I have been dealing with situations like this for years, working with computers in a small school and at a nonprofit volunteer organization, shared by many. It seems that whenever I turn on any of these machines, the background is set to something ugly, the screen resolution is weird, there is some cute animated mouse cursor, and someone has left their most intimate secrets in a document on the desktop.

Microsoft Steady State solves all of these issues by providing a means of creating a golden configuration that is restored to absolute perfection the next time the machine is rebooted. But download it before the end of the year, when it will be pulled by Microsoft!

Steady State Magic

This free product gives you the ability to configure accounts on your XP or Vista machine with several fine-level access controls. For example, you can prevent users from changing screen settings or prevent them from writing to anywhere other than their personal “Documents and Settings” directory.

But by far the coolest feature is the ability to turn off hard drive writes altogether. When you do this, Windows slips a layer between the OS and the physical hard drive that intercepts and tracks all hard drive activity during a session. During the session, the user can browse the web, create documents, install programs, whatever…but when the machine reboots, the cached list of hard drive changes is discarded completely: the hard drive is restored to the way it looked before the user booted the machine.

What can you use this for?

There are many places where a completely protected machine would be of great use…

• A shared computer in a public area, like a hotel lobby
• A home computer that is used by the kids and the cat and the dog
• Computers in a school or library setting
• Shared computers in a setting where many different workers use the same computer

Anything to worry about?

• All of your users must remember that everything must be saved to a USB stick before reboot. Steady State warns you of this every time you reboot the machine.
• There are some annoyances that might happen, such as that silly “Desktop Cleanup Wizard” popping up every single day because it thinks it hasn’t been run in five months, or “New Programs Installed” balloons that come up every single day because, again, the machine is restored totally to day-one upon reboot.
• Microsoft is killing the product at the end of the year. Now it will likely remain functional for XP and Vista, but they are not upgrading it for Windows 7. But this is too cool a product not to try out. In theory, you could create a steady state machine today and keep booting today’s version of Windows XP for the next five years.

Additional Features

With the hard drive protection enabled, you can add programs at any time from an administrator account. When you shut down, Steady State will ask you if you want to commit your changed hard drive data to the Steady State disk image.

Even without the hard drive protection enabled, you have plenty of security constraints you can enable for other users to keep them from installing their favorite annoying toolbar and blinking mouse cursor. Think of this as a poor-man’s version of the domain policy tool used in enterprise environments.

More Information

• Microsoft Steady State. How to remotely remove and retain changes on lab computers.
• Defending the C disk with SteadyState from Microsoft
• Alternatives to Steady State for Windows 7: Creating a Steady State by Using Microsoft Technologies
• See Episode #129 of Steve Gibson’s Security Now podcast: Security Now! Episode Archive

Conclusion

I did not understand just how slick a tool this is until I installed it on a spare machine. It took about fifteen minutes to configure things right, but that machine has been running for the past few weeks with the locked-down golden configuration. Whenever it reboots, it looks exactly as it did when I installed Steady State.

Give it a try before it’s too late!

This belief was based on the understanding that only those with supercomputers at their disposal would have the computational ability to trundle through all of the permutations needed for a brute force attack against our jumble of weird symbols.

Richard Boyd, of the Georgia Tech Research Institute, told the BBC that the number-crunching capacity of graphics cards compares to those of supercomputers built only 10 years ago.

— The Register

Huh?!

The modern bleeding-edge graphics card, normally the purview of hardcore gamers, packs sufficient mathematical muscle to compete with not-so-old super computers?

In other words, not only do we have to worry about black-hats who can command arrays of hijacked home computers to take down sites like Twitter and Facebook at will, but they now have mathematical might at their disposal that we normally associate with scientists and three-letter government agencies.

Read all about the demise of the short password here:

Short passwords ‘hopelessly inadequate’, say boffins (The Register)

Doom and gloom?

Fortunately, from a password security point of view, this kind of computing power is most useful to hackers who have access to the encrypted password file from the server—a file that is hopefully treated with extra special care to prevent others from seeing it.

