Should we let the FBI access our encrypted data?

The strong encryption debate… I have been researching FBI Director James Comey’s “Conversations” with the House of Representatives and with U.S. Senators, as well as anything having to do with the subject for the past 6 months or so. This has been taking up most of my time, as I am using the research for several courses in my last semester at W.G.U. My first research paper is for my English course and it just needs to be about 10-15 pages, however it has been taking me a long time since I keep finding more sources, and I am just about done with my annotated bibliography. This bibliography needs to have 10 sources cited using A.P.A formatting, along with a summary, Source Credibility, and Source Relevance for each source. This ‘annotated bibliography’ is almost 10 pages long itself, and I am looking into cutting it shorter to save some of this information for the actual paper.

Anyway, my thesis is similar to the following…
The United States government should not implement legislation to require device manufacturers and internet communications firms to put backdoors into their devices for law enforcement to be able to access users' encrypted data because this would only hurt United States companies since users wanting encryption would simply use services and devices from outside the United States and further complicating encryption with mandated exceptional access will only cause already complicated software to become more complicated and therefore will lead to more vulnerabilities. Backing up my argument I use the relatively small amount of available credible sources on this subject. I have had to use Hearings on C-Span and magazine articles since I have only found about 5 scholarly journals on the subject (available without paying a fee online).

Now of course, anyone who really understands encryption knows that only the sender and the receiver should be able to know what is in the message. However, this has actually become rare, as cloud services often keep a key that they use to be able to get into your data if they are presented with a court order. For example, Dropbox, OneDrive, and Google Drive all tell you that your data is encrypted, but that doesn’t mean that the provider cannot find out what you are storing, as long as you don’t pre-encrypt what you upload to the cloud, they have to be able to show you your data, like when you use a browser to access your cloud storage. This means that if the government goes to Google and gives them your email address, they can access your cloud drive data and give it to law enforcement. There are solutions that allow you to pre-encrypt your data before you send it up there (into the cloud storage) but what then happens is that if you use the providers methods of accessing the data, it will then be encrypted and unreadable until you use your encryption solution to enter the key and then be able to read your data again.

New York and California are attempting to pass legislation that will require device manufacturers to be able to decrypt any devices sold in those states, however, it is easy enough to purchase a mobile phone from anywhere in the world on the internet, so I don’t see how this is going to affect terrorists or criminals, who will most likely just purchase phones from elsewhere if this becomes law. If you want to read my paper you can download it from the following link, just click below and save it to your computer.
Encryption: Decriminalizing Necessary Security – DOI: 10.13140/RG.2.1.4874.0888

Hack Proof Your Clients And Servers in a Day – (Ignite Session)

This video was recorded at Microsoft Ignite conference last week, and it was one of my favorite sessions. Marcus Murray and Hasain Alshakarti demonstrate some hacks using the Metasploit Framework, Mimikatz, and PowerShell. They show you how easy it is to gain access to any system, to steal the passwords from Windows servers and clients, and also how easy it has become to evade anti-virus. They also offer many reasons why you should not be using the same passwords on more than one website. My advice is of course to start using LastPass everywhere. Here’s a referral link for Last Pass Premium: … Enjoy the video@!

Microsoft releases fix-it for IE 8 0-day- Hackers Steal 45 million from ATMs

2 Big Stories today I want to mention…. Microsoft once again rushed to release a hotfix for all of its’ Windows XP users that were stuck on Internet Explorer 8, as there was a zero (0-day) day vulnerability found last week that was utilizing around 9 different popular websites to redirect unsuspecting users to Exploit Kit Malware attacks. This 0-day was so important because any business or home user that still has a 32-bit Windows XP computer is forced to use Internet Explorer 8 for Windows Updates. This exploit was first seen on the United States’ Department of Labor website. All a user had to do while browsing with IE8 is visit a specific frame and they were automagically redirected to a malicious black-hole website that served up enough malware to take over their computer. Brian Krebs reported ” several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software.” If you are running Internet Explorer 8, or if you are on WIndows XP then you need to go and download and run this Microsoft Fix-It before your computer becomes part of a botnet…. or you could risk it and wait until Tuesday. This exploit is already part of Metasploit and at least 8 other websites have been fingered as also hosting this attack.

In other news, most likely one of the most profitable ATM hacks in history has been thwarted and it is now being reported that 1 young hacker is dead and 7 more face trial after being busted after stealing $45 million in a cyberheist that had cybercrooks actually going to thousands of ATMs with hacked debit or credit cards and collecting cash all over the world. It looks like they actually were able to lift the daily limits that are placed on credit/debit cards, and were able to literally collect as much money as the ATM’s had in them before being caught. explains the heist rather well, so i will pass it off to them and you can read it here…

Emetv4 Beta adds new feature “Audit Only” to protect from crashes

Emet v4Beta was first introduced here on the Microsoft Security and Research Defense Technet Blog. I have deployed the v3.5 tech preview to most of my secure workstations, so I inquired about upgrade paths and it looks like you should uninstall previous releases as well as delete the Emet registry keys before installing Emet v4 Beta. The registry keys to delete are located at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEMET*"

If you want to download the Beta version, here is a link to the download page. I have just begun testing out this new version, and so far the best feature that is now included is the option to only audit and not crash the program. Also, when an application trips a mitigation response, you can see one or more little boxes that pop up in the lower right hand corner of the desktop, and in some cases the boxes quickly blink and scroll up the screen as the exception happens multiple times. Then you can go into the EMET control panel and turn off the mitigation that is mentioned in the box if you want the program to continue to run despite the issue.

For example I have only had problems with the SimExec mitigation, and it has so far affected Internet Explorer and Microsoft Word 2013. I went in and disabled the SimExec settings for these applications and have not had any more problems running Word or IE so far. Once you install the Beta you can read the manual located in the Program Files directory.
32 bit Windows: C:Programs FilesEMET 4.0 (Beta)
64 bit Windows: C:Programs Files (x86)EMET 4.0 (Beta)

Update on OneNote update KB2760600 problem still waiting for response.

I have notified Microsoft about this issue and it is being investigated internally. They have kept it pretty quiet so far, but I am sure there will be a response eventually. In case anyone doesn’t know what the problem is, it goes like this… After a Windows 8 Pro computer with Microsoft Office 2010 32 bit installed, the Windows Update from March 2013 KB2760600 is attempted and the user is asked to reboot. Upon rebooting, all other updates install smoothly, yet there is one last update that refuses to install and reboot the computer. The screen looks like this:

OneNote update KB2760600 hangs on restart

KB2760600 hangs on restart

. In fact, this has happened everytime I reboot my computer even after hiding the update, and if I check installed updates, this update is listed as installed, but I know this is the problem, because if I unhide the update and check for updates again, this is the only update that shows up.

Some users on the Microsoft Community forum have suggested that turning off the Print Spooler Service has fixed this problem for them, unfortunately this has not eradicated the problem on my system. (I have tried it twice). Now my system may not be normal because I have Microsoft Office Home Premium 2013 also installed alongside Office 2010, but this should not be an issue. I have not had much time to really dive into this problem yet, as I am currently enrolled in WGU and have been spending all my time studying for exams and trying to swiftly move along in my studies.

Here are some links that reference people also having this problem…



If any of the solutions here work for you, then you are lucky. I have tried them all and everytime I reboot I have to forcefully shutdown the computer again. Anyway, hopefully this may be answered on a future episode of Defrag on Microsoft’s Ch.9 since I have forwarded the issue to Gov Maharaj and Larry Larsen.

EDIT: Apparently, it has come to light that many of the people reporting this issue actually have HP printers installed. I have not confirmed this yet, but some people have said that they uninstalled their HP Printers / HP software and then the update installed. Updates will come as soon as we verify this after testing.

Internet Explorer “RT” changes its policy towards Flash content tomorrow…

Starting with tomorrow’s Patch Tuesday updates, Internet Explorer in Windows 8 `metro’ version and Windows RT will now allow all sites to play Adobe Flash content, except for a new “Blacklist”. This is a complete reversal from the original whitelist approach that was in effect until tomorrow’s updates. What this means is that now most sites will be able to play Flash content, unless the site is Blacklisted and placed in the new updated Compatibility view list. What this update will do is actually enable Windows RT and Surface users to be able to access many sites that they have not been able to access in the past (without hacking the Compatibility List). Most likely, the reason for this change is that Microsoft has received many complaints from developers who may have been negatively affected by the Whitelist, and have been complaining to Microsoft that the old method was perhaps confusing to users, or just took too much effort to get Microsoft to whitelist their sites in order to allow tablet users to access Flash content on their devices.

This will mostly leave only Apple’s Ipad and Iphone users in the remaining frustrated users who cannot access the still largely popular Flash content enabled sites. Android users are able to get Flash content on their devices if they are technically adept and have found ways to install Adobe Flash on their Android devices. (Android discontinued Flash player many months ago, but there are still old downloads available of the now defunct Flash player for Android.

Defcon Preview Video

This is a preview of a forthcoming documentary about Defcon which was filmed at Defcon 20 and is supposed to be free when released. Enjoy the preview it is cool.

Cleaning Up after Citadel – Department of Justice Ransomware (

Citadel Malware Screen

Citadel Malware Ransomware Screen

A client of mine was hit with a variant of the Citadel Ransomware yesterday. He was just surfing the web and looking for a movie to watch, when he was hit by the drive-by download. It placed a big old warning message with Your Computer Has Been Blocked on the left and The United States Department OF Justice warning on the right, and a picture of a naked girl in a sexual position near the bottom, while asking for a moneypak payment to unlock the computer.
Upon receiving the computer, I rebooted and used a Kaspersky Rescue CD to boot and scan the harddrive. It found the following files… 4 files labeled as “” and 10 files labeled as “Win32.Katusha.n”. The exact filenames don’t matter because they are just a bunch of random letters and numbers. After I deleted these 14 items with Kaspersky, I took out the cd and rebooted.

Upon reboot, the computer came on and about a minute after being on, the warning screen came back on, which I was happy about because I wanted to get a closer look and a picture. Upon looking at the bottom of the screen I noticed there was a small black square that was blurry but changing and I moved aroung and noticed a picture of me there, as the web cam was recording and putting my picture right in the page next to the naked girl porno warning. I covered up the webcam with some tape and started to begin experimenting with the computer to see what I could do. After taking a picture of the screen for documentation purposes, I tried to do a few things and was surprised that it actually let me open up some windows and folders, I immediately noticed that it had created another false partition and a bootsect.bak. I rebooted into safemode and deleted all the recent temporary files and then used RogueKiller to run a quick scan and removal of about 8 registry keys and a batch file. I was still not out of the woods, but I was in total control of this bad boy at this point.

I downloaded MalwareBytes and let that scan and it found 15 items, mostly in the ProgramData folder. Check out the pictures for more detailed info. After deleting everything MalwareBytes found I uninstalled Microsoft Security Essentials and installed BitDefender. This is not the first time I have seen Microsoft Security Essentials fail to protect against older known malware. After removing everything to this point and rebooting, the computer seems back to normal, I am still searching through the registry and all folders for any remaining traces. Bitdefender and MalwareBytes are both returning completely clean and it really wasnt that difficult to remove this so I am still wary that there may be traces left behind. Scan findings 1Kasperskyrescuescan

Microsoft Security Compliance Manager Gets an Update (V3BetaRelease)

I have been involved in testing all aspects of Microsoft Group Policy for awhile, but I really never gave Microsoft’s Security Compliance Manager too much time, until now. I decided if I was going to really master Group Policy and everything it has to offer, that I need to utilize all the different utilities out there that Microsoft offers. I know there are many great third-party tools, but Microsoft has always offered many extra add-ons and Security Compliance Manager is one of my favorite. First I am going to discuss the old version of SCM v2.5. SCM is basically a package that you can install on your Main Administration computer which brings along a collection of Microsoft Baselines for Windows XP, Vista, 7, Server 2003, and 2008. These baselines are a combination of group policy settings that have been developed by Microsoft to offer a secure and compliant baseline for Windows XP, Windows 7, Internet Explorer 8, Microsoft Exchange 2007 & 2010, Office etc.

The Security Compliance Manager 2.5 includes all Operating Systems and Applications up to Windows 7 SP1 and Office 2010. You are able to explore the settings put into place in each of the baselines, before duplicating them, and then editing each of the settings to better resemble what you need in place for the networks that you are administering. SCM allows you to export the baselines to a Excel Workbook (.xlsm), a GPO Backup, SCAP v1.0(.cab), SCCM DCM 2007 (.cab), or a SCM (.cab). I have found the easiest one to work with in order to import the settings directly into the group policy management editor to be the GPO Backup.

Security Compliance Manager

Here is what the Security Compliance Manager looks like

I had just installed SCM v2.5 on my laptop when I thought about searching for a new version for Windows 8 and Server 2012. I then found out that in order to get the update you must join a Microsoft Connect Beta Program. So basically all you have to do is sign up and then you can download the SCM v3.0 Beta refresh. Microsoft describes the program like this … “Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta releases of Security Compliance Manager (SCM) 3.0 provide all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. The beta releases include fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.”

Note that there are 2 downloads for the SCM 3.0 Beta, the first “SCM 3.0 Beta” is the entire application and the second is “SCM 3.0 Beta Refresh” which is basically updated baselines only that you can import into the application.