Domain: lazybit.com
Stories and comments across the archive that link to lazybit.com.
Comments · 19
-
Re:Point Roberts
According to the spec, the SIM card has several files that contain information about the networks the phone is allowed or disallowed to connect to. These files are EF PLMN and EF FPLMN, they can be edited if you have PIN1. They're present in both, 2G SIM and 3G USIM cards. For more details, see section 10.2.16 EF FPLMN (Forbidden PLMNs) of the corresponding ETSI standard.
This article on PLMN management describes how they can be updated.
Even though this problem has been resolved a long time ago, in my practice I have not encountered a phone that would offer an interface for editing these settings. So you need to do this with a smart card reader and software that knows which APDU commands to send to the card to make the necessary changes.
-
Re:Alt approach
There is, take a look at Keeper:
http://lazybit.com/index.php/2009/08/13/keeper-4-0-previewHere are the current binaries:
http://dl.dropbox.com/u/3258602/DK-release/Keeper-dusk-x64.zip
http://dl.dropbox.com/u/3258602/DK-release/keeper-dusk-x86.zip
http://dl.dropbox.com/u/3258602/DKbeta/Keeper-mac.zipI can give you (or anyone else who gives it a try and provides some feedback) a free license, if you like it.
-
Re:Awesome
This is not possible because the card contains secret keys that are used when the phone registers on the network and authenticates itself.
These keys cannot be read, think of them as private members of a class - they can be accessed by the class itself (i.e. the SIM), but they are not seen on the outside.
The difference is that smart cards (a SIM card is a smart card with a file system that contains data specified in a standard, such as GSM 11.11) are designed to be tamper proof, so reverse engineering them and viewing the raw data (i.e. the secret key) is not practical.
When the phone connects to the network, the network says "encrypt this data with your key", there is some public function inside th card that takes the data and returns the encrypted value - which is then sent back to the network. Thus you can take part in challenge-response schemes, while the key is safely kept inside the card.
This article provides a high-level overview of why that is not possible:
http://www.lazybit.com/index.php/2009/10/05/how-to-clone-a-sim-card-not?blog=2 -
False sense of security
I have taken to using the on-screen keyboard so that I can enter with mouseclicks rather than keypresses if I'm on an untrusted machine, but other than that I can't do much else.
A mini-remark: typing stuff on an on-screen keyboard will not help you.
Of course, it depends on the type of keyboard you are using and on the platform, but for instance - Windows' osk.exe (the default one) works by sending WM_KEYUP and WM_KEYDOWN messages to an input window.
A keylogger that uses hooks to watch messages sent to that window will still see the keystrokes.
You can try this hint: http://www.lazybit.com/index.php/a/2007/03/01/free_keylogger_protection It will confuse the person who reads the log, but it makes the data entry procedure much longer and error-prone.
p.s. keystrokes typed inside a virtual machine can also be grabbed, as the host OS "sees" them first, and that's where the keylogger is.
-
Re:Antivirus Design Flaw
* You could have done "fdisk
/mbr" or "fixmbr" (as of Win XP) for free.
* Some antivirus software comes with bootable CDs; I once used such a live CD from Kaspersky, it boots into a flavour of Linux, has a Windows-like GUI, understands NTFS volumes, connects to the Internet to retrieve the latest updates.Of course, I believe common sense is the best antivirus: http://www.lazybit.com/index.php/2007/08/05/why_i_dont_use_an_antivirus?blog=2
-
Re:Some security advice is not rational
It wouldn't: http://www.lazybit.com/index.php/2007/03/01/keylogger_virtual_keyboard_vmware?blog=2
On Windows, an on-screen keyboard that is designed to be a replacement for a typical keyboard must use WM_KEYDOWN and WM_KEYUP messages - otherwise it won't be able to interact with some programs. This is why a software keylogger will "see" these keystrokes anyway.
But you can try a couple of tricks: http://www.lazybit.com/index.php/2007/03/01/free_keylogger_protection?blog=2
-
Re:Some security advice is not rational
It wouldn't: http://www.lazybit.com/index.php/2007/03/01/keylogger_virtual_keyboard_vmware?blog=2
On Windows, an on-screen keyboard that is designed to be a replacement for a typical keyboard must use WM_KEYDOWN and WM_KEYUP messages - otherwise it won't be able to interact with some programs. This is why a software keylogger will "see" these keystrokes anyway.
