Preview: grand stream dreams
grand stream dreamsUpdated: 2012-02-09T04:37:30.917-06:00
Solving the DSL<-->WiFi<-->Nook<-->In-Laws Equation 2012-01-28T20:15:06.859-06:00 The Valca home is and has been an Amazon Kindle only zone for some time now; thank you very much. So last year Lavie decided that the E Ink keyboard one (of two) that we had was a bit uncomfortable for her (and not back-lit). She decided to move over to a B&N NOOK Color model. This was in the pre Kindle Fire days so I guess we could tolerate its presence. The Nook Color served her well enough but when the Kindle Fire came out she had to swing back. It finally arrived last week as a back-ordered Christmas present. Fortunately, she hadn’t purchased very many books for the Nook so we didn’t deal with trying to see if there were any options for porting her books over to the Kindle. It was an opportunity for a fresh start. So, she passed her Nook on to her parents a few weeks ago and they loved lot. A lot. They are on a DSL broadband service, and have a wired XP desktop system. One cable to rule all Internet service. No WiFi except when we stop in for an extended visit and I bring my D-Link DAP-1350 Wireless N pocket router and take over their single network connection for the weekend. Nice but not a permanent WiFi solution. I suppose we could have just taught them to connect the Nook Color to their desktop via USB and manage it directly but it seemed time to add a WiFi router to their humble network and just do it right. So that was this Saturday’s “honey-do” and this post is the process we had to go through to upgrade their DSL network and get the hand-me-down Nook color fully transferred over and set up for them. First Part of the Equation: DSL<-->WiFi First I picked up a WiFi router. I went with what has become my perennial favorite: DIR-655 Xtreme N Gigabit Router from D-Link I’ve had this unit personally for a number of years and is rock solid, has both the “N” and older wireless standards, has a rockin-long range, and is super-easy for configuration. The power was important in this case as the location of their DSL modem is on a second floor above-garage room pretty far away from their usual living areas. The signal will carry all the way downstairs and up. Check. And since it is the model I also own and maintain, I know and am comfortable mucking around in the settings. Makes providing extended support much simpler when a problem arises. Typically I’ve been able to get away with just unbox, connect, run-wizard from CD config, then go and make some manual setting tweaks afterwards. However, this 2-wire DSL modem was a real headache. I could set up the internal network and WiFi perfectly. Just couldn’t get to the Internet through the DSL modem. Plugged the DSL modem Ethernet back to the PC and it was working, reconnect to the DIR-655 and it wouldn’t'. Long story short, I eventually figured out that for their particular hardware and provider, I had to do a few more custom tricks. I had to set the Internet Connection Type to PPPoE and enter their DSL username/password. (I got that from their email client settings.) D-Link has a nice Emulator for this router to play around with: D-Link DIR-655 RevB Emulator Then I had to go into the Network Settings and change the router IP Address to use 192.168.1.1 from the default IP address of 192.168.0.1 Turns out that the default IP address was conflicting with the internal Ethernet-facing IP address provided by the DSL router. This was the real trick. Once I got the network stabilized, I tested the configuration survivability by powering off both the DSL modem and the D-Link (to simulate a power-failure), then powered them back and and made sure the PC could get to the Internet. Check. This one was actually a DIR-655 RevB model so I then saved my configuration file, downloaded the latest firmware and ran an upgrade. Success. Naturally it lost all of my settings, so I had to upload my saved config file and it was back to normal. Yea me! More helpful notes I had to find to work out that issue: DIR-655 & ATT DSL - D-Link Forum [Solved] Dir 655 problems - Setup-Configuration-Security - Wireless-Networking 3.15 D-Link Info AT[...]
The GSD Curmudgeon says “Get off my Yard you Dang Kids!” 2012-01-22T20:39:21.363-06:00 Sigh. I’m getting old. I recently read a post at ReadWriteWeb by Scott Fulton, III Mozilla's Plan for Keeping Firefox Relevant in a Post-Browser Web. That day I became dangerously close to becoming the old technologist guy equivalent of the “You kids get off my lawn!” guy we all probably know. What is Mozilla doing to my beloved Firefox of the near and dear “future”? HTML5 runtime functionally support (for driving in-browser, non system proprietary, web-apps). Extending cloud-based services. An on-line identity management system called “BrowserID”. (How it works) and more stuff imagined and planned. That left me grumbly then John Paul Titlow at ReadWriteWeb posted this Mozilla: We're About to Grab More Data About You, But Here's How We'll Keep It Safe. Mozilla has some big plans up its sleeve in 2012. The non-profit open source foundation is planning some features for its Firefox Web browser and beyond that will require greater access to user data. In a blog post, the organization explains exactly how it intends to use and handle that data. In short, very carefully. The blog post John Paul references is up at Mozilla Privacy Blog: Mozilla to Offer New User-Centric Services in 2012. While I recognize and appreciate the very challenging work that browser developers have (not just at Mozilla), I think I’m grumbly for two primary reasons here with Mozilla. First, I was a very early adopter of Firefox. It was quicker than IE. It was slimmer (memory and feature bloat) than IE. It was more secure than IE. And I could plug all kinds of things into it (Add-Ons/Extensions) to customize it with only those features and capabilities that helped make my experience on the Web better. If I didn’t need it, I didn’t' install it and thus kept the Firefox browser lean and mean. I really do “get it” with the coming exciting wave of “web-based apps” and running them in your browser and the security it will now bring (think JavaScript/Flash). It’s the next “big” evolutionary shift for the Internet. Really. Who of us really still think of the Internet as being just a super-large reference library and world-wide town-square/market anymore? It’s now a world-wide commercial mall and entertainment center. Really. Oh sure, you can still go down that wing none of the hip kids hang out at and find the pubs where the old-timers hang out, a few plain coffee-bars where the wanna-be journalist “bloggers” hang out and trade stories of yore, and maybe go into that virtual bookstore of arcane knowledge and technical minutia that some of us still love. But really. None of the cool companies and consumers come down this way. They demand different things. Better things. A new paradigm of interaction and operation. Sigh. So the browser needs to change to keep up. Bigger, more embedded features. Probably faster. Probably louder too with base-boost and kickers. Hopefully the security alarm on it will be better too. Secondly, my bones ache every time a new ID management system comes out that gets closer to being a cloud-based requirement. I know, it’s for my own good their doing it. Really. I’m so much safer having more and more of my user data off-loaded to the Webs and Clouds. Clearly the higher and higher it goes away from me the safer and safer and harder and harder it must be for the underground dwellers to grab it. Right? What? Oh, I have to just “trust” everyone “out-there” with my user data and All-In-One credentials and stuff. I’m sure everyone will be honorable and diligent in keeping my account and passwords and user data safe and secure. Nobody ever gets their customer’s account/password information lost to hackers, or on a laptop, or on a USB stick anymore, or via a network traffic hack. Right? That was just in the “old-days”. These new solutions are really, really safer. I get it. I do. And I appreciate everyone working so hard to keep Firefox and my web experience so much more safe, more secure, and more powerful than ever before. I appreciate modern AC over r[...]
On The Usefulness of a Pleasant Desk 2012-01-22T15:08:50.857-06:00 I can’t believe I’ve been blogging now (fairly) consistently since 2005. I’ve gone from a peak posting rate of 311 posts in 2007 down to a low of just 40 posts last year in 2011. Finding the time to blog has grown more and more challenging and I hope the quality and depth of many of my posts has grown over the years as well. The last two years in particular have been a personal frustration as I have attempted to grow more “present” with my family and community while dealing with the tremendous workload presented in my “real” job that has meant longer hours, later hours, and technical challenges that have conspired to keep my technical processing brain-core on overdrive. All that said, the biggest problem I had, however, hasn’t been a lack of inspiration, or of time, or of material. I seriously believe it was the lack of a good desk and by extension, a good workspace. See, from 2006-2009 a good part of my primary blogging hardware was based on desktop computers at home. First an old Gateway and later a small-form-factor barebones home-build kit. Both these systems were kept in a nice desk that was located in our library/laundry room. So I could hole up in the space, have few interruptions, and focus on writing, and blogging, and blogging. Lots of productivity. In 2006 Lavie bought our first laptop. Then in 2007 Lavie won a Gateway laptop and it became her new laptop and the first one became a backup family pc. Then in 2009 Lavie picked up a larger laptop for herself and I took over the Gateway laptop as a secondary system while Alvis took over Lavie’s first one. Though I continued to patch and upgrade the SFF desktop pc I used, the Gateway laptop really became my primary home computing device and blogging platform. And in late 2010 I finally obtained my own "dream" notebook. I sincerely believe the shift from using a desktop pc (at a desk) to a laptop (wherever) is what led to the biggest hit on my blogging production. When I sit at a desk I have a productive mindset. When I’m in one of the chairs or couch in our living room I can blog, but it doesn’t feel as natural as just “couch-surfing” the web. I find it hard to build and maintain a writing rhythm if I’m anywhere but in front of a desk. Since the girls REALLY wanted me to me more present with them and not hidden off in our library area, and I had a laptop, it was very seldom that I found myself in our study and my desk--and in a productive blogging mindset. I’ve been trying to find a solution to the problem for some time. Unfortunately, the desk in the library while not large, just didn’t seem to lend itself to either our living room décor or function. So I’ve just coped, and the blogging rate has suffered. Last week I found a cheap trestle-style mini-desk that was perfect in color, style and size for the living room. With minimal rearrangement I was able to place it in the living room along with a nice matching traditional wooden chair with a faux-leather seat cushion. It was a great pairing. While not my favorite in terms of style, it was a perfect pairing of form and function (and price) so I struck while the iron was still hot. That weekend saw the slew of postings which has almost brought to half-as-many as all I did last year. Now I have my own elegant and relaxing workspace again to use my laptop at; but still be “present” with Lavie and Alvis after work or on the weekends. Now the story should end there. However this weekend Alvis and I finally swapped got around to swapping our desks. These are not to be confused with the new one above. See, Alvis has been using a large French-country style desk in her room for her homework/TV/laptop/crafting needs. It is a beautiful desk that has an attached shelving unit over it. Meanwhile my desk (the one in the library I have mentioned already) is an Ikea special with a simple solid wood frame, a side-caddy for a desktop PC and a small pullout drawer that held all those misc. USB cables and PC[...]
Interesting Malware in Email Attempt - URL Scanner Links 2012-01-22T13:25:56.475-06:00 Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used to send some malware-linking spam emails to users in their contact list. Yesterday our family email account was on the receiving end of someone -- possibly -- who fell victim to an email account hack as our email address was amongst several others included together receiving the email. I say possibly as none of us recognized the sender’s email address and it wasn’t in any of our address books. Possibly our along with the other’s email addresses had been harvested somehow and this was a fake spamming account. The “show-as” name was definitely non-standard and used some letters that related to that in the subject line. It was pretty evident to me this was probably a dangerous site to go to, but being curiously-minded, I couldn’t pass up the chance to do some detective work. The email originated from a yahoo mail account. The Subject line was baited “ACH Transfer Canceled…” and the display name in the email address contained the letters “NACHA.” ACH is meant to refer to the “Automated Clearing House” which handled financial transactions in the US overseen by the NACHA. To most Americans, I’m betting these acronyms mean very little and they would be more taken with a sudden urge to grab some NACHOES instead. Maybe Europeans would be a little more anxious emails purporting to come from ACH and NACHA. I digress. First thing I looked at was the message header. Lots of goodies there. We can follow the bounce between the yahoo mail sender to our ISP’s email servers. Times/dates of transmission. Since this was a Yahoo mail account, it appears the header may actually contain the IP address of the the location the mail account was logged into from. This is the first time I have seen this so I need to do more research. The IP associated with this particular email is located in France. The website IP Address Locator has lots of good tools for locating IP addresses as well as a feature that allows a copy/paste/analyze of email headers. The content of the email was very thin, a single line with all the text ran together. There is a URL link markup there, however it misses getting all the characters. Hmm. Toggling between the different modes of viewing email content in Thunderbird reveals odd results. If I look at it in original html mode I see a single line of text with an hyperlink in the middle. If I view it in simple html most of the text is the same but a few characters are different. If I view it in plain text, there is nothing showing. Hovering over the hyperlink displayed shows a URL shortner link. Hmm. Set that aside for a moment. So I back and look at the full header view again and find this in the message body: Content-Type: text/html; charset=ISO-8859-5 Content-Transfer-Encoding: base64 Ah! So I copy/paste that large text block that follow that into this base64 online encoder / decoder and get a binary file to download! (More regarding content encoding methods here Content-Transfer-Encoding - MSDN, here The Content-Transfer-Encoding Header Field via freesoft.org and here Decoding Internet Attachments - A Tutorial by Michael Santovec.) Opening that binary file in Notepad++ reveals the html code with the same actual URL embedded. Guessing here they are using base64 coding for the content to try to get around email scanners. OK, so let’s check out that URL. Turns out it is using Google’s own URL shortning service: Google URL Shortener. More info here. Google URL shortener - Web Search Help Turns out this is a pretty cool choice from both sides of the security fence. By appending the URL with “.info” at the end of a Goog.le shortened URL we can find out the stats from Goo.gl URL shortener (Google Groups) This is good from an attacker standpoint as they can easily monitor their success rate on the nibbles of this hook and any “hits” to the actual URL. R[...]
Thoughts on a Plan to Drop POTS: Pros/Cons 2012-01-20T13:44:00.397-06:00 cc image attribution: “smashed phone” by Solarbotics on Flickr Right now the Valca home has had a POTS/landline phone nearly forever. We got the copper during our engagement house-setup period. As newlyweds it was our technological lifeline to the social world. Eventually we bought our first PC (an old Gateway skyscraper tower model), signed up for dial-up, and were rockin the Interwebs. Communication shift begins. Later, Lavie was the early adopter of new tech with a cell phone. We’ve stuck with the same provider, though it has been gobbled-up a few times leaving us with the current super-cellular provider. Shift again. Then I got a cell phone as well. Not shifting, dancing now. And then Alvis earned the responsibility of getting a cell phone. Hello Family Plan. Now it’s like we are socially square-dancing with technology. Cable broadband arrived so the dial-up was ditched and high-speed coax rules now. Social communication on a high-speed rail-line service. Whoopee! All through time, good old POTS has remained present. It seemed relevant during the Hurricane Ike event a few years ago and we had to evacuate from the house for a number of weeks. Electricity was out but since we had an answering machine connected, we could dial our POTS number to check for power. When the answering machine eventually picked up again, we knew power had been restored. Yet with Lavie still not working and the cost of living marching ever upward, we continue to look for ways to cut costs but the belt is pretty tight as it is. Since we already have cable service (digital TV + Internet) I looked at adding the VOIP option, but once the introductory rate wears off in about 6 months, the price jumps and the savings diff is minimal. And when the cable service is out, everything is out. Too many eggs in one basket for my comfort in this one. The POTS phone provider does have a super-simple plan (not that we have much at all on our current POTS plan) but the price (once you add in all the add-on charges and govt regulatory fees) isn’t that much less that what we are on now. Now Alvis REALLY REALLY REALLY wants to upgrade her cell phone to an iPhone (which requires a data plan by our carrier). Not a problem but that’s another added cost to the budget. Since our cellular plan covers all three of our phones, mobile-to-mobile calls are free, we have a family unlimited text plan, and we also get free nights/weekend calls, our mid-range minute package hardly gets used. It shameful to see how few minutes we actually can get to apply to our monthly minute package. Seriously. Dropping to the next lower (lowest) family minutes package only nets us a $9.99 savings. Not enough to cover a data plan addition. Today I had a brainstorm and am pondering the following. If we drop our POTS line (~$65 “savings”) and port our “forever home” number over to a 4th cell phone, and add that to our Family Plan for an additional $9.99 monthly charge, even with additional monthly fees we are like saving at least $40/mo. Any simple free phone would do, or I may be able to use an older (but still very nice and rock-solid) digital cell phone I had upgraded from with our same carrier and hung on to. Pros: We keep our same home # (assuming it can be ported to a cell service). Don’t have to notify family, friends, vendors, everyone we do business with. $ saved each month or at least break even (see next bullet). Alvis gets her iPhone + data plan (and maybe Lavie too) and we break even. Minute usage may increase but most calls to family & friends tend to already be mobile-to-mobile anyway, or during the unlimited nights/weekend period. Home phone comes with us in a disaster/evacuation. Can donate all our POTS-based phone technology handsets to the needy (if anyone will even take them). Not tied to a bundled cable service so even if cable goes out, our home # should still work. Cons: Power goes out for an extended period[...]
The Password is… 2012-01-16T21:12:11.174-06:00 Last week we got a call from one of Lavie’s cousins. She and her husband had suddenly began getting phone calls from concerned friends as well as strange “undeliverable” email notices. Mysteriously, at least one email had been sent from their on-line email account to all the recipients in their contacts in batches of ten or so. Some folks had told them their own security apps had alerted when they tried to follow the link in the email. It was pretty apparent to the couple that “something” was amiss with their PC but exactly what, they weren’t sure. They had already downloaded a second anti-virus tool and scanned their system with nothing found. They decided to call me to see if I could help them. I recommended they change the password and any security challenge questions immediately which they did, then arranged for a house-call the following day. I already had a clue on what probably occurred, but went though my full checklist of items as I assessed the system. No rouge processes, no unexpected auto-start items. Additional security scans came through with flying colors. Then I turned my attention to their email account. This particular email provider (unfortunately) doesn’t provide any IP-based user sign-in event logging like some other main-stream web-mail providers do. That would have provided golden information. Last account activity - Gmail Help Check if Your Gmail Account is Hacked with Activity Monitor - MakeUseOf Yahoo! Enables Monitoring of Login Activity for Better Account Protection - YDN Blog What we did have is one overlooked original email in the “Sent” folder showing a mail time of 8:15 PM Wed night. Neither of the couple reported being logged in on the system (or the email) at that time so it seemed fairly certain that is when the event occurred. I mailed that to myself to look into the URL more later. They use IE 9 and the system was fully patched. Flash and Java were outdated, but not too bad. Based on my survey and additional questioning, it appears to me that someone had “hacked” their account using some kind of brute-force attack on their account, quickly they had composed at least one email containing a single URL to everyone in their address book. I couldn’t find any evidence of a persistent threat on their system, and based on their feedback, I doubted a cross-site-scripting vulnerability had occurred. For the really curious, here is a link to the urlQuery (free online URL scanner) findings from that particular URL I found: urlQuery scan result. Turns out that particular link leads to a compromised (?) website serving up fake AV scanner malware via some JavaScript code. That is why some recipients of the email were likely getting alerts when they visited the site. Sneaky. Turns out hacking email accounts and appropriating them (even “non-maliciously”) for spamming is big business and a common event for many web-citizens. Hacked! - The Atlantic - James Fallows has a fantastic cautionary tale about the loss of an email account to a hack-attack. How Can I Find Out Why My Email Account Just Spammed My Friends and Family? - Lifehacker post has some tips on trying to get a handle on the aftermath cleanup. This couple -- it turns out -- had been using a very weak password so it fell probably pretty fast. Turns out weak passwords remain a common plague. ISC Diary | Analysis of the Stratfor Password List is another clear warning of this danger. Steve Ragan posted a simply amazing Report: Analysis of the Stratfor Password List which has crazy fascinating data on passwords and just how weak most of them were, along with his own password cracking work to show just how easy these fall. See also: Researchers find many weak Stratfor passwords -Naked Security. A brief Sony password analysis - Troy Hunt’s Blog Your Top 20 Most Common Passwords - Tom’s Hardware And just over the weekend there was this: Zappos cu[...]
D7 - Wicked Scary Tweaking tool 2012-01-16T15:06:57.601-06:00 I love windows tweaking tools. I’ve got a large collection of them reaching back into my XP days forward into Windows 8. Couldn’t live without most of them. However, I’ve finally met one that just downright scares me. Seriously. I’m still sitting on it wondering if I really want to get behind the wheel of this one (yeah, I do!). D7 project from Foolish IT First take a look at a ton of screenshots via this Addictive Tips post: D7 Is All-In-One System Backup, Maintenance, Repair & Tweaking Tool. From the D7 homepage:
And then it is accompanied by this warning that I usually just merrily ignore on most tweaking tools but gives me great pause with D7."
Need more info before jumping in? Pics and Vids via D7 page Online Manual via D7 page According to the author it is fully portable but there are some considerations. Please see the SETUP section of the online manual for a good understanding. It’s a simply amazing tool for advanced sysadmins and PC techs. Wield it with caution! Dragons lurk here… --Claus V.
Microsoft Security Essentials Public Betas 2012-01-16T14:53:12.779-06:00 Old news by now (has it been sitting since Nov 2011). Been running the x64 beta version on my home system with no ill effects. YMMV. More info below. Bink.nu | New Microsoft Security Essentials Beta now public - Bink.nu Microsoft Security Essentials 4.0 Beta Available to Download - Windows7hacker Free Download Microsoft Security Essentials 4.0.1111.0 Beta - Free Antivirus for Windows - I found this location to download the installation files from rather than register via the Microsoft links previously provided. I did grab the files both from my Microsoft registration and these and checked them both (HashMyFiles: Calculate MD5/SHA1/CRC32 hash of files). All hashes at the time matched. Windows Defender Offline beta lets you scan Windows before startup - BetaNews Windows Defender Offline Beta: Create Bootable Anti-Malware Disk/USB - AddictiveTips Windows Defender Offline Beta - Bink.nu AppRemover - OPSWAT - “Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs” --Claus V.
It’s a USB Thing 2012-01-16T14:42:57.754-06:00 I was working on a USB project recently and needed to capture an image of a USB device for restoration. That got me reviewing my pile of USB tools and looking for updates. Found some and a bunch of new-to-me freeware USB tools. Here you go. USB Image Tool - alex’s coding playground - updated to v 1.58 with some nice fixes. ImageUSB - Write an image to multiple USB Flash Drives - PassMark Software - great standalone tool to make/push images of USB flash drive devices. Hard to go wrong with this one! USB Disk Ejector - Quick And Easy Software - This is a “cutsie” app but seems much easer to me to use than hunting in the system tray for the Windows USB device ejection method. Definitely makes it easier to identify the correct device when there are more than one connected and I’m rushing. Dev Eject - Stop right now and add this one to your utility pile. Seriously. A co-worker has been having problems ejecting USB HDD devices from his XP system and turned to me to figure things out. He didn’t think he had any open calls to the device running and OpenedFilesView didn’t report any clues either. I turned to Dev Eject and immediately found the culprit: Symantec AV seemed to be doing a file-scan (slowly) when he was ejecting the device. More info in this AddictiveTips post: Identify Processes Hindering Removable Media Ejection With Dev Eject. Use command line to safely remove USB drives by Mike Williams at BetaNews has a lot of clever tips. Want lots of freeware USB tools? Serious, low level USB tools? CLI USB tools (and then some)? Uwe Sieber’s got you covered! Drive Tools for Windows RemoveDrive V2.2 - Safe removal of drives RestartSrDev - restarts "Safely Removed" devices which have the "Code 21" problem code EjectMedia V2.2 - ejects a media from a drive ReMount - reassigning mounpoints (change drive letters) ListDosDevices USB-WriteCache V0.1 USB Drive Letter Manager - USBDLM (Note: USBDLM is Freeware for private and educational (schools, colleges, universities) use only.) HotSwap! - Kazuyuki Nakayama - gives more friendly interface than the “Safely Remove Hardware” icon in the system tray does. USBLogView - NirSoft tool to record all USB devices plugged into a system and logs to a file. USBDeview v2.00 - NirSoft tool to list all USB devices plugged into a system as well as all USB devices previously used (with details). RMPrepUSB - Tool to partition and format USB drive and make it bootable. Free for private use only. If you know what you are doing, this tool isn’t needed but it goes a long way to helping noobies and the author has a large number of tutorials as well. More here: RMPrepUSB – Amazing USB Formatting Tool! - post from AgniPulse,RMPrepUSB : Install Windows on USB, Speed up USB and do more with it via The Windows Club and RMPrepUSB: Create Bootable Windows/Linux USB, Test R/W Speed & More post via AddictiveTips. How To Create Customizable Multiboot System Rescue Disk - AddictiveTips post on using SARDU builder to make a multiboot USB tool. Cheers. --Claus V. [...]
Taking a quick shot at Screen Shot apps 2012-01-16T14:15:03.658-06:00 (image) There are a LOT of Windows tools for taking screen shot captures. Lots and lots. It seems each time I learn about a new one it gets added to my pile. However I keep rotating back to a couple of dependable ones. IMHO FastStone Screen Capture truly is “The Best Screen Capture Software” out there. It’s been a while since FastStone pulled the “free” from this tool after version 5.3. That’s too bad as I really, really like this tool and the built-in editing tools are wicked sharp. Still, I have to mention it because it is that good. The freeware v5.3 doesn’t seem to play well on Win7 x64 systems so now I have had to move on to… Greenshot has now taken over a a must-install freeware screen capture app on my systems. It has most of the same features of the FastStone tool, but the editing tools aren’t quite as polished. That said, it is very stable, does excellent captures on Win7 systems (x32/x64) and has been promoted to a “run-on-startup” position on my system…a VERY rare honor here at GSD. Image above captured via Greenshot Xtreme Shot! is pretty cool also and includes those must-have post grab editing features I demand. Check it out and compare against Greenshot. More? Check out this older grand stream dreams: Mega Linkfest – Dog-pile Style that has eleven screen shot tools listed. Moving deeper into the “to be blogged” linkpile now… --Claus V.
