Sunday, January 25, 2009

Tools and Techniques…Linkfest

Now back to regular blog material.

Submitted for your approval…a hodge-podge of assorted links containing applications, updates, news and information.

Just don’t put the mashed-potato spoon from the buffet back into the spaghetti bin.

That’s not kind.

  • ExifTool GUI – freeware – Nathaniel dropped a comment in a recent post regarding the command-line ExifTool which can be used to gather great info on EXIF info in digital photographs.  His tip was that there was a GUI wrapper for it.  I’ve since downloaded and configured it and must say it works great.  Awesome tip!

  • The Dude network monitor – freeware – Now updated to version 3.1.  This is a wonderful network monitor and mapping tool.  Incredibly, it is free.  The latest version addresses some stability fixes.  Sysadmins will really find this a useful utility.

  • SmartSniff: Freeware Packet Sniffer – freeware – Nirsoft’s handy and portable network packing sniffing utility is now up to version 1.45.  The latest version offers a new option to display Outgoing/Incoming Data.  Per Nir Sofer’s description, “When this option is turned on, separated values for outgoing and incoming packets are displayed for the following columns: 'Packets', 'Data Size', and 'Total Size'. The values are displayed in the following format: {Outgoing ; Incoming}.”

  • Bits from Bill: Yes We Can, Release WinPatrol v16 Beta – WinPatrol founder and coder Bill Pytlovany has released a beta version of the next WinPatrol software.  WinPatrol is a great program that comes in both a freeware and $ version.  I have lots of individual and specialized utilities that accomplish most of what WinPatrol does in a single program.  For one-stop system protection, cleaning, and monitoring it’s the way for most home and system administrators to go.  Bill is a great guy and is constantly tweaking his product based on real-world user feedback.  v16 looks to add better handling of UAC/WinPatrol interaction in Windows 7.  The second change also allows suppression of alerts (for Plus subscribers).Don’t forget about his WinPatrol USB Flash Edition as well.

  • 4 Tools You Need To Predict The Death Of Your Hard Drive - MakeUseOf.com – Hot off the RSS feed. MakeUseOf drops four wonderful and free tools that help you monitor and diagnose issues with your hard-drive, before they become fatal.  I have used and recommended all of them: CrystalDiskInfo, HD Tune, HDD Health, and finally HDD Scan.  All are nicely portable off a USB stick.

  • Comodo Registry Cleaner – freeware – I’ve been a longtime fan and user of CCleaner and while I don’t feel these classes of tools are the solve-all tools for system problems (sometimes they create problems), they can be useful at times.  So it was with curiosity that I read a CyberNet News post bringing my attention to this new Comodo product.  I downloaded the portable version (in both 32 and 64 bit versions) and did some test runs.  It did claim to find a host of issues on my Vista system registry.  I didn’t apply any cleaning changes yet, but I might try it on a few virtual systems first, after backing up before the changes and also creating a system restore point.  If it is as thorough as it claims, and doesn’t nuke the systems, it might be a great counter-point to CCleaner.

  • h Centralized Information About The Conficker Worm - Microsoft Malware Protection Center blog.  Really nice writeup and overview of the headache making its way across Windows systems world-wide.  Not since the Storm-Worm have we seen such an ugly mess due to lack of Windows patching by end-users and sysadmins.  They break down the various infection vectors and provide linkage for more research and fighting.

  • Windows Incident Response: WFA 2/e Status – Windows Forensics expert Harlan Carvey is hard at work on his next volume. I was getting ready to buy his first edition just before the holidays, but then he let slip a new edition is coming soon.  So I am going to hold off just a bit longer and get the newest version.  Looks good and I can’t wait!

  • Microsoft Virtual PC 2007 SP1 vs. Sun xVM VirtualBox 2.1.0 – 4ysyops blogger Michael Pietroforte does a really great comparison of the benefits and differences between VirtualPC and VirtualBox. I am often asked my opinion and have to say that “generally” for Microsoft OS systems I want to virtualize, I always go with Virtual PC.  For Linux systems I want to virtualize, I turn to VirtualBox.  Michael goes a bit more technical.

  • MacOS X Forensics – I don’t get to play with MacOS X at all. So while I find forensic discussions on Windows systems very helpful as a sysadmin and troubleshooter, I wouldn’t have a clue regarding OS X.  That said, this looks to be a great starting resource point for those looking to learn more about this particular field.  Spotted via Eternal sunshine of the geeky mind.

  • Anton Chuvakin Blog - "Security Warrior": On Heartland – OK. Here’s the deal.  Heartland was a credit-card transaction processing company that got hacked bad and it looks like it could rate as one of the biggest—if not biggest—security breaches ever.  I’ve held off posting linkage as it goes on forever.  Good thing I did as Anton Chuvakin has sorted through all the chafe and provides us with the key linkage needed to understand the breakdown from multiple angles.  Not just a what went wrong, but also has ideas on future prevention and what this teaches us in general.  Great reads.

  • Report: Law Enforcement Closing In On Heartland Breach Perpetrator - Security breaches/Attacks – DarkReading security website.  The most interesting parts to me from that writeup:

Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the "sniffer" software used to collect the data was located only last week.

"It will be interesting to see how this incident pans out," says Rob Rachwald, Fortify's director of product marketing. "Our best guess is that the software was either installed by a sleeper, a rogue employee working inside the firm who passed the usual vetting procedures, or a direct systems attack followed by the insertion of a custom application on the processor's IT resources. "The $64,000 question, of course, is whether Heartland and the U.S. Secret Service will reveal the actual modus operandi of the fraudsters. I somehow think this will not happen." According to the news report, a Heartland spokesman did reveal that the sniffer software was "inactive" when it was finally discovered by the forensics experts. The spokesman did not say whether the software was inoperative, or simply dormant and waiting to be called on again by the criminals.

--Claus V.

No comments: