Robert “RSnake” Hansen has written a wonderfull peace about what Startrek can tell us about future IT security
Virtualization security is an oxymoron – even in the distant future: I mean, really, how many times has the whole damned ship been taken over by some overzealous holodeck character? Whoever wrote the holodeck hypervisor really needs to be put in a room with Warf for a few hours so he can explain with his batleth what the need for true physical and logical isolation is. Why some Sherlock Holmes character should have access to main memory, I’ll never know. Too bad we aren’t smart enough in the distant future to think about hardware isolation instead of relying exclusively on dangerously faulty software.
You should really check it out have a laugh and then think about it…
I know that wordpress has a built-in tag cloud, but when I came across the wordle.net generator, I thought it would be interesting to see how it differs (or not) from the tag cloud for cupfighter.net. I think it does differ, and not just aesthetically.
snapshot on September 27th, 2009
I could not install McAfee 8.7 on all server in several high secure environments. I got the infamous McAfee 8.7 Error 1920, service McShield failed to start. Also got the 5004 error from McLogEvent when I did a custom install and did not start McShield during install. I already tried all options from McAfee Support (especially changing imagepath for mfeapfk.sys mfeavfk.sys, mfebopk.sys in the registry looked promising since I already had the latest version of the patch) after it didn’t work out, I’ve logged an incident at McAfee. I went up to 3rd level support, in the end it turned out that if I disabled all policies it worked. That made support think the issue was solved. That’s not true of course. Therefore I did some further investigation to find out which setting it was. (I cannot afford to switch off all securtiy settings of course). It turned out I had to change the following setting:
Client computers can trust the following certificate stores
change from:
Enterprise Root Certification Authorities
to:
Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
With the first option, only a very small list of certificates is available in the “trusted root certification authorities” list of certificates. After I’ve changed the policy there are plenty certificates in the list.
McAfee has added new drivers (Device manager, show hidden Devices, Non-Plug and Play Drivers to show them). One of these, the McAfee Validation Trust Protection Service (mfevtps), needs one of the root certificates in the extended list as shown above.
Another tip from Elianne van de Kamp, which I of course couldn’t keep to myself. Your Windows 2008 KMS key (replacement of the Volume License Key/VLK) can be registered for a maximum of ten times on six different machines. If you want to extend this you will have to file a request at your Microsoft representative with lots of information:
- Organization name
- Agreement number
- Authorization number
- Requester name, telephone, etc
- Product
- Last 5 digits of your KMS key
- Number of additional activations
- And last but not least: A good reason why you need extra activations.
The process takes 48 hours to complete, which means you have to wait that long before your extra activations are available. The first step to activate your KMS key is to register it with:
slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
It will tell you the key is valid (or not, but you then have another problem). Then you have to activate it with:
slmgr –ato
When the key is out of activations it will respond with “ERROR: 0xc004c008: the key is valid, but cannot be activated.”
Instead of filing a 2 day taking request you can use a quick workaround:
- Enter the KMS key as the registration key on the KMS server. (Control Panel – System – Change product key).
- Activate the key. You will get a message the key cannot be registered. Choose activation by phone.
- Call MS activation line. Enter the numbers into the automated response, and you will receive the 8 times 5 new key.
- Enter the numbers and you’re all done, the KMS server will now be activated.
You can check this with:
slmgr –dlv
Full credit for this goes to Elianne van de Kamp, who’s been busy with the investigation for quite a while. What happened?
On the 9th of September, together with the regular MS updates an update for WSUS 3.0 came in: Service pack 2. The first issue we encountered was the fact it was announced as an upgrade. It performs a re-install though. This means you have to reconfigure the basic setup of WSUS. The computer list and grouping definitions are safe in the database. Things like which updates and which language to download will have to be configured again though. Being prepared here by making a note of current settings will help.
We ran into a new issue the next morning. The upgrade of WSUS also upgrades all clients with the Windows Update Agent. This runs flawless on 32 bit windows clients. It causes an issue on 64 bit windows however: two files, NT5IIS.CAT and IASNT4.CAT are replaced, probably by 32 bit versions. When you connect to the console of the server it will tell you about this in the form of a Windows File Protection Error. The choice is yours to cancel this warning and ignore like we did, because it concerns a database server and the files will never be used (NT5IIS for web server, IASNT4 for internet authentication). You could also cancel and replace the files manually from CD or service pack. Fact is that the files copied with this update are dated 25-05-2005, so very old and will most like cause problems when you ever need them.
I thought I’d share this information as I’m sure other people will run into this problem as well. Would be a shame if they had to go through the same cycle!
Overview of Microsoft patches due today by Microsoft
Microsoft is even more vague than usual about the patches it plans to release today.
In this patch announcement Microsoft only states that it plans to release 5 patches.
This is the data currently known:
Read more…
This afternoon/evening, Security Justice will hold their 1st Annual International Podcast BBQ to celebrate US labor day.
The BBQ will feature our Schuberg Philis colleague Frank Breedijk as blogger for cupfighter.net and author of AutoNessus
At 15:00 EST (20:00 GMT) they will kick off by firing up the grill and opening the (probably not first) beers. After this there will be a series of interviews:
16:00 EST (21:00 GMT) – Our own Frank Breedijk (@autonessus)
17:00 EST (22:00 GMT) – Chris John Riley (@ChrisJohnRiley) and Robin Wood (@digininja)
18:00 EST (23:00 GMT) – James Arlen (@myrcurial)
19:00 EST (00:00 GMT) – Nick Owen (@wikidsystems)
20:00 EST (01:00 GMT) – Clean-up and the usual banter…
The podcast will be streamed live via hak5radio.com and IRC: irc.freenode.net #securityjustice will be used for audience participation.
