pskl.us

Apple’s UDID Hypocrisy

by on Sep.17, 2012, under Group News, Security

On the third of September, a hacker claiming affiliation with AntiSec made a post on pastebin.com describing an intricate attack against an FBI agent’s laptop.  The hacker claims to have dumped a database containing over twelve million unique device identifiers (UDIDs) of Apple iOS devices, along with personal information which could tie a user’s real-world identity to his or her device’s electronic serial number.  The hackers made just over one million of these UDIDs public, and analysis elsewhere has suggested that the data is that of actual Apple devices.  I wrote extensively about the use and abuse of the UDID in a paper which was released just under two years ago.

During the finger pointing phase which followed the leak, the FBI and Apple both denied that they were the sources of the data.  It was later discovered that the leak came from an application developer called Blue Toad, who uses UDID data extensively in their development work.

Thrust into the spotlight, Apple took this opportunity to remind the user community that they have been actively working to address UDID privacy concerns on the iOS platform.  Not only has Apple deprecated the use of the UDID since the release of iOS5 early in 2011, they have  recently started to reject App store submissions for applications which query the iOS UDID.

As it turns out, Apple is taking a “Do as I say, not as I do” approach with UDID security.  Apple continues to collect device’s UDIDs every time an advertisement banner is displayed in any application which uses Apple’s very own iAd banner advertisement system.

It’s quite easy to find an application which uses the iAd network.  For this demonstration (data collected 9.17.12) we’ll take a look at Qrafter, a QR code scanning application.

Notice the iAd watermark in the lower right corner of the banner ad.

The iAd banners are retrieved using SSL, which makes traffic analysis somewhat more difficult.  By using an appropriate MITM tool, such as Ettercap, Charles or MITM Proxy, it is possible to examine the plain-text contents of the otherwise encrypted conversation.

The iAd banner retrieved by the Qrafter application comes from a server named iadsdk.apple.com.  When the application requests the banner ad graphics, it also transmits the iOS device’s UDID to the remote host at apple.com.

Zooming in on the highlighted section reveals the UDID of the iPhone used in this demonstration.

Using the UDID Tool app, we can confirm that this is the UDID of our iOS device:

Apple’s move to keep UDID-aware applications out of the App store was billed as a system put in place to enhance the privacy of its loyal user base .  Considering the behavior of iAd, however, this policy change smells much more like an attempt by Apple to squeeze the competing advertisement networks out of its exclusive online marketplace.

Seeing as how they burned the unique device ID into the phone’s firmware in the first place, Apple clearly already knows the UDIDs of every devices it manufactures.  By logging this data during a banner ad fetch, however, Apple is building a database of which applications you use and where and when you use them.    By restricting the use of UDIDs by third parties, they’re giving the iAd system a clear “trackability” boost over their rivals.

Leave a Comment more...

Integrate your SafeConnect NAC with a Palo Alto Firewall

by on Jun.29, 2012, under Code, Tutorials

The following script allows you to export Username:IP Address pairings from your SafeConnect NAC appliance into your Palo Alto firewall.  This allows for super-fast identification of misbehaving clients and infected machines on your network.

Requirements:

  • A Palo Alto firewall and a SafeConnect NAC box (obviously)
  • MySQL database, configured to receive logging from your SafeConnect Appliance (SafeConnect support can help with the log export configuration on your appliance)
  • A Linux box to run this script.   I suggest using the same box as your MySQL DB, but that’s up to you.
  • Two windows servers.  If you’re an AD shop, just install these on any member server.

Setup:

1) Install the Palo Alto UserID Agent (download from the Palo Alto support site) on two member servers in your domain.  The account you provide to the agent needs permission to read the event logs on the Domain Controllers.  It must also have local administrator access to the box where it is installed.

2) Configure the Palo Alto UserID agent to accept incoming XML connections (Setup -> Edit -> Agent Service)

3) Configure the Access Control List of the PA User-ID Agent program to permit connections from your Linux box and your Palo Alto Firewalls. (Setup -> Access Control List -> Add).  Be sure to permit ports 5006/TCP and 5007/TCP through any applicable firewalls as well.

4) Configure your Palo Alto firewalls to communicate with the UserID Agents.  (From the WebUI, Device -> User Identification -> User-ID Agents).  The port number is 5007.

5) Install MySQL on your Linux box, and configure the SafeConnect appliance for MySQL export to your server.  (The MySQL setup is beyond the scope of this document).  SafeConnect support can assist you with the appliance-side configuration.  Create a MySQL user with permission to read the “clienthist” table from the Linux box where you’ll be running the script.

6) Install the PAN::API Perl Module on your Linux box.  On RHEL, you can drop it into /usr/lib/perl5/site_perl.  The module is available for download from https://live.paloaltonetworks.com/docs/DOC-1662

7) Copy the pa-uid-safeconnect.pl script to your Linux box:

#!/usr/bin/perl
#
# pa-uid-aruba.pl
# Revsion 0.2
#
# Collects username:IP pairings from your Impulse Point SafeConnect NAC box and and loads the data
# into the Palo Alto Firewall’s UserID agents.  The Palo Alto UserID agent runs on a Windows server;  you’ll
# need two UserID agent boxes to use this script as-written.
#
# Requires the PAN:API and DBI PERL modules.   You’ll also need to setup MySQL log export from your appliance
# to a MySQL database which is maintained on a separate server.  Ask your SafeConnect support rep for
# assistance in setting up the “BackupDB” export.
#
# This script was written for, and tested under, Red Hat Linux.
#
# NOTE:  The PAN::API module does not have proper error handling, and will die if an attempt is made to
# connect to a Palo Alto UserID agent box that is not responding.
#
# eric@pskl.us 06.27.12
#
#
# Configuration Section #################################

# Your Palo Alto User-ID Agent boxes:

$server1=”pa-uid-agent-1.pskl.us”;
$server2=”pa-uid-agent-2.pskl.us”;

# Your BackupDB MySQL host and user; the specified user needs read access to the “clienthist” table.

$mysql_server=”mysqlbox-14.pskl.us”;
$mysql_username=”MySQL_username”;
$mysql_password=”MySQL_password”;

# How often do you require users to re-authenticate to SafeConnect, in days?
$safeconnect_reauth_time=7;

# Maximum number of submissions to the PA UID Agent per session (100 seems to work well).
$XMLSize=100;

# Enable debugging (yes/no).  Generates a lot of output, use with caution.

$debug=”yes”;

#### End of Configuration Section ####

use DBI();
use PAN::API;

# Create PAN::API Objects

$pa_uid_agent_1=PAN::API::UID->new($server1);
$pa_uid_agent_2=PAN::API::UID->new($server2);

# Connection to your SafeConnect BackupDB instance

my $dbobject = DBI->connect(“DBI:mysql:database=backupDB;host=$mysql_server”,
$mysql_username, $mysql_password, {‘RaiseError’ => 1});

# MySQL query string.  Pulls the last $safeconnect_reauth_time days of data.

$query=<<EOF;
SELECT transDate,currentIpAddress,principal from clienthist where
DATE_SUB(CURDATE(), INTERVAL $safeconnect_reauth_time DAY) <= transDate order by transDate asc;
EOF

my $queryobject = $dbobject->prepare($query);

$queryobject->execute();

while (@row = $queryobject->fetchrow_array()) {

# Only process those entries with a username present..

if ( $row[2] ) {
($username, $groups)=split(“,”, $row[2]);
$ipdb{$row[1]}=$username;
if ( $debug eq “yes” ) {
print “Found pairing:  $row[0] $row[1] –> $username \n”;
};
};
};

# Close the connection to the BackupDB

$queryobject->finish();

$dbobject->disconnect();

# Process collected data

foreach $ip ( keys %ipdb ) {

if ( $ipdb{$ip} eq “null” ) {

# ignore “null” entries – indicates user has policy key installed but has
# not logged in through the web interface

} else {

if ( $debug eq “yes” ) {
print “Processing $ip –> $ipdb{$ip}\n”;
};

# Create the XML entries for this IP:Username pair
$pa_uid_agent_1->add(‘login’,$ipdb{$ip},$ip);
$pa_uid_agent_2->add(‘login’,$ipdb{$ip},$ip);
$count++;

if ( $count eq $XMLSize ) {
# Submit data to the agent in batches of $XMLSize
$count=0;

if ( $debug eq “yes” ) {
print “>> Submitting batch to $server1\n”;
};

$pa_uid_agent_1->submit();

if ( $debug eq “yes” ) {
print “>> Submitting batch to $server2\n”;
};

$pa_uid_agent_2->submit();

};
};
};

# Submit any remaining entries

if ( $debug eq “yes” ) {
print “>> Submitting final batch to $server1\n”;
};

$pa_uid_agent_1->submit();

if ( $debug eq “yes” ) {
print “>> Submitting final batch to $server2\n”;
};

$pa_uid_agent_2->submit();

# Done

8) Run the script.  If everything is configured properly, you’ll see username:IP pairings being retrieved from your database and transmitted to the Palo Alto UserID agent boxes:

Found pairing:  2012-06-29 09:18:24 18.42.124.194 –> jdoe01
Found pairing:  2012-06-29 09:18:26 18.42.124.194 –> jdoe01
Found pairing:  2012-06-29 09:19:18 18.42.97.119 –> jdoe02
Found pairing:  2012-06-29 09:19:19 18.42.97.119 –> jdoe02
Found pairing:  2012-06-29 09:19:24 18.42.97.119 –> jdoe07
Found pairing:  2012-06-29 09:20:09 18.42.124.239 –> jdoe02
Found pairing:  2012-06-29 09:20:10 18.42.124.239 –> jdoe07
Found pairing:  2012-06-29 09:20:19 18.42.201.219 –> jdoe31
>> Submitting batch to pa-uid-agent-1.pskl.us
>> Submitting batch to pa-uid-agent-2.pskl.us

9) Check the Palo Alto UserID agent’s GUI.  Under the “Monitoring” tab, you’ll see the new entries appear.

10) Configure your Linux box to run the pa-uid-safeconnect.pl script periodically.  Once every four hours seems about right for an environment where users must re-authenticate once every seven days.  Adjust accordingly.

11) WIN!  Your Palo Alto firewall will now tag any applicable log entries with the corresponding username.

I hope this has been helpful.  Please leave any questions or comments in the forum below.

 

2 Comments more...

Integrate your Aruba Wireless User Data with your Palo Alto Firewall

by on Jun.27, 2012, under Code, Tutorials

The following script allows you to export Username:IP Address pairings from your Aruba Wireless Controller into your Palo Alto firewall.  This allows for super-fast identification of misbehaving clients and infected machines on your network.

Requirements:

  • A Palo Alto firewall and an Aruba Wireless controller (obviously)
  • A Linux box to run this script.
  • Two windows servers.  If you’re an AD shop, just install these on any member server.

Setup:

1) Install the Palo Alto UserID Agent (download from the Palo Alto support site) on two member servers in your domain. The account you provide to the agent needs permission to read the event logs on the Domain Controllers. It must also have local administrator access to the box where it is installed.

2) Configure the Palo Alto UserID agent to accept incoming XML connections (Setup -> Edit -> Agent Service)

3) Configure the Access Control List of the PA User-ID Agent program to permit connections from your Linux box and your Palo Alto Firewalls. (Setup -> Access Control List -> Add). Be sure to permit ports 5006/TCP and 5007/TCP through any applicable firewalls as well.

4) Configure your Palo Alto firewalls to communicate with the UserID Agents. (From the WebUI, Device -> User Identification -> User-ID Agents). The port number is 5007.


5) Install the PAN::API Perl Module on your Linux box. On RHEL, you can drop it into /usr/lib/perl5/site_perl. The module is available for download from https://live.paloaltonetworks.com/docs/DOC-1662

6)  Copy the pa-uid-aruba.pl script to your Linux box:

#!/usr/bin/perl
#
# pa-uid-aruba.pl
# Rev 0.1
#
# Rev 0.2 – 7/2/12 – Removed double-backslash from posted usernames
#
# Collects username:IP pairings from your Aruba wireless controller(s) and loads the data
# into the Palo Alto Firewall’s UserID agents.
#
# Requires the PAN:API PERL module and the snmpwalk binaries.
#
# NOTE:  The PAN::API module does not have proper error handling, and will die if an attempt is made to
# connect to a Palo Alto UserID agent box that is not responding.
#
# This script uses plain-text SNMP to extract data from your Aruba controller.  Be sure to
# use a secure, dedicated link between your management box and your controllers for this application.
#
# eric@pskl.us 06.27.12
#
#
# Configuration Section #################################

# Aruba boxes
@ArubaControllers=(“aruba-master”, “aruba-local”);

# Credentials
$ArubaCommunity=”indiapaleale”;

# Palo Alto Agents.

$PA_UID_Agent_1=”auth-1.bucknell.edu”;
$PA_UID_Agent_2=”auth-2.bucknell.edu”;

# Maximum number of submissions per session (100 seems to work well).
$XMLSize=100;

# Uncomment this line if you want debugging output.
$debug=yes;

# End of Configuration Section ###########################

use PAN::API;

foreach $switch ( @ArubaControllers ) {

@ArubaUsers=`/usr/bin/snmpwalk -v 2c -c $ArubaCommunity $switch 1.3.6.1.4.1.14823.2.2.1.4.1.2.1.3`;

foreach $line ( @ArubaUsers ) {

if ( $line=~/\.(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) = STRING: “(.+)”/ ) {
$users{$1}=$2;
if ( $debug ) { print “From Aruba controller $switch:  $1 >> $2\n” };
$ArubaCount++;
};
};

};

if ( $debug ) { print “Found $ArubaCount IP:Username pairings.\n” };

$auth1=PAN::API::UID->new($PA_UID_Agent_1);
$auth2=PAN::API::UID->new($PA_UID_Agent_2);

foreach $ip ( keys %users ) {

$users{$ip}=~s/\\\\/\\/g;
$auth1->add(‘login’,”$users{$ip}”,”$ip”);
$auth2->add(‘login’,”$users{$ip}”,”$ip”);

$count++;

if ( $count eq $XMLSize ) {
$count=0;

if ( $debug ) {
print “Submitting $XMLSize entries to the PA-UID Agent boxes\n”; };

$auth1->submit();
$auth2->submit();
};

};

if ( $debug ) {
print “Submitting the balance of the entries to the PA-UID Agent boxes\n”; };

$auth1->submit();
$auth2->submit();

# Fin

8) Run the script.  If everything is configured properly, you’ll see username:IP pairings being retrieved from your database and transmitted to the Palo Alto UserID agent boxes:

From Aruba controller aruba1:  10.6.123.212 >> archer
From Aruba controller aruba1:  10.6.101.12 >> lana

From Aruba controller aruba1:  10.6.122.47 >> carol
From Aruba controller aruba1:  10.6.122.47 >> cheryl
From Aruba controller aruba1:  10.6.122.61 >> cyril
From Aruba controller aruba1:  10.6.116.131 >> seamus
Found 548 IP:Username pairings.
Submitting 100 entries to the PA-UID Agent boxes
Submitting 100 entries to the PA-UID Agent boxes
Submitting 100 entries to the PA-UID Agent boxes
Submitting 100 entries to the PA-UID Agent boxes
Submitting 100 entries to the PA-UID Agent boxes
Submitting the balance of the entries to the PA-UID Agent boxes

9) Check the Palo Alto UserID agent’s GUI.  Under the “Monitoring” tab, you’ll see the new entries appear.

10) Configure your Linux box to run the pa-uid-aruba.pl script periodically.  Once every 30-60 minutes works well.

11) WIN!  Your Palo Alto firewall will now tag any applicable log entries with the corresponding username.

I hope this has been helpful.  Please leave any questions or comments in the forum below.

3 Comments more...

We got a takedown notice from LifeShield for our positive review

by on May.10, 2012, under Group News, Security, Whining

Yes, you read the headline correctly.

Our 95% glowing review of the LifeShield products and services earned me a DMCA takedown notice from a “Digital Content Protection” company on behalf of LifeShield. You’re saying “OK, that sure sounds dumb, but what are the grounds for a takedown notice in the first place?” I had the same question.
The content of the notice was:

It has come to our attention that your website or website hosted by your company contains links to LifeShield, Inc website (www.lifeshield.com) which results in financial losses by the company we represent, because of search engine penalties.

I request you to remove from following website (pskl.us)
all links to www.lifeshield.com website as soon as possible.
In order to find the links please do the following:
1) If this is an online website directory, use directory’s search system to find “LifeShield” links.
2) If there are hidden links in the source code of website, open website’s main page and view its source code. Search for “lifeshield.com” in the source code and you will see hidden links.

I have a good faith belief that use of the material in the manner complained of is not authorized by LifeShield, Inc, its agents, or the law. Therefore, this letter is an official notification to effect removal of the detected infringement listed in this letter.

I further declare under penalty of perjury that I am authorized to act on behalf of copyright holder and that the information in this letter is accurate.

Please, inform me within 48 hours of the results of your actions. Otherwise we will be forced to contact your ISP.
LifeShield, Inc will be perusing legal action if the webmaster does not remove the referenced link within 48 hours.
LifeShield, Inc will be forced to include the hosting company in the suite for trademark infringement.

Makes perfect sense, right? Trademark infringement. Because of links. As part of a review.

As you would assume, I was furious. I forwarded the email to a sales manager at LifeShield and then called them and left a message. I got a call back later that night from the sales manager. She apologized and said I didn’t have to remove the links. I said I was pretty annoyed at being threatened with a BS takedown notice and a simple apology wasn’t going to cut it. I wanted to know that this isn’t how they do business.

I got an email from her later that night:

I didn’t want to call you because it is so late, but I wanted to go ahead and contact you about this. I did hear back from my manager via email and she said that they are contacting the gentleman who sent the email, and they will have this taken care of immediately. There will be no further action that you have to take and you will not receive any more emails like this. I apologize about this and if you have any questions please feel free to contact me.

I got another email from upper management:

I am the svp interactive for lifeshield.com.  Please ignore the dmca email you received.  We hired them to protect our trademark and your site was accidentally included in our list of sites.  I just sent them a note to take you off their list.  Please keep our links on your site.  We apologize for the inconvenience.

I was no longer really worried about the “inconvenience” so much as I was worried that I was supporting and endorsing a company with unethical business practices. I replied with this:

While I appreciate the apology, I have a bigger question: are you OK with how this guy is going about “protecting your trademark?”
Telling people you are going to sue them (and their ISP) if they don’t remove LINKS to your website is unethical at best and quite possibly fraudulent use of the DMCA. Did you read the email he sent me? Here are a few of my favorite parts:

It has come to our attention that your website or website hosted by your company contains links to LifeShield, Inc website (www.lifeshield.com) which results in financial losses by the company we represent, because of search engine penalties.

I’m sure this isn’t news to you, but this is 100% BS. You can’t claim losses via poor SEO and leverage a law suit against somebody else to fix it.

I have a good faith belief that use of the material in the manner complained of is not authorized by LifeShield, Inc, its agents, or the law. Therefore, this letter is an official notification to effect removal of the detected infringement listed in this letter.

Once again, I’m sure you know that permission is not needed to provide links to a publicly-available website. This guy identified himself as the head of “anti-piracy.” He is basically equating a link to intellectual property. This is fallacious on so many levels, I don’t even know where to begin.

Please, inform me within 48 hours of the results of your actions. Otherwise we will be forced to contact your ISP.
LifeShield, Inc will be perusing legal action if the webmaster does not remove the referenced link within 48 hours.
LifeShield, Inc will be forced to include the hosting company in the suite for trademark infringement.

Finally, the threat. Remove the links or we’ll sue you and your hosting company. For trademark infringement. You’ve got to be kidding me.

This is not how you protect a trademark, Evan, this is how you ruin it. Am I to understand that the people intended to be on your “list” (bad reviews?) are also getting letters like this? Have you heard of the Streisand Effect?
Now, if there are people out there legitimately infringing on your trademark, by all means, pursue them and shut them down… but do it with legitimate DMCA takedowns, not this thug-style intimidation BS. We all know how these work: people will do as you ask because it isn’t worth the trouble (or possible legal fees) to put up a fight, even though they know you have ZERO legal ground to stand on.

Please tell me you are straightening this out with the IP protection company (or cutting off your business relationship with them). I’m willing to accept the explanation that you hired this company thinking they were above-board and you didn’t know they’d be up to these shenanigans, but now you DO know. This isn’t how you want to handle your business on the Internet. I can tell you I don’t want to be involved with or endorse a business that does so.

Sums up my feelings well, I think. They were not impressed with my righteous indignation, however, and replied thusly:

I appreciate your feedback.  However, we had a site cloak lifeshield and generate over 700K back links to our site without our knowledge.  Google stepped in and slapped us with a search ranking penalty to which our business has suffered major losses.  Understood that the links on your site to LifeShield.com may be legitimate (and we rectified this) but we needed to be aggressive to rectify the situation and protect our business.  We are a legitimate home security brand with hundreds of employees and had to layoff great employees due to this and our business is still down significantly. Again, I apologize for the inconvenience; however, as a business owner yourself, you can imagine our loss.

So I said:

So you’re saying that somebody went out and bought 700K back links for you, knowing that it would get you penalized by Google? So does that mean you had (Company name) send out 700K DMCA notices? Talk about throwing good money after bad. Report the linkspam to the spam team at Google, then spend that money on an SEO expert rather than on trying to bully people with intimidation.

I understand that it sucks when people mess with your business, but it doesn’t excuse slimy tactics by you. If your house catches on fire, you don’t put it out with manure. How many other innocent people got your pit bull’s strong-arm, unethical (borderline fraudulent) DMCA takedown notice? Do you care? Or are you just scorching earth?

I want to be on your side, but you are making it difficult by standing behind a practice that represents all that is wrong with the internet. I really, really believe you should rethink this methodology.

No response. 2 days later, I got ANOTHER takedown notice, identical to the first one. I informed LifeShield:

I received another takedown notice this morning from the brilliant minds of (Name of company), identical to the last.

If you’d like to call him off, I’d like to be CC:’ed on the emails for my records, and I’d like to receive an email from him stating that he will not be taking legal action against me or my hosting service.

I got no response from LifeShield, but I got this from the genius at the IP protection company:

I have received a complaint from our customer LifeShield.com about you not satisfying our business practice.

While I have some objections I must accept that you are right and would like to apologize for any inconveniences caused.

As a  justification of our good intentions I’d like you to realize that we’ve been put on a very tight deadline and had to remove over 5 thousands links within 10-14 days and we had no ability to check the quality and the nature of those links. Our client hired an SEO expert requiring to remove links in the list before they go ahead and submit a reconsideration request with Google.

As a result we’ve got it done in that way. Again I do apologize and would like you to reconsider your opinion about us and our client.

Please let me know if you have any questions, I’d be happy to explain.

P.S. We are like the police dealing mostly with online criminals and sometimes we forget that there are a lot of good people around, honestly doing their online business.

Yes, everybody, have some sympathy for these heroes, these “internet police.” Brilliant. I like that he admitted that I’m right, though. My response:

My problem with your business practice is very simple:

A party creating large quantities of backlinks to a site in order to generate SEO (or, in this case, destroy SEO) is unethical.

It is not illegal.

Threatening legal action against this party (and making the spurious claim of “trademark infringement”) for doing so is even more unethical (since you are supposed to be the good guys) and short-sighted, in my opinion.

Any “SEO Expert” who recommends this course of action is just as misguided and, in my opinion, not very good at their job.

His response to this was very telling, I think:

I got your idea. All this “link removal” thing is quite new to us. It is our second order of this kind, but we have already processed more them 30k links. And what we find is that people not react when we kindly ask them to remove the links. We tried to contact huge amount of website and ask them to get rid of those links, but didn’t get any response at all. And on the opposite email which you got from us first time worked really good. :) I felt like this is not the right thing to do, but you know we had to finish our business. However, I apologize once again for any inconvenience we caused. And in case you will ever need any Intellectual Property protection service just shoot me an email. I’ll give you a discount for our services.

So they knew it was “not the right thing to do,” but it worked, so who cares! Those are some high-quality business practices.

While all this was going on, I had one other little issue with LifeShield. They weren’t paying me for referrals I had earned. When I originally wrote my reviews of the LifeShield products and services (March, 2010), they had a referral system in place. If I got 5 referrals, I’d get free security system monitoring for life. They provided a link to give to possible customers. I used it all over my reviews. I personally knew 3 parties that had purchased systems via my referral link, but I figured there were more that I didn’t know about (based on the amount of traffic my post was getting and the comments/questions I received). I called them up one day and asked what the status was of my referrals to see if I had earned my free monitoring yet.

They said I had zero referrals. Zero. I asked to speak to a manager immediately, and the manager basically told me that the referral system wasn’t working. Thanks so much for telling us, folks. I told them I was pretty upset about that and I felt confident that I had provided them with 5 customers and I’d like my free monitoring. She spoke with management and got back to me quickly to tell me that they agreed. They gave me the free monitoring for life. Great, right? At that point, the referral system became useless to me so I removed the links and just left the review stand. I updated it from time to time and answered any questions people posted as comments or emailed to me. I was grateful for a product I really like and for the free monitoring.

Fast forward to late 2011: they launched a new referral system that offered $150 per referral for new customers! Great deal, especially since the referred party also would get a free network camera. After verifying that I could take part (since I had used the previous referral program), I signed up immediately and added the new referral links and info to my reviews. I also updated the review to reflect some of the changes they had made to their service (such as requiring a contract). They would email me when people used my referral link so that I could send a personalized link to the new customer to help make sure the referral was recorded properly. I didn’t understand why this was necessary, but I did it anyway. Every time.

I noticed that the referral tracking system was (once again) showing that I had not earned any referrals. I had email and phone conversations with sales reps and sales managers over and over, checking to make sure that I was, in fact, getting credit for my referrals. They assured me that I was. “The system only updates once a month,” they told me. A month later, still nothing. “I’ll make sure they get put in immediately,” they’d tell me. Still nothing. Around this time is when the first DMCA takedown notice shows up. Nice timing, eh?

At this point, I had $1350 worth of referrals that I could document (and that LifeShield had confirmed…who knows if there were more, perhaps?). I was told at one point:

I just heard back and was told that all the credits should be processed by the end of the day today. If there is any change in that I will let you know.

And that was the very last email I ever received from LifeShield. As you would probably assume, I never received my referral payout. Combine this with the shady DMCA takedowns and you have a very unhappy blogger. The sad part is that I still love the products and service. That’s the only reason I left the reviews up. I emailed LifeShield to let them know I was removing all my referral links (and why) and that I’d be eventually writing a blog post (like this one) explaining the whole ordeal. I’d like to let customers read my review and also read this description of their business practices and then make up their own minds as to whether or not they’d like to do business with LifeShield. If you think I’m being a whiny turd about all this and the product sounds great: go ahead and buy it. If you think the product sounds great but you don’t like the way they work: move on to the competition. Regardless, let me know what you think in the comments below.

Oh, one last thing. The “SVP Interactive” of LifeShield inexplicably cc’ed me on a recent email to the IP protection company with a new list of sites to harrass over “trademark infringement.” That doggone “reply to all” button will get you every time, eh? Seriously, learn how to internet.

29 Comments :, , , , , more...

Dual Booting Windows 7 w/Bitlocker and BackTrack Linux 5. (You SAID WHAT?)

by on Apr.05, 2012, under Security, Tutorials, Whining

Recently, due to laptop thefts at work and the risk of Personally Identifiable Information (PII) loss, I had to make the difficult choice to start a project to force encrypt our user laptops.  So, due to “what do we already own?” , I chose Microsoft Bitlocker for the Windows 7 computers, and FileVault for the Macintosh OSX 10.7 computers.

That seems fine, however, one “snag”…   I use a dual boot Backtrack 5 and Windows 7 machines DAILY at work.  So, being the guy who lives by the rule “Don’t give an order that you’re not willing to follow yourself” kind of guy, I had to figure out how to encrypt my windows side and still boot Backtrack 5.

I got it to work.  I was painful.

take a second to re-read that.  yes, it works, and yes, it caused me pain to make it work.

So, here are the steps I used to make this work:

Step 1: Wipe the drive.  (you should have backed it up if you needed to save something…  I shouldn’t have to tell you that.)

Step 2: Create a partition for the Win7 to be housed.  Make it the first partition.  Leave unallocated space for BackTrack.  (I left 30 gigs for backtrack…  you probably want more, I have a lot of scripts that always put captured data on something external that I mount and encrypt with Truecrypt…)

Step 3: Install Windows7 (or dump your standard image) to that partition.  Mine created a 100MB boot thing before the windows 7 partition, let it do whatever it wants to do, except use that unallocated space you already saved for Backtrack.

Step 4: Boot Windows 7 and test.   Make sure Windows 7 works first! (Well, functions as well as one could expect for Windows)

Step 5: In Windows, run this command from a command prompt: “%windir%\System32\BdeHdCfg.exe” -target default  (this command preps the drive for Bitlocker.)

Step 6: Encrypt the drive via Bitlocker with your pin.  (record the recovery key.  this is the single more important long string of numbers you’ll ever deal with in Windows. Preserve it, protect it.  This key is your life, young padawan…)

Step 7: When it’s done, Boot Windows 7 and test.   Make sure Windows 7 still works!  (Well, functions as well as one could expect for Windows)

Step 8: Pause Bitlocker.   I turned it off.  (this seems to make no sense, but I had a problem testing this that if I tried to encrypt the drive after installing Linux, forget it, it died.)

Step 9: Boot Backtrack 5 DVD/USB key.

Step 10: Install backtrack 5 to that new unallocated partition.   I configured /dev/sda3 as my /boot partition and /dev/sda5 as my root and /dev/sda6 as my swap.  /dev/sda1 was the windows 7 boot partition and /dev/sda2 was my windows 7 system partition)

Step 11: make sure when you install grub, you install it to /dev/sda3.   DO NOT PUT IT IN THE MBR or /dev/sda or /dev/sda1.  If you do, you just screwed yourself.

Step 12: This will only boot to Windows 7 still.   Grab BCDEDIT for windows, and add a boot option to boot linux on /dev/sda3.

Step 13:  Boot Windows 7 and test.   Make sure Windows 7 still works! (Well, functions as well as one could expect for Windows)

Step 14: Boot Backtrack 5 from the windows boot menu.  it should shell to grub, boot it.  Make sure Backtrack 5 works.

Step 15: Boot Windows 7 and turn Bitlocker back on.   (record the recovery key.  this is the single more important long string of numbers you’ll ever deal with in Windows. Preserve it, protect it.  This key is your life, young padawan…)

Step 16: It should present you the windows 7 boot menu, where option 1 is Windows 7 and option 2 is Backtrack Linux then it should now prompt you for your Bitlocker pin.

I can’t stress two things: #1) this took me weeks of wiping the drive to figure this out.  Don’t be shocked if you have to tweek the steps for your specific situation.  #2) that recovery key is the most important thing in this process…

a few notes: (things that make you go Hmmmm…)
1) It asks you to pick which OS first, then prompts you to enter your Bitlocker pin…   You can’t boot linux unless you unlock bitlocker first.  Not sure why, but I’ll call it an “added feature!”  Remember, the linux side is NOT ENCRYPTED!   That means don’t be an *idiot* what you store there, assume it’s accessible if someone takes your laptop.
2) After you update-grub, plan on having your recovery password around for Bitlocker…  it always keeps asking me for it after I update grub, even though it’s installed to the /boot partition. (/dev/sda3 in my case)  Don’t leave your recovery key in your laptop bag, because that defeats the purpose of encrypting it, duh. I can’t stress that enough. The whole “point” is to protect the windows side in case anyone takes your laptop from getting any useful info off it….  Don’t forget the goal while you’re having so much fun messing with this nightmare.

–Bill (General Major Webelo Captain Zapp Brannigan)

3 Comments :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!