Oct 17
2012

Creating a Windows 8 Bootable USB Drive For Installation

Posted on October 17, 2012 by DavidPSchaefer

Project:  Configure a USB drive to boot to the Windows 8 setup on a PC utilizing an ISO file with nothing but your wit, the help of your computer, and the wisdom of this article.

Time:  Give yourself 15 – 20 minutes depending on the location of the files, experience with systems, etc.  It may take longer if you need to download the files via a slower Internet connection.

What you will need:  Windows 8 iso (image file), a working Windows computer with an Internet connection to download the USB creation tool, administrator rights, and a 4GB USB drive.

Windows 8 offers a lot of fun and exciting things that make us want to explore such as better support for USB, Hyper-V (yes… included in Windows 8 Pro and not just the Server anymore), and the newly revised Task Manager.  However, to get there you either need to run a virtual machine or load a physical computer up with Windows 8 so you may explore.

I work at a college, and thus we have something called the Microsoft DreamSpark that gives our student access to most of Microsoft’s products prior to releasing it to the actual public.  The problem is when you download the file(s) from Microsoft they are normally in an ISO image format.  The ISO image is an archival file also known as a disk image of an optical disk.

While you can always create a DVD out of the iso disc to get your Windows 8 installation working, a better option is to create a bootable USB disk using the ISO as it’s faster, more stable than a disc that can scratch easily and easier to travel with.

Creating a USB bootable Windows 8 installation is what we are going to focus on in this blog through the following steps:

Step 1: Obtain a “Plain Jane” 4GB or bigger USB drive with no fancy security stuff or applications that allow you to run programs on them.

Note: that U3 and IronKey’s are not “Plane Jane” in my book… they contain security partitions that take up the first partition of the drive and don’t work good for creating bootable USB disks from.  “Plane Jane” therefore means that there is nothing on the drive and it can be formatted to one partition.

Tip: Some people actually recommended an 8GB drive, but the expanded installation DVD only takes up 3.47GB for the Windows 8 Professional x64 version (this file is larger than the 32 bit version).  Anything more than an 4GB drive is a waste, unless you plan on storing more files there.

Step 2: Download the iso file for Windows 8 Professional.  Students may do this by obtaining a Microsoft Dreamspark account and downloading it from there.
If you’re not a student you may have to download the Windows 8 Release Preview ISO images here: http://windows.microsoft.com/is-IS/windows-8/iso

I’m going to use the 64bit version in my example, but you may use the 32bit version – note the difference is mainly if your physical process will support the product or not.

Step 3: Download the “Windows 7 USB/DVD download tool” from the Microsoft Store here: http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Win7_usbdvd_dwnTool

Step 4: Insert your USB key into your computer.  I put this here for people like myself that get overly geeked and forget to do the “no brainer” thing and plug in the drive.  So don’t feel bad, I do silly things like this all the time.

Step 5: Run the “Windows 7 USB/DVD download tool”.   Ya, it works with 8… that’s strategic planning for ya!   ;)

Note: If you haven’t done so yet, you’ll be prompted to do an install of the tool prior to anything else.  The installation step is pretty simple.

Step 6:  After you launch the tool, you may be prompted by the User Account Control to run it (depending if you have this enabled or not).  From here you will need to select the iso file you’ve downloaded, do that and click “Next”:

Step 7: Select the “USB device” option:


Step 8: Very Important:  Select the proper USB device you want to install the Windows 8 on then click “Begin copying”.  Note: Selecting the wrong USB device and clicking “Erase USB Device” in the next step may cause you to lose data:

Step 9: If you’re like me, and had something on the drive already… then you will be prompted to “Erase USB Device”, this will erase the USB device.  Again, please note you want to ensure you don’t need what is on the drive before you continue.  Think before you click (verify you don’t need the data – like I did prior to writing this), and select “Erase USB Device” when you are ready to continue.

Select “Yes” to continue, only after you are sure you don’t need the data on the drive:


You should now see the “Windows 7 USB/DVD Download Tool” doing its job.  Note this part of the process will take some time as it is formatting your drive, and putting the files needed for the installation on it (it took me just under 10 minutes):


Step 10:  Close out your “Windows 7 USB/DVD Download Tool” window by clicking on the “x” in the upper right hand corner of the window:

Congratulations, you did it!  Now you can use the USB drive to install Windows 8 on your computer.

Note: You may have to go into your Unified Extensible Firmware Interface (UEFI) or Basic Input Output System (BIOS) on your computer to change the boot order of the device to allow you to boot to it from your newly created USB drive.

