Saturday, January 28, 2012

Solving the DSL<-->WiFi<-->Nook<-->In-Laws Equation

The Valca home is and has been an Amazon Kindle only zone for some time now; thank you very much.

So last year Lavie decided that the E Ink keyboard one (of two) that we had was a bit uncomfortable for her (and not back-lit). She decided to move over to a B&N NOOK Color model. This was in the pre Kindle Fire days so I guess we could tolerate its presence.

The Nook Color served her well enough but when the Kindle Fire came out she had to swing back. It finally arrived last week as a back-ordered Christmas present.

Fortunately, she hadn’t purchased very many books for the Nook so we didn’t deal with trying to see if there were any options for porting her books over to the Kindle. It was an opportunity for a fresh start.

So, she passed her Nook on to her parents a few weeks ago and they loved lot. A lot.

They are on a DSL broadband service, and have a wired XP desktop system. One cable to rule all Internet service. No WiFi except when we stop in for an extended visit and I bring my D-Link DAP-1350 Wireless N pocket router and take over their single network connection for the weekend. Nice but not a permanent WiFi solution.

I suppose we could have just taught them to connect the Nook Color to their desktop via USB and manage it directly but it seemed time to add a WiFi router to their humble network and just do it right.

So that was this Saturday’s “honey-do” and this post is the process we had to go through to upgrade their DSL network and get the hand-me-down Nook color fully transferred over and set up for them.

First Part of the Equation: DSL<-->WiFi

First I picked up a WiFi router. I went with what has become my perennial favorite: DIR-655 Xtreme N Gigabit Router from D-Link 

I’ve had this unit personally for a number of years and is rock solid, has both the “N” and older wireless standards, has a rockin-long range, and is super-easy for configuration. The power was important in this case as the location of their DSL modem is on a second floor above-garage room pretty far away from their usual living areas. The signal will carry all the way downstairs and up. Check. And since it is the model I also own and maintain, I know and am comfortable mucking around in the settings. Makes providing extended support much simpler when a problem arises.

Typically I’ve been able to get away with just unbox, connect, run-wizard from CD config, then go and make some manual setting tweaks afterwards. However, this 2-wire DSL modem was a real headache. I could set up the internal network and WiFi perfectly. Just couldn’t get to the Internet through the DSL modem. Plugged the DSL modem Ethernet back to the PC and it was working, reconnect to the DIR-655 and it wouldn’t'.

Long story short, I eventually figured out that for their particular hardware and provider, I had to do a few more custom tricks.

I had to set the Internet Connection Type to PPPoE and enter their DSL username/password. (I got that from their email client settings.)  D-Link has a nice Emulator for this router to play around with: D-Link DIR-655 RevB Emulator

Then I had to go into the Network Settings and change the router IP Address to use from the default IP address of   Turns out that the default IP address was conflicting with the internal Ethernet-facing IP address provided by the DSL router. This was the real trick.

Once I got the network stabilized, I tested the configuration survivability by powering off both the DSL modem and the D-Link (to simulate a power-failure), then powered them back and and made sure the PC could get to the Internet. Check.

This one was actually a DIR-655 RevB model so I then saved my configuration file, downloaded the latest firmware and ran an upgrade. Success. Naturally it lost all of my settings, so I had to upload my saved config file and it was back to normal. Yea me!

More helpful notes I had to find to work out that issue:

So now I had taken care of the DSL<-->WiFi router part of the equation. Next the Nook.

Second Part of the Equation: Nook<-->In-Laws

This actually was almost harder than getting the router added.

Because the Nook was a hand-me-down, Lavie had it configured with our WiFi settings, her name, and the account information. She said she didn’t mind if her parents just kept it that way and we just change the billing information on the account. However, she had followed bad password security and used the same information she has used on several other of her on-line accounts. I needed to break that clean.

The rub was that Lavie had already purchased some books for her dad under her Nook account and I didn’t want to loose them. What I wanted to do was to figure out if/how I could transfer the B&N account she had set up over to them and remove Lavie’s information and add-in theirs.

Here’s what I had to figure out doing to keep the original Nook account (and purchased items) but swing it fully over to the in-laws “clean”. Note this was a serious trial-n-error process that took almost two-hours longer than it should have (by my reasoning). This is the “clean” version and from what I later read on the web, seems to be the only way currently I know of to “transfer” a nook from one email/owner to another one while preserving the purchased items.

Note: Lavie didn’t have any files or items on her Nook that were not already associated in her Nook account (like manually installed music/videos/pictures/stuff) so I didn’t have to deal with the loss of those in this process. If you have those on your nook and want to preserve them, you probably want to off-load/copy them to your PC first before beginning this process. Again, this assumes everything you want to keep is safe and and associated in the B&N account you will be restoring from. YMMV. So you were cautioned, so you were warned.

  1. Take your Nook (the one you want to change the owner name/email account info on) and go into the settings and find the option to Unregister/Erase your Nook. Do this first. Really. BEFORE you do ANYTHING ELSE. It sounds serious and I guess it is, but that’s how the Nook rolls.
  2. Once your Nook is reset, log into your B&N account from the page. If you can find the login link on the page. Seriously. I was using Chrome and it took me ten minutes to realize that tiny gray bar (which perfectly matches the address bar gradient and bookmark text in Chrome at the very top of the page) with the tiny text is the login location. Sheesh. Hey B&N. Can you make it a bit more obvious please?
  3. Now change your name in the account. I changed it over from Lavie’s name to the in-law’s.
  4. Change to your new email address in the account. Changed from Lavie’s to the in-law’s.
  5. Change the password if you desire…I did so desire and changed to a complex full 15-character (most allowed by B&N) password.
  6. Change the Shipping/Billing addresses as needed. Now set to the in-law’s.
  7. Change your secret challenge question if needed. Selected and changed as picked by the in-law.
  8. Update the associated credit card information. Definitely the in-law’s here!
  9. Etc.
  10. Once all the account information is updated to the way you want it and saved, make sure you can successfully log-in/out of the account. Good? Great.
  11. Next fire up the now reset Nook and go through the setup process from scratch.
  12. Accept the Terms of Service.
  13. Set the Time Zone.
  14. Connect to a WiFi network. It found the WiFi network I had earlier got working, I fed it the secure passphrase and it connected perfectly and strongly.
  15. Register the Nook. (I passed it the updated email address from above and the new password.)
  16. It Registered and identified perfectly as the in-law’s nook now.
  17. Yea me!
  18. We went to the Library and told it to refresh and all the books previously associated with the account flowed back down and “installed” without any issue.
  19. I then went to the applications and downloaded the waiting previously purchased/associated apps. Perfect!
  20. The Nook was now fully theirs.

Equation Solved: DSL<-->WiFi<-->Nook<-->In-Laws

We spent another hour or so going though the list of free NOOK Books at Barnes & Noble. We found a good selection of mystery and history classics to keep them both occupied for the next couple of months. Pop also found a good old-west history book to purchase as well. It was good training process and confirmed the purchase/credit-card association with the account worked.

Mission accomplished, five hours (and one super-awesome BBQ baked-potato for lunch) later, the equation was solutioned.

Additional Notes:

  • Daughter hovering over your shoulder on the back of the couch while you have your laptop and the Nook balanced on your lap troubleshooting. Like a vulture lurking. Not helpful.
  • Daughter making organic microwave popcorn and snuggling up munching away while you have your laptop and the Nook balanced on your lap troubleshooting. Also not helpful.
  • Daughter not asking once to borrow your laptop to check out the WiFi and Facebook while you are troubleshooting. Very helpful and appreciated.
  • Sense of patience and humor from all participants; self, daughter, in-laws. Very helpful.
  • Extended road-trip to in-laws up and back with daughter on beautifully clear and cool day through the east-Texas pines lined country roads. Priceless.

Final thoughts.

Lavie had successfully set up her Kindle Fire just fine by herself (thank-you-very-much) so I didn’t get to participate in that except for applying a smokin-hot DecalGirl skin she had picked out for her Kindle (my hands are super-steady for such things). She had also picked up screen protector but turns out that it is a full edge-to-edge cover which would cause issues with the DecalGirl skin on the front (which frames the blacked-out display edge portion). I suggested trimming it down so it fits inside the DecalGirl border but she passed on that for now…so it remains uninstalled at the moment.

Alvis and I both have the WiFi-only version of the E Ink Kindle model and we love them. Light, super-durable, and the charge lasts a long time.

Last night Lavie did ask me to copy some songs from her iTunes playlist to the Kindle Color. You can do it a few ways, apparently most popular is to upload music from your PC/Laptop to the Amazon Cloud Player service. What I ended up doing was to connect Lavie’s Kindle Fire directly to my PC (which holds our iTunes library) via USB, then opened iTunes, opened her play-list, sorted it by album, then I selected a song, hit the three key-combo “Ctrl-Shift-R” which opened up the location of the file itself on the library, selected any additional songs in her playlist from that album, copied, then pasted them in the Music folder on her Fire. Repeat as needed.  It was a bit slower but got the job done. All of them appeared to be in the compatible .m4a format and I didn’t find any .m4p that would not have been supported.

She was jammin…though I left her to work out creating a new playlist from those songs directly from within the Kindle itself.

Adding photos/videos would be the same process, locate on your PC, drag/drop into the correct folder on the Kindle when it is attached via USB and shows as an external storage device. Piece-o-cake.

Based on the (admittedly still limited) time I spent on both the Nook Color and the Kindle Fire, I found the Kindle Fire was more to my liking. I could navigate around the Nook Color and it was pretty intuitive (never did get around to reading any manuals on either one) but I did like the “hand-feel” of the Kindle Fire better. And the navigation just subjectively felt better to me on the Kindle Fire than the Nook.

Since I am (for now) a hard-core Kindle E Ink format lover, the extra bells-n-whistles of the Kindle Fire haven’t captured my eye yet, so I cannot comment on app-support and performance of videos/games/applications between the Nook Color and Kindle Fire.

The other think I noticed while helping set up the in-law’s Nook was the apparent lack of easily found free E Books directly within the B&N Nook store. Searching for E-books at B&N was a super-pain as well. In the end I had to do a Google Search to find this “all-in-one-place” location for Free NOOK Books.

When I first got my Kindle, right on the Amazon Kindle pages I found this Free Book Collections: Kindle Store link. In no time flat I had downloaded almost twenty amazingly awesome classics from literature, philosophy, religion, and reference. All free. I’ve since moved on and expanded my collection to include many additional eBooks I’ve found scattered on the net including some great ones in PDF formats and I have made a number of eBook purchases for the Kindle as well. That smooth and awesome experience jumping into the Kindle right-out-of-the-box probably helped solidify my personal leanings towards the Kindle platform. I’m sure there are lots of additional Nook-compatible ebook formats and ways you can get them to your Nook, but for the in-laws, having in-store access to locate and select-to-download-direct to their Nook has a lot of appeal.

I’ve got a lot of great Kindle resource links saved and building for a GSD Kindle post…along with some cool technical and for/sec bits related to the device I have found as well. Hopefully that will come soon.

Anyway, hope this helps someone else trying to get their DSL <-->WiFi<-->Nook<-->In-Laws equation to balance out and solution properly.  Now I remember why I found Calculus so challenging. It was a real love/hate relationship and this turned out to be very much the same.


--Claus V.

Sunday, January 22, 2012

The GSD Curmudgeon says “Get off my Yard you Dang Kids!”

Sigh. I’m getting old.

I recently read a post at ReadWriteWeb by Scott Fulton, III Mozilla's Plan for Keeping Firefox Relevant in a Post-Browser Web.

That day I became dangerously close to becoming the old technologist guy equivalent of the “You kids get off my lawn!” guy we all probably know.

What is Mozilla doing to my beloved Firefox of the near and dear “future”?

  • HTML5 runtime functionally support (for driving in-browser, non system proprietary, web-apps).
  • Extending cloud-based services.
  • An on-line identity management system called “BrowserID”. (How it works)
  • and more stuff imagined and planned.

That left me grumbly then John Paul Titlow at ReadWriteWeb posted this Mozilla: We're About to Grab More Data About You, But Here's How We'll Keep It Safe.

Mozilla has some big plans up its sleeve in 2012. The non-profit open source foundation is planning some features for its Firefox Web browser and beyond that will require greater access to user data. In a blog post, the organization explains exactly how it intends to use and handle that data. In short, very carefully.

The blog post John Paul references is up at Mozilla Privacy Blog: Mozilla to Offer New User-Centric Services in 2012.

While I recognize and appreciate the very challenging work that browser developers have (not just at Mozilla), I think I’m grumbly for two primary reasons here with Mozilla.

First, I was a very early adopter of Firefox. It was quicker than IE. It was slimmer (memory and feature bloat) than IE. It was more secure than IE. And I could plug all kinds of things into it (Add-Ons/Extensions) to customize it with only those features and capabilities that helped make my experience on the Web better. If I didn’t need it, I didn’t' install it and thus kept the Firefox browser lean and mean.

I really do “get it” with the coming exciting wave of “web-based apps” and running them in your browser and the security it will now bring (think JavaScript/Flash). It’s the next “big” evolutionary shift for the Internet. Really. Who of us really still think of the Internet as being just a super-large reference library and world-wide town-square/market anymore? It’s now a world-wide commercial mall and entertainment center. Really. Oh sure, you can still go down that wing none of the hip kids hang out at and find the pubs where the old-timers hang out, a few plain coffee-bars where the wanna-be journalist “bloggers” hang out and trade stories of yore, and maybe go into that virtual bookstore of arcane knowledge and technical minutia that some of us still love. But really. None of the cool companies and consumers come down this way. They demand different things. Better things. A new paradigm of interaction and operation.


So the browser needs to change to keep up. Bigger, more embedded features. Probably faster. Probably louder too with base-boost and kickers. Hopefully the security alarm on it will be better too.

Secondly, my bones ache every time a new ID management system comes out that gets closer to being a cloud-based requirement. I know, it’s for my own good their doing it. Really. I’m so much safer having more and more of my user data off-loaded to the Webs and Clouds. Clearly the higher and higher it goes away from me the safer and safer and harder and harder it must be for the underground dwellers to grab it. Right? What? Oh, I have to just “trust” everyone “out-there” with my user data and All-In-One credentials and stuff. I’m sure everyone will be honorable and diligent in keeping my account and passwords and user data safe and secure. Nobody ever gets their customer’s account/password information lost to hackers, or on a laptop, or on a USB stick anymore, or via a network traffic hack. Right? That was just in the “old-days”. These new solutions are really, really safer.

I get it. I do. And I appreciate everyone working so hard to keep Firefox and my web experience so much more safe, more secure, and more powerful than ever before. I appreciate modern AC over running a fan past a block of ice to cool my house. Really. And who doesn’t like the convenience of a cellular smart-phone over a plain-old copper analog line service wired into your house?

My browser is growing up, and the world it is living is changing as fast as it is.


I still use (and probably will) Firefox as my personal “production” web-browser of choice. It works for me and my way of being productive.  That said, when I’m surfing the web, give me Chrome. I guess I have to still drive the daily commuter into work and back, but yeah, on the weekends I like to pull out the latest sports car for tooling around the highways and byways and back roads.

You know, I was a very early adopter of Chrome. It was quicker than Firefox. It was slimmer (memory and feature bloat) than Firefox. It was more secure than Firefox. And I could plug all kinds of things into it (Add-Ons/Extensions) to customize it with only those features and capabilities that helped make my experience on the Web better. If I didn’t need it, I didn’t' install it and thus kept the Chrome browser lean and mean. In fact, I hear from the Google Chrome Blog that Chrome is about to get more Speed and Security with pre-rendering of pages and enhanced URL and file-download checking. What’s not to like about that!

I gotta admit, high-school senior (these kids again!) Danny Stieben’s timely post at MakeUseOf blog probably sums it up right: Why It Eventually Won’t Matter What Browser You Use [Opinion].

It won’t. Honestly. It just won’t. Time to face the music and admit I’ve got to adopt the new (browser/web) core “technology” design model and landscape or I’ll become irrelevant and end up spending the rest of my days in that dilapidated and decaying wing of the New Web Mall hanging out with the other curmudgeons and making fun of those really dorky guys and gals still using AOL web-mails, web portal home-pages with their IE 5/6 and Firefox 3 web-browsers. Seriously? Who uses those anymore?!! Get a clue.

Here. Spin a wheel and take a pick. Take one. Use one. Just don’t become friends or companions. Someone’s bound to change and the relationship will sour, and there will be a new favorite.

The GSD Curmudgeon ends with these moving and inspiring words of wisdom and perspective on the whole thing.

Great Motivational Speech - It Just Doesn't Matter - YouTube

Ok…soap box away. We will now return to regular GSD programming.

--Claus V.

On The Usefulness of a Pleasant Desk

vn4044ma.5rwI can’t believe I’ve been blogging now (fairly) consistently since 2005. I’ve gone from a peak posting rate of 311 posts in 2007 down to a low of just 40 posts last year in 2011.

Finding the time to blog has grown more and more challenging and I hope the quality and depth of many of my posts has grown over the years as well.

The last two years in particular have been a personal frustration as I have attempted to grow more “present” with my family and community while dealing with the tremendous workload presented in my “real” job that has meant longer hours, later hours, and technical challenges that have conspired to keep my technical processing brain-core on overdrive.

All that said, the biggest problem I had, however, hasn’t been a lack of inspiration, or of time, or of material.

I seriously believe it was the lack of a good desk and by extension, a good workspace.

See, from 2006-2009 a good part of my primary blogging hardware was based on desktop computers at home. First an old Gateway and later a small-form-factor barebones home-build kit.  Both these systems were kept in a nice desk that was located in our library/laundry room.  So I could hole up in the space, have few interruptions, and focus on writing, and blogging, and blogging. Lots of productivity.

In 2006 Lavie bought our first laptop. Then in 2007 Lavie won a Gateway laptop and it became her new laptop and the first one became a backup family pc.  Then in 2009 Lavie  picked up a larger laptop for herself and I took over the Gateway laptop as a secondary system while Alvis took over Lavie’s first one. Though I continued to patch and upgrade the SFF desktop pc I used, the Gateway laptop really became my primary home computing device and blogging platform. And in late 2010 I finally obtained my own "dream" notebook.

I sincerely believe the shift from using a desktop pc (at a desk) to a laptop (wherever) is what led to the biggest hit on my blogging production.

When I sit at a desk I have a productive mindset. When I’m in one of the chairs or couch in our living room I can blog, but it doesn’t feel as natural as just “couch-surfing” the web. I find it hard to build and maintain a writing rhythm if I’m anywhere but in front of a desk.

Since the girls REALLY wanted me to me more present with them and not hidden off in our library area, and I had a laptop, it was very seldom that I found myself in our study and my desk--and in a productive blogging mindset.

I’ve been trying to find a solution to the problem for some time. Unfortunately, the desk in the library while not large, just didn’t seem to lend itself to either our living room décor or function. So I’ve just coped, and the blogging rate has suffered.

vco4im4v.wovLast week I found a cheap trestle-style mini-desk that was perfect in color, style and size for the living room. With minimal rearrangement I was able to place it in the living room along with a nice matching traditional wooden chair with a faux-leather seat cushion. It was a great pairing.  While not my favorite in terms of style, it was a perfect pairing of form and function (and price) so I struck while the iron was still hot.

That weekend saw the slew of postings which has almost brought to half-as-many as all I did last year.

Now I have my own elegant and relaxing workspace again to use my laptop at; but still be “present” with Lavie and Alvis after work or on the weekends.

Now the story should end there.

However this weekend Alvis and I finally swapped got around to swapping our desks. These are not to be confused with the new one above.

See, Alvis has been using a large French-country style desk in her room for her homework/TV/laptop/crafting needs.  It is a beautiful desk that has an attached shelving unit over it. Meanwhile my desk (the one in the library I have mentioned already) is an Ikea special with a simple solid wood frame, a side-caddy for a desktop PC and a small pullout drawer that held all those misc. USB cables and PC hardware bits that accumulate.

Alvis in her artsy/interior-design-y mode decided she needed to “open up” the space in her room and swap desks. This way she has more physical room (since mine is smaller) and gain a desk that is more work-bench-like for her crafting. It will also work better for her new machine-sewing hobby and crafting system.

So yesterday we set to work clearing off our desks and emptying them of their contents. Lots of cables to re-manage, lots of missed-dust to remediate. And the desks were swapped.

Alvis’s (new-to-her) desk fit perfectly and holds a small LCD TV that doubles as a second monitor for her laptop. The solid wood surface is more firm for crafting and the lack of a overhead shelving system means she can now feed large lengths of fabric easily across the surface. She did add a small wire-baking-rack to the side of it for storing supplies. Now she has space galore in her room reclaimed.

My (new-to-me) desk is in the study. My second LCD monitor is tucked in a corner when I do decide to work back there and need a second monitor. (I decided it just didn’t fit the living room décor or small desk added there.) It has a USB keyboard/mouse combo as well on the slide-out tray just in case. The (now long-since disconnected until I eventually get around to using it as a SAN server option-1 option-2) SFF PC is tucked away in the side-caddy. The real plus has been getting all my technical books and manuals off the stacks in the library floor and nicely organized in the over-desk shelves. I’ve also got my network hardware (switches/routers) and external hard-drives nicely sitting in their “cubbies” as well. It looks downright nice.

Funny how these things work out…I finally find the perfect desk to get me out of the library, get crazy-productive again (and make both my girls and me harmoniously happy). And the very next weekend I end up creating the super organized and comfy writing-desk/computing-workbench in the man-cave library.

I guess that’s just how we roll around here.

So long-story-short, it’s neither a matter of here or there. Simply expect more blogging this year from the GSD ranch.

--Claus V.

Saturday, January 21, 2012

Interesting Malware in Email Attempt - URL Scanner Links

Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used to send some malware-linking spam emails to users in their contact list.

Yesterday our family email account was on the receiving end of someone -- possibly -- who fell victim to an email account hack as our email address was amongst several others included together receiving the email. I say possibly as none of us recognized the sender’s email address and it wasn’t in any of our address books. Possibly our along with the other’s email addresses had been harvested somehow and this was a fake spamming account. The “show-as” name was definitely non-standard and used some letters that related to that in the subject line.

It was pretty evident to me this was probably a dangerous site to go to, but being curiously-minded, I couldn’t pass up the chance to do some detective work.

The email originated from a yahoo mail account.

The Subject line was baited “ACH Transfer Canceled…” and the display name in the email address contained the letters “NACHA.”

ACH is meant to refer to the “Automated Clearing House” which handled financial transactions in the US overseen by the NACHA.  To most Americans, I’m betting these acronyms mean very little and they would be more taken with a sudden urge to grab some NACHOES instead. Maybe Europeans would be a little more anxious emails purporting to come from ACH and NACHA. I digress.

First thing I looked at was the message header. Lots of goodies there. We can follow the bounce between the yahoo mail sender to our ISP’s email servers. Times/dates of transmission.

Since this was a Yahoo mail account, it appears the header may actually contain the IP address of the the location the mail account was logged into from. This is the first time I have seen this so I need to do more research. The IP associated with this particular email is located in France.

The website IP Address Locator has lots of good tools for locating IP addresses as well as a feature that allows a copy/paste/analyze of email headers.

The content of the email was very thin, a single line with all the text ran together. There is a URL link markup there, however it misses getting all the characters. Hmm.

Toggling between the different modes of viewing email content in Thunderbird reveals odd results. If I look at it in original html mode I see a single line of text with an hyperlink in the middle.

If I view it in simple html most of the text is the same but a few characters are different.

If I view it in plain text, there is nothing showing.

Hovering over the hyperlink displayed shows a URL shortner link. Hmm. Set that aside for a moment.

So I back and look at the full header view again and find this in the message body:

Content-Type: text/html; charset=ISO-8859-5
Content-Transfer-Encoding: base64

Ah! So I copy/paste that large text block that follow that into this base64 online encoder / decoder and get a binary file to download! 

(More regarding content encoding methods here Content-Transfer-Encoding - MSDN, here The Content-Transfer-Encoding Header Field via and here Decoding Internet Attachments - A Tutorial by Michael Santovec.)

Opening that binary file in Notepad++ reveals the html code with the same actual URL embedded.

Guessing here they are using base64 coding for the content to try to get around email scanners.

OK, so let’s check out that URL.

Turns out it is using Google’s own URL shortning service: Google URL Shortener.  More info here. Google URL shortener - Web Search Help

Turns out this is a pretty cool choice from both sides of the security fence. By appending the URL with “.info” at the end of a Goog.le shortened URL we can find out the stats from URL shortener (Google Groups)

This is good from an attacker standpoint as they can easily monitor their success rate on the nibbles of this hook and any “hits” to the actual URL. Researchers can get info as well by monitoring the same info and how fast/long the “click-through” may happen.


Neat isn’t it?

Now that I’ve got the actual long URL that this points to, we can start tossing the URL at some on-line link analysis/scanner tools.

VirusTotal shows both TrendMicro and report the long URL as a Malware/Malicious site.

Quttera reports it as serving up a suspicious javascript content via HTML page code.

Anubis: Analyzing Unknown Binaries provided a deeper review of the URL by capturing Windows system events in a virutal sandbox system. It accesses the Windows registry, mucks with some keys, created a cookie, reads the autoexec.bat file, mods some files and maps dll’s to memory and appears to try to download more stuff. The report is available in HTML, XML, PDF, and TXT formats.  Also, they offer a traffic.pcap file to download so you can examine the network traffic generated and perform any NFA you want to do.  This site/tool rocks from a depth of information standpoint.

urlQuery gives some more report feedback when it is sandboxed. Lots of Java script stuff. Another strong URL analysis reporting site.

Trying it a few more times changing the browser type/java version/flash version gets different results and the URL serving code reflects all kinds of different IP’s each time so that long URL seems to be hosted at a dynamic IP host allowing it to bounce around (serving up HTTP redirects) and serve up the malware code depending on platform from all over the place making it harder to track down the source.

urlQuery actually identified the network traffic code as being detected as Blackhole exploit kit v1.2 HTTP GET request.  Another clue.

I tossed the pcap file I got from Anubis into NETRESEC NetworkMiner. Nothing very interesting but my Microsoft Security Essentials alerted when the HTML page was reassembled by NetworkMiner and quarantined the file. It identified the page code as being Exploit:JS/Blacole.AR. (MS’s way of saying “blackhole” I suppose…)

Here are a series of links regarding these kinds of email spam threats in general as well as Blackhole info in particular as it relates with email spam campaigns, if you are curious.

I doubt this is the last our email inbox will see of these things, but the whole process has been quite fun to follow.

I’ve decided to leave out links/images of the actual email and the header-code/URL (short/long) but have passed it along to a number of security-spam websites in case it is of use.

A long time ago I had a list of URL-testing sites to feed a URL into to see if they were safe or not.  Most seem to have gone away, however the following forums had a number of new ones worth bookmarking. Hat tip to “PROROOTECT” for the legwork!

Here is a combined and cleaned up list based on the collective work there from PROROOTECT in both places and at least one or two I’m tossing in and a few from those lists I removed that seem dead/redirected incorrectly.  PROROOTECT does make a great point that the effectiveness of these vary, so a “bad” URL in one may come back as “clean” in another. So it’s best to run your URL through multiple sources.

Note, these are URL/web-page scanners. They are a bit different than on-line file-scanners/sandboxes used to analyze malware samples. Though a few seem to come pretty darn close with the depth of their reports/analysis.

Not “necessarily” ordered in order of usefulness.

PROROOTECT’s suggestion to use an online URL screenshotting service to capture the displayed URL safely is some good outside the box thinking. Kinda a “look-before-you-leap” thing if all the above items pass OK.

Fun trip if it wasn’t so serious…

--Claus V.

Update: I meant to add this in to the original post but got sidetracked. A recent Digital Forensics Case Leads post has mention of a super-fantastic investigation/forensic report involving anonymous emails. This is must-read material, not just in terms of the investigative methodology but also the way the report was composed and presented. Very clearly done!  I’m keeping a saved copy of the report for future reference; both technically and as a report template. From the post via the link above:

University of Illinois recently released a detailed investigation report (PDF) regarding anonymous emails allegedly sent by its Chief of Staff to the University's Senates Conference. The report is an interesting read, and also serves as a potentially useful model for those looking for report samples and templates.

Friday, January 20, 2012

Thoughts on a Plan to Drop POTS: Pros/Cons


cc image attribution: “smashed phone” by Solarbotics on Flickr

Right now the Valca home has had a POTS/landline phone nearly forever. We got the copper during our engagement house-setup period. As newlyweds it was our technological lifeline to the social world.

Eventually we bought our first PC (an old Gateway skyscraper tower model), signed up for dial-up, and were rockin the Interwebs. Communication shift begins.

Later, Lavie was the early adopter of new tech with a cell phone.  We’ve stuck with the same provider, though it has been gobbled-up a few times leaving us with the current super-cellular provider. Shift again.

Then I got a cell phone as well. Not shifting, dancing now.

And then Alvis earned the responsibility of getting a cell phone.

Hello Family Plan. Now it’s like we are socially square-dancing with technology.

Cable broadband arrived so the dial-up was ditched and high-speed coax rules now. Social communication on a high-speed rail-line service. Whoopee!

All through time, good old POTS has remained present.  It seemed relevant during the Hurricane Ike event a few years ago and we had to evacuate from the house for a number of weeks. Electricity was out but since we had an answering machine connected, we could dial our POTS number to check for power.  When the answering machine eventually picked up again, we knew power had been restored.

Yet with Lavie still not working and the cost of living marching ever upward, we continue to look for ways to cut costs but the belt is pretty tight as it is.

Since we already have cable service (digital TV + Internet) I looked at adding the VOIP option, but once the introductory rate wears off in about 6 months, the price jumps and the savings diff is minimal. And when the cable service is out, everything is out. Too many eggs in one basket for my comfort in this one.

The POTS phone provider does have a super-simple plan (not that we have much at all on our current POTS plan) but the price (once you add in all the add-on charges and govt regulatory fees) isn’t that much less that what we are on now.

Now Alvis REALLY REALLY REALLY wants to upgrade her cell phone to an iPhone (which requires a data plan by our carrier). Not a problem but that’s another added cost to the budget.

Since our cellular plan covers all three of our phones, mobile-to-mobile calls are free, we have a family unlimited text plan, and we also get free nights/weekend calls, our mid-range minute package hardly gets used. It shameful to see how few minutes we actually can get to apply to our monthly minute package. Seriously.  Dropping to the next lower (lowest) family minutes package only nets us a $9.99 savings. Not enough to cover a data plan addition.

Today I had a brainstorm and am pondering the following.

If we drop our POTS line (~$65 “savings”) and port our “forever home” number over to a 4th cell phone, and add that to our Family Plan for an additional $9.99 monthly charge, even with additional monthly fees we are like saving at least $40/mo.  Any simple free phone would do, or I may be able to use an older (but still very nice and rock-solid) digital cell phone I had upgraded from with our same carrier and hung on to.


  • We keep our same home # (assuming it can be ported to a cell service).
  • Don’t have to notify family, friends, vendors, everyone we do business with.
  • $ saved each month or at least break even (see next bullet).
  • Alvis gets her iPhone + data plan (and maybe Lavie too) and we break even.
  • Minute usage may increase but most calls to family & friends tend to already be mobile-to-mobile anyway, or during the unlimited nights/weekend period.
  • Home phone comes with us in a disaster/evacuation.
  • Can donate all our POTS-based phone technology handsets to the needy (if anyone will even take them).
  • Not tied to a bundled cable service so even if cable goes out, our home # should still work.


  • Power goes out for an extended period of time, charging could be an issue if left at the house.
  • Maybe our home number couldn’t be ported…then what?
  • Transition/porting period could be a hassle.
  • Hope we don’t loose the charger.
  • Cell phone service/signal may be spotty in different parts of the house.
  • Can’t have multiple phones conveniently scattered around house to reach for easily when it rings (wall jacks appear to be a dime-a-dozen in our home).
  • Get locked deeper in with a already super-duper-mega cellular provider.
  • Would allow funding of iPhone takeover of Valca home and Apple becomes even more entrenched in our lifestyles…not necessarily a bad thing…just an observation.
  • Cost to replace phone higher if accidently dropped in loo or boiling pasta water while talking over stove cooking. Bad.

Any Grand Stream Dream blog readers out there done the dirty and dropped your copper/POTS for a pure-cellular experience?

The POTS provider is sure to tell us the world as we know it will end and “bad me” for contributing to the demise of POTS

What were your experiences?

Got any advice or see any Pros/Cons I’m missing?


--Claus V.

Monday, January 16, 2012

The Password is…

Last week we got a call from one of Lavie’s cousins. She and her husband had suddenly began getting phone calls from concerned friends as well as strange “undeliverable” email notices.

Mysteriously, at least one email had been sent from their on-line email account to all the recipients in their contacts in batches of ten or so.  Some folks had told them their own security apps had alerted when they tried to follow the link in the email.

It was pretty apparent to the couple that “something” was amiss with their PC but exactly what, they weren’t sure. They had already downloaded a second anti-virus tool and scanned their system with nothing found. They decided to call me to see if I could help them. I recommended they change the password and any security challenge questions immediately which they did, then arranged for a house-call the following day.

I already had a clue on what probably occurred, but went though my full checklist of items as I assessed the system. No rouge processes, no unexpected auto-start items. Additional security scans came through with flying colors.

Then I turned my attention to their email account.  This particular email provider (unfortunately) doesn’t provide any IP-based user sign-in event logging like some other main-stream web-mail providers do. That would have provided golden information.

What we did have is one overlooked original email in the “Sent” folder showing a mail time of 8:15 PM Wed night.  Neither of the couple reported being logged in on the system (or the email) at that time so it seemed fairly certain that is when the event occurred.

I mailed that to myself to look into the URL more later.

They use IE 9 and the system was fully patched. Flash and Java were outdated, but not too bad.

Based on my survey and additional questioning, it appears to me that someone had “hacked” their account using some kind of brute-force attack on their account, quickly they had composed at least one email containing a single URL to everyone in their address book.  I couldn’t find any evidence of a persistent threat on their system, and based on their feedback, I doubted a cross-site-scripting vulnerability had occurred.

For the really curious, here is a link to the urlQuery (free online URL scanner) findings from that particular URL I found: urlQuery scan result. Turns out that particular link leads to a compromised (?) website serving up fake AV scanner malware via some JavaScript code.  That is why some recipients of the email were likely getting alerts when they visited the site. Sneaky.

Turns out hacking email accounts and appropriating them (even “non-maliciously”) for spamming is big business and a common event for many web-citizens.

This couple -- it turns out -- had been using a very weak password so it fell probably pretty fast.

Turns out weak passwords remain a common plague.

ISC Diary | Analysis of the Stratfor Password List is another clear warning of this danger.

Steve Ragan posted a simply amazing Report: Analysis of the Stratfor Password List which has crazy fascinating data on passwords and just how weak most of them were, along with his own password cracking work to show just how easy these fall.  See also: Researchers find many weak Stratfor passwords -Naked Security.

A brief Sony password analysis - Troy Hunt’s Blog

Your Top 20 Most Common Passwords - Tom’s Hardware

And just over the weekend there was this: Zappos customer info is breached. Change your password now! [Updated] - TechBlog via

What is one to do? This maybe?


xkcd: Password Strength (see also xkcd: Password Reuse)

If you want a quick way to assess the complexity/strength of the passwords you may have stored in your web-browser or some Windows applications, check out the Password Security Scanner freeware tool by NirSoft.

Some highly recommended online locations to check your current password strength against are:

Coming up with a truly secure and complex password can be a major task for some folks. And the web has no dearth of fantastic advice on the subject of what defines a strong password and how to create one.

From SophosLabs via YouTube

And just today, Lifehacker released a super-cool mega-graphic on password selection

Use This Infographic to Pick a Good, Strong Password - Lifehacker

Troy Hunt did a series of great, in-depth posts on password selection and science that are must-reads. I’m liking Troy’s writing and analysis and his blog has been added to my RSS must-read feed list.

Those last two points are my takeways, that nothing is more frustrating that internal application or external website password policies that are weak by design and force me to use a short password. And that the best password is one so damn complex there is no way I can remember it, even under duress.

I prefer to use the longest password the site/application will accept based on character count. (By the way…seriously guys, place your password policy and field limits up front to make this easy to figure out!)

How do I come up with one? I use two tools, a portable password manager application that stores the passwords in an encrypted container and a utility to generate randomized gobbly-gook passwords. In fact, many of the first item include the second item as a built in feature.

I linked to some of the GRC random password generators earlier but these other free portable password generation tools are great:

  • Password Guru - CEZEO Software generates complex and secure passwords with rule filters for length and special characters.
  • Password Generator - Gaijin Software - can generate up to 1000 passwords at once with advanced rule filters. Also includes a password checker to test password strength.
  • Password GeneratorXP - I’ve been using an ealier version of this app for a very long time. Latest version is 1.5 updated in December 2011.  Can generate random passwords up to 99 characters long! Rules allow character inclusion/exclusion and supports special symbols. Super app.
  • PWGen - Open-Source Password Generator for Windows using AES and SHA-2 crytography methods. Can support passwords with up to a crazy 20,000 length, can be fed a wordlist includes file if you prefer, can exclude “ambiguous” characters (like o and 0, l and 1, etc.). It can create up to 1,000,000 passwords at a time based on your rule patterns, or a single password instantly. The included manual file is great reading regarding password security in general and not just the program operation itself.
  • PassworG - Free password generator software - pretty simple to use but strong password generator that might be easier for some folks to use.

So how do you manage these complex passwords?

Pick at least one tool from each category and learn to use them, then use them always.

And for those of you who say “Claus, put all my wicked crazy passwords (from PWGen) in an encrypted database password manager (KeePass) and stick them on my USB drive for fast access? What if I loose it?”

I suppose you could create a TrueCrypt encrypted file, then put the encrypted KeePass data base inside it…

Just be sure you select a different crazy complex random password for each of them.

And put them in another password manager for safekeeping in case you forget.


--Claus V.

D7 - Wicked Scary Tweaking tool

I love windows tweaking tools.  I’ve got a large collection of them reaching back into my XP days forward into Windows 8.

Couldn’t live without most of them.

However, I’ve finally met one that just downright scares me. Seriously. I’m still sitting on it wondering if I really want to get behind the wheel of this one (yeah, I do!).

D7 project from Foolish IT

First take a look at a ton of screenshots via this Addictive Tips post: D7 Is All-In-One System Backup, Maintenance, Repair & Tweaking Tool.

From the D7 homepage:

D7 is a tool for PC technicians to aid in many tasks and provide a uniform procedure for technicians to follow.  It has many capabilities and many uses including but not limited to:

  • offline and live malware removal assistance via many internal and 3rd party tools
  • automatic download/extraction of 3rd party tools on demand when missing
  • repairing Windows after malware removals
  • general PC maintenance
  • offline and live registry editing with mass search & delete features
  • offline and live data backup
  • CPU/RAM stress testing
  • information gathering and quality assurance uses
  • OS Branding
  • IP/DNS configuration + backup & restore
  • shortcuts to frequently used Windows components
  • quick access to frequently used Windows tweaks
  • numerous right-click context menu (in Windows Explorer) features for working with files and directories
  • wrappers / one-click execution options for frequently used command line tools
  • synchronization of Malware Scan definition files
  • automatic updates of all your favorite 3rd party tools via Ketarin
  • offline application of password removal tricks enabling you to gain access to password protected live systems
Too much to list here, right now at least. 

And then it is accompanied by this warning that I usually just merrily ignore on most tweaking tools but gives me great pause with D7."

“THIS TOOL IS INTENDED FOR EXPERIENCED PC TECHNICIANS ONLY, NOT FOR "END USERS."  This tool can be very dangerous and destructive if you don't know how to use it properly, or are inexperienced in malware removal techniques.” 

Need more info before jumping in?

Pics and Vids via D7 page

Online Manual via D7 page

According to the author it is fully portable but there are some considerations. Please see the SETUP section of the online manual for a good understanding.

It’s a simply amazing tool for advanced sysadmins and PC techs.

Wield it with caution!

Dragons lurk here…

--Claus V.

Microsoft Security Essentials Public Betas

Old news by now (has it been sitting since Nov 2011).

Been running the x64 beta version on my home system with no ill effects. YMMV.

More info below. | New Microsoft Security Essentials Beta now public -

Microsoft Security Essentials 4.0 Beta Available to Download - Windows7hacker

Free Download Microsoft Security Essentials 4.0.1111.0 Beta - Free Antivirus for Windows - I found this location to download the installation files from rather than register via the Microsoft links previously provided. I did grab the files both from my Microsoft registration and these and checked them both (HashMyFiles: Calculate MD5/SHA1/CRC32 hash of files). All hashes at the time matched.

Windows Defender Offline beta lets you scan Windows before startup - BetaNews

Windows Defender Offline Beta: Create Bootable Anti-Malware Disk/USB - AddictiveTips

Windows Defender Offline Beta -

AppRemover - OPSWAT - “Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs”

--Claus V.

It’s a USB Thing

I was working on a USB project recently and needed to capture an image of a USB device for restoration.

That got me reviewing my pile of USB tools and looking for updates. Found some and a bunch of new-to-me freeware USB tools.

Here you go.

USB Image Tool - alex’s coding playground - updated to v 1.58 with some nice fixes.

ImageUSB - Write an image to multiple USB Flash Drives - PassMark Software - great standalone tool to make/push images of USB flash drive devices. Hard to go wrong with this one!

USB Disk Ejector - Quick And Easy Software - This is a “cutsie” app but seems much easer to me to use than hunting in the system tray for the Windows USB device ejection method. Definitely makes it easier to identify the correct device when there are more than one connected and I’m rushing.

Dev Eject - Stop right now and add this one to your utility pile. Seriously. A co-worker has been having problems ejecting USB HDD devices from his XP system and turned to me to figure things out. He didn’t think he had any open calls to the device running and OpenedFilesView didn’t report any clues either. I turned to Dev Eject and immediately found the culprit: Symantec AV seemed to be doing a file-scan (slowly) when he was ejecting the device. More info in this AddictiveTips post: Identify Processes Hindering Removable Media Ejection With Dev Eject.

Use command line to safely remove USB drives by Mike Williams at BetaNews has a lot of clever tips.

Want lots of freeware USB tools? Serious, low level USB tools? CLI USB tools (and then some)?

Uwe Sieber’s got you covered! Drive Tools for Windows

  • RemoveDrive V2.2 - Safe removal of drives
  • RestartSrDev - restarts "Safely Removed" devices which have the "Code 21" problem code
  • EjectMedia V2.2 - ejects a media from a drive
  • ReMount - reassigning mounpoints (change drive letters)
  • ListDosDevices
  • USB-WriteCache V0.1
  • USB Drive Letter Manager - USBDLM (Note: USBDLM is Freeware for private and educational (schools, colleges, universities) use only.)

HotSwap! - Kazuyuki Nakayama - gives more friendly interface than the “Safely Remove Hardware” icon in the system tray does.

USBLogView - NirSoft tool to record all USB devices plugged into a system and logs to a file.

USBDeview v2.00 - NirSoft tool to list all USB devices plugged into a system as well as all USB devices previously used (with details).

RMPrepUSB - Tool to partition and format USB drive and make it bootable. Free for private use only. If you know what you are doing, this tool isn’t needed but it goes a long way to helping noobies and the author has a large number of tutorials as well. More here: RMPrepUSB – Amazing USB Formatting Tool! - post from AgniPulse,RMPrepUSB : Install Windows on USB, Speed up USB and do more with it via The Windows Club and RMPrepUSB: Create Bootable Windows/Linux USB, Test R/W Speed & More post via AddictiveTips.

How To Create Customizable Multiboot System Rescue Disk - AddictiveTips post on using SARDU builder to make a multiboot USB tool.


--Claus V.

Taking a quick shot at Screen Shot apps


There are a LOT of Windows tools for taking screen shot captures. Lots and lots.

It seems each time I learn about a new one it gets added to my pile. However I keep rotating back to a couple of dependable ones.

IMHO FastStone Screen Capture truly is “The Best Screen Capture Software” out there. It’s been a while since FastStone pulled the “free” from this tool after version 5.3. That’s too bad as I really, really like this tool and the built-in editing tools are wicked sharp. Still, I have to mention it because it is that good. The freeware v5.3 doesn’t seem to play well on Win7 x64 systems so now I have had to move on to…

Greenshot has now taken over a a must-install freeware screen capture app on my systems. It has most of the same features of the FastStone tool, but the editing tools aren’t quite as polished. That said, it is very stable, does excellent captures on Win7 systems (x32/x64) and has been promoted to a “run-on-startup” position on my system…a VERY rare honor here at GSD. Image above captured via Greenshot

Xtreme Shot! is pretty cool also and includes those must-have post grab editing features I demand. Check it out and compare against Greenshot.

More? Check out this older grand stream dreams: Mega Linkfest – Dog-pile Style that has eleven screen shot tools listed.

Moving deeper into the “to be blogged” linkpile now…

--Claus V.

Digital Image\Video Resources

Little bro recently made a Christmas contribution to the “Claus-needs-a-new-hobby” campaign.

While a portion of it does involve me staying up much later each night now (like I needed that bad-habit) reading George R. R. Martin's “Game of Thrones” series on my Kindle, the most recent focus is the coming addition of a Canon PowerShot S95 to my photography tools.

For the longest time I have been seriously looking at the newer digital rangefinder class of cameras and the Olympus PEN E-P1 (Amazon link) fell into my price-point. I’ve yearned for this one for some time, however this particular model has been updated several times (more $$) and the Canon PowerShot S95 (Amazon link) was in the same range (price-wise). Though it also has a newer version, this one just seemed to have many more features (do I really need 1080p video when the S95’s 720p only video may never get used either?).

In the end it was the collection of Flickr: Canon PowerShot S95 group photos that sold me on it along with the smaller (pocket/backpack) format over the E-P1. It came down to me being honest with myself. I can’t take good pictures and improve my technique if I don’t carry the camera with me almost all times to take pictures to begin with…and the S95 is much more pocketable (and less imposing when in use) than the E-P1 or my Canon Rebel XT DSLR. So, photography links on the sidebar have been amended to remove the PEN and add the S95.

Hope to share some pics from it soon.

So, that leads us into these great digital imaging tools I’ve found recently (or have been updated).

Microsoft Research Image Composite Editor (ICE) - This remains my favorite image-stitching tool. Can also handle video stitching techniques: Microsoft ICE update–video to panorama, lens vignette, improved blending - HD View

Hugin - Panorama photo stitcher - This is a new-to-me project. It looks a lot more sophisticated that ICE so I’m looking forward to trying it out as well. It has a lot of control.

Scarab Darkroom - Beta version is free. From the page “Scarab Darkroom is a digital camera raw file converter/photo editor that supports most raw format capable cameras from Canon, Nikon, Olympus, Panasonic, Pentax, Samsung, and Sony. It is fast, easy to use, and produces excellent results. Development is still at the beta version stage.”  My S95 has Raw+JPEG shooting format…. More here at AddictiveTips: Edit And Convert RAW Images To JPG With Scarab Darkroom

It’s been a while since I last posted a roundup of freeware video editing tools: grand stream dreams: Video-Editing Resource Roundup

Here are some new links: Top 3 free video editing software for Windows 7 via The Windows Club links to Avidemux, VirtualDub, and VideoSpin.

What amazes me is that the pro-class Lightworks Open Source Project (free!) for video editing never seems to come up. It is incredible. Is it too complicated? I’m looking forward to shooting some 720p video to experiment with the application.

--Claus V.

File and Folder Linkfest

As we continue the dig-out over here at the Valca link farm we now must turn attention to file and folder management tools.

Track Folder Changes - CodePlex project page - really clever tool still in development that shows (real-time) as files/folders are being changes for a specific folder/directory to be monitored. Nice GUI. More information at Track Folder Changes in Real Time Windows7hacker post and Track changes to folders with Track Folder Changes post at freewaregenius.

SearchMyFiles - NirSoft - Soo love this tool! It’s one of my must-haves for file-finding.

Everything Search Engine - Love this one too. Wicked fast but does it by building its own index database. Doesn’t search within files; just file/folder names.

UltraSearch - Freeware for Ultra-Fast File Search - JamSoftware - A bit like Everything but doesn’t build an index database rather relies on the MFT. Comes with a portable version.

Locate32 Web Site - Another nice free Windows file indexing application.

eXpress FreshFiles Finder - Super-great tool to quickly find the “freshest” files on a system.

FileProcessor - really powerful tool to find files as well as perform a number of actions on those found files. More info via AddictiveTips: FileProcessor: Set Filters, Search & Perform Batch Actions On Files

SpaceSniffer - Love it to visualize space usage on drives.

GetFolderSize - Interesting tool for scanning file/folder size usage on drives. Different GUI but pretty cool! Spotted via GetFoldersize to Determine the Size of Folders on Your Hard Drive - Windows7hacker.

FolderSize - Jan Horns tiny but quick app for folder size reporting.

NoVirusThanks Freeware tools - interesting tools (free and commercial) for Windows system monitoring. Good overview on them here: NoVirusThanks releases four handy system monitoring tools as freeware -Softwarecrew.

TestDisk - CGSecurity - Now at Version 6.13 for file/disk recovery.

ODIN - Open Disk Imager for Windows - interesting GUI/CLI based tool for drive backup and imaging. More info via AddictiveTips: Backup, Restore And Verify Disk Images With ODIN.

Hardwipe | File & Drive Wiper - GSD has had a number of posts already regarding file/drive wiping but this new-to-me tool is worth mentioning here. More info via AddictiveiIps: Easily Wipe & Clean Files, Folders And Hard Drives With Hardwipe.

Forensic Riddle #5 – Answer - Hexacorn Blog has been posting a series of great puzzlers this one leads us to this clever Microsoft resource: Naming Files, Paths, and Namespaces.

TakeOwnershipEx - WinAero - GUI tool that allows you to get full access to files and folders. More info via AddictiveTips: Take Ownership Of Files And Folders In Windows 8.

NTFS Permissions Tools 最新进展 (ver RC1 (2011-06-14)) - Site is Chinese but AddictiveTips has the lowdown on usage here: Allocate NTFS Permissions Easily With NTFS Permissions Tool.

Kickass Undelete - Browse /Kickass Undelete 1.2 beta - - I really like this tool for file recovery. It’s not a all-in-one recovery tool, but is another great utility to keep on your response toolbelt.

WinAero: Librarian - powerful libraries manager for Windows 7. Slick interface and easy tool to use.

BExplorer (Better Explorer) - CodePlex - I want to like this project very much. I’m not feeling the love of the existing Windows 7 explorer menu-bar and this would go a long way to making it more powerful to use. However I’ve also had stability/installation issues on both Win7 x32/x64 systems so while it is on my “watch-list” it isn’t yet installed on my system.

FreeCommander - This alternative dual-pane Windows file manager remains top-of-the-heap on my systems. It is required usage here at GSD. I’ve still not found a better alternative though many come close. The developer is hard at work on a new version and the betas look very slick and powerful. Whenever the final public release of that one comes out.

My Commander - The interface on this one looks remarkably similar to FreeCommander. It comes in both 32bit and 64 bit flavors. It is quite nice and would probably be a close runner-up.

NexusFile: File Manager for Windows - This is one with GUI attitude. Want a nice “dark” look? This is it.

Explorer++ - I like this one as a USB stick alternative. Constantly updated and in both x32/x64 flavors it is a single EXE file which makes it nicely portable.

A43 - this was my original love in alternative WIndows file managers. It remains alive in development and has a lot of handy plugins in a format that others don’t seem to offer. Check it out.


--Claus V.

Utility Updates

Quick linkfest running down some old tools updated and new tools discovered.

Autoruns v11.21: This update to Autoruns fixes a number of minor bugs, including one that could result in a crash when certain scheduled tasks are configured. Microsoft Sysinternals.

Process Explorer v15.12: This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account. Microsoft Sysinternals.

Strings v2.42: This Strings release fixes a bug that would result in a crash when the –n or -b options are specified without a file name. Microsoft Sysinternals.

Mark’s Blog: Case of the Installer Service Error: Follow along with Mark in another of his popular ‘Case of the Unexplained’ troubleshooting examples where he retraces the steps of a network administrator that used Process Monitor to figure out why the Windows Intune installer failed on one of his systems and goes on to fix the problem.

Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation: Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays.

CSVed 2.2.1 - Now at 2.2.1 version.  See also NirSoft’s CSVFileView

CCleaner v3.14 - Piriform - System cleaner

Recuva v1.42 - Piriform - File recovery tool

Speccy v1.14 - Piriform - System information collector

CCEnhancer - v 2.5 - SingularLabs - plugin for CCleaner adding support for over 500 additional aps.

JavaRa - v 1.16 - SingularLabs - not updated but great tool to remove old/redundant versions of JRE.  Now under development is JavaRa 2.0 alpha build which includes updating, removal and some additional bells-n-whistles. Alternative Flash Player Auto-Updater - interesting tool to help update Adobe Flash Player. The latest builds of Flash Player do have an auto-updating feature baked in but it doesn’t (to me) seem to fire off and find newer builds as quickly as I would like to see. This is an alternative that might work good on friends and family PC’s.

ISC Diary | Newest Adobe Flash and Previous 0 Day Exploit -Why keeping Flash updated is important…as if we didn’t need a reminder.

Crystal Dew World - lots of updates here including CrystalDiskInfo and CrystalDiskMark

WinCrashReport - Displays a report about crashed Windows application - New NirSoft tool. See also this post by Nir Softer himself : New crash reporting utility for Windows

PST Viewer - Free tool to open and view content of PST files without Ms Outlook - Kernel Data Recovery. See also this review: Gave up Microsoft Outlook but need your PST file? There's an app for that - BetaNews. I like this tool in that when I recently had to carve the PST files off a nuked HDD to recover an end-users PST files, I got a ton of them. Rather than mounting each one to a working Outlook client profile, I just fired up this tool to inspect them with the user to find out which ones we wanted to attach and which ones were duplicates. Saved a boat-load of time. Could be good for incident responders as well.

Highlighter v1.1.3 Released - Mandiant M-unition blog notice. Download link

Download Batch Compiler - SourceForge - You need to install on a system (not portable) but still could be a great resource for building more complex batch files. See more info here at AddictiveTips: Batch Compiler: Create Batch Scripts & Convert Them To EXE Format

Splashtop Remote Desktop - interesting new tool for remote connection management. See this Splashtop Is A Better Alternative To Windows RDP at Windows7hacker blog.

Windows Live Writer Backup - Codeplex project page - See this Windows Live Writer Backup post at Windows7hacker blog.


--Claus V.