Windows 10 cracking

I work in IT so I frequently have an interest in checking out how the "other" team works their magic.  It comes up from time to time that for completely legitimet reasons I need to use tools that might be considered hacking tools. The most recent case of this came up a few days back, someone set a non-standard password a laptop that the company owns.  It wasn't written down and I've since forgotten it.  It's not critical, but it is the backup for a system that we use to control the lights in the facility. I tried different combinations for a few days, but finally decided to dip into my back of tricks.

The following video (that you'll need to turn on closed captioning for) shows the steps to break into an up to date windows 10 machine by having physcial access to the machine.

The short version is use the bios/boot options to boot into a windows installer disk. From there start the install and go to the repair this machine option.  Use the commandline to rename the on screen keyboard executable to osk.old and copy cmd.exe as osk.exe. Exit the install media and boot to the sign on screen.  On the sign on screen open the accessability menu and turn on the on screen keyboard.  Boom now you are running a command prompt with administrative rights.

The command net user <username> * lets you set a new password.

Time to break in is under 10 minutes.

Does Glee have a color?

Another Day, another Mac trojan.

Tick Tock Mac's Tick Tock

Another Mac Trojan, this time ported from Ye Olde Linux.  I promise I'm not smiling as I type this.

Parking lot security

The parking lot for my Townhouse Community has been suffering a rash of car prowls of late, and the idea was floated to point a camera at it to try and see what is going on over there. The idea, while great in theory just sounded like a lot of work to me. The parking garage for the building I work in has been suffering lately as well, and given the it needs to the security team I have been seeing first hand the amount of work that goes into identifying a person and tracking suspected prowlers, let alone reviewing footage to find evidence of break ins. To say the least when they asked me for a computer to look at the lot, my fist question was "Who will be reviewing the footage of the lot?"

No one strictly speaking wanted to tackle this one.  I think everyone thought the geek would take care of it.

Great, the camera and machine that records will likely not be setup in my home as I am about as far from the lot as it is possible to be, so I needed a way to remotely view recordings, and check in on the machine from time to time. That of course after I find a software package that can be configured to ignore certain areas of the frame so that trees and road traffic don't trigger the motion tracking and cause the software to record much more footage to be reviewed. After a little bit of testing I found Vitamin d and it appears to meet my needs pretty well. The software assumes a fairly stationary camera, and allows you to define motion areas, and filter the type of activity that will trigger the motion. I plan on using a HP KQ246AA 8.0 MP Deluxe Webcam that I had previously purchased, and run it on the very old and retired media center pc rocking a 1.8ghz Celeron. The machine seizes a little under load, but appears to be able to handle the task.

Having decided on the recording software, I figured I would be remotely controlling it via Logmein, but was stumped how to remotely view and delete the recordings that had been reviewed. I played with the idea setting up a webserver and writing my own app to play and delete the reviewed content, configuring a dynamic dns address, but in the end realized that just designing it was exhausting for something I didn't really want to do anyway.

Enter Orb. All I needed to do was setup an account, and then I could view the recordings online and delete the ones that where not interesting. I was most happy that it even supports the native mp4 video container vitamin D records in. Not too bad, free software and services enabling an ad hoc security service so that the reviewing duties can be shared amoung several people.

Cool Idea, I don't like number pads on your house though

img via Kwikset

I like the ability to remotely check the lock status of my house, and also to be able to unlock/lock the door from a variety of methods. If they sell these without number pads I would be sold, I just don't like the attention that I think they would draw in a high traffic area. More gory details in the press release.

via Engadget via Kwikset

Google Adsense ssl cert needs to get fixed.. seriously

So I being one to look on the loving Google with a forgiving eye have come to end of my toleration for the Adsense site ssl cert throwing errors. Google is frigging huge, I assume that engineers at Google use Firefox, I also assume that someone would have seen the following error and fixed it. Like a year ago when it started happening.

Firefox 3 makes it kind of hard to ignore anymore:



So if a Security Engineer, or Web Master (if they even have titles like that) could get on this, and get some extended validation or whatever it takes to get ssl on subdomains that would be great. I don't feel like adding exceptions to good rules because someone can't figure out how to buy the right cert (not the the vendors make it easy).