Command the burn of Deep Freeze

A few months ago I was working for on a clients network who had a third party come in and setup their network. Unfortunately, many of the PCs were setup with deep freeze. Now for those of you that don't know, deep freeze is this amazing program that allows administrators to lock the hard drive so that users can install software,
download files, etc and then as soon as you reboot the system is back to defaults.
(image Source: http://blog.eches.net/wp-content/uploads/2007/10/deep-freeze-panel.gif)

When you want to change the settings you have to use a keyboard shortcut, Ctl+Alt+Shift+F6 in order to get to a login screen. Then once you type the password, you can "Thaw" the system. Each Thaw/ Freezed session is determined on how the system was told to boot. The screen gives options to Thaw it once and then once you have rebooted, re-Thaw system on reboot -- without logging back into the Deep freeze control panel.

You can figure out if a system is running deep freeze by looking for the following icon in the systray:

(polar bear, symbal of deep freeze)

However, this didn't work so well for me as I was wanting to install the newest version of office and setup the desktop icons with some new shortcuts, because, you guessed it, they had forgotten the password... So I was left with no way to get the computer changed or was I?

It turns out that Windows 2000, XP (and Vista too I am pretty sure,) have this save mode setting called safemode Command Prompt. Which loads the system with only the minimal components and a command prompt, and this is what allowed me to get access to the system and make changes with out Deep Freeze stopping me.


The how to:

1. First reboot the computer
2. Press F8 at boot
3. Select "Safe Mode" with Command Prompt
4. Wait for the Desktop to load. It will load windows just as in normal, but it will have a cmd window open... some systems may be locked, so you might need to try default usernames such as username=Adminstartor, password="", or whatever admin user you can get access to.
   
5. At the black window that shows C:\ type,"explorer"
6. This will start windows explorer which will allow you to do most system changes that are needed.

The only limitation of this hack is the fact that many programs will not install, however you can change (or delete Deep Freeze) permanently from the following folders and when you return to normal mode you will have complete control:

c:\program files\hypert~1\deepfr~1
c:\windows\system\iosubsys\persifrz.vxd
(you can easily delete both of these from the command line or explorer)

For more extensive information on deep freeze check out:
Source: http://www.governmentsecurity.org/forum/index.php?showtopic=123
(it is old but seems to still have relevancy)

Just remember you could get in a lot of trouble for modify business or school network computer systems... and I won't be there to thaw you out ;-)

Hacked: US Power Grid.

So I thought it was something that could only happen on the movies. But it turns out that we don't have as good security as I thought.

When me and my friend watched Live Free Die Hard 2 weekends ago we were both concluded that our Power grid isn't well connected enough to get a nation wide hack. However it looks like a firesail could be possible. According to the NY times Russian and Chinese Hackers have gotten in and placed backdoor software into computers that operate our powergrid. Right now the Government isn't releasing any detailed information and we don't know if this was government run attack or a independent. See full story below:



http://www.nypost.com/seven/04082009/news/nationalnews/re_volt_ing_spies_hack_into_us_power_gri_163443.htm

Blogged with the Flock Browser

CES 2009 - TV's Lets compete: 3d, slimest, and maybe some Wireless to go.

At the show there seemed to be a competition between LG, Pansonic, and Samsung on who could create the largest exhibit with the most flashing gadgets.

Keypoints of...

Samsung:
Name: Not set yet

Prototype size: 6.5 mm

Launce date: Unknown for thin, but 3d ready  plasma TVs ready by this spring

Panasonic:

Name: Prototype name z1

Prototype size: 1/3 "
Launch date: 2010
Special:

Wireless will hook up maybe to box which has feeds of hd cable
Panasonic had 5 Movie theators sporting new 3D technology and also a showcase

off how home theators could easily migrate their systems to the new 3D standards. 

LG:

Name: Plasma TV 42PQ65C

Launching: This spring

Special: 

Showed of new Plasma and LCD TVs that save on energy. One of the reps I spoke to 

told me they see consumers wanting to save on energy prices as well as get the same

features that they have seen in the past and expect in the future.

Federal Communications Commission Commissioner Talks on Technology Issues

Here is a video that was taken yesterday at the Panasonic Exhibit with the FCC Commissioner.

CES 2009 - Jan 9 - Instant on, more 3D and larger exibits

Intro
The next official day of the show is a blast. I move over to the Convention center which exhibits the large TV players (Samsung, Panasonic, LG... which will be show in a future post) and Microsoft. Once again the focus was a lot of 3D, as well as some other very creative technologies.
(see below for another slide on pictures from the show)

Body

The first technology that blew me was Fulton. They have been working over the last 12 years and have successfully created a new type of convection system allows for wireless power. The first part consists of a coil with smart electronics that can go under a table or desk. The second part consists of a coil which goes in the devices to be charged. They use magnetic residence to get the energy to transfer which prevents wasted energy.

This is a old technology but what makes it practice is that fact that it has smart electronics to control the amount of energy being transferred. This prevents the problems of short outs that previously prevented this from being used. Now in theory it could go over 3 feet and could be put into an entire table top so you can imagine were they may take this technology.


The next technology that I found very interesting was phoenix technologies new instant on Laptop. They have used a custom version of Linux paired with a technology know as VT which they happened to be embeded in most PCs less than 2 years old. I have to say the guys at the exhibit were very open and easy to talk to... providing a lot of insight into their technologies. They also invited me to their private party at V bar in the Venetian were I talked to 2 of the engineers behind the technology. He said they had been working it for about 3 years and with the expansion of distributions such as Ubuntu as well as Yahoo, Mccafee and other companies developing tools for Linux it has allowed them to put this together so that really you can get online instantly while you wait for Vista or your other OS to come in in the background.

End Notes

Later today or tomorrow I will be posting on TVs and the exhibits I see today. As well as more details on other exhibits.

Edit: Fixed some problems with the slide show not playing.

CES 2009 - Rising up in 3D

Intro:
As many of you know most of my blog focuses on the area of security, but when I got the unique opportunity to go to CES 2009, I couldn't pass up the chance to do a little blogging about the show.

The show, which is held in Las Vegas, Nevada, reports 130,000 visitors to their 2700 exhibits and many sessions. I also have been enjoying the hospitality of vendors such as Imagination and ViewSonic who allowed me to be present at their after show receptions.

Body:

Last night I regret to have missed the first keynote address by Microsoft's new CEO Steve Ballmer. But this morning at 8:30AM I heard CEA CEO Gary Shapiro talk about the current state of Consumer Electronics. His predictions for 2009, estimate that it will be a "flat year" compared to the increase of about 6% in 2008. He was not shy in expressing how he feels that the Obama Administration will make great strides as America's first "Digital President." He also stated that CEA will be lobbying for the greater good of Consumer electronics by seeing if new laws pass the following test:

1. Does it create jobs?
2. Does it spur new tech?
3. Does it encourage the best and brightest to come to the US?
4. Does it reward risk taking?
5. Does it promote exports?
6. Will it help deploy broadband?

I felt a lot of his speech focused on the fact of how government and Consumer Electronics need to help each other. However he stated that the members of the industry need to step up and be leaders in order to propel this economy forward.

The next speaker in the Jan 9th Keynote address was Sony CEO and chairman, Sir Howard Stringer. Many of my previous hesitations about Sony were downgraded, by the many products they released. Such as some the new Sony HD Bravo TVs which allow direct uploads from Sony's new wireless enabled Sony CyberShot.

Another interesting feature of the Sony Keynote presentation was announcements from Disney's Pixer who will be producing new 3D movies using Sony's Blue Ray technology and DreamWorks who announced all productions from this point will host 3D animation compatibility.

I decided that it would be better for this first post to upload a slide show of the newest products that were at the show. One of the big things that seemed to come up more than once is the transition of TV to 3D. In his address during the keynote, chief creative officer John Lasster compared 3d coming to movies to the introduction of sound and color to tvs.

Take a look at the following slideshow for what I captured on Jan 9 at CES.

Edit: Fixed Slideshow.

SMSing tips, tricks, and more phreaky stuff

INTRO:

OK so if you have unlimited texting you may find this useful...
Services such as Google, ChaCha.com, textmarks.com, and others have made SMS services so that individuals can find useful information on the go. Or stay in touch with their own services.

Some have begun calling SMS/cell phone texting the new terminal line. Back in the days before windows 95 and MS-DOS computers would log on to the internet using something called the telnet. Telnet was later upgraded to terminal to allow encryption. Basically think of it as a text editor that talks back to you using ACSII art. In most cases you would have to dial a number and be connected using a login and password.

As you can imagine, hackers, which at the time were really phreakers (people that hack phone lines) began hacking the terminal lines. They dialed into lines they shouldn't began building software to gain access ect. Telnet and terminal lines are still used today, however they are very insecure and normally are used over the Ethernet internet lines, not so much regular phone lines.

One thing that should be noted that when using these SMS messaging services is that anything you text allows the server to see your phone number... also most services allow you to text help to find the list of commands you can use.

Main:

***GOOGLE***
TEXT NUM: 466453 (GOOGLE)


Search Feature.......Sample Query


Local.................. sushi 94040
Weather.............w boston
Glossary............d zenith
Sports **............score red sox
Movies............movies 94110
Stocks............stock tgt
Zip Codes............zip code 72202
Directions............directions pasadena ca to 94043
Maps .................map 5th avenue new york
Flights ***................flight aa 2111
Area Codes...............area code 650
Products..................price ipod player 40gb
Q&A...................... abraham lincoln birthday
Airlines ***............united airlines
Translation............translate hello in french
Web Snippets............web hubble telescope
Calculator............. 1 us pint in liters
Currency Conversion........ 8 usd in yen
Airports ***............... sfo airport
METAR**** ................. metar khio
Help..................... help local

Source: http://www.google.com/mobile

*** GOOGLE Calendar ****
NUM: 48368 (GVENT)

This allows you to update your events on your google calendar right from your phone, note you need to sign up first

1. by going to calendar.google.com while logged in.
2. clicking settings
3. and then selecting mobile.

add event...."Shopping with Sarah at Monterey Market 5pm Saturday,"
request your next scheduled event............................. next
request all of your scheduled events for the present day...... day
request your events scheduled for the following day........... nday

Source: http://www.google.com/support/calendar/bin/answer.py?hl=en&answer=37228

*** Facebook ***
NUM 32665 (FBOOK)

Many Social engeneering websites are stepping the ways users can access their information to help them compete facebook allows you to use your mobile phone to watch who send you a message on your wall, writes you a status comment,
or messages you. You can customize the ammount of messages when you set it up by....

1. going to http://www.facebook.com/mobile/?ref=sb
2. putting in your phone number,
3. waiting for a text
4. putting that text in the box on facebook
5. customizing the events you wish to know about.

Next you can use the following commands to find out about your friends or change your status:
just send a text to facebook to change your status
to search for a friend....... srch
info on a friend............. info
help on commands............. help
For both of these

message a friend............. using search or info find the 32665XX number of your friend (each user on facebook has their own texting number)
Then send a text to 32665XX, and the message will show up in their inbox the next time they log in.

Also, when you get events such as status message comments or a wall post messaging back the number that shows up on your phone. (once again it will be
some 32665XX number) will put your message on the corresponding comment or wall post.

***ChaCha***
NUM: 242242 (CHACHA)

This service works by you simply texting them a question and then in about 10 to 15 min a live human will search the web and return an answer.

Source: http://www.ChaCha.com

***Textmarks***
NUM 41411

This one has to be my favorite texting service, it literally has hundreds options of custom services to let you find what you need from the net. If you don't find what you want, you can always create a custom text service. I was really impressed by the speed of their servers too.

Some of my favorite SMS's from this service are:
Find the name and address of a landline's phone number.......PHLOOK
return a fake name and phone number of a person........ FAKE
Hide your phone number when texting.................... anon
Ping a server to see if it is up on your phone......... PING

Source: http://www.textmarks.com

End notes:

These are only a few of the services out there that provide texting feedback. I know Myspace can do the same as Facebook and that their are other services that allow you to interact more. One neat tool that I played around for a while was the instant messaging program trillian, it allows you to specify words in IM and perform acts on a PC from those words. At one time as a proof of concept I used the command cmd /c batchfile.bat to run a the code "shutdown.exe" which shutdown the computer any time I IMed via my phone.(textmarks would allow you to do this without having IM on your phone). It expanded to the point were I would lock, shutdown or reboot any PC on the targeted network.

So here is the deal, as you can probably see I only have so much time to post anymore if you think the above method to control your home network would be something interesting you want to know how to do. Leave a comment and I will see what I can do :-). Or if you have a useful SMS service you know about you an post that too. (Linkbacks welcome)