Update 2008-03-16: Today I finally had time to test out pre-boot authentication. It simply worked great. No problems at all. As I was using it on a notebook, I was very happy about the possibility to interrupt and resume the encryption process.

[tags]encryption, windows, truecrypt[/tags]

I am going to look into this next week, as I need my notebook on Saturday (just in case anything goes wrong).

Update 2007-02-08: As my first commenter below points out, it seems hibernation is disabled by TrueCrypt while having your system partition encrypted. I don’t really understand why at the moment, but I will investigate further. For me this is a primary show-stopper, as this was the long-awaited functionality I was waiting for.

Nitpickers Corner¹: Of course I am aware why encryption and hibernation in general are no-goes together, but I don’t understand why this is an issue when full-system encryption is enabled.

Update 2007-02-08 (again): Ok, in this TrueCrypt forum thread they explain why they cannot support it at the moment: Windows treats the hibernation file differently, it seems to bypass the TrueCrypt driver and therefore would still write keys to disk without encryption. Ok, still get to wait for my dream feature then, but I still refuse to buy PGP Thanks to the developers for their great work anyhow!

¹ a tribute to Raymond Chen

[tags]security, encryption, truecrypt, windows, linux, osx[/tags]

The worm has grown to a real epidemic by continuously adapting, changing its code, the code signature, etc. It has infected this huge number of computers because the resulting bot-net is hardly ever used, it keeps in a dormant stealth mode. Most users are not aware they are infected with the worm because it tries to avoid detection by not using to much ressources and therefore hardly attracts attention by system administrators. Bruce Schneier points out that maybe we should be worried about what’s coming in “Phase II”, once the gigantic bot-net is brought into action.

To avoid detection, the worm and the bot-net operators apply several advanced load-balancing and stealth techniques, namely a DNS technique called “fast flux” which very effectively blurs the traces to the real operators.

As I said, it is very interesting read. I recommend you also follow several of the outbound links.

TextRenderer.MeasureText() with ModifyString and EndEllipses will modify your string to match the ellipsed text if ellipsing happens. You can look at this VB# example on codeproject using TextRenderer.MeasureText() for trimming text on how it is used.

The string seems to be modified directly in native code by DrawTextEx from user32.dll. Additionally to the scary fact that strings are not immutable, the length of the string is not updated, regardless if the resulting string is shorter!

For instance if you have a string “aaaaaaa” which will be truncated to “aa...“, the Length property will still return 7 for the shortened string. The debugger shows that the string will in fact be “aa…\0a” after the operation. So maybe it might be right that the string is still 7 characters long but most outputting functionality like Console.Out.WriteLine() gets confused sometimes and stops any further output to the debugger or console under certain conditions.

A very quick investigation of the System.Drawing assembly using Lutz Roeder’s fabulous .NET Reflector showed that at least there should be no memory corruption in case “WW” would get ellipsed to “W...“, as DrawTextEx takes the length of the buffer and should result only in “W.“.

Summing up, I find the corruption of an immutable string by an official Microsoft API very troubling.

As the easiest workaround, you should perform the following steps:

• Once you get notified about the update and you are asked if you want to install it, say “No”.
• Close the Mozilla application in question.
• Search for the application in your “Start” menu.
• Right-click the entry and choose “Run as Administrator…”
• Choose “Check for Updates…” in the “Help” menu
• Confirm you want to install the update and walk through the update process.

The installation will now work. For security reasons you should close the application once installation is finished, because it will still be running with elevated privileges. Now start the application again normally.

The same principle works for any application that is not Vista-aware and fails on automatic update. For security reasons make sure you keep the time you run with elevated privileges as short as possible.

I though faced one problem: I could not get phpMyAdmin working and this was a requirement of one of my clients. phpMyAdmin kept popping up the authentication dialog over and over again when using HTTP Basic Authentication.

After searching some time, I noticed that, when using PHP in CGI mode, the authentication data is not passed over to the script by default. A FAQ entry of phpMyAdmin brought the solution to this issue: a ReWrite Rule was needed for the directory containing phpMyAdmin:

RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Suddenly phpMyAdmin worked


RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]