GSD Linkfest: Updates, ForSec, and a whole lot more…

Let’s not waste any more time here. The clock is ticking…

Updates Galore

• TightVNC - Version 2.6 has been released at the end of October. I use this one around on our home network Windows systems and really like it. Mostly bug-fixes, screen rendering performance has been improved. Read the complete announcement.
• Apple releases QuickTime 7.7.3 for Windows, patches critical security vulnerabilities - ZDNet . If you use the Apple Quick Time plugin, then you will want to get the update. Some more details in this post QuickTime for Windows updated to close security holes - The H Security.
• Security updates for Flash and Air - The H Security - Well you knew Adobe plugins wouldn’t want to be left out of the patching discussion!
• VMware Player - version 5.0.1. Building on the VMware Player 5.0 improvements, version 5.0.1 adds support for Ubuntu 12.10 as host/guest and resolves some issues from 5.0. VMware Player 5.0.1 Release Notes
• Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1 - Sysinternals Site Discussion -  AdExplorer becomes more stable, Contig adds more detailed analysis reporting, Coreinfo covers more features and Procdump adds support for Silverlight and JIT debugger support.
• Wireshark - Wireshark 1.8.4 and 1.6.12 Released and include vulnerability and bug fixes. 1.8.4 release notes & 1.6.12 release notes. Grab your updates via the download page.
• Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more - Nmap Hackers mailing list archive. See the Nmap Change Log for all the juicy bits!

For

• Encrypted Disk Detector - Forensic Methods
• Links - Windows Incident Response blog - In this posting, Keydet89 has some Forensic Scanner tool tips, a link to the great post by Branden Williams on “Non-Observables”, and some prefetch info.
• OSForensics Part One - video introduction by the computer forensics students at Champlain College. Full paper review in this OSForensics Part One (PDF link) paper.
• Private Browsing Forensics: Introduction - video introduction by the computer forensics students at Champlain College. Full paper review in this Private Browsing Forensics: Introduction (PDF link) paper.
• l2tViewer v0.0.1 - Mark Woan’s woanware - From the page: “l2tViewer is designed to improve timeline analysis for the output produced by the excellent log2timeline. Viewing, sorting CSV files via spreadsheet software does not work well due to the volumes of data involved in modern timeline analysis, which is where l2tViewer comes in. It is designed to be fast when importing with minimal overhead and dependencies.”
• USBDeviceForensics v1.0.11 - Mark Woan’s woanware - New registry key extractions, improved output layout, OS specific output formatting removed, and fixed “Modified Date/Time” output for correct value display.
• The Sleuth Kit (TSK) & Autopsy: Open Source Digital Investigation Tools
• Nov 15, 2012: Autopsy 3.0.1 was released. It has a faster database ingest scales better and has some bug fixes.
• Nov 13, 2012: Sleuth Kit 4.0.1 is now available! It has bug fixes and some new minor features.
• Convert Endace ERF capture files to PCAP - NETRESEC Blog
• HowTo handle PcapNG files - NETRESEC Blog
• DEFT 7.1 Introduction and Videos (by Casey Mullis) - LoveMyTool - Wonderfully detailed write-up and review of the DEFT 7.1 forensic LiveCD. Casey goes beyond just a tool description and provides excellent and valuable feedback on this distro. He has supplemented the article with four videos on YouTube exploring how to successfully work with Deft 7.1.
• Imaging with DEFT 7.2 series 1 of 4 - YouTube
• Imaging with DEFT 7.2 series 2 of 4 - YouTube
• Imaging with DEFT 7.2 series 3 of 4 - YouTube
• Imaging with DEFT 7.2 series 4 of 4 - YouTube
• NTOSBOOT Prefetch File - Journey Into Incident Response - Corey Harrell has a detailed post on the NTOSBOOT prefetch file and the value it has for malware infection analysis.
• (IN)SECURE Magazine - Issue 36 released and covers some great topics, including “Computer forensic examiners are from Mars, attorneys are from Venus” written by Keith Chval.
• A few words about the cache / history on Internet Explorer 10 - NirSoft’s coder has some interesting information regarding IE 10 cache and history files and accessing them while IE 10 is running. Thought others might find the observations helpful.

Sec

• Redline 1.7 Now Available! - MANDIANT Forums. Redline - download and info.
• One of the very first malware-busting tools I used was SpyBot S&D. Couple that with AdAwareFree and HiJackThis and I could usually clean a Windows 98 system with confidence of malware/spyware.  Well, I don’t use those tools any longer and my cleaning and incident response has matured into a much more nuanced and low-level process with a variety of tools and techniques. That said I was overjoyed to find that SpyBot has now released a major update to version 2.0. Congratulations team!  Maybe HiJackThis 3.0 isn’t far behind? ;-)
• Spybot - Search & Destroy - Product level comparison chart.
• Spybot - Search & Destroy gets a major update on Monday - BetaNews
• First look: Spybot - Search & Destroy 2.0 - Betanews
• Spybot - Search & Destroy Portable - PortableApps.com
• Malwarebytes Anti-Rootkit Is Powerful Rootkit Scanner And Remover - AddictiveTips blog
• The shortcomings of anti-virus software - ISC Diary
• Police Ransomware: Evolving At a Tremendous Pace - Security Intelligence Blog | Trend Micro
• The Ins and Outs of Spear-Phishing - Security Intelligence Blog | Trend Micro
• Microsoft Security Essentials flunked AV-Test - Borns IT & Windows Blog (GTranslated) and Microsoft Security Essentials fall at AV-Test - The H (GTranslated)