Posted in New Technologies, Windows 8 | Leave a comment
Aug 25
2012

Guild Wars 2 Servers are Down, and the answer to the Ultimate question of why hangs on one number… 42

Posted on August 25, 2012 by DavidPSchaefer

Hybrid picture of Guild Wars 2 error with the robot from Hitchiker's Guide to the GalaxyOK, so one of the greatest events I’ve been waiting several years for has just started… the release of Guild Wars 2 – a massively multiplayer online role-playing game.

However,  I can’t help but think I’m in stuck in the fantasy novel Hitchiker’s Guide to the Galaxy.

As an instructor and a full-time IT guy I was looking forward to the release of Guild Wars 2 due to the fact that I was a heavy Guild Wars player.

However, instead of playing right now, I’m adding yet another entry to my blog (I needed it do it anyway – been a while).  This is thanks to a security incident – availability or the lack of it (along with misguided planning?).

The authentication (or logon) servers are down and all we get is an Error Code with the number 42 on it.

Yup, in security terms… good ole lack of availability bit us in the butt again.

I can’t help to think right now that someone at NCSOFT has a good sense of humor as the error code was the answer to the ultimate question in Hitchiker’s Guide to the Galaxy. With an answer like 42, the general public right now has no clue on what could be going on and the message it leaves us with is even more secure (see video below).

I’m also sure NCSOFT is still trying to determine the root cause of the issue and how to address it.

Traditionally speaking and from experience as an IT guy I would have to deduct they were not ready for the load (amount of people connecting), and I’m reaching just a little on this.

Think about it… Guild Wars was one of NCSoft’s first releases, and it took time to build up the customer base to what it is now.

Here are some of the bigger factors they must’ve considered:

  • The customer base dropped off over time…
  • A lot of the original advocates for the game did stopped playing Guild Wars jumped on the offer for a pre-game invite if you purchase the game in advance on 8/25/2012.
  • In addition to those long but not forgotten adventurers, new ones have come along to add to the numbers.  So basically people kept on joining and playing Guild Wars, while others dropped off.

Most of the dedicated players that collected like a snowball rolling down the hill decided to log on today.  That included me, a person that has many time constraints.

I’m sure NCSOFT may not have been ready due to the fact that it is really hard to calculate the load giving all the factors they needed to address.  The best they could do is to take a series of educated guesses without any absolute certainty.  With that said, it would be interesting to see how they calculated the load of the servers and what they expected it to be, as I’m sure they overestimated the calculations to be safe.

Right now they are analyzing the processing capacities of the servers that Guild Wars 2 runs on, the throughput of the networks and the addressing the high demands of the users.

Meanwhile instead of finding other things to do, I’m sure others are trying to login every 5 seconds to the servers causing a brute force-like effect on the servers (trying over and over again).  This may cause even more demand when they bring the servers back online… and hopefully it doesn’t cause issues for NCSOFT, as that will mean more of a wait for us.

Don’t expect it to be a quick fix, it may not be fixed for good today (Saturday 8/25/2012)… but it should be something they can address in less than a month as the demand levels out more.   I’m also hoping they can resolve it today.

I’m sure the technicians are doing their best, but even still – some people are hard core flaming them already… oh well.  Stick with it NCSOFT… I know how bad it can be.  :)

The good thing is some of us have a sense of humor and other things to do, so it helps to get us by.  Here are some of the funny posts listed in the threads during the outage:

  • How not to fix your GW2 error 42 (funny spoof…  I liked the security comments – note the author is joking please don’t remove your security apps):

  • Arenanet Tehnican’s Fixing Server:

  • Why are you closed?:

  • Fix It (Remix):

  • Guild Wars 2 vs LMFAO:

  • And the classic… man gets mad at printer/computer (also not a way to fix your computer):

Course you can always listen to your favorite songs… one of mine is Daft Punk – Technology (I especially like the break/fix it part):

At any rate, not much more we can do but wait.

Update according to ArenaNet (surprise suprise… high volume causing Error 42):

  • We’ve received widespread reports of Error 42 when trying to log in. This is a general networking error which results when either the server is down or is experiencing very high volume. It can also mean that your firewall/network settings and ports are not configured properly. For more information on how to optimize your system settings, please click here.
  • We’ve also received a few reports on in-game performance. For more information regarding this, our own Bill Freist has written a comprehensive blog here.
  • After the worlds restart earlier today, some players reported no longer being in their guilds and were unable to be reinvited.  We are investigating now.
  • Several players have reported issues with receiving their Hall of Monuments rewards. Click here for more information on the Hall of Monuments.
  • All servers in North America and Europe are back online. Our Asura Engineering Team apologizes for the outage time.

