Posted on

Using ISO CD Images with Windows

When CD-R drives first turned up you needed special software to write anything – originally produced by Adaptec but soon overtaken by Nero, with NTI and Ulead having lower cost options. Now, when you get a PC it will usually come with one of the above bundled to do the job, and Microsoft has added the functionally to Windows since XP (for CD, if not DVD). Not good news for the independent producers, but Microsoft’s offering doesn’t quite make it so you do need something else.
My new Lenovo PC cable bundled with Corel Burn.Now. Corel recently bought the struggling Ulead, and this is fundamentally the same product. Unfortunately Burn.Now just doesn’t cut it – it can’t do the basics.
To duplicate a CD you need to copy all the data on it. Pretty obvious really! If you’re not copying drive-to-drive it makes sense to copy the data to a .ISO image on your hard disk. You can then transfer it to another machine, back it up or whatever, and write it to a new blank disk later. Burn.Now will create a CD from an ISO image, but if you ask it to copy a disk it uses its own weird and whacky .ixb format. Some versions of Burn.Now gave you the choice, but not with the new Corel one. This matters, because whilst everyone can write .ISO files, only Burn.Now can use .IXB.
So Burn.Now is no use. What about Microsoft’s current built-in options? You can actually write an ISO image using Windows 7 – just right-click on the file and select “Burn disc image”. Unfortunately there is no way to actually create such a file with Windows. To do this you need add Alex Feinman’s excellent ISO Recorder, which basically does the opposite: Right-click on the CD drive and select Create Image from CD/DVD.
I’ve yet to find an easy way of creating an ISO image using files and Lenovo’s Corel Burn.Now, but you can at least create a disk and then copy the ISO image off for archive and later duplication.
Unfortunately ISO Recorder doesn’t read all disks – it won’t handle Red Book for a start. This is a bit of a limitation – was Mr Feinman concerned about music piracy? Given Windows Media Player can clone everything on an Audio CD without difficult it won’t make a lot of difference.
So – Windows is its usual painful self. If you just want to simply create an image of a CD or DVD with no bells and whistles, go to UNIX where it’s been “built in” since the 1980’s (when CD-ROMs first appeared). Just use the original “dd” command:

dd if=/dev/acd0 of=my-file-name.iso bs=2048
An ISO file is simply a straight copy of the data on the disk, so this will create one for you. You can write it back using:

# burncd -f /dev/acd0 data my-file-name.iso fixate
Or
# cdrecord dev=1,2,3 my-file-name.iso

Burncd is built in to FreeBSD (and Linux, IIRC), but only works with atapi drives. In the example it assumes the CD recorder is on /dev/acd0 (actually the default).
Cdrecord works with non atapi drives to, but has to be built from ports on FreeBSD and for other platforms it’s available here http://cdrecord.berlios.de/old/private/cdrecord.html – along with lots of other good stuff. The example assumes the device is 1,2,3 – which is unlikely! Run cdrecord -scanbus to locate the parameters for your drive.

Posted on

Nominet finally goes to court

Nominet Logo

If you’ve never heard of Nominet, you should have. It’s the organisation that manages most of the domain names ending in .uk. It was set up in 1996 as a company when the previous arrangements (known as the Naming Committee) became overwhelmed. The Naming Committee granted the use of domain names to their rightful owners for no charge, but only their rightful owners. Nominet charged, and was more relaxed about who it sold things to – being too picky meant less income, and it needed income to cope with the increased demand for Internet services.

The snag with this new arrangement was that it allowed speculators to register as many domain names as they wished, with a view to charging end users money to use something they’d pre-registered. This is known as cyber-squatting, although people in this business prefer to call themselves “domainers”.

Nominet was created for the benefit of Internet users in the UK, not cyber-squatters. Unfortunately, cyber-squatters register more domain names than anyone else (as they would), and started to get an undue influence based on their size. Cyber-squatters make various claims about how they’re important for a “vibrant market” in domain names, but there’s no benefit to society in such a market. You could say they’re trading in something that should be free to legitimate users. Some would go as far as to call them parasites. If any cyber-squatters or domainers wish to explain exactly why the label is unfair, please enlighten me.

Anyway, the Nominet board isn’t stupid and has, in recent years, done a lot to skew things in favour of UK Internet users. Not enough as far as I’m concerned, but they’re trying to look after the majority. The cyber-squatters don’t like this, and have started personal attacks on Nominet’s CEO, Lesley Cowley in an attempt to get rid of her with a view to installing someone more of their liking. What’s really upset them was a consultation to allow people to register names directly under .uk, without a .co.uk or .org.uk. For example, Tesco could have been tesco.uk, as is often the case in other countries. Legitimate UK ownership would have been verified, like in the old days, but they would also have cost more. Cyber-squatters hated the idea, because their current stock-pile of .co.uk names would have been somewhat devalued! They had to defeat Nominet in order to preserve their “investment”. The rest of us would have quite like to see the speculators clobbered, although I’ve never had the feeling that was Nominet’s intention.

Nominet has finally had enough, and late this afternoon launched a High Court action against Graeme Wingate and his company That Internet Ltd, citing “[unacceptable] harassment and victimisation of our staff”. What this is really about is whether Nominet is run for the benefit of everyone, or the cyber-squatters.

 

Posted on

Red October or Red Herring





Kaspersky Labs has announced that someone had been conducting a hitherto unknown campaign wide-scale international espionage, dubbed Red October, for many years. Except it that I don’t think it has.

The story broke quietly on Friday in the Washington Post and has been repeated over some Internet news sites and blogs, almost verbatim, yesterday and today. Although keen for breaking news (especially where international intrigue is concerned), one should really take a step back and match the claims with the substance.

You can find the report here, although not the the Kaspersky site. It’s not the subject of any press release I’ve seen. No one could be contacted at Kaspersky for comment. Hmm. Specialist IT security sites, like Steve Gold’s IT Security Pro, aren’t treating this as a top story either. The only reason I’m hitting the keyboard is that people keep drawing it to my attention.

The report (assuming it isn’t a hoax) does contain a good analysis of what appears to be a new-ish botnet, although one that’s not very widespread (we’re not talking about Flame V2 here). Kaspersky has a lot of smart cookies working for them, and they do some very valuable research, but reading the posts on the subject you’d think they’d uncovered the next Watergate or similar. Perhaps they have, but all I’m seeing details so far  is of another botnet.

If their analysis is correct, the perpetrators do seem to be targeting government and diplomatic sites in particular, but this isn’t actually novel. They’ve identified targets in most of the developed world, with the interesting exception of England and China. As the code appears to be of Russian origin, and not particularly well obfuscated, it’s also noteworthy that the majority of the attacks have been launched against Russian targets.

So, as it stands, this looks like a competent investigations of a botnet. Well done Kaspersky. Now lets get some sleep.

 

Posted on

New Java exploit in the wild

Today AlienVault reported yet another vulnerability in Java, similar to CVE-2012-4681. Their head of Labs Jaime Blasco got hold of it and has been playing with it on a fully patched Java installation, and according to them, it works. If you fancy trying  it yourself, here are the details.

With Java embedded in to most web browsers (and if you don’t know about yours, it’s probably is), this is serious stuff. All you need do is go to a web page with some nasty embedded Java on it (by following a link in an email) and your machine is vulnerable to takeover. If you want to check whether Java is enabled on your browser, click here and check the version. If it returns “”No working Java was detected on your system…” then you’re okay. Right now, the only good Java is a dead one.

When Java first appeared as a cross-platform application language, much play was made of it being “sandboxed”, so a Java application was insulated from other applications and the host operating system. It didn’t take long for features to be added to allow it to manipulate files on the local system, providing obvious ways to break out. Security consists of guessing the ways this may occur and blocking them. This is a recipe for disaster unless the code is very taught. Opening the gates and then screening is the opposite of secure system design.

I realised something was wrong when a Sun evangelist tried to sell me on the idea of embedded Java – “We’ve reduced the footprint to 4Mb”. This was back in 1998, and 4Mb of ROM  on an embedded system was a hell of a lot. And it’s not just the size – 4Mb of code for doing what should be pretty straightforward stuff rang alarm bells. I don’t know about embedded Java, but the current JVM running on PCs is now talking in Gb. It’s hugely inefficient, which is a price you might choose to pay, but from a security point of view there’s no way you’re going to have that much code without all sorts of nasty stuff lurking away forgotten. Which explains why it keeps on coming out to bite us.

The only way to avoid your PC (or Macintosh or Linux box) being compromised is to disable the JVM until Oracle issue a patch for it.

 

Posted on

Bitlocker, PGP and TrueCrypt encryption broken (sort-of)

ElcomSoft has released a utility called Forensic Disk Decryptor that can get the data off encrypted hard drives without knowing the password. According to their web site it:

  • Decrypts information stored in three most popular crypto containers
  • Mounts encrypted BitLocker, PGP and TrueCrypt volumes

Amazing!

In complete decryption mode, Elcomsoft Forensic Disk Decryptor will automatically decrypt the entire content of the encrypted container, providing investigators with full, unrestricted access to absolutely all information stored on encrypted volumes.

Wow!

Elcomsoft Disk Decryptor PackageReading the technical details further, it’s not quite so amazing – they haven’t found a back-door to these encryption algorithms. Instead they’re examining the machine’s core (memory/RAM in user-land parlance) and pinching the key when they find it. This does, unfortunately, require that the machine in question is already running and decryption to be taking place ‘cos its user has already entered the password. This isn’t has hopeless as it sounds as there may be a core-dump (hibernation file) kicking around on an unencrypted hard disk, and indeed this is a known technique (one of very few) for getting data off these drives. Other methods are  scaring your suspect with a slap on the wrist if they don’t cough up the password, or running a trojan on the suspect’s PC (questionable legality).

According to ElcomSoft’s CEO, Vladimir Katalov, “Our customers asked us for a tool like this for a long, long time. We’re finally releasing a product that’s able to access encrypted volumes produced by all three popular crypto containers.”

ElcomSoft is a company that certainly knows what it’s doing, and this tool appears to automate a process that’s a PITA to do manually, but Mr. Katalov’s miraculous claims for the product shouldn’t unduly worry the user’s of this technology. It’s probably a good tool but it can’t do anything that wasn’t possible before.

Posted on

Government’s Daft Communications Bill

Never mind the privicy aspects, the communication’s bill is worrying because it shows the government has no idea at all about how communications on the Internet work. They seem to thing that passing a law allowing agencies to record the fact of, and possibly intercept, Internet communications will make it technically possible for them to do so. It will not. It’s as daft as passing a law to ban “recreational” drug use and then expecting the problem to disappear.

Posted on

My name is Elena and I live in small city in Russia.

You may have seen one or more of these in your inbox in the last few days:

Hello,
 
My name is Elena and I live in small city in Russia. I have a little daughter and no husband since he left us. Due to deep crisis recently I losted job and can not pay the heating bills for our home anymore. I finded your address at website and decided to write you from a public library. We urgent need heating because winter arriving and the temperature in our home is very cold. We can heat our home with a portable woodburner, but we unable buy it because it cost too much for us. If you own any old transportable woodburner from cast iron which you don’t use anymore, I pray you can gift to us and transport of it to us.
 
I hope for your answer.
 
Elena.

Okay – it’s obviously a scam, but it’s interesting as it’s getting through most spam filters. It actually originates from Tellas in Greece, from mail servers that aren’t blacklisted – although today it moved on to ADSL lines.

Reading the text, it’s  reminiscent of various “I’m a poor Russian in trouble” panhandles that appear annually at about this time of year. If you reply (it’s been tried) the person at the other end will suggest that instead of sending the stove you just send the money as she can buy one from the local market for a figure just under $200.

What I’m not so sure of is that the scammer is actually even Russian in this instance, as the language isn’t quite right. Russian speakers (in fact most East Europeans) are notoriously bad at using the definite or indefinite article (‘it’ or ‘a’) because it doesn’t exist in their language. This person fails to use it pretty consistently  thus sounding like a Russian trying to speak English, but slips up with “…buy it because it cost…”. She also has “…a little daughter…”. It suggests American, as a linguist friend pointed out, because of the use of “home” instead of “house” and “woodburner” instead of “wood burning stove”.

You might wonder why on earth the request is for a cast iron stove. Are the collecting them from scrap iron? Well, no – when you think about it, if you offer them a stove the shipping will be prohibitively expensive (they are heavy) so you can save money by simply sending the cash.

Anyone up on this kind of thing will  have been thinking “Valentin Mikhaylin” from the start. Okay, he changed the name to Elana in 2007 (or sometimes Valentin and his mother, Elana), but the stove story has been used for at least ten years. It has all the hallmarks, except one: This year the spams are getting through. This could be the scammer’s undoing – as everyone is receiving multiple copies it’s lost all plausibility in 2012. So what will 2013 be about, one wonders?

Posted on

Don’t use your real birthday on web sites

You’d have to be completely crazy to enter your name, address and date-of-birth when registering on a web site if you had any inkling of the security implications. Put simply, these are security questions commonly used by your bank and you really don’t want such information falling in to the wrong hands. So, security-savvy people use a fake DOB on different web sites. If you want to play fair with a site that’s asking this for demographic research, use approximately the correct year by all means, but don’t give them you mother’s real maiden name or anything else used by banks or government agencies to verify your identity, or the criminals will end up using it for their own purposes (i.e. emptying your bank account).