The hacker simply runs every possible combination of umpteen funny characters through well known hash algorithms until one particular choice hashes perfectly into the stolen encrypted version. Then he logs into your Lego account and orders more Star Wars Lego kits.

If the hacker does not have the list of encrypted user passwords, he cannot run this process on his über cruncher machine in isolation: He must make a login attempt with each password. And most systems start inserting longer delays, and eventually blocking logins altogether, after three or four failed attempts.

An ominous sign

Password hacking aside, there is a more sinister problem facing us…

Large powerful government agencies do not spend all of their computing horsepower trying every possible ten-character password to crack a Unix login, do they? They are more concerned with modern hard encryption technologies, the cornerstone of e-commerce and our trust in the Internet.

The time is near when these fancy 128-bit AES keys will fall prey to ne’er-do-wells with nothing more than a tricked-out gaming machine.

And I want to be able to treat a PDF file exactly as I would a sheaf of printed pages.

Then along comes someone who exploits yet another bug in someone’s PDF renderer. A few months ago Acrobat Reader was all over the news. Today I saw that all of the cool kids are jailbreaking their iPhones using a simple web site that exploits a PDF defect in mobile Safari in iOS4.

And if the slick website can inject code that does something as profound as jailbreaking your iPhone, it should be child’s play for a black hat to use the same thing to take over your iPhone and ring up millions of dollars of charges to some telephone extortion outfit in a remote part of Africa.

I guess all of the fancy PDF features are a double edged sword—recall that Active-X controls and DDT were both amazing and powerful when they were introduced, but the improper use of both have sullied their good names. I just hope that the goal of a pure paper replacement standard is not lost and that these events do not cause PDF to become a marginalized technology.

How I’d Hack Your Weak Passwords (onemansblog.com)

The author starts off with a list of the top ten passwords, and how he would go about finding the personal information needed. For example, number 1 is “Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)” and number 2 is “The last 4 digits of your social security number.”

The really interesting bits are when the author explains exactly how he would approach hacking your accounts, and how likely he would be to succeed. Unfortunately, the tools needed to engage in this kind of mischief are readily available and do not require great skill to employ.

Some key protection points include…

• Don’t use the same password for all of your online activities. Use different passwords for each site. That way, if your Facebook password is compromised, your Wachovia password is safe.
• Never use dictionary words, names, or other common passwords.
• Look for a trusted password management utility to help ease the pain of having a hundred different passwords.
• Your email is one of the most important and critical passwords—a criminal can use the “reset my password” feature on many shopping sites once they have access to your email account.

Take a look at the article and see if you can make some changes in the way you handle password security so that you don’t get hacked!

And the bits of the search string I saw had nothing to do with what I had copied. Clearly my Control-C did not “take” and I had pasted whatever stuff had been hanging around from the prior user.
My curiosity got the better of me and I opened Notepad and did a quick Control-V and watched in amazement as a young girl’s secrets were exposed before my eyes.

She is clearly struggling in her relationship with her boyfriend, because she had listed about fifty bad points about him in detail—and some were pretty bad. She then listed a dozen or so good points at the bottom. And I must admit that I read the whole story…and felt a voyeuristic guilt with each word.

I then closed Notepad and purged the clipboard and felt much better.
Of course, that doesn’t change the fact that I will feel uncomfortable the next time I see her. I feel like I snuck into her room and read her diary.

This is what she had done: She had written her personal note in Word or some other tool and then likely decided to email it to herself, so she copied and pasted the sordid details of her love life into Gmail, forgetting to purge the clipboard before going home.

And I, with no malice or intent, bumbled into her secrets.

Learn from the mistakes of others!

When was the last time you used a public computer at the library or worked on a common computer at school or work? Did you leave anything behind?

Imagine that you were to become temporarily incapacitated for whatever reason…

• Can a family member log in to your computer, as yourself, in order to access your files?
• Can your spouse access your online banking details so the bills can be paid?
• Can your family find your insurance information that you scanned and filed away?
• Is there someone who can log in to any online accounts that need care and feeding?

