You can have a hidden encrypted disk inside another one. If pressed for the password, you simply give the password to the first volume, in which you've placed personal, but innocuous files (your budget, your tax returns, etc).
The second, hidden volume contains whatever you really want to protect, but there is no way to know whether or not a hidden volume exists within an encrypted volume.
People need to stop letting the governments erode all of our personal freedoms in the name of security; most of these new laws do nothing for real security.
Windows makes it difficult to run as "standard user" (SU). The RunAs command is badly implemented and difficult to understand even for expert users.
Installations nearly all fail when run from SU accounts, where as on Linux or Mac OS X, a dialog prompting you for the admin password appears.
Installing software as Admin often results in the software not working for all the SU accounts. You have to go around the folders and registry to grant appropriate permissions... That's way too difficult for just about everyone.
There's a ton of software out there that's never been tested under anything but an Admin account. Users want security, but my experience is that as soon as inconvenience rears its head, they go right back to running as Admin.
The most workable solution I've found is to run as Admin, but to run "sensitive" apps with reduced rights. There's a small utility called "DropMyRights" that allows you to remove Admin rights when launching a process. Modify all shortcuts (or use the shell extension) to launch MSIE, Outlook, etc. with SU rights and you get the best of both worlds.
Basically, you get a reverse "sudo". Unfortunately, it only works on XP/Win2003 (it uses the new SAFER API) and it requires *some* user education. The good part is I haven't had anyone who've I've setup that way go back to not using it, since there is practically no inconvenience for the user.
The other issue for Windows is all those services running as LocalSystem. Exploiting a buffer overflow in just about any listening window service basically hands you the machine on a silver platter. Why Microsoft can't figure this out is beyond me.
They're probably victim of their stupid "integration" mania where every part of the OS has to plug in with everything else. Trying to run IIS as a limited user is a nightmare... Installing Apache under a limited account can be done in about 15 minutes...
If he becomes infected with a virus or a trojan that transforms his PC in a spam zombie, he then becomes a threat/nuisance/liability to others.
He might not care if he's infected with a bunch of crapware, but if his PC gets zombified and participates in criminal activities, he might object to that.
At least make sure he doesn't run MSIE as an Administrator on his PC.
(If possible, compile your own version from the source a user posted in the comments; you'll get a little 1.5k app that supports arguments, instead of the bloated half-broken app the Microserf made available...)
It's not perfect, but I've seen a net drop of spyware and crapware on machines where I've installed it to launch everything that connects to the net.
Make sure to replace the direct access icon to MSIE on the desktop with a DropMyRights-ed ordinary shortcut. Only "Windows Updates" needs MSIE with admin rights. Also remember to modify whatever launches at Windows startup to run with reduced rights.
Final tip: rename it to something short (I use "safe.exe" and place it in the path, it makes modifying shortcuts a whole lot easier.
Show the user how to modify his own shortcuts so that he can reduce the rights of whatever he downloads before launching it for the first time...
slashdot_ __________________________ Frist suggestion! Linux rules Windows sucks News from soviet Russia Profits in 4 easy steps Welcoming new overlords New pr0n
What is the failure mode for a collapsed fusuion capable magnetic field?
Leaves a burn on the rug.
Please stop waiting for fusion power to be our friend.
Who said anything about being friend? We master, fusion slave.
Try going back to the 50's and early 60's
Because, as we all know, science has not advanced one iota since then.
...we are looking at 'new and improved' fusion.
Well, we never had "fusion" as a viable power source (if you discount the sun, of course). You might want to lookup "fission" and then "fusion". Think of it as splitting the atom vs. merging the atoms... fusion gives you a lot more power and a lot less waste. Once we get fusion (if we ever do) fission will go the way of the steam engine and horse drawn cart.
No problem. Diebold has agreed to supply all students with new "counting-machines" based on their highly precise voting machines.
To ensure success next year, they've also volunteered to tabulate the scores from all countries.
So don't worry, starting next year, the US should occupy the top three positions, followed by its closest allies. France, China and Russia will be lucky if they make it in front of Iraq.
With it, I can let my family and friends run Windows as Administrator (since it's such a hassle to run as a "standard user" that they always end up coming back to admin within a few days...) but configure their shortcuts to start internet apps with "standard user" privileges.
