SteveOH

Courtesy of Cain’s Brain.

1. Any PERMISSION DENIED has an OVERRIDE function.

2. Complex calculations and loading of huge amounts of data will be accomplished in under three seconds. In the movies, modems transmit data at two gigabytes per second.

3. When the power plant/missile site/whatever overheats, all the control panels will explode, as will the entire building.

4. If you display a file on the screen and someone deletes the file, it also disappears from the screen. There are no ways to copy a backup file — and there are no undelete utilities.

Corollary: Deleting a file instantly removes all copies of said file from disks, memory, frame buffers and caches across all computers in the universe.

5. If a disk has got encrypted files, you are automatically asked for a password when you try to access it.

6. No matter what kind of computer disk it is, it’ll be readable by any system you put it into. All application software is usable by all computer platforms.

7. The more high-tech the equipment, the more buttons it has. However, everyone must have been highly trained, because the buttons aren’t labeled.

8. Most computers, no matter how small, have reality-defying three-dimensional, real-time, photo-realistic animated graphics capability.

9. Laptops, for some strange reason, always seem to have amazing real-time video phone capabilities and the performance of a CRAY.

10. Whenever a character looks at a terminal, the image is so bright that it projects itself onto his/her face.

11. Computers never crash during key, high-intensity activities. Humans operating computers never make mistakes under stress.

12. (From Independence Day) No matter what kind of virus it is, any computer can be infected with it — even an alien spaceship’s computer — simply by running a virus upload program on a laptop.

13. (From Jurassic Park) A custom system with millions of lines of code controlling a multimillion dollar theme park can be operated by a 13 year old who has seen a Unix system before. Seeing an operating system means you know how to run any application on that system, even custom apps.

Note: What OS was it really running?

(1) “These are super computers”.  A CrayOS?

(2) “Quicktime movie, Apple logo, trash can.”  MacOS?

(3) “Reboot. System ready. C:\”  DOS?

(4) “Hey, this is Unix.  I know this”  Unix?

The computers in Jurassic Park were Cray supercomputers running the MacOS as a graphical shell of DOS all layered on top of a Unix base.

14. You cannot stop a destructive program or virus by unplugging the computer. Presumably the virus has it’s own built-in power supply.

15. You cannot stop a destructive program downloading onto your system by unplugging the phone line. You must figure out the mandatory “back door” all evil virus programmers put in.

16. Computers only crash if a virus or a hacker is involved.

17. All text must be at least 72 point.

18. Word processors do not have an insert point.

19. The only way to reboot is to shut off the main power to the building.

20. Passwords can be guessed in three and exactly three tries.  If you cannot guess the password in three tries, you must give up immediately.

21. Any task or program can be executed by simply pressing Enter, no matter which program or window is in the foreground.

22. All scanners, video cameras and digital cameras have a resolution of approximately 500 megapixels.  Any image can be infinitely magnified with no pixelization.

23. Security will not improve over time.  Nonaffialiated personnel can take over a space ship without needing an account or access control.  Corollary: Anyone can override access control lists in the future.

24. All hackers wear black T-shirts or Hawaiian shirts.

25. Incoming messages are displayed letter by letter.  Email over the Internet works like telegraphs.

26. Microsoft Windows doesn’t exist.  Macintosh has a 75% market share.

27. GUI operations, such as image selection and manipulation, can be handled easily and quickly via the keyboard.

28. If a robot’s eyes turn red, it becomes evil.

29. Cell phones and laptops have infinite battery life, until you need to call for help.

30. Latency does not exist.  Voice and data can be sent to Mars in real time.

sda1: Windows Vista encrypted with TrueCrypt
sda2: Ubuntu Hardy Heron /boot partition (not encrypted)
sda3: Ubuntu Hardy Heron encrypted volume with LVM inside and / and swap partions within LVM (to save partitions used overall incase it gets over 5 partitions)
sda4: Working on installing OSX Leopard on this partition currently.

The steps I used are as follows, in brief:
1) Installed Vista first (actually pre-installed on laptop)

2) Installed Ubuntu second using encrypted physical volume with LVM inside it and 2 partions / and swap inside the LVM(at this point, grub was in the MBR)

3) Ran full windows system encryption (not full disk encryption) through TrueCrypt and let it write its bootloader to the MBR. (obviously overwriting Grub in the MBR)

4) Booted with a live cd and copied the truecrypt bootloader from the MBR to a file in the /boot partition (sda2)
use these commands to do so:
dd if=/dev/sda of=/mnt/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/mnt/boot/truecrypt.backup count=8 bs=32256

5)Reinstalled grub to the MBR using these commands:
sudo grub
install (hd0,1)/grub/stage1 (hd0) (hd0,1)/grub/stage2 0×8000 p

6) Added a chainloader to the menu.lst Vista entry to point to the truecrypt bootloader within the /boot partition like so:

title Windows Vista/Longhorn
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot

The only partition not encrypted in the /boot partition so far, which is fine. After grub loads, no matter which OS I choose, I enter a passphrase and that OS starts.

For more detailed instructions which I pulled from but which are for XP instead of Vista, use this link:

http://ubuntuforums.org/showthread.php?t=761530

stPassword v1.02 – Outlook PST Password Recovery
Copyright (c) 2006 – 2007 Nir Sofer

Password Encryption in PST File

The password encryption in the PST file is very weak, and for each password-protected PST file, there are many passwords that can open it.
PstPassword provides 3 different passwords for each password-protected PST file. It’s possible that one of them will be the origianl password that you typed, and it’s also possible that none of these passwords will be identical to the original one. However, all 3 passwords provided by PstPassword will open the PST file without problems.
For more interesting facts about the PST password encryption, click here.

Using PstPassword

PstPassword doesn’t require any installation process or additional dll files. In order to start using it, just run the executable file, PstPassword.exe
After you run PstPassword, the main window displays the list of all PST files of the current logged on user (Under Documents and Settings\User Name\Local Settings\Application Data\Microsoft\Outlook). For each password-protected PST file, PstPassword provide 3 alternative passwords that will open the PST file. If the PST is not protected by a password, the 3 password columns remain empty, and the CRC value column is 0×00000000.
If you want to recover a password of PST file that doesn’t appear in the default list, you can press F7 and select the desired PST file, or simply drag the PST file from Explorer window into the main window of PstPassword.
If from some reason PstPassword fails to read a PST file, an error message is displayed under the error column, and the item is painted with pink color.

Nir’s Website: http://www.nirsoft.net/utils/pst_password.html

A big thank you goes out to Nir!

Background Information (MS Knowledge Base Article 223316) : The Microsoft Windows operating systems (2000/2003 and XP) include the ability to encrypt data directly on volumes that use the NTFS file system so that no other user can access your data. You can encrypt your files and folders if you set an attribute in the object’s Properties dialog box .

 

**Warning** The use of Encrypting File System (EFS) will prevent a person who does not have administrative rights from gaining access to your data. Theft of encrypted files is still possible but the files/folders will be formatted in such a way that they can’t be viewed by any casual user. These files CAN be deleted and erased from your system so backups are necessary. If you don’t back up the certificate keys to the EFS then the data will be useless to you if you ever have to recover your system from scratch.

How to enable Encrypting File System file sharing

In Microsoft Windows XP, EFS supports file sharing of encrypted files among multiple users. With this support, you can give individual users permission to access an encrypted file. The ability to add additional users is restricted to individual files. Support for multiple users on folders is not provided in either Microsoft Windows 2000 or Windows XP. Also, support for the use of groups on encrypted files is not provided by EFS.

After a file has been encrypted, file sharing is enabled through a new button in the user interface. A file must be encrypted first and then saved before additional users can be added. Users can be added either from the local computer or from the Active Directory service if the user has a valid certificate for EFS. The ability to add additional users is restricted to individual files. Support for multiple users on EFS encrypted folders is not provided. Also, only individual users can be added to files. Support for the use of groups on encrypted files is not provided by EFS.

 

How to encrypt and decrypt using the Encrypting File System

The following steps encrypt and decrypt a file or folder using the Encrypting File System.

Note These guidelines apply to Windows 2000 and Windows XP.

Encrypting a folder

Although you can encrypt files individually, we strongly recommend that you designate a specific folder for storing encrypted data.

Encrypt a folder and its contents

Although you can encrypt files individually, generally it is a good idea to designate a specific folder where you will store your encrypted files, and to encrypt that folder. If you do this, all files that are created in or moved to this folder will automatically obtain the encrypted attribute.

To encrypt a folder and its current contents, follow these steps:

•  Right-click the folder that you want to encrypt, and then click Properties .

•  In the Properties dialog box, click Advanced .

•  The Advanced Attributes dialog box displays attribute options for compression and encryption. This dialog box also includes archive and indexing attributes.

Note Although the NTFS file system supports both compression and encryption, it does not support both at the same time. This means that you can only select one or the other. A file or folder cannot be both encrypted and compressed at the same time.

To encrypt the folder, click to select the Encrypt contents to secure data check box, and then click OK .

•  Click OK to close the Advanced Attributes dialog box.

•  If the folder you chose to encrypt in steps 1 to 3 already contains files, a Confirm Attribute Changes dialog box will appear.