 

Posted in Information Assurance | Tagged , , , , , , , , | Leave a comment
May 10
2012

Cyber attackers can come in many forms, even resorting to contacting victims in person

Posted on May 10, 2012 by DavidPSchaefer

 

I just heard from my wife today that my neighbor received a call from a possible computer attacker on the phone last night.

Borrowed from: http://www.itgovernance.co.uk/visible-statement-infosec-awareness-tool.aspx

The scam is that the potential attacker cold called my neighbor (the potential victim) in order to ask her if they can clean her computer.  The problem is, my neighbor didn’t know this person, and it’s kind of strange to get a call like this from out of anywhere.  The attackers stated they were from Microsoft, and wanted to help her.  She highly doubted this claim, as she knows the likelihood of Microsoft cold calling her to clean her computer wouldn’t happen.

The problem with this is you don’t know who these people are and after you let them in to touch the computer, the attackers can impregnate it with a malicious on or multiple payloads (backdoors, worms, rootkits, oh my!).  Don’t be surprised when they use big names like Microsoft, Apple, Symantec, or any of the other house hold names in computer products that we have become accustom to hearing.   The other thing is that this attack isn’t new, and it has been used for years… however… think about it.  It must work in order to the attackers to waste their resources (time and money) on this attack if they are still calling people trying to trick them into infecting their machines!

Just like when you have someone work on your taxes, you need to be picky with selecting the computer repair person to help you with your PC.  The problem is that an attacker acting as a technician can take control of your computer and do whatever they want – if they are not trustworthy.

The computer unethical market actually gets paid for creating what are called “botnets” of thousands or millions of computers.  Buyers that want to control those botnets for malicious deeds like taking down websites can actually rent these computers out from the original people that infected them.  Thus there is actually an underground industry that promotes the infection of large amounts of PCs that this is all potentially leading back to.  They also may be data mining your PC to get account numbers, social security numbers, etc.

Borrowed from: http://compusics.blogspot.com/2011/11/social-engineering-always-part-of-full.htmlThis isn’t the first time I heard of not so nice people out there infecting machines in person or via the phone.  They are hinging on the fact of a good ole fashion version of social engineering to gain control of your computer.

Social engineering is the manipulation of human behavior to track a victim into doing something they wouldn’t normally do.  Social engineering could be used for a majority of things from child abductions all the way over to computer crimes.  In most cases it allows the attacker to gain access to information, systems, or areas that the attacker wouldn’t normally have access to.  In this case the potential attacker was socially engineering themselves to be Microsoft, and thus banking on the fact that the person would trust Microsoft and let the attacker infect the victim’s computer.  Keep in mind that the attacker isn’t going to come out and tell you who they are… they’re going to act like someone you know and try to use tactics to win your trust.

The reason why this type of attack is so alarming is that 1) People expect computers attacks to come through the computer, not people.  This expectation of computers only attacking computers actually (2) lowers the defenses of potential victims when they receive the request via a phone (or in person) to fix the victim’s computer.  By lowering the defenses of the victim, the attacker inversely increasing the chance of the attack to succeed.  To the attacker it’s a win-win situation, often times thinking if the victim is foolish enough to fall for the attack, then they deserve it.  It’s the same reasoning that is used by mass murderers and other criminals on the web, as the attackers psychologically begin to demean victims with insults to make themselves feel better about doing bad deeds.

Please spread the word to never trust someone who cold calls you telling you they want to fix your computer, now that you know.

Borrowed from: http://yasirtariq.wordpress.com/2011/09/15/social-engineering-an-information-security-issue-in-a-corporate-world/

Keep in mind there are other stories out there where attackers infected computers in person:  such as the one pervert that took over multiple female victim’s video camera’s on their computer by infecting machines instead of cleaning them.   In that attack, the attacker displayed a message on the women’s computer to have them take their computers in moist spot to make their computers feel better (some women actually took their computer in a shower where he would record them).

The reason why I post this stuff is because I care about all of you, and I realize as a computer security professional that the only way to beat these guys is together.  The attacker’s mind never thinks about what happens to the victims…

Security starts with people first and foremost… computer or otherwise.

Posted in Information Assurance | Leave a comment
Apr 20
2012

Computer Gremlins

Posted on April 20, 2012 by DavidPSchaefer

It doesn’t matter if you’re a computer security professional or a person who just purchased a computer for the first time – sooner or later we all have run into the hideous computer gremlins.

