digip : sailing the high seas of the internet

Have you ever had a program crash and get the little Dr. Watson popup in windows. I have disabled this feature in just about every computer I have ever used. What Dr. Watson does, is he sends error reports to Microsoft when a program crashes. What you may or may not know, is that he sends whatever it was you were working on in the process. This is a big problem. Especially when you may have been working on an email or some other document that requires to be send through secure channels(like over ssl or such) and for private recipients only. Well friends, that is not the case with Dr. Watson. If you were working on or reading a confidential email that had say, passwords or proprietary information, guess what. That info gets set to Microsoft. Well, to their Dr. Watson web server anyway. While it gets transmitted, its sent in the clear, so if someone happened to intercept said dump, they now have that information as well.

While this may seem like a paranoid scenario, I had one such crash happen today, so I decided to copy the dump files normally sent to Microsoft. If you block Dr. Watson and the error reporting service, the files get deleted just as fast as they get created, but not until you click the ok to close the windows error. Before you click to close the dump error, go over to your windows temp folder or wherever your temp files are setup for your environment variables, and look for any files or even a folder containing the following:
appcompat.txt, manifest.txt, xxxx.exe.hdmp and xxxx.exe.mdmp, where xxxx is the name fo the program that crashed. Copy these files and place them on your desktop. You can the reply to the error message and close it out. These temp files will now be deleted, so you have a hard copy on your desktop. Open the dumps in a text editor, and you can see whatever it was you had open at the time or working on, such as emails or whatever. Just 1 more reason to turn off the so called “its a feature, not a flaw” options built into windows….

and to the idiot at 188.72.213.44, better luck next time dirt bag.

Below is a quote that holds a lot of truth. The problem with it is, it comes from one of Hitler’s own. Its simple though. You want to influence a nation to follow, put fear into them. Claim terror or war on your doorsteps and point you finger at any target, and the people will follow. Well, most people. Remember Bush (the first president Bush, not G.W.) had the phrase, “A New World Order in America”? Well, its really the same thing, only hes not the first to come up with the mantra.

“Naturally, the common people don’t want war…That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy or a fascist dictatorship or a Parliament or a Communist dictatorship. …voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country” – Hermann Goering, Hitler’s Reich-Marshall at the Nuremberg Trials after WWII

Sounds very close to the Bush mantra after 9/11, of war and why we we’re going to Iraq. Now Obama is following along the same lines in wanting to send more troops to Iraq. If he continues down this path, there is no chance for re-election, because the people at large have become sick of the same old rhetoric bull shit. The problem is, these same people are also struggling to make ends meet, and pay their bills, feed their children, or find a job, so they lack the mobilization and motivation to protest in large masses for something that, even though its an issue to them, surviving and taking care of their families is a larger priority. Nobody wants the war in Iraq to go on any longer, and Afghanistan is a lost cause at this point, because we have no support from the surrounding region, as much as they say they do support us, because if they did, Osama Bin Laden would have been ousted from his little cave or wherever he is, and the people would rise up to help us in the fight to bring him and the terrorists of 9/11 to justice. The reason he still lives, is because people of that region still support him and aid in his ability to stay hidden from the ones who are trying to find him. If they didn’t, the man would have been captured a long time ago.

I hope Obama gets his shit together and starts leading this country and stops listening to other people tell him how to do everything. I voted for the man, but I don’t think he is making the difference we had all hoped for. I still stand by my vote though, because I damn sure as hell don’t want McCain and Palin. They would not have been any better and I sure as hell don’t want that insane woman from “I can see Russia from my house”, Alaska to be running our country. She is a walking contradiction to the morals and values she preaches about, yet he daughter has a child out of wedlock, she quits her job as Governor, and then writes a book to bitch about how the McCain people treated her during the campaign. If she couldn’t hack it as a Governor, she sure as hell doesn’t have what it takes to run OUR country.

Notice the emphasis on OUR….

Well, things have been hectic around here to say the least. Got laid off in October, been in school 3 nights a week and job hunting all while working on web sites for a few clients.

I managed to get a call back and interview for 1 job so far. It was for a help desk position with Miles Technologies. Nice people, and a great opportunity, but I’m not quite sure I want to be a help desk technician. I’m sure I can handle the job and will learn a lot while on the job, but after the interview I realized I have been doing this sort of thing for years already, just not getting paid for it. What I mean by that, is that everyone in my family and friends always call me to help fix their computers, wether it be network related, virii, spyware, or just general help setting things up, like installing a new printer, scanner, upgrades, etc, I get stuck doing it. I also try to field a lot of questions on the Hak5 forums, as it helps me learn as well. Especially when I don’t know how to do something when a person has a question, I’ll take the time to research it on my own, just so I know how to do it in the future.

That leads me to my next big decision. I have been taking classes for networking, like Cisco and Microsoft, but I find that I really don’t like the MCSA/MCSE track. I hate exchange. Its the most retarded thing in the world, but a necessary evil in the corporate environment and something a lot of people get paid to support, just by itself. Help desk calls are sure to have some of these issues down the road, but what really interests me is the lan/network side of things and not so much the windows suite that runs on the network. Learning about how routers work and configuring them is much more fun than supporting 1,000 users in an Active Directory domain scenario. I’d much rather be learning how to break into these systems than supporting them because if I can get in, then I can learn how to defend against it as well, and that should come in much more handy(to me anyway) on the job than actually being the admin on the domain alone. If I can learn about the other side of things, I could probably get a job doing security, or at some point that I do make it as an Administrator of a domain, I know how to properly set things up and secure them in the process.

I find myself not only bored in my MCSA class, but angry with myself because I really need to pay attention and learn this stuff if I want to get any kind of decent paying job working on networks or system administration. But then there is that other side, the security end, breaking into and securing them against attacks, where I could care less about how Bob in accounting cant get his email, but more about, can I block Bob in accounting from getting that email all together, or social engineer Bob into opening a dangerous attachment that attacks the network. If I can do that, then I can learn how to protect against such attacks which would be more interesting to me and probably a lot more challenging than resetting Bob’s password for the umteenth time in one day because he cant seem to remember his password…

One of my clients that I work for is Offensive Security. The guys over at Offsec and Social-Engineer.org have been really good to me in the short time that I have known them. Its going on almost 2 years now I guess that I have been doing their web sites and misc projects for them, and they are always encouraging me to take one of the offsec classes. I think after I get done with my MCSA class, I am going to devote all of my spare time to brushing up on my Linux and then start taking the Offsec courses. I think that with those under my belt it will really help me to grasp the whole ball of wax that is networking in general and the aspects of administration and security, and how they all work together. Its one thing to follow instructions in the book for the MCSA stuff, but another thing to understand it and know how to fix things that are by nature, not a flaw, but “a feature” of all things in the world of windows…