Ed Stoffel

While I was out Thursday, our maids were cleaning in my office, vacuuming, and moving things around. After knocking my keyboard and mouse cables out, they plugged them back in, but crossed them into the wrong sockets.

When I returned, I found my keyboard and mouse both unable to wake up the computer. So I tried to reboot. The PC wouldn't respond to holding down the power button for 7 seconds... what I usually do if the PC freezes up. So I switched off power in the back and turned it back on, finally causing the PC to begin the rebooting process. Windows began to load, but froze part way in. I attempted a safe boot, but this too froze up.

I tried installing my hard drive in an old Dell computer, but Vista wouldn't boot there, telling me I needed to run recovery from the original OS disc. After several minutes of this, it told me it couldn't recover anything.

So I installed this hard drive as a secondary drive on an XP system. Here, I was able to view the drive just fine, and ran Spinrite to see if the drive was failing in some way. After running in recovery mode overnight, Spinrite reported that there were no problems with the drive.

Back in its original case, I attempted to boot the system, and it loaded the desktop, but after running the processor at 100% for about 30 seconds, it froze up again. I'm thinking it's a heat-related problem since it went further booting from a cold machine... but after warming up, it still failed. I removed the processor's fan and applied new thermal grease, but the failure still occurs.

Could the maids' plugging my keyboard and mouse in wrong have shorted out the motherboard? Could plugging in a vacuum close by have caused a fatal power surge? I have the equipment in a UPS, but if they also plugged into the UPS, a surge could have occurred inside of the protection, therefore reaching the computer.

I picked up a new power supply, jumping from 300W up to 450W, to see if it just needed a little more juice. That didn't solve the problem. I don't think it's an OS problem because sometimes, it won't even power up unless I wait a bit. That seems like a heat related problem, not a total failure. This is occurring even before the computer starts loading the OS.

I've ordered a new barebones kit with a new motherboard, processor, memory, and video card. I've also picked up a new SATA hard drive, and will use Seagate's disk wizard utility to clone my existing drive onto the new one. If that works, then I'll have my primary system up and running later in the week. Will it work to clone the drive and use it with new hardware? Or will Vista fuss about the change of a motherboard? Will it deactivate itself? I'd rather not reinstall everything if it can be avoided, but will do so if I must.

Then, I'll experiment to see what it takes to get the old one going again later. If a new processor doesn't do it, I may just scrap the computer, along with its video card and memory, which are incompatible with the new system.

Early last year, I was testing Linux as an alternate OS. While it has some security advantages, I found I wasn't able to easily perform many of the things I do in Windows. So I took another look at Vista. Watching security issues closely over the last year, more and more critical alerts have dealt with Microsoft XP vulnerabilities that don't occur in Vista. And while I'm sure Vista vulnerabilities exist, the way Vista is designed is already offering protection that is absent in XP.

I purchased the upgrade version of Vista, and found it required that I install it over an installation of XP. (Showing it my XP CD was inadequate.) However, once Vista verified that I was eligible to use the upgrade version, I was able to select a "clean install" option, which formatted the hard drive and started fresh. I then installed the applications I use which did not require upgrades for Vista: Microsoft Office XP, Quickbooks Pro 2007, and Macromedia Dreamweaver MX 2004. I also installed the following software without issues: Firefox, AVG-AV, iTunes, Audible Download Mgr, dB PowerAmp Music Converter, efax, Cyberpower, and JungleDisk.

Before installing Vista, it had scanned my applications and informed me that I should upgrade Microsoft Money, Nero, and Adobe Acrobat to Vista-compatible versions. To upgrade Nero, I purchased a DVD drive which came with Nero 7, instead of buying Nero alone for about the same price.

Vista discovered my printers and installed the appropriate drivers (HP Deskjet D1420 and Brother MFC240C). However, Brother has not released a Vista version of their printer control suite for scanning, faxing, etc. So I installed another HP printer, which integrated both of HP printers nicely in the "HP Solutions Center" control suite. The HP Officejet 6310 is a nice networkable all-in-one printer which was very easy to install on everyone's Vista laptops without using the CD. However, those in the house still on XP had to use the CD and create a local IP port for connecting to the new printer. In the past, I would install printers on my computer and share them, requiring that my computer stay on for others to use those shared printers. With a true network able printer (one that has its own IP address), others can access it directly, and my computer doesn't have to stay on.

