Saturday, March 10, 2012

Rain-Delay Linkfest

After an exceptional season of drought here in Texas, it looks like things are starting to change. We are facing at least five days of rain; heavy downpours mixed with long periods of light grey drizzles.

Planned yard-work long since abandoned.

Perfect weather for emptying the “to-be-blogged” hopper.

System Security

Time for new Flash updates. These are for the mainstream 11.1.x line of Flash builds. If you are running the 11.2.x line of beta Flash, I figure you are keeping up with those already.

Flash vulnerability exploited to deliver malware - Help Net Security has some good details about a threat that was patched as well as how it was flagged and described by security researcher Mila Parkour. While this Adobe rushes out critical Flash update post over at Ars Technica has some more details about “…the vulnerability, discovered by Tavis Ormandy and Fermin Serna of Google's security team, affects Flash players on Windows, Mac OS X, Linux, and Solaris operating systems, as well as Google Chrome and Android.”

I use these links from File Hippo for my Flash updating needs. Whatever source you prefer to use go get’em.

PSI 3.0 Beta Launch -Secunia is rebuilding their Personal Software Inspector tool to now not only find and notify you about missing security updates and patches needed for applications and plug-ins on your system, but also make it easier to apply those found patches and updates in-application rather than hunting them out yourself. It is still a work in progress but should provide a good tool to help in the process.

Microsoft Security Bulletin Advance Notification for March 2012 - Microsoft Security TechCenter. MS Windows updates coming soon to a system near you!

Getting Inside the evil

I’ve really been enjoying Troy Hunt’s writings, both current and browsing through the archive material. These two posts were exceptionally eye-opening. Troy does an excellent job showing the process by which these scams work. Get out the notepad.

Introducing Adobe SWF Investigator - Adobe Developer Connection. New beta tool making the rounds on various security sites. Based on the Adobe AIR platform, it will help with SWF analysis from both static and dynamic angles.

Examining VSCs with GUI Tools - Journey Into Incident Response blog. Corey Harrell does a great job in showing methods to work with Volume Shadow Copies containers.

Browser Things

Password Generation - The Chromium Projects. We’ve touched on passwords here at GSD quite recently. This new component of Chrome development is pretty interesting. Having the built-in-browser ability to quickly and easily generate complex passwords is pretty cool. I hope some form of this feature matures into the mainstream builds.

Speaking of Chrome, for the longest time I have been using a portable build of Chromium (DEV builds)coupled with an updater application from Caschys Blog. Once a week or so I hit the updater and it finds and downloads/installs the newest version available from the source repositories. Unfortunately I wasn’t paying attention to what (or what not) was actually happening. When I recently saw the latest DEV build level in a RSS feed, I finally went back and checked what my Chrome DEV build was and it was WAY behind. Seriously WAY WAY behind. Bother. So now I am using this Google Chrome Portable page and scrolling down the the portable DEV build link. Updating is just a matter of downloading the file, and pointing it to the exiting location and overwriting it. If you are porting over your profile and extensions over from a previous portable version, the location they go into turned out to be quite different from the earlier portable DEV build I had been using.

It is now located in this folder location: “ …\GoogleChromePortableDev\Data\profile\Default”

Once I had my Chrome profile ported out of the old DEV version and into the new one, the difference in the builds was significant.

Mozilla’s Collusion tells who’s tracking you - Mozilla Links. Worth a look.

2-step verification - Google Apps Help. Google has a optional 2-step verification option to enhance the security of your account login process. FYI.

Freeware of Note

usboblivion - Google Project Hosting. Anti-forensics-like tool to purge USB history of USB-connected drives from Windows registry. Question: does use of the tool leave any tracks of its own behind? Spotted via this Addictive Tips blog post: Delete Record Of Previously Connected USB Devices Using USBOblivion

Rufus - Create bootable USB drives - Really neat and slick bootable USB creator tool. More details on these pages: Rufus and Rufus (introduction topic).

NTFS Permissions Reporter - Cjwdev - offered in both free and $ versions. Windows already has built-in methods to look at NTFS permissions but this is a nice GUI tool that some might find more useful at providing a wider-view on the permissions. Spotted via this Addictive Tips blog post: NTFS Permissions Reporter: View Access Permissions Applied On Folders.

regshot - Via SourceForge. Another tool to do before and after registry diff’ing. More details at this CybernetNews post: Monitor Registry Changes in Windows.

File Extension Monitor - NoVirusThanks - free/portable tool that allows real-time monitoring and logging of files created in the system. Great to run during setup files or to trace droppers/activity. Spotted via this Addictive Tips blog post: Monitor File Creation Activity Across Disk Volumes With File Extension Monitor.

HijackThis was my #1 go-to malware busting tool in the very early days of my IT career. I would use it slice-n-dice auto-run entries and bring back law-and-order to a malware-hijacked system. Over the years as my knowledge and skillset grew and tools matured, I’ve come to rely much more now on the Sysinternals Utilities. A one-two punch with Autoruns and Process Explorer coupled with the all-seeing-eye of Process Monitor typically provides me the hammer needed to bust into a hijacked system. So it was with fondness that I read this HijackThis now open source post at The H Security. I really hope that this move now gives new life and capability to this classic tool.

Peeking at NAFT - Didier Stevens is going crazy teasing us with a new project; a new forensic toolkit he is developing the “Network Appliance Forensic Toolkit (NAFT)”. Ooohhh!

Ezvid - Free Movie Maker and Slideshow Creator For YouTube. Spotted via this Addictive Tips blog post: Create Image & Video Slideshows With Narration Using ezvid.

Microsoft Research Cliplets - Neat project from MS Research that takes a digital video short, and allows you to isolate just a section of the motion. When exported the result is a static image with a section of movement. It’s a cool effect.

Multi-Image Fusion - This Microsoft Research project appears to be aiming as the next generation of Microsoft Image Composite Editor, or ICE. They have a 305-image composite on the page as a teaser. I love ICE but sometimes when I have a complex series of images and try to drag/drop them into ICE, it cannot stich non-sequential images into a composite. Related: Hugin - Panorama photo stitcher

For Sysadmins

BETA: PowerShell v3 Technical Guide (CTP2) - Kurt Shintaku's Blog

Service overview and network port requirements for the Windows Server system - Microsoft Support Article ID 832017.

[Review] God's Jury: The Inquisition, IT & Privacy - ReadWriteWeb. Curt Hopkins has a book review. What is really fascinating to me is how new technology can make the evils of dark history past relevant and accessible again with the dizzying pace (again) of information aggregation. Amazon has a Kindle version that will soon be making an appearance here in the Valca home.

Network Stuff

Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - ISC Diary

Wireshark and Pcap-ng - Wireshark blog - news that Wireshark 1.8.0 will have two new features: concurrent capture from multiple interfaces and packet annotation. These changes appear to rely on pcap-ng file formats. Hopefully applications that rely on the pcap format will adjust and add compatibility for the pcap-ng format but if not, be sure you save your captures in a format that can be imported (or exported into) a file format compatible with your NFA tools.

Detecting sniffers with HSD - Hexacorn blog. Free tools and techniques for detecting the presence of network sniffing activity.

Tony Fortunato over at the LoveMyTool community blog has a video showing Using Pathtest for Performance Measurement. PathTest is a free tool to test network bandwidth capacity between two endpoints using packet-flooding techniques. This is a serious tool so use carefully and during non-production hours unless you (and your customers) really, really know what you are doing and why you need to do so. Cool tool!


--Claus V.

No comments: