Sunday, December 21, 2014

Super-Scale ForSec Linkpost

I think this post is going to have the same number of URLs as Christmas tree ornaments and mantle decorations that I hung and set out this afternoon. That’s to say there are a lot, and I am quite behind when considering the calendar.

I’ve been collecting these for at least two months and there are too many now to continue to put off posting them for reference. I’ve tried to group them somewhat for consistency in theme.

Exploits

Advice and Guidance

AV/AM

Analysis

Web Security

Network Bits

In the Library (mostly whitepapers)

Note: Many of these are PDF links and will open in your web-browser as a PDF…

Live CD News

Whew!

Cheers!

--Claus Valca

USB Tools and Utilities

It has been a while since I posted a general USB utility round-up: It’s a USB Thing.

So I had seen a new one recently that provides some nice information on USB related system hardware components and it seemed like a good idea to re-mention some similar tools:

Of course, Nir Sofer has some great USB info tools also.

Then there are these:

It has been a while since I was over at Uwe Sieber’s website but he has been hard at work keeping his special USB tools updated.

Microsoft has a tool also for working with USB data:

Windows USBView - sample application in C++ for Visual Studio 2013

Usbview.exe is a Windows GUI application that allows you to browse all USB controllers and connected USB devices on your system. The left pane in the main application window displays a connection-oriented tree view, and the right pane displays the USB data structures pertaining to the selected USB device, such as the Device, Configuration, Interface, and Endpoint Descriptors, as well as the current device configuration.

Important  If you need UsbView as a tool, do not download this sample. Instead get UsbView.exe from the Windows Driver Kit (WDK) in the Windows Kits\<version>\Tools\<arch> folder. If you need to see the source code for UsbView, open the Browse code tab.

And then there is this “anti-usb” tool that removes USB drive history from the registry.

--Claus Valca

Saturday, December 20, 2014

Sysadmin Links - QuickPost

Stand back from your browser! Here comes a messy GSD Quickpost with tons of linkage for sysadmins….

New or Useful Software

PowerShell

Windows Diagnostic tool “PerfView”

  • Download PerfView - Microsoft Download Center - This little gem of a Windows performance collection tool is sweet! I’m really loving the easy of its data collection.
  • PerfView Tutorial - Channel 9 - Different video series than the “Defag Tools” listed below, Vance Morrison has some short mini-videos reviewing the tool, its usage, and some example applications. Good stuff!

Additional videos that are longer and more detailed on the tool.

Tips and Tricks

Windows 10

Windows/Updating

Network Nuggets

Cheers!

Claus Valca

Backup & Sync - QuickPost

For planned (personal) system backups to external USB drives I use Back4Sure by Ulrich Krebs

It has both x32 and x64 bit flavors, comes in a portable version, and is rock-solid based on my experience. Mr. Krebs keeps it regularly updated.

For synchronizing specific folders with those on my collection of USB flash drives and “service” USB HDD’s I had been using DSYNCHRONIZE by Dimio but found that some files were not actually getting copied over for some reason. Not sure why.

So I switched to FreeFileSync instead. It is also regularly updated and super-fast. I also like that I can more easily review what will/did/didn’t get actually sync’ed. It is available in an installed and portable version. It is so easy and reliable to use, I recommended it to my non-techie daughter Alvis who now uses it for system backups of her own. As a college student, data/homework/assignment backups are critical!

  • FreeFileSync - Free backup software to synchronize files and synchronize folders on Windows, Linux and Mac OS X

I recently saw mention of Beanland: AutoVer that can handle automatic/real-tie backup and versioning as well.  (I’m not sure where I found it so I can’t hat-tip anyone but I’m sure it was from one of my favorite technical bloggers…) I’ve been wanting to try it out but have been reluctant due to one critical requirement, you need to leave your backup storage location online and accessible! Duh! Well, from a security standpoint, if I’ve got an external USB drive attached to my system and am running live updates to it, and malicious code hits my system and does “bad things” to my files/storage, then it might be possible it could find/overwrite my “live” backup stores as well.

