Using ATA Security eXtension BIOS to add hard drive password protection

Most desktop PCs don’t have the ability to set an ATA password in the BIOS, precluding you from enabling the onboard AES-128 encryption in a drive like the Intel 320 SSD.

If you’re willing to hack your BIOS or burn a boot ROM to put in a network card, Arne Fitzenreiter has ATA Security eXtension (ATASX, or ATA SX)–a way for you to add that support to computers that lack it. Read more

Don’t follow Dvorak’s password advice

I mostly agree with Dvorak’s Permanence of Posting Online, but I take serious, serious issue with what he says in that piece about passwords.
Read more

Meet the new malcontents. Same as the old malcontents.

The Guardian presents an interesting perspective, that hacktivists are bored teenagers driven by their hatred of government policy.

If that’s the case, it’s nothing new. They’re just able to make bigger messes today than their counterparts could 20 years ago. Read more

MBR rootkits don’t mean you have to wipe the drive

There’s a nasty rumor going around that if your computer gets infected with the Popureb rootkit, your only recourse is to wipe your MBR, reformat your hard drive, and reinstall (or run your factory recovery disk, which is essentially the same thing).

Not so fast.

Read more

If you’re concerned that Lulzsec may have leaked data about you…

If you’re concerned that you might have been included in the massive data leak perpetrated by the short-lived hacking group Lulzsec, I have a couple of web sites for you to visit.

Read more

And that didn’t take long: Firefox 5 is out

Firefox 5 was released yesterday with comparatively little fanfare. Firefox 4 only came out 3 months ago. And realistically, this is more deserving of a version number like 4.1, not 5.0. It’s a marketing decision more than a technical one. But it contains 8 critical bug fixes, a few stability fixes, and a few rendering fixes, so it’s worth grabbing, and treating like a point release, not necessarily with the usual trepidation that accompanies a major release.If your browser hasn’t already grabbed it and prompted you for installation, I recommend you go get it.

And a new version, most likely to be called 6.0, is expected in another three months.

First impressions: Microsoft Standalone System Sweeper

Microsoft has released an antivirus/antispyware live CD that runs in the Windows PE environment called Microsoft Standalone System Sweeper. I wouldn’t use it as a full replacement for a Linux-based live CD from an antivirus vendor such as Bit Defender, which I’ve written about before. It is, however, a good supplement–a second opinion. Nothing catches everything, after all.

The idea behind all of these is to boot into a sterile environment to scan a dormant hard drive for things that evade or disable your normal antivirus software. The need for this grows just about every day, as there’s a lot of really nasty stuff out there these days. It’s not a substitute for normal antivirus software–it’s what you call on if and when normal antivirus software fails and a malware infestation prevents normal use of the computer.

Read more

Removing the Windows XP Repair scareware

Windows XP Repair is a fake system optimization and repair tool. It takes over the computer almost completely, and it’s a pain to remove. Worse yet, there’s at least one version floating around right now that standard no antivirus/antimalware tool I threw at it recognized.

Here’s how I removed it for someone.

Read more

Dark ages of security, or golden age of hacking?

Earlier this week, Rob O’Hara argued that hackers, in spite of the publicity they get, aren’t necessarily sophisticated at all.

Details of the Citigroup hack prove it.
Read more

How to secure a computer like a spook

A link to the National Security Agency’s (NSA) guidance on hardening operating systems has been floating around various blogs today. But the NSA’s guidance on configuring Windows 7 and other recent operating systems is, to put it mildly, a bit incomplete.

What one government agency doesn’t do, another probably does. That’s usually a safe assumption at least. Enter the Defense Information Systems Agency (DISA). If you want to harden recent Windows operating systems, visit http://iase.disa.mil/stigs/index.html for guidance.
Read more