What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Jesper's Blog

Obligatory file photo:

 Welcome to Jesper Johansson's blog. This is my home for pontification on the web. In case this is your first time here, I have been working on information security for about 20 years, and have been writing and speaking on the topic for about 10. I am also a Microsoft MVP in Windows Security.
My most recent book is the Windows Server 2008 Security Resource Kit . Because I am also a scuba instructor you may find some posts related to that topic as well.  Just because it took me so long to get it, I also like to say that I have a Ph.D. in Management Information Systems from the University of Minnesota.


Kip Hawley: "No, the TSA is Necessary Because This is War!"December 24 2008

CBS News did a story a few days ago on the Transportation Security Administration (TSA). Basically it was a tit-for-tat between Bruce Schneier, security pontificator extraordinaire, and Kip Hawley, the administrator of the TSA. Mr. Hawley's maintans that the TSA provides a necessary service because we are at war, and the obvious battleground, apparently, is airplanes. Surely, we must all realize that just because the terrorists used airplanes once, they can't possibly have enough imagination to go for another target next time. Mr. Schneier, wisely, disagrees, points out all the flaws in what the TSA does, and calls the whole thing "Security Theater;" a term whose origins are not entirely undisputed, but that is beside the point.

The interesting thing with this story is that neither of Messrs. Schneier and Hawley were quoted as addressing the currently most glaring flaw in the entire air transportation security apparatus. If one of our enemies actually wanted to terrorize the populace, why take on the risk of blowing up another plane? Just for fun, head on down to your local airport this week. Walk into the terminal area and take a look at the security line. At Dulles (IAD), Los Angeles (LAX), Chicago (ORD), Denver (DEN), Atlanta (ATL), John F. Kennedy (JFK), etc, the picture is the same. There will, at any given

You need to manually undo your MS08-078 mitigationsDecember 18 2008

Just as an FYI, for those of you that used Microsoft's recommended mitigations for MS08-078. If you unregistered the MSXML Island object you need to manually re-create the registry entries after you install the patch to restore the functionality. The patch does not re-create the registry entries. Unfortunately, it appears Microsoft removed the actual registry entries from the bulletin and removed the work-around information from the advisory altogether, so unless you created a backup copy, you will need to look at an untouched system to find out what the registry entry was.

Or, you can just copy this into a text file called “WhyDidTheyRemoveTheInformationINeed.reg” and double-click it:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
@="MsxmlIsland"

 [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]
"ThreadingModel"="Apartment"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]
@="{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}"







You need to manually undo your MS08-078 mitigationsDecember 18 2008

Just as an FYI, for those of you that used Microsoft's recommended mitigations for MS08-078. If you unregistered the MSXML Island object you need to manually re-create the registry entries after you install the patch to restore the functionality. The patch does not re-create the registry entries. Unfortunately, it appears Microsoft removed the actual registry entries from the bulletin and removed the work-around information from the advisory altogether, so unless you created a backup copy, you will need to look at an untouched system to find out what the registry entry was.

Or, you can just copy this into a text file called “WhyDidTheyRemoveTheInformationINeed.reg” and double-click it:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}]
@="MsxmlIsland"

 [HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InProcServer32]
"ThreadingModel"="Apartment"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\TypeLib]
@="{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}"







Lock your USB TokenDecember 16 2008

Recently, Lev Bolotin of Clevx gave me a production sample of a USB token with a keypad on it. It's a pretty neat idea for certain uses. My immediate thought went to BitLocker in Windows Vista. You can store the BitLocker key on a USB stick, but you cannot prevent anyone who gets their hands on the USB stick from stealing the key. Nor can you require a PIN and the USB stick to unlock your drive. With Lev's stick, however, you can put a PIN on the USB stick itself. Unless you enter the PIN on the device before sticking it into the computer the stick won't give up the BitLocker key. In other words, you finally get the option for both a USB stick and a PIN to unlock your BitLocker volumes. 

I also like IronKey as a safe and secure USB stick. IronKey also permits multiple volumes, something that Clevx' technology currently does not have. In other words, IronKey lets you have one encrypted volume and one unencrypted one, both on the same stick. However, IronKey requires software installed on your computer to access the encrypted volume. This precludes its use to provide a second factor for BitLocker because the BitLocker key has to be available prior to booting the operating system, and IronKey's software cannot run unless the operating system is running. If you put your BitLocker key

Lock your USB TokenDecember 16 2008

Recently, Lev Bolotin of Clevx gave me a production sample of a USB token with a keypad on it. It's a pretty neat idea for certain uses. My immediate thought went to BitLocker in Windows Vista. You can store the BitLocker key on a USB stick, but you cannot prevent anyone who gets their hands on the USB stick from stealing the key. Nor can you require a PIN and the USB stick to unlock your drive. With Lev's stick, however, you can put a PIN on the USB stick itself. Unless you enter the PIN on the device before sticking it into the computer the stick won't give up the BitLocker key. In other words, you finally get the option for both a USB stick and a PIN to unlock your BitLocker volumes. 

I also like IronKey as a safe and secure USB stick. IronKey also permits multiple volumes, something that Clevx' technology currently does not have. In other words, IronKey lets you have one encrypted volume and one unencrypted one, both on the same stick. However, IronKey requires software installed on your computer to access the encrypted volume. This precludes its use to provide a second factor for BitLocker because the BitLocker key has to be available prior to booting the operating system, and IronKey's software cannot run unless the operating system is running. If you put your BitLocker key