I’m sure there is a way to work around that with additional options (maybe store them in a container/way that would avoid being “crypto-locked”). But for now, I’m sticking with non-quite-live regular updates of my systems using Back4Sure and attaching an external media (I rotate between two) USB HDD for just the backup run, then removal when done. Hopefully the extra work (and drive rotation) will isolate the backup data from any infection damage were that to occur.

Thoughts?

Cheers!

--Claus Valca

Browser Bits in the News - Quickpost

Lots of web-browser bits have been in my RSS feed pile lately.

Here is a sizable collection for your review and bookmarking.

Security Related

  • SSLPersonas, making the padlock obvious. - Malwarebytes Unpacked - I like the concept but the graphic was a bit too bold IMHO.
  • Are you a robot? Introducing “No CAPTCHA reCAPTCHA” - Google Online Security Blog - GSD has been flooded in the past several months with an update in comment-spam. I seriously debated turning comments off, however there wasn’t a granular way on Blogger to keep the current comments visible and suspend commenting. So, since I do like the discussions and comments from the GSD support base -- and I guess keeping things open so it wastes time for the comment bots and boiler-room comment spam drone workers -- the comments remain open. And I will continue to rely on Blogger’s spam-filters to catch most of them.
  • The No CAPTCHA problem - Egor Homakov - and counterpoint analysis
  • The New Malwarebytes Anti-Exploit 1.05 - Malwarebytes Unpacked - I really like the promise of Anti-Exploit. Lavie continues to “pilot” it on her Win 8.1 system. However I also run EMET on our systems and AE seems to require some significant tweaking of the EMET rule-set to get Internet Explorer to run “normally” when both are installed at the same time.That said, I hope to one day see where they both can run concurrently without additional tweaking of default rule/behavior sets. Alas, this new version of AE didn’t bring it to me just yet.

Firefox Related

Chrome Related

  • The Best Chrome Extensions - MakeUseOf -  I have some of these already and will be looking into a few to see if they will be worth adding.

GPU acceleration in the web browser

Also, in Chrome you can type “chrome://flags/” in the address bar and get a GUI and more fine-grained way to address/disable rendering options in the browser.

F12

Cheers,

Claus Valca

Outlook 2010/2013 Troubleshooting - Quickpost

Some time ago I posted the following link:

Mark’s post focused on some advanced diagnostic features in Outlook 2013. We are running Office 2010 as our current standard and are only now piloting future deployment of Office 2013.

So I had filed the post away for a “when we get there” future time.

Only yesterday our ticket queue was filling up with customer Outlook issues and I hopped into the first-line trenches to help with the dig-out.

While working with a remote customer I said to my myself, “Self! Wonder if those diagnostic features for 2013 might be present in 2010.”

I found the 2010 Outlook system tray icon on the user’s remote system, held down the CTRL key while right-clicking the icon and…YES! There they were.

They quickly helped me to diagnose and fix the user’s issue and the user’s email was flowing again to her Outlook client program after a 1-week hiatus.

That helped me on the next several Outlook tickets as well and soon the backlog was addressed.

Nice to know. More Outlook tips and references for this particular troubleshooting feature set below.

Cheers,

Claus Valca

SSD Care - Quickpost

I really am loving life with my Samsung SSD 840 EVO 250 GB SSD drive.

Boot times are rocket-fast and the laptop seems to run much cooler. I still have a 2nd mechanical 500 GB hard-drive in the laptop’s second drive bay but having the system on the SSD makes performance so much more exciting.

So now that I am the owner of a SSD, I’ve been paying closer attention to news and posts regarding SSD care; feeding and watering.

That last link is to the only SSD utility software (Samsung Magician Software) I am using for tweaking and control of the SSD drive.  All other maintenance functions are being left to the Windows OS software. While I don’t doubt that -- like CPU overclocking -- additional SSD tweaking “might” eke out some additional service-life and performance gains, I think it would be negligible. So I’m going for stability and OEM performance adjustment over data-hot-rodding.

