Category / General

by Aaron

Valid Trust Anchor?

On the off chance someone understands this error and can help, I’m posting the wifi errors my Windows 7 Ultimate laptops started to encounter at work on wifi. My laptop is not part of the corporate domain (as it’s a personal laptop). Until very recently, everything worked without any trouble, and IT is not aware of any changes that they made that would explain these errors.

I’ve got Personal certificates installed in my user profile, and my employer’s Trusted Root Certification Authorities certificate is installed. Neither have expired.

The first symptom is that I now get prompted for credentials when connecting to the wifi access point:

Network Authentication

We discovered that just hitting OK here without providing any credentials was OK. It should have been automatically using the certificate I have installed.

After a few moments, this confusing dialog is displayed:

 image

“The credentials provided by the server could not be validated. We recommend that you terminate the connection and contact your administrator with the information provided in the details. You may still connect but doing so exposes you to the security risk by a possible rogue server.

The server XYZ presented a valid certificate issued by Company Name Certificate Authority but Company Name Certificate Authority is not configured as a valid trust anchor for this profile.”

Clicking the Connect button then seems to work. So for now, we agreed that it was OK – but, we have no idea what’s going on. If I learn more, I’ll post more details here. But in the meantime – if anyone else has an idea about this – I’d appreciate hearing about it! 

by Aaron

Restoring a machine from a Windows Home Server

I’ve been having a few issues at work with certificates and wifi. So, the other night I decided to do a fresh install of Windows 7 Ultimate onto my laptop. It’s not as easy as I’d like with my Sony Vaio, as there are drivers for Windows 7, but Sony doesn’t document the sequence that they should be installed in for maximum success (and let me tell you – it’s easy to mess up and have problems).

Fast forward several days later and I’m sitting at work again – still having troubles, even after having reinstalled everything! I brought in a second laptop and it too was having the problem. OK. It’s not my laptop. ARRRRGH!

After some significant time spent with a guy from our IT department, we decided to ignore some of the scary warnings that were being presented to me – and forge ahead and successfully connected to the 802.1x network configuration. (“No valid trust anchor for this profile?”)

I decided rather than continuing to restore all of the software, etc. that I had setup prior to doing the fresh installation of Windows 7, I’d use the restore feature of my Windows Home Server.

I downloaded the latest Restore CD from Microsoft and proceeded to follow the instructions. I was reading through some of the technical details of how it all works while waiting for the download and read that there was even a way to get drivers for the laptop if the default drivers available on the restore CD weren’t sufficient. Cool.

I booted from the Restore CD, followed a few steps and a dialog showed up that suggested that it couldn’t find drivers for my network card. OK. I know there’s a work around. I grabbed the files which are stored with the backup of my laptop, and copied them to a USB stick and tried the option to scan for the files. Nothing. Recopied. Nothing. Try different port. Nothing. What the heck??!? I won’t be able to use the backup if I can’t get the network connected.

I keep getting the error, “No Drivers were found for your hardware.” But, THEY ARE THERE! I SWEAR THEY ARE!

I grabbed the memory stick and stomped it into a million pieces.

OK, actually I decided to reformat the stick just to see if there was something odd about it.

I brought up the format dialog and it was suggesting I reformat the USB stick as exFat. Oh drat. That’s what it was formatted with. I reformatted the USB stick as FAT32, copied the files and now my restoration is off and running with an estimated 1 hour and 44 minutes to go over my gigabit network.

by Aaron

Gogo Inflight Internet

I just won a free usage on my next Gogo enabled flight (in-flight internet) by entering here:

http://upshot.gogoinflight.com/

You can also be awarded a 25% or 50% discount. You just pick which item will be the first to arrive, and a silly view-only game plays ……

 

(The dumb thing was that the thing wouldn’t take my wiredprairie.us e-mail address!)

by Aaron

A key management issue.

If this isn’t a head-slapping coding-moment I don’t know what is…

Encryption busted on NIST – certified Kingston, SanDisk and Verbatim USB flash drives

The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

I can’t imagine the security firm SySS’s reaction when they found this:

Analyst 1: “Ah Houston, we have a problem here. Dudes, this thing isn’t secure at all. It doesn’t even use my password for the encryption!”

Analyst 2: “Get the #$@!# out!! I’ve got 4 weeks scheduled to look at this thing. It’s day 2. No @$%!@# way.”

Analyst 1: “Seriously. It data is always encrypted with the same string.”

Analyst 2: “Cool, I get the next 4 weeks off.”