Basically, instead of running limited and "RunAs-ing" to admin when needed (which is badly implemented in Windows), you run as Admin but drop rights when starting some apps. Kind of back-assward, but still better than using MSIE/OE as Admin.
I've been trying it out since yesterday and it works pretty well.
As a simple test, try to save something from the browser in the %SYSTEMDIR% folder. Or use Process Explorer from SysInternals and check out the Security Tab for the processes.
>The first polygrapher also berated me for being vegan.
What's your beef? He was simply trying to get to the meat of the matter. Don't make poultry excuses, these are very im-pork-tant issues. He probably just smelled something fishy about you.
> The polygrapher wasn't really interested...
You misspelled "charlatan"...
Ah, Grasshopper,
You're comparing 120 millions to what *you* have now...
Instead, compare it to the 50 billions *Gates* has now.
Therein lies the source of the river.
You don't need any "vulnerability information" to write an exploit. The best source of info is to compare the patched code to the previous code and then, using various tools, see what has changed and how.
Then you figure out the problem in the "before" code and find a way to exploit it. The patched code itself is a lot more useful than any description.
Slashdot Mirror
...that were not as knowledge as possible and ignored the advice of those that were as knowledge as possible.
Next time, you might want to run your review by someone who is as grammar as possible.
"dim employees() as integer" just looks goofy.
Hmmm... we have a lot of dim employees at my place; maybe we should give VB a look.
See: http://www.truecrypt.org/hiddenvolume.php
You can have a hidden encrypted disk inside another one. If pressed for the password, you simply give the password to the first volume, in which you've placed personal, but innocuous files (your budget, your tax returns, etc).
The second, hidden volume contains whatever you really want to protect, but there is no way to know whether or not a hidden volume exists within an encrypted volume.
People need to stop letting the governments erode all of our personal freedoms in the name of security; most of these new laws do nothing for real security.
Windows makes it difficult to run as "standard user" (SU). The RunAs command is badly implemented and difficult to understand even for expert users.
Installations nearly all fail when run from SU accounts, where as on Linux or Mac OS X, a dialog prompting you for the admin password appears.
Installing software as Admin often results in the software not working for all the SU accounts. You have to go around the folders and registry to grant appropriate permissions... That's way too difficult for just about everyone.
There's a ton of software out there that's never been tested under anything but an Admin account. Users want security, but my experience is that as soon as inconvenience rears its head, they go right back to running as Admin.
The most workable solution I've found is to run as Admin, but to run "sensitive" apps with reduced rights. There's a small utility called "DropMyRights" that allows you to remove Admin rights when launching a process. Modify all shortcuts (or use the shell extension) to launch MSIE, Outlook, etc. with SU rights and you get the best of both worlds.
Basically, you get a reverse "sudo". Unfortunately, it only works on XP/Win2003 (it uses the new SAFER API) and it requires *some* user education. The good part is I haven't had anyone who've I've setup that way go back to not using it, since there is practically no inconvenience for the user.
The other issue for Windows is all those services running as LocalSystem. Exploiting a buffer overflow in just about any listening window service basically hands you the machine on a silver platter. Why Microsoft can't figure this out is beyond me.
They're probably victim of their stupid "integration" mania where every part of the OS has to plug in with everything else. Trying to run IIS as a limited user is a nightmare... Installing Apache under a limited account can be done in about 15 minutes...
If IBM does open it up, do we have to start calling it OS/GNU or something?
...no, really, NOTHING TO SEE here.
The WHAT-WG is more than a working group now. I fact, they're an actual task force!
Let's hear it for the WHAT-TF
If he becomes infected with a virus or a trojan that transforms his PC in a spam zombie, he then becomes a threat/nuisance/liability to others.
He might not care if he's infected with a bunch of crapware, but if his PC gets zombified and participates in criminal activities, he might object to that.
At least make sure he doesn't run MSIE as an Administrator on his PC.
Use the "DropMyRights" app from here: http://blogs.msdn.com/michael_howard/archive/2004/ 11/18/266033.aspx/ to run internet apps as "normal user".
