Preview: Grand Stream Dreams
Grand Stream Dreams...soaring up...chasing dreams...what will I do if I catch one...Updated: 2009-07-03T17:47:13.133-05:00
Security and Forensics Linkfest 2009-06-21T15:09:33.186-05:00 I got to confess, a few weeks ago while I was working on a rather challenging data-rescue project over the course of a week or so, I was having a blast. Then I shifted gears and had the opportunity to work on a high-level workgroup and provide documentation support. I really miss it when I’m not “getting my hands dirty” directly on systems. Working an issue with trusted tools or searching for just the right new one to do a task better is so much fun. Here’s a well-rounded selection of security and forensics tools and resources that are almost certainly will have you scrabbling around for a system or two to throw them at. More Links - Windows Incident Response – Harlan has a most excellent and jam-packed post full of forensics goodies such as a reference to a new Windows memory imaging tool update for the free Win32dd. Also in that post was introduction (to me) of a new system info-gathering tool called MIR-ROR. Like similar “collective” tools such as his own RegRipper, Security Database’s Evidence Collector, and Mandiant’s First Response these multi-function info collection tools aren’t solutions in themselves, but they can make the collection of first-pass level logs and information simpler. Armed with these after careful analysis by the responder, more surgical system analysis can take place with task-specific tools. I’ll let Harlan’s own words on MIR-ROR speak for themselves… I recently heard about a tool called MIR-ROR, put together originally by Troy Larson and then expanded by Russ McRee, both of Microsoft. Russ blogged about it here, and there's a toolsmith article available on it, as well. MIR-ROR is a batch file that is useful for running tools on a system as part of incident response; what I like about this is that Russ isn't sitting back hoping that someone does something like this, he's taking advantage of his knowledge and capabilities to put this together. And he's made it available to the public, along with instructions on how to run it. I like tools like this because they're self-documenting...properly constructed and commented, they serve as their own documentation. As always, the standard caveat applies...use/deploy tools like this as part of an incident response plan. If your plan says you need to acquire a pristine image of the drive first, you will want to consider holding off on using a tool like this... You will have to collect many of the executables that are needed and assemble them into the package. The documentation is great. As I recall I found a few references that were off but some patient Googling turned up the correct locations and I soon had it all put together. Memory Acquisition for First Responders – Forensic Incidence Response blog – Since I just mentioned win32dd this post by hogfly came at an opportune time. I believe that while memory acquisition and imaging is still primarily of use to forensic examiners, system admins can use the same lessons and apply them when doing incident response to a malware-infected system. As I say over and over again, too many IT Techs when getting a report of a virus/trojan/malware infection just run roughshod over the system with anti-virus/anti-malware cleaning tools and remove critical information to help understand WHAT is going on and WHY. There are LOTS of great Windows-based tools to capture memory images and data…many of them free (another post) so there’s little excuse not to capture an image of the memory of an infected system before going to town on the cleaning. Getting a sector-based image of the physical drive could also be valuable as well. This gets the end-user up and producing again and lets the analysts have more time in the lab dissecting the cadaver without everyone breathing down their neck with impatience. Live Analysis Part I - Changing of the Guard - The Digital Standard – Thoughtful post by cepogue on just that prior theme. Sometimes some incidents (or organizational attitudes/processes just don’t support the “by-the-book” Inc[...]
