One last Linkfest from a now exhausted GSD blogger this weekend.
Cleaning out the “to-be-blogged” hopper is always rewarding, but I tend to get very behind on the weekend chores. My saving grace this weekend has been frequent scattered showers and an equally tired Lavie who hasn’t been interested in going out for shopping, groceries, or dining out. The kitchen has been cleaned. The laundry has been done for the week.
Next stop, a few hours of rest, post-blogging, then a wind-down with Endeavour on PBS Masterpiece.
Too Funny Not To Miss
Bloody galah scammers still not getting the message - Troy Hunt’s blog. Security guru Troy Hunt has had his fair share of “this is (not) Microsoft cold calling you…your PC is infected…let me remote control it” scams and has picked them all apart to the bone.
This time he takes a new angle…in a way that only an Aussie could pull off! This is a classic! Troy, please offer us some of those sound files or link to where we can get them! I need to put together a Texan sound-effect package for similar fun with unwanted callers. Brilliant!
Microsoft Security News
Microsoft Releases New Mitigation Guidance for Active Directory - Microsoft Security Blog
Overview of Microsoft`s "Best Practices for Securing Active Directory" - SANS Computer Forensics and Incident Response blog’s Mike Pilkington does a great summary and takeaway of the new AD mitigation guidance.
Security Awareness Training: Your First Line of Defense (Part 4) - WindowSecurity.com’s Deb Shinder discusses evaluating training effectiveness short and long-term.
See also these previous series posts:
- Security Awareness Training: Your First Line of Defense (Part 1)
- Security Awareness Training: Your First Line of Defense (Part 2)
- Security Awareness Training: Your First Line of Defense (Part 3)
Network Security, News and Techniques
Wireshark 1.8.9 and 1.10.1 Security Update - ISC Diary
- Wireshark 1.10.1 - Release Notes
- Wireshark 1.8.9 - Release Notes
- Wireshark - Downloads
Next up are some great and detailed video presentations from Sharkfest 2013
- Sharkfest 2013 - Wireshark Network Forensics (by Laura Chappell)
- Sharkfest 2013 - Trace File Sanitization NG (by Jasper Bongertz)
- Sharkfest 2013 - Attack Trends and Techniques (by Steve Riley)
- Sharkfest 2013 - Capture Limit of a Laptop, When does it Drop Packets? (by Chris Greer)
Recent Forensically Focused Posts
- HowTos - Windows Incident Response blog
- HowTo: Malware Detection, pt I - Windows Incident Response blog
- HowTo: Data Exfiltration - Windows Incident Response blog
- HowTo: Add Intelligence to Analysis Processes - Windows Incident Response blog
- HowTo: Determine/Detect the use of Anti-Forensics Techniques - Windows Incident Response blog
- HowTo: Investigate an Online Banking Fraud Incident - Windows Incident Response blog
- Finding an Injected iframe - Journey Into Incident Response blog
- MS Excel and BIFF Metadata: Last Opened By - Digital Forensics Stream blog
Physical (In)Security?
Duplicate house keys online - Keys Duplicated - This is either freaking amazing or super-scary. I just can’t decide! According to their Security page, precautions are taken.
The Keys Duplicated Blog - A couple really cool and technical posts on the behind the scenes things that make their keys pretty good.
…as spotted on Lifehacker’s post: Shloosl Copies Your House Keys Using a Smartphone Photograph
When 'Smart Homes' Get Hacked: I Haunted A Complete Stranger's House Via The Internet - Forbes
ForSec LiveCD Distro News
- More on WinFE and Autopsy - Windows Forensic Environment blog
- DEFT Linux 8 stable with DART 2 is out! - DEFT Linux - Computer Forensics live cd
- Kali Linux Summer Update Release 1.0.4 - Kali Linux
- Pass the Hash toolkit, Winexe - Kali Linux
- Downloads - Kali Linux
AV/AM Bits
Microsoft Security Essentials quietly released version 4.3.216.0 engine update for their free antivirus scanning program. If you use MSSE, you should get it via the automatic updates…if you have them turned on…you do have them turned on right?
Download Microsoft Security Essentials - Microsoft Download Center - Like most things MSSE, trying to figure out just what got updated is next to impossible so let’s just say for now that this one must be better than the previous version and move on.
I’m still using MSSE around the Valca home on all our home systems. I also continue to recommend it to friends and family (generally everyone non-work-related) who I provide friendly IT support to. I find it is pretty non-threatening to the non-technical users I know and though it loves to alert on many of my security programs (potentially unwanted programs) since they can also be used for 3vil, it seems to do a more than adequate job security the systems.
For my Windows 8 systems, I’m instead relying on Bitdefender Antivirus Free. In some ways it’s a bit different model in that you need to sign up with an email address to set up your account. Then you can download the client to the system. What is nice is that if you manage multiple systems in your home, you can log into your account at their site and then get a console feedback on the status of those systems. That’s something that I do at work with another vendor’s enterprise AV client health/status management console. That’s super cool for a free product. I’m seriously leaning to expanding it’s coverage to my main Windows 7 laptop at home. Performance has been outstanding on my Windows 8 systems.
Kaspersky tops real world protection test - BetaNews - this post does point out that Bitdefender tied Kaspersky with a 99.9 % protection level in AV-Comparatives Independent Tests of Anti-Virus Software for July 2013. While Microsoft Security Essentials rated a 92.5 % protection level. There are some additional disclaimers so read the short BetaNews article carefully. Then head over to AV-Comparatives to dig deeper and see the full findings.
- AV-Comparatives Real-World Protection Test March-June 2013 - AV-Comparatives
- AV-Comparatives Real-World Protection Tests - AV-Comparatives
Finally, we wrap up this segment with this interesting discussion:
The evolution of Ronvix: Private TCP/IP stacks - Microsoft Malware Protection Center
It’s a bootkit infection that has its own private TCP/IP stack. By doing so it can be extra stealthy and bypass personal firewall hooks and can lurk unseen in standard tools and utilities (such as nbtstat). Doing so, depending on packet/network monitor off the infected machine may be ineffective. However, it still must talk ON the network, so an independent network monitoring and forensics analysis approach using a network monitoring appliance or span port capture may detect the traffic. This may be why comparing outside network traffic captures from a system on the network to network traffic captured on the system may be a useful exercise for incident response and monitoring purposes.
Legally Focused
I’ve been reading a wider range of subjects, and a small part of those touch on our legal system. Mainly they apply to digital law and crime but some are more general. I’m just tossing them out there for the interested or curious. Generally they tend to analysis of current events or provide a more detailed lawyer’s review than the talking/shouting legal heads we encounter on mass-media “news-like” entertainment outlets these days.
- CYB3RCRIM3 - Susan Brenner’s blog on cybercrime and cyberconflicts in technology and law.
- Popehat - group blog with a mostly legal focus (though topics can range far afield!)
- Le·gal In·sur·rec·tion - group blog with mostly legal and law-in-today’s-culture focus. Pretty vibrant opinions. Alignments may vary.
- Lowering the Bar - Sometimes lighthearted (though always serious at the core) look at some of the nonsense the legal system contains, or foists on others from time to time. Great site.
- Massad Ayoob - legal, cultural, and educational postings primarily dealing with legal private firearm ownership issues. Also analysis of public media trends and news stories.
Have a great week!
--Claus Valca