TSA swap’s laptop

So the other day a friend of a friend brought my friend Bob at Laptop and a great story. He was on his way home to Cleveland from out of the country. TSA did the standard search and seizure of all his belongings and he moved along. A little while later he went to log into his laptop and notice it wasn’t his. He had a non qwerty keyboard on his and this was a qwerty system. So he went to TSA and they were not much help. In fact they wanted him to give them the laptop. He said “NO” and kept the laptop. He wanted to have something to trade with the guy who had his laptop. TSA claimed to remember checking a guy with the name that was the same as the login name but, they couldn’t help him. The airlines were not much help either. So for about 3 days he kept calling the TSA and no respond.

So he brought the laptop to Bob. Bob called the computer manufacturer and explained the issue. Then he escalated the issue to a supervisor. The supervisor said sorry no subpoena no info. He did suggest Bob talk to the corporate offices and gave him the phone number. So Bob called. They were not much help either. So when they transferred him to the product registration group the time had come to stop playing games. Or was time to start? “Hi, This is Bob. I’d like to check that my co-worker has registered his laptop correctly.” So Bob quickly learned that the machine hadn’t been registered.  So they wanted a subpoena to say they had no info. Got to love it.

A few hours later the friend finally received a call from the TSA. They said “Sorry we haven’t heard anything yet. If you can Hack into the machine and get any info go for it.”  So Bob did. The ophcrack disks didn’t work(Laptop Froze.) So he went old school and ran an Ubuntu liveCD. Mounted the local drive and was in.

Then the fun of finding the owner started. Bob noticed a resume, resignation file and a job description. So the assumption is that maybe it’s a manager and an employee is leaving. Bob also noticed the pictures and movies on the drive didn’t feel like a typical set of guy pictures. He went back and looked at the resume again and then it all made sense. The resume was for a lady. Her e-mail address that was on the resume was very similar to the login ID of the laptop. Bob found the owner.

The laptops got swapped back to the correct owners and everyone is happy except for the TSA.

Con Recovery

Wow, I kind of forgot about do an update to the Con but,

 Shmoocon was great! Got to see old friends and make new ones. Presentation went great. I hope to do another next year but with some audience participation. More details to come but get your cannons ready.

Notacon was awesome as well. Met lots of people. It is always fun after the con when you send people LinkedIn friend requests. Thanks to everyone for helping make another great Con.

Shmoocon Paper Accepted

I’m speaking at Shmoocon. 

Check out Version 1 launcher video’s at : http://www.youtube.com/user/securidave

 

http://www.shmoocon.org/presentations-all.html

 (Mad Props to Larry. I never would have done if he didn’t ask me or write cfp.)

Building the 2008 and 2009 ShmooBall Launchers

Larry Pesce and David Lauer

Its a series of tubes! Pneumatic tubes!

This talk will describe the infamous 2008 and new 2009 ShmooBall Launchers built by Larry, and introduce Dave’s 2009 design. This talk will include all of the steps behind the planning and building process for our launchers, as well as the history, and backgrounds for the design. We’ll talk about the methods of building, safety considerations for the operator, target and environment, selection of building materials, design considerations and testing. We’ll also discuss some of the construction issues, failures and reasons for what may be considered design flaws. Discussion will also be had about improvements made, and how we can improve for next year.

Larry Pesce (Chief Research Officer, PaulDotCom Enterprises) – In the last 13 years in the computer industry, Larry has become a jack of all trades, most recently focused on the computer security field. In addition to his industry experience, Larry is also a Security Evangelist and co-host for the PaulDotCom Security Weekly podcast at www.pauldotcom.com. Larry is also Co-Author of “Linksys WRT54G Ultimate Hacking” and Contributing author of “Using Wireshark and Ethereal” and “How to cheat at configuring Open Source Security Tools”, all from Syngress publishing.

David Lauer has been involved in the computer industry since 1990. His broad background covers a large part of the IT industry. He began his career in programming and database development before he found his calling in networking and security (where his professional strengths and personal preferences mesh seamlessly). He has found that this knowledge of software development and database design often gives him a unique perspective on day-to-day issues. David is also a Co-Host of the SecurityJustice Podcast.

My BlackBerry Storm Review

Well I’ve had my Blackberry Storm for a few weeks now and I have a few tips to make it work better. I said “Better.”

1. Install the Blackberry Update that they released about a week after they started selling the Storm. This makes the phone act more like a Beta version.

2. Under the Options menu, Keyboard/screen set the font size to 10. This increases the size of the menus and other buttons. So if you have big hands/paws like me it’s easier to select the button you really want.

3. Remove the Blackberry Messenger. You need to uninstall it. This is one of the apps that Blackberry always keeps open for you so you have faster access to it. 

4. Close the apps your not using. A real pain, I know.

5. Don’t forget about rebooting the unit every now and then. I mean pull the battery for a good minute.

So even with these changes I still get it to crash and burn. (Just use the camera, video and playback.)

BlackBerry Storm Crashed again, and again.

Physical Security in MDF,IDF, and Phone rooms

Physical Security in MDF,IDF, and Phone rooms

All the companies that I’ve worked for have had the policy of “Never leave unauthorized people alone in the MDF’s, IDF’s , and the phone room’s. “ That being said, over the past year or so I’ve been talking to Phone Guy’s/Gal’s and such that have come to do work in these “sensitive areas.”

I asked them “How many companies require someone be with them? The answer is about half. That doesn’t seem very good. So then I start asking about the people that hang out with them. It seems that again only about half are computer and/or phone people. It seems odd that you would put a guard on the worker that doesn’t know anything about phones and computers.

Stupidity in strange places

I just took my car in for repair at the dealer for some warranty work. My dealership does a lot of on-line stuff. They even have an open wireless network and workstations to use while waiting for car work to be done. So I received the following E-mail from them:

Customer No. #######
Your vehicle is complete and ready for pick up. Please look over the
attached invoice and call with any questions. If the invoice is correct,
you can reply with a credit card number and expiration date. I will run
the credit card number to help speed up the delivery process.
Thank You for Your Business. Jane Doe ###-###-#### ext ###

The biggest issue is the word “Reply” there is no link in the E-mail to go to a secure payment page. Have you ever looked over a dealership invoice? There is a lot of personal information on it about you and your car.

So I went to the dealership and talked to the manager. I was very happy that he listened to me and sent out some e-mails. The first was to stop using above text on invoices. The second was to ask his internal people if I was correct and what is PCI. Does anyone know if this would break PCI compliance?

Yahoo Spam?

I’ve been wondering why is Yahoo Spam so much worse than Google’s Spam. I mean worse in the quantity of E-mails not their content. So this morning I think I figured it out. It’s all about the cash.

From their site:

Mail Plus
Get personalized spam filtering with SpamGuard Plus, 20MB message size, no graphical ads, POP access and forwarding, and more great features for just $19.99/year – that’s less than $2/month.

I feel better knowing that the it is not the poor choice of spam blocking software that Yahoo choose to implement but rather that they want to earn money.

Updates, Updates, Updates, What about your PDA?

This last week everyone has been running around saying “Patch this, update that!” But what about your PDA? I’ve been having issues with my PDA so I updated the OS and then went and found all the apps I had installed to re-install. (I know I could have backed them up but I wasn’t sure if the problem wasn’t caused but an app. ) I was amazed at home many updates where made to each of apps.

The moral is to remember the little machines need updates too.

P.S My dad updated his router and made his Internet connection slower so careful with what you update.

WarGames 25th Anniversary

Hi,

Wow I feel old. Its been 25 years already. Check this out:

http://fathomevents.com/details.aspx?eventid=724

I’m going to try and make it to:

Severance Stadium 14
3492 MAYFIELD ROAD
CLEVELAND HEIGHTS, OH 44118
2162913942

If your going to go let me know.

Dave

Symantec chat no better but Good phone support!

So after having fun / failure with Sony I chatted with Symantec. The only saving grace was that the lady I talked to on the phone was awesome and friendly. Sadly Norton doesn’t seem to offer this disk anymore. They did offer to clean the machine if I could get it on the net but I couldn’t as you’ll see.

(I didn’t change the phone number. It’s the one I gave him.)

Mr. David has entered room.

Manu has entered room.

Manu(Fri Jun 27 16:07:50 EDT 2008)>Welcome to Symantec Support, my name is Manu.

Manu(Fri Jun 27 16:08:07 EDT 2008)>Welcome to Symantec Virus & Spyware Solutions.

Is this the first time you are contacting us or do you have a Priority ID?

Mr. David (Fri Jun 27 19:15:06 EDT 2008)>First time

Mr. David (Fri Jun 27 19:15:13 EDT 2008)>no ID sorry

Manu(Fri Jun 27 16:08:38 EDT 2008)>May I confirm your email address as  

xxx@xxx.net and direct phone number as  123-123-1234  , am I right?

Mr. David (Fri Jun 27 19:15:32 EDT 2008)>correct.

Manu(Fri Jun 27 16:09:01 EDT 2008)>May I know which country you are

connected from and Please provide me your alternate phone number or mobile

number.

Mr. David (Fri Jun 27 19:16:08 EDT 2008)>I don’t have one.

Manu(Fri Jun 27 16:09:43 EDT 2008)>May I know which country you are

connected from?

Mr. David (Fri Jun 27 19:16:39 EDT 2008)>USA

Mr. David (Fri Jun 27 19:16:44 EDT 2008)>Cleveland OH

Manu(Fri Jun 27 16:10:15 EDT 2008)>May I know if your computer is on network

or it is a stand alone PC?

Manu(Fri Jun 27 16:10:18 EDT 2008)>Are you connected from the computer,

which is facing this particular issue?

Mr. David (Fri Jun 27 19:17:15 EDT 2008)>Do you still have the file

that you can download and burn to a CD to boot a computer?

Mr. David (Fri Jun 27 19:17:26 EDT 2008)>Standalone

Mr. David (Fri Jun 27 19:17:37 EDT 2008)>Its not this computer

Manu(Fri Jun 27 16:10:59 EDT 2008)>I shall explain that

Manu(Fri Jun 27 16:11:06 EDT 2008)>Thank You for all the information. I

would now create a Priority ID for you.

Mr. David (Fri Jun 27 19:18:08 EDT 2008)>The machine restarts the

desktop whenever i try to do anything

Manu(Fri Jun 27 16:12:16 EDT 2008)>Thank You for your patience.

Your Priority ID is  nnnnnnnnnn. Please make a note of it for future

reference.

Mr. David(Fri Jun 27 19:19:26 EDT 2008)>Is there a way to build a

current bootable cd from inside norton Corporate ed.

Manu(Fri Jun 27 16:12:41 EDT 2008)>As I understand from your issue

description is you want a CD to boot your PC ,Am I correct?

Mr. David(Fri Jun 27 19:19:52 EDT 2008)>Yep, Then I can try to fix it.

Manu(Fri Jun 27 16:13:31 EDT 2008)>David , do you suspect virus/spyware

activity in your computer?

Mr. David(Fri Jun 27 19:20:27 EDT 2008)>Yes

Manu(Fri Jun 27 16:14:03 EDT 2008)>David , do you suspect virus/spyware

activity in your computer?

Mr. David(Fri Jun 27 19:21:07 EDT 2008)>yes/yes

Manu(Fri Jun 27 16:14:51 EDT 2008)>May I know whether you have downloaded

any free software’s, animation’s, free music, movies etc from the
internet recently? Or did you accept any ActiveX controls or video codec’s

when prompted from unreliable websites?

Mr. David(Fri Jun 27 19:22:24 EDT 2008)>I didn’t. A friend asked me to

help him fix the laptop.,

Mr. David(Fri Jun 27 19:23:04 EDT 2008)>Right now the system restarts

explore.exe about ever 10 to 20 second.

Manu(Fri Jun 27 16:16:38 EDT 2008)>David ,We will help you resolve all the

virus issues from your system, by transferring you to our virus removal
technicians, who will take Remote Access of your computer , diagnose the

computer completely and resolve theissues for youHowever, for that you will need to connect from the infectedcomputer

Mr. David(Fri Jun 27 19:23:52 EDT 2008)>The machine can’t connect to the internet.

Mr. David(Fri Jun 27 19:24:06 EDT 2008)>That’s why I was looking for the boot cd.

Manu(Fri Jun 27 16:17:59 EDT 2008)>David ,In that case, we will not be able

to help you. We can help you only if you are chatting to me from the infected pc
as we will have to take control over that particular pc tinfecting the computer

Mr. David(Fri Jun 27 19:25:31 EDT 2008)>Do you know if you still have

the boot cd on your website?

Manu(Fri Jun 27 16:19:14 EDT 2008)>I request you to check that on the website

Manu(Fri Jun 27 16:19:19 EDT 2008)>Is there anything else I can help you with?

Mr. David(Fri Jun 27 19:26:29 EDT 2008)>I did but I couldn’t find it.

That is why I did the chat.

Mr. David(Fri Jun 27 19:26:43 EDT 2008)>Nothing else. Thanks

Once again reading the language is different from knowing it. What they need is a way to build a Virus cleaning CD/DVD.