Browser News and Tips 2009-06-20T21:20:44.730-05:00 Miscellaneous news and happenings in the world of web-browsers. Firefox First Firefox 3.5 RC1? and Firefox 3.5 Release Candidate 2 Released - The Firefox Extension Guru’s Blog – If you blinked this week you probably missed 3.5 RC1. I saw it was coming and pulled it down by doing a manual Check for Updates. If you didn’t or were waiting for a big public announcement…you probably missed it! First look to Firefox 3.5 RC2 - Mozilla Links blog opens up with news that the first RC wasn’t that big a deal and this one doesn’t add much more to the party…then goes on to long-list all the neat and improved features it provides…whazz-up? It’s a good rundown and 3.5 RC2 has been rock-solid on all my various (and I do mean various) Windows systems. But really…why the fast RC1 to RC2 release jump? Mozilla is usually very cautious and deliberate in these semi-public official releases. There has to be a story behind the story. Right? Maybe so… Mozilla posts yet another Firefox 3.5 Release Candidate – Betanews’ Scott M. Fulton, III digs around and comes up with this information in a really brief post. It was apparent yesterday, after a test of the organization's latest private daily build of the Firefox 3.5 browser, that Mozilla's developers had discovered a jackpot of performance improvements in some specific areas: JavaScript math, RegEx (regular string expression) searches, and general control flow. Betanews tests yesterday gave the Thursday morning build 8% better overall speed in Windows 7 RC, and a better overall performance index score on that platform of 9.35 versus 8.81, relative to the performance of Microsoft Internet Explorer 7 on Windows Vista on the same physical machine. Now it appears the team is willing to capitalize on that find. This morning, Mozilla's servers made available Release Candidate 2 of Firefox 3.5 to the general public. Again, the team makes these public builds available prior to a formal announcement, though word from Mozilla about RC1 was actually rather quiet this week. The possibility of an RC2 in the near term -- just days later -- may have been why. Firefox web browser 3.5 RC2 Public Link – Mozilla’s latest public Release Candidate can be found here if you are still on the 3.0.x builds and are curious. Most of the popular extensions for 3.0 builds have been updated to support 3.5 so it might be a good time to try it out if you are curious. More technical news and warnings here: Mozilla Developer News » Firefox 3.5 Preview now available for beta users The new Firefox icon - Mozilla Links – Besides the speed and other feature enhancements, this RC version now brings with it the updated Firefox icon. As silly as it sounds, it really does stand out as I have multiple versions of Firefox on some of my systems and seeing the icons side-by-side on my desktop the differences are clear. Well done! Firefox/Sprints/about:me – MozillaWiki – very preliminary work on an extension that provides drill-down data on your Firefox browsing patterns. Scary stuff for some but a goldmine for OCD Firefox users. I was curious to install the very early version on my system. I read (somewhere but didn’t save the link) in this post Firefox.next peek: profiling yourself at Mozilla Links blog that this might be added in as a “feature” of future Firefox versions (Danger Will Robinson…Feature Bloat Detected…Danger Will Robinson!) Description A statistical analysis of the user's history, average tab load, etc. Like Google Zeitgeist, but based on their Places database. Dietrich has an add-on that does some of this already. screenshot Introducing Add-on Collections - Mozilla Add-ons Blog. In a effort to make the power of Firefox's extensibility even more easy for Firefox virgins to join in on, Mozilla now has a project called “Add-on Collections” that bundle popular extensions in singularly-downloadable package sets. That a Cool Thing. It’s a cool idea. If[...]
Microsoft SharedView: OMG this is Free?!!! 2009-06-20T18:14:40.498-05:00 So this past week I was in Austin for a few days working on a special project. It wrapped up but the work didn’t. When we departed, plans were made to continue and as I was tasked with documentation support, it was asked if the team contributors could share my desktop (remotely) as we continued the work via conference calls from our desks across Texas. One of my director’s peers suggested we use Microsoft’s NetMeeting product which might be useful. It is loaded on all systems but does require each “attendee” to provide their IP address to set up the session. We don’t have any enterprise-class commercial collaboration software solutions like Live Meeting or similar applications (at the current time…that may change soon). We needed something cheap (free would be good), XP compatible, and require very little setup or technical use for the non-technical workgroup participants. Plus it had to be fast and rock-solid-stable. When I got back into H-Town I hit the webs and quickly uncovered the dirt on NetMeeting on XP. Where is Microsoft NetMeeting in Windows XP? – Windows IT Pro. How to Use Remote Desktop Sharing in NetMeeting – Microsoft Help However after playing with it on my system I just wasn’t feeling the love. It seemed clunky, connection setup seemed awkward, and I wasn’t convinced it would really meet our needs. Then I stumbled upon Microsoft SharedView. The heavens opened up and the Dove of Peace descended. Live-fire pre-deployment testing with the D-Man and Mr. No in the IT bullpens quickly confirmed it was a rocking solution. Microsoft SharedView Microsoft SharedView – Microsoft Connect This is – amazingly – a free product/service offered by Microsoft. Free. 100% free. (Image from Free Utility: Microsoft SharedView – July 2008 Tech Net Magazine. It’s the bar at the top that contains the SharedView controls) The Microsoft Connect hosted SharedView web-site design absolutely sucks for such a fantastic product. Bad. It is basic and really doesn’t do the product justice. Maybe that’s by design. (no pun intended). Maybe Microsoft isn’t ready to showcase this product. That’s too bad but great for us! Microsoft SharedView is a fast, easy way to share documents and screen views with small groups of friends or coworkers; anytime, anywhere. Use SharedView to put your heads together and collaborate - create, convey, and communicate…across physical boundaries, through firewalls, and down to the smallest details. It doesn’t support audio/video (as in web-cams for attendee shared communication). But if you can set up a phone/conference call, this is an amazing product for small workgroups, offices, and home-users. It could also be used to perform remote-connection support in a pinch…though I still prefer the ease of ShowMyPC for one-on-one remote family support sessions. Installation was a breeze. Download the MSI installer from the link from either here (SharedView website big red button) or here (via Microsoft Downloads). No post-install system-reboot needed. Launch the application and a inconspicuous SharedView action bar appears at the top of your display. Click the “orb” and you can create a new session. (Starting a Session - Signing in) Follow the steps to log in with your Windows Live ID credentials (free signup if you don’t have one) and you create your session info. You can then copy/paste or insert the info into an email to send to invitees (SharedView supports up to 15 attendees in a single session). (Starting a Session – Beginning) Use the bar at the top to attach “handouts” to the session. These are documents on your hosting system you offer to share with session participants. They must download these copies to their local systems as they will otherwise become unavailable once the session ends. (Using Handouts). During our sessions I kept having to discard them and then repost them as I updated (and resaved[...]
Microsoft Link Dump: Load #5 2009-06-20T16:31:45.530-05:00 CC Photo Credit: by Choctopus on Flickr Got Shovel? Virtualization Stuff Dual-booting Windows 7 from a VHD setup on our laptops is rocking solid. I almost never drop into the main Vista system anymore. Neither does Lavie. So even though I currently have a pretty good handle, it never hurts to learn just a bit more. Here are some great tips and info. How to use the new VHD features of Windows 7 / Server 2008 R2 - TechNet Edge. Ten minute guided video on how to set up a VHD file under Win7 or Server 2008. Dual Boot from VHD with Windows 7 and Windows Sever 2008 R2 - TechNet Edge. Twenty-three minute video from MS pro Keith Combs on specifically dual-booting systems from VHD files. It’s quite good. Creating virtual machines with Windows Virtual PC. – Virtual PC Guy’s WebLog – Basic stuff but a reminder that Windows 7 XP-Mode virtualization isn’t just for running XP’ish app under Win7. It is a full-features virtualization platform and you aren’t limited to just one virtualized XPM system. Make many…covering other supported OS’s as well. UAC Under Win 7 – The Controversy Continues User Account Control: Inside Windows 7 User Account Control. – TechNet magazine – Mark Russinovich goes to bat to try to defend MS’s positioning of UAC and try to define it’s relationship with security. I get the points but unfortunately, I think UAC has been engrained in many folk’s minds as being “solely” a security measure. MS it trying to make it more nuanced from their technical understanding of the Windows platform architecture. This is going clear over the heads of common users. From Mark’s post: The primary goal of UAC is to enable more users to run with standard user rights. However, one of UAC's technologies looks and smells like a security feature: the consent prompt. Many people believed that the fact that software has to ask the user to grant it administrative rights means that they can prevent malware from gaining administrative rights. Besides the visual implication that a prompt is a gateway to administrative rights for just the operation it describes, the switch to a different desktop for the elevation dialog and the use of the Windows Integrity Mechanism, including User Interface Privilege Isolation (UIPI), seem to reinforce that belief. As we've stated since before the launch of Windows Vista, the primary purpose of elevation is not security, though, it's convenience: if users had to switch accounts to perform administrative operations, either by logging into or Fast User Switching to an administrative account, most users would switch once and not switch back. Thing is, most tech-pros and security folks just aren’t buying it. Particularly when the default user profile level in a Windows 7 setup is at “admin” level. There is just so little encouragement offered to set up the user account as a “standard” user rights. And, it appears that even with a standard-level account AND UAC that malware or maliciously coded apps can still work their magic against the user. Windows 7 UAC code-injection vulnerability: video demonstration, source code released - istartedsomething. How applications can take advantage of Win7 and elevate permissions without UAC prompting. Darn. UAC in Windows 7 still broken, Microsoft won’t/can’t fix code-injection vulnerability - istartedsomething. More thoughts by Long Zheng on UAC. UAC, UAC, go away, come again some other day - Within Windows. Rafael Rivera provide the quote-byte of the week on UAC: “Here’s my million dollar question: If UAC wasn’t designed to ultimately protect us from anything, why does its icon resemble a damn shield?” 4sysops - Thoughts about User Account Control’s (UAC) primary design goal. – 4sysops - Michael Pietroforte thoughtfully sums up the problem and frustration with folks-in-the-know on UAC. Most either tolerate it and some just turn t[...]
Small Tips to tame MS Office 2009-06-20T14:30:33.232-05:00 A number of weeks ago it became clear that my work-issued Dell D-610 laptop just wasn’t able to keep up with the onslaught of multi-tasking I was now throwing at it. I had maxed out the RAM to 2GB, large/fast IDE drives were hard to find, and it was a single-core processor. So boss was able to locate a loaner Dell D-630 laptop to tide me over the remaining six-month or so period until the next round of hardware refreshes hit our group (Latitude E6400’s). The 2 GB RAM kit from the D-610 was compatible with that used by the D-630 so I replaced the stock 512MB stick with the 2GB kit. However the D-630 supports up to 4GB for system RAM so I’ve got a 4 GB RAM kit coming along with a 7400RPM SATA drive to boost the stock D-630’s dual-core muscle. My productivity has jumped which is a good thing considering how crazy the past two weeks have been. Anyway…all that to say that moving my system over from the older laptop to the newer one meant many of my MS Office (2003) tweaks and configs were gone and forgotten. So I’ve been on the hunt to tweak some MS Office behaviors. Here are three of the cleverest I should have remembered. Disable and Turn Off Microsoft Office Word 2003 Reading Layout - My Digital Life – Uhhhg! When I would open a MS Office file attachment out of Outlook it would open in the “Reading Layout” which was butt-ugly and useless. Sure I could then click around and swap the view to the “page layout” mode but it was extra clicks. Darn if I could get it swapped back to open in the “page layout” style of my old system. This post has three level of tips. The first one is in the usual options interface but may not “hold”. The second one requires some Group-Policy editing..nice. But the last is the money one. To the Registry! …directly modify the system registry with the following value to get the same blocking reading layout effect. [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Word\Options\vpref] "fAllowAutoReadingMode_1886_1"=dword:00000000 How to turn off the Office Clipboard (2000, XP, 2003) – Clipboard Extender blog – for some bizarre reason every time I would copy/paste things in Office 2003 on this system the clipboard sidebar would pop up and list all my copied items. No matter how many times I told it not to display any more in the options it would continue to return. While some may find benefit in this, I’m not a multi-item copy/paster. By that I mean I copy then paste what I want to move around and don’t need to maintain on ongoing collection of copied items to paste from. When the sidebar appears it shifts the zoom level or location of my document throwing me mentally off. It had to go. The link had the standard solutions but a single comment on the post left by Meredith Sivick did the trick. Haven’t seen it since. I love a good registry hack: This worked for me to Permantely turn off the clipboard in Microsoft Office for 2003 running Windows XP———————————————————————- By Bill DetwilerClose all Office applications, including Outlook, before performing any of the following registry edits.To Disable clipboard:1. Click Start | Run2. Enter “regedit” in the Open field3. Click OKIn the Regedit window:1. Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Office\[version] \Common\GeneralWhere [version] corresponds to your Office version: 9.0 = Office 2000, 10.0 = Office XP, and 11.0 = Office 2003.2. Locate the DWORD value AcbControl or create the value if it does not exist.3. Set the AcbControl value to 1. (Set the value to 0 to enable the dialog box.)4. Close the Registry Editor and restart an Office application. How do I turn off the Getting Started pane (Word 2003)? - dslreports.com – Despite all my attempts to locate the setting to turn this blasted feature off, I had to hit the Web to find it in the option sett[...]
More Olympus E-P1 teases 2009-06-20T12:41:52.059-05:00 Amazon is taking pre-orders on the Olympus E-P1 kits. Full reviews are still sparse. From what I can gather some pre-release units went out to select reviewers. Some release units also got out there, but from the “…wait for a full review…” comments in the articles…it seems like there are some agreements to not release too much info quite yet. A Olympus E-P1 release event occurred in Germany so most of the links with “real-shots” were taken from Berlin. Here is the latest batch of “best-of” write-ups and teases I’ve found. Lavie is impressed with it as well. I’m still waiting for the “real” reviews to pick it apart, but I’ve been smitten with what I have seen and think it would be the perfect level/format of digital camera for the style of photos I’m looking to capture. As well as being more inconspicuous for candid street-shooting compositions. Enjoy! Olympus E-P1 Videos – PhotographyBLOG – Not only does the camera provide 12.3 megapixel stills, it also provides true HD-level video. This collection is amazing! Granted the art-mode filters cause slowdown in capture, but they still are quite neat. The normal mode color is spectacular, smooth and highly detailed. Can’t image what they would look like on our HD TV. E-p1 autopsy pictures - Olympus and Panasonic rumors – Great site and neat cut-through view of the camera body/lens. Amazing work packing all that tech into the small package. Wow. First Olympus E-P1 unboxing video! - Olympus and Panasonic rumors – Why not? The Online Photographer: The E-P1: Not Exactly What You Want? – The Online Photographer – The title is misleading. The reviewer actually really likes his time with the E-P1. Olympus interview: Future ‘Pen’ cameras planned (update 16 June 5pm) news - Amateur Photographer – News that Olympus may release higher/lower end versions depending on how this first model does. Higher may include a built-in viewfinder. Interesting…. Olympus E-P1 test photos – Let’s Go Digital – Bit more news and photo samples. Google Translate – Review with LOTS of hardware photos of the device. Translated version but still quite good. Written by O. Takeshi. --Claus V. 
GSD Keep-Alive Ping + the new E-P1! 2009-06-20T13:24:43.725-05:00 cc image credit: Black Olympus Trip 35 on Flickr by Hermés Hi all.I’m still here. I just realized it’s been over half-a-month since the last post. Work is crazy-wild with longer-than-normal sessions in the bull-pen and on the mound, along with weekends chock-full of special family-focused down-time. Please remain confident that my to-blog pile is reaching critical mass. I’ve got the usual load of Microsoft Windows OS related topics in the wings, a curiously free amazing on-line collaboration tool, stupid MS Office taming tips, a mess of browser news, and linkage galore of security-related tools and various utilities. Also in works, a specific “while-in-the-trenches” post on a live-fire failing disk recovery session with two neat new free tools I uncovered in the process. Oh yes…I guess I need to mention the drive in focus involved a blown-out PGP Whole Disk Encryption load. Yikes! Expect some new pgpwde.exe command-line support resources as well in that pre-or-post post. (Did that make any sense?) Completely unrelated….Olympus cameras… I’ve been taking out my old Olympus Trip-35 and longingly holding it a bit. I haven’t worked up the courage to drop some old-school 35mm film in for kicks. While Jonesing on the Trip-35 I found this Flickr: Olympus Trip-35 group with some great old/new photo sessions. It’s been a blast reading around. The more I research/read up on the web on the Trip-35 the more I am amazed at this little tool. I loved taking photos with it as a kid and still think it has taken some of my favorite photos. I’m not sure of the technical reason the photos appeal to me. There’s just something about them that stands out from images from other cameras I’ve used over the years. Not being a pro I can’t explain it but there is a distinct retro-like visual appeal to them I seem to sense. Maybe it just me reading more into it because I know the camera body is probably as old as I am. Eventually I’ll figure out how to scan my negatives in on the HP scanner we bought some time ago. Failing that I will just scan some of the prints in and share. Anyway, my love and joy of the little Trip-35 platform has kept the desire in me for a digital version. I think I would really get more use out of this format that a full-bore entry-level DSLR camera with my shooting style (more casual/photo-journalistic/street-shooting). So recent word that Olympus might be coming out with a digital “range-finder” camera this summer intrigued me: Olympus to Release Digital Rangefinder This Summer - Wired.com Olympus unveils rangefinder inspired Micro Four Thirds concept I’ve been scouring the Net for news and today found this website offered to me by Olympus from a news signup I registered for. The object of my desire? The E-P1 digital rangefinder - Olympus cc image credit: Olympus E-P1: Sleek frame on Flickr by bfishadow Quite likely after wasting over an hour on the website tonight as well as even more on the following reviews and linkage. Here’s the first onslaught of E-P1 gushing to hit the web I’ve started to turn over. Retro-Futurism: Olympus’s New Rangefinder-Inspired Digital Camera - Popular Science Olympus E-P1 Hands-on Preview: 1. Introduction - Digital Photography Review Olympus Digital PEN Launched - James Duncan Davidson Olympus E-P1 First Look - Digital Camera Resource Page And here are a collection of interesting digital photo samples of the E-P1 output in action Olympus E-P1 Photos - PhotographyBLOG bfishadow’s stuff tagged with ep1 - Flickr "Hands on" • Olympus PEN E-P1 - a set on Flickr I close with this: A shameless E-P1 viral-ad pandering to the Will It Blend? fans. Will It Blend? - Roberts Raw! Stay tuned! --Claus V. [...]
Sunday Linkfest: Last Call 2009-05-31T22:31:53.165-05:00 Turned out that I was able to stay a lot more productive this weekend than I anticipated. Not only was I able to take care of most of the home-chore list, but in getting up my planned posts, I actually uncovered more than a few surprising gems as well. Here are the remaining links. Browsers Snapshot build with preview of the *new* Skin – Opera Desktop Team – Opera 10 Alpha stuff so there’s a here be dragons warning attached. That said it is stable enough for casual browsing for the curious and will, by default, install into it’s own program folder to keep any existing release versions of Opera you may have intact. It’s a very nice browser that needs much more credit that it gets. It’s been drowned out by Firefox and Chrome and it is a shame. It’s a bit hard to tell for non-regular Opera users but the new skin is polished and sophisticated. Much more refined that either the default themes in Firefox or Chrome (IMHO). The European roots shine through. Portable Google Chrome 2.0.172.30 Beta (Google Translate) – Direct link to Caschy’s Blog where his updated Portable Google launcher is available including a newer Google Chrome release. Spotted via Lifehacker blog. Microsoft Watch The Case of the Slow Keynote Demo – Mark’s Blog – Mark Russinovich uses his l33t Windows powers of observation to trace a stuttery presentation element. While the ultimate cause is probably unlikely to be encountered by most users, it is another example of using Process Monitor to deliberately drill down to the exact cause of the error. Extended Support Begins for Windows XP—Support for XP Continues Until 2014 – Microsoft Support Lifecycle Blog. I knew this but it was good to see it again. A gentleman at our church asked me last week what he should do. He has a solid XP desktop system and two Vista systems. For some reason he was under the belief that XP support was getting dropped this summer. Not true. But he already had two Vista systems and wasn’t impressed with Vista to switch; particularly knowing that Windows 7 is just around the corner. On the other hand, he would rather pull the plug on the system than run it “unsecured” and unsupported. This was big relief. And will likely be as well to all the enterprise deployments of XP Professional whose IT shops are patiently waiting to jump over Vista and begin taking a closer look at Windows 7 in a year or two. From the post (emphasis mine): Recently there has been a fair amount of press coverage regarding the end of Mainstream Support for Windows XP. Released at the tail end of 2001, Windows XP has been a solid hit in the marketplace and there has been some concern about what the move from Mainstream to Extended Support means for customers. To be clear, Microsoft will continue to support Windows XP until 8 April 2014 – about five years from now. So what are the differences between Mainstream and Extended? Microsoft divides support for Business and Developer products (including the Windows XP operating system) into two distinct timeframes: Mainstream Support and Extended Support. In a nutshell, Mainstream Support provides both consumers and enterprise customers with a full offering of support including complimentary support, design change requests, security updates and other kinds of updates for the product. Extended Support does alter the range of support a bit, but for the vast majority of customers the essential core remains the same. For example, customers will continue to receive free security updates and can call in for paid support until the second Tuesday in April of 2014. Enterprise customers with Premier Support who may need non-security hotfixes (such as design change requests) should consider enrolling in an optional support program named Extended Hotfix Support (EHS). EHS is require[...]
Free: USAF-Hardened Windows Build (…well kinda…) 2009-05-31T15:16:39.432-05:00 Public domain photo: taken by U.S. Air Force Senior Airman Julianne Showalter Windows: Locked and Loaded? About a month-ago, there was a Wired story about how Microsoft had developed and offered a super-duper secure version of Windows to the United States Air Force to better protect it’s Windows deployments and users than the piddling-weak stuff that us private citizens get offered. Microsoft Offers Secure Windows … But Only to the Government - Wired Threat Level blog. It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it. The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as a template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us. Security experts have been arguing for this “trickle-down” model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing. Upon which everybody who pays taxes AND uses Windows moaned and complained about things not being fair that the USAF gets something we don’t; an actual secure version of Windows. Only one problem, journalist Kim Zetter got the story pretty darn close to being correct, but left out one important detail. Namely, that there the USAF doesn’t actually use a super-weaponized-and-hardened version of Windows made just for them. Ooops Microsoft: There is no special version of XP for the Air Force – The Tech Herald – Security as covered by Steve Ragan: The problem, and the source of the confusion about the article itself, is that Microsoft did not offer a new version or a special version of XP to the Air Force. All Microsoft did was help the Air Force harden GPOs (Group Policy Objects) and images used for deployments when the Air Force made that request. “We agreed to assist, as we do with any company that hires us to assist in setting their own security policy as implemented in Windows. The work from the AF ended up morphing into the Federal Desktop Core Configuration (FDCC) recommendations maintained by NIST. There are differences, but they are essentially the same thing,” said Roger Grimes, Security Architect on the ACE Team at Microsoft. “NIST initially used even more secure settings in the hardening process (many of which have since been relaxed because of operational issues, and is now even closer to what the AF created),” he added. “In the initial article, a lot of the other improvements, such as patching, came from the use of better tools (SCCM, etc.), and were not necessarily solely due to the changes in the base image (although that certainly didn't hurt). So, it seems the author mixed up some of the different technology pushes and wrapped them up into a single story. He also seem to imply that this is something special and secret, but the truth is there is more openness with the FDCC program and the surrounding security outcomes than anything we've ever done before,” Grimes continued. Schneier on Security: Secure Version of Windows Created for the U.S. Air Force – Schneier on Security – Even Bruce got caught up and had to make an update as the facts became known. Bruce even included additional (and public) links p[...]
