Remotely BitLocking

In a corporate IT environment is very common to use the BitLocker Drive Encryption technology to prevent data from being read in case of a stolen drive.

Remember that, if a unencrypted drive is stolen from a machine and connected to a foreign computer, most likely the attacker can get access to all the content of the drive regardless the fact that users logged with secure password.

The BDE techology encrypt the disk so it must first be decoded when connected to another machine before being able to read data from it.
Another feature of BDE is that you can lock it with a PIN that is asked to the user before Windows loads, so it acts as a sort of two-factor authentication. Strictly speaking, the two factors should not be two different things the user knows – in this case they are both passwords – but this is an additional security layer several companies like to add.

For IT Professionals it is a useful feature to be able to reset or change the PIN remotely.
Commonly it is thought that this must be done using a remote screen control, or some kind of remote execution tool, but in reality the BDE suite comes with a full set of command-line interfaces that have built-in remote capabilities.

In this specific case, changing the PIN remotely is simply as the following example:

C:\WINDOWS\system32>manage-bde -changepin c: -computername hostname

Where:

  • manage-bde -changepin
    is the main tool to command BDE, you can learn more at Manage-bde.exe Parameter Reference
  • c:
    is the drive letter you want to manage BDE of
  • -computername hostname
    the parameter indicating you want to operate on a remote machine which name is hostname

Result of this command will be

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.

Computer Name: hostname

Type the new PIN: ******
Confirm the new PIN by typing it again:******

where you need to enter and re-enter the new PIN for confirmation and finally

Your PIN has been successfully updated.

It is worth noting, even if this is quite obvious,  that this command must be entered by an elevated command prompt where you have administrative permission to the remote machine.

Advertisements

Updating Windows 7

In the past few months I faced a serious issue with brand new installation of Windows 7.
From a previously perfectly-working installation image, I kept ending up with a seemingly broken installation in the sense that Windows Update apparently wasn’t working properly.

WU appeared to be continuously looking for updates never stopping and starting the actual downloading and installation. Even after leaving it work for hours at a time, it was impossibile to obtain or install any update. Continue reading “Updating Windows 7”

Stick on top

For several of my web projects I align myself to one of the common non-written rules of web design: make the top bar a menu bar and keep it on top of the browser screen even when you scroll.

I did so for my personal website lucamauri.com and I recently replicated it with my new project passafrase.it, so I thought about writing a quick post to summarize how to achieve so. Continue reading “Stick on top”

Too many words

I recently started a new project on GitHub: a library and a set of Windows, command line and web application to easily generate pass-phrases using Italian language dictionary.

I created the project in Visual Studio Community 2015 and created the online repository with the integrated extension: everything seemed normal except for one small detail.

LanguagesKO

The language details is the colored bar with details about the programming language used in the project: it was all wrong!
It showed programming languages I did not even know they existed, let alone used!

As GitHub uses an automatic system to determine the language used in a project, I started to think what could have fooled it into thinking my project was created with such exotic languages.
The easier answer to this question was the data contained into the italian dictionaries: a long list of common and uncommon italian words needed to generate random pass-phrases.

There is a simple method to override the automatic selection by let GitHub know what files needs to be ignored because imported from other libraries or because they are part of the Linguist documentation files.
So I edited the .gitattrtibutes file by adding:

$ cat .gitattributes
PassaFraseCore/Dizionario/* linguist-documentation

So instructing GitHub to identify all the files in the subfolder PassaFraseCore/Dizionario as  Linguist
And the result was much better!

LanguagesOK

What’s your number?

I assume I do not need to present here the music streaming service Spotify.
Though very costly is the latest and greatest service to listen music unlimited in regards to time and devices.

Spotify is also a very social application that easy allow users to show and whatc what their freinds are listening to.
Freinds are determined using relations on Facebook, but not all the users decide to link Spotify and Facebook accounts, so sometimes you might have a hard time finding your friends.

One easy way to add a riend not connected via Facebook is to use the direct link in the form

spotify:user:UserID

Where UserID is the numerical identifier of any user. It is very easy to find this number, but it appears three is some confusion on how to find it: this is a very easy guide on how to look for it.

playlistFirst of all open the desktop client and pick any of your playlist: below the playlist title you’ll find your display name. It is an hyperlink, just click it.

userNext page is your own homepage and it contains all of your information including the ID: click on the ellipsis button below your name and choose “Copy Spotify URI”.

That string is the direct link to your user: you can give it to a friend that can go directly to your page by pasting it in the Spotify Client Search field.

Command a Ghost

Everyone working with graphics in a serious way with a computer should be acquainted with Ghostscritpt. For those who are not, it is a an interpreter suite for PostScript and Portable Document Format: I will not cover it in depth here, but you can learn more at the related Wikipedia article or visiting the official website.
It is a very powerful and versatile tool and one could write books about, but in this post I will focus on one conversion I personally found very useful , but not particularly user-friendly.
So I am publishing this for my own exercise and with the hope of helping other users.

Take the following command:

gswin64c.exe -dNOPAUSE -dBATCH -r600 -sDEVICE=tiff24nc -sCompression=lzw -sOutputFile=scansioni%d.tif scansioni.pdf

comprised of several parts

  • gswin64c.exe
    the executable name: in this case is the 64-bit Windows one.
    You should replace it with the program file appropriate for you OS and architecture
  • -dNOPAUSE
    instruct the parser not to pause and ask for input at the page breaks
  • -dBATCH
    GS will exit at the end of the process instead of entering in interactive loop reading PostScript commands.
    Please note that both -dNOPAUSE and -dBATCH can be replaced by the single -o
  • -r600
    output resolution in DPI. Writing just one value will set vertical and horizontal resolution the same, otherwise you can use the form -rXRESxYRES
  • -sDEVICE=tiff24nc
    the output device, in this case a TIFF file with color depth 24bits
    Other common values could be -sDEVICE=tiffgray or -sDEVICE=jpeg.
  • -sCompression=lzw
    the compression to use for the TIFF file, in this case the Lempel–Ziv–Welch algorithm
  • -sOutputFile=output%d.tif
    the filename of the output: the use of %d will generate one file for each page in the original document appending number to the name output
  • input.pdf
    the original PDF file to read from

this blog post act as a sort of cheat sheet for rapid reference, but complete information on how to use GS can be found at How to use Ghostscript and Details of Ghostscript output devices.

Look for your address

For the most part of the websites I am owner of, I normally use Visual Studio to code and test locally, then I publish them to the FTP folder provided from my hosting company.

When I first set that publish up I was asked for the obvious few information needed to complete the process: the FTP address, username and password for login and the publish folder (as it is normal fro the hosting company to use shared resources for low-cost hoisting, they normally use a common FTP with the customers isolated through the use of folders normally named after the domain name).
After starting the publish procedure, I was reminded by Visual Studio that my credentials were transmitted insecurely over the net in plain text.

Of course this rang a warning bell in my head, so I cancel the procedure and thought for a while.
I realized during the setup process I was not asked what authentication method I wanted to use: I normally use FTP Secure protocol when available and, if not available, I think twice about commit myself to a company who is not offering it.

I doubled checked the Visual Studio configuration and I was more than surprised not finding any options for this; a search on Google also proved to be inconclusive.
Then I tried the simplest solution of all that, not surprisingly, worked properly: simply add the ftps: scheme name at the beginning of the address to let Visual Studio to automatically switch to secure connection.

So, to make the long story short, simply replace the connection string that will look like

ftp.yoursite.com/yoursite.com

with

ftps://ftp.yoursite.com/yoursite.com

and Visual Studio will automatically use TLS encryption to connect.
At the first publish attempt, the digital certificate is shown so you can validate the authenticity of the site and you have the option to remember that certificate as valid for that moment on.

At the end of the day I was a little surprised this option was not clearly shown in Visual Studio as it could fool a programmer not familiar enough with security or simply too distracted to notice the lack of it with the standard settings.