Every problem has a solution !

131120-solutionsEvery problem has a solution, and tonight I’m happy to use my laptop to create this new post on my blog 😉 Finally !


Happy because the two major problems I had detailed in my previous posts are now solved !

1. Microsoft Windows 8 Pro activation issue : SOLVED !

Finally, maybe because I asked for help, Microsoft called and emailed me back several times, and I had a kind woman support engineer that helped me solve the issue. We exchanged emails about commands to type, which were interesting… By the time she called back, however, since I couldn’t wait, I had bought a new Windows 8 license, and sucessfully activated my current installation. So after explaining that, she proposed me to setup a new Win8 and activate it on a new hard-drive to test the activation process.

This led me to better understand the way Microsoft activates and manages its licenses.

Amongst the important elements I learned from this call :

Tip 1 : How to rearm the PC to accept a new Windows License :

  1. Using regedit, change « HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE\MediaBootInstall » from 1 to 0.
  2. Reboot (optional if registry value was already set to 0)
  3. Using an administrator command prompt, type « _slmgr /rilc_« , then « _slmgr /rearm_« 
  4. type « slui 3 » to enter the Windows key
  5. type « slui 4 » and select your country, to start the manual activation process by phone

Tip 2 : desactivating a license key, to use it on another computer.

This trick was explained in detail in Korben’s blog. It’s in french, so here is it again :

  1. Using an administrator command prompt, type « _slmgr /dlv_« 
  2. This displays a verbose window with all details about your key, activation and license status on the PC.
  3. Write down the « Activation ID » number (or better, make a screen capture of the whole window for your records)
  4. to desactivate your key, type « slmgr /upk {ActivationID} »
  5. You should have a popup saying your license is removed, and Windows should nowbe in « 30 days trial mode ».

In general, typing « _slmgr_ » in a command prompt displays all the options, and it is quite instructive !

About LogMeIn, scams and more…

During this experience, I also discovered that Microsoft had a contract with LogMeIn to take the control of your PC if needed by support. She told me that it was because the embedded Remote Desktop server for teleassistance in Windows is too complex to activate for simple users, so they now use LogMeIn ! Being a CISO, I consider that may be a risk, as phishing and scam campains also use LogMeIn to get into your PC, pretending or not to be Microsoft,  to try to infect it or sell you crap…

About those scams, I recently read somewhere that once they contact a victim, they explain her that the PC is infected, andas a proof, ask the user to start the event-viewer and display the Windows/Application logs. As there are often many nice flashy red « Errors » flags displayed, followed by cryptic information for non-IT persons, it’s really easy to tell them its the virus !


2. « Corrupted data error » when accessing my websites from Firefox : SOLVED !

So happy ! I am now even using Firefox to write this current post 😉

The issue that kept me from accessing my webpages from my PC is now solved, thanks to hours of testing different scenarii.

In fact, after spending a lot of time investigating the cause, the problem was located to be caused to my firewall packet filter, that corrupted data in some really specific cases. I’ve described the issue in Outpost user’s forum… and magically, two hours ago my firewall self-updated itself, receiving new signature definitions and a minor update. Interstingly enough, my Firefox started to display my sites without complaining !

I still wait for details of the reason it was corrupting only my websites, and why the issue still appeared even after desactivating the firewall packet filter on the network interface… but apart from this, I’m globally happy !


3. Why do I like Outpost Firewall ?

During my investigation, I had a few followers on Twitter that suggested me to stay away from Windows, or to change this firewall to another one.

The reasons I stick to Outpost are numerous :

– it is quite robust and efficient, I never had issues before, even in very specific and/or complex network configurations (usually my « standard » network configuration on my laptop has several OpenVPN tap/tun interfaces, virtual interfaces, ipv6 and 6to4 interfaces, IPSEC and SSL VPN interfaces, LAN, WiFi and Bluetooth interfaces, 4 or 5 packet filters (winpcap + MS network monitor packer filter + Outpost packet filter + VMware packet driver…)… so I am lucky Outpost doesn’t complain !

– it is light and nearly invisible for current usage.

– it is highly configurable, setting firewall rules can be even more precise than on several corporate firewalls brands.

– the logs are very detailed, can even include packet-level debugging,

– those logs are in text format, and I can use unix/cygwin tools to parse/manage them.

– it is not only a network firewall, but also a really good applicative firewall, isolating processes and more.

– some parts of the firewall/antiviorus/antimalware can be disabled temporarily, and finely customized. Very useful as I also have a malware lab on my laptop, with specific VMs and sandboxes that need to be taken care specially (I wouldn’t like my lab binaries to be scanned and inadequately put into quarantine or even worse, deleted !). Same for all my malware analysis / reverse / pentest tools that are often seen as malware by antivirus…

– the config files and binaries are self-protected, and can also be hardened by a password to prevent changes.

– it uses Python (and Lua ?) for settings and updates


and much more…

To illustrate, here are some pics :

Below, the log files gererated… Quite verbose !


Here are the live logs. I use multitail via Cygwin to display them:

(here is an example where we can clearly see Bitcoin-qt.exe in action)


As you see, not only there are network firewall logs, but also http headers and traffic, and application-level logs. Quite useful indeed !