Material Roundup: Linkfest

Been a semi-relaxing weekend.

Read with interest this TaoSecurity blog post Bejtlich's Thoughts on "Why Our Best Officers Are Leaving" as well as this one Whither United States Air Force Academy? both by Richard Bejtlich. I also noted that the USAFA was evacuated this week as cadets were heading in due to the area fires. These things still catch my attention as I had started the process to become a USAFA candidate my senior year of high-school before removing myself from the process for family reasons (my choice…no excuses). Still, I will always wonder about the path not taken.

Also, while IANAL, I was left scratching my head and heartbroken just a bit by the recent SCOTUS decision. The USNI blog had a post that resonated with my own feelings: The U.S. Supreme Court just diminished the significances of Military Valor [opinion].

Little bro was in town so he brought some pizza’s over, I grabbed some super-good local micro-brewed root beers and we had a party catching up, comparing life notes, and watching Act of Valor on this pre-July 4th weekend.

I wrapped things up yesterday with a viewing of Cave of Forgotten Dreams (Wikipedia) which covers the Chauvet Cave (Wikipedia). Very interesting and well filmed documentary. The cave-art is really fascinating…I just wish we could have learned more about the people behind it.

I guess if there was a theme it was reflecting on the importance of what remains of us, of our efforts, of the world around us.

Back to the shallows…

Sometimes I feel a bit guilty just dumping a super-post like this that is heavy-laden with linkage.

Some weeks are busier than others, however, and while I have more than a few posts still pending in the hopper that are deeper collections of “how-to”, personal reviews, or troubleshooting sessions, I hope that some find value in these “linkfests”.  Primarily they serve to help me quickly search and find material, tools, and techniques that I believe will either be useful, or are useful, when I am away from my desk and my USB dongle is at home rather than in hand. It’s challenging finding that right software or tip and maybe something here will be useful to others or pique their interest and send them in the right direction.

Security Bits

• Adobe updates Flash Player 11.3 to fix Firefox crashing problem - The H Security - Adobe issued a new Flash (non-IE only) version 11.3.300.262 to address some issues in Firefox 13. Get your update.
• Analysis of drive-by attack sample set  - ISC Diary - I always value posts like these that teach and show how “drive-by” vectors work. I’ve cleaned more than a few systems that fell victim to a drive-by because Java/Flash/OS/etc. wasn’t correctly patched.
• Firefox thumbnails could expose private data; fix 'coming soon' - ZDNet. I hadn’t thought of it as an issue since I am use to Chrome doing the same thing, but the thumbnails are larger in Firefox and I could make out some detail to the webmail pages I saw as compared to how they render in Chrome.
• Stop Firefox 13 Speed Dial Thumbnails From Showing Secure Content - AddictiveTips
• How to turn off Firefox’s New Tab Page Completely - ghacks.net blog.
• Our password hashing has no clothes - Troy Hunt’s Blog - Troy lays out an excellent (developer level) case for the new challenges of password hashing and salting. This was excellent reading and I really took a lot out of it in terms of password security in general.
• John the Ripper password cracker - speaking of which Jon the Ripper “jumbo” edition just got released at version 1.7.9-jumbo-6 for Unit. WIndows binaries seem to be at 1.7.9-jumbo-5. Announcement here.
• oxid.it - Cain & Abel - seems worth mentioning…
• Free Computer Security - Personal Software Inspector (PSI) - Secunia. New Version 3.0 released with even more awesomeness!
• Third edition of vulnerability spotter Secunia PSI - The H Security. More breakdowns.
• Secunia PSI 3.0 released - HelpNet Security - more details here regarding this release version.
• Free Online Computer Scan - Online Software Inspector (OSI) - Secunia. If the “installed” client isn’t your thing, the on-line scan is still super awesome and helpful.
• Qualys BrowserCheck - Related - don’t browse the web in your browser without checking it for patch and plugin update availability!
• Detect & Remove Fake Antivirus Scams From Your Windows PC - AddictiveTips post for a new MicroTrend tool to help with fake-av infection removal. See below.
• Removing Fake Antivirus (FakeAV) - TrendMicro. Comes in both CLI and GUI downloads.
• Remove 50 Known Fake Antivirus Software From Windows - AddictiveTips related post on another fake-av removal tool
• Remove Fake Antivirus 1.86 - download tool as offered by free of virus & comptuer tips blog.
• Security Center reports Virus Protection is On - ever handy tip from TinyApps blog.

For Sec News

• Registry Decoder 1.3 released! - Digital Forensics Solutions. Bug fixes and some new plugins.
• More good stuff - RegRipper - new plugins from Elizabeth Schweinsberg coming soon.
• SANS Digital Forensics and Incident Response Poster Released - Handy! SANS
• Training, and Learning - Windows Incident Response blog
• When was a file accessed? - Windows Incident Response blog (How many times does this question get asked?)
• Investigator's Tool-kit: Timeline - ISC Diary. Quite detailed overview and issues post
• Win7 HomeGroup Reg Particulars - Forensic Artifacts
• WinFE “Lite” - Windows Forensic Environment
• Build questions -Windows Forensic Environment
• HexDive 0.2 - Hexacorn Blog

Network Resources

• Wireshark 1.8.0 can capture from multiple interfaces at once - The H Security
• Wireshark · Wireshark 1.8.0 Release Notes - new Wireshark release in the waters…if you didn’t figure it out.
• Wireshark · Download links
• SoftPerfect Network Scanner - freeware - release 5.4.4 now out. Changelog Comes in both x32 and x64 flavors. My favorite stand-alone IP scanner (out of more than many I carry).
• Chatter on the Wire: OS Fingerprinting - Satori was recently updated and now supports many more network fingerprints.
• http://kitty.9bis.com - Never heard of KiTTY before but it is a fork of .62 PuTTY telnet client with some extra features.
• New: KiTTY Portable 0.62.1.2 (telnet and SSH with added features) Released - PortableApps.com has a portable version.
• PuTTY: a free telnet/ssh client - For the purists.
• Announcing TightVNC Version 2.5.2 -TightVNC - New version just released. Love this app.
• TightVNC: VNC-Compatible Free Remote Control / Remote Desktop Software - Download TightVNC here.
• Announcing TightVNC Java Viewer - Yeah, the Java version rocks the beans as well. Super easy to use, compatible with standard VNC, TightVNC, UltraVNC, x11vnc, Apple Remote Desktop in Mac OS X, Xen/HVM, VMWare, Qemu etc. The link/page says 2.1 but there is a download link present for TightVNC Java Viewer version 2.5.2 so be sure you grab the latest version!

Tools and Utilities of Note

• Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02 - Sysinternals. Stop, Drop, and Download now; the holy trinity of software tools just got updated again!
• Monitor Any Folder Or Disk Drive For Changes In Real-Time, Even Across Networks - AddictiveTips blog post review of new NirSoft tool.
• FolderChangesView - Monitor folder/drive changes - NirSoft
• ExtremeCopy: Probably The Fastest File/Folder Move & Copy Utility - AddictiveTips blog review.
• ExtremeCopy - Easersoft. I’m a dedicated TeraCopy fan but this one sounds intriguing. Will need to put it through the paces soon.
• Remove Items from the Windows Explorer and IE Context Menus - CyberNet News.
• MenuMaid - SD Software - software utility link
• 4 Better Windows Console Tools Alternatives to Windows Built In Command Prompt -Windows7hacker - Kent has a really nice roundup. While the good-ole cmd.exe will do the job, I must say these “replacements” are quite nice. I’ve used “Console2” quite a bit and like the tab format and transparency/font/color tweaking options. PowerCMD surprised me with its feature set and I really can see myself using it more regularly. Check out the others as well.
• GetFoldersize - Michael Thummerer Software Design - Super nice freeware tool to locate and understand just what is taking up space on your hard-drive. Was recently updated to version 2.5.10. I really like this tool.
• SizeOnDisk Folder Size - new to me freeware tool found on CodePlex.  Another nice tool to find file/folder size hogs.
• Folder Size - another freeware file/folder size tool.
• SpaceSniffer - Uderzo Software - freeware tool that is amazingly fast and amazingly fun to use. While the previously mentioned tools excel at a tabular report, this one provides a super easy visual layout presentation of your space usage. You can drill down very easily. It gives you a easy-to-grasp picture on what is using up your hard-drive space..
• SequoiaView - I keep this one around just because it is so beautiful. It does a great job even though it hasn’t been updated in quite a long time. It may have been one of the first to present space on disk usage in a “squarified” treemap format.
• FolderSize - tiny little app (174 kb) from developer Jan Horn that is standalone and gives you a basic what-you-need-to-know report on drive/folder space usage.
• DirectorySlicer - With giant (and cheap) USB sticks and network connections aplenty, splitting files and folders to specific sizes is become a rarified task. That said this CodePlex project is worth snagging in that it splits files of a folder into partitions of a specified size. So that super-folder you are trying to burn to CD doesn’t fit? Directory Slicer takes the work out of guessing by allowing you to set the size (or use a preset) then it divvies it up accordingly! Clever.
• Unlock & Delete Empty Folders via Wildcard-Based Rules - AddictiveTips post review of…
• Empty Folder Cleaner - 4dots Software
• Reminded me of a previously GSD mentioned Empty Folder Nuker by Simon Wai.

For the Admins: Mostly from Microsoft

• Rights Protected Folder Explorer 1.0 - Bink.nu blog. “Rights Protected Folder Explorer is a Windows based application that allows you to work with Rights Protected Folders. A Rights Protected Folder is similar to a file folder in that it contains files and folders. However, a Rights Protected Folder controls access to the files that it contains, no matter where the Rights Protected Folder is located.” Also Download Rights Protected Folder Explorer from Microsoft info from TheWindowsClub blog. Get it here Download: RPF Explorer - Microsoft Download Center(Download Details).
• The Group Policy Setting “Verbose vs normal status messages” has a new name in Windows 8 - Anything about IT  blog
• Comprehensive Linux course - TinyApps bloggist shares an amazing resource find for us Linux wannabe-better’s offered by Paul Cobbaut. Although it is claims to be Linux basics, it covers a wide range of topics and material.  This is a great find! Check back to the site often as the material is getting frequent updates.
• Microsoft Outlook Configuration Analyzer Tool 2.0 - Bink.nu blog - “The Outlook Configuration Analyzer Tool 2.0 provides a detailed report of your current Outlook profile and mailbox. This report includes many parameters about your profile, and it highlights any known problems that are found in your profile or mailbox. For any problems that are listed in the report, you are provided a link to a Microsoft Knowledge Base (KB) article that describes a possible fix for the problem.” Go get the Download OCAT_Setup.zip over at the Microsoft Download Center’s Download Details page
• FREE: Service Credential Manager – Search Windows services - 4sysops post on a new tool Service Credential Manager to help check all scheduled services and tasks based on a specific user account across your domain. Nice! In free/$ flavors.
• FREE: ADREPLSTATUS – Active Directory Replication Status Tool - 4sysops blog post on a new Microsoft tool with a snazzy GUI to check for AD replication issues. Has export ability for reporting. Download: ADREPLSTATUS at the Microsoft Download Center (Download Details).

Cheers and happy pre-July 4th State-side well wishes to all.

Claus V.