Latest posts of: f0dder - DonationCoder.com
HOME | Blog | Software | Reviews and Features | Forum | Help | Donate
Click here to
donate and join now!
Welcome Guest.   Make a donation to an author on the site March 31, 2015, 03:28:44 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 2 3 4 [5] 6 7 8 9 10 ... 350 Next
101  Main Area and Open Discussion / General Software Discussion / Re: Registry cleaning software debunked... on: March 29, 2013, 06:45:38 PM
That's not really "Registry cleaning software debunked...", IMHO - it's "scareware taken for a test drive" :-)
102  Main Area and Open Discussion / General Software Discussion / Re: Folder protection on: March 29, 2013, 06:29:06 PM
OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.
I am not knowledgeable enough to see whether the ram drive memory is subjected to Windows paging system, but I can show you this: (see attachment in previous post)
Hmm, dunno - that's a pretty confusing dialog. And it doesn't really seem like their website provides any detail either (just finding the right website was bothersome enough tongue) - they do spend time discussing that each tick corresponds to 32MB, though. (The website currently hosting the ramdrive seems relatively fishy - selling an 'enterprise' version, but using a free web host and gmail address? You might want to take a look here smiley).

Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.
Man... you have scared me...
I found something that looks like it could be the encryption routine (handles IRP_MJ_WRITE and loops over the data in 512-byte blocks, then the remainder) - I didn't spend a lot of time untangling it, but the code didn't look familiar. I think we can add "homebrewn crypto algorithm" to the checklist, which is the final nail in the coffin.

And once again: try out TrueCrypt. It might be slightly less convenient than Folder Protect (you'll have to manually mount the volume/container, rather than get a "enter passphrase" popup when navigating to a protected location) - but it's tried, tested, and opensource. No magic pixie dust and fantastic claims, just pure old software engineering.
103  Main Area and Open Discussion / General Software Discussion / Re: Folder protection on: March 29, 2013, 05:15:57 PM
What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar

I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.
OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.

The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.
That's usually also a warning sign to me - companies producing extremely minor variations over the same theme with hard-to-discern feature differences? Ugh.

Anyway, I've started looking into Folder Protect. On the plus side, it comes with a driver (flycryptor.sys which I'm currently looking at) - this is at least a positive sign, though not by itself enough to give a stamp of approval (I personally wouldn't even consider this product given that TrueCrypt is around, but it's still worth finding out whether it's a decent program).

A couple of other things so far:
1) You can't move files into a protected folder, only copy them - this kindasorta makes sense given how the operation works on filesystem level, but could break software.
2) When uninstalling, the "magic" disappears, and a protected folder can be seen containing a bunch of "con.xxxx" files - this naming convention is an extreme ├╝berhack ("con" is the name of a device in Windows, and any attempt to access one of the files will give you an error. This is unnecessary for protection, and means you cannot rename, move or delete the protected files after uninstalling Folder Protect.
3) I rebooted the VM with a Linux live-cd ISO, and copied the protected 1-megabyte-of-zeroes file and renamed it so I could access it from Windows. Rebooted, got the file to my host machine, and inspected it with a hex editor. The first 16 bytes repeats at a 512-byte interval throughout the file. Actually, keeping "find next" pressed, the only thing that updates on the screen is the file offset - in other words, each 512-byte block is encrypted separately: ohmy ohmy ohmy tellme

Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.

I'll keep on digging a bit more, see if I can find out which encryption algorithm they use (oh, that's not listed on their website either, is it? That's also a pretttttty bad sign).
104  Main Area and Open Discussion / General Software Discussion / Re: Folder protection on: March 29, 2013, 04:18:55 PM
I assume you mean that someone that stole the machine will try to look for decrypted temp files left by program(s)that work on a decrypted copy of my confidential files, am I right?
Yep - a common thief probably wouldn't do that, but if your stuff is "confidential enough" and you're being specifically targeted... it's a very real concern.

I have been think the same thing, may be I can create a temp folder for all those programs and had that temp folder wiped by a wiping utility periodically.
That won't work, because of the way filesystems work - you'll need to wipe each file individually before deleting... or you can ensure your partition is always fully defragmented, and use a "wipe free space" tool (those can also leave a bit of residue behind: free disk space wiping is a best-effort kind of thing, there's no APIs to handle it - so a wiping program basically has to try allocating the largest possible file it can, then wipe that).

If you use TrueCrypt, none of that is necessary. It works at driver level, meaning your data never hits disk unencrypted(*), and since it's not just an explorer hack, there's no way around this encryption.

(*): again, unless windows decides to swap to the pagefile - or some program you're using likes to make temporary files somewhere else smiley

I just browse through the folder protect program mentioned by dr_andus on their web site, it seems that the program is doing encryption and decryption on-the-fly and not simply a block to the access of the folder.
I'm going to take a look at it in a few minutes - the information on their website doesn't leave me with a very good feeling; there's no mention of just how the protection is done, which is a big warning sign when dealing with protection software... and the ease with which using it on a portable USB drive is described also rings some warning bells. But I'll take a look smiley
105  Main Area and Open Discussion / General Software Discussion / Re: Folder protection on: March 29, 2013, 03:53:57 PM
It's not a recommendation, but just saw something called "Protect Folder" on sale at BitsDuJour today, in this sort of area...
Quote
Protect Folder lets you protect files, folders, and removable drives using a secure password, on-the-fly. With Protect Folder, there's no need to manually encrypt and decrypt files as you go about your business - instead, the program automatically performs encryption and decryption, silently and quickly, in the background as you work.

Haven't looked at that program, but my gut reaction to a claim like that is "stay the hell away" - a false sense of security is worse than no security.

Currently, my confidential data files are encrypted in a WinRAR file. Let's say someone stole it, it is really that easy to decrypt it? I mean, no matter what password I use?
Afaik RAR uses AES256 encryption - if you use a strong passphrase, the RAR archive should be safe enough (given that they haven't made any stupid security bloopers). This workflow means that you'll be extracting the files temporarily, working on them, and RAR'ing them back up - that would make the data very easy to retrieve if somebody stole the machine or its harddrive.

Treat me a newbie and tell me  whatever you think I should be aware in term of keeping something confidential on my PC (which of course is linked to the outside world with internet)
One could argue that it depends on how confidential something is - to me, confidential means "doing things right", which also means guarding against a stolen harddrive.

Programs offering "folder level protection" (and marketed) as such are likely to only offer only mediocre protection (like, using shell extensions to block access), and not do any kind of encryption (thus being useless against offline attacks).

TrueCrypt is tried-and-tested security, it's free and opensource, doesn't leave unencrypted residue around(*), and Just Plain Works. Yes, it does mount the encrypted partition or container-file as a drive letter - but if you can point your programs to a specific folder, you should be able to point it to the root of a drive (or a subfolder there) as well?

It has a bunch of auto-dismount options (logoff, power saving mode, idle-for-X-minutes, ...), it has panic key for the paranoid, et cetera.

(*): there's still the possibility of windows deciding to swap out memory to the pagefile, which can be a real problem - but you'd still have that with any other approach as well, and it's not as severe as recovering an entire plaintext file as the "extract-work-compress" workflow opens you up to.

106  Main Area and Open Discussion / Living Room / Re: The Supreme Court makes a rational decision! on: March 29, 2013, 03:30:35 PM
Does this apply to pharma meds?
Probably doesn't matter - given patents and the FDA smiley
107  Main Area and Open Discussion / Living Room / Re: Does anyone here use Bitcoins? on: March 29, 2013, 02:19:25 PM
But you know who are and will continue to really make out like bandits with this? The guys with the botnets, distributing malware with bitcoin miner software, getting unsuspecting users to generate BTC for them when their computers are idle.
Indeed - hence why I think the currency should be renamed "botcoin". The whole thing has always seemed extremely shady to me - like, the original author using a pseudonym, the guy who came to #doco and wanted *us* to write articles about it, et cetera. But I guess I wouldn't want to reveal my real name if I had conjured up a Get Rich From Botnets plan smiley

On top of that, I'm pretty much with 40hz. Enjoy the bubble before it bursts.
108  Main Area and Open Discussion / General Software Discussion / Re: Folder protection on: March 29, 2013, 01:44:39 PM
I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all? smiley
109  Main Area and Open Discussion / Living Room / Re: In search of ... opinions on AMD vs Intel graphics cards on: March 21, 2013, 05:47:05 PM
Haven't compared specs (you didn't give much info on the Intel system anyway smiley), but the AMD one will likely have the fastest graphics - Intel has come a long way with their HDxxxx graphics, but still lag behind... AMD bought up ATi, so, yeah...

If you don't need fancy 3D graphics, you might want to look at power consumption instead - Intel is likely going to have the upper hand here, as well as on CPU grunt, depending on which Intel CPU is in the Toshiba laptop. AMD just haven't been able to keep up since core2 was introduced, which is a shame (and quite a few yeas ago now).
110  Main Area and Open Discussion / Living Room / Re: Wrigley Making Caffeinated Gum - New Alert Energy Caffeine Gum on: March 21, 2013, 10:05:59 AM
Hm, I think ThinkGeek used to sell caffeinated water - brew your coffee with that.

Caffeine pills used to be over-the-counter in Denmark. As usual, some stupid brats managed to mess that up smiley
111  Main Area and Open Discussion / General Software Discussion / Re: ironshield antivirus on: March 21, 2013, 07:46:12 AM
@f0dder - maybe you should ask the guys over at Cisco that question?
Yeah, saw that yesterday - efiin' insane.

Oh, and nice pic you chose to go along with the story Thmbsup
112  Main Area and Open Discussion / Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content] on: March 21, 2013, 07:45:20 AM
Lance Armstrong cycling on drugs: (see attachment in previous post)
BWAHAHAHAHA~~~~!!!
But... HOW high? :-)
113  Main Area and Open Discussion / General Software Discussion / Re: Data Execution Prevention notes on: March 20, 2013, 05:58:07 PM
I don't think I've come across (official) printer driver software in a long time that wasn't extremely tacky, garish, and completely useless. I usually try to find a way to extract just the necessary driver files, as I can't stand that "value-added" crap smiley. Goes for my Pixma ip2600, but at least the printer works decently, and I didn't have to work too hard to get the non-crap files (found a clean Vista driver that works on Win7, rather than the ├╝berbloated Win7 driver).

It sucks that there's so much poorly programmed software that b0rks with DEP enabled - it's due to bugs or pesky compression/protection software that's trying to be a bit too sneaky for it's own good. With such a relatively short list, I'd personally add DEP exceptions and keep EMET installed, though.
114  Main Area and Open Discussion / Living Room / Re: When it comes to EA, it just keeps getting better - or worse... on: March 20, 2013, 05:52:08 PM
Now, how much and what kind of REALLY BAD DRUGS does somebody need to come up with to design a system that launches local games by installing a custom URL handlers Wtf is wrong with these people?
I think Valve (Steam) was on some really strong drugs.  Everyone else just copied them without the high.
Ugh Valve did (does?) that as well? And started it? *sigh*

I generally like Steam pretty well, but protocol handlers to launch games is just... plain old fscked up.
115  Main Area and Open Discussion / General Software Discussion / Re: Data Execution Prevention notes on: March 20, 2013, 02:44:12 PM
Hm, with EMET 3.0 you should be able to set your system DEP to "Always On", but configure individual apps to not have it - not sure if that'd work for a printer driver (would most likely be a DLL loaded into the printing process' address space?) - but should work for other stuff.

Don't think I've ever run into crashing apps because of EMET - I've got DEP always-on, SEHOP app opt-out and ASLR app opt-in. Haven't seen it protect me from malware either, but in case anything should ever slip by my panzered firefox, at least it's an extra layer of mitigation smiley
116  Other Software / DC Gamer Club / Re: Bastion's dev announce a new game! on: March 20, 2013, 02:34:38 PM
Hm, heavily pushed? Yeah, you switch to new weapon immediately when you pick it up, which kinda sucks - they should've either made an armory very close to each new weapon so you could switch back, or there should've been some special game mechanics on the level requiring the new weapon...

But other than that "very special thing" at the very last level, you weren't really forced nor heavily pushed to use the new weapon?
117  Main Area and Open Discussion / Living Room / Re: Can you inagine a world without any personal privacy? Because it's here. on: March 20, 2013, 09:20:03 AM
I'll start it off with this one from Business Insider in that other thread and start the bidding at TWENTY!
I'm only seeing Ghostery block 6 on their front page - perhaps because of RequestPolicy? smiley
118  Main Area and Open Discussion / Living Room / Re: When it comes to EA, it just keeps getting better - or worse... on: March 20, 2013, 02:46:41 AM
Now there's news of a verifiable security flaw in EA's Origin platform can facilitate local vulnerability exploits on Origin user's PCs.
At first I was "meh, local exploit - whatever". Decided to take a look anyway, flipped through the ReVuln PDF (linked to from the Vimeo site), and turns out it's slightly more interesting - allowing you to launch arbitrary processes on systems that have Origin installed, if you can get it to launch an URL. It's still fairly boring technically, but could actually be dangerous.

Now, how much and what kind of REALLY BAD DRUGS does somebody need to come up with to design a system that launches local games by installing a custom URL handlers Wtf is wrong with these people?
119  Other Software / DC Gamer Club / Re: Bastion's dev announce a new game! on: March 20, 2013, 02:38:28 AM
I really liked Bastion.

True, gameplay is pretty much same old same old all way through, but atmosphere & aesthetics was what kept me glued to it. A lot of the late-game weapons are pretty crappy and boring (so I went for relatively early highly-upgraded ones), and I'm not super fond of the last one or two levels - other than that, I felt it was well worth playing through, though. And it had a reasonable length for my attention span smiley

So if the devs can make another game that's as polished and atmospheric, I'm all over it.
120  Main Area and Open Discussion / General Software Discussion / Re: ironshield antivirus on: March 19, 2013, 04:12:49 AM
  And if your using Open Source Code, don't that open a channel for hackers to figure out how to bypass it?
It's somewhat easier to hunt for juicy bugs if you've got the source code - but there's some very powerful binary analysis programs available as well (though not to the general public).

At any rate, it's a moot point - both the Windows and Linux kernel have had stuff like 10-year outstanding local privilege escalation exploits, and you can be sure they still both do - just not (publicly) known yet. And closed vs. open doesn't matter that much, since there's serious money in malware these days. If it's there, they will find it.

Linux does have the advantage of getting bugs patched faster once they're found - but there's also been reeeeal oopsies like Debian getting rid of proper SSH randomization because a developer didn't understand Valgrind properly (why does a person like that deal with security-crucial code?)
121  Main Area and Open Discussion / Living Room / Re: Advice needed re: locking windows kernel in RAM on: March 18, 2013, 07:40:43 PM
I have plenty of RAM on my desktop PCs (6 and 8 Gb respectively), so my question was academic and your responses anticipated. This topic is kinda in the same category of " should I use a RAM disk?"
I used to do this back in the days when I didn't have enough RAM to disable the pagefile entirely.

Now, the following quite from Ath makes sense logically:
And forcing the kernel into RAM on a low memory system, so it's even more busy swapping the currently active application in and out of memory, instead of some kernel code you're not using (much) at the moment?
...but the real-world effect was a system that ran somewhat more smoothly. With DisablePagingExecutive enabled, Windows "recovered" faster (with lots less page-in activity) after, say, exiting a memory-hungry game. And I never ran into any adverse effects by having the setting enabled.

Dunno if there'd be any idea of doing it when you've running without pagefile. While there's nothing to page-out to, perhaps the setting could influence whether unmodified code sections are discarded and later page-in'd? *shrug* - not like I'm ever running low on memory on my current rig smiley

But on old systems with limited RAM and slow harddrives? It's worth checking out - depending on how you're using the system, it might be a performance increase.
122  Main Area and Open Discussion / General Software Discussion / Re: ironshield antivirus on: March 18, 2013, 10:02:18 AM
Given the kind of results google returns, this seems pretty fishy.
123  Main Area and Open Discussion / General Software Discussion / Re: MagicRAR Drive Press - worth anything? on: March 18, 2013, 09:42:10 AM
Interesting development - thanks for the info, Zatronium, and thanks to mouser for the extra bit of investigation. So... SimonKing probably didn't write a single line of code, but just rebranded Comprexx? Cute.

I agree that one should not be using the gung-ho NTFS compression on an SSD - already written it in previous posts, but it doesn't hurt repeating smiley
124  Main Area and Open Discussion / Living Room / Re: The Evil Empire being sued by... a former-Lucas property? on: March 16, 2013, 02:11:19 PM
So, a former property of the creator of a fictional Evil Empire is suing an Evil Empire... love it!
Kiss tongue
125  Main Area and Open Discussion / Living Room / Re: Google Reader gone on: March 14, 2013, 05:02:12 PM
feeddemon is gone too Sad

http://nick.typepad.com/blog/
Yeah, again - http://www.donationcoder....33306.msg320765#msg320765 .
Pages: Prev 1 2 3 4 [5] 6 7 8 9 10 ... 350 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.048s | Server load: 0.24 ]


Share on Facebook
submit to reddit