Thursday, July 30, 2009

Security and Forensics Linkfest: Duck & Cover edition

070824-F-5957S-367

Public domain photo: taken by U.S. Air Force Senior Airman Julianne Showalter

Black Hat 2009 Highlights

All eyes are on Vegas this week.

The Black Hat ® Technical Security Conference: USA 2009 is in full swing and it’s been a doozie so far.

Aside from all the security experts being pwned, there appear to be some very interesting presentations going on.

See this Black Hat ® Technical Security Conference: USA 2009 // Archives page for PDF whitepapers, presentation slides, and a few video/audio files as well.

Here are ones that I found particularly fascinating:

  • Bill Blunden’s “Anti-Forensics: The Rootkit Connection” [White Paper] (PDF) and Presentation Slides (PDF).

  • Alfredo Ortega & Anibal Sacco’s “Deactivate the Rootkit: Attacks on BIOS anti-theft technologies” - [White Paper] (PDF) and Presentation Slides (PDF).  Fascinating look how CompuTrace technology that “protects” systems in event of theft could actually be exploited while the system was “safe in custody” of the owner.

Lots more there as well covering both traditional technology, social-engineering, software, and even hardware lock-picking forensics.  Neat stuff!

Bootkit Fun with Stoned-Vienna

Remember when we were all looking at Kon-Boot: Bypass Windows Login Security (and some helpful blocking solutions) and Kon-Boot post (minor) update?  The Kon-Boot application was a “boot-kit” that allowed complete bypass of Windows user authentication password.  In the follow-up post it appeared that whole-disk encryption solutions and/or TPM enablement on supported systems prevented such an attack from working.

Well…not much longer (at least for True-Crypt).

  • Bootkit bypasses hard disk encryption - The H Security

  • Stoned-Vienna.com - Peter Kleissner’s project page for this latest boot kit iteration. Lots of very good technical information.

  • White Paper (PDF) and Presentation (PDF) – Peter’s Black Hat ® Technical Security Conference: USA 2009 presentations on Stoned-Vienna.  The white paper is particularly detailed in technicals on how the injection process occurs as well as the methodology.  Great stuff and must-read material for boot-kit researchers.

  • 4.16: Kon-Boot – Piotr Bania never did publish any technical information on how the Kon-Boot process worked.  Luckily for us, Peter’s got the stuff to sort it out for us.  If you are still wondering how Kon-Boot works, this is the reading material source to go to for now.

  • Stoned Bootkit Blog – Peter’s ongoing updates on Stoned Vienna developments.

I didn’t get to see the presentation, and I’m still trying to find the time to pour though the technicals but it appears (and I am open to correction here) the following facts are in play with this “True-Crypt bypassing boot kit”:

  • It is a boot kit as it injects itself into the Windows kernel after the BIOS by hi-jacking the bootloader process,

  • It does not bypass the need for the user to still authenticate themselves to the TrueCrypt volume; by that I mean it does not “break/crack” the encryption itself,

  • It does co-exist with the TrueCrypt boot-loader, survives that process, then goes on to actually “infect” the kernel post-loader to do whatever the “payload” offers.

  • It could, possibly, be crafted to intercept and capture the passphase/id and send those to the attacker, thus providing them future authentication credentials needed to bypass WDE in future local attacks.

Those second and third points seem critical because in my Kon-Boot mitigation testing, the boot kit could not share the same memory space (in most BIOS’es) as the WDE boot-loader so either one or both failed…thus protecting the system.

The last one is just conjecture based on my current level of reading of the boot kit.

Stoned-Vienna is able to work around that successfully.  In theory it could also possibly work (with development) against other commercial whole-disk encryption solutions/products as well.  The encrypted volume would still need to be authenticated to but once past, the boot kit could go on to do its thing.

And to be clear…this isn’t a blast at any TrueCrypt weakness, it’s really still a function of how (most) Windows systems/deployments are weakened by the bootloader/kernel hand-off process.  Unless the boot-loader file as it loads into memory can be authenticated, along with the kernel files (see VBootkit vs. Bitlocker in TPM mode for a great example) the basic vulnerability will exist.  Disk encryption developers can only do so much to protect their own boot-loaders; the rest seems to be a Windows architecture issue.

Stay tuned as I am sure this will be dissected more in the coming weeks.

Malware Watch

That all reminded me of another (different technique…similar result) technique for hiding malware launch points in the Windows registry from a few years ago.

  • Reports: Long Registry Names Could Hide Malware - eWeek

  • Updated Windows Registry Concealment Info;Symantec AV Vulnerability  - SANS-ISC Blog – more analysis and a link to the “LVNSearch.exe” tool which can scan Windows registry hives and display long value names that typically do not display correctly in Windows (and thus hide the malware launch point) from regular reviews.

  • Panda USB Vaccine with NTFS Support - Panda Research Blog – Notice of an updated version of the Panda USB Vaccine tool that prevents a USB device from being infected by a autorun malware modifier.  This new version now supports NTFS formatted USB devices…not that common to the general public but often seen in IT shops.

  • Panda SafeCD 3.4.3.5 Released - Panda Research Blog – New LiveCD boot disk that allows for “off-line” scanning and cleaning of an infected system.

  • New Virut Strain Blocks AV/Security Web sites - Fortinet FortiGuard Blog – Great analysis of a new malware strain that does some tricky things to both stay alive/hidden as well as block access by the local system to anti-virus/anti-malware websites.

Don’t just stay safe; stay informed!

--Claus V.

Windows 7 Linkfest: fresh meat edition

MSDump

CC Photo Credit: by Choctopus on Flickr

Miscellaneous Windows Fun.

  • Logon Windows7 Automatically – What’s My Pass blog – While I’m all for all Windows systems having a requirement for a user id/password for login, I know that under normal configurations this doesn’t mean it is “secure” and can be bypassed.  That said it could help discourage casual logon of system accounts around the home or office.  However, if you have Windows 7 and this just really annoys you, this is a nice tutorial on how to “auto-logon” to a user account after boot.

  • Managing Windows 7 with DISM - Springboard Series Blog - The Windows Blog – Really helpful overview of the Deployment Imaging Servicing and Management Tool Microsoft offers to system deployments and imaging management.

  • Changes to the Windows 7 install process – istartedsomething – Long Zheng clarifies how the versioning works for the Win7 install process as well as providing a small “hack” tip to make manual selection possible during the install process.

  • Windows 7 activation cracked via OEM licensing exploit, 85 days ahead of general release – istartedsomething – Long also details that Win7 WGA authentication has been cracked.  Bummer.  He doesn’t bother to explain how.  So, we turn to….

  • Bypassing the Windows 7 activation – Wouter Veugelen blog for just a bit more detail but it provides a link to…

  • Windows 7 Ultimate Cracked and Activated Permanently with OEM SLP Master Product Key (with SLIC 2.1) – My Digital Life blog.  That breaks down the issue in detail.  I’m not at all posting this as an endorsement for someone to actually use this to steal activations (and $$) from MS.  However, I find it a good technical understanding of the deeper workings on product activation and WGA.  Seriously.

  • Using virtual machines on Windows 7 RC with Windows Virtual PC beta - Harold van de Kamp’s Blog.  I need another post just on using Virtual PC beta on Win7.  It’s much different than on XP.  Took me a while to find the control interface for it (it’s on the Explorer bar now…). That said, it was a great help being able to run a virtual machine, shut it down, then mount the VHD file to extract files off.  Cool!

For some reason, many folks who were testing the beta/RC releases of Windows 7 were hoping that Microsoft might out of the kindness of their deep pockets offer everyone a full key for the RTM build when it was all done.  Initially MS said no-one would be touched by the god of Redmond to receive this blessing.  However, favor seems to have been allocated a few.  Mary-Jo Foley in that last post above sums it up thusly:

The free copies of Windows 7 Ultimate will go to technical beta testers only — not every individual who participated in the public Windows 7 Beta and Release Candidate testing programs.

So it’s not good news for us peons but the dukes look happy now.

--Claus V.

BOSSIEs You Might Like!

While tracking down a utility, I noticed the developer had a BOSSIE award banner prominently displayed on the website.

Normally I don’t judge by awards alone, but I hadn’t heard of this and as it was associated with InfoWorld, I thought I would check it out.

InfoWorld Bossie Awards – InfoWorld

InfoWorld Bossies (Best of Open Source Software)

Each year, InfoWorld's Bossies (Best of Open Source Software awards) recognize the best open source software for business. The InfoWorld Test Center's central mission has always been to identify the most promising and cost-effective products available to IT organizations. Increasingly, those products -- from application development tools to platforms and infrastructure software to CRM and ERP applications -- come from the open source camp.

Two years running (2007 & 2008), the 2009 winners will be announced August 3, 2009.

I used the Infoworld Bossie Awards as listed on Wikipedia to do my rapid-scans looking for any nice/new tools or software packages.  Or you can look at the 2008 InfoWorld Bossies and 2007 InfoWorld Bossies official pages for a bit more info on why the winners were selected.

So here were the ones I am highlighting as particular interest to me:

  • Intalio, The Enterprise Cloud Company » Community Edition – A business process management software solution.  Much more highly geared to developing and documenting complex business processes than Word and Visio.

  • Drools : Business Logic integration Platform - “Drools 5 introduces the Business Logic integration Platform which provides a unified and integrated platform for Rules, Workflow and Event Processing.”

    Oohhh!  As a process and procedure documentarian for our IT group I’m salivating at the thought of what these tools might offer!

  • inSSIDer – MetaGeek – This wonderful Wi-Fi network scanner is positively awesome. I installed in on my Win7 (x64) laptop and in no-time was monitoring and observing over 8 wireless access points around our home.  If I can have this much info at home, I can’t wait to see how useful it will be to do Wi-Fi policy auditing at work.

      The following related items aren’t BOSSIES but seemed appropriate to place here for the curious.

    • WirelessNetView – No-install NirSoft utility to monitor and find wireless networks.

    • NetStumbler – One of the leading tools to monitor and audit Wi-Fi networks.

    • Using Wireless Network Audit Techniques – 2004 article by Michael T. Hoesing at the ISACA website.  Good intro to some basic info.

    • Wireless Security 802.11  - Wirelessdefence.org “A Wireless LAN (WLAN) security site provided for 802.11 (aka Wireless, aka WI-FI) - Security Auditors and Penetration Testers.”  Tons of good info here.

  • dotproject - Open Source Project and Task Management Software – clearly one of the best “free” alternatives to Microsoft Project.

  • Puppy Linux – When I was prepping Alvis’s old Linux desktop to donate to our church fundraiser project I needed a light but featured OS to install on it.  She had been using PCLinuxOS but the latest version didn’t support the older hardware any longer.  So I turned to Puppy Linux.  In under an hour I had it downloaded, installed and configured.  It can breath new life into very old computer hardware.

  • WinMerge - “WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.”

Take a look a these as well as the full list of 207 & 2006 Bossie winners to see what else might strike your fancy.

There are lots and lots of other categories and winners.

I can’t wait to see what next week offers for the 2009 winners!

Claus V.

Tweak SharePoint and NAS Links

While working on a recent project, one issue we ran into was trying to upload very large files to the SharePoint server.

Some files were in excess of 500MB and the SharePoint server rejected them outright.  So then we used a compression program to slice them up in smaller chunks.  This worked, but if the files took to long to transfer the file transfer was terminated.

Long story short it took a lot of extra time and effort to transfer the files to a network share when everyone needing them could access them.  What compounded the problem was that the persons needing the files were using a shared system otherwise we might have had some more clever options.

Had the SharePoint administrator been available they could have made some temporary tweaks to the SharePoint parameter to allow us some extra room.

Typically, we just jockey files around between protected volumes of our local Novell servers.  The only problem with this is that not only do we have to share bandwidth with the production sites, we also have to busy (not really but to some degree) up the production server with the file transfer/access.

What this exercise really illustrated is that it might be nice to look at putting some Network Access Storage (NAS) points around at key locations that have some large pipes.  These would get around file-size restrictions on a single SharePoint server and as they aren’t performing production work, would be better behaved.

In my mind having a NAS solution that supported multiple NIC’s, had a web-client interface (for roaming technicians to access), and could be highly configured with both group and user policy and storage allocation limits would be great.  It would helpful if the software allowed for both file and folder/container transfers to save time.

We have lots of slightly older equipment and drives that could be easily repurposed for this task.  Certainly there are a lot of commercial solutions for NAS devices that range from enterprise-level support to SOHO needs.  And although there are some really disaster-event supporting solutions, we really wouldn’t need to use it for any critical or secure data.  Mostly just installer programs, utilities, and sharing one-time file-transfers across the map.

I’ve looked into Open Source NAS solutions and these two seem to stand out.

I know there are others as well but I think I will focus on these for now.

Storage Utility Roundup

In the process of researching (starting with this Intel’s NASty little test tool InfoWorld post) I also found a few nice utilities to help test/benchmark storage media.  So here they are as well:

  • Intel® NAS Performance Toolkit - Intel® Software Network – Really nifty tool.

    The Intel® NAS Performance Toolkit (NASPT) is a file system exerciser and analysis tool designed to enable direct measurement of home network attached storage (NAS) performance. Designed to emulate the behavior of an actual application, NASPT uses a set of real world workload traces gathered from typical digital home applications. Traces of high definition video playback and recording, officeproductivity applications, video rendering/content creation and more provide a broad range of different application behaviors. With the latest version of NASPT, users may even add their own custom traces. NASPT reproduces the file system traffic recorded in these traces onto whatever storage solution the user provides, records the system response, and reports a rich variety of performance information.

    NASPT includes an intuitive graphical user interface to get teams up and running quickly, a graphical data analyzer for in-depth performance investigations, and a convenient batch mode feature for performing multiple test runs with a single click.

  • Iometer project – Storage device stress-testing and performance measurement tool.

  • Iozone Filesystem Benchmark – Filesystem benchmarking tool.  Really cool in that it provides a variety of graphical data outputs so that you can get a better sense of what is going on.

  • Bart's Stuff Test 5 - Says Bart, "Bst5...is a small win32 application for long term heavy stress testing storage devices. Bst5 supports testing at file and device level. File level support enables you to test any local or remote volume by file access. This makes it possible to test almost any storage device. As long as the operating system can write or read files from it, you can use bst5 to test it. In Bst5 this is seen as a "high" level test, you write/read data to/from a file using the file system support from your operating system. Device level support enables you to test local devices directly block-by-block. You can use this to test any removable or fixed logical drive, physical hard disk, or tape device. In bst5 this is seen as a "low" level test, bst5 writes/reads data directly to/from the storage device without the use of any file system. In other words, the storage device or media does not need to be partitioned or formatted before testing. If any file system exists on a storage device or media, a non-read only test will overwrite any data on it. Bst5 supports very large volumes, up to 16 exabyte (17.179.869.184 Gigabyte) enough to last for at least 30 years."

  • smartmontools – Two “CLI” programs “…(smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA and SCSI harddisks.” Versions are available for most all OS flavors.  The primary download link provided to the “stable” versions was down but this Index of /smartmontools link provides some to beta/testing versions that are very new (but maybe not as stable). Note: the installer used often is flagged as “malware” by AV software.  I had to disable mine to download the file and then unpack it.  That said it seemed otherwise safe.

  • GSmartControl – Provides a GUI wrapper that may be easier to use for folks.  Also offered in numerous OS supporting versions, though expects some additional supporting applications (GTK+ for Windows Runtime) to be installed on the system

  • USBDeview – Nirsoft – Use this tool to get information on USB devices that have been connected to a system. However, for this discussion the latest version from Mr. Sofer now contains a USB read/write test so you can check the performance of the device. Designed to work with flash-media it does seem to work with most drive-based USB storage devices as well.

  • Grand Stream Dreams: Pocket Hard-Drive Utilities – For even more storage utilities and tools, please see this recent post.

Cheers!

--Claus V.

Wednesday, July 29, 2009

GSD Blog Redo: v 3.0

Please do not change your browser settings.

The GSD blog has been redesigned.

For some reason, in a fit of summer boredom and bravery I decided it was time for a redo.  Maybe it was the recent redo of the NPR website.  Maybe it was the Chron.com redo (or Dwight’s TechBlog ) .  I’m not sure.  Anyway I decided it was time for change.

And yes…your eyes don’t deceive you.  That indeed is a recent image of Lavie and I snuggling away in our real-life vectorized skins.  No need to imagine our mugs any longer.

I spent a few hours (honestly) poring over the Blogger Templates at btemplates.  There were lots and lots of really great templates.  Only problem I kept coming back to is that many of them looked way too commercial or polished for the tone of the GSD blog.  In addition, I just didn’t like having to depend on images or banner-images hosted off-site.

So I reviewed the default ones on Blogger and ended up really liking “Sand Dollar”.  It was a two-column template which was a bit hard to adopt from my previous three-column style.  However, I really liked the way the post-body section auto-resized (floated).  And the font worked quite well.

I did use this tip BP Web News and Tips: Template MakeOver - Procedure 3 to swap the body and sidebar columns.  I was just so used to having the body-text on the left that I had to get it back that way with the sidebar on the right.  This worked perfectly.

I did break the tag-cloud horribly with the new template.  However, I did find that the code I previously used by phydeaux3 was updated and refined a bit more since: New Blogger Tag Cloud / Label Cloud.  I think it looks smashing!

I did drop the “Links from Japan” as though I still RSS feed a number of Japan-centric blogs, I really didn’t find the length of the sidebar items pleasing going from a double-sidebar to a single one.  So it got cut.

I finally hard-coded the HTML code for the “apostrophe” character in “Claus’s Toolbox” so that darned “quote” character previously in it as “Claus”s Toolbox” is now fixed.

I also tweaked the colors (Blogger now has added a nice WYSIWYG Fonts and Colors editor) with Lavie’s help providing a critical eye  Simple borders were added to better separate the body from sidebar.  Padding and font sizings were manually adjusted as well.

The real killer-diller for me on this was the comment widget.  The original widget transferred over fine but the text was all jammed together and it was next to impossible to differentiate between comments.  It’s a JavaScript creation and while I am comfortable with basic HTML/XHTML coding, JavaScript is a different manner.  Through trial-n-error and careful studying of the code layout I finally figured out where to add a JavaScript language “linebreak” of sorts.  I think the comments look quite sharp now.  I also expanded the amount of allowed characters so it is easier to get a sense of the comment on longer ones before they are truncated.

I’ve still got some additional fine-tuning to do.  I’d like to separate the posts a bit more as they seem to run together just a bit. And with the new-found extra room I might be changing some of the other graphics on the side-bar just a touch.

I’ve checked it in Firefox, Chrome(ium), and IE8.  I’ve not jumped over to my Vista (dual-booting) OS yet so I haven’t seen it yet in Opera or Safari.  I imagine it is rendering fine there.  I really hope this particular template design fixes the annoying habit of long-lines breaking the previous three-column template in IE.  Specific HTML code I found in the template seems to address that issue.

Of course, I had to remember to update (refresh) my theme in Windows Live Writer so it now correctly formats according to the revised template.

All things said, I think the changes are pretty refreshing and makes a much more eye-friendly blog.

What say you?

Cheers!

--Claus V.

Saturday, July 25, 2009

Linkfest for Worship Projectionists

I’m going a bit off my usual topics here, but I know a few readers I interact with may find this useful.

Unbeknownst to some, back in March I began assisting our church projectionists (two in count before I volunteered as well) with running the video-desk during our church’s worship services.

After about a month’s time getting used to the software they were using, the process of combining all the elements (songs from the music minister, sermon outline, announcements) into the program, doing the trial-runs during practice sessions, and slowly getting my courage up to “go live” I’ve overachieved again and gone from a newbie to seriously punching up the quality of the presenation materials and getting things “pre-loaded” whenever possible for the other rotating projectionists.

If this is completely seeming like a foreign-topic to you let me explain.  Many churches…particularly Protestant…are now starting to use specialized software, coupled with one or more video-projector devices, to display song chorus lyrics, sermon outlines, video-clips, and/or PowerPoint presentations to the congregations.  In the past there may have only been a “sound-desk” team to run the sound/microphones but now with many worship services becoming more “contemporary” audio/visual media is taking a larger role in the worship service.  Maybe it’s a generational thing.  So typically, the folks who tackle the visual aspect are referred to as the projectionist team.

OK.

At the very basic level, many small churches (and some large ones) may be using PowerPoint to fulfill this need.  Certainly a presentation built with slides to cover all the songs and maybe the pastor’s sermon will certainly suffice.  It is quick and easy to get going and many folks are already familiar with the software from home or work usage.

But if you want to kick-it-up a notch and really add power and flexibility, there are some great commercial and freeware software applications that will do wonders.

The Commercial Players

When I came on, the church had been using the commercial product SongShow Plus.  As this was my introduction into this class of software I had no previous background to compare it against. Our version of Song Show Plus was not the most current release.  We could download into our local database CCLI songs legally under subscription, build slide-shows internal to the application, and use DVD/video-file media.  I learned it pretty fast. My major complaint was that the slide building interface was horribly clunky and awkward to use.  It seem just a few degrees off on doing things from the standard Windows (Office) way of working things.  The one redeeming factor was that I could custom organize song elements so I could go right-down the order without modifying the original song format in the database.

Our music minister had previously used another commercial product called EasyWorship.  We installed it on our system and trialed it for a bit.  The interface was much simpler, CCLI importation was supported, but the major winning factor for me was that it was able to heavily support PowerPoint presentations for our announcements and sermon slides.  While I may have felt like a fish in a tank with SongShow Plus, I was in the deep blue sea with PowerPoint.  In no time at all I was back in my element creating quite advanced and beautify (humbly said) presentations.  The only drawback was that although songs in the database could be edited, they couldn’t be “scheduled” as easily like SongShow Plus. Sure there are tricks that we can do, but there is more clicking back and forth between verses and the chorus.  It took a bit of adjustment, but as I was the “new-guy” I had no trouble jumping programs.  A month later the church purchased a license and we haven’t looked back.  It also supports DVD sources for media presentations, various digital media files, as well as audio tracks.  It is simple to learn, simple in interface, and powerful in presentations.  A bonus benefit is that the license allows legal installation on the home systems of the projectionists so we can keep a full copy on our home systems as well to practice or build worship schedules and bring with us.  This allows more flexibility and is a nice touch.

Now comes word of EasyWorship 2009 in their company blog.  That link has the download as well for the alpha version of EasyWorship 2009.  It’s a free (trial) download and loaded up just fine on my Windows 7 x64 system.  Final release is expected in September 2009.  The current version is great, but the interface is more Windows 2000 style.  The new GUI is pretty much the same but updated with more of a modded XP/Vista style theme.  Overall it otherwise looks and operates exactly the same.  The changes appear to be very subtle and under the hood with more support to video/audio/web sources for display, some tweaks to the song display format tools, as well as the addition of a “VJ” control and output to what is termed the “display foldback”.  I think this is additional output to a “confidence monitor” or a display that the pastor/choir would see but not the congregation.  We are really looking forward to the final release.

One more big-dog in the house that I haven’t used but see mentioned frequently with these others is MediaShout.

Quality Open Source / Freeware Alternatives

For congregations that are looking to move up from PowerPoint but don’t have the funds to purchase one of the commercial products, there is good news.  A very large number of Open Source / freeware products are available as well.

After you spend some time looking at these as well as the commercial versions, you see that they generally all follow a variation of a common theme/layout.  There is a section where you build/save your “schedule” of elements. There is usually a preview area where the content to next be presented is displayed, then there is the “live” area which controls the element that is “live” projected to the congregation via a dual-monitor or extended desktop configuration of output.  In most cases the second monitor output is hooked to a projection system and the program is able to auto-detect and dump the “live” output there while the primary output displays the software itself that the projectionist interacts with.  For a bit more reading and background on this area please see Worship Presentation programs at Wikipedia.

So here are some (of the many) quality freeware projection software applications that you might want to look into.

  • openlp.org – An incredible software product that is very mature and polished.  It should have just about every feature a congregation should need in getting started.
  • OpenSong.org – Supports both Windows and MacOSX.  Has chord support as well as CCLI importation.  A bit different than most standard interface formats, it is quite popular.
  • DreamBeam – Very polished and support a range of digital media sources.  Pretty hip.
  • PowerSong – It has a refreshingly simple interface with a lot of power hidden below.  A very approachable way for newbies to get started.
  • Easislides – A number of features make this free offering particularly interesting; it has dual-lingual lyric support, a praisebook generator, three-monitor support (operator, congregation, stage/choir), and chord notation.  Standard options such as alerts (for “come get your kid” announcements, Bible verses, are included as well.
  • Zionworx – Being new to this field, I’m not as knowledgeable about the developmental history of these applications, but UK-based Zionworxs seems to be a free product that has been around for quite a while.

And then there is this one.

  • Datasoul – I’m setting this one apart as it is a very odd-duck.  It is Java-based.  That means it can run on Linux, Mac, and Windows and still be exactly the same.  I guess it is kind of like the Unitarian version of worship-software applications!  The main layout is very familiar to the standard format of this type of software and it has a number of great features, again including chord notation, break-in ticker announcements, and even a utility to import your EasyWorship song database into Datasoul format. 

Additional applications can be found listed in these extensive collections.

Punching it Up

Depending on the software application and formats supported, you might soon find a desire to add extra video or graphics to your sermon slides, announcements, or other presenation items.

It does get a bit tricky.  Choosing material that enhances the theme or message you are supporting without drawing attention away from it can be challenging and without restraint, the difference between presentations that are subtly impactful versus annoying is quite fine.  Unless you already have some graphic editing experience, I’d strongly suggest running your ideas/drafts by the worship leader first to make sure it meets the over flavor of the worship service.

That said, there are a number of great sources of material you can integrate into your presentation work.

  • Clip Art / Video collections – There are many low-cost clip art collections you can buy that will allow you access to stock images and graphics with no/limited restrictions on usage. Digital Juice is just one of many such commercial providers of such collections. Amazon.com: clip art: Software has over 800 items to pick through.
  • Clip Art - Free Images, Photos, and Sounds - Microsoft Office Online – If you have a valid Microsoft Office product (say Power Point) then you have access to thousands of stock images and clip-art items.  Many are very good and flexible for worship and announcement-related themes. Please refer to this Use of Microsoft Copyrighted Content FAQ for details, but it seems that for most non-profit activities. The Clip Art section seems to show that use in church material, particularly of a “transient” nature, is allowable.  However, IANAL so read carefully.
  • Flickr: Shared Worship Background Graphics – This great Flickr group provides a number of images and backgrounds appropriate for (most) worship environments.  According to the group rules posted on that page, the images are free to use…usually only with the requirement for attribution.  There are some really, really stunning and sophisticated works by the contributing artists.  Good stuff!
  • New Worship Media – a small (but growing?) collection of free video motion backgrounds, suitable particularly for younger/youth worship song backgrounds.
  • Midnight Oil Productions – Offering free (for registered members) and commercial stock video and graphic packages, it’s a great place for some high-quality material to enhance your presentations.
  • CreativeMYK – Mixed collection of images.  Some I easily get, others I kinda wonder how they fit in with the overall collection.
  • Creative Commons Search – Great resource for finding images that are free to adapt…usually with attribution required.
  • Free Stock Photos and everystockphoto – Two more locations to get free stock images.  Registration required.

The AV Community

One of the tools I use to try to enhance my skill-set, particularly when learning or working on an area that is new to me is to seek out others who are accomplished in that field.

By reading their blogs and websites, I can gain a better understanding of issues and trends and (hopefully) avoid pitfalls in the learning process.

Here are some of the links I have started to collect and RSS feed as I learn about the larger church-projectionist/AV community.

  • Collide Magazine – Web version of print-media that shows the blending of church and technology.
  • Technologies For Worship Magazine – Another online counterpart for a print magazine that address the integration of technology and media in the church landscape.
  • Creative Church Media – friendly blog by Dave Smith, “professional” church projectionist and blogger who loves to post videos of his work.  Great place to learn from a pro.
  • Church Media Design TV - Tips, tricks, and how to for the church media designer.  Regular video presentations from church-based IT geeks on tech topics.
  • The Church Media Community - ChurchMedia.net. – Providing educational trainings as well as established forums for church media workers to discuss and seek assistance with software, presentation ideas, media/graphics and related topics.
  • Catch Fire / Eleven72 – Interesting blog from a more video-production angle.
  • Church Tech Matters – Nice website that covers a wide swath of tech-related topics for church volunteers in the IT areas.

EasyWorship Specific Tips

Finally, here are some key tips I’m dropping for future reference as we work with our EasyWorship program.

That is all.

Now back to regular GSD Tech programming!

Cheers!

--Claus V.

USB Tricks for Vista and Windows 7

Here are some miscellaneous links I stowed away regarding maximizing USB storage usage.

I offer this one as a great walkthrough when coupled with a VistaPE build.  Even better would be use with a custom VistaPE WinPE Build perhaps?  Seriously, this is exactly what I did with my custom VistaPE build (with PGP WDE driver injection).  Having that package on a bootable USB stick makes servicing systems so much faster and stable now.

As an added trick, the VistaPE.wim file is right on the root of the device so, say you have a couple of different VistaPE builds, a big/fast USB stick, and a touch of cleverness, you could just keep all your different (renamed) VistaPE.wim file builds on it, then pre-booting, rename the wim file package you want to use to “VistaPE.wim” and then boot away into that build.

--Claus V.

Forensic Post JuMblE Linkfest

Really no rhyme or reason to this mad-hatter collection of forensics links.

Stuff I’ve picked up over the past month mostly for reference purposes.  Probably nothing here for most folks but maybe you will find something of interest.

  • Julie Amero case featured in new forensic book – Sunbelt Blog – Really fascinating cross link to PDF file.  Reading the (lack-of) technical knowledge or legitimate forensic evidence/methodology was stunning…as was the impact.  A must-read for any incident responder.  I’m no forensic expert but if I was on the jury I would have been climbing the walls with discomfort.  Great reading.
  • Hard Drive Errors and Replacements – SANS Computer Forensics, Investigation, and Response blog.  Ever wonder what it would take to pull the platters out of a drive and drop them into another hard-drive chassis?  Now you know!
  • Opensource forensic tools – When A Dumb Boy Learns To Write blog.  A nice collection of forensics tools in an organized list. Nice resource.
  • Forensics 101: Acquiring an Image with FTK Imager - SANS Computer Forensics, Investigation, and Response blog.  I’ve had FTK Imager in my toolbox but this was a great-reminder about how useful it can be. I should have considered this utility when I did my PGP WDE recovery exercise.
  • Unix dd command and image creation – Softpanorama.org – Very thorough reference page with lots and lots of “dd” command tips and information.
  • Windows Incident Response: Mounting a DD image – Windows Incident Response blog – Harlan gives some wonderful tips on what to do with that dd image once you got it.
  • dd (Unix) - Wikipedia, the free encyclopedia.
  • Partition Find and Mount – Another freeware tool that can mount dd images as an accessible “virtual” drive volume..
  • Tools and utilities for Windows – Utility that allows mounting of IMG/dd and other “image” files as physical devices.  Really cool and is in use on my work system..
  • Free Windows Drive tools – SANS Computer Forensics, Investigation, and Response blog.  A few more great tips on tools that sysadmins may find useful in working with drives.
  • Survey of Disk Image Storage Formats -- (PDF link) – 2006 whitepaper from the Common Digital Evidence Storage Format Working Group / Digital Forensic Research Workshop.  A bit dated but still a very good introduction to the different forensic-image file formats.  If you spend some time on the forensics blogs (or working with forensic-imaging related software), you will hear/see references to some of these different image file types.  I found this a good primer on sorting them all out..
  • Stephen Venter: Mount EWF (E01) on Linux – Stephen Venter’s blog – More tips for working with the EWF (Expert Witness Format / EnCase) image file format.

FYI,

--Claus V.

Thursday, July 23, 2009

Video-Editing Resource Roundup

For the past few weeks I’ve had a primary side-project at work that has been exceedingly challenging.

Our group had to produce a video that showcased the services we provide our customers.

Writing the script for two of the four segments was no big deal.  It would have made Obama’s script-writers cry.

However just because I can write didn’t mean it was “in-the-can”.

We still had to organize the video shots, narration track, and do the editing work.

I’m pretty comfortable working with audio files but video?  That would be a first.

We did have a semi-pro member of a sister-IT group who has considerable video-editing experience (and Adobe product availability).

But as I was trying to get the concept across to everyone, it became clear to me that a script and video footage just wasn’t going to ensure the vision made it from my brain to the big-screen.

I had to dive in to video production work, and fast.

Storyboarding

Having watched way too many Disney DVD “extended” features, I knew that one of the most critical tools visual production artists use is the “storyboard.”

By visually crafting a series of story-boards with descriptions of the plot/elements, it is much easier to see the concept in action.

There are a number of adequate freeware and Open Source products for storyboarding.

In the end I adopted (and highly recommend) Celtx - Integrated Media Pre-Production; a free product.

It is very easy to install and get going.  I didn’t read the manual at all.

In addition to an easy to understand and use “storyboard” tool, it also contains script-writing tools conforming to several different media genres, scheduling and organizing tools.

Between the web and screenshots from our video taping files, I was able to quickly copy the narration script segments into respective story-board frames and output the entire package to a paper document (PDF) for distribution to the workgroup members.

In no time flat everyone was able to see exactly what it was I was describing.

Sound

Next up was the primary audio-narrative.

For this I had to wait until after the normal production hours had ended so I could ensure quiet.

I used my USB mike/headset kit to capture my voice.

Then I used Audacity to record and edit the captured WAV file that I made of my narrative recording. (See also Audacity Portable.)

Overall I have very few edits to make to the audio-file.  I did drop the pitch down just a few points to make my voice a bit deeper and more like those of professional narrators as heard on nature shows and stuff.  To me my recorded voice comes across just a bit higher-pitched that I like to hear.  Lavie didn’t even recognize it was me until I pointed it out and then she purred.

Video-Editing – Round One

With the sound in the can, and all the video files, stock stills, and other team pictures captured and uploaded to the remote server for our in-house video pro to work with, I should have been done.

However, I figured that maybe it wouldn’t hurt as a backup plan to try to create my own rough-cut director’s edition; just in case.

I’ve never attempted to do any video editing before, but thought I had the concept down pretty well.

I just needed to identify a tool that would be fast, easy, free, and flexibly enough to allow a first-time video editor to produce something our team wouldn’t be embarrassed about when it was presented to the organization.

I quickly found that there were quite a few wonderful tools out there, but they all had some kind of draw-back:

  • Virtualdub – freeware – and VirtualDub Portable – GNU GPL licensed. 

  • Wax – freeware – Quite powerful with a range of flexible input/output format support.

  • Zwei-Stein Video Editor 3.01 – freeware – Quirky interface and attitude.  I suspect it brings a lot to the table if I really knew what it was all talking about…likely for folks already graduated to the deeper end of the video-editing pool.

  • Jahshaka – freeware – Not updated for a while (about a year?) and comments from other bloggers suggest that some features just aren’t implemented enough.  That was enough to keep me from installing it for a trial-run, as I had done for the others mentioned above.  Still, might be worth a look.

All provided what looked at first glance to be more-than decent tools for video-editing.  However it soon became apparent that these were not necessarily for the novice.  Extended use or previous video-editing skills would probably make them more useful than to a first-time video-editor.

I also absolutely was floored by this singular-standout in video editing software:

I think there is a actually a bit of a distinction between the two locations above, but I’m not certain. Check out both as they all have a wealth of resources.

Unfortunately, I didn’t have a Linux-loaded system handy with the RAM and CPU’s I though necessary to really put this program through the paces.  That said, it will likely be high on the list for me to do so.  It really seems like a true professional-grade video-editing product that is on-par with Adobe’s offering.  And based on the documentation and screens-shots I read, seemed it would be something I use pretty quickly, but then leave a tremendous amount of “extras” as I grew in the concepts and skills needed.

For additional offerings check out this List of open source video editing software packages over at Wikipedia.

Video-Editing – Round Two

So I regrouped and came at it from a Windows-shop angle.  That meant bowing-down to the great god of Redmond.

I knew that Microsoft offered an XP version of Movie Maker, a Vista version of Movie Maker, a Windows 7 version of Movie Maker, and then there was Movie Maker (Live) beta.

Confused?  Yeah.  I was also because none of them are exactly the same thing and each one brings certain features to the table.  Additionally, they aren’t necessarily platform agnostic so in most cases you might not be able to use the one you like on the Windows OS you’ve got.

First up was Movie Maker beta - Windows Live.  Unfortunately, for some reason, I wasn’t able to install it on my XP system.  It did go on my Vista/Windows 7 system with no complaint.  That ruled out me using it on my work platform (XP Pro) for the moment while at work.

When I did get home, I installed it on my Windows 7 RC system (x64) and I must say, it did seem very fast and easy to work with. I did have to apply a patch from MS to extend the expiration date. However about ten minutes into the editing process I ran into a serious—nay, fatal—issue.  I was able to import and trim my video clips and insert still images. I was also able to import my WAV narrative file.  So far it was very simple and easy to use. What I wasn’t able to do was to “trim” or cut that WAV file for when I wanted to drop in a video segment that had it’s own audio track. . Bummer.

Although I remain hopeful based on posts from the Windows Live Photo & Video Blog that additional features such as this (and others) will be coming in future releases of Windows Live Movie Maker edition, it just didn’t provide the more “advanced” features I needed.  So I had to punt.

I did know, from my research, that Microsoft also shipped a different version of Movie Maker with Vista (Home Premium/Ultimate).

So I rebooted and logged into my Vista 32-bit system instead. Sure enough there it was. And it supported all the audio-track splitting/cutting I needed.  In no time at all (well it was about 2 AM when I wrapped things up) I really did have the director’s cut edition of our video production in the can.  All done from my laptop with a USB hard-drive serving me the video/still files needed during the crafting process, while I was in bed.

Hollywood here I come!

Seriously, I did find it an incredibly intuitive application to use for a newbie to video-editing.  I confess I did seek the “help file” out once or twice but found it remarkably unhelpful.

I was able to mute the stock video footage audio so my background narrative audio came through.

I could drag/drop the stills into the time-line and extend the time they would stay up on screen.

I was able to “trim” the ends of all the video files with no issue.  I found I could even cut video segments out entirely and reshuffle their sequence.  Sweet!

It really was a full-featured, non-linear editing program and I love it!

My only regret was that I couldn’t use it on the Windows 7 x64 bit load to get the additional performance that OS brings to the table. 

Nor did I have time to puzzle out the audio transitions (fade audio up/down) between segments as well as as the video transitions.  I wish I did but time wasn’t available.

Only later when researching this blog post did I discover that I could have probably downloaded the “Vista” version of Movie Maker (2.6) onto the Windows 7 system I also am dual-booting.

Now I know (although some commenter's seem to report experiencing limited issues with using it on Windows 7).  It also seems to be “stripped” of some features of the native Movie Maker 2.6 version in Vista proper according to some posters.

If you are needing, in my humble opinion, the most flexible and powerful Windows Movie Maker build there is currently, I would recommend checking it out.  Just be aware that the packer used for it might set off some AV alerts.  That doesn’t mean it is infected, but that it uses a file-packing process common to malware as well, which most AV’s will blindingly alert on.

Movie Maker 2.1 (XP)

Finally, not offend, some folks seem to believe the original Movie Maker for XP 2.1 is the best that ever was.

I couldn’t for the life of me figure out how to install it on my Windows XP Pro system, and there was no helpful download-link from the Microsoft download page.  So I never got the chance to try it out.

So I’ve got no flight-time with Movie Maker 2.1 (XP).  That said, here are some links that might be helpful.

Final Odds n Ends

I also needed to capture some screencasts from my system so I found this list of screencasting software from Wikipedia quite helpful in selecting one to use for my needs.

I had some video footage in an MP4 format that Movie Maker didn’t recognize.  Luckily I found Jacek Pazera’s MP4 to AVI Converter 1.3 free utility.  It did a rapid and bang-up job getting those pesky MP4 files into a format I could use with no fuss.  I ran rapid-quick on the x64 Windows 7 system.

I’ve also used many of the media converters from A-Software Plus with great success. They are format-specific and do a great job of converting audio and video formats from one mode to another.

Update: Thanks to JMisner for pointing out in a comment post that the downloads from A-Software Plus might bring along a bit more than is expected.  Per suggestion, I re-downloaded one of the packages and used Universal Extractor to open up the setup file.  Besides the main extracted application file(s) found in the {app} extraction folder, there is also a {temp} folder created that contained two files; rkinstall.exe and rkverify.exe with file properties clearly identifying them as from TMRG, Inc..  A quick search on the Internet across all three key-terms found that many many references are made to these files.  Like JMisner, I’m not yet certain what “exactly” they do but they seem related to installing an ad-injector to serve up additional/targeted ads during the browsing experience.  Not cool in my opinion.  On the original system I used one of the converters on, the commercial AV product didn’t complain one bit (got to recheck that system now). On my home system my Sunbelt Software VIPRE jumped all over the file rkverify.exe during the Universal Extractor process.  I had to “pause” it to get the full extraction to take place.  So big-thanks to JMisner for catching this. I’ll do some more monitoring work to see what is going on and post more later. For now, I’ve de-linked the reference link in the post above. I would suggest moving on as there are other such apps that don’t bring this headache along with it.  A-Software might be using the TMRG,INC files to bring it revenue so they can offer these tools “free” and it is certainly their right to do so.  Aside from these two “extras”, the applications themselves seem to work great as promised. Just be aware that they are “free” with a catch.  If you are a geek and are willing to do the manual extraction process of the software to get just the encoder/decoder/converter portion, I’ve put the link below.  If you aren’t a geek and don’t mind having these extra features along for the ride, then install away.  Your call.

http://www.asoftwareplus.com/media-converters.html

--CV

Granted, I’m no systems newbie although I am new to video editing, so I brought a strong measure of confidence and can-do to the table.  True newbies might find it a bit more challenging.  That said, I suspect my daughter Alvis could have done even faster work than I did.

It was very, very fun and having these incredible tools—all free—at my disposal ensured I have now been bitten by the video-editing production bug.

Once comfortable with these, there are additional commercial and freeware software video-editing packages, as well as those that ship OEM with various digital cameras and other related hardware which might be bumps-up from Microsoft Movie Maker line.  That said, for most home-users and SOHO business users, this might be more than sufficient.

Woot!

Cheers!

--Claus V.

Focusing in on Firefox: Cleaning Edition

cc photo-credit “robomaid 02” by si_si_ay on flickr

robomaid 02It’s been quite a while since I’ve focused on Firefox…or even browsers in general.

There has been quite a lot of movement with Apple Safari 4 getting released, the steady march of Opera 10 Alpha/Beta releases, Chrome/Chromium making a Roman legion steady-march into the browser landscape.  Then there has been that whole Firefox 3.5 thing.

First a Side-Rail visit

Before I hone-in on Firefox, I want to toss these two interesting browser-related links out for feeding to the lions.

Rafael Rivera provides a method to “work-around” the EU Windows 7 “E” version that ships without a browser…answering the question of how a techie/clever user can indeed still browse the web and download a browser of choice to Windows 7 to get the ball rolling.

He actually had a 2nd post that had an even “easier” 2-step method, but quite curiously, he pulled it as it didn’t seem very elegant.  Having tried it I still believe it has some benefit for system administrators troubleshooting a system :

  1. Open the "Run” command.
  2. Type mshta.exe “whatever web-address you need”   see example below:

Now, the reason Rafael stated that he removed this is that navigation using mshta is very problematic.  I’ve tested this under XP/Vista/Win7 and it seems to work ok.

Just tossing it out there.

The other browser-related post that caught my interest was this one:

This is a very important question!

Many of the recent web-browsers are now releasing versions that have some form of a “Privacy” mode.  This mode (in theory) allows a web-surfer to browse the web without fear that the cookies, history, or cached bits will be preserved when the surfing activity is completed.

Good for some folks but probably a headache/bane for concerned parents/employers/forensics folks.

I’ve yet to find any good and thorough examinations of before/after testing of a Windows system in which Privacy mode was used.  I would suspect that some bits still could be recovered by a skilled forensic expert.  And as this post shows, depending on the browser and usage circumstances, some browsing activity does indeed remain in play…at least for a time.  This alone shows the benefit or forensics responders who are able to obtain an image of the memory while the system is running, and not just the drive itself.

From page 2 of the Betanews post linked above:

When you exit Private Browsing mode in Firefox 3.5, you cannot pick up the trail again from where you left off -- anything your browser remembered up to that point, has vanished.

Does the Incognito Window in Chrome work the same way? Surprisingly, no -- and this is where one starts evaluating the browser makers' design decisions. If you exit the Incognito Window ("Nothing, honey, wasn't doing anything…just checking statistics")re-enter it again, and then re-enter the page you were on, you'll find your shopping cart is intact, right where you left it. So exiting that window did not erase your trail.

But suppose that's what you want -- suppose you want to be able to hide the Incognito window on demand without destroying your shopping, should prying eyes happen to walk by. That actually makes this feature somewhat handy -- for the time being, Chrome is remembering something you want it to forget later.

At least, isn't that what you expect…for Chrome to forget it later? What happens when you exit Chrome altogether…does it forget your shopping cart then? No. Start up Chrome again, and your shopping cart is alive and well. And that could be a problem. This suggests that for any one Windows user account, there is a general track and an incognito track. When you exit Windows altogether, and restart Windows and Chrome, that's when you find out your shopping cart and history have been wiped clean. So the session key Chrome generates for Incognito is apparently only good for the current Windows session, and that's fine. But it still suggests that some session data is being maintained somehow while you're in Incognito mode, and that may not be what you expect.

The point of all this is to know—really know—how your browser choice’s Privacy mode works.

Extension Extravaganza

I can’t believe it but it seems like it has been just over a year since I posted by last Firefox Extension List collection.  The dependable ones have stayed and the weak have been culled.

I have only just recently added a handful of new ones.

Firefox does have a pretty-good “off-line” mode to allow basic reading of cached pages when no internet connection is available.  However sometimes it just isn’t robust enough.

Enter the Read It Later extension for Firefox.  This little guy makes it easy to power-bookmark pages for reading in their original format.  It has quite a lot of options and looks to be very useful, particularly as I am finding myself working on posts “off-line” in unusual locations of late between projects and duties.

Also check out the Multirow Bookmarks Toolbar.  As if cramming a ton of book-marked links on my Firefox toolbar isn’t enough, now I can expand that toolbar into additional rows if needed!  While I don’t use or recommend this much as an organization method, at work I have quite a few web-sites I frequently access for production work.  Having the ability to place them on the toolbar means faster access and less digging through my bookmarks structure to get to their original location.

El Guru shares a great (to us) extension to Disable Tab Tearing.  This has been a long-time frustration leading up to the final Firefox 3.5 release.  Fortunately the Firefox Extension Guru now has easily led us to the power to nip this one in the bud.  Thank you!

I’ve known about the ability to delete a website folder in the “history” view for some time to remove all linked references to visiting that particular website.  However, was was news to me was that Firefox 3.5 now has enhanced this power with a “Forget about this Site” option.  Make Firefox forget about a site, 3.5 style - Mozilla Links.  However, Mozilla Links then passes on a tip to the Close’n forget add-on.  Not only does this one dump the target website from your history, but also can be set to nuke the related cookies as well.

