Sunday, July 06, 2008

Rapid-Fire Linkpost #3 – Purely Windows Dressing


CC Photo Credit: by Choctopus on Flickr

Great dirt for Microsoft Windows fans:

Where did I put my shovel?

10 top Vista tweaks, part 2 - Ed Bott’s Microsoft Report |  Thought I posted this before but darned if I can find it.  Good Vista tweaks that shouldn’t damage your system or your sanity.

Nothing stealthy about this Windows Update update - Ed Bott’s Microsoft Report | Yep. Time for Windows Updates to get updated again.  Based on Ed’s comments it looks like it might actually be useful and improved.  Anything that makes it faster on XP systems will be appreciated by me.

Microsoft Malware Protection Center - Top Detections – Stumbled across this Microsoft page a while back.  Shows Redmond’s list of their top detected desktop, MSRT, and malware threats.  For security-minded geek entertainment…check out their threat analysis links.

Microsoft® Malware Protection Center blog got some updates and a new home not too long ago. Welcome to the New Look Microsoft Malware Protection Center Blog.  Certainly not the first site to provide information on malware threats and feedback, but the posts are pretty easy to follow and they are working hard to stay up with the times and present a useful public face.

IEBlog : IE8 Security Part III: SmartScreen® Filter – Awesome and detailed post by the IEBlog team on IE 8 elements for anti-phishing and malware-tainted website protection while surfing.

IEBlog : IE8 Security Part IV: The XSS Filter – More details on how IE 8 may address cross-site scripting attacks as a threat vector for browsing the web.

IEBlog : IE8 Security Part V: Comprehensive Protection – Very detailed and layered explanation of all the security changes being poured into the IE 8 release for our web-surfing safety.

I need to go back and do a more in-depth review of these IE 8 features as well as those in Firefox 3.0 and Opera 9.5. Those browsers already are now including built-in browser protection against phishing and malware-laced sites. IE 8 is joining their direction and, seems hell-bent on surpassing them. I really like what I have read so far on the IE 8 changes. I hope this leads to a new level of browser-arms race!  We all win this way, regardless of your favorite browser flavor!

Looking for a “Reader’s Digest” version of IE8 security features? Try this: Microsoft to ratchet IE8 security another notch in Beta 2 via Ed Bott’s Microsoft Report |

Kaspersky Lab releases instructions on how to recover files attacked by the Gpcode.ak virus – OK, not really a Microsoft direct related post, but good news for folks who got key documents locked down.  I advise all sysadmins to read this so they can be prepared in advance, of ever encountering this.  The key?  Act fast so you can recover deleted files before they are overwritten. You can’t use them directly, but they are key to the recovery process.  You will also need some freeware tools/utilities linked from that source.  Download them to a USB stick in advance (and not to the impacted hard-drive)!

Security Database Tools Watch - Pass-The-Hash Toolkit v.1.4 – freeware – Add it to your USB toolbox ladies and gents in the sysadmin field.

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

Windows SteadyState – I’m longing to find a way to apply this free feature for XP/Vista to our training-room PC’s as well as a few other choice deployments at work.  I just need to come up with a plan.  Might apply this to systems in our laptop checkout pool.  Could save us a lot of time reimaging the systems upon bring-back.

Basically, Windows SteadyState is an application you can install on target pc’s.  With it you can lock down the user interface to prevent system changes by users, as well as revert to a previous saved state after the user has finished simply by rebooting the system. Learn more about Windows SteadyState

Windows Steady State Bulletproofs Your System - Download Squad.  More information and comments.

SteadyState - Mess up, Reboot & Everything Is Fixed! - Yet another SteadyState Review.

Security Now! Transcript of Episode #129 – Leo Laporte and Steve Gibson discuss SteadyState. Also available as a podcast format.

Now the daughter-unit return watch begins…..!



Joe said...

Hi Claus,

I've looked all over your site for your e-mail address, and failed to find it. How can we contact you directly? Thanks!

Claus Valca said...

@ Joe - I haven't listed my email address.

If you want to contact me, feel free to leave me a message in the comments.

Joe said...

Was just going to let you know about an oddity that happened. I am subscribed to your blog and thoroughly enjoy all your freeware gems you tend to find! Cybernet News is another blog that I am subscribed to, and was surprised to find something on the bottom of this post:

On the bottom of the post in the "Leave a Comment" section, it showed your name filled in beside Name, and your blog's site filled in beside Website in the editboxes (as if someone manually typed them in). Thinking it was some Firefox 3.0.1 oddity, like some mistaken cross-site form reference of some sort, I fired up the page in IE (which I never use) and saw the same thing.

Just seemed like such an odd coincidence I thought it deserved sending you an email. Now I've reloaded the page in both Firefox and IE and the editboxes are both clear. How odd!

Claus Valca said...

@ Joe - That really IS odd!

I've been at that page earlier this week in Firefox 3.0 and have bookmarked it as a page that I was going to make note of.

So I have been over there. I don't think it was a coincidence. Not sure if some XSS is going on or what, as you say.

Really strange how the page/form could have trapped the form contents. I have left comments there before (though I doubt I'll ever make All-Star status). I really love Ryan and Ashley's work on their CyberNet site. It's a real gem.

I'll drop Ryan a note to see if he has any idea...

Thanks for that head's up! Really bizarre....


Claus Valca said...

@ Joe - Left Ryan a note. Will see if he has any ideas.

I've gone ahead and deleted my CyberNet website cookies out of my browser just to be safe. Never heard of that happening before. However, if it occurred between us, then there is a good chance it has been replicated as well between others....probably no-one really noticed or cared.

Not a security breach--but definitely worth taking a look at over at the CyberNet that would be the commonality: same site/same page.

Might be a good idea to set my Firefox options to delete the saved form-fields on exit as well.

Also curious, between my first response and your second one I had happened to clean/delete my saved form-field items in Firefox options. Don't know if that could be one reason they didn't show up again.

I would have thought like you it was an odd FF thing (I'm using 3.0.2pre) but since you saw the same stuff in IE, it almost certainly is something going on over at CyberNet.

I'll let you know when I hear something back from Ryan.

Thanks again!

Joe said...


Yeah you're telling me. I'm here reading Cybernet and your name was just filled out in the post a comment field! I've never had to type your name out for anything for Firefox to have saved the form, plus the same thing happened in IE. I wish I'd have saved a screenshot, but it looked just as it sounds. "Claus Valca" was typed in the Name field and your full blog URL was in the Website field, but the Mail and Comments fields were empty. However it occurred to me that you would be the type of person to comment on someone's blog post about a freeware firewall app, so it almost made sense that some strange server bug would have duped that into those fields. However that *really* brings up some privacy issues, you know?

I rarely flush my cookies, however possibly we both had some kind of 'session id' type cookie exactly the same? Just speculation, of course. Quickly looking at the FF3 Page Info dialog for Cybernet shows me I have an extremely complex ID resembling close to an MD5, so it takes that out of the picture.

I should also note that I checked a few other pages on their site from FF3, and those form fields were blank. Then I fired up IE with that Sunbelt blog posting, and there were the same filled out form fields.

So I'm absolutely puzzled. Let me know what you find out - being a tech like yourself makes me especially curious. Thanks!

Claus Valca said...

@ Joe - Ryan responded and said that it is a "...bug in the caching plug-in" he uses for WordPress. Seems to have gotten fixed.

He gave his thanks for pointing it out to him!

Now we know!


Joe said...


Great, thanks for letting me know! Now I am kind of hoping it would have been some small project to fix - would have made a great blog article for you!