Sunday, January 26, 2014

GSD Linkfest - Trash-mix (buffalo style) edition

It is a well known unknown fact that every Christmas when we travel up to spend Christmas with Lavie’s family, we need to bring a 5-gallon bucket or two.

See, Lavie’s mother makes heaps of traditional “Chex®” brand party mix and all her kids (and in-lawed kids) get tins of it to haul home. Sadly, the out-lawed kids get nothin.

So needless to say, fights and brawls and thievery ensue to see who can sneak home with the most by pilfering each others.

It’s all great family holiday fun.

Now Lavie’s mother does put her own spin on the blend…no wheat Chex® pieces or bagel chips, peanuts only (no mixed nuts), and probably a bit heavier allotment of butter and Worcestershire sauce than is listed.

However, today I may have found a replacement.

It’s brilliant! Almost all the regular bits but instead of Worcestershire sauce blend…Buffalo Sauce is used! Yummers.  Our mega-market carries almost an entire shelf of different blends of buffalo sauces so the possibilities are endless.

I simply love the amazingly good (and mostly healthy) recipes Tieghan presents on her blog. I like cooking and watch a lot of PBS hosted cooking shows (Food network…not so much anymore), but Tieghan’s blog is one of just a very tiny handful that I follow daily via RSS feeds. Half Baked Harvest - Made with Love

Anyway, this start of the week blogpost is like that…a yummy collection of finger-clicking snack-sized links for your pleasure.

I use Microsoft Security Essentials, jumped to Bitdefender Antivirus Free, and was very happy with the performance and management features…but totally put-out by how hard it was (nay, nearly impossible) to restore quarantined files into a normal state. Having a bunch of very specialized tools and utilities that often fall into the PUP/hacktool classifications…I can’t have my toolset tossed out each time the AV/AM scanner runs.

However, I’ve not given up yet and now have been toying with going back to AVG Free on a trial run (testing in a Windows VM has been positive) or (gasp) ponying up some extra $$ for Kaspersky’s home AV toolset based on its high performance ratings.

Stay tuned to GSD…as the situation develops.

Updates: Disk2vhd v2.01, PsPing v3.21 - Sysinternals Site Discussion - new Sysinternals tool updates are out.

SimpleProgramDebugger - Nirsoft - New tool release by Nir Sofer. “SimpleProgramDebugger is a simple debugging tool for Windows that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit Process, Load DLL, Unload Dll, and Debug String.“

More WinFE work and research! - Windows Forensic Environment

Windows Forensics Analysis, Fourth Edition - Windows Forensic Environment - Brett Shavers breaks news of a new 4th edition release by the Windows incident-response/forensic-focused master, Harlan Carvey. This new addition will support the “new” Windows 8 platform. The volume on my bookshelf is “2E” (handling XP) so I really need to get with the times and pick up this one along with the third edition which focuses on Windows 7.

Quick EnCase v6 & v7 EnScript to find files that have been encrypted by Cryptolocker - ForensicKB blog - GSD has been on a bit of a PSA binge (GSD post link 1 & post link 2)regarding Cryptolocker. So it was refreshing to see a forensically-angled post related to it.

Who Is On My WiFi -Wireless Network Security Software - Spotted via a Love My Tools blog post, this network-scanning/auditing/logging software offers to help you monitor your network and identify when other unknown connections are made. It also comes in a handy iPhone app (Android app also available).

It reminded me very much of Overlook Soft’s FING network monitoring and discovery tool. It’s been a while since I played with Fing and their free command-line Windows version had been upgraded to 2.2 some time ago. My installed version previously was 1.4. Because they still haven’t released a “GUI” mode to FING, I’m not sure it appeals to non-network-admin types but the CLI tool is good and pretty powerful…particularly with outputting findings.  While I don’t regularly run the CLI software on my “desktop” system, I have installed their free Fing - Network Scanner iPhone App on my iPhone 5 and run it several times each week for quick scans. It is great.

You might want to pop over and review this GSD post Mostly Wi-Fi and Network Security: Linkfest for other Wi-Fi related network scanning tools, including these Wi-Fi specialized apps…

  • Wireless Network Watcher - free NirSoft tool that shows who is connected to your wireless network.
  • SoftPerfect WiFi Guard - free app that also shows who is on your wireless network, but has an added feature of alerting you if a new device joins that is unknown

One potential drawback of these is they may have limited ability to pick up mobile device connections on your network. Wireless Network Watcher could do so…however I had to enable background scanning mode to get it to pick up the devices…and then it didn’t always capture them unless they were actively transmitting on the network.  In comparison, my Fing iPhone App nailed all my wired objects along with the iPhones, iPad, and Kindle devices every time…labeling and ID’ing them perfectly.

And in trending news this week -- gasp! -- browser users get hijacked via add-ons!

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates - Ars Technica

Many Browser Extensions Have Become Adware or Malware. Check Yours Now - Lifehacker

Warning: Your Browser Extensions Are Spying On You - How-To Geek - Primary article

Add-On Danger List: Warning: Your Browser Extensions Are Spying On You - How-To Geek supplemental post that lists all the (currently known) Chrome add-ons that can inject adware or enhanced tracking into your browsing sessions. Yuck!  I had two myself; Sexy undo Close Tab and Neat Bookmarks.Those got dumped.

I’ve not heard of the Mozilla Add-on & Firefox community having quite the same level of issues as Chrome has. I’m not sure of the Chrome add-on vetting process but as I understand it, Mozilla uses a team of volunteers, contractors, and paid staff to review and vet add-ons as part of the add-on review process  before they get added to the official AMO site. That may help a bit.

Y U Phish Me? [Part 1] - Open Security Research - Nice pick-apart of a phishing campaign.

Windows Hotfix Downloader 5.5 - New (to me) little tool to help manage, download, and off-line updater. Spotted via this The Windows Club post. Interesting as besides being a portable app, “Windows Hotfix Downloader lets you select and download the General Updates, Hotfixes, Security Updates, Additional Updates and Extra Updates for your operating system.”

Fits in nicely with my personal favorite WSUS Offline Updater and the slightly differently structured (but still good) Portable Update tool for Windows updates.


--Claus V.


Harlan Carvey said...

..Windows incident-response/forensic-focused master...

Thanks for your words, but that is hardly the case.

The volume on my bookshelf is “2E” (handling XP) so I really need to get with the times...

When I wrote the third edition, it was intended to be a companion book to the second edition, in that in addition to addressing topics in Win7, it also covered other topics. Rather than re-hashing (no pun intended) the chapter on PE files, I instead wrote a chapter on Timeline Analysis, and the tools and techniques in that chapter could be used regard less of OS version.

The fourth edition is an update to 3/e, adding additional material, as well as adding two additional chapters.

Claus said...

@ Harlan - I really appreciate the clarification regarding the differences in the newer editions! I wasn't picking up that nuance in my all-too-fast reading of the Amazon descriptions.

That approach is really great and practical.


--Claus V.