I suppose one could also just pop into the Firefox Privacy mode, but sometimes when you are browsing, you don’t realize you need to drop these things until you have actually landed and are browsing about the website…and by then it’s too late to shift into Privacy mode.

My fave Firefox RSS reader Newsfox got an update.  Minor release: NewsFox 1.0.5.1.  Nothing spectacular, just a series of micro-refinements.  It isn’t planned to be released to Add-ons proper so hop over to this link, mozdev.org - newsfox: installation and get the NEXT version.

Finally, I bit the bullet and installed the Add-on Collector from Mozilla and uploaded my “home” collection of Firefox extensions to the community.

I’ll do one for my work-system profile as well later.

Optimizing Firefox

For the first time in quite a while, there has been a minor Firefox meme making the rounds that is wonderfully beneficial when it comes to speeding up the launch-time performance of Firefox.

Both of these post point out that one of the “features” of Firefox 3.5 that it generates a “randomness” factor at launch by probing various directories on Windows.  Depending on the volume of contents in these locations, the scanning process can take a while to complete, thereby delaying the “start-up” time of Firefox.  Both posts point out where to go to clean house of these files, thereby reducing the lag-time in launching Firefox.  Indications are that this is to be improved in upcoming release versions of Firefox so it behaves better.

El Guru opened his post Speed Up Firefox 3.5 Startup « The Firefox Extension Guru’s Blog with this tip as well then proceeded to expand it with another Firefox performance tip; vacuuming the SQL databases that Firefox now uses.

For more details of this check out these posts:

Basically, Firefox places items saved or accessed by the user in SQL database stores.  Not a problem, but when these items are deleted, the spaces left behind aren’t reclaimed and all these spaces add up considerably after a while.  Vacuuming is a legitimate SQL maintenance command that strips out those spaces and compacts everything together; thereby improving launch-time performance.

So how do you apply this fix?

Well, for the hands-on method, check out this post. Increase Firefox 3.* Performance by Optimizing the SQLite Databases [Windows, Linux and Mac OSX] ~ Web Upd8

Even if you go with one of the “automated” methods below, this should give you a basic understand of what the automated-routines are doing.  But that’s just me.

If you want to skip all that and just click something and let it work to speed up your Firefox launch times then check out either of these two freeware utilities:

BleachBit is still “developmental” but after checking it out, I ran it against my work Firefox system and it operated without any issues or detriment.

It does a whole-lot of other “cleaning” operations as well, but I’m just interested in the Firefox vacuuming.

  1. Download – BleachBit and run the installer. Note: I’ve not yet tested if it can be made “portable”.
  2. Ensure Firefox is not running.
  3. Run the BleachBit application.
  4. Select the Firefox –> Vacuum tic-box
  5. Hit the “Delete” button.

The operation will run and then you will be quickly cleaned and in business!

The other application noted is from the InfoSpyware site (in Spanish) created by Marcelo Rivero a Uruguaian who is living in Miami, Florida.

Download and unzip from the following main-utility page location:

  • IniFox - InfoSpyware

  • IniFox - Infospyware - Google Translate

The tool hasn’t been translated with an English version yet but it is pretty easy to use:

  1. Close out Firefox.
  2. Launch IniFox.exe
  3. Select “Aceptar” to accept the “EULA”
  4. Select the “Examinar..” to browser to the location of your Firefox user profile folder location.
  5. Select the “Instalar” button
  6. It will install the squlite3.exe file needed to do the vacuuming work.  If it already exists, you can reinstall it (Si), not reinstall it (No) or do so always/never, or rename.  I like that Marcelo provides all these options.  Select the one you wish.
  7. Same thing for the file “iniFox_by_infospyware.exe”.
  8. Then a “DOS” box will open (red with yellow lettering on my systems).
  9. At “Presione cualquier tecla para ejecutar IniFox y espere……” just “Press any key to launch IniFox and wait….”
  10. Depending on how much “vacuuming” work is required, this can take anywhere from a few seconds to a few minutes.  Just be patient.
  11. When done you will be presented with “IniFox a terminado con exito. Pulse cualquier tecla para salir."  so “IniFox completed successfully. Press any key to exit.”  Do so.
  12. Relaunch Firefox and hopefully you will see an improvement in the launching speed.

Cheers!

--Claus V.

Wednesday, July 22, 2009

Centreware Web With Firefox Verboten? IIS Not!

cc image credit: Jeremy Botter, flickr

So our customers were recently outfitted across the organization with new Xerox multi-function, networked printing devices.

They can be configured and managed directly from the control panel of the device, or via an web-based IP connection.  Pretty standard stuff.

Only we have hundreds of them assigned to our supported customers.

It took us a while to figure out (thanks Xerox) but there is a product from Xerox that will allow us to “globally” administer all the devices rather than just dealing with them individually via IP.

Turns out it is not too bad a product.  In about a day’s time I had figured out how to get it installed, Discovery sets configured for my target subnet groups, and determined it was pretty darn cool.  We will still need to do a combo of device administration work between both the Centreware Web and the direct IP access tools, but they do integrate quite well.

One of the tricks I had to figure out was that the Microsoft IIS service was not configured or installed by default on our XP Pro images. It is pre-requisite requirement for Centreware Web. (more here Internet Information Services – Wikipedia).  For a while it wasn’t clear to me how to get it up and going but then I found this great Web Wiz Guide post that clearly walked me thorough the initial install of IIS.

From there the rest was pretty much fun gravy getting it sorted out and exploring the features, wizards, and reports that can be done. Having the information of all our devices as discovered by periodic scans is extremely powerful and by loading it into a local SQL Express database make manipulation of that data fast and flexible.

Anyway…

In setting it up, it uses Internet Explorer as the browser/interface.

That was good for the first week of usage for me. I was getting to know it and learn the features and navigation.  However swapping between Firefox for my other management work and IE (8 for those who are wondering) was annoying.

However there was an issue if I tried to open the same main-page in Firefox (3.5.x).

If I attempted to load the main-page for Centreware in Firefox, it kept asking me for authentication credentials.

None of the account credentials I made setting it up worked.

After much research..not being familiar with IIS, I learned where the IIS settings for the system/Centreware were kept and that IE was not using a traditional “stored” password to log into it.  Instead it was using an anonymous login credentials to do so.

Normally I would have turned to my Password Recovery Tools by Nir Sofer to access them.  Really I just needed the password which I could see asterisk-hidden underneath the default IIS name I located in the IIS property window.  Unfortunately, powers that are above our IT level have set Symantec CE to “battle-hardened threat-level full-shields up” and any attempt to download/run them sets off massive alert/blocking action.

I needed an alternative means.

And thus found IIS Informant: Passwords for IUSR and IWAM which provided a simple VBS solution that indeed worked flawlessly (with no Symantec alerts) to extract the user account names and passwords.  Cool, and so much for security…

Unfortunately, feeding these credentials to Firefox still didn’t allow login.

What was I missing?

Seems that IIS uses something called “Integrated Authentication.”  Of course, IE has the ability to use your windows user account automatically to log in and access the IIS page/Centreware pages.

Digging a little more I also discovered that Firefox has this capability as well, but it just isn’t enabled by default.

The solution to get IIS to use Integrated Authentication in Firefox was provided by Pete Orologas in his post Firefox - Enter username and password for "" at http://localhost - Solution

…you'll have to make a quick configuration change.

1) Open up Firefox and type in about:config as the url

2) In the Filter Type in ntlm

3) Double click "network.automatic-ntlm-auth.trusted-uris" and type in localhost and hit enter

4) Write Thank You To Blogger

I did, restarted Firefox, jumped again to my Centreware Web bookmark in Firefox that was giving me authentication fits and hurrah!   I was instantly in; everything was fast and fully functional, no authentication prompts were required.  I was in like Flint!

I wondered as well if Chrome had such a tweak, as I had tried this in that browser as well with the same request for authentications.

Alas…not yet.

Issue 19 - chromium - Automatic integrated windows authentication (aka automatic NTLM / Negotiate Auth support) - Project Hosting on Google Code

It is in the works in a future build, and there were some “configure Chrome to use a Proxy to make it work” solutions, but just having it working in Firefox is more than enough for me.

Verboten indeed.

--Claus V.

Sunday, July 19, 2009

Hell-in-a-Handbasket System Rescue – Part II File Recovery

In the last installment, Hell-in-a-Handbasket System Rescue – Part I: PGP WDE we left the drama with a critical laptop system that had the scrambled PGP WDE system recovered and decrypted.

This was required as the system encountered some unknown type of hard-drive/system failure and the user had failed to maintain any backup data.

So now it was time to look at the disk.

Step One: Pick Wisely

Booting the system resulted in no system found.

This was a challenging position to be in.  I had a suspect drive that had taken me the better part of three-days to get decrypted and accessible…against all odds.  It would not boot.  It could re-experience a physical failure.

I felt like any operations conducted on it were likely to be on borrowed time

So, having a great selection of file recovery tools at hand I reached for the ADRC – Data Recovery Tools utility package.

I booted the system with my custom VistaPE boot disk (actually for additional speed and flexibility I’m using it off a bootable USB stick) where I had stashed a copy of ADRC-DRT.

I also had attached a 250 GB USB storage disk as well to the system.

Step Two: Raw Image Capture.

Using ADRC-DRT allowed me to capture an image file (sector by sector) of the entire physical drive.  It didn’t take too long to complete, probably about an hour or so which was great as it was a 80 GB drive as an .IMG format file.

The reason why I wanted a sector-based image capture this time (as opposed to a file-based method like ImageX) was so that I could then use other file-recovery tools that would get at the files without needing to have the NTFS file tables intact.

I knew they were hosed as my pgpwde injected PE Boot disk system could see the physical drive, but could not see any system or files present on it.

Once captured, I shut everything down to preserve the laptop’s HDD from getting worse, if indeed it was going bad.

Step Three: Mounting the Image.

A second benefit of getting the image in an IMG file was that I could make a copy of it and then perform any number of file recovery attempts without worry about damaging the original copy.

After considering the options at my disposal, I went ahead and mounted the copy to my primary laptop system with the ImDisk Virtual Disk Driver.  I liked this one in particular as it allows me to mount such a raw physical drive image file on my system and the system will recognize it as a physical drive (rather than just as a virtual optical drive).  That allows some file-recovery applications that are expecting to see a physical drive to be fooled into using and accepting the image file as “the real deal.”

Another disk-based tool that allows mounting of a disk-image file I’ve used with great success is Partition Find and Mount.  Also easy to use and really full-featured.

Step Four: Extracting the Damage.

Again, having a wealth of great freeware file recovery tools is a blessing and a curse.  It is a curse in that you must really have spent some time with all of them to know the benefits that each one brings to the recovery table. Some are great for fast-rapid searches for specific items.  Others are good for unattended bulk recovery.  Still others are good when you want to try to preserve the original directory/file structure.

Know your tools.

I attempted to use TestDisk but was unable to successfully rebuild the partition information to allow in-place recovery of the decrypted/non-booting drive. Next I decided to stop taking the time to rebuild the drive geometry and file structure.  

Refocused, my first-pass goal was to just see how much data I could get recovered and saved to the attached USB drive.

I then tossed PhotoRec at it which worked flawlessly.  Only one problem.

The output is into a series of folders which is a jumble of recovered files.  Good for the user or when working with a USB/Flash card.  Bad when working with a hard disk drive full of data.

Looking at the After Using PhotoRec tip page, I followed the lead to find a really cool free “utility” PhotoRec Sorter from builtBackwards.  Download it and place it in the same location as your PhotoRec recovery folders and then run it.  What it does is to re-sort the recovered files into new folders based on file extension type.  Really, really useful for re-organizing data pulled off a source with PhotoRec.

However, in my case I realized this was making almost as much mess as I had to start with.

The user’s key files really need to be recovered “in-place” with their original file structure.

Again I had a number of recovery tools that could do this, and in this case I went with NTFS Undelete as it seemed to behave well with the virtually-mounted IMG file representing the imaged physical disk.

Depending on the drive/health, you might need to “Run as Administrator” to access the drive/partition or you will get an access error.  In this case that wasn’t an issue.

After waiting for it to thoroughly scan through the “physical-image” drive, it was able to identify for me the disk directory structures.  From there I was able to select the key user profile folders as well as the database program and source folders the user had kindly provided me a list of.

These were off-loaded to yet another USB drive for safe-keeping.

It took me the better part of a day to make the image and recover the files, but at day’s end, I had 98% of the data recovered and ready.

Whew!  Somebody had a lucky angel looking out for them.

Failure Thoughts:

With everything all safe and sound, I called the user who was ecstatic that what had looked like a lost cause had been snatched from the jaws of the hell-hounds and all was well again.

I turned my attention to the drive.  I performed a round of additional tests on the real physical drive with various hard-drive testing utilities (see my Pocket Hard-Drive Utilities post for a roundup of choices).  None of which reported any any SMART parameter errors.

A sector-test scan, however, found quite a few really bad sections.  Really, really bad (in number found).

I then tried to do a DISKPART “Clean All” wipe of the drive to zero the physical drive out.

However it failed about 1/3 of the way in and balked.

Other command-line wipe/zero tools I then tried experienced the same thing.  For some reason, there were enough bad sectors that it just wouldn’t finish.  I also tossed both system stress-testing LiveCD’s (Inquisitor and Phoronix Test Suite LiveCD) at the system as a whole (to rule out mainboard, memory, controllers, etc.).  Everything seemed fine but when they got to the hard-drive read/write tests, they failed.

As my final test, I used my official Dell Diagnostics boot disk to final-pass the system.  All system points tested clean…except the drive.

So I clearly had a bad/failing drive.  I called in for a replacement and the next day it was in.  Because I couldn’t securely wipe the original drive, I kept it and it will be securely destroyed (apply hammer downward firmly, repeat multiple times…).

I zeroed out this new drive, formatted it, dropped a new laptop image on it, and did the primary setup for the user.  I then created a “recovered files” folder for the user and dumped the rescued files back into it.

All in all, this process took approximately a week’s time to fully complete.

Lessons Learned: Part II

The most important thing I did correct at this stage was to take the image as soon as I could.

The biggest mistake I did for the overall recovery process was not taking an image of the physical drive, even while it was still in the whole-disk encrypted state, when I had the chance.

I should have done that at the get-go.  As I had the tools and ability to capture the image of the physical drive…even while in an encrypted state…I should have done so.

I could have then mounted that encrypted image file and performed the same --recover actions on this one with pgpwde as if it were a physical drive.

With hindsight I cannot stress how lucky I was.

Remember from last time that once I had “recovered” the PGP encryption geometry, I then proceeded to target it with the PGP WDR boot disk, which ran a tremendously long (days) and stressful number of read/decrypt/write actions on every sector of that drive.

If during that process additional physical drive failures occurred or compounded, I might never have been able to get to the step of being able to do the file-recovery operations.

Sure capturing a raw-image of a flaky drive is very risky, but it doing it at the very start may minimize later damage and maximize your options for recovery if the physical drive later goes south.

Other lessons learned were having a variety of tools and utilities at my disposal and the ability to selectively use the correct ones to recreate the data in a format that was most useful and meaningful.  Particularly in this case where database files and elements needed to be kept in the correct folder relations to one-another.  Were it just image files off a memory card, that might not be as serious an issue.

Finally, you have to be willing to commit a tremendous amount of time, take copious notes through the process, and be honest with your customer.  From the beginning he knew this was quite likely not to bear much success.  So any level of file recovery was accepted.  That I was able to recover so much was a incredible bonus.

It’s not something I would want to do every day, but I do have renewed confidence that I and our shop will be much better prepared the next time a system tanks.

Lessons learned and so noted.

Cheers!

Claus V.