Picture By: anie buckmelter

These gremlins can take the form of computer programs or even manifest themselves as social engineering thieves in the physical world. In the logical computer security realm we call these nasty little green monsters “malware” (short for Malicious Software).

This is an all encompassing term that includes things like spyware, computer viruses, worms, Trojan horses, rootkits as well as other unwanted software that may be on your computer.

Malware is anything but cute, as it can do all sorts of damage ranging from identity theft to making your brand new $3000 computer feel like a 2000 year old abacus (what we computer geeks often claim was the first computer).

Just like the cute, fuzzy, teddy bear creature they called a Mogwai in the 1984 hit
Gremlins, these malware threats often come in the form of a cute little program,
interesting e-mail, or link on the web intentionally made to peak your curiosity.

However, to avoid these programs and possibly ending up a victim, there are sites out
there created by reputable organizations that are focused on bettering our security
posture.

These include:

So, do you think you’re ready for the Gremlins?

There’s even a Self Assessment Quiz I encourage you to take at: http://www.bbc.co.uk/newsround/14979083

If you’re feeling lucky!

Good luck, and remember not to feed your computer after midnight. :)

Posted in Information Assurance | Leave a comment
Apr 01
2012

Raspberry Pis are now available for preorder again (no fooling)

Posted on April 1, 2012 by DavidPSchaefer

Just got an email today from Element 14 stating that Raspberry Pis are available for pre-order again.  I just ordered one myself to make sure it wasn’t an April fools day gag.  Now is your chance to get in on the 2000 manufactured Raspberry Pi computers that are sitting around waiting to be deployed.  They will revolutionize the way we entertain ourselves, for the costs of around $44 (shipped to the U.S.) for the network enabled model B.  For more information on what I’m talking about view my other Blog post here: http://bit.ly/H8YnKv

Here is the email I received:

tshirts picture

“The wait for Pi is (nearly) over.  The Pi began its journey as a crowdsourced community project. Given the volumes involved and the demographic mix of likely users, the development board exemption on compliance testing is not applicable. As a result, even the first uncased developer units of Raspberry Pi will require a CE (compliance tested) mark prior to distribution in the EU.

We’re supporting the Raspberry Pi Foundation in doing everything possible to bring the Pi to the world as quickly as possible, and minimize any further delay.
(Find out more here.)

At this time orders will continue to be kept to one per person, to ensure the products get into the right hands.

Simply click on the link below to place your order.

http://bit.ly/H97wOF

PLUS: As a Big Thank You, we’ll give you an Exclusive Raspberry Pi and element14 T-Shirt* when you place your order

To mark the launch of this incredible innovation, we are giving away FREE to our pre-order customers our exclusive co-branded T-Shirts.

Simply enter your size in the delivery instructions box within Checkout and your exclusive T-Shirt will be dispatched with your Raspberry Pi.

(Just place the words RPi with the following choice of sizes XS/S/M/L/XL/XXL)

*While stocks last

Posted in New Technologies | Leave a comment
Mar 10
2012

Raspberry Pi

Posted on March 10, 2012 by DavidPSchaefer

OK, once in a while there’s somethingRaspberry Pi Logo I just have to let everyone know included my family and friends. Seems like this one kind of got past me but not my very smart students. It’s called Raspberry Pi, and it’s a great little device that has a media player to play movies and pictures on your TV (and more if you want to play with it… seems like some people actually use it to play games, etc.).

One Does Not Simply Buy A Raspberry Pi Picture

The thing that’s crazy is that Raspberry Pi sells for $25 for model A and $35 for model B. It went on sale on February 29th and all the unexpected demand took down multiple companies’ websites – see http://bit.ly/yEveVS.  Needless to say they are sold out… it uses the same type of technology used in tablets and phones (ARM processors). The nice thing is it does HD video as well via a USB device you plug into it.

It is Linux based so it runs very light and faster than other OSs like Windows.

I want a couple just to play with (model B because it has an extra USB port and network connection)… but I figured I would pass it along to those that may be interested in playing digital movies and video on their home systems for a reasonable price… my next question is where can I buy stock (already checked… they’re a charity so you can’t buy stock)?

They are the hottest thing on the planet right now in demand and their Internet searches actually beat Lady Gaga in popularity for a moment in time.

Why is it so inexpensive???… because it’s a charity organization trying to raise money… their interests lie in benefiting society in general instead of themselves (unlike traditional business models)… this is why some of us LOVE LINUX!

They are also using this to create jobs in the UK. Eben Upton is not greed based like the traditional Jobs or Gates prototypes… http://bit.ly/zgAZdS ViVA Linux!!!!!  Upton and those people backing him on this effort at this point and time marks an evolution in technological thinking.

If anything this is yet another example from one of the founding members of one laptop per child, that yet again shows you can generate jobs and money to benefit society without the man sticking it to us!!! It’s a paradigm shift from the capitalistic mentality most of us may have in regard to computers…

Check out the video here for how it works:

Posted in New Technologies | Leave a comment
Feb 17
2012

What’s the Point of My Blog?

Posted on February 17, 2012 by DavidPSchaefer

Hello,

Wordle Image for IAI guess I will start with a mission and vision because I may need to refer back to it from time-to-time, and hopefully it also sets the tone for this site.  First before we continue however, we need to define some terms so that we can all understand what they mean.

Information Technologies (I.T.):  Includes general technologies (but not limited to) computers and phones as it relates to computer science.  The term first appeared in the Harvard Business Review by Leavitt and Whistler in 1958 to describe new technology that does not have a single established name.  Some examples may include web technologies (like this page you’re reading), computer virtualization, knowledge base systems, cloud computing, smart phone technologies, traditional computers, and more (as stated it’s generally relating to technologies)!

Information Systems (M.I.S. and I.S.):  The interaction of computer systems and humans.  Interesting fact, during the early days of computer systems humans that worked on the systems were actually called “computers.”  Thus the term computers signifies the symbiotic relationship as is relates to computer systems, and the support for those systems.  Information Systems (I.S.), includes the fundamental support, management, and decision making that is required by people which in turn allows others to interact with technology to support business requirements.

Information Security (InfoSec): 

Describes security as it relates to Information Technologies (I.T.), and a subset to Information Assurance (IA – below).  The overall goal of InfoSec is to protect information (credit card number, passwords, social security numbers, or whatever else is important to you that you don’t want others to have) from threats (con artists (phishing), people breaking in (hackers), and malicious code (virus, worms, rootkits, oh my!).

Wikipedia will have you believe that IA and InfoSec are interchangeable but again, Wiki has failed us.   InfoSec was designed to protect computer systems, and was later expended to create a new view called Information Assurance when the government realized it wasn’t enough.    InfoSec is more computer systems focused than Information Assurance.

Information Assurance Picture of Knight

  • Information Assurance (I.A.):  Defends information and Information Systems (I.S.) from a breach.  It protects users via a concept called the CIA Triad to protect information, which includes:
  • Confidentiality - The ability to conceal the information that needs to be protected. Example:  Protecting the system from a student accessing everyone’s password on that system.
  • Integrity - The ability to make sure that the information you’re protecting doesn’t get changed.

Example:  Protecting the system from a student changing his/her grade in a system when it was unauthorized.

  • Availability - The ability to keep systems available during the times the information is needed.  Example:  Ensuring the heating and cooling in a computer room is sufficient so that the equipment doesn’t overheat and fail during student registration at a school.
  • There are more terms that build upon the original CIA triad like non-repudiation (ability to ensure that someone can’t repute something, in other words deny it) for example.

Lighthouse of hope if we all do our bestShared Governance – Basically is a hippy like concept I believe in, it basically means that those of us that know something about anything should help others out that are not as familiar with it.  In my case, this page represents part of my shared governance commitment to the community by allowing me to share some of my thoughts on how to properly perform computer related tasks, etc.

With that said, our world of Information Technologies (IT) is constantly evolving, and even as I write this page I’m amazed on even how some of the above terms and concepts changed or have gotten so confused to the general public.  It seems as time goes by others take and manipulate these terms to make them similar and create further confusion of the concepts, which is greatly disappointing to me.  It’s the results of an industry that is still trying to find our ways.

My Commitment to this blog is as follows:

Mission Statement:  To create and add value to my friends, family, and students by providing a shared governance commitment as it relates to computers and security in general.

Vision: Shared Governance and helpful tips as it relates to information technologies and Information Assurance through sharing things I have learned as a student, professor, and information technologies employee.

The main point of this site is to have a place to point my students, friends, and family for technical situations and solutions I’m commonly asked for as a Computer Information Systems (CIS) instructor, Information Technology (IT) worker, and a Information Assurance (Security) advocate/instructor.

I’m currently working on this site to hopefully create a place I can store my documentation and recommendations for administration and security as they relate to computers in general.  If you would like to use any of the information in this site, please contact me by posting.  Thank you!

Posted in Information Assurance | Leave a comment