That banks, or anyone else, use personal details that can be uncovered with a bit of research at the public record office is a worry in itself. It’s only a minor hindrance to fraudulent criminals unless you provide random strings and insist to your bank that your father married a Miss Iyklandhqys. The bank might get uppity about it, but they should be more interested in security than genealogy.

This common knowledge, and common sense advice was repeated by civil servant from the Cabinet Office called Andy Smith at the Parliament and the Internet Conference at Portcullis House a few days ago. I’ve never met him, but he seems to have a better grasp of security than most of the government and civil service.

Enter Ms Goodman – Labour MP for Bishop Auckland. She heard this and declared his advice as “totally outrageous”, and went on to say that “I was genuinely shocked that a public official could say such a thing.”

I wish I was genuinely shocked at the dangerous ignorance of many MPs, but I can’t say that I am. Her political masters (New Labour) haven’t acted nearly quickly enough to suppress this foolish person. In her defence, she used the context that people used anonymous account to bully others. This doesn’t bear any scrutiny at all.

When are we going to find a politician with the faintest clue about how cyber security works? The fact that this ignoramus hasn’t disappeared under a barrage of criticism suggests that this isn’t an isolated problem – they’re all as culpable. Her biography shows just how qualified she is to talk about cyber security (or life outside of the Westminster bubble). I’ve no idea what she’s like as a person or MP, but a security expert she isn’t.

I do hope they listen to Andy Smith.

 

Posted on

Interesting things at IP Expo 2012

IP Expo (nee. Storage) is on in London’s Earls Court Two for one more day. As a show it’s target remains a bit undefined (a show about Internet Protocol? Or do they mean Intellectual Property),  but that’s what can make it interesting.

This year there’s less of the mind-boggling high-end storage and more general network services from software and hardware vendors – in particular, vitallisation is the hot topic (yawn).

This is a quick impression; get down there and see for yourself or wait for a full report later.

One interesting stand is Firebrick, present for the first time. You can’t miss them, (a) because they’re in front of the main entrance one row back; and (b) they’ve got a life-sized fibreglass Orc on the stand. They’ll happily take your photograph standing with it, print it out and also give you a link to it for download within a matter of seconds.

Firebrick is a range of rather good network gateway devices (call them firewalls if you will, but that doesn’t really cover it). It’s their own technology, and it’s very clever. The latest clever stuff is the on-board SIP VoIP management, and a very reasonably priced service that can turn your 3G handset into a SIP extension. I’m not talking about a SIP App for a smartphone here; this is a SIM that integrates a mobile ‘phone in to your IP PABX.

Virtualisation is very popular, and so is security. Everyone’s got a security solution for virtualised server environments. A lot more on this topic later.

Trend has an amusing sign on their stand “Vurtualisation is becoming a reality”. Well what do you know? Are they recycling stands from five years ago, or just a bit slow to catch on. Actually, Trend has been ahead on integrating with VMWare at the hypervisor level, so it’s either a daft statement from the marketing department or an old sign but it’s too good a conversation opener to ignore. They’ll be sick if it by the end of the show.

Bit9, the security company from Massachusetts, is a the show. I like them; they’re sensible about what technology can and can’t do. This may not be a popular business model, but they give me more confidence than most of getting an accurate assessment where it matters.

Off to mingle..

Posted on

Nominet announces consultation on new .uk domains

Nominet is starting a three-month consultation on issuing domain names directly under the .uk TLD. According to Eleanor Bradley, Nominet’s Director of Operations, this development will allow new companies to purchase domain names (presumably because the .co.uk is in the hands of cyber squatters), and also be more secure by checking that the registrant has a UK address and providing daily monitoring for malicious software on the domain (presumably they mean associated web site here).

Nominet is justifying this because they say their new domain space will help to guard the UK against cyber crime, which costs the UK £27B per year.

Nominet is supposed to ensure that UK registrants are okay in any case – although it’s currently based on public complains when an anomaly is found. Their claim about ensuring that such web sites will be monitored and malware free is just about the craziest promise Nominet could be making. Whoever dreamt this up clearly has no idea about the risks and mechanisms that are used to pervert web sites for malware delivery – there is no way Nominet can check.

What I’ve heard so far is just another scheme for Nominet and cyber squatters (or domainers as they prefer to be called) to make more money. Nominet should be concentrating on the interests of Internet users in the UK, not “vibrant domain name spaces”, which basically means people trading in domain names as a commodity.