I was using the Logisys KB608BK, an illuminated keyboard with shortcut buttons for Office, Internet and Multimedia. The standard keys continued to work in Vista, but to date, they do not offer Vista drivers for the shortcut buttons. Attempting to install their XP drivers in Vista crashed the OS.

After using Vista for a few months, I tried reinstalling Linux Xandros 4.1 on the same drive, using a boot loader to choose which OS to run. Xandros ran fine, but something about it KILLED Vista. After spending hours trying to repair it, I ended up reinstalling Vista by itself. I wish that Xandros offered an easy uninstaller that would remove entire installation including the modified MBR, but the Xandros CD didn't offer this as an option.

Today, our family has four computers running Vista, and four still running XP. Over the last few months, the machines with problems have been the XP machines. At my desk, I still keep an XP machine standing by, just in case, but I haven't needed it. While I'm not ready to eliminate all the XP machines just yet, I'm quite happy with Vista's performance.

A report released by the Joint Forces Command confirms Hussein supported a number of terrorists and terrorist activities inside and outside Iraq. The report failed to identify a "direct link" between Hussein and terrorists calling themselves "al Qaeda," but found that Hussein co-operated with them.

The Iraqi regime was involved in regional and international terrorist operations prior to Operation Iraqi Freedom. The predominant targets of Iraqi state terror operations were Iraqi citizens, both inside and outside of Iraq. State sponsorship of terrorism became such a routine tool of state power that Iraq developed elaborate bureaucratic processes to monitor progress and accountability in the recruiting, training and resourcing of terrorists.

The report cited such examples as training for car bombs and suicide bombings in 1999 and 2000, both of which U.S. and Iraqi forces have struggled to contain since the rise of the insurgency in summer 2003.

 Pentagon Report Finds No Direct Saddam-al-Qaida Connection, VOA

 Also see: Saddam's Dangerous Friends: What a Pentagon review of 600,000 Iraqi documents tells us, Weekly Standard

While virtualization offers advantages over traditional software deployment, it also offers new security challenges. Processes that extend beyond the container's boundaries introduce risks that what happens in VM might not stay inside VM. Don Simard, the commercial solutions director at the U.S. National Security Agency, explained the problem to InfoWorld...

...NSA realized that this benefit of virtualization also introduced a new potential threat. After all, Simard said, "graphics cards and network cards today are really miniature computers that see everything in all the VMs." In other words, they could be used as spies across all the VMs, letting a single PC spy on multiple networks. Although he's not aware of any such spyware today, it's not a problem the NSA wants to experience or see happen in other intelligence agencies.

 Virtualization's secret security threats, InfoWorld

Researchers at the University of Maryland have developed software to aid in the prediction of terror behavior around the globe. The SOMA Terror Organization Portal (STOP) uses existing data to get ahead of possible future events...

SOMA has generated tens of thousands of rules about the likely behavior of each of around 30 terrorist groups, including major terrorist outfits such as Hezbollah, Hamas, and Hezb-I-Islami. In addition to offering accurate behavioral models and forecasting algorithms, STOP can act as a virtual roundtable for terrorism experts to gather around and form a rich community that transcends artificial boundaries.

 STOP Terrorism Software Developed, Techtree

It looks like many disk encryption schemes are vulnerable if someone has physical access to your drive, thanks to researchers with Princeton University and the Electronic Frontier Foundation. They've discovered a flaw and published their findings...

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM. The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

Sounds like it's best to use an encryption scheme that doesn't preserve anything in RAM once you shutdown... at least not in readable form.

 Researchers: Disk Encryption Not Secure, Wired

 Cold Boot Attacks on Encryption Keys, Center for Information Technology Policy, Princeton University

 Update: RAM Hijacks, Security Now, Episode 137

In a recent security audit of a typical American company, investigators found it to be child's play to obtain confidential information about the company's secrets. Positioned across the street, they intercepted a large number of telephone conversations transmitted in the clear because a significant number of employees were using wireless headsets.

To perform the work, we purchased a commercially available radio scanner. These devices are available at any local electronics retailer at prices ranging from $80 to several thousand dollars. We chose a scanner capable of monitoring frequencies from 900 to 928MHz and the 1.2GHz ranges, which is where many of the popular hands-free headsets operate. We took a position across the street from the facility and started up the scanner. Within seconds of turning on the device, we were able to listen to conversations that appeared to be coming from our client's employees. Several of these conversations discussed the business in detail, as well as very sensitive topics... Within minutes of this discovery, we contacted our customer and explained the vulnerability... To demonstrate the sensitivity of what we discovered, we used the conversations we recorded to social engineer our way into the facility.

 Transcript of Episode 130, Security Now

Debra Burlingame revisits the Clintons' pardon of terrorists. What message did these pardons send to other terrorists around the world? The pardoned terrorists never renounced violence, and Hillary said she supported the pardons... until the public outcry began.

The perpetrators were members of Armed Forces of National Liberation, FALN (the Spanish acronym), a clandestine terrorist group devoted to bringing about independence for Puerto Rico through violent means. Its members waged war on America with bombings, arson, kidnappings, prison escapes, threats and intimidation. The most gruesome attack was the 1975 Fraunces Tavern bombing in Lower Manhattan. Timed to go off during the lunch-hour rush, the explosion decapitated one of the four people killed and injured another 60. ...By 1996, the FBI had linked FALN to 146 bombings and a string of armed robberies -- a reign of terror that resulted in nine deaths and hundreds of injured victims.

 The Clintons' Terror Pardons, WSJ

David Crist writes in today's NY Times that Iran's small boats are actually a big problem that we've known about for years.

In December, the Whidbey Island, a Navy dock-landing ship, fired warning shots at small Iranian craft that came too close. Three days later the frigate Carr was forced to use its ship’s horn to ward off three Iranian small boats, two of which were armed, according to Navy spokesmen. While these incidents may not seem alarming to those who’ve never served on a potentially vulnerable modern warship, they fit into a worrisome pattern, a two-decade-old military strategy by Iran intended to counter the United States presence in the Persian Gulf.

 Iran's Small Boats Are a Big Problem, David Crist, NY Times

Opera Mini is a browser people are running on their PDAs. Problem is, they are modifying all the webpages, and decrypting your SSL traffic. Doing so, they're causing webpages pages you thought were secure to travel in the clear, exposing your passwords, credit card information, and everything you thought was encrypted on the net...

Steve Gibson: Now, the reason they're doing this is that this server that the Opera Mini browser connects to is really doing a lot of good work for the user. It is rewriting pages, web pages on the fly, rewriting JavaScript on the fly, essentially turning web pages that were never designed to be seen on a very small screen on a very lightweight and lower powered browser, making them work. ... If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile. Opera Mini users a transcoder server, as they call it, to translate HTML, CSS, JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation the Opera Mini server needs to have access to the unencrypted version of the web page. Therefore, no end-to-end encryption between the client and the remote web server is possible.

 Transcript of Episode 126, Security Now

Steve Gibson responds to an inquiry about the insecurity of wireless keyboards, informing listeners of Security Now that the Microsoft Wireless keyboards are so easy to intercept and decode, it's child's play:

Steve: Yup. Get a load of this. It's not a 1-bit shift register. It's a 1-byte static byte that is XORed with the data from the keyboard.

Leo: So would that be pretty easy to reverse engineer?

Steve: Leo, it'd be hard not to reverse engineer. It is horrifying. It's horrifying.

Leo: And this is true not just for Microsoft, but do other keyboards do it this way?

Steve: Well, apparently Logitech has recognized that this is a problem that's sooner or later going to get exposed. Microsoft's wireless keyboards do this. The 1000 series and the 2000 series have been examined. The 3000 and the 4000 have not been. But it appears to be the same for them. Logitech has, like, a secure connect...

Leo: They have an encrypted keyboard, yeah.

Steve: Yeah. And so they're boasting about that. But the extremely popular Microsoft keyboards, during the so-called "association phase," the keyboard chooses a random byte, one byte of randomness, and provides it to the reader. Then the keystrokes you type are XORed with that one byte. Which means, as we know, there are 256 possible combinations of one byte, that the one byte can have. All you have to do is suck in a bunch of characters, you know, wait a few minutes for someone to type 20 or 30, and then in a heartbeat you could check every possible byte. One of them will turn what they're typing into English or clear text or whatever language they're typing in. In that case, at that point, their keyboard is decrypted for all intents and purposes, deciphered. What this means, of course, is that in a situation where people are within sniffing distance, radio distance of a keyboard, you absolutely have to consider that it is not safe. Keyboards are using a low frequency, 27MHz, which is extremely easy to receive, meaning that in an apartment building, neighbors who have a wireless keyboard could have everything they're typing trivially decrypted, if it's at least on these Microsoft Series 1000 and 2000 keyboards, and probably other keyboards. So it's definitely a concern.

 Transcript of Episode 122, Security Now