A video can be found here on the process and on why colder memory chip will retain data longer. By retaining the data, you can do a dump of the data and extract the cryptographic keys. They were able to extract keys for BitLocker, TrueCrypt, FileVault and dm-crypt.

The attack is not exploiting weakness of the encryption software but due to the fact that the keys have to be stored in memory.  Encrypting the key in memory don’t really help, you still need to store that key that encrypts somewhere !

I just need a VM for testing and evaluating certain software or platforms but I don’t like re-building it when the licenses expires.

Especially when trial software always expires in like 15 or 30 days ? 7 for a particular secure os and 15 for a particular secure platform.

Here’s what I found @ http://sanbarrow.com/.

I will need to add the following lines to my xxx.vmx, so everytime the VM boots up, it resets it’s date and time to my liking.

rtc.startTime = 1089395200
tools.syncTime = false
time.synchronize.continue = false
time.synchronize.restore = false
time.synchronize.resume.disk = false
time.synchronize.resume.memory = false
time.synchronize.shrink = false

Figuring the value for rtc clock ? A small application is available for download at the same site to calculate that value from dd/mm/yyyy hh:mm:ss.

Forbes reported, A recent news of data related to U.S underground nuclear weapon tests been leaked from Los Alamo Labs.

The threat of USB and other removable media is real and enterprises should be looking into solutions to protect those endpoints

I’m a great fan of VMware Workstation for testing various Linux distros and creating a infrastructure to test certain software features.

With VMware Server free, I can bring my work home too. (Not really a good thought ?)

You can download VMware Server here.

So I looked at my system’s dmesg messages and realised my HDD is a goner. My OS is unable to mount the vfat partition.

Remove the 2.5in harddisk from my USB casing and connected it back into my IBM X21, inserted an Ubuntu 5.10 LiveCD. Once Gnome desktop came up, I tried to mount the partition again, this time is successful !

I managed to save most of my data except 2 ISO files which I suspected they are residing on the harddisk bad sectors. I ran the harddisk diagnostic tool, guess what, bad blocks were detected.
Googled around and found a site with most of the different harddisk vendors’ Low Level Formatting tools. At the same time, I decided to “nuke” my harddisk.

Darik’s Boot and Nuke Create the floppy boot disk, boot, select your harddisk, select desired drive wiping routines, Nuke it !

Supported Wipe Methods

Quick Erase
Canadian RCMP TSSIT OPS-II Standard Wipe
American DoD 5220-22.M Standard Wipe
Gutmann Wipe
PRNG Stream Wipe

Most Linux distro comes with shred as well, most Live CDs will have them.
# shred -n 2 -z -v /dev/hda1
-n : to overwrite N times instead of the default (25)
-z : To write with zeros

Procedures:
Open Event Viewer
Browse to folder
Open hostname-year-month-day.evt
Filter Errors and Failure Audits
Repeat for the rest of the servers

I was lucky to stumble upon the Log Parser, a command-line which allows SQL queries to be run against log files and dump the required results into simple csv files.
“C:\program files\log parser 2.2\logparser.exe” -i:evt “select EventLog, TimeGenerated, EventID, EventTypeName, EventCategoryName, SourceName, Strings, ComputerName, SID, Message into %2 from %1 where EventTypeName like ‘Error%%’” -o:csv -resolveSIDs:on -direction:BW

Where %1 refers to your source and %2 to your destination.

Quoted from my friend “If you have to click on the same thing more than 2 times, automate it.”

To restrict them to 5000 – 5100, Use the Registry entries below.

– cut here –
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
“Ports”=hex(7):35,00,30,00,30,00,30,00,2d,00,35,00,31,00,30,00,30,00,00,00,00, 00
“PortsInternetAvailable”=”Y”
“UseInternetPorts”=”Y”

– cut here