(If possible, compile your own version from the source a user posted in the comments; you'll get a little 1.5k app that supports arguments, instead of the bloated half-broken app the Microserf made available...)
It's not perfect, but I've seen a net drop of spyware and crapware on machines where I've installed it to launch everything that connects to the net.
Make sure to replace the direct access icon to MSIE on the desktop with a DropMyRights-ed ordinary shortcut. Only "Windows Updates" needs MSIE with admin rights. Also remember to modify whatever launches at Windows startup to run with reduced rights.
Final tip: rename it to something short (I use "safe.exe" and place it in the path, it makes modifying shortcuts a whole lot easier.
Show the user how to modify his own shortcuts so that he can reduce the rights of whatever he downloads before launching it for the first time...
The competition is toast!
Looks pretty accurate to me!
What is the failure mode for a collapsed fusuion capable magnetic field?
...we are looking at 'new and improved' fusion.
Leaves a burn on the rug.
Please stop waiting for fusion power to be our friend.
Who said anything about being friend? We master, fusion slave.
Try going back to the 50's and early 60's
Because, as we all know, science has not advanced one iota since then.
Well, we never had "fusion" as a viable power source (if you discount the sun, of course). You might want to lookup "fission" and then "fusion". Think of it as splitting the atom vs. merging the atoms... fusion gives you a lot more power and a lot less waste. Once we get fusion (if we ever do) fission will go the way of the steam engine and horse drawn cart.
No problem. Diebold has agreed to supply all students with new "counting-machines" based on their highly precise voting machines.
To ensure success next year, they've also volunteered to tabulate the scores from all countries.
So don't worry, starting next year, the US should occupy the top three positions, followed by its closest allies. France, China and Russia will be lucky if they make it in front of Iraq.
The correct way to refer to Red Hat's offering is, of course: Red Hat's GNU/Linux.
At least, that's what I hurd.
Could he be the same guy who wrote Microsoft's robust security features?
Wake me up when Jupiter passes in front of our moon.
Well, this is Microsoft we're talking about. A Service Pack without bugs wouldn't really be a Microsoft Service Pack now would it?
But seriously, the Service Pack situation with NT4 was pretty disastrous. SP4 did some funky stuff with the SAM that couldn't be rolled back, etc.
We haven't seen similar problems with Windows 2000 (yet). But since they're won't be any more SPs, I guess they nailed it for that version.
...astroturfers are hired to log onto Slashdot to change our opinion.
Some people get paid to post here? I gotta get me some of that!
A Service Pack includes all previous Service Packs. A rollup does not.
So the procedure to install 2000 will be: Win2000, SP4, Rollup, recent patches.
In this column: http://msdn.microsoft.com/security/securecode/colu mns/default.aspx?pull=/library/en-us/dncode/html/s ecure11152004.asp/
Micheal Howard presents a small utility that can be used to launch applications with reduced permissions.
With it, I can let my family and friends run Windows as Administrator (since it's such a hassle to run as a "standard user" that they always end up coming back to admin within a few days...) but configure their shortcuts to start internet apps with "standard user" privileges.
Basically, instead of running limited and "RunAs-ing" to admin when needed (which is badly implemented in Windows), you run as Admin but drop rights when starting some apps. Kind of back-assward, but still better than using MSIE/OE as Admin.
I've been trying it out since yesterday and it works pretty well.
As a simple test, try to save something from the browser in the %SYSTEMDIR% folder. Or use Process Explorer from SysInternals and check out the Security Tab for the processes.
...inbredzforkerry.com taken?
>The first polygrapher also berated me for being vegan. What's your beef? He was simply trying to get to the meat of the matter. Don't make poultry excuses, these are very im-pork-tant issues. He probably just smelled something fishy about you. > The polygrapher wasn't really interested... You misspelled "charlatan"...
Actually, there called "mothers" and they're a much larger group than previously thought.
Ah, Grasshopper, You're comparing 120 millions to what *you* have now... Instead, compare it to the 50 billions *Gates* has now. Therein lies the source of the river.
You don't need any "vulnerability information" to write an exploit. The best source of info is to compare the patched code to the previous code and then, using various tools, see what has changed and how. Then you figure out the problem in the "before" code and find a way to exploit it. The patched code itself is a lot more useful than any description.