You can choose to encrypt only the folder so that all files subsequently moved to the folder or created in this folder will be encrypted. If you want to also encrypt all the contents of this folder, click Apply changes to this folder, subfolders, and files , and then click OK .

Decrypting a folder

To decrypt a folder, use basically the same process but in reverse order:

•  Right-click the folder that you want to decrypt, and then click Properties .

•  Click Advanced .

•  Click to clear the Encrypt contents to secure data check box to decrypt the data.

•  Click OK to close the Advanced Attributes dialog box.

•  Click OK to close the Properties dialog box.

•  If the folder has files in it, the Confirm Attribute Changes dialog box appears. You can choose to decrypt only the folder. However, this will not decrypt any files currently contained in the folder.

If you want to decrypt all the contents of this folder, click Apply changes to this folder, subfolders, and files , and then click OK .

Additional information

How files are encrypted

Files are encrypted through the use of algorithms that essentially rearrange, scramble, and encode the data. A key pair is randomly generated when you encrypt your first file. This key pair is made up of a private and a public key. The key pair is used to encode and decode the encrypted files.

If the key pair is lost or damaged and you have not designated a recovery agent, and then there is no way to recover the data.

Why you must back up your certificates

Because there is no way to recover data that has been encrypted with a corrupted or missing certificate, it is critical that you back up the certificates and store them in a secure location. You can also specify a recovery agent. This agent can restore the data. The recovery agent’s certificate serves a different purpose than the user’s certificate.

How to back up your certificate

To back up your certificates, follow these steps:

•  Start Microsoft Internet Explorer.

•  On the Tools menu, click Internet Options .

•  On the Content tab, in the Certificates section, click Certificates .

•  Click the Personal tab.

Note There may be several certificates present, depending on whether you have installed certificates for other purpose.

•  Select one certificate at a time until the Certificate Intended Purposes field shows Encrypting File System . This is the certificate that was generated when you encrypted your first folder.

•  Click Export to start the Certificate Export Wizard , and then click Next .

•  Click Yes, export the private key to export the private key, and then click Next .

•  Click Enable Strong protection , and then click Next .

•  Type your password. (You must have a password to protect the private key.)

•  Specify the path where you want to save the key. You can save the key to a floppy disk, another location on the hard disk, or a CD. If the hard disk fails or is reformatted, the key and the backup will be lost. (If you back up the key to a floppy disk or CD, you must store that disk or CD in a secure location.)

•  Specify the destination, and then click Next .

 

For additional information about the Encrypting File System (EFS), visit the following Microsoft Web sites:

Encrypting File System in Windows 2000
http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

Encrypting File System in Windows XP and Microsoft Windows Server 2003
http://www.microsoft.com/WINDOWSXP/pro/techinfo/administration/recovery/default.asp

I found this great article regarding using SelfSSL (Self Signed Certificates).  The original document can be found here.  Virtual Server can be found here.

I followed the very easy instructions and it ran great.  Here is a shorter version of the directions and the links to get everything you need:

1. Download and install IIS 6.0 Resource kit: here
2. Open the IIS Manager (Start > Run > inetmgr), open the properties of the Virtual Server website (usually the 2nd one) (right click > Properties)
3. Change the SSL port to 1024 (default VS port) and change the TCP port to 1020 (or any other port number) > Apply
4. Open a command promt (Start > Run > cmd) and go to the SelfSSL director (/program files/iis resources/selfssl) and run the following command > selfssl /N:CN=<FQDN>/K:1024 /V:730 /S:2 /P:1024
   1. Where <FQDN> is the website domain name (ie. steve-oh.com, yahoo.com, etc) and /S:2 means the second site on the server.
5. Now browse to the Virtual Server website and install the certificate and you’re done!

Now you have a Secure Socket Layer (SSL) connection from any remote computer to your server at 1028 bit encryption, so you can rest easy when logging in over the internet.

My current project list is as follows:

• Unix Firewall / Gateway (using FreeBSD)
  • The Guide I will be using can be found here.  If I have time I’m going to write my own since this one is rather long.
• Microsoft ISA Firewall / Gateway (using ISA 2004 and Server 2003) (7/17/2007) – Removed
• VPN Tunnel to allow remote access (using ISA 2004)  *done*
  • Guides: here and here
• AJAX / ASP.NET shopping cart (7/1/2007)
• ASP.NET / AJAX Fitness Tracker (7/1/2007)
• Content Management System for this website
• Encrypt Virtual Server Traffic *done*
  • Use SSL for transmission of all data, including initial log-in

That’s about it for now.  If you have any suggestions as to functionality, How-To’s, or any comments, please let me know!