But you can try a couple of tricks: http://www.lazybit.com/index.php/2007/03/01/free_keylogger_protection?blog=2
-
Re:OOh
That is a good question, and in my case things usually go this way:
- I choose programs that store their data inside
.ini or .conf files in their own directory - I backup the program's registry keys (after finding out which ones they are, using a tool like RegMon)
- Other times the program will just re-create its own data in the registry if it can't find it. If those data are nothing critical - I just let it be. The cost of clicking a few checkboxes in a GUI is less than that of installing one OS on top of the other and letting the cruft pile up
One more detail - ever since I moved to Windows 2000, I rarely had to reinstall my OS. From my last two Windows machines, one worked for about 4 years (until I sold it), and the other one continues to work to this day (an XP laptop, at least 3 years old).
My trick is to disable the Windows update feature and not click anything stupid; I don't even use an antivirus. Today the system is as snappy as it was on day one.
- I choose programs that store their data inside
-
Turn off different modules and find the culprit
Take a look at this tutorial: http://www.lazybit.com/index.php/2008/02/22/fix_blue_screen_death_strategy_part_two?blog=2
Although it originally deals with blue screens, you can use the same strategy to narrow the problem down to a particular process or driver.
Other posters' suggestions about using Process Monitor and Process Explorer are good ones, but they fail to take into account that these tools only show processes running in user mode. If the slow-down is caused by a driver that runs in kernel mode, then you will have to turn off some drivers, reboot - and see the effect.
Note that even if a driver is not loaded automatically when the system boots, it can be loaded later by a user mode process.
-
Re:Use Microsofts On Screen Accessibility Keyboard
-
Re:Does cloicking on the onscreen keyboard get log
The on-screen keyboard is designed for accessibility, not security. It can be easily defeated not only by a screenshot-taking keylogger, but by any keylogger; the article explains why.
False sense of security can be dangerous. -
Re:On Screen Keyboard
This article explains why the on-screen keyboard is not secure, it also explains why typing stuff inside a virtual machine isn't secure either.
-
Re:I don't type
Because one who watches WM_KEY* messages can see everything.
-
Re:Phone?So there is no benefit from that method of defense. FWIW, it was an off the shelf program, nothing elaborate or difficult to find. Why not? The "keys" part is missing; sure, you can figure out the user did something, and that the desired information is in [Word, Document1], but this still doesn't give them the key.
Also, there is another method which is a bit similar, and also interesting: how to defeat a keylogger. -
Alternative approach using AES-256
Although AES-256 is not a hashing algorithm, I've seen it applied in hashing. Since it is a block cipher, when you encrypt a file, at the last iteration you have a chunk of 256 bits, which is used as a digest. If you change anything in the file, the change will propagate to other blocks (if encryption is done in CBC mode), so the last block (i.e. digest) will be different.
-
Re:Aside
And in my experience, there is no need to have an antivirus at all. Even though I have ClamWin and a script that updates its definitions every day automatically - I never actually scan anything.
Life with Windows without an antivirus is possible. -
Re:Why are you proud of not protecting yourselves?
I disagree with your statement, because the analogies, in my opinion, are not good. Not having an antivirus does not mean that you are not protected. If you can figure out which files not to run - the knowledge that helps you figure that out is your protection.
The problem is that this can't work for everyone, as this knowledge is harvested (you have to experiment, discuss security topics, read articles, etc) throughout the years. A typical slashdotter may survive without an antivirus, but a "simple human being" is likely to become a victim in no time.
Here is why I don't use an antivirus. It is interesting that my dad's computer, which runs Windows without an antivirus or antispyware is pretty reliable and there is no trace of malware on it. I conclude that a carefully configured firewall (besides some Windows components, only the browser (Opera), the IM client and the email client are allowed to make connections to the internet, other applications are silently rejected by default) can be quite effective, as long as some basic guidelines are respected. -
Users should manage their own white-lists
I'd be annoyed if I had to re-certify it every time I refactor something or fix some obscure bug.
Not if you can manipulate your white-list on your own. In fact, until I started reading the comments, I never thought about letting an antivirus-vendor do it.
What if I like reverse-engineering malware? What if I write my own code? What if I don't want to trust programs trusted by other people?
White-listing must be in the hands of the individual. You might be interested in this - Disk Firewall with application verification. It does not control the whole OS, but with this tool you can protect your sensitive data from being accessed by malware.
I think this can has a similarity with SELinux - you define which programs are allowed to use certain resources, and everything else is prohibited for them. -
Is SIM cloning possible for usual folk?
If this material about SIM card cloning is true, then how would it be possible to clone the card? Unless of course the person who did it is either a T-Mobile employee or somebody who has illegally obtained the card's transport key?