Feb 23 2008

Cold Boot Attacks on Encryption Keys

Tag: Informática LegalJoaquim Anguas @ 12:11 am

Read more here.


Feb 18 2008

Forensic Marking

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 12:06 am

DOTSDOTS

Interesante post en theregister  dedicado a técnicas de marca forense usadas por las impresoras en color, imperceptibles a simple vista pero que permiten identificar el número de serie de la impresora y la fecha y hora de impresión.

Más detalles sobre la técnica descrita, y sobre otras técnicas y las impresoras que las implementan.


Feb 15 2008

«…Compilation 6000, This copy of Windows is not original»

Tag: SystemsJoaquim Anguas @ 8:10 pm

While implementing the solution described in the previous post, I managed to start the restore procedure using a boot media that was not the one I used to install –it was a Volume License media–

I realized and aborted before actually running the restore.

But to my surprise, after I rebooted a message appeared on the right bottom corner of the screen reading “Windows Vista TM, Compilation 6000, This copy of Windows is not original”.

I tried to validate through the web, it validated, but the message was still there, shouting “you’re a pirate! I’m telling the BSA!”.

Then I thought that what had messed all up, may in fact arrange it back.

So I just had to reproduce the same steps but with the boot media I used to install. And voilà! the message dissappeared.


Feb 15 2008

«Configuring Updates Stage 3 of 3 0%»

Tag: SystemsJoaquim Anguas @ 8:01 pm

After the last “Patch Tuesday” you may have found that some of your machines got into a lather-rinse-repeat cycle –seems that the endless loop disease catches more on Windows Vista Enterprise–

If after the update reboot you get the message: «Configuring Updates Stage 3 of 3 0% complete Do not turn off Computer» and some seconds after, the system reboots and it starts all over again, here’s a solution I have found:

From the comments, Marcus posts a solution for those who do not have a restore point or install media:

RE: Graham’s fix worked for me!

For those without an OS disc, Vista has repair tools built in.

To access them, boot the computer, but when you see the “Microsoft (C)” with the moving lines, hold the power button until it shuts down.

Now windows thinks it didn’t boot properly, and when you turn it back on, you should get the option to run Windows Startup Repair.

Choose this. When it loads, cancel the scan it starts (it won’t find anything anyway), and choose the text on the bottom that says something like “Show advanced repair options.” When it asks for the user, change from the Administrator to your user account, and then you’ll have access to a few more tools, incluing a command prompt where you can run fixes.

Instead of deleting the “pending.xml” files from the c:\windows\winsxs folder I renamed it, so that it can be put back later if needed. Hope this helps everyone else!

Thanks for sharing Marcus!

UPDATE:

Pieter shares this solution:

I have used the following solution.
Restart computer. Press f8 then choose option restore computer.
Choose option open command.
type: prompt winsxs (press enter)
type: move C:\windows\winsxs\pending.xml text.xml (press enter)
type: exit and restart computer.
Computer should be working again.
«

UPDATE:

And Spr-y has had a good experience trying this:

All i did was boot under “last known good configuration”, then install this – https://www.microsoft.com/downloads/details.aspx?FamilyID=5639710d-dfbf-4527-806e-9a1634d0cc8e&DisplayLang=en&displaylang=en , which wil apparently stop this happening again…«

UPDATE:

User Glissando posted this some days ago:

A follow up to my post @ 38.
It felt so good to have my computer back that I feel obliged to make it easier for anyone in my position to get there step by step,as I did. So there it goes:

  • STEP 1. As your computer restarts erratically over and over and reaches the point where you see the “(c) Microsoft” and the moving lines, hold the Power button down until it shuts off your computer completely.
  • STEP 2. Turn on computer. Now your computer is going to start in the “Windows Startup Repair” diagnostic mode. Press ENTER so that the “Startup Repair” may commence. I let it ran until the search was done and I got the message “Windows cannot repair this computer automatically”
  • STEP 3 Look down for the “View advanced option for system recovery and support” and CLICK on. You’ll be prompted to “System Recovery Option”; select your keyboard language (US) and click NEXT button.
  • STEP 4 Now you are in the “Administrator Account”. In the “User name” pop up, change “Administrator” to “user” (which is you). Than enter your usual “log in” password (if you have one on your computer) and press NEXT.
  • STEP 5 .You are now in the “Choose a recovery tool”. Go down to “Command Prompt” and CLICK on. You are prompted in to the MS DOS/ text mode.
  • STEP 6. In here simply apply Pieter magic text (as per his post @ 21):

type: prompt winsxs (press enter)

type: move C:\windows\winsxs\pending.xml text.xml (press enter)

type: exit and restart computer

  • YOU ARE DONE!

And don’t forget to backup your photos, important files and the rest on an external Hard Drive or a DVD asap!

Thanks!


Feb 14 2008

MOM 2005 and Windows Vista clients

Tag: SystemsJoaquim Anguas @ 7:19 pm

Third Systems post in a row, third about MS technologies, second about Vista and something you cannot do.

This post, as the previous one, has the only purpose of avoiding you wasting time trying to do something you simply can’t.

If you manage a monitoring infrastructure based on MOM 2005 and want to monitor the growing number of MS Windows Vista materializing in your network, you may like (or not) to know:

Anyway, as MS is not aware of any issue related to the installation of the MOM 2005 agent on a Vista client, I have given it a try –you’ll need access to ports 1270, 1271, 1272, 1433, 1434 and 137 TCP on the client to get it installed–

We’ll see the kind of information it can collect…


Feb 12 2008

Vista UAC and Server 2003 R2 based domain GPO

Tag: SystemsJoaquim Anguas @ 5:17 pm

By this time you may start having some (or many) MS Windows Vista computers sitting inside of your Server 2003 based domains.

If you play around with gpedit.msc on a Vista machine, you will find some policies you haven’t seen before, like the ones starting with «User Account Control» under \Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.

If you feel the urge to centralize the enforcement for all those policies on your Server 2003 R2 based domain GPMC, and before you waste your time trying, you may be interested in this:

You can’t.