm

http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?hpid=topnews
In 2004 Jeremy Jaynes was convicted under Virginia’s Anti-Spam law for sending 10 million spam emails through AOL servers located in Virginia.
Virginia’s Supreme Court has overturned that conviction and struck down the Anti-spam law.
“The court unanimously agreed with Jeremy Jaynes’ argument that the law violates the free-speech protections of the First Amendment because it does not just restrict commercial e-mails.”
The weak Federal CAN-SPAM law that has done nothing to stop spam remains in effect.
Here is a link to the ruling.

Tags: , ,
Category: Cyberlaw, Spam  |  Comment

Remember 9/11/01

September 11, 2008, 1:50 pm

911.png
Remember Rick Rescorla

Category: Awareness, Physical Security  |  5 Comments

No Chrome for SEP Users

September 9, 2008, 10:57 am

According to a Symantec Knowledge Base article and complaining posters in the Symantec Forums, Symantec Endpoint Protection (SEP) 11 does not work with Google Chrome when the Application and Device portion of SEP is installed.
One workaround is to disable Chrome sandboxing. I’d tend to recommend that over disabling Application and Device Control in SEP. If any of my users were found to be disabling portions of SEP, they would be in violation of company policy regarding circumventing security software.
I used to have problems like this with our old personal firewall. To control what applications can run, the process has to be wrapped up. Some applications dont like that and crash. In the old personal firewall it was as simple as editing a “ignore” line into the configuration file. In SEP, I get the feeling we have to wait for a maintenance patch.

Tags: ,
Category: Antivirus  |  2 Comments
« Previous Entries