StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts in IT Security

Run gpedit from the start menu.

Go to Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/

Set “Turn off Microsoft Defender Antivirus” to ENABLED. If you do this WON’T work, even with tamper protection off. Its supposed to enter a reg settings but doesn’t and when you open gpedit again you’ll see its not set again.

Instead I go to

Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection

And set “turn off real-time protection” to ENABLED. That seems to survive the settings change and turns of real time protection so you can do what you need when its incorrectly blocking files.

Use HTTRACK

https://www.httrack.com/

Point it to the file and if the site is still up, it will download but not run.

It appears Parking Enforcement Agency and Parkshield Collection LTD have never heard of the “Streisand effect” this is a social phenomenon that came about many years ago (2003) when Barbra Streisand attempted to sue Kenneth Adelman and pictopia.com for violation of privacy. The lawsuit meant that an image of Barbra’s house that had only been viewed a few thousand times, suddenly was viewed over 400,000 thousand times. Barbra lawsuit was dismissed.

The term was apparently coined by Mike Masnick in 2005

“How long is it going to take before lawyers realize that the simple act of trying to repress something they don’t like online is likely to make it so that something that most people would never, ever see (like a photo of a urinal in some random beach resort) is now seen by many more people? Let’s call it the Streisand Effect.”

More info of the origin of the term can be found on Wikipedia

https://en.wikipedia.org/wiki/Streisand_effect#Origin_of_the_term

Anyway, back to Parking Enforcement Agency. A company I’d long forgotten about but due to their antics on 11th September 2020 I stood up and took notice again. This lead me to contact several media outlets to air my issues.

It started back in August 2019. For some reason and I can’t remember why, I came across Parking Enforcement Agency. It’s possible I’d visited one of their “managed” car parks but have never been given a ticket because I pay for my parking when required. But being in IT I’m always curious to know what the IT security is like with these companies, considering how shady their charges normally are and their IT always appears bad.

I proceeded to their website and shocked to see no SSL cert at all (since corrected). All forms they were requesting people to fill in to contest their ticket were insecure. All data was being passed over the Internet in plain text. This means anyone could intercept the form, grab your details or even pause the form from being set, change the details before sending it on.

I recorded this issue along with fiddler open next to the browser. It shows the security issue in all its glory.

https://open.lbry.com/@Stevenwhiting:e/parking-enforcement-agency-parkshield:3

This footage was up on YouTube and has been for over a year. It wasn’t until the 11th September that a person known as Andrew Palmer filed a false copyright strike on the video. This appears to be an attempt to censor the video knowing full well the YouTube strike system is open to abuse. This meant the video was instantly removed and I now have to prove I own the copyright and have a valid reason to use said footage.

There is nothing in law, not that I can find, that states you can’t record footage of yourself browsing a website. A websites layout, structure etc, can’t be copyrighted. Logos can. There is only one logo of theirs on the site (a VERY basic one, none of the other images are theirs). But again their claim is invalid. Under Fair Dealing laws in the UK any use of copyrighted works is allowable if:

For Review or Criticism: quoting work for use in criticism or review is allowed. The amount of content quoted must be appropriate to the length and purpose of the review and the source of the original material must be acknowledged.

I do both. I’m criticising the security of the website and I’ve even included links to the originals at the time of the video.

We can now see that www.parkingenforcementagency.org as of at least the 23/7/2020 have finally purchased an SSL cert for the site. This is when the certificate starts so we can only assume they still hadn’t purchased a certificate before that date, so the site was still insecure.

What is still troubling is  http://www.parkshieldgroup.com still doesn’t default to their own certificate, which was only purchased on the 15/08/2020.

The first DuckDuckGo link (which was some weeks ago) points to the insecure version (appears to have finally been updated on DuckDuckGo but not on Google) and so does the first Google link

All they had to do in cPanel (as we can see their certificates are cPanel ones) is put auto redirect on to only point to the SSL version.

What is more amusing is their lack of understanding how the Internet works. There is an old saying “The Internet never forgets”. In the IT industry we are interested in the history of computing and the history of the Internet. Interested in long past sites, how they used to look extra. Geocities was a massive site in the 90s for hosting homemade websites from the early days of the Internet. When that was being shut down, thankfully people clubbed together to grab copies of most of the old content for history.

Anyway, what Parking Enforcement don’t realise is their sites have also be “archived”. Why is this of interest? Because of their bullshit move with their “Policy update”.

If we look at their policy page it states “This policy was last updated on 1/04/19”. This happens to be 4 months BEFORE my video was up on YouTube. That’s funny because that WASN’T there when I created my video. Unfortunately I never filmed that page. So how do we prove this is bullshit? How do we prove this appears to be an attempt to avoid any future investigation from the ICO (which they’ve been reported too since this copyright strike issue, I’d never have bothered if they hadn’t falsely flagged the video). We use the amazing https://web.archive.org/

Their policy page now

The same page on The Way Back Machine. As we can see, this page was captured on the 29 May 2019, over a month after the date they claimed they’d updated their policy. This clearly shows they hadn’t actually updated the policy. They would have been e-mailed direct by me if they had an e-mail address on that page at the time but they never did. They now have due to realising its required for GDPR.

We also take a look at their images they used throughout the site, are they trying to claim copyright on them via the YouTube system? Surely not? If we download the images and do a reverse image search we find, that most if not all of them are stock images. This specific one is from Getty images, iStockphoto or one of the other manage stock photo repositories and used all over. I’d also be curious if they are correctly using the license for the photos if one is required.

Ironically at the bottom of that search we find their own page

Which links to, ironically, the unsecured page 🙂

We also have their Terms & Conditions page where they are clearly attempting to claim copyright on all the “photographs”

The only image on their site that actually appears to be theirs, is their logo. All others are stock images.

The list of issues goes on. It is now Jan 2021 and these issues still aren’t fixed. The copyright strike has expired but the video is still not on YouTube but is on other platforms and will stay. They’ve finally bought a cert for the main parking fines site but the park shield group site still points to insecure pages. And what appears to be an attempt to mislead with the policy change. We can see, the date they claimed the policy was in place, it wasn’t.

What annoys me more is the YouTube strike They clearly abused the system yet YouTube/Google don’t want to get involved. Yet they do, when they removed the video. They never replied to my contact (As YouTube don’t want to be involved they ask you to contact the company first). Trying to dispute it with YouTube is a pain and that is what they were betting on. Betting that I wouldn’t bother or YouTube would be difficult. There was no explanation of what they were claiming, this is the problem with YouTube, there should be a requirement to explain what they are disputing. Throughout the whole issue, I was never informed what was being claimed. There was nothing to claim. They had no rights over the video at all, the sole point appeared to be just to have the video removed. YouTube has become an monopoly and the abuse of the copyright system needs to end. For tiny seeds like my channel that are in a massive forest, we’ll never be heard. It won’t change until the big players start to fight the issue.

Luckily we have LBRY and Odysee (friendly frontend to LBRY).

https://odysee.com/@Stevenwhiting:e/parking-enforcement-agency-parkshield:3?r=AcyG2hp74Jwiq1dGxS1EZSLxBaYGN4Cj

“The fastest, safer way to get things done on the web.” is their blurb. My video clearly shows its not secure. A known phishing site and both IE and Edge allow you to it. Both Chrome and Firefox warn you it’s a known phishing site.

https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/

If you get your 2-step verification via text message it is possible, as this flaws shows, that others can redirect your calls and text messages to their phone instead. Meaning they’ll get your 2-step verification code.

Google Drive for Desktop Flaws


Putting this out there anyway, whether anyone will see this post is another thing. This is a tiny site 🙂

The number one flaw of Google Drive for Desktops when using G Suite (so in a business environment) is the lack of auditing. It states this on their support page.

https://support.google.com/a/answer/4579696?hl=en

  • Downloads from the following sources are not logged:
    Google Drive for Mac/PC sync client downloads

This essentially means someone in your organisation can upload loads of documents to their Google drive making sure they keep them as Office documents or other types (just not G Suite file types). They then install Google Drive for Desktop on their personal PC/Mac and connect their work account. This will then sync all their files to their personal desktop with no auditing. They can then copy all these files from their Drive share to elsewhere on their PC/Mac. They’ve now stolen lots of your data with no audit trace.

If you natively just use G Suites docs, this becomes harder for them to do, because they first need to download all the documents from a browser which automatically will convert them to Office. This means if they then try to open the Office docs, they can. If they leave them as G Suite documents they won’t be able to view them. This is because they will open in a browser and they will need to login with their work account to view them.

Worst still, if the person has left and their account disable. When they disconnect their work account on their personal PC/Mac, it doesn’t then wipe the files already sync to their Google Drive folder on the desktop. It keeps them available for them to actively copy or read.

I see that as a large flaw but then I’m no security expert, I just have an interest in it.

One of the most useful vids on this I’ve found.

Great guide on breaking out of applications.  More reason to lock that remote remote machine down.  Easier said than done as sometimes locking down stuff stops other things working.

 

http://www.pentestpartners.com/blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/#modifyingicafiles

Running Word 2010 and run the macro

For the macro type

Shell “cmd /k cmd.exe”

Run the macro.

You now have a cmd box where you could potentially go elsewhere.

Obviously person has to have logged on successfully at least once.

In XP search in reg for cachedlogonscount

Normally at

HKLM\Software\microsoft\Windows NT\currentversion\winlogon

Normally shows the user.  Change

cachedlogonscount

to anything above 0

Maybe other references in that section that prevent it but need to compare with a working machine to find the entry blocking the cache.