Not a pleasant subject, indeed, but one that worries me from time to time.

One way to address these needs is to keep all of your passwords and so forth in one special place, using a password safe application, and make sure someone else has the access code. For example, you can use a tool such as 1Password or SplashId to store hundreds of secret bits that you use all the time, and your family might need.

You might consider writing down the master passwords that control your life and sealing them in an envelope that you provide to a trusted family member. Since this is such a great security risk if found by the enemy, you might want to omit any identifying information from the note. Impress upon them the need to secure the document very well.

Perhaps you can choose the same master password with your spouse, with one relatively short password locking your computer and a long secure password locking your password safe application.

Regardless of how you address these issues, sit down with your better half (or trusted family member) and review where documents are and how to access them.

Apparently this is not the case

It seems that the TSA has leaked their official document of airport security guidelines. ABC News says Online Posting Reveals a “How To” for Terrorists to Get Through Airport Security

A Rookie Mistake

Look at the screenshot of the document at the top of this post. Even though a certain part of the document has been blacked out, it is possible to select the text and copy/paste to find out what is hidden behind the black text.

What kinds of things are listed in this document?

• Photographs of all kinds of official ID cards. Ever wondered what a U.S. Senator’s ID card looks like?
• Procedures for calibrating equipment, such as where guns should be hidden for the testing and such.
• Guidelines for who gets searched and who doesn’t.
• Guidelines for what objects get searched and which don’t.
• And much much more!

In other words, this was a most unfortunate event.

See for yourself—ABC News (and others) have posted the document with redactions removed.

Easy as Pie

Here’s a screenshot of the original document, opened in Adobe Acrobat Professional.

As you can see, it was a trivial matter to use the TouchUp Object tool to gently slide the black rectangle off of the secret stuff (I have blurred the text here, though you can read it from ABC News if you wish).

If you are working with confidential documents that could potentially cause disaster if leaked, please learn how to redact your documents correctly!

I was reading a post on a board I frequent where a person was describing exactly this kind of activity—removing sensitive information from PDF documents. Several suggestions were made, but one individual suggested opening the file in Acrobat Pro and replacing the sensitive text with good old Lorem Ipsum.

It was at that moment that I recalled a peculiar feature of the PDF file format: it is designed to support nondestructive updates, allowing people to make vast changes to a PDF document while still retaining the original document, fully intact. I did a few experiments and was surprised with the results.

A Brief Note on the PDF File Format

For the geeky types among us, one place to begin is this article:

Portable Document Format: An Introduction for Programmers

The key points to get out of the article is this: A PDF document is comprised of several distinct sections, a Header, a Body, an “xref” Table, and a Trailer. At the very end of the file you will find the character sequence %%EOF

The PDF standard was designed to allow multiple updates to a document, while retaining the original version. This is accomplished by appending anything new to the end of the document, after the original EOF tag. The document will now have two EOF tags: one indicating where the original document ended, and a new EOF tag indicating where the new changes end.

If we wish to revert PDF changes, it should be a simple matter of opening the PDF file in a binary editor, searching for the first EOF tag, and deleting everything following.

A Simple Experiment

Let’s start with a proper secret document containing missile plans…

Suppose we want to obscure some special information in paragraph 37. We can open the file in Acrobat Professional and use its text editing features to swap in the venerable Lorem Ipsum text.

Here’s what it looks like after the switch:

You can see here that the first seven lines of text starting on paragraph 37 have been replaced with appropriate unreadable text.

Now, open the new PDF file in a binary editor (since PDF files contain a mix of text and binary, the editor must be a binary editor).

Note the %%EOF character sequence embedded in the text. This is the first EOF tag, indicating where the original file ended. All we need to do is place the cursor to the right of the EOF and delete everything to the end of the file.

Once we have done so, it’s like magic:

The edits that replaced lines of paragraph 37 with gibberish have neatly been undone!