Thoughts and recommendations?

Cheers,

Claus Valca

A New (old) iPhone for Claus

IT Lavie went out a few months ago and (on her own) upgraded her iPhone 4 to a new iPhone 6 (16GB) model.  She enjoys it very much and the storage space is now double from what her model 4 had. She looked at the Plus model but settled on the standard 6 size. Compared to the 4, the size of the 6 was a pretty big jump in itself.

I’ve spent some time on it (while doing the migration support for her) and while the technical details of it are very nice, I haven’t been overwhelmed by either the more rounded styling nor the feel of it.

All that to say I much prefer the more solid and “blocky” feel of my older iPhone 5 unit. Plus the 64 GB storage size is super-duper.

And will all that said, a few weeks ago I got a new iPhone for free.

There I was a work on my lunch hour relaxing and closing out my RSS feed review. As I went to tuck it away I noticed that the screen seemed to be a bit “proud” of the bumper case edging. Currently I’m rocking a very trim Spigen iPhone 5 Case Neo Hybrid in the bright red. It is super trim and just a touch flashy with a soft polymer cover. I assumed I had just pushed the phone up a bit from behind and tried to snap it back it.

Nope.  After some trials I removed the phone from the case and discovered the touch-display screen itself was popping out of the actual phone case.

I didn’t capture any photos of the issue, but this post I found over by Travis Ehrlich at Gear Diary pretty well matched my experience exactly, photos and all, Is Your iPhone 5 Screen Lifting Up and Away?

I hadn’t dropped it, stepped on it, drove over it, or otherwise abused it (that I could remember) so the only thing that came to my mind was that the battery may be swelling causing the screen to be pushed up and off the phone body.

With images of the alien-body-popper scene fresh in my mind, and a battery meltdown/explosion I shut the phone off and called Apple.

They had me turn it back on, do some stuff to send diagnostics to them, confirmed the phone seemed to be in great shape (and reported I was very good on my battery/charging activity somehow), that it wasn’t included (based on SN) in the Apple battery recall scope, and advised me to run it in to an Apple Store for a Genius review.

The whole process of getting an appointment, waiting, etc. for an Apple Store service visit is a post in of-itself. However, for this one, one I finally found the store, and waited for a while (an hour?) the Genius took the phone into the back, came back out and informed me that yes, the battery inside the device was indeed swelling pretty nicely, that it was out of warranty, and not included in the battery recall scope.

However, they “graciously” would go ahead and replace it for me free of charge.  Only they didn’t have a replacement in their store. Would I be willing to go to another store that had it in stock? Yep.

So we secure wiped my iPhone (I had a back-up at home about a week or two old so no significant data loss worries) and pointed me to the 2nd Apple Store.

A mad dash across town and after some discussion with that store’s Genius staff, they eventually pulled the replacement unit. The Genius agent swapped my SIMM card between the phones after re-confirming my old one had already been wiped, I was able to talk them into getting me a piece of tape so I could pull and reuse my screen scratch protector (Spigen also). It came off fine and with some skilled tape-usage, I was able to get it transferred to the new phone lint/bubble-free.

A new (old) iPhone 5 64-GB phone in my hand.

The Genius couldn’t/wouldn’t tell me if this unit was refurb or new but from later production runs. Either way it looked brand new and ran just fine so I’m not complaining.

The phone has continued to operate well since.

Some forum crawls have found others with the same issue of a non-scope iPhone 5 with battery issues that Apple has replaced for free.  Some comments are that they may do so for phones with this problem up to one year beyond the original 2-year warranty period. I think it is currently a case-by-case basis at Apple’s discretion.

Regardless, I’m very pleased with the service provided in my case. It took a while to work through the process but it turned out well for me.  And having several Apple Stores in the Houston area was a real plus. I never considered going to the carrier’s stores for help and if you don’t have an Apple store around, you would likely need to send it in which would be a hassle also.

Hopefully this one will last for another two-years…So that may mean there would be an iPhone 7 or 8 model out to consider?

Cheers,

Claus Valca