Outlook Thread Compressor: New Escapee from Redmond 2009-05-31T14:15:18.344-05:00 Nothing I like better than digging up an internal tool of Microsoft that gets released quietly on the web for free. Particularly when it comes with all kind of dire warnings and a back-story about the legal-team at Microsoft not allowing it to be released on the Downloads pages by the developer for general consumption by the public for fear MS would be sued because it actually might lead folks who misuse it to delete their emails. Fun! Sign me up! Outlook Thread Kompressor Last night while stumbling across some new IT sysadmin blogs I found some recent references to this internal Microsoft tool for Outlook. It is the coding genius of a Microsoft employee named Ewan Dalton. And I think the only thing that would make it more impressive were to use the German word for “compressor…” Outlook Thread Compressor Utility Thread Compressor is an add-in to Microsoft Outlook, which removed unnecessary emails from a "thread" - reducing the amount of storage required (maybe keeping your mailbox within its size quota) and reducing the number of emails you need to read. TC was developed inside Microsoft from 1999 onwards, and attracted a large following (up to 30,000 users) but has never (officially) been made available externally, due to the fact that it will delete data unless it is configured not to. I've decided to share it more widely now. Let me say that again: Thread Compressor, as it is configured by default, WILL DELETE DATA FROM YOUR INBOX. If you choose to download it and use it from here, you do it with the author's blessing, but it's completely at your own risk and Microsoft cannot be held responsible for what it does. If you're in any doubt about this, then do not use this tool. Is that cool or what!! It even supports logging of actions taken, and some advanced exception rules. Basically what it does is to use internal-to-Outlook message id’s to figure out the parts of an email thread. It then deletes all those emails that exist as part of a larger email thread version. I’m horrible about this. I will keep my original (sent) email, and the reply, and all additional replies as separately-saved emails. That is likely one reason why my primary Outlook PST file is so very, very large. Now, depending on your email-retention guidelines in the workplace you might need to save all those. But if not, this tool promises to clean house and whittle down all those multiply-appearing instances. Installation is not for the feint of heart. The application itself works on all Microsoft Outlook versions (Outlook 2000, 2002, Office Outlook 2003, 2007) for Windows running on all versions of Windows post Windows 2000. From the program page: INSTALLING * Firstly, download the ZIP and save it locally. * Create a folder you'll find again - I'd suggest C:\Program Files\Thread Compressor or similar. * Start a command prompt - WindowsKey-R then cmd
Cisco VPN Clients and Windows 7 2009-05-30T22:05:22.176-05:00 Update: See more important information at bottom of post. When I am outside the network and need to get in, I use a Cisco VPN client for XP Professional (32-bit). It’s very straight-forward to install, get configured, then get connected. So far I haven’t had to mess with Cisco VPN clients and either Windows 7 or 64-bit versions of Windows (or both at once). However, I was asked the other day IF there was a solution for running Cisco VPN on Windows 7 64 bit. Not a direct one that I know of, yet. From the VPN Client - Cisco - Cisco Systems page: The Cisco VPN client supports Windows 2000, XP and Vista (x86/32-bit only); Linux (Intel); Mac OS X 10.4; and Solaris UltraSparc (32 and 64-bit). For x64 (64-bit) Windows support, you must utilize Cisco's next-generation Cisco AnyConnect VPN Client. Cisco AnyConnect VPN Client – Support pages has quite a lot of info on this product. In the Release Notes for Cisco AnyConnect VPN Client, Release 2.3 the supported Windows systems are pretty tight. Windows Versions •Windows Vista—32- and 64-bit Microsoft Windows Vista SP2 or Vista Service Pack 1 with KB952876. •Windows XP SP2 and SP3. •Windows 2000 SP4. No official support for Windows 7. Though I guess someone might be brave enough to dump it on a Windows 7 64-bit system and see if the Vista 64-support is close enough to carry over. Cisco VPN Client Solution for Windows 7 64-bit (for now) The only work-around that come to my mind (as well as Nicholas Caito) was to create a 32-bit OS virtual machine of XP or Vista and then load the traditional Cisco VPN client into that container. Then launch and run your connection needs from within that VM. Nicholas Caito’s illustrated how-to is linked below: Use Cisