Tag: Security

  • App Control for Business → Madness

    App Control for Business (WDAC – Windows Defender Application Control) is an extremely powerful function in Windows 10/11. When set up correctly this pretty much rules out that malware is able to start (or can easily achieve persistence). It can be configured in a way that even a user with local admin privileges becomes unable to change, remove or disable strict rules.

    This powerful kernel-mode feature comes at a price. The price is complexity and a steep learning curve. A steep learning curve has never discouraged me despite my serious concentration issues. Once I got into using Qubes OS I never really looked back. My real problem with WDAC lies in it’s complexity.

    (more…)
  • Invalid Password! [Sinchen Rant]

    One of my long-term goal of maximizing my computer security. Since roughly two years I went from better-than-average settings to seriously trying to harden my operating systems as good as possible.

    As I mentioned previously, my Windows knowledge is pretty much stuck in the XP-era. XP isn’t quite representing the status of current Microsoft operating systems. When reading “Windows 11” many people instinctively think of telemetry, software bloat, Copilot, forced online accounts and all this rubbish. I’m more interested in the things under the hood. For example: Virtualization‑Based Security (VBS), Hypervisor‑Protected Code Integrity (HVCI) and App Control for Business. I needed a pretty recent device offering the hardware Windows 11 expects (TPM 2.0, CPU with IOMMU, Secure Boot using year 2023 certificates) to do experiments… without playing around with my mum’s computer.

    (more…)
  • Windows “Device Encryption” With Automatic Unlock Is Not Secure Enough

    An easy explanation avoiding technical terms (until the box at the very end)

    The Short Version​

    If your PC meets certain criteria Windows encrypts your files automatically. This is good! But the way it’s set up by default has a hidden problem: the computer unlocks itself without asking for a password, and a copy of the unlock key is stored online on Microsoft servers.

    (more…)
  • Windows XP Hardening?

    How about still using Windows XP? Simplicity, lack of bloat, lack of AI, support for old games. I’ve always loved XP. Of course it didn’t feel lightweight in 2002 when installing the first Windows NT version intended for home users. Way bigger than 98SE, more demanding than 2000 Professional and with a nauseating default theme that is as dysfunctional as the (then) newly introduced Start Menu. Over the years I’ve mastered switching off all crap on a fresh XP installation in very few minutes. Still in muscle memory to this day. Using XP gives me a nostalgic feeling just like the boot sound of a PlayStation 1 coming from the powerful speakers of a big CRT TV.

    In this entry I want to explore this classic OS from the perspective of security. This could be very short by saying, “There is no way to truly secure it.” Nevertheless I’ll try my best.

    (more…)
  • SD Password Functionality and Transcend RDF5


    Did you ever find an Symbian based Nokia phone containing an SD in your drawer after many years? Now you want to see if there are any worthwhile photos on there. Where is the charger with the tiny coaxial power connector again? Do you still have it? Nevermind. You will just take the SD card out and put it into a laptop. What’s that? No new drive shows up! Nothing happens. Just like “Magikarp used Splash!” in a Pokémon game. Did the old SD give up the ghost? Not necessarily. It might just be locked with a password by CMD-42

    (more…)
  • SD Card Write Lock [Linux Laptop] [Android Tablet]

    SD cards are really versatile and powerful storage media. Unfortunately much of their interesting functionality is more or less unused. You will have quite some fun reading the easily available PDF file “SD Specifications Part 1 Physical Layer Simplified Specification” (currently version 9.10 with >400 pages).

    Two features are of great interest for me: write lock and password protection. This entry will be (again) about setting SDs to read-only.

    (more…)