Category: Security

How to problem solve a motherboard post issue

Paul

Motherboard

Motherboards are all different

Anyone who has been working with motherboards for years, probably will say this also.   Motherboard manufacturers all create their own unique motherboards to try to be different from the other.  That is the first thing for those who have issues with your motherboard and having difficulty trying to figure out what is causing your motherboard not to post or even show any signs of booting.   It can be a multitude of things that might be the cause of the issue and we’ll talk about each and every one that might be the reason for the problem.   Each issue might be a little bit different and that can bring on some more issues or concerns.  Don’t get discouraged because you can’t figure it out or know where to start.

Loose wires

This is the first place I look when I have this issue of nothing showing up or even looking like it is even going to boot.   Even a loose wire might prevent the system from starting up or even getting into the bios.   I’ve seen this at least once or twice that there was a SATA cable that was partially not plugged in and the system was just stuck and not trying to boot.   It’s usually the first place I’d look if the user says they just moved their system and now the system won’t boot because some wire somewhere came loose.   It’s usually the easiest fix for some problems.  It however isn’t the only reasons that the system might not boot.

Memory Modules

The memory modules which can be anything from DDR1 to DDR4 depending on the motherboard.  Memory sticks can go bad over time and this is usually what causes a lot of issues.  I usually just pull out all modules and start booting with just one until you find the culprit.   If it boots replace that module with the next module and see if the system still boots.  If it doesn’t then you have the issue the module is bad but if all of them boot or the problem persists than the modules aren’t the problem.  Then you will need to check other areas.

Check GPU

If the system has a GPU than this might also be the issue.  You can try to remove it and see if you can get the system to post by using the systems graphics processors if it has one.  If not you might try a cheap gpu to see if the system will post after you swap the GPU.  It’s usually not the GPU but you never know and that is where I find the problem can be sometimes.   Also if the GPU is getting to hot the motherboard might not post to protect itself and that might be the issue.   You can always redo the GPU and put new thermal paste down to help it keep cool.  I’ve found the thermal paste sometimes goes bad.

Check Hard drives

This is where I usually go next.  It can be as simple as a hard drive issue that is causing the system not post or boot into bios.   Strange as this might seem the issue can actual cause this to happen and the system will just not boot.  unplug all SATA cables and pull any NVME drives and try booting.  If it was the issues the system will at least boot to bios after that.  If it is the problem just slowly start with operating system boot drive (NVME or SATA) and see what happens until you get back to a no post issue.  When you do this you might find it is time to replace the SATA or NVME if it is that.

Reset Bios

This is usually where I go next when the problem persists and nothing seems to work.  It can be a problem in the bios and you’ll need to reset it or clear the bios memory,  to see if the problem persists.  Sometimes the bios has issues of its own and you will need to clear the bios and see if you can get the system to post.   Also if it does post, it might be time to update the bios to see if that will also help resolve the issue later on.  Sometimes even updating the bios seems to resolve the issue even better than just resetting the bios.

CPU or Motherboard

If you have done all that and the system still doesn’t boot, you know it is either the CPU or motherboard that is bad and that is where it gets interesting.  If you have another CPU that you know works, and you can put it in there to see if the system boots.  Also check the thermal paste on the cpu, if it is getting too hot on the cpu that might cause the system not to boot.  That would be my first thing to try to see if this will resolve the issue.   If not it might be time to buy another CPU or Motherboard.   It can happen that the mother just goes bad for whatever reason.   I’ve not seen it but I’ve heard about it that the motherboard can go bad.   If you can’t get the system post that is the final thing you can do to get your system running again.  Replace the Motherboard and RMA the motherboard.

Want to say thank you?  Why not buy something from my Affiliate links to say thanks.  Anything you buy with my affiliates helps me with my blog and what I love to talk about.  Thanks.

 

How to Convert your Windows 10 from MBR to GPT

Paul

Securing Windows 10

It’s complicated is what I’ve heard from people all around the world. The idea that We have to figure how to turn our Windows 10 into a secure boot, can seem difficult at best. Just like Unified Extensible Firmware Interface (UEFI) isn’t always labeled right in the bios and that can be hard to find.   It seems that all the motherboard manufacturers wanted to make it extremely difficult for anyone who might want to enable or disable UEFI to be able to do it.   Then add on to the fact that the Motherboard manufacturers also made it hard to figure out how to turn on TPM in the bios also.   Can seem quite maddening to most because each manufacturer didn’t just call it TPM or UEFI.   Some of them Call it PTT (The intel Platform Trusted Technology) or even the AMD which is called fTPM(Firmware Trusted Platform Module).   Although the AMD version is a whole lot easier to understand since it does say TPM.  Intel on the other hand can be hard to find or even know what PTT stands for unless you google it.

Checking your system

The first step you should always do is make sure you can do this in the first place.   If you haven’t read my other post about this, I’d go over there and check to make sure you can do this in the first place.   As of currently Microsoft has stated that the requirements are the same for the previous few weeks.   So I don’t know if they will change when the final release comes out but it could very well change.

Have backups

Before I talk about the upgrading or updating your boot system to allow you to boot into Windows 10 Secure boot.  I’ll make this statement, please consider backing up all your important files that you might want to keep to a USB Flash Drive or even portable HDD or a HD that you can unplug from the bios to keep your important files safe while the upgrading of Windows 10 is being done.    What you do after this is on yourself and no one else.

can you upgrade to secure boot?

If you have checked the previous post and turned on what you can besides secure boot, but you know you have it.  You’re pretty much set to upgrade Windows 10 from Master Boot Record (MBR) to GPT(GUID Partition Table).  The process for converting your Master Boot record is relatively simple but will require you to boot into a Windows 10 on a USB!  Once you have done that you will then want to get to the command prompt the easiest way is to hit Windows+S and type in cmd then right click run as administrator.  Now you’re at the command problem.  Now is where the fun starts.

Type in :  mbr2gpt.exe  /allowFullOS /convert

Let it do it’s conversion and once done you’ll need to reboot but before you try to log into Windows again, you’ll need to go into the bios and enable secure boot.   Depending on how much Windows 10 needs to go through a new startup process will depend on the way GPT was converted.  It may take a few minutes even on the fastest system for Windows 10 to fully boot or it could be just as quick as before.   Once Windows 10 is booted, I suggest verify all your files are there and that everything is working correctly.   You might need to update software but that shouldn’t be to much a problem.   After That if you are on the Windows Insider Program than go check for updates and Windows 11 should be able to install.  If it still says you can’t upgrade I’d go back and check Whynotwin11 and Find out if you haven’t enabled TPM or what version of the TPM it is.   Other than that you should be set to go.

Enjoy Windows 11 Preview builds.   

 

This is why Windows 11 Will fail miserably with Security!

Paul
Photo by TheDigitalWay on Pixabay

Microsoft’s bad Idea

“Microsoft claims that their telemetry shows that they have seen up to a 60% reduction in malware when TPM-enabled features like Windows Hello and BitLocker encryption are used on supported devices — it’s unclear why that would be at all true, unless it’s correlation and not causation”   Steve Gibson (Security Now #825 Podcast)

I dare say it’s a terrible idea.  I have been doing some major research into secure boot and TPM and everything I’m seeing is a little bit worrying to say the least.  Even listening to others talk about what Windows 11 can do or can’t do seems quite obvious.   Afterall, I’ve even had my son get information on how to get around the security requirements for Windows 11 and install Windows a boot logged copy of it onto a USB just to play around with it.   I am quite concerned with this also because it seems Microsoft trying to force users onto a proprietary system.  Microsoft is only doing the complete opposite of what they claim.

Scrutinizing the Boot Process

The goal of a hardware root of trust is to verify that the software installed in every component of the hardware is the software that was intended.  — Jessie Frazelle

The problem with trust is that we should never trust anything and always question it.   How can a system trust that the software wasn’t installed as intended?   These are the basic problems with the premise of a TPM and even the Secure Boot process.

The goal of attestation is to prove to a third party that your operating system and application software are intact and trustworthy. — Jessie Frazelle

The problem with this is even more obvious to the security of a system.   Attestation can’t always witness or even prove a program doesn’t have the right to be run or used in boot up.   Unless Attestations can be programmed to boot Windows a certain everytime in hardware, we will always have the virus developers skirting around the boot process.

Some members of the technology industry have raised the concern that the well-documented, modern, high-level language interface provided by UEFI makes it easier to compromise a platform [12]; that the ability to add modules
and applications to the boot process could compromise security.

Richard Wilkins and Brian Richardson

I wouldn’t call some being a small amount of people but a large amount.  I’ve heard time and time again this idea and it seems to be a growing concern with UEFI and how virus writers / developers will overcome UEFI and be able to install viruses / Malware around the the Windows system to be able to do what they have always been able to do.

Security through Obscurity

Microsoft seems to have take this approach as  their next step through the security door and it’s seems quite evident that they’ve not learned their lesson from others.  I say that with the understanding that Apple tried this with their systems and they still have virus writers who can compromise their system.  It’s not like the security community doesn’t want all operating system to be secure, in fact most would want it so badly because we wouldn’t have to worry as much about the viruses or malware to being on peoples systems.   Let’s not forget we still have users who will do dumb things and that much will always be true.   There is always going to be need to teach the company users, how to be secure while using the company’s computer(s) or laptop(s).

Return-Oriented Programming

Return-Oriented Programming is a security exploit technique used by attackers to execute code on their target system. By obtaining control of the call stack, the attacker can control the flow of existing trusted software running on the computer and manipulate it to their own ends. — Secureteam UK

The ROP(return-oriented programming) has been a constant problem for several years now and will probably grow even more.   I say that not lightly because the Virus writers / Developers will have to start to use it more and more often and even find other exploits techniques to get around the Secure boot and UEFI protocols.  This is often called the Blindside attack and is most often used with IOT(Internet of Things) devices but can be used with Windows operating systems and will become more and more useful to them in the future, I suspect.

Not unlike the previous tutorial we will be crafting [ROP] the parameters to Windows API calls on the stack and then executing them.  — FuzzySecurity

As you can see, there is already programming that people can do with Windows 7 API and that’s been out for quite a while.  I am unsure when someone did this little experient and talked about the vulnerability.  This vulnerability is available on Windows 7.   It could very well be used on Windows 10 or even Windows 11, I suspect.

Mitigation

I will say there has been talk about mitigating this and other attacks but it requires a constant updating of the operating system and CPU (Secureteam UK).   As you know CPU manufacturers will take years to update a problem just because people will not want to go buy a new cpu or even a new computer until the old computer isn’t able to run or something actually breaks in the system.   I know Virus writers / developers will always be having to be a head of Windows updates and that might be what they are already doing.   Looking for vulnerabilities in the UEFI and Secure boot area.  I suspect they are already doing that now.   I can’t say if they’ll succeed but I know the virus writers make so much money on ransomware and getting those companies systems compromised.   So who really wins?  I would hazard a guess no one in the end, the security that Microsoft is trying to force will still fail miserably and I will be there saying “I told you so!

 

 

How to install Windows 11 on a given system.

Paul

Windows 11

Install Windows 11

It’s not as easy as it seems. Ever since Microsoft has told us what the requirements will be for Windows 11, there will be more than that for you to use Windows 11.   Some of the issues some users are having is going from non-secure boot to changing the partition to secure boot.   The problems associated has been far a wide for the people who are in the Preview program.   So what do you really need to do to install Windows 11.   I am will talk about some of the things you will probably need to do to get it to work on your system.

Gigabyte Motherboards

I currently have a B460M DS3H AC and finding Secure boot for my motherboard isn’t as easy as it seems.  I had to first update my bios from factory default to the latest.   You can download the bios for this motherboard and flash the motherboard with the latest bios updates.   It seems the latest bios F5B bios update has secure boot automatically enabled but for those who do not want to update their bios to the latest version.   In order to get secure to work on your motherboard you have to go to Advanced settings > Boot Menu.   Once there, you will need to scroll down to CSM and I needed to disable that to get secure boot to work.  Once that is down you can now have access to secure boot.

Converting your Partition

If you are like me have a MBR(Master Boot Record) partition than you will need to convert to GPT(GUID Partition Table) partition, in order to be able to run in secure boot.  There is a tool that can do that for you call MBR2GPT offered by Microsoft to be able to convert your partition to GPT.  Once you do this, than you can enable secure boot and have it ready for Windows 11.   Since we are talking about the preview build and not the actual build I can only sumeize that it will be required with Windows 11 when it is finally active.   It will be a long and hard process for many because there are several reasons why someone won’t want to go to GPT partition.   I haven’t decided if I will or not but I wanted to show you how to install Windows 11 preview if you are one of those who wanted to try Windows 11 but didn’t have the necessary system setup the right to be able to install it.

Still not Compatible

WhynotWin11 Capability Tool

If you are still having problems figuring out why you can’t install Windows.   There is a Great little tool that will tell you what you have or don’t have enabled or what hardware you are missing to be able to install Windows 11 and what you might need to do to get all the requirements for Windows 11.   In the end, this will at least help those who want to install Windows 11.   I’m still not sure if I will but at least you can now know what you need to do to be able to install Windows 11.

 

 

How to Protect your privacy online

Paul

Privacy - Privacy Online

Online Data

52 percent of respondents shared personally identifying information through social media sites.  — Dan Raffer

Do you know how much of your personal data is out there? There are many people who will not know just how much data is available on the internet. You could literally find information about a person where they live, their phone number and even their email address if you really know where to go to search for this information. No I am not joking, it is really not hard to find this information and that is what most people just don’t realize.   As you might think, most people are leaking their information in many ways from their hair color to their favorite food on social media sites and this just as dangerous as you might not realize.

Hearing what I just told you, how do you feel about it?

“Most browsers — including Chrome, Firefox and Safari — offer some sort of private browsing window.” Christian Stewart

You can protect your privacy somewhat by using this private browser such as Chrome’s Incognito window but this is only the first step to protect your privacy online. You should also disable third party cookies and also use a good privacy focused search engines such as duckduckgo (duckduckgo.com), or Wolframalpha (wolframalpha.com) to help keep people from tracking you. These are all good and will help you not be tracked as much on the internet and keep your privacy safe.

Be skeptical

More than 99 percent of threats observed required human interaction to execute.Gamelearn

Did you know that it could be as simple as being very skeptical of any links you have been sent or browsing on the web. Not every link on the internet is safe for us to click. So How do you know if it is safe to click? These are good questions that need to really be thought out before you click any link you want. Some of the common questions I ask myself are:

  • Did I receive this link without being told?

  • Was it a popup message or something like that?

  • Do I know the person who sent it?

  • Is the URL link hidden from my site?

  • Was it sent on a Social Media site?

If you answered yes to at least one of these questions you should be very cautious to click the link. Most of the time if you received a message saying your system is infected you would be quick to click that link but that would be the wrong. Most virus authors will pray on your emotions and social engineer the attacks that will get them the most results.

Stop with the easy passwords

This is the most valuable tip I can give you, everyone who’s anyone will not create complex passwords because we aren’t complex. Humans especially when it comes to passwords will not create a really hard password because it will be hard for them to remember it. Definitely don’t write down your passwords for others to see. You’ve seen shows or movies like Ready Player One. If you seen the movie Ready Player One, in the movie Sorrento leaves his password on the rig and well you know the rest but it makes a great point that there are better ways to keep your passwords safe. I recommend using a password vault or a password manager that will do the job. I currently use Lastpass for all my needs but I am sure there are other free password managers that will create, encrypt, and even save those passwords for the next time you visit a website. Any good password manager is really going to be better at create a unique password than you would.

Use 2 factor authentication

It’s time to use 2 factor authentication. It is something you have and not something you know, you should make it extremely hard for any key-logger or other such methods from controlling your account. This is where 2 factor authentication comes into play, they might know your password but they will also need to know or have a way to authenticate in other ways. So it is best to have this turned on even if you are using your cell phone, it will provide another layer of protection and will keep your accounts safe.

When it comes to privacy, it can be a big struggle just to keep your information safe. There are several ways you can keep it from those big baddies that want to use your information for piracy and identity theft. We can never really understand why but we can at least work hard at making sure our information isn’t in the wrong hands.