Is Weakness a Vulnerability?

No, according to Microsoft.

BitLocker Drive Encryption is full disk encryption solution introduced by Microsoft since Vista (Ultimate and Enterprise edition) and with the enhancement in Windows 7. A lot of people do notice that full disk encryption isn't the panacea for data loss prevention.

Thus, in Windows 7, Microsoft takes it to the next level to protect your data - even on removable drive.

BitLocker-to-Go is a new feature available in Windows 7 (Ultimate and Enterprise edition only). It extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to all removable drives before being able to write to them.

Does BitLocker in Windows 7 seems perfect? No, not yet.

Based on testing, first you need to have TPM before you can use BitLocker. In Windows 7, BitLocker allows you to protect the hard disk and removable drive (USB connection). But it still miss out the floppy drive and CD-R/CD-RW/DVD-R/DVD-RW.

This isn't a vulnerability. It is a design.

"The requested operation requires elevation."

Ever since Vista introduces UAC (User Account Control), it becomes an issue whenever you need to execute command and script at command prompt.

Here's the message you get and it means you hit UAC when you execute command.

"The requested operation requires elevation."

You have 3 options:

• Turn off UAC (bad idea).
• From "Start" menu, follow "All Programs", "Accessories"; right-click "Command Prompt", select "Run as administrator".
• Use the shortcut below:

Goto “Start” and enter “cmd” into the search field.

Do not just hit enter. Hold CTRL + Shift and hit Enter!

This works on Windows 7 too!

Split-Tunnel VPN

A lot of time, we work-from-home (WFH). To work, we need to setup a VPN tunnel back to office network, to read email for instance. Once the VPN connected, you loss all the direct connections to Internet: to download torrent, skype, IM, etc.

This technique is called "split-tunneling VPN". It allows you to connect to office network via VPN and Internet directly. Split-tunneling configures the VPN connection so that only traffic headed to computers on the office network is sent through the VPN connection; other traffic goes out through your home router.

Follow these steps to set up a VPN connection in Windows XP/Vista/7 that uses split tunneling:

• Setup your VPN connection using the instruction from your corporate standard.
• Right-click the VPN connection and select "Properties."
• Select the "Networking" tab.
• Highlight "Internet Protocol Version 4 (TCP/IP v4)."
• Click "Properties"
• Click "Advanced"
• Uncheck the "Use default gateway on remote network" box. (This is turned on by default)
• Click "OK" few times to close the windows you opened.

From that point forward, only traffic destined for your corporate network will be sent through the VPN. All other traffic will use the local network.

Note: If your corporate network contain other internal subnets, you will need to add static routes for that manually.

Update: see the enhancement example.

IBM ThinkPad BIOS Password Recovery

This is a short article to show you how to recover your old password at IBM ThinkPad supervisor password. IBM claimed their TP BIOS passwords are impossible to break. Here is an easy and cheap way to break it. The stuff you need costs about $5 and a spare PC with a serial port.

>>>> Hacking IBM Thinkpad Bios Password

Mastering The Metasploit Framework

Offensive Security launches a free online Metasploit Framework training. It definitely worth checking it out. Enjoy!