Apps and Stuff of Note

• XBOOT - Nice utility to assist in creating a multi-boot USB drive from bootable ISO files.
• Birthdays - free app from Skwire Empire to help you just track birthday data on all your favorite peeps. Super simple and easy to use! spotted in this MakeUseOf blog post: 4 Homemade Applications To Help You Around The House [Windows]
• Nest Thermostat Review 2nd Generation - Every consumer electronic device should be this polished - Scott Hanselman ComputerZen. Everyone should probably have a Nest Learning Thermostat. Not only is it cool but with the WiFi support and a smartphone app, you can get tons of data on your heating & cooling usage. Our electric company provider offers a Nest unit as part of a special contract package. Scott does his usual above-standard review and details its installation and usage wonderfully.
• ToolTip: System Sherlock Lite - Anything about IT. System snapshot change differ. Handy tool for base lining systems before and after updates and installations. May be good for malware analysis as well. One of many tools in this class.

Good to Know

• Microsoft Outlook Configuration Analyzer Tool 2.0 - bink.nu notice on update to OCAT.
• The spy in your inbox - Ars Technica - I’m not sure who exactly this Outlook add-in would appeal to, but it is a bit creepy to me.

For the SysAdmins

• The Case of the Unexplained FTP Connections - Mark's Blog. The Sysinternals Guru strikes terror in the heart of unexplained Windows problems and clears another case.
• Case of the Panasonic TOUGH Book Barcode Settings Failure - chentiangemalc - Great troubleshooting exercise and track down.
• Case of the ADODB.Connection Provider Not Found Error - chentiangemalc - Another episode in troubleshooting.
• Chrome insists that the browser's Java plug-in is out-of-date but it is current. - Google Groups - I had this problem on my system two weeks or so ago after running a scan with Qualys BrowserCheck. My version said it was updated by Qualys said not. Ended up fixing it by manually re-downloading/installing the latest Java version manually as well as the JavaFX nonsense. Go figure.
• Defrag Tools | Channel 9 - This advanced video-cast series profiling the Sysinternals toolset is running strong with consistent releases.
• Defrag Tools: Live - //Build/2012 - Defrag Tools | Channel 9
• Defrag Tools: #15 - WinDbg - Bugchecks (BSOD) - Defrag Tools | Channel 9
• Defrag Tools: #16 - WinDbg - Driver Verifier - Defrag Tools | Channel 9
• Defrag Tools: #17 - WinDbg - Driver Verifier - Part 2 - Defrag Tools | Channel 9
• Enable printing or Windows Installer in Safe Mode - Sweet tip from TinyApps bloggist!
• How to use Group Policy to change the Default Lock Screen image in Windows 8 - Group Policy Central
• Creating and using VM Groups in VirtualBox - The Fat Bloke Sings

Map-Tastic!

I’m a sucker for maps. Paper and digital kinds both. They are an art-form to themselves.

• WunderMap - Interactive Weather Map and Radar - Weather Underground. This layered mashup of fantastic weather and radar data is tops! A new bar has been set. The radar images (as of now) seem to be almost true “real-time” images. Overlay on Google Maps with a wealth of other image data layers for your geekiness. Truly awesome!  More info in this Lifehacker post: The New Weather Underground Wundermap Offers Current Conditions, Plans Trips, Even Helps Buy a Home.  Now if they would release an iOS app version, I’d buy it! Until then it looks almost OK in my Chrome app for iOS.
• m2i (Map to Image) - amazing and fun way to render map images as artistic images. Pick a place on the map, choose a map to image style, set your image size, and render away. Spotted on and with more details: Create Awesome Map-Based Wallpapers for Your Desktop with ‘Map –> Image’ via How-To Geek .

I’m particularly partial to the “watercolor” filter…

Ubuntu Talk

• Updating Ubuntu OS & Applications: The Essentials Any Ubuntu User Should Know
• What Is The Easiest Version Of Linux To Learn?
• Journey Into Incident Response: Finding An Infection Vector After IT Cleaned the System
• 8 bits: How to install Paterva CaseFile on Ubuntu Linux
• Is Linux Confusing? Here Are The Key Terms You Need To Know
• Review: Ubuntu 12.10 Quantal Quetzal a mix of promise, pain | Ars Technica

Congrats to Navy for their win in the Army Navy game. I was rooting for the Army Black Knights and their QB Trent Steelman and the sudden unfortunate turn of events during what was to be an amazing 2-minute drill conclusion and upset over Navy was heartbreaking. That said, I was warmed by the open emotion the QB displayed. There was much to be proud of all the way around in this game and it was as an exciting treat to watch.

Likewise congrats to the A&M Heisman Memorial Trophy Award winner from A&M Jonny Manziel. A lot of folks I know are cheering proudly at the moment. Congrats.

Cheers.

--Claus V.