More Details

From the PDF Intro document linked earlier:

“The trailer, it turns out, plays an important role in the way PDF implements incremental updating. The key concept to understand here is that a PDF file is never overwritten, only added to. That goes for all portions of the PDF file – even the trailer itself, and the end-of-file marker. In other words, a multiply-updated PDF document may contain multiple trailers – and multiple end-of-file markers! (There may be numerous occurrences of %%EOF.) Each time the file is edited, an addendum is written to the tail of the file, consisting of the content objects that have changed, a new xref section, and a new trailer containing all the information that was in the previous trailer, as well as a /Prev key specifying the byte offset (from the beginning of the file) of the previous xref section. The cross-reference info will then be distributed across more than one xref section. To access all of the cross-references, the reader must walk the list of /Prev keys in all the trailers, in reverse order.

Space doesn’t permit a detailed exploration of updates here, but you can find several examples in Appendix A of the PDF 1.3 specification (available at http://partners.adobe.com/asn/developer).”

Summary

It is important to understand that the PDF standard allows for appended updates to files that leave the original document intact, regardless of how drastic the changes are. If you are intent on redacting text from PDF documents, do not depend on simply deleting the secrets using a PDF editor—you must use a proper redaction tool that addresses these issues correctly.

That said, I did some experimenting with a few utilities (Apple Preview, PDFpen, and Adobe Acrobat Pro) and found that some write the file from scratch each time, with no lingering cruft from former versions, while others respect the original intent of the PDF standard. This means that you can’t trust that older revisions are being retained in your file and you can’t trust that they aren’t.

Be conservative: use a redaction tool for secrecy and proper backups for versioning.

I have always been a big fan of HowStuffWorks, with their detailed in-depth articles describing such disparate topics as manual transmissions and money laundering.

Anyway, author Diane Dannenfeldt has written a lengthy article on How Paperless Offices Work, giving ample coverage to myriad aspects of the topic:

• Introduction to How Paperless Offices Work
• Benefits of a Paperless Office
• Transitioning to a Paperless Office
• Managing Digital Documents
• Going Paperless at Home
• Paperless Office Solutions

Take a look at the full article here: How Paperless Offices Work (howstuffworks.com)

Their network security department very kindly (and politely) informed me that they had received a “cease and desist” order from a particular game publisher. They had included the game publisher’s email, complete with the incriminating evidence.

There it was: logs showing the MAC address of my cable modem being involved in suspicious BitTorrent activities.

Considering that at any time during the week there can be from two to six or seven different teenagers hanging out in my humble abode, carrying virus-ridden machines, the message was clear: I had to get serious about locking down network access

The Problem

I would have liked to have bought some net filtering software to slap on the offending machine and been done with it, however I knew that this was insufficient.

Even if this one event could be traced to a youthful source, a more ominous danger comes from the inevitable malware and viruses that teenagers collect on their machines as they swap cool stuff with their friends.

Complicating things, there are many devices on our home network: Besides their school laptops, the kids have video game consoles and one has an iPod touch, all with wifi access. Think about how many different gadgets are on your home network.

And shutting off access altogether was not an option—there is still schoolwork to be done!

The answer: A Private Network for the Kids

My solution was to put together an unusual network configuration using a second wireless router; I wanted the ability to manage every single kid-owned device at the flip of a switch, while leaving the grownups untouched.

I hooked the cable modem (red) to the main router, shown in green. I then plugged a second wireless router, shown in blue, into the first.

By doing this, you can see that there is one single wire connecting the entire blue network (the kids) to the green network. It was trivial to then configure the green router with appropriate access control and filtering for that one single device: the blue router.

Some quirky details

Home routers like these are, by default, configured with a NAT firewall. They work sort of like one-way mirrors: someone on the network can see out, but nobody can see in. As a result of this, the kids (blue devices) can see any device on the main router (green devices), such as our print server and the NAS device, but no one can see into the kids’ network.

As paradoxical as it seems, this is exactly what I wanted. By making the kids’ network a private network, it appears to the green router as a single device. When I am configuring access restrictions, I only need to control access for the blue router’s IP address or MAC address.

Many consumer-grade routers have flakey firmware that just doesn’t really behave well when you start doing things like turning on filtering for multiple machines. I simplified things by bringing down the number of controlled devices to one. In addition, if one were to try filtering on the IP addresses or MAC addresses of individual machines, this can be easily defeated by manually changing the IP address or MAC address. With my configuration, the MAC address being filtered is the blue router, locked away safely.

The Finer Points

If you want to set up a network like this, do the following:

• (Recommended) Reset the kids’ router. Hold the hard reset button on the router in while you turn on power; hold the button for 15 seconds or so.
• Hook the kids’ router up to a spare laptop using an Ethernet cable. (Turn off the wireless of the laptop for the time being).
• Use the laptop to navigate to the configuration web page (usually 192.168.1.1).
• Set the router’s own address to a different network from the main network, such as 192.168.2.1. This is critical.
• Configure the router’s gateway and DHCP server entries to all point to the main router (192.168.1.1). This tells the kids’ router to use the main router as a source for its DHCP lookups and such, rather than going to cable modem.
• Navigate to the configuration web page at the new address (192.168.2.1). You may need to close the browser and replug the Ethernet cable.
• Set up your wireless security for the kids however you like. Make sure to choose a different channel and SSID from your main router.
• Remove the laptop and plug the WAN port of the kids’ router into one of the LAN ports of the main router. Restart everything.
• Test both networks to make sure things work the way you think they should.
• (Optional) You might want to connect to the kids’ router and set it’s external IP address statically. Make sure that this is set to a number on the home network (e.g. 192.168.1.2).

Some notes:

• You can only maintain the kids’ router from a machine connected to the kids’ network; the home network cannot see the management screens. If you wish, you could enable remote management for the kids’ network only, since the main home router is still protecting the whole network from intruders.
• Computers on the kids’ network can see all devices, but they aren’t on the same network. This means that network printers and NAS devices are accessible, but you will have to attach to them using IP addresses. I was able to easily set up the machines on the 192.168.2.1 network to use a print server on 192.168.1.100.
• For machines that should have full access (a.k.a. yours), make sure that you either set the green network to be a higher priority or remove the blue network SSID entry altogether. I found out the hard way that my iMac would randomly pick the green or the blue depending on which one it saw first when it woke up.
• This does not wall off your main network; it simply provides a single point of control to the entire kids’ network. In other words, don’t depend on this setup to prevent malware on the kids machines from seeing your machine. You can, however, set up your PC to not trust the kids’ network.

Wireless Network Security

Regardless of how you set up your network, make sure you use at least WPA encryption (Never use WEP!). Make sure your passwords are solid.

Using DD-WRT on my new wireless router

In addition to the new network configuration, I went one step further and chose a main router that lends itself well to installation of open-source firmware. I ordered a Linksys WRT54GL from Amazon for a little over fifty bucks. I chose this one because, as a direct descendent of the venerable WRT54G, this router is very well suited for running alternative firmware such as DD-WRT, giving substantial control over things like, say, access control…

Within a half hour after my new router arrived, I had gone to the Supported Hardware page, obtained the latest build of DD-WRT, and replaced the Linksys firmware with the far-better open source code.

I won’t go into the specifics of installation here, but it isn’t very challenging. Check out the DD-WRT site for details.

Closing Thoughts

Make no mistake: we are responsible for whatever goes on our home networks. Just like your home telephone; if someone dials up some 900 number and rings up a thousand-dollar phone bill, the phone company won’t care a whit who did it, you will still pay. Likewise, regardless of who did the BitTorrent download, there is a certain degree of responsibility of the homeowner to lock down the network.

Another point: Without some degree of personal responsibility on the part of the kids in the house, this sort of activity would simply be an arms race of filtering and blocking versus hacking. My goal is to help keep the honest people honest and to make life more difficult for the viruses and malware.