Digital Image\Video Resources 2012-01-16T13:59:54.862-06:00 Little bro recently made a Christmas contribution to the “Claus-needs-a-new-hobby” campaign. While a portion of it does involve me staying up much later each night now (like I needed that bad-habit) reading George R. R. Martin's “Game of Thrones” series on my Kindle, the most recent focus is the coming addition of a Canon PowerShot S95 to my photography tools. For the longest time I have been seriously looking at the newer digital rangefinder class of cameras and the Olympus PEN E-P1 (Amazon link) fell into my price-point. I’ve yearned for this one for some time, however this particular model has been updated several times (more $$) and the Canon PowerShot S95 (Amazon link) was in the same range (price-wise). Though it also has a newer version, this one just seemed to have many more features (do I really need 1080p video when the S95’s 720p only video may never get used either?). In the end it was the collection of Flickr: Canon PowerShot S95 group photos that sold me on it along with the smaller (pocket/backpack) format over the E-P1. It came down to me being honest with myself. I can’t take good pictures and improve my technique if I don’t carry the camera with me almost all times to take pictures to begin with…and the S95 is much more pocketable (and less imposing when in use) than the E-P1 or my Canon Rebel XT DSLR. So, photography links on the sidebar have been amended to remove the PEN and add the S95. Hope to share some pics from it soon. So, that leads us into these great digital imaging tools I’ve found recently (or have been updated). Microsoft Research Image Composite Editor (ICE) - This remains my favorite image-stitching tool. Can also handle video stitching techniques: Microsoft ICE update–video to panorama, lens vignette, improved blending - HD View Hugin - Panorama photo stitcher - This is a new-to-me project. It looks a lot more sophisticated that ICE so I’m looking forward to trying it out as well. It has a lot of control. Scarab Darkroom - Beta version is free. From the page “Scarab Darkroom is a digital camera raw file converter/photo editor that supports most raw format capable cameras from Canon, Nikon, Olympus, Panasonic, Pentax, Samsung, and Sony. It is fast, easy to use, and produces excellent results. Development is still at the beta version stage.” My S95 has Raw+JPEG shooting format…. More here at AddictiveTips: Edit And Convert RAW Images To JPG With Scarab Darkroom It’s been a while since I last posted a roundup of freeware video editing tools: grand stream dreams: Video-Editing Resource Roundup Here are some new links: Top 3 free video editing software for Windows 7 via The Windows Club links to Avidemux, VirtualDub, and VideoSpin. What amazes me is that the pro-class Lightworks Open Source Project (free!) for video editing never seems to come up. It is incredible. Is it too complicated? I’m looking forward to shooting some 720p video to experiment with the application. --Claus V. [...]
File and Folder Linkfest 2012-01-16T13:33:09.285-06:00 As we continue the dig-out over here at the Valca link farm we now must turn attention to file and folder management tools. Track Folder Changes - CodePlex project page - really clever tool still in development that shows (real-time) as files/folders are being changes for a specific folder/directory to be monitored. Nice GUI. More information at Track Folder Changes in Real Time Windows7hacker post and Track changes to folders with Track Folder Changes post at freewaregenius. SearchMyFiles - NirSoft - Soo love this tool! It’s one of my must-haves for file-finding. Everything Search Engine - Love this one too. Wicked fast but does it by building its own index database. Doesn’t search within files; just file/folder names. UltraSearch - Freeware for Ultra-Fast File Search - JamSoftware - A bit like Everything but doesn’t build an index database rather relies on the MFT. Comes with a portable version. Locate32 Web Site - Another nice free Windows file indexing application. eXpress FreshFiles Finder - Super-great tool to quickly find the “freshest” files on a system. FileProcessor - really powerful tool to find files as well as perform a number of actions on those found files. More info via AddictiveTips: FileProcessor: Set Filters, Search & Perform Batch Actions On Files SpaceSniffer - Love it to visualize space usage on drives. GetFolderSize - Interesting tool for scanning file/folder size usage on drives. Different GUI but pretty cool! Spotted via GetFoldersize to Determine the Size of Folders on Your Hard Drive - Windows7hacker. FolderSize - Jan Horns tiny but quick app for folder size reporting. NoVirusThanks Freeware tools - interesting tools (free and commercial) for Windows system monitoring. Good overview on them here: NoVirusThanks releases four handy system monitoring tools as freeware -Softwarecrew. TestDisk - CGSecurity - Now at Version 6.13 for file/disk recovery. ODIN - Open Disk Imager for Windows - interesting GUI/CLI based tool for drive backup and imaging. More info via AddictiveTips: Backup, Restore And Verify Disk Images With ODIN. Hardwipe | File & Drive Wiper - GSD has had a number of posts already regarding file/drive wiping but this new-to-me tool is worth mentioning here. More info via AddictiveiIps: Easily Wipe & Clean Files, Folders And Hard Drives With Hardwipe. Forensic Riddle #5 – Answer - Hexacorn Blog has been posting a series of great puzzlers this one leads us to this clever Microsoft resource: Naming Files, Paths, and Namespaces. TakeOwnershipEx - WinAero - GUI tool that allows you to get full access to files and folders. More info via AddictiveTips: Take Ownership Of Files And Folders In Windows 8. NTFS Permissions Tools 最新进展 (ver 1.0.0.45078 RC1 (2011-06-14)) - Site is Chinese but AddictiveTips has the lowdown on usage here: Allocate NTFS Permissions Easily With NTFS Permissions Tool. Kickass Undelete - Browse /Kickass Undelete 1.2 beta - SourceForge.net - I really like this tool for file recovery. It’s not a all-in-one recovery tool, but is another great utility to keep on your response toolbelt. WinAero: Librarian - powerful libraries manager for Windows 7. Slick interface and easy tool to use. BExplorer (Better Explorer) - CodePlex - I want to like this project very much. I’m not feeling the love of the existing Windows 7 explorer menu-bar and this would go a long way to making it more powerful to use. However I’ve also had stability/installation issues on both Win7 x32/x64 systems so while it is on my “watch-list” it isn’t yet installed on my system. FreeCommander - This alternative dual-pane Windows file manager remains top-of-the-heap on my systems. It is required usage here at GSD. I’ve still not found a better alternative though many come c[...]
Utility Updates 2012-01-16T12:56:23.911-06:00 Quick linkfest running down some old tools updated and new tools discovered. Autoruns v11.21: This update to Autoruns fixes a number of minor bugs, including one that could result in a crash when certain scheduled tasks are configured. Microsoft Sysinternals. Process Explorer v15.12: This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account. Microsoft Sysinternals. Strings v2.42: This Strings release fixes a bug that would result in a crash when the –n or -b options are specified without a file name. Microsoft Sysinternals. Mark’s Blog: Case of the Installer Service Error: Follow along with Mark in another of his popular ‘Case of the Unexplained’ troubleshooting examples where he retraces the steps of a network administrator that used Process Monitor to figure out why the Windows Intune installer failed on one of his systems and goes on to fix the problem. Mark’s Blog: The Case of My Mom’s Broken Microsoft Security Essentials Installation: Mark goes deep with the Sysinternals tools to fix a corrupt installation of MSE on his mom’s PC over the holidays. CSVed 2.2.1 - Now at 2.2.1 version. See also NirSoft’s CSVFileView CCleaner v3.14 - Piriform - System cleaner Recuva v1.42 - Piriform - File recovery tool Speccy v1.14 - Piriform - System information collector CCEnhancer - v 2.5 - SingularLabs - plugin for CCleaner adding support for over 500 additional aps. JavaRa - v 1.16 - SingularLabs - not updated but great tool to remove old/redundant versions of JRE. Now under development is JavaRa 2.0 alpha build which includes updating, removal and some additional bells-n-whistles. Wecode.biz: Alternative Flash Player Auto-Updater - interesting tool to help update Adobe Flash Player. The latest builds of Flash Player do have an auto-updating feature baked in but it doesn’t (to me) seem to fire off and find newer builds as quickly as I would like to see. This is an alternative that might work good on friends and family PC’s. ISC Diary | Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit -Why keeping Flash updated is important…as if we didn’t need a reminder. Crystal Dew World - lots of updates here including CrystalDiskInfo and CrystalDiskMark WinCrashReport - Displays a report about crashed Windows application - New NirSoft tool. See also this post by Nir Softer himself : New crash reporting utility for Windows PST Viewer - Free tool to open and view content of PST files without Ms Outlook - Kernel Data Recovery. See also this review: Gave up Microsoft Outlook but need your PST file? There's an app for that - BetaNews. I like this tool in that when I recently had to carve the PST files off a nuked HDD to recover an end-users PST files, I got a ton of them. Rather than mounting each one to a working Outlook client profile, I just fired up this tool to inspect them with the user to find out which ones we wanted to attach and which ones were duplicates. Saved a boat-load of time. Could be good for incident responders as well. Highlighter v1.1.3 Released - Mandiant M-unition blog notice. Download link Download Batch Compiler - SourceForge - You need to install on a system (not portable) but still could be a great resource for building more complex batch files. See more info here at AddictiveTips: Batch Compiler: Create Batch Scripts & Convert Them To EXE Format Splashtop Remote Desktop - interesting new tool for remote connection management. See this Spla[...]
EXIF/meta-data Linkage 2012-01-16T12:33:16.261-06:00 Been sitting on these for a while (sigh). Metability Software is building a really cool and powerful tool to work with and explore EXIF data in images. FileMind Professional. It has a really nice tabbed main workspace and supports importing/exporting and reporting of EXIF data. I’m using the current (free) Beta Software version and it rocks. They also offer a cool little freeware app FileMind QuickFix which can strip out sensitive EXIF data before posting photo files to the web. Check it out. PhotoME - Exif, IPTC & ICC Metadata Editor is another free tool which can be used to show/display meta-data of image files. It is exceptionally well-rounded and has been around for a long time. Hat-tip to AddictiveTips for their post which led me to it: PhotoMe Lets You View, Analyze and Edit Image EXIF & IPTC Metadata BatchPurifier LITE - Free Metadata Removal Tool - Another free tool to remove meta-data from files in batch. See a review at AddictiveTips: Batch Remove Image/JPEG Metadata With BatchPurifier Lite AutoJpegTrunk (Google Translated) - very simple freeware tool/wrapper for ExifTool by Phil Harvey to clean meta-data. Again spotted at AddictiveTips: AutoJpegTrunk: ExifTool-Based Utility To Batch Remove Image Meta Data ExifTool by Phil Harvey - freeware awesomeness for the core tool of all things meta-data handling. Need more? see these Additional Resources on Phil Harvey’s page. Vinetto : a forensics tool to examine Thumbs.db files Vinetto - A Thumbs DB Parser/Viewer - Computer Forensics/E-Discovery Tips/Tricks and Information blog - includes info to get it running on Win32 as well as a built Win32 copy of Mark McKinnon’s work. Why do we care about meta-data (examining and/or purging)? Well for starters “dere’s gold in dem dere hills!” Stealing GPS Data from Images in Pentests - Security Aegis Strip your Images, not Yourself- Metability Software blog What the Situation Room REALLY Shows…- Metability Software blog Know Your Files - Metability Software blog Beyond Data about Data: The Litigator's Guide to Metadata [PDF] 2005 - found via e-evidence.info What's a Little Metadata Mining Between Colleagues [PDF] 2006 - Jessica M. Walker found via e-evidence.info Mobile Phones: Digital Photo Metadata [PDF Poster] 2007 - found via e-evidence.info. Note link to the “Carvey_gmu2005.zip” file is broken so either it got moved or dropped. Maybe Harlan can repost or share the updated link? I’d love to see it. GMU2005 presentations [Zipped PP Presentations] August 2005 -Harlan Carvey - Topics: The Windows Event Log file format; Tracking USB storage devices across Windows systems; File/document metadata. Windows Incident Response: Updates - Quoting Keydet89 from the linked post: “Did you map all of the USB removable storage devices that had been connected to the system? You don't need to have the management software installed to copy images and videos (hint, hint) off of a phone...just connect it via a USB cable and copy the images (which will likely have some very useful EXIF data available).” In addition, there are a number of freeware (and $-$$$$) image viewers/tools that also include meta-data handling embedded in them. This post is focused on meta-data specific tools. I’ll post linkage on some of the other applications that are more in this later class soon. Cheers. --Claus V. [...]
Active Directory Linkfest 2012-01-16T11:36:04.726-06:00 I’m working hard at getting up to speed on the whole Microsoft Active Directory thing. Until lately, I’ve not had either the need nor the opportunity to get heavily involved in supporting customers in a full-blow AD environment. Sure, there are some basic “foundational" things I’ve been able to pick up and use, but now we are moving forward into a brave new world and I gotta kick up my expertise a bit. I’ve already purchased and am working through this excellent Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition (Amazon.com link) book to get the ball rolling. So expect a few more AD-related posts around here…at least on the front end they will be more resource linking related as I fill out my virtual bookshelf. Group Policy for Beginners - Microsoft Download Center - Great MS Word file to introduce basic Group Policy concepts. Introduction to Active Directory - Learnthat.com - Nice heavily illustrated tutorial on Active Directory basics. Active Directory Search Results - Microsoft Download Center. Lots and lots of documents, tools and tips. Microsoft Events (Beta) - Amazing Microsoft site chock-full of awesome webcasts, podcasts, and virtual training sessions. All categorized, searchable, and level-rated Note the only “gotcha” is that the site seems to be driven by Silverlight and is very Internet Explorer dependent. Don’t hop to these pages in another browser unless it contains an IE-engine rendering engine. Active Directory Related Pages - Microsoft Events - honed down to just AD items. I’ve got a lot of work here. For example, there is this Migrating from Novell NetWare to Windows Server 2003 you can eventually find which includes the full lab as well as a PDF guide. Cool! Free Active Directory Virtual Labs - The Life of Brian Download: Remote Server Administration Tools for Windows 7 with SP1 - Microsoft Download Center - Download Details Download: Group Policy Documentation Survival Guide - Microsoft Download Center - Download Details The 4sysops - For Windows Administrators website hosted by Michael Pietroforte is my go-to source for the best of tools and tips related to Windows system administration. It is full of great information and resources related to Active Directory items! Active Directory - 4sysops - Link roundup of ALL AD-tagged posts at 4sysops Free Active Directory Tools - 4sysops - Link roundup of ALL (free) AD-related tools featured on 4sysops FREE: Active Directory Telephone Book - 4sysops - free tool to create an organizational phone-book based on AD information. Knowledge is power! FREE: Active Directory Topology Diagrammer - 4sysops - New feature/tool supported by Visio 2003 or higher. FREE: SysAdmin Anywhere – Active Directory Management - 4sysops - really slick interface on this tool to manage users in AD. FREE: AD Info – User friendly Active Directory reporting tool - 4sysops - full featured tool that has lots of pre-built queries for reporting. FREE: Account Lockout Tools – View lockout status and unlock account - 4sysops - Feature post on a component from Microsoft’s Account Lockout and Management Tools. Sweet. FREE: AD Tidy – Identify last logged on user and computer accounts - 4sysops - “It can be used to identify when user/computer accounts last logged on to the network and can tidy up these accounts in various different ways.” FREE: Active Directory Explorer – Active Directory Viewer - 4sysops - Review and reminder of the must-have Microsoft Sysinternals AD Explorer utility. Power to the people! How to disable USB drive use in an Active Directory domain - 4sysops - Just in case you need to… Troubleshoot slow lo[...]
Baseline of Windows Files in Incident Handling? 2012-01-15T15:58:36.526-06:00 I’ve been sitting on this one for a month or so hoping I could uncover a better solution. Unfortunately I’ve not been as successful as I would like so here it is. Chris Pogue at SpiderLab’s Anterior blog posted Manipulating Windows File Protection and Indicators of Compromise which contained lots of goodies. Basically it was a carry on from a previous post on Windows File Protection and malware hunting. In this post Chris shows how WFP can be “subverted” by malware and what clues are available to the incident responder for searching based on his and Harlan Carvey’s prior work. In Chris’s post he uses an unpublished tool to temporarily disable WFP, change “code” inside a protected system file, then allow WFP to restart, reboots the system and sees if WPF leaves the modded file alone. It did. Chris then documents the changes observed. I’m focusing on this part here: let's take a MD5 checksum of dllhost.exe for validation that we have successfully modified our target file. c:\Windows\System32>md5deep dllhost.exe a63dc5c2ea944e6657203e0c8edeaf61 c:\Windows\System32\dllhost.exe OK, next, I ran a strings against the target file so make sure there was not the same string content that I decided to use. In this case, a series of upper case letter "A"s. C:\test>strings c:\WINDOWS\system32\dllhost.exe | grep AAAAAAAA Now, I am going to simply append 20 upper case "A"s to the end of the target file. C:\test>echo AAAAAAAAAAAAAAAAAAAA >> c:\WINDOWS\system32\dllhost.exe Let's run strings against the target file to see if the modification took. C:\test>strings c:\WINDOWS\system32\dllhost.exe | grep AAAAA AAAAAAAAAAAAAAAAAAAA <-- This is the results of the grep search. Now let's check the MD5 checksum of the target file to see if it changed...as you can see by comparing it to the value from our initial MD5, it didn. C:\test>md5deep c:\WINDOWS\system32\dllhost.exe 6fb2c878750a84946efacfc50c8e1f59 c:\WINDOWS\system32\dllhost.exe (Note: I think Chris has a typo in the part I have bolded above. I suspect he meant to type “it did” as clearly the MD5 is now changed from the original file MD5 hash.) While Chris focuses on the MFT and system logs to flag the event for additional attention, I was focusing on the (relatively easier to spot?) MD5 change itself. If you can spot that the change occurred, then maybe you can drill faster into the corresponding logs/records for event clues on the change itself. Indeed, Rmdarcher commented in the post that one could “…run the System File Checker (sfc.exe)” to look for modifications. Chris agreed and responded, “I think the real challenge is not in the identification of the modification, but in the detection of the single file that was modified. “As I pointed out in the post, and what I still think is the real meat of the issue, is how to tell? How can you tell if a legitimate Windows process has become weaponized. Again, think the best way to even get the point where you can employ something like SFC, is through live analysis, and correlation of data points.” So what go-to options does a sysadmin have to see if a system’s protected files have been compromised by malware short of combing through the MFT and system logs? Here are the ones I have come up with so far. As Rmdarcher commented there is the Windows System File Checker. System File Checker - Wikipedia How to Run the System File Checker (Sfc.exe) Offline in Windows 7 and Vista - The Winhelponline Blog Microsoft Windows XP - System File Checker (sfc) - Microsoft Windows XP Pro Product Documentation How to use the System File Checker t[...]
Bad Habit 2012-01-15T14:38:15.840-06:00 Note to self…you so gotta get this one down this new year. Two spaces after a period: Why you should never, ever do it - Slate Magazine
That’s my excuse. Of all the classes I took in high school, I credit my elective typewriting class for making the greatest contribution to my successes in college and the later transition into a technology career. With no fear of typing, I was able to sit down at any keyboard with confidence. While no speed-demon at the time, I could touch-type at will and pound out anything needed. I could quickly and confidently organize my thoughts and communicate them. All because of those hours in front of that blue IBM Selectric III typewriter. I never lost that skill though the mechanical feedback isn’t the same anymore and I have to resort to running ClicKey when I really want my fingers to fly across the keys. Adding that darned double spacing after each sentence was drilled into me in those classes and it is just maddening to abandon. Here’s hoping for tighter copy this year. Claus V.
Wipies -- Addendum 2012-01-08T20:43:07.905-06:00 You may recall that both GSD posts on secure wiping -- Free Wipies and Wipies - Part II (Full Coverage Cleaning) -- were both inspired by a blog post by the TinyApps.Org blogger. Last night I received a kind message from this dear friend pulling my attention back to the deeper issue raised in that post, and while this isn’t a completely unknown issue, it is one that can be easily overlooked by the best of sysadmins in our zeal to “secure wipe the darn thing” and get on with our other daily grinds. The TinyApps how-to post ATA Secure Erase (SE) and hdparm shares an added benefit for those who dare to tread that hard-drive wiping technique through the “enhanced secure erase” option. (Very) Basically the issue comes down to this: hard drives may have bad sectors that have been found and so marked as well as additional “host protected area (HPA)s” both of which can be skipped by many “block-erase” wiping tools and utilities. The end result is the possibility of recoverable data left behind in these areas if a standard block-erase method is used. Host protected area - Wikipedia, the free encyclopedia Device configuration overlay - Wikipedia, the free encyclopedia So even though you are diligently laying down your randomized data and/or zeros to all the (accessible) sectors of the drive, the drive itself may be actually hiding physical sectors from your software that will not get overwritten no matter how hard you try. As TinyApps linked for me in the communication, even the almighty Darik's Boot And Nuke clearly says in its FAQ that it must be used with knowledge to address some of these issues: Does DBAN wipe remapped sectors? - Darik's Boot And Nuke Does DBAN wipe remapped sectors? Use the ATA-6 wipe method if you want to wipe remapped sectors. Most methods do not wipe remapped sectors. Does DBAN wipe the Host Protected Area ("HPA")? - Darik's Boot And Nuke Does DBAN wipe the Host Protected Area ("HPA")? No. Most vendors that are using the HPA have a toggle for it in the BIOS setup program. Future releases of DBAN may override or dishonor the HPA. Why not now and why not by default? Some vendors are using the HPA instead of providing rescue media. Wiping the HPA would surprise and strand people that expect the HPA to have rescue materials, and it often results in OEM technical support marking and abandoning people that do it. The HPA is a low risk because it is not accessible during normal operations. DBAN defaults are chosen to best protect people with a minimal understanding of this kind of problem. This point is still open for discussion in the help forum and in the appropriate bug ticket. That’s not to say this information makes DBAN (or any of the others like it) a bad or faulty tool, just one with some limitations (like most all other block-erase wipe tools) that must be fully understood before deciding if its methods are sufficient for the use at hand. For example, there are forensic drive access/capture tools that can detect these areas and ensure the investigator is able to respond to them. That’s great news for the good guys and a warning that bad-guys can also take advantage of this as well: HPA/DCO Detection - WiebeTech Forensic Docks Here (again) are links to two posts about the HPA/remapped sector issue with drive wiping well worth the read: Securely erase hard drives - ultraparanoid Can God Create a Rock So Heavy Even He Can’t Lift It? - ultraparanoid I suppose one good place to start is pre-inspecting your drive before you get wiping to better understand what you are dealing with. There are a few Windows-based[...]
Make a dual-boot WinPE CD 2012-01-01T17:16:12.933-06:00 I’ve been in the workshop for the past several days hammering out a new WinPE product for our technical field-support team. You may recall from the GSD post WinPE Building and PGP Support Links Updated that I have previously built a highly-customized PGP WDE injected WinPE boot CD to allow our team to manually off-line boot, then authenticate into a PGP v9.x encrypted hard-drive. Now we are rolling out systems encrypting with PGP Desktop 10.x. Unfortunately the v10 isn’t backwards-compatible in supporting the v9 encrypted systems. So I cleared off the workbench and using the techniques I have previously outlined here, built a new customized WinPE boot disk that supports PGP-WDE 10.x. Only there was one problem; we currently now have a mixed PGP-WDE environment where some systems are running PGP Desktop v9.x and others are running v10.x. I started to plan just having the techs carry both WinPE boot disks with them. But that seemed silly. The WIM files were both very small. Too bad I couldn’t include both BOOT.WIM files on the same CD as the rest of the CD structure was identical. Or could I…..? I knew a suggestion Brett had made earlier that with some BCD file editing on a customized WinPE booting USB stick, that I could multi-boot different WinPE BOOT.WIM. We outlined that process in this GSD WinPE Multi-boot a Bootable USB Storage device post. I can tell you it works like a charm. But surely that doesn’t work for WinPE CDs. That’s crazy talk. Right? Nope. Works fine. David over at the “ITC Guy’s Doodles” blog has it all laid out, simple as can be (with screen-shots): Creating WinPE multi-boot - ICT guy's doodles David and I are assuming here you already have the WAIK installed and are long-past the steps regarding building a customized WinPE build or two. If not, check out these GSD posts first for some background if needed: Custom Win PE Boot Disk Building: Step Four – Pulling it all together – GSD blog. Custom WinPE Building: Post-Script and PE 3.0 - GSD blog. QuickPost: Bootable USB Stick – GSD blog. USB Tricks for Vista and Windows 7 – GSD blog. Sexy USB Boots (Win PE style) – GSD blog. WinPE and DISM/PEimg to boost Scratch Space (Ram Disk) – GSD blog. Once you’ve done that and have your primary WinPE folder structure set as well as your custom BOOT.WIM files ready you basically do this: Launch your WAIK Deployment Tools Command Prompt (in Windows 7 I chose to run it elevated as Administrator). Change directories to your WinPE building folder (in my case it was C:\winpe_x86 yours may differ adjust recipe accordingly for your WinPE baking altitude). Copy into the c:\winpe_x86\ISO\sources folder the BOOT.WIM files you want to include. Note they will need to be named different things. Your first/default booting wim can remain “boot.wim” to keep things easy, but the 2nd (and each additional one if so desired) should be named something more descriptive. Next you will need to edit the BCD file for the booting build which is located in C:\winpe_x86\ISO\boot location. Follow David’s steps to make a copy of the default boot entry item to a new second one with a different boot guid. Then you need to “fix” some of the copied sub-items to associate with the new guid value. Finally, you can rename the default boot item description to something more meaningful. Use oscdimg to build the ISO file and when you boot it, you should now see your different boot image options appear on the boot selection menu! Sweet! I’m not aware of any limitations to the number of dif[...]
Wipies - Part II (Full Coverage Cleaning) 2012-01-01T16:24:19.994-06:00 I guess in the back of my subconscious, this and yesterday’s post regarding secure wiping could be related to the new year…you know…start things off with a clean-slate? Yesterday’s post focused on free tools and utilities for secure-wiping (pretty-much) files and folders from a Windows system. In a much older GSD post I had touched on total-drive secure wiping options. Since a lot of time has slid by since that 2007 post, I figured I revisit it and see if it needed some updating. So below you will find a list of tools that address secure wiping of an entire hard-drive. In the previous post, I already covered by top-two tools for secure-wiping a HDD: When it comes to secure drive (whole-disk) wiping, I’ve still tended to rely on two tools in particular for their ease-of-use and convenience. The first is Microsoft Windows DISKPART command “Clean all” which “specifies that each and every sector on the disk is zeroed, which completely deletes all data contained on the disk.” The pro is that the command is very simple to remember and use, and when coupled with a WinPE disk, is dead-simple to effectively wipe out most all drives I encounter. The second one I love is the CLI tool “wipe.exe” as found in the Forensic Acquisition Utilities set by George M. Garner. The pro about this one is that it actually includes a progress indicator so you have some degree of feedback on how far you’ve wiped. I always verify my zero-out wipes when done. For that I prefer to use the sector-viewer tool HxD to scan through the post-wiped drive to ensure it all come up clean; Frhed - Free hex editor is another nice alternative. I keep a custom WinPE 3.0 USB stick always handy to off-line boot a target system. By nature, DISKPART and it’s “Clean all” power is baked in. I’ve also loaded it with the forensic Acquisition Utilities tool set so those are also at hand for a quick “wipe \\.\PhysicalDrive0 -p 1 -w 00” command if I prefer the progress meter. However, there are a number of additional tools, some more “GUI” than others that bring more to the party in terms of wipe-patterns and passes…if that’s your thing. So here are the rest I’ve found. Use may be licensed for personal only or may also allow for organizational use. So read the fine print carefully to stay honest. Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing - (aka DBAN) allows for creation of a boot floppy or boot CD. It supports SCSI, IDE, PATA, and SATA disks and should be able to wipe just about any file-system from a drive. You can use one of five preset wipe formats or set custom wipe patterns. If you prefer you can try the method to Create a DBAN USB Flash Drive from Windows over at USB Pen Drive Linux. Other related links (with more screenshots) are Create a Bootable DBAN USB Pen Drive at TrishTech and How to make a bootable dban USB thumbdrive to wipe hard drives at Lee.org. I’ve had mixed success with making a USB version of DBAN (no issues with the CD version), generally the problem comes like others with the “autonuke” option causing a hang. Some forums suggest disabling “media card” drives in the BIOS or like things. Also, you need to be sure to pull the USB stick in the first 10 seconds of the DBAN loading done otherwise you will likely wipe your USB stick as well if left in. PC Inspector - Emaxx - Basically you download the app and use it to create a boot disk. Then boot your target system with the boot-disk and type “emaxx -US” to get started. It isn’t [...]
Free Wipies 2011-12-31T21:49:35.818-06:00 New Year’s Eve is almost upon us. Figured I close out 2011 with one final post. Out of a recent TinyApps.org post on drive wiping I followed a white-rabbit and ended up on this Disk Wiping with dcfldd at the Anti-Forensics blog. I’m always on the lookout for tips and techniques when it comes to secure-wiping drives and the post was full of great info regarding use of the dcfldd tool. When it comes to secure drive (whole-disk) wiping, I’ve still tended to rely on two tools in particular for their ease-of-use and convenience. The first is Microsoft Windows DISKPART command “Clean all” which “specifies that each and every sector on the disk is zeroed, which completely deletes all data contained on the disk.” The pro is that the command is very simple to remember and use, and when coupled with a WinPE disk, is dead-simple to effectively wipe out most all drives I encounter. The second one I love is the CLI tool “wipe.exe” as found in the Forensic Acquisition Utilities set by George M. Garner. The pro about this one is that it actually includes a progress indicator so you have some degree of feedback on how far you’ve wiped. I always verify my zero-out wipes when done. For that I prefer to use the sector-viewer tool HxD to scan through the post-wiped drive to ensure it all come up clean; Frhed - Free hex editor is another nice alternative. I also keep a collection of secure file-wipe tools handy as well. These are useful for when I have a personal document with sensitive info that is no longer needed, or at work where I have successfully recovered a customer’s data from a seriously crashed drive and the files were successfully restored; don’t need to keep those around on the workbench PC. EraserDrop Portable - PortableApps.com is an easy to use and easy-to-configure tool I find useful to manage large volumes of files/folders needing secure deletion. It is based on Eraser. Eraser Portable - PortableApps.com - Portable software for USB, portable and cloud drives is the portable version of that tool. It is very flexible and powerful, though the interface and job/task “scheduling” might be off-putting to less advanced users. Besides handing wiping of files/folders, it also can wipe free-space on a drive. WipeFile over at Gaijin is a simple and basic file-wipe tool with lots of options. Just launch, set your wipe-preferences, and drag-n-drop your files for wiping. See the related Gaijin tool WipeDisk as well. File Shredder is a “new-to-me” secure-wipe tool. It is quite small and consists of two files; the main exe and a dll helper. The interface is nice and it also includes wiping of free-space. ultrashredder is even smaller. Basically just drag-n-drop. While you can set the number of over-writes, you can’t set the pattern. DPWipe 1.1 by Dirk Paehl is similar to Ultrashredder in the GUI layout, however it does allow selection of the wipe method. Blowfish Advanced CS. This is an oldie-but-a-goodie which was the very first secure wipe (file and freespace) tool I started using back in my Win98 days. It probably has been passed on by other tools here but I still keep it around for fond-memories. SDelete is Microsoft Sysinternal’s CLI tool to wipe files as well as zero-out free-space. I like it particularly well for that second task. Disk Redactor also handles wiping of all free space on a drive very nicely with a helpful GUI interface. These are all specialized secure-wipe tools and are pretty easy and convenient to use; a few even h[...]
Mostly for Sysadmins and Windows Tweakers 2011-12-04T21:30:09.419-06:00 One last linkfest dump before I turn my attention back to a freshly arrived hardback copy of George R. R. Martin’s A Game of Thrones to close out this dark, drizzly and fast-chilling night here on the Gulf Coast. My brother is deep into the book/HBO series and I think he runs an underground distributed book club network of sorts on it. Hence his gifting me this newfound wonder. This linkfest is a collection of stuff mostly of interest to system administrators and Windows tweakers…your interest level may vary. Looking at page hits (which I rarely do) it seems that the following posts remain all-time GSD favorites for some reason. Blocking IE 8 "InPrivate" Mode Blocking IE 8 "InPrivate" Mode – Updated Some folks had issues following the steps to make their own REG files to enable/disable “InPrivate” mode on their own system, so I did some and posted the download linkage in the comments section. I've created the registry keys myself and uploaded them to a shared folder on box.net. http://www.box.net/shared/b0fr5x0qg2 Click that link (or copy/paste it into your browser address bar) then download the "IE8InPrivateMode-Disabled.reg" file directly to your PC. Depending on your anti-virus application it may complain as .reg files could be malicious. If you want to check, simply open it in Notepad to see that it matches what I have listed on my blog post. Once you have it download it, right-click on the file and select the "Merge" option.Depending on your version of Windows and the user-rights of your profile, you may have to confirm some warnings. If all goes well it should be added to the registry and when you re-launch IE8, you should see the option grayed out. The other registry key in that folder re-enables the option. Follow the same steps and it will allow InPrivate Mode option to work again, unless blocked differently by one of Microsoft's Family Safety programs... They work on both IE 8 and IE 9 by the way despite the posts being IE 8 centric at the time. Anyway, the other day I noted this post Internet Explorer InPrivate Browsing Enable or Disable - Windows 7 Forums. In it, “Brink” also offered some download REG files for merging into the registry. Out of curiosity I compared them and they were pretty much the same except where my REG files just cover the HKEY_LOCAL_MACHINE key location, Brinks keys have that as well as one for the HKEY_CURRENT_USER key location as well. So basically with Brink’s you get a two-fer deal. Mine or Brinks…take your pick. How to REALLY hurt yourself with PSEXEC - Deleting the Undeletable Registry Key and More - Scott Hanselman Computer Zen- Scott’s battle with a “undeletable” registry key makes for a fun read. That said, while his PsExec method worked, I’ve had fantastic success when I’ve run into similar keys on malware-infected systems by using Malwarebytes : RegASSASSIN. I don’t know for sure if it would have helped in Scott’s issue, but I would try that first via the GUI it offers before dropping to the PsExec CLI work (though it is really cool). Related for difficult to delete files: Malwarebytes : FileASSASSIN. It has been over 4 years now since I set Dad up on his Vista system at his house. In that process I ran into a challenge; how to get his and his wife’s profiles to display at different screen resolutions? She liked a relatively low resolution to see things larger, while dad liked the highest resolution to get the best screen display quality. In my post of my fix V[...]
Check Carefully before Surfing (for safest performance) 2011-12-04T15:25:38.977-06:00 cc image credit: flickr image by surfcrs Been a lot of moving's in the browser plugin world lately. Based on the number of home-user systems I’ve had the “pleasure” of cleaning recently, it seems that an overwhelming vector for infection is out-dated and vulnerable browser plugins. Nothing like an older version of Flash or Java to bring the sweet stench of PC decay and meltdown to a system. Need more reading? Linkz 4 Exploits to Malware - Journey Into Incident Response. Cory writes in that post… Over the past year I’ve been conducting research to document attack vector artifacts. Vulnerabilities and the exploits that target them are one component to an attack vector. Some may have noticed I initially focused most of my efforts on vulnerabilities present in Adobe Reader and Java. I didn’t pick those applications by flipping a coin or doing “eeny, meeny, miny, moe”. It is not a coincidence I’m seeing exploit artifacts left on systems that target those applications. This has occurred because I pick vulnerabilities based on the exploits contained in exploit packs. Exploit packs are toolkits that automate the exploitation of client-side vulnerabilities such as browsers, Adobe Reader, and Java. Mila Parkour over at Contagio maintains an excellent spreadsheet outlining the exploits available in different exploit packs on the market. The reference by itself is really informative. Java is the largest malware target according to Microsoft - The H Security: News and Features …it is not only exploits of old vulnerabilities that should concern Java users. As has been pointed out on Krebs on Security, a new exploit has emerged that is being built into automated attack tools. The critical vulnerability that this attacks has been addressed in an update, but only the very latest versions of Java are safe from this new exploit. If users are being slow at updating, very large numbers of them are likely to be at risk from this exploit. Millions of Java Exploit Attempts: The Importance of Keeping All Software Up To Date - Microsoft Security Blog. Tim Rains comments… Many of the more commonly exploited Java vulnerabilities are several years old, and have had security updates available for them for years. This illustrates that once attackers develop or buy the capability to exploit a vulnerability, they continue to use the exploit for years, presumably because they continue to get a positive return on investment. While the latest versions of Flash and Java do seem to offer self-update checking ability, it has been my experience that those auto-updaters don’t always check as frequently as they should, or may not even offer an update as soon as it is available. Don’t even get me started on Adobe Reader. These features are improvements, but even when they do work, they still require the user to notice the update offer and respond correctly to get the version bump. At the bare minimum it is good practice to regularly hop over to Secunia and run their free, web-based Secunia Online Software Inspector (OSI). Hit the page, hit the green “Start” button, let Java do its thing and scan your system for insecure versions of software. If you or a user can’t remember to regularly do that, Secunia also offers a more robust, installable version of their free Personal Software Inspector (PSI). This one will run as a service on your system constantly checking for and offering recommendations on fixing critical insecure[...]
Quick Malware Notes, Incident Response, and 00-outs 2011-12-04T14:13:42.120-06:00 A while back after dealing with some heavily malware-infected systems, I wrote a followup post Anti-Malware Tools of Note. Since that time, a few other bits and bytes have come across my desk so I thought I would supplement it slightly. TinyApps bloggist brings our attention to and a recommendation for a “new” Free standalone and bootable antimalware that has ranked very high on Virus Bulletin’s VB100 comparative tests. That tool is eScanAV Anti-Virus Toolkit (MWAV) which is also available in a standalone eScan Rescue Disk format as well. Registration is requested to access the download link, however the tools are free. It is similar in many ways to Microsoft Safety Scanner which I previously wrote about: Being a “standalone” tool of sorts, it can be run in the WinPE environment or on the “live” system. The trick in WinPE is to make sure your WinPE build has a large scratch-space value. Check out this 4sysops post Offline Antivirus – How to run Microsoft Safety Scanner on Windows PE 3.0 for more details. I do understand that for some folks, the thought of making a custom-spun WinPE boot tool could be quite intimidating. With that in mind, you will want to keep a copy of the Microsoft Standalone System Sweeper Beta handy. Of course you will need an uninfected “host” system to create the tool. Download the “builder” utility in either x32 or x64 flavor depending on your hardware and choose a blank CD, DVD, or USB drive with at least 250 MB of space. Execute the tool and build-away. Of course, you may want to do more with this plain-Jane WinPE build that it lets you. And you can if you know the tricks our dear TinyApps bloggist posts in his Extending Microsoft Standalone System Sweeper tips. Michael Pietroforte has some more related details of his on in his 4Sysops post FREE: Microsoft Standalone System Sweeper – Standalone antivirus software Back in my “younger” days of malware response, tool sets were pretty limited and there seemed to be just a few strong "antimalware” package tools available. One of those I depended on was Spybot-Search & Destroy. As my skills got sharper and my toolsets became more focused due to the advances in malware, I gradually drifted away from using it regularly. I was pleased recently to find that they are still kicking strong and have recently made available Spybot Search & Destroy 2.0 Beta 4 for public download and testing. This version offers “Live Protection” by default, performance improvements, and Explorer shell integration. Check it out! The ISC Diary handler Chris Mohan posted Safer Windows Incident Response with a reminder of the dangers of incident-response handler’s cross contamination when working on a potentially compromised system. Windows Incident Response bloggist Keydet89 has some good tips, and touches on incident response items in his New Stuff post from a just a few days ago. Specifically he calls out to Corey Harrell’s Journey Into Incident Response blog post Linkz 4 Exploits to Malware. In it, Cory gives some perspectives on Harlan’s Malware Detection Checklist. Checklists like this are a great starting point for incident response. Granted, every situation is different, and the hardware, software, and network topology that you operate in may require much fine-tuning to dial-it-in for the best signal to noise ratio. But that’s the poi[...]
Network Tool Notes 2011-12-03T13:21:25.126-06:00 Here is a brief collection of network-related tools and utilities that have been gathered in this past week. Nmap Security Scanner for Linux/MAC/UNIX or Windows - latest stable version now at 5.51 and development version at 5.61. Changelog PuTTY: a free telnet/ssh client - version 0.61 released a few months ago and 0.62 “pre-release” build also now available with some bug fixes. Spotted via ISC Diary post. 4 years is a long wait for a bump… How to connect to a Wireless WIFI Network from the Command line in Windows 7 - Scott Hanselman - just because mixing WiFi and CLI is cool. See also Scott’s Updated for 2011 - McDonald's WiFi Guide with updates for Mac OS X Lion and Windows 7 Wireless Profile Samples - MSDN WiFi XML profile samples and info on the Netsh Commands for Wireless Local Area Network (wlan). Wireless Network Profile - Backup and Restore - Windows 7 Forums - Tips on backing up restoring your WiFi profiles on Win7. Wifi Network Backup Manager Utility - Shai Raiten - Small and easy tool to assist with the above processes if helps you a bit. Network Stuff - A ton on specialized network tools bundled up in a single free utility. Spotted in this BetaNetws post: Network Stuff: More Internet tools than you'll likely ever use. The developer offers a number of other interesting tools as well worth looking into - Dev Stuff NorthWest Performance Software, Inc. - Network Freeware Tools - This company provides quite a collection of free network tools such as the following: NetScanTools® Basic Edition - DNS Tools, Ping, Graphical Ping, Traceroute, Ping Scanner, Whois IPv6ScopeFinder - Displays ScopeID, status, Interface Type, IPv6 & IPv4 addresses, Interface Name. IPtoMAC - can find the MAC Address of any IPv4 device on the local network. ENUMresolver - “A freeware program designed to query your default DNS for the ENUM NAPTR mapping between a telephone number and a SIP, H323, IAX2 or other URI. Use with VOIP systems to check your e.164 or freenum or other mappings. This program queries each default DNS assigned to your system using the e164.arpa or other root tree for the corresponding NAPTR records and displays them.” That’s pretty cool. Peter Kostov's software for networkers - amazing freeware collection. IP Workshop Rel. 2 - Super Beefy IP calculation tool that should probably be in every network jockey’s saddle-bag. Bundles tools that include Subnet Mask viewer, nework calculator, Subnet Mask charting, and more. Similar vendor freeware tools can be found from IP Subnet Calculator - WildPackets and the Advanced IP Address Calculator 1.1 - Radmin. See also IP Workshop Release 1 Easy IP - Lets you save as many IP configs as you want for your system then recall/apply them as needed based on your network location. See also these related freeware tools from other vendors: NetSetMan - Network Settings Manager (more info here) and the TCP/IP Manager CC PortReport neat little tool that interacts with Cisco CatOS running Catalyst switches and provided information/documentation gathering on slots, ports, Vlans, opStatus, adSpeed, ifSpeed, Duplex, STFast, and Port Naming. WinIPConfig - GUI tool for “ipconfig” type activities. ostinato - Packet/Traffic Generator and Analyzer - Google Project Hosting - from the cross-platform project page “Ostinato is an open-source, cross-platform network packet crafter/traffic generator and[...] |
||||||||
http://grandstreamdreams.blogspot.com/feeds/posts/default
Copyright 2006-2012 Feedage.com LLC
Privacy policy - Sitemap - Press - Terms of Service - Copyright information
Contact Us - About Us - Feedage - Search Engine Consulting
Language Detection Powered by
Privacy policy - Sitemap - Press - Terms of Service - Copyright information
Contact Us - About Us - Feedage - Search Engine Consulting
Language Detection Powered by