I have been involved with the Society of Information Risk Analysts from almost the very beginning. I think Jay, Chris, and Alex had the idea and I jumped on board a few days later. It is a fantastic organization that has a very active and lively mail list.

The home page for SIRA is here. "Membership" is free and mainly consists of signing up for the mail list and requesting an account on the website.

Anyhoo. We are having our very first conference. It will be the day before Secure360, i.e. May 7th, and it is going to be a day of awesomeness for those who live and breathe risk analysis and risk management or for those who want to know more.

Go here for more details: SIRACon

Feel free to contact me with questions or post them in the comments.

-Kevin

For some time, there has been a bug in the cryptroot script that makes it odd when you enter your passphrase. Some, including me, have also found it kind of annoying that you have to press the F8 key to get to the console to enter your passphrase.

I have updated the how-to with the fix for the cryptroot bug and with instructions on how to remove the splash screen and boot straight to console mode.

Many thanks for James and Greg for figuring out how to so this.

Included below are the instructions which were added to the blog post. These steps can also be taken to correct an already built Backtrack USB drive. Simply boot the drive and follow the instructions below.

-Kevin

Fixing the Passphrase Entry Bug

When we boot our USB drive, it will appear to be stuck on the splash screen. What is actually happening is that the system is waiting on us to enter our luks password. We have two choices for doing so.

The first is to just type it in when we see the splash screen. This works as long as we have waited long enough for the system to be ready for us. However, it's kind of hard to tell what's going on.

The second option is to press the F8 key which takes us to the console. There we will see the system waiting for us to enter our passphrase and this is where this odd bug shows up.

Initially, it will look like 4 characters have already been entered. They haven't been, but that's what it looks like. Then, every type we press a key, it will reprint the line asking us to enter our passphrase. It is actually taking the input correctly, but, man, it's annoying

We can fix that. Greg M and James had a conversation in the comments about this topic and found the resources needed to fix it. James was kind enough to send me the changes that need to be made.

As mentioned, the problem is with the cryptroot script. This script is the script that requests our passphrase and mounts the encrypted volume. Kind of important stuff.

Greg and James used a patch file found in this post in the Backtrack Linux forums. Below I have included the actual changes to be made. Alternatively, you can use a patch file. The commands to perform the patch are as follows. BTW - that's a zero in the patch command.

Warning: You can make your system unbootable if the cryptroot script gets corrupted.

cd ~

wget http://www.infosecramblings.com/cryptroot.patch

patch -u /usr/share/initramfs-tools/scripts/local-top/cryptroot ./cryptroot-patch

If you prefer to do it the manual way, open the file /usr/share/initramfs-tools/scripts/local-top/cryptroot in your favorite editor. Go to line 275. You should see the following:

# Try to get a satisfactory password $crypttries times
 	count=0
 	while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Add the following line right after 'count=0'

echo "Unlocking the disk $cryptsource ($crypttarget)"

The section should now look like this:

count=0
echo "Unlocking the disk $cryptsource ($crypttarget)"
while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Next, skip down to line 291 and you'll see a the following:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

Replace the middle line, the one that starts with cryptkey, with:

cryptkey="Enter passphrase: "

so that it now looks like this:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Enter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

That's it. Save the file and we are ready to rebuild initrd. To do that, execute the following command.

update-initramfs -u

Now, if having to press the F8 key at boot bugs you, you can change the boot sequence to go directly to the console.

Warning: You can make your system unbootable playing around in here

To make the system boot to the console, edit the /boot/grub/grub.cfg file, search for the word 'splash', without the quotes, and delete the word  splash and only that word. The line will end up looking like this:

linux /vmliunx-3.2.6 root=/dev/mapper/vg-root ro text vga=791

If all goes well, you are now ready to cross your fingers and reboot.

Stanford, and other colleges, have started offering some courses online for free. You can see one such portal here. I have started one and a couple others are starting soon. Very good stuff.

Anywho, Several of us were talking on Twitter this morning about a couple of them and the following exchange occurred.

That got me to thinking a little bit about guessing and keeping quiet.

How often in our efforts as security professionals do we guess we know something and don't ask a question?

How often do we assume somebody else knows something and don't offer a comment or provide information?

I know that I have been guilty of both on more occasions than I can count and will be guilty of both many more times in the future.

However, I'm going to work on getting better. Like my tweet above says, it's better to know than to guess.

Which brings up another point. Please folks, don't get offended or snotty when somebody tells you something you already know. That's just rude, particularly, when they have your best interests in mind.

What do you think?

-Kevin

Hey folks.

Two updates in one day.

The PDF of the how-to is now available. You can find it here.

-Kevin

Just a quick note to let everybody know that I have confirmed that the Backtrack 5 "Full Disk" Encryption How-to works just fine with the R2 release. However, I did update the how-to with a couple changes:

• lvm2 is now part of the ISO in the R2 release. That means we no longer have to use apt-get to install it. However, we still need to install hashalot, so it doesn't save us a step.
• Added a note at the end about using dd to backup your install per a very good suggestion by Richard in comment 241.

As I was updating the how-to, WordPress helpfully removed most of my formatting. Ugh. I think I have things at least readable and usable at this point. I will be going back and cleaning up more this weekend.

If you notice any problems, please let me know.

-Kevin

Hi folks. Just a quick note to let you all know that I am moderating a session at RSA next week. The title is Cloudy with a Chance of Risk.

From the catalog:

Cloud computing brings with it a need to modify our risk assessment and risk management efforts to incorporate the somewhat unique challenges that a distributed, scalable, location independent architecture brings. This session will explore real world instances of how individuals are addressing this complex issue, resulting in some pragmatic steps that can be used in the real world.

The session is on Wednesday, the 29th at 1:00 in room 111.

I will be spending my time wandering between RSA, SecurityBsides and the hallways. Look me up if you want to chat. The best way to reach me is via twitter using my @kriggins account. Yes, it's protected so you will have to follow me if you want to see any responses to meet-up queries

I look forward to connecting with friends and making new ones.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. "This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects. "
   Smartphone Secure Development Guidelines -- ENISA
   Tags: ( appsec guide enisa smartphone)
2. A reverse engineering challenge for you.
   AthCon 2012
   Tags: ( challenge reverse-engineering)
3. Very cool.
   TaoSecurity: Dustin Webber Creates Network Security Monitoring with Siri
   Tags: ( siri network-security)
4. Tom's excellent guide to Facebook's privacy and security settings has gotten an update. Go use it.
   Social Media Security >> Facebook Privacy & Security Guide Updated to v3.0
   Tags: ( facebook privacy)
5. Richard points out this report which you really ought to read. Good stuff in there.
   TaoSecurity: Thoughts on 2011 ONCIX Report
   Tags: ( issb report)
6. Wow. This is pretty amazing. Fraudsters used cell phone number porting to steal money.
   Fraudsters beat two-factor authentication, steal $45k
   Tags: ( multi-factor sms fraud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. Dave speaks truth here. You should read and take to heart what he says.
   ShackF00 >> Doom, Gloom, and Infosec
   Tags: ( general career)
2. This is a very nicely penned perspective on risk analysis, threat centricity and the impact that not knowing what your assets are and what they are worth has on your risk assessment processes.
   Assets, Black Swans, and Threat-Centrism - The Falcon's View
   Tags: ( risk )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin