Tag Archives: Rants/Humor/Satire

Bitlocker is a Sleeping Cryptolocker Virus

This is a sincere warning for anyone purchasing a laptop with Windows 10, Bitlocker, and/or the Trusted Platform Module (TPM). As of yet I’m not sure which part of this is the culprit, but there is something severely defective with this hardware/software combination on some laptops, which will turn a dormant/disabled Bitlocker security feature into an active/enabled Cryptolocker virus.

A Cryptolocker virus is something that encrypts all the files on your hard drive without your permission. Once encrypted, the files are basically impossible to recover.

I seriously can’t believe this happened!

I purchased three Dell Latitude 7480 laptops, both with the same specs. All three laptops were prepared by me and then sent to users in the field, like always.

Two of those laptops remain fine (I’m crossing my fingers still), but one of them decided to go into Bitlocker Recovery mode on startup for some reason, even though we never enabled this feature or received a Bitlocker Recovery key from Dell.

There is absolutely no way around it. Bitlocker without a recovery key, stuck at the Bitlocker Recovery screen, is essentially a Cryptolocker virus. It’s the same EXACT thing.

Keep in mind that I absolutely despise drive encryption for our company laptops because we have nothing that important to encrypt and it only causes issues like this. I never enabled or configured Bitlocker on any of these laptops.

In fact, every time I purchase laptops from Dell – and I’ve purchased at least 200 so far – I specifically choose no Dell Data Protection (DDPE), no Trusted Platform Module (TPM), no Bitlocker, and no full drive encryption. We don’t want or need those features, they are a burden to us.

Needless to say, the user was surprised to see one morning when he turned on his brand new Dell Latitude 7480, a Bitlocker Recovery screen was prompting for some kind of key which he did not have. This user contacted me for the key, which I did not have either. I can only assume this is some kind of defect in Windows or with the Dell laptop where Bitlocker turned itself on.

So I had the user return his new laptop and pick up his old one.

I contacted Dell a total of three times. The first time they gave me a bunch of options to disable in BIOS, per this article:

http://www.dell.com/support/article/us/en/19/sln304584/bitlocker-asks-for-a-recovery-key-every-boot-on-usb-c—thunderbolt-systems-when-docked-or-undocked?lang=en

None of that advice helped. At this point I needed to recover some of the users work from the drive. Turns out Microsoft OneDrive hadn’t synced his work for a week, so the copies in the cloud were too old. Not knowing much about Bitlocker (I never use it), I decided to pick up an M.2 hard drive adapter and stick the drive into another computer so I could try recovering the data. No dice, a Bitlocker screen popped up asking for that same key.

Stepping out of the official support lanes for a moment, I decided to do some research. It turns out other people are experiencing this problem too, and the “answers/solutions” are a bit unnerving:

BitLocker locked me out on Surface Pro 3; I’ve never set up BitLocker and key is not stored anywhere

Bitlocker Enabled Without Warning, No Recovery Key!

Bitlocker – becoming an irritation

Soooo…the answer is Bitlocker can’t possibly do this? But I should nuke the drive and start over?

On the final call with Dell, they acknowledged that their engineers are looking into a potential issue where automatic updates might be triggering Bitlocker somehow. The only thing they could do is tell me to contact Microsoft and get back to them with an update so they could follow through with replacing the hard drive if necessary.

I have a feeling that a Windows Update changed something on the system like a driver, or the Dell Update Client automatically installed something like a BIOS or TPM update, which triggered Bitlocker to somehow turn on unattended and encrypt the drive.

You have been warned.

There is Something Terribly Wrong With Windows 7 and svchost.exe / wuauserv

I recently purchased six (6) Dell Latitude E7000 series laptops with Windows 7, which are very nice by the way, but they all came fresh from the Dellcrosoft factory with one glaring showstopper. Straight out of the box, you lose about a quarter to half of the performance, operating time and battery life that you paid for as soon as you power them on.

Why’s that you say?

It’s because a core Windows 7 process called svchost.exe eats 25% of the CPU constantly:

You might think “this is a temporary issue, it’ll pass on it’s own”. No it won’t. We’re talking all day, everyday; this thing just keeps going and going. If you check that process with a tool like Process Explorer to see what internal service is chowing down on system resources, 9.5 times out of 10 it is the wuauserv service which is Windows Update.

Continue reading

WP-OAuth Is Not Vulnerable to SpoofedMe Social Login Exploit

The SpoofedMe social login exploit is a known weakness of the OAuth2 “spec”. The OAuth2 spec doesn’t define strict implementation standards, so developers have free reign to come up with some pretty wild implementations, or hack together a few libraries until it works. And that’s where the problem lies. There is no standard. Furthermore, social login is something that is normally built on top of OAuth2, and there’s no standard for that either. Some folks are trying to standardize social login with OpenID Connect (I like to think of this as “OAuth2-Strict”), but until then we will be facing issues like SpoofedMe because developers are not gods.

The SpoofedMe exploit is actually similar to this one, from a Google security advisory earlier this year:

“An attacker could forge an OpenID request that doesn’t ask for the user’s email address, and then insert an unsigned email address into the IDPs response. If the attacker relays this response to a website that doesn’t notice that this attribute is unsigned, the website may be tricked into logging the attacker in to any local account.” –Link

Thankfully, I read the spec and decided not to implement this gaping security hole in WP-OAuth to begin with. Properly identifying users to perform the account match was one of the biggest design challenges that I encountered because not only were there numerous docs and specs to work through, there were a lot of existing implementations that did it wrong. I had to start from scratch.

A Major Google Analytics Problem is Brewing with Referer Spam (Semalt, buttons for website, 7makemoneyonline, darodar), and They’re Doing Nothing About It (TM)

I’ve noticed the same problem that others have been experiencing with Google Analytics lately – an influx of botnet referer spam from domains semalt.combuttons-for-website.com, darodar.com and 7makemoneyonline.com (the list continues to grow), making their way to the top of your “Top Referrals” list. This traffic is throwing off analytics and may have long term SERP implications. From the sound of it, most users are either having a difficult time filtering (excluding) the domains and traffic through Google Analytics, and/or resorting to blocking the domains via their .htaccess file.

This is a public service announcement.

DO NOT USE THE
SEMALT OPT-OUT FORM!!!

Instead, offer them a clue about what orifice they can stuff that form in.

While I’m not the best SEO guy around, I’d have to say this looks like a traffic stealing campaign where somehow, they are using an opt-out form to phish/harvest backlinks and/or SERP rankings from your domain, or upsell you on better analytics software.

Furthermore, it seems that users are being scammed by what I would call social engineering agents who work for Semalt and lurk on public forums to point users towards an opt-out form run by them, effectively phishing users through Google Analytics. You might say that Google Analytics has been compromised. And what better way for Semalt to sell their own analytics software than to game their largest competitor’s software and lure users away from it? Semalt is literally using Google Analytics for free clicks and advertising, completely bypassing Google’s own pay-per-click advertising model. Instead of the phishing scam hitting your email inbox, it’s hitting your analytics report.

Some of the referer URLs contain my own Google Analytics ID. For example – forum.topicXXXXXXX.darodar.com – where XXX is your Google Analytics ID. I’d say they are using a script to iterate through all Google Analytics ID’s starting with 0000000, effectively generating traffic and analytics records for every site on the web that uses Google Analytics. But that’s not all, once you visit that referer URL with your Google Analytics ID in it, you’ve just told the spammers that your Google Analytics account is alive and well. It’s probably the same thing Semalt is doing with their opt-out form.

In doing so, these spammers would have the ability to sway traffic one way or another throughout the entire Google Analytics ecosystem without wasting botnet resources on inactive or retired Google Analytics accounts.

Shouldn’t Google be upset about that? This is not just a new type of spam or black hat SEO, it is a new type of marketing warfare or analytics malware. Continue reading

Google Chrome’s New Bookmark Manager Offers Nothing New For Power Users

It’s November, 2014. Bookmarks look a bit different than yesterday.

“Oh boy”, you might say, “the new Bookmark Manager for Chrome has finally arrived!”

Let’s see what has improved since the “old” version. Clicking the Star (Add to Bookmarks) gives us a new popup:

chrome-bookmarks-1

Ok…let’s navigate into Add to folder. Here’s where things start to get prickly…

Continue reading

Dell: Repeat It Using Phonetics

“Dell Notebook” image courtesy of Break.com

Fun encounter with Dell tech support today. I called in with a service tag and the agent simply stated:

“You have to read it to me using phonetics.”

Woah there buddy, I speak English and if you can’t understand me then perhaps you should read back what I just said to clarify? My brain doesn’t enter military speech very easily; I cannot conjure up alpha bravo charlies at your discretion.

After converting what I could to phonetics, he just said the same thing:

“You have to read it to me using phonetics.”

Now looking like a fool myself, I just hung up on the guy. Dude, I just got Dell’t.

Can We Stop AT&T From Acquiring T-Mobile?

Bell SystemBig news the other day, AT&T is about to acquire T-Mobile. Internet rage ensues. It was only a matter of time before someone started a petition, one of which made it to the front page on reddit.com:

Please sign the petition to actively stop AT&T from becoming a huge monopoly and saving our right to choose

Short history debrief: First AT&T was Ma Bell, then the Federal government broke that up into several companies which created fierce competition in the market. Many of those companies grouped together again under the same umbrella, in one legal way or another. Several years later and the Ma Bell antics are in full swing once again; in 2005 it was announced that Cingular Wireless, a joint venture between AT&T and BellSouth, would be sold under the AT&T name. And now AT&T is after T-Mobile.

If history taught us anything, wasn’t it that we can’t allow corporations to monopolize an entire industry?

AT&T

Continue reading

Board Warriors Tell Us How Great It Is To Be Rich

A long time ago, I created this idea called Verbal Reckoning where I would collect the most absurd claims and arguments from the web and comment on them myself in a thorough, very critical, insulting and sarcastic way…like policing internet trolls (a contradiction in itself). But mostly it was for humor’s sake, entertainment for the soul. This project idea faded quickly as I took interest in other things, but there was one relic from this ancient endeavor which I recently found on my FTP server and still hold close to my heart…

Continue reading