If you’ve recently purchased a new laptop, chances are that it came with Windows Vista installed on it. Now, depending on how easily you can adapt, that might be a little bit of a problem. Even though Vista has been out for about a year now, many users are still reporting on having a hard time with the new operating system. Some consumers just can’t get all of their peripherals to work properly, others are experiencing horrendous performance issues, while still others just hate the changes that Microsoft made.

One solution to this dilemma would be to take Apple’s advice and just “upgrade” back to XP. If you’ve already gone ahead and tried this approach, though, you may have noticed that this causes another problem — quite a serious one actually. XP refuses to install!

So what’s the problem, you ask? Well, let’s think about this chronologically, shall we. Windows XP is old. No wait, let me rephrase that: XP is ancient! This means that the software and the drivers included with the installation package are just as old; that’s six years to be precise. Back in 2001, when XP debuted, Microsoft expected motherboards to interface with hard drives via an IDE cable. But, six years down the road, PCs and laptops manufacturers have all dumped IDE in favor of SATA, which is faster, allows for hot swapping of drives, and insures better data integrity and reliability. This all sounds wonderful, until you consider that Microsoft never included any SATA drivers with their XP installers. So now what?

Fortunately, there is a fairly easy way to rectify this problem. The necessary SATA drivers aren’t included with the standard installation disc, so we’ll have to add, or slipstream, them using a neat little tool called nLite:

• First off, we’ll need to download and install nLite, a freeware application developed and hosted by Dino Nuhagic. The latest version can be found at www.nliteos.com. I got everything up and running with version 1.4.

• Next, we’ll need to locate and download the appropriate SATA driver. Since it took me quite a bit of time and effort to locate the necessary drivers, I’ll do my part to simplify the task by hosting the driver I used here.

• The only other thing that we need now is an XP installation disc – hopefully a legal copy – into which we’ll slipstream the SATA driver.

Okay, now that we have the right software and the correct driver, let’s get started. Since we’re going to be adding a component to the standard Windows installation files, we’ll have to extract the files from the CD. While doing so, it is important to make sure that the file structure stays intact. By far the easiest way of getting all the right files onto your system is to simply insert the CD, head over to My Computer, right click the CD directory, hit copy, and then paste it to the desktop. Once that is done you’ll be ready to get started with nLite:

• Once nLite is launched, go ahead and skip the first screen which only contains information about the program.

• The second screen will ask you to locate the Windows installation, which will be on the desktop if you followed the instructions above verbatim. Once you’ve located the correct directory, hit OK in the selection window and wait for nLite to analyze the directory. If you’ve identified the correct directory, you should be able to see the Windows version, what service pack you have, the version number and installer size. If you don’t see this information, chances are that you’ve identified the wrong directory.

• The third page isn’t really that important, so skip it and make sure you get to the Task Selection page, since that’s the part where paying attention becomes important; it’ll be where you tell nLite what to do with the Windows installation files. Depending on what version of the Windows XP installation disc you have, you might want to alter a few of the settings. However, for the purposes of this article, I’m going to assume that we’re dealing with a standard Microsoft installation disc that already has Service Pack 2 installed on it, and that we’re not interested in slipsteaming in any other components, hotfixes, addons or tweaks. So, with all these considerations in mind, go ahead and check the third box down, labeled “Drivers,” as well as the very last one, labeled “Bootable ISO.” Click next when done.

• We should now be at the Drivers page; this is where you should locate the correct driver for nLite to slip into the installation. In the bottom right hand side of the window, right above “Next,” you should see a button labeled “Insert.” Click it, and then select “Multiple Driver Folder.” Doing so should bring up yet another window within which you’ll have to locate the folder that the SATA driver, which you should have downloaded earlier, resides in. Clicking OK in this, as well as in the next window, should bring up a list of possible SATA drivers. Now, if you know exactly what hardware you have, go ahead and select the appropriate driver. However, if you don’t know exactly what you need, then you might want to try the fourth one from the bottom — that’s the one that worked for my HP DV6500T. Clicking OK again should kick you back to the Drivers page; go ahead and click next.

• This next page is really straightforward. If you feel that you’ve set everything up correctly, hit OK, and watch nLite got to work — okay, well maybe there isn’t that much to see…

• After nLite finishes working its magic proceed to the next page, where you’ll have to complete one last task. Now that nLite has analyzed and modified your XP installation files, it’s going to want to know what it’s supposed to do with the newly created files. Your two best options are either to burn a new XP installation disc directly from within nLite, or to have the program create an ISO image which you can then do with as you please. In my case, I went ahead and created an image (just in case I happen to loose the CD at some point), which I then burned to a disc with Alcohol 120% (there are plenty of other applications, such as Nero, that will do the exact same thing).

If you successfully followed the steps outlined above, then you should now have a brand new installation disc for Windows XP. The only remaining step is to insert the disc in your laptop and reboot. If everything went to plan, your machine will recognize the drive and start the installation process, which should be the exact same as it would otherwise be. If you have any remaining questions, please feel free to post a comment down below, and I’ll try my best to assist.

Note: This slipsteaming process will only work if you want to install Windows 2000, Windows XP, or Windows Server 2003.

Series: Dual-Booting: XP and Ubuntu

Part I | Part II | Part III

Anyone who’s a Bank of America customer has probably gone through the process at one time or another. The site loads, you enter your username and state, and you hit “Sign In.” Waiting, waiting, waiting. Ok, next step: do you recognize this image? Huh, yeah, whatever; you enter your passcode and hit “Sign In” again. “Your request is being processed, Please wait…” Am I in yet? Oh, wait, what’s this. An ad? “Not now.” Ok, we’re in….

I wouldn’t have too much of a problem with the Bank of America login system, cumbersome as it might be, because it helps protect my banking information from those ruthless Nigerian phishers, right? Well, no; it doesn’t, actually. As it turns out, the implementation of the SiteKey system is nothing more than smoke and mirrors, or as Steve Gibson puts it, nothing more than a “touchy-feely sort of solution” that will look good in the papers.

According to federal law, any banking institution that wishes to provide an online service for “high-risk transactions involving access to customer information or the movement of information to other parties” must implement two-factor authentication (FDIC). So, what does all that mean? How will users be authenticated?

User authentication can be dealt with in a number of ways, but in order to have any confidence in the security of a system, multi-factor authentication is required. Multi-factor authentication deals with the notion of providing access after at least two of the following have been provided and verified:

• Something you know, like a password, a PIN, or an answer to a question. Please note that, requesting a username and a password still only counts as single-factor authentication.

• Something you have, such as an RSA security token, a credit/debit card, or some other physical device capable of providing some sort of information that only you might have access too.

• Something you are, meaning a fingerprint, a retinal scan, or some other form of biometrics.

Each of the methods mentioned above are quite easily foiled on their own—yes, even biometrics. So, in order to be the least bit sure that the connection between the client and the service is secure, a combination of factors needs to be used.

As it turns out, however, the “two-factor authentication” that Bank of America has implemented on its site is anything but secure; in fact it’s only multi-factor if you tinker with the definition a bit. The entire concept behind the Sitekey theatrics is that you provide the bank with your username and state, which is then used to look up the Sitekey image that you provided them when you set up the account. When this image is then presented to you, the site wants to know if you recognize the image and its corresponding title. If it’s the correct, you enter your passcode and you’re good to go.

The idea is that only the real Bank of America would have the correct image, and that there is no way that a phishing site could possible present you with the correct image. So, if you don’t see or recognize the image, don’t log in; it’s not the real Bank of America site.

Well, that’s not exactly true either; Bank of America might not be the only ones with access to the image. The SiteKey system can be and has been hacked, and it didn’t take MIT graduates to do it. A simple man-in-the-middle attack is all that’s needed to bypass the authentication system and gain access to users’ bank accounts.

Wanna set up your own phishing scheme? Here’s all you have to do: setup a site that looks and feels just like the real Bank of America site, and start attracting visitors; a common way of doing so would be to send out spam designed to look like it came from, say, a Bank of America representative, asking that the recipient please click on a false link (which looks valid) to the banking site to check on some critical information; maybe verify an address, or something like that. Once you get victims to the site, the hard part is already over. Just sit back and wait for the login information to roll on in. When the victim enters in his or her username and state, the fake site will head over to the real Bank of America site to enter in the exact same information, wait for the Bank of America site to present the SiteKey, so that it can be copied and presented to the victim, who will (gladly) validates it and enter the passcode. The fake site then goes back to the real site, enters the passcode and voilà, you’re in! Happy robbing!

Bank of America’s “security” measures have been seriously compromised, and, unfortunately, it doesn’t look like it’s going to change anytime soon. Not only is it broken, but most users probably wouldn’t even notice if the SiteKey image never even came up. According to a fairly recent MIT study, 97% of those tested went ahead and entered in their passcode even though the SiteKey image wasn’t present. Only two people had the presence of mind to realize that maybe, just maybe, there might be a security concern. So, if you don’t want to set up a complex system to check back and forth with the real banking site, just omit the image and simply have the victims enter the login information for your later use (and then, maybe, direct them to a page reading “OWN3D!!!” or something like that to rub it in).

Regardless of whether you’re into technology or not, you’ve probably heard various horror stories of how hackers have managed to commandeer the PCs of unsuspecting users to do their bidding. Traditionally a hacker would need to get a malicious piece of software – a.k.a. viruses and spyware – onto the intended victim’s machine before anything harmful can take place. Most computer users are aware of these dangers and have taken actions to prevent infection, such as installing anti-virus and anti-spyware software. The vast majority of users also hide behind some sort of request filtering system, be it a NAT router or even the standard Windows Firewall. Having these measures in place, along with some good computing habits, like not opening random links in e-mails, probably save many users a lot of potential hassle, and most likely also provide some ease of mind. Well, those days are over, because there’s a new hack in town.

A few weeks ago at the ShmooCon conference, Billy Hoffman, the lead engineer of SPI Dynamics, informed the security community of an exploit that had come to light along with a tool that he had developed that would be able to exploit the vulnerability to take advantage of any machine, running any browser, on any operating system, to do almost anything. The program, named Jikto, consists of a rather simple JavaScript that can be embedded in any Web page, and can be surreptitiously run upon loaded the page.Let’s start off with an example: With Jikto, a hacker could potentially scan a corporate network and “fingerprint all the Web-enabled devices found and send attacks or commands to those devices,” without any interference from a firewall, since all of this can be run directly from the browser. To a firewall it would this would be perfectly acceptable, since it would appear as if the user requested this to happen. Continuing with Hoffman’s example, once a hacker figures out the router brand and model it would be fairly trivial to send it a few commands to reconfigure the router to drop the encryption or change the password. And, to make matters even worse, it would also be possible for a hacker to mask the attack in such a way as fool the IT techs into thinking that the attack came from an insider, instead a hacker thousands of miles away.

So how exactly is Jikto supposed to do all this? Once a casual Internet surfer visits a site that has Jikto embedded in it, the JavaScript will execute. Jikto will essentially take over that browser and turn it into a scanning tool that can then scan other websites for cross-site scripting or SQL injection vulnerabilities and report any findings back to a third party, probably a hacker. Once a target is located, a hacker can then inject targeted code into the website through the vulnerability that Jikto has found. This code then has the potential to filter down from the website to the company’s network and into a specific Web-enabled device.

Not only will Jikto be able to find and report on cross-site scripting or SQL injection vulnerabilities, it will also be able to self-propagate, much like a worm, using these same cross-site scripting exploit. From this new location it will then be able to infect and commandeer the browsers of other unbeknownst users. Since Jikto only takes over the client’s browser, and does so silently without alerting the user, it does not affect any other part of the machine, which is part of the reason that traditional security applications will have a harder time catching it.

So, at the center of this potentially devastating exploit tool is Web 2.0, or more specifically, the ubiquitous use of JavaScript to enable AJAX—a programming technique designed to make sited more user interactive; think Digg.com. On the one hand, it may seems surprising that a tool like Jikto took so long to appear, since JavaScript as been used for almost a decade now, and the exploit that is now being used is certainly nothing new. But then again, a tool like Jikto can only be truly effective if a great number of sites have JavaScript enabled, forcing users to do the same. The success of Jikto depends on the number of PC that it can be run on, much like BitTorrent in a sense. As Steve Gibson explains, “Jikto runs in a web browser and distributes the bug-hunting task across multiple PCs.” What makes Jikto so incredibly dangerous is that it’s immune to all current anti-malware solutions. The only true way of stopping what Jikto is capable of would be to browse without JavaScripting enabled. Unfortunately, doing so would break a vast number, if not the majority, of websites today. Even for a simple blog, such as this one, to work correctly JavaScripting has to be enabled.

The reason that Jikto has managed to garner so much attention in the last few weeks is the fact that it’s a very clever way of scanning for vulnerabilities using a language that practically any browser can understand—even certain cell phone browser will succumb to its will. In the words of Billy Hoffman, “Jikto going to drastically change the scope of evil things you can do with JavaScript.” Continuing on, he states that “Jikto turns any PC into my little drone. Your PC will start attacking websites on my behalf, and you’re going to give me all of the results.” Coming from white-hat hacker Billy Hoffman, this probably sounds more sadistic than it really is, since he has refrained from releasing Jikto into the wild. Unfortunately, there have already been reports of sightings of the Jikto’s source code. The eventual appearance of Jikto, or rather some program like it, is pretty much inevitable. Once the hacker community knows that the exploit exists and how to implement it, writing a program to take advantage of it is really quite trivial.

For more information about the vulnerability of JavaScript check out Steve Gibson’s podcast Security Now! and also take a look at these webcasts for SPI Dynamics.

A few days ago, the developers over at SlySoft released the very first commercial HD-DVD ripper, named AnyDVD HD. The application would allow users to circumvent and strip out the digital rights management policies that have shackled the format since its release. AnyDVD HD will remove all of the content protection contained on the disc, including HDCP, so that users will be able to make “back-ups” of their (il)legally acquired HD-DVDs.

The biggest hurdle that had to be overcome by SlySoft, as well as by other hackers who have tried to bypass the encryption, was the Advanced Access Content System, or AACS. Although the company isn’t necessarily the first to successfully get around AACS, they are the first to actually take the daring leap to implement their hack into a commercially available product.

SlySoft claims to have developed a different technique for getting around the encryption standard than Muslix64 and Arnezami over on the Doom9 forums, who respectively discovered the encryption and the processing keys used by AACS.

Interestingly, neither method used by Muslix64 or Arnezami – and probably neither that used by SlySoft – is a hack, per se.

Muslix64’s method of getting around AACS consists of using a memory dump taken while the HD content was being played and performing a rolling slide of that dump data through the decryption algorithm. In the words of Steve Gibson, this means that:

“All you do is take the first four bytes and assume that they’re the decryption key, try to decrypt a piece of encrypted content. You know what the beginning of the encrypted content looks like because it’s a standard MPEG frame. So if that doesn’t work, you take bytes two, three, four, and five. Then you take bytes three, four, five, and six; then four, five, six, and seven [and so on]. You just slide along through. And our PCs are all fast enough; in a very short time you’ve searched the image […] for the key. Once you find it, you can decrypt all the content on the disk.”

Ironically enough, performing this hack probably takes less computing time than actually trying to legitimately decipher the AACS encryption scheme.

Arnezami took a slightly different approach. Instead of trying to analyze memory dumps, he decided to look for security vulnerabilities in the logs made by a USB sniffer assigned to monitor the connection between his/her HD-DVD addon for the Xbox 360 and his/her Mac. In doing so, Arnezami discovered that the AACS standard does not require an encrypted connection between the HD-DVD playback device and the software player, allowing him/her to read the key. Just as in the method employed by Muslix64, Arnezami did not have to reverse engineer, or otherwise disassemble, any of the software involved.

As Muslix64 and Arnezami have demonstrated the implementation of AACS in the HD-DVD and Blu-Ray formats is not as secure as the movie industry might have hoped for. There appear to be plenty of weaknesses in the standard, and the fact that SlySoft claims to have found yet another method only illustrates this point further.

AnyDVD HD will not only get rid of AACS, but it will also absolve users from having to play the movies on HDCP complaint video cards and monitors. Not only will all forms of DRM be gone with a few simple clicks of the mouse, but so will those obnoxious logos and trailers before the actual feature presentation – quite impressive, to say the least.

AnyDVD HD currently only supports HD-DVDs, as the name implies, but SlySoft has already stated that Blu-Ray support will be available shortly.

AnyDVD HD is now available and will retail for $79.