Wednesday, August 27, 2008

Windows XP SP3 Slipstream

This isn't a step-by-step "how to" but more of a "how not to."

I had heard a Windows Weekly podcast where Paul Thurrott talked about an article he had written on how to create a Windows XP installation disk with SP3 slipstreamed into it. It is nothing if not thorough.

But...

Paul wanted to make his process completely self-defining and using all free software. So he used ISO Buster and Nero 8 Trial.

ISO Buster is used to extract the file Microsoft Corporation.img from the original XP disk. As I'd already built an SP2 slipstreamed disk a couple of years ago, I already had that. Scratch off ISO Buster.

And I am a moderately big fan of Roxio so I didn't need Nero 8 Trial. Sometimes I'm too "clever" for my own good.

The end of the story is that the Microsoft Corporation.img file that I had worked fine but I had fits translating Paul's instructions for Nero 8 Trial into Roxio-speak.

I googled "make a bootable cd with roxio." On the first page was a link to "The Elder Geek's" post on how to slipstream SP1.

But at the bottom was a link to how to burn the CD using "Roxio Easy CD and DVD Creator 6."

Bingo. That worked.

Friday, August 15, 2008

DNS Security, Part 3

Is there no end to the DNS security flaw? I've written about it here and here.

We all hoped that the technique that Dan Kaminsky described would put this to rest.

Apparently we were wrong.

The Register reported that a Russian researcher had demonstrated DNS cache poisoning on a freshly patched DNS server. It did take him 10 hours with a dedicated gigabit connection to the server but he did poison it.

Even Dan had to respond.

I read that when he posted it but I kinda glazed over after a while.

Then Steve Gibson revisited the DNS vulnerability in his last podcast. (I gotta quit listening to Steve.) You can read it here.

Steve refers to the "0x20 hack." If you hadn't falling asleep reading Dan's post, you would have seen that he did too.

I found the ITEF RFC that describes this technique. Sure cure for insomnia. Suffice it to say it has to do with using mixed case in the domain name being queried.

Let me net it out for me and you both.

Prior to this summer's patches, DNS had as low as 1 in 32,769 possibilities to be compromised. After the patches, the odds were 1 in 4,294,967,296 (according to Dan).

The 0x20 hack makes this 1 in billions and billions. Yeah, there are some edge cases that Dan covers but it's way better.

And this seems relatively easy to implement. I expect it'll slip in in a future round of patches and we'll be done with this until ... DNSSEC.

Stay tuned.

Saturday, August 09, 2008

DNS Security Flaw Explanation

Early last month, Dan Kaminsky announced that he had found a serious security flaw in the DNS code. My blog entry on it is here. Dan had promised that he'd explain it at Black Hat on August 6, 2008.

Here are his slides.

My take of it is that the bloggers had the vulnerability pretty much right but Dan explained how it could be so much easier exploited.

I welcome your comments with more insight.