Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

4/23/2019

Throw Away Drives

Filed under: Advice from your Uncle Jim,Never trust a Network Admin with a screwdriver,The Dark Side,The Day Job — Posted by the Network Geek during the Hour of the Rooster which is in the early evening or 7:00 pm for you boring, normal people.
The moon is Waning Gibbous

Please, be careful.

We tend to treat USB thumb drives as essentially disposable these days, which, considering their low cost, they basically are.  At least, in one sense.  The problem is, those cheap, little drives still store an awful lot of data.  I recently read an article titled “You left WHAT on that USB drive?!” where the authors talk about several studies, formal and informal, where researchers scooped up random USB drives, either from eBay or the lost and found, to see what was on them.  The results are a little terrifying.  According to the article, “…about two-thirds of second-hand USB memory sticks bought in the US and the UK have recoverable and sometimes sensitive data. In one-fifth of the devices studied, the past owner could be identified.”  What’s more, in the case of one study, out of 200 drives, only 34 of them had been properly wiped out.  That’s just 17% of the drives.  Several had been formatted, but still had data that could be recovered off them.  Yes, that’s right, even reformatting the drives does NOT guarantee that they will be properly wiped out.

What’s more, the data that was left behind was of a very sensitive nature in many cases.  Everything from tax information to naked photos to photos of a soldier on deployment and at home, including the soldier’s address.  And, again, reformatting is not enough.  At least 8 drives out of the 200 examined had been reformatted, but had data on them that could still be recovered!  So, what can be done?
Personally, I tend to use USB drives until they absolutely don’t work at all any more, and I try not to put personal data on them in any case.
One solution is to get a USB drive that can be encrypted.  I’ve used several versions of the LaCie Imakey that includes an encrypted partition and utilities to manage it, but that doesn’t seem to be available any more.  A replacement might be the Kingston Digital Data Traveler Locker, which lets you set a password to restrict access, as well as doing hardware encryption of some kind and even backing up to the cloud in case the drive gets lost.  Granted those drives can get a little pricey, but how much does it cost to deal with the potential identity theft that lax personal security might bring?

If you have drives, USB or otherwise, that you’re looking to get rid of, then at least sanitize them before they go.  There are a lot of articles and utilities available to help you with that.  One that covers pretty much every drive you might have is How to securely erase external hard drives, SD cards, or flash drives, which details the steps as well as suggesting utilities to help you.  Now, for the most part, I assume that if you read this blog, as opposed to my other blog, Use Your Words, then you’re a geek like me and can handle more than consumer-grade procedures and software.  If that’s the case, or you’re feeling particularly brave, one great utility I’ve used is Darik’s Boot and Nuke aka DBAN.  It’s a free ISO you can download to make a bootable disk/drive that will let you securely wipe a drive before disposing of it.  It’s simple to use and free, but if you’re not comfortable burning an ISO to a disk or thumbdrive, then I’d recommend getting a more consumer-friendly product.

Either way, it’s a scary world out there to let your precious data roam free without a keeper, so be careful with those cheap, “throw away” drives.  If you’re not careful how you use them, they could get pretty expensive.


Advice from your Uncle Jim:
"When you handle yourself, use your head; when you handle other, use your heart."
   --Donna Reed

8/4/2017

Surveillance Self-Defence

Filed under: Fun,Geek Work,News and Current Events,The Dark Side,Truth and Consequences — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:00 am for you boring, normal people.
The moon is Waxing Gibbous

Also known as “opsec for computer users”.

Though, to be fair, most computer users don’t actually need this kind of operational security. And, they certainly don’t refer to it as “opsec”, like I just did. These days, I pretty much keep my nose clean and my mouth shut, even online. I mean, look, the average troll on a message board really isn’t worth my time, especially at my consulting rates. What’s more, I have never, ever seen anyone convince someone with an argument, no matter how well reasoned, that the listener’s position is, in fact, wrong and the speaker really is the political/cultural/media genius that they both think they are and claim to be. I mean, literally, not a single time. Not even when I’ve been the one making the arguments!

Still, there are those last few idealistic “true believers” out there who continue to throw themselves against the colossus that is the internet comment board, or, worse, the government. (And, let’s face it, no matter who’s government it is, getting them to change is a pretty monumental task!) Those brave souls need to keep themselves safe. It’s for those crusaders that the Electronic Frontier Foundation created their series of tutorials which they’ve grouped together under the heading of Surveillance Self Defence. And, let me tell you what, these are some really smart people who have made some really great tutorials on staying safe, and as anonymous as necessary, on the internet while you protest against or agitate for your cause.
They’ve also been fighting for you, whether you know it or not, for years. Since 1990, the Electronic Frontier Foundation, also known as the EFF, has been fighting to keep your free speech alive, especially on the internet. They’ve fought everyone from the MPAA to the U.S. Federal Government and won often. You can read about their legal victories on their website.

In any case, the EFF is a worth cause, to whom I donated anonymously at DEFCON 20, and opsec is pretty important, too.
So, all in all, not my usual “fun” for a Friday afternoon, but still good to talk about.
Come back next week to see what else I have to share!

This post originally appeared at Use Your Words, my other blog!

4/15/2016

Security In A Box

Filed under: Geek Work,Red Herrings,The Dark Side,The Tools — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:00 am for you boring, normal people.
The moon is Waxing Gibbous

First of all, you should know I’m talking about computer security, not home security.

Secondly, know that “in a box” really means something more like “all in one place”.
I’m suggesting this site this week because security is on my mind.  Not only in a corporate sense, but in a personal sense.  In a professional setting, I’ve brushed up against something that could conceivably heighten scrutiny of my own personal foot-print on the internet.  And, I’ve had a particular address from a particular Eastern European country banging against on of my WordPress installations pretty hard this past week.  All of which added up to me checking my collected links for a security themed site I could share with you all.
The site is called Security In A Box and it’s a collection of tips, advice and links to programs meant to help keep you safe on the internet.  Their advice covers everything from creating good passwords to staying safe on social media.  And, they have group-specific suggestions for special interest groups who might have an additional level of scrutiny, either by other special interest groups or governments.  It’s quite a good site for everyone, of course, but of special interest to anyone who might find themselves at the sharp end of one of the many sharpened sticks running loose on the internet without keepers.

So, stay safe this weekend and enjoy the lovely weather while it lasts!

4/17/2015

Scientology Petition

Filed under: Criticism, Marginalia, and Notes,Deep Thoughts,Life, the Universe, and Everything,News and Current Events,Red Herrings,The Dark Side — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:04 am for you boring, normal people.
The moon is Waning Crescent

I don’t normally post inflammatory things, but I think this is really important.

Long-time readers and friends will know that I have strong, and negative, feelings about Scientology.  Whatever Scientology started out as when L. Ron Hubbard first envisioned his “plan for living”, it has become, in my opinion, a dangerous cult-like organization that hides behind it’s religious status while actually being focused almost entirely on making money.  Based on documentaries and books and news stories of various kinds, I believe…
Read More

10/17/2014

Destroy All Robots!

Filed under: Fun,Geek Work,Red Herrings,The Dark Side — Posted by the Network Geek during the Hour of the Tiger which is terribly early in the morning or 5:56 am for you boring, normal people.
The moon is Waning Crescent

Or, at least, all robocallers.

So, lately, I’ve been digging through my files, finding links I saved ages ago to share with you, my few loyal blog readers, and I’m the first to admit that it’s been a mixed bag.  Some have been fun.  Some have been lame.  But, this one actually solves a problem for you.

Do you get automated calls?  Maybe you signed up for a catalog ages ago, or maybe you thought that timeshare in Miami was going to…
Read More

8/29/2014

Cryptolocker Rescue

Filed under: Geek Work,News and Current Events,The Dark Side — Posted by the Network Geek during the Hour of the Monkey which is mid-afternoon or 4:10 pm for you boring, normal people.
The moon is Waxing Crescent

This ought to make me look like a hero at my new gig.  Again.

On a whim, I searched for a CryptoLocker decrypter this afternoon, because the old place I worked at and the new place I currently work at were both hit by a CryptoLocker virus.  Now, at the old place, we mostly had everything backed up.  At the new place, not quite so much.  I mean, everything is backed up now, but it wasn’t before I got here and they got hit with the virus.
In any case, I had a couple of files I wanted to get into that were hit with the virus.  So, naturally, I went to search for something to help.  Because, you know, it’s been a while and maybe someone had come up with a solution, right?
Well, as it turns out, they have.  FireEye, who I’m familiar with and Fox IT have setup a free service at Decryptolocker that will let you download a decryption program and upload an encrypted file, which they will use to generate a decrypt key that they send you via email.  When you get that, you follow their super simple instructions to decrypt your file.  It’s a command-line utility, but, hey, it works.

And, yes, I’ve tried it.  It took all of ten minutes to get the email with the key and then I was able to decrypt any of the effected files that I tried it on.
This restores my faith in humanity just a little!

6/20/2014

A “New” Way to Prevent Photo Theft

Filed under: Fun,Red Herrings,The Dark Side — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:00 am for you boring, normal people.
The moon is a Third Quarter Moon

No, those quotation marks aren’t ironic.

Last year, in August, I wrote about a free service called LensTag that would help you track your camera gear if any of it went missing.  Well, they’re back in the news for another service!  This one was discovered by accident by their president’s wife who mistakenly turned on the tracking for her camera when a couple of flashes got stolen.  It turns out, she started getting notifications about where her photos taken with that…
Read More

5/27/2014

Keeping Windows XP Alive

Filed under: Advice from your Uncle Jim,Geek Work,MicroSoft,Never trust a Network Admin with a screwdriver,News and Current Events,The Dark Side — Posted by the Network Geek during the Hour of the Snake which is just before lunchtime or 11:49 am for you boring, normal people.
The moon is Waning Crescent

First, let me say that I don’t endorse this as a way to avoid upgrading.

Second, let me fully affirm that this is completely awesome!  And, as someone who maintains a Windows XP virtual machine to run some older software for my camera, I am thrilled to have this option, for as long as it lasts.
The hack is pretty simple, basically just adding a small entry to the Registry.  First published by Wayne Williams at BetaNews a day ago, it’s been all over the internet today.  I did it earlier on an old machine at work and it worked great.  Your results may vary.  The steps are simple and in that linked article, but I’ve included the 32-bit version of the registry file that you can just download and import to your machine or virtual machine.

Use at your own risk!
And upgrade as soon as possible!
(Here’s the link to the REG file.)


Advice from your Uncle Jim:
"Sticking to good habits is like having a savings account: when hard times come, we can take the 'investment' we've made and overcome our problems."

5/23/2014

Two Free Security Plugins

Filed under: Deep Thoughts,Geek Work,The Dark Side — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:32 am for you boring, normal people.
The moon is Waning Crescent

This week I’ve got two very serious freebies for you.

Security, as some of you may know, is near and dear to my heart.
In my day job, I’m a system administrator and constantly worried about security.  It’s a huge issue.  Lately, you all may have been hearing news stories about the “Heartbleed SSL vulnerability” which, in theory, could endanger your personal login information, as well as other account credentials or other things you’d want to keep private.  It’s not entirely clear…
Read More

3/25/2014

Keyless Entry Tools!

Filed under: Fun Work,Life Goals,Never trust a Network Admin with a screwdriver,Review,The Dark Side,Things to Read — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:21 am for you boring, normal people.
The moon is Waning Crescent

RetirementPlanningKeyless entry tools may be a bit of a misnomer, but, technically, that’s what I’m talking about in this very special Tools for Tuesday post.

Actually, since I missed posting a tool last week, I’m going to mention several tools in this week’s post.  The difference is that these tools are all related.  Of course, all these things are related to lock picking, sometimes referred to as “lock sport” or “steel-bolt hacking”.
We’ve all seen this on TV or in the movies.  The hero, or anti-hero, needs to get into a room for some reason, only to be confronted with a locked door.  A locked door that would stop the average person, but not the hero of the story we’re watching.  Instead of being stymied by this apparently insurmountable obstacle, our hero, or heroine, simply pull out a set of lock picks with which they proceed to fiddle about with, often by the light of a flashlight held in their mouth, until the formerly locked door is suddenly, almost magically, opened.  Who among us has not wanted to be able to do the same thing?  How many times have we found ourselves on the wrong side of a locked door, wishing we had a set of lock picks with which to quietly gain entry to whatever is on the other side of said door?  And, perhaps more commonly, how often have we simply forgotten our keys, to home of office, and wanted to avoid the inconvenience of going to fetch them or find someone who could let us in?

Well, I have long wanted to be able to do all those things at one time or another.
In August of 2012, while attending DEF*CON 20, I finally got my initiation into the world of lock picking.  Or, as I more often prefer to euphemistically refer to it; keyless entry.  I spent several good hours at the Lockpick Village put on by TOOOL, The Open Organization of Lockpickers.  It was there that several very patient people taught me the basics of lock picking.  There were other opportunities to learn things like bumping and impressioning, as well as learning how to bypass locks other than the standard door lock or keyed padlock.  I haven’t had the time, or opportunity to explore those non-picking tools too much yet, but several of the tools in the photo above came from TOOOL.  TOOOL sells a fine starter’s set of lock picks and tension bars, which I bought at DEF*CON and can be purchased via their Equipment page.  You can see the two picks I use most often, and a tension tool on the right, resting on top of the TOOOL leather case.
I like these picks and tension tools because they’re light, but sturdy and relatively economical.  They also have nice sized grips which feel comfortable in my meat-hook-like hands.  It’s important that I feel like the tools I’m using to open a lock aren’t constantly in danger of breaking off in said lock, further complicating my opening of it.  These tools do that quite well, and look good while doing it.

The other thing in that photo which came from TOOOL is the progressive training locks, as they call them, though they’re really just specially prepared tumblers.  They’re in the large-ish grey thing near the middle of the photo, which I refer to as a lock picking vice, perhaps incorrectly, and which I’ll describe in a minute.  Actually, to be specific, the three training locks in the vice are the first three of a complete set of ten.  They start with a single pin in the tumbler and go all the way up to six pins in a tumbler, for the first, “normal” training locks.  The last four are a special spool-shaped pin, which is harder to pick, and go from one pin up to four pins in the “security” training lock set.  To get the entire set of ten ran me $120 before tax and shipping, but they are totally worth it.  In theory, I could have gotten ten of my own locks, stripped them down to just the bare necessities and pinned them out myself, but I can guarantee that they would not look as neat as these.  And, that’s assuming that I could find a source for the spool-shaped security pins for those last four.
I just got these recently, and I think it was just in time because my skills were getting pretty rusty!  I hadn’t touched my picks in a couple of months and found myself completely unable to pick a simple padlock that used to take me a couple of quick seconds to open.  It was mortifying!  I should note, these training locks are a little looser and easier to pick than a real-world lock, but that’s intentional.  The idea being, of course, that you need to get the feel for it before graduating to a real lock.  Incidentally, a standard padlock usually has four pins.  The average American door lock, like we normally use on houses, has five pins.  And, I’m told, that normal European door locks, like would be used on most residential doors, use six pins.  So, that’s why the training locks are pinned the way they are.  They make a logical progression of difficultly with real-world application.

When I found the Tri-Pik, as I call it, I was actually looking for something else, but I was thrilled.  The “Deluxe Adjustable Tri-Pik LOCK PICKING Holding Fixture“, as it is called on the website where I found it, is pretty fantastic.  In fact, I’d just about call it essential to my reintroduction to lock picking.
The basic idea is this; a real lock would be surface mounted in, say, a door, and would leave me both hands free to manipulate the tension tool and pick, and this tool lets you simulate that.  Without this, I would be holding the training lock in one hand, keeping tension on the cylinder via the tension bar with that same hand, while manipulating the pins with the pick in the other hand.  A fine way to learn, but not very realistic.  The Tri-Pik fixes that.  It is so named because it’s designed to let me mount up to three training locks in it at once, locking them in place via a hand-tightened set screw from below.  It’s quite a good system.  Simple, but effective, and reasonably priced at $35 plus tax and shipping.  I cannot recommend the Tri-Pik enough to someone learning how to pick locks.  It’s really, really fantastic.

Oddly enough, I found the Tri-Pik while looking for the fourth tool I’m mentioning today; the Southard Jackknife Lockpick Set.  I had seen this at DEF*CON, but I was a little hesitant to buy one, since I was flying back to Houston afterwards and didn’t want to have it mistaken for a knife and taken from me by a TSA agent.  But, now that I’m back, and it turns out the NSA has been watching all of us all along anyway, I decided to go ahead and get one of these little beauties.  Eventually, I’ll add this into my “every day carry”, so I’ll always be able to open doors, but first, I need to practice with it a bit.  Obviously, the idea is to fold it all up like a pocket knife and carry it with you, but the genius, in my opinion, is how they handle the tension tool.  It fits over the top of the folded-away picks, with one end sliding into a tight, narrow opening in the center of the main body of the tool set, using tension to keep it all together.  It works quite well and provides the amateur locksmith with a complete set of tools including; the tension tool, a long hook pick, a diamond-shaped pick, a half circle pick, a “snake rake”, an alternative rake and a diamond-shaped broken key extractor.  Add to that a really nice mechanism hold the picks in both a closed and “ready to use” position and you’ve got a great, portable toolset here for just under $40, before tax and shipping.  A fantastic deal in my opinion.

The last “tool” is really a book.  Namely, the very good lockpicking primer, [amazon_link id=”0970978863″ target=”_blank” container=”” container_class=”” ]The Visual Guide to Lockpicking[/amazon_link].  I have to admit, even though I had this book long before I learned how to pick locks at DEF*CON, I found it just a little too intimidating and confusing to use before I had some hands-on experience.  Now that I do, however, I can see just how good a resource this is.  It covers the majority of mechanical locks that a self-taught locksmith might encounter and have to deal with, including tubular locks and locks with pins on both the top and bottom of the cylinder, which are both challenges I have yet to master.  While no substitute for a good teacher, this book really is a great place to start if you can’t get direct instruction and has fantastic illustrations explaining the entire process.  It’s well worth the $15 or so that Amazon.com is asking.  (And, yes, if you buy a copy from that link, I get a credit.  Thanks!)

Incidentally, if you can’t quite figure the connection between “network geek” and “lockpicking”, the answer is far simpler than you might imagine.  In the early days of computers, the best of the best were pretty much all at M.I.T.,where it is widely believed the term “hacker” originated, and, to get access to computer labs, and a place to crash while programs ran on the big, old iron that were computer systems back then, the hard-core computer geeks all became locksmiths so that they could get the tools to pick locks and never be on the wrong side of a locked door.  Or, at least, that’s what I read in [amazon_link id=”1449388396″ target=”_blank” container=”” container_class=”” ]Hackers: Heroes of the Computer Revolution[/amazon_link] by Stephen Levy back when I was just getting started in IT.
So, yeah, that’s a mess of tools for Tuesday this week and a peek into the crazy way my mind works.  I hope it makes up for missing last week!

Next Page »

Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.