Thursday, December 16, 2010

Worn Down and Rusted Out Linkfest Edition

worn-down-rusted-out

Thanks for the messages of kindness checking on me that a few GSD faithful have sent in over the past few weeks.

I’m pleased to say that Claus V. is still alive and kicking…just worn down and rusted out a bit.  As many of you have correctly surmised, work assignments have pretty much overwhelmed me and left me with little energy left except for watching Phineas and Ferb, iCarly, and Bones with the ladies off the DVR on the few free hours when I drag home at night as well as wearily wake up on the weekends.  Everyone has had to really crank up the productivity (already red-lined) due to economy pressures with more special-projects in the pipes.

I even got some time off today to catch the Disney movie “Tangled” with Alvis this afternoon.  I’m a sucker for princess movies!  I can’t wait to put the Blu-ray version of this one next to my “Enchanted” disk set.  Good family movie for all ages!

Anyway, the positive news from this unplanned blogging hiatus is that I have really been able to focus on applying many of the security/forensics tools and techniques in a myriad of very unusual incidents so while I am still exhausted to the frame-rails, it’s been a fun trip along the way.   Look for some neat stuff soon from that camp.

Nor have I been taking a “Net-free” sabbatical.  The RSS-feed collector has been diligently at work as well and I’ve been distilling the results to some of the most interesting and helpful links of all that survived the winnowing process.

So, without more ado, sit down, strap in, and hang on tight.  The Linkfest begins!

Microsoft Security Essentials 2.0 ?

Microsoft Security Essentials 2.0 looks like it may have been released.

Microsoft Security Essentials - Microsoft Download Center. Publish date 12/16/2010  (Note: as of this post, that link still shows a version number of “1”.)

I've been running the Beta MSE 2.0 versions on our Windows 7 x64 & x32 systems for some time and have been pleased. Love the inclusion of a right-click context menu "scan with MSE" menu item now.MSSE2.0.6.57.0
This morning my Beta MSE version was 2.0.522.0

After downloading and over-installing the new setup file version downloaded from that page, it now checks in at 2.0.657.0
Some more info on what the new edition offers over at this Security Essentials 2.0 releasing tomorrow mynetx post.

I assume patient users of MSE already will eventually get a push/Windows Update to bump it.

Meta data in the setup file (x64 version) I downloaded and used did report it was a 2.0 version as well…so maybe MS hasn’t updated the version number on the page until an official release announcement…or it could be one last final beta bump before the final release?  I’m not certain.

Spotted over at the (German) Caschys Blog post:  Microsoft veröffentlicht kostenlose Sicherheitslösung Security Essentials 2.0

i-odd Firmware updates and other multi-boot/formatting toys 

I-Odd has released some firmware updates.  If you don’t recall the iodd : Multi-boot madness! post, the i-odd is an external USB2.0/eSATA drive enclosure that allows you to store boot-disks in ISO format and then boot a system with any of them via the selector toggle.  It is wicked cool.

The US i-odd site is offering Firmware Version 1.42.48 (ISO) that supports either FAT32, EXFAT or NTFS partition handling for loading disk images.  Until recently only FAT was supported.

The Korean manufacture's i-odd site actually is serving an even newer firmware version at 1.42.53.
Take your pick.

FAT/FAT32 formatting limitations typically have restricted partition sizes so you have had to use alternative formatting tools to get around those limits if you wanted a really big FAT32 partition to store your ISO’s on.

TinyApps.Org Blog recommended the FAT 32 Formatter from Ridgecrop Consultants Ltd.  If that CLI version isn’t to your speed, they also offer a Windows GUI version of fat32format.  Miles’ recommendations are always golden so that’s the tool I still use.

I recently found mention Fat32Formatter which has a slightly different GUI.

That was picked out from RMPrepUSB HomePage which has an interesting tool to partition/format USB drives and make them bootable for SysLinux or grub4dos bootloaders. 

That was found via this XBOOT vs 1.0.0 beta4 - reboot project that is working to aid in the creation of a multi-boot USB builder.

All this is still very interesting, but TinyApps’s find of the i-odd device makes all these exercises almost academic.  Get the enclosure, buy a 2.5” drive to stick in it, update the firmware, and copy your boot ISO images over to your heart’s content.  Then just toggle to the ISO you want to boot with, select it, and boot away.

One last TinyApps mention: check out his amazing documentation work TinyApps.Org : Mounting disk image partitions.  He sent the link to me some time ago but I’ve been swamped and only had time to do very limited Linux-based work at work so I haven’t been able to give it its true due.

Secunia PSI 2.0 Beta Available 
Security company Secunia announced in September the release of the PSI 2.0 Beta.

Auto Update your Programs - Secunia PSI 2.0 Public Beta - Secunia Blog

From the blog post, the engine remains the same but the user interfaces, the auto-updates, and reporting have all been revamped. Secunia PSI changelog

While I and everyone else can continue to benefit from the cloud-based Online Software Inspector (OSI) version, having a localized Personal Software Inspector (PSI) on your Windows system can go a very long way to ensuring your applications are able to be kept current without much mess or fuss.

Adobe Advances

The Adobe folks have been hard at work revamping and prepping a number of products that are often found on many enterprise and consumer Windows systems.

Adobe Labs - Adobe Flash Player 10.2 beta - This is the latest “mainstream” Flash beta version.  It includes enhanced support for IE 9.0 releases and full screen mode support for users with multiple monitors.  However it only comes in a x32 bit release version.

Adobe Labs Download: Flash Player 10.2 Beta Release

Adobe Labs - Adobe Flash Player "Square" is also available and does include x64 bit support for Windows, Mac OS, and Linux.  I’ve been running this one on my x64 Windows 7 system with no issues at all.

Adobe Labs Download: Adobe Flash Player "Square" Preview Release

Related: How-to: Disable Chrome’s built-in Flash to use a Flash beta release. DownloadSquad
You may also have heard Adobe released version 10 (a.k.a “X”) of the Adobe Reader.

Adobe Reader X is Here! « Adobe Secure Software Engineering Team (ASSET) Blog

Adobe - Adobe Reader download

PDF security guru Didier Stevens has some initial thoughts: Quickpost: Adobe Reader X and provided a wicked-helpful link to Adobe’s FTP server. The en_US FTP folder contains both msi and exe based installer versions!

To add to the helpfulness, Aaron Parker at StealthPuppy has a number of great Adobe Reader deployment tips and tricks postings.

Deploying Adobe Reader X | Aaron Parker

Uninstalling Adobe Reader | Aaron Parker

…including a tip-out to the Customization wizard for pre-deployment installer tweaking; note you can get the 10.x version from the FTP site.

Network Nuggets!

One of the duties that has required a lot of my time has been network monitoring and traffic analysis.  I continue to make good progress with Microsoft’s Network Monitor 3.4; specifically the nmcap.exe CLI tool.  I’ve not had a dropped packet yet during a capture session.

Marking Frames with Network Monitor 3.4 - Network Monitor Blog

Network Monitor Freezes While Loading Capture - Network Monitor Blog

CodePlex Parser Site - Check for the latest Network Monitor parser sets here.

In case I haven’t mentioned it recently (it’s been a while) inSSIDer Wi-Fi Scanner over at MetaGeek is now out at version 2.0.  It was a great help tracking down a network tap some time ago.

And despite my comfort and pleasure with Network Monitor 3.4, I am now trying to transition back to Wireshark.  NM3.4 only seems to output in “cap” format, not pcap.  That’s no big issue but I then have to do an extra step of “editcap -F libpcap infile.cap outfile.pcap” to convert things.  This has been quite fast, but it is a step I shouldn’t have to be taking. 

My biggest complaint to date with Wireshark (and it’s a noobie one) is that I kept getting occasional crashes during capture in the Wireshark GUI mode.

However since I’ve gotten comfortable working in the NMcap CLI tool mode, I’ve started flirting around the the TShark CLI utility for captures as well.  It seems to be more stable for longer-run capture sessions.
Along those lines I’ve been collecting resource links on TShark:

Tshark examples: howto capture and dissect network traffic - CodeAlias

tshark filters - PacketLevel

tshark examples - random notes

TShark Packet Filtering - TheSprawl

Wireshark/TShark Utilities - TheSprawl

Pcap format is essential as I continue to use the NetworkMiner Network Forensic Analysis Tool (NFAT) and Packet Sniffer for much of my post-capture analysis work.  Unfortunately, it doesn’t handle NM “cap” format files, thus the conversion to pcap first in editcap.  So capturing in pcap native files is a time-saver.

You may also recall that I’ve been restricted to using an older .88 version of NetworkMiner as some packet captures end up forcing a premature shutdown in versions up to the current .92.  I actually was able to engage developer Erik Hjelmvik in this Topic: Versions past .88 prematurely exit discussion.  He was awesomely kind and patient.  We eventually took the discussion off-line and with his gentle guidance I was eventually able to provide him some helpful data that explained the issue.  He thinks that the issue “…could occur when there are partially overlapping TCP segments at the same time as the TCP packets arrive out-of-order.”

A future version of Network Miner should address this issue, and bring many more enhancements.  Hopefully Erik will release an updated version soon!

It was really challenging but really rewarding having the opportunity to work with Erik on this issue.  He is a really great guy for kindly providing that level of support to me on a free-to-the-community project.

Microsoft Tips, Tricks, and Treats

Download details: The Windows® Automated Installation Kit (AIK) for Windows® 7 - Released in mid-November under version 2.0.

The Case of the Slow Project File Opens - Mark’s Blog; troubleshooting awesomeness!

The Windows 7 Guide: From Newbies To Pros [FREE EBOOK] - MakeUseOf - Nice resource for you all who are planning on handing out Windows 7 systems as gift to current XP users.

Enhanced Event Viewer for Windows 7 released - The Windows Club is a fancier version to view and search event logs.  Pick it up over at the sateesh-arveti - Site Home  on TechNet Blogs

Tenniswood Blog has an update tip on How to enable Remote Desktop in Windows 7 Home Premium.  Follow his links to grab the new and improved bits.  Me?  I’ve still got this around on our home systems as a “just in case” but am really loving the TightVNC 2.0 application even more.

While we are still on the subject, MakeUseOf blog has a really interesting Control Your Computer Remotely Using HTML5 With ThinVNC post worth checking out.

The Best Ways To Customize The Welcome Screen In Windows 7 by Simon Slagen on MakeUseOf has a trio of ways to modify your Windows 7 login screen ranging from the very simple to the very complex. Of them, I agree with the post and found that for most users the Logon Screen For Windows 7 tool by DanielNET software was the easiest to use.  That said I’m surprised my first utility to encounter in this class, Windows 7 Logon Background Changer didn’t get included.  It hasn’t let me down yet.

Image is Everything

TOOL: Image Resizer 2.11 for Windows 7/Vista  - Kurt Shintaku’s Blog is a dead-simple, integrated way to let anyone quickly and easily resize their images fast.  It’s a must add.

Freemake Video Converter updated with cool new features - freewaregenius.com is yet another great and very full featured video converter.

Lightworks - Open Source highly complex but wonderfully approachable video editor is out in a public beta.  I’ve been waiting for this one for some time and am amazed it is sitting on my desktop.  The GUI is very well designed but start digging under the hood and I think this tool has the stuff to leave the other freeware/open-source video editors in the dust.  For a Windows platform, this must be seen.  I’m itching to get a new video-production project to toss at it.  This is not for casual users who might find Windows Live Movie Maker 2011 or another similar non-MS product easier to get started with.  Registration (easy and free) with Lightworks required to get the download bits.  Lots of documentation in PDF form is a happy bonus.  Requires download of third-party “Matrox VFW” codecs.

For other options and software tools in video editing see this GSD Blog Video-Editing Resource Roundup.

Finance Planning Tools 

Things have been very tight around the Valca home.  For almost the past two years we have had to painfully downsize to a single-income family lifestyle.  It has been almost that long since Lavie was able to work.  However thanks to discipline and the kindness of family and friends, we have weathered the belt-tightening fairly well.  Hopefully the new year will bring new riches both in terms of our family employment outlook as well as the bank account.

We continue to benefit from the use of Microsoft’s free “Sunset” edition of Microsoft Money Plus.  I’m using the Money Plus Sunset Deluxe version but there is also the Money Plus Sunset Home and Business
However, if you trust and and are looking for a cloud-based financial planning tool, check out the following finds:

Sprouty - Simple and easy budgeting

Mint.com

Either of these along with some healthy Finance & Family encouragements from zenhabits, those (by choice or circumstance) living in the “simple life” may find some great tools and resources to help them breath.

More Utilities

These didn’t seem to fit in other categories, so here they reside:

CSV file editor, for Windows - CSVed is now updated to version 2.1.3.  This freeware tool has saved my rear lots of times for complex pre-editing of tricky CSV files before dumping into Access or Excel.

BulletsPassView - NirSoft’s new build to view the passwords stored behind the bullets in Windows / IE.  Doesn’t work for everything but is super-useful in a pinch. May set off AV as “hackware” or PUP.  That’s a AV thing nothing wrong with the tool in the right hands.

6 Must-Have Apps For Computer Repair Technicians - MakeUseOf blog.  Interesting roundup. Not what I would pick for my “must have 6” list, but they are worthy to add to your toolbox.

FOG-ing the Future?

With only a literary nod to JKR, the FOG project is one really neat looking project.
fogproject.org

FOG allows for Windows system imaging capture/deployments from a Linux OS.  It is very cool looking and very neat, particularly with an almost turn-key PXE-based capture/deployment solution.

Windows Image Deployment with FOG - Petri.co

Lifting the Fog - Compendium IT

Cloning Windows 7 VMs Using FOG - The Horrendous World of IT

FOG - Computer Cloning/Imaging solution Server (0.27) - VMware Virtual Appliance Marketplace
See also these FOG Project Video Tutorials

There is a lot of documentation and YouTube video resources and it looks to be a very mature (and still developing) project.

If you haven’t heard of FOG yet, it’s worth checking out, particularly if you are an imaging guy.
That said, I still like working with Microsoft ImageX WIM file images and deploying them in PE-based methods in our environment.  Being able to off-line mount and service image files has helped me lots of times.

Virtualizations

In the “Lifting the Fog” link above, the author incorrectly states that the virtual version of FOG uses Oracle’s VM VirtualBox.    That isn’t correct.  It is a VMware appliance version, not VirtualBox.  I guess it is easy to get them mixed up by name alone.  I currently have Windows VirtualPC, Oracle’s VirtualBox, and VMware’s VMware Player all installed on my system!

VMware Player still is getting updated (and remains free).  If you don’t want to register to get the bits from VMware, try this Download VMware Player 3.1.3 link via FileHippo.com.

Think the VMware Player will trap you into using only pre-configured VMware appliances?  Check out the free VMware resources by developer DEVFarm Software such as the really cool VMX Builder. One of may cool tools at VMXBuilder.com

VirtualBox fans may be surprised (or not) to learn that while the public build of VirtualBox is at 3.2.12, if you dig around you can find and use VirtualBox 4.0 beta builds.  I’ve been using these for a while and they are really nice!  I really find the GUI interface improvements particularly enjoyable…not to mention all the under-the-hood updates!

Download VirtualBox 4.0.0 Beta 3 - Change Log - FileHippo.com

Index of /virtualbox/ - Oracle’s FTP site for direct VirtualBox bits including the [DIR] 4.0.0_BETA3/

Whew!

Hope you found something here enjoyable and I appreciate the GSD fans who have been waiting for a new post.

Check back again soon for the forensics and security linkfest followup.

Even more goodies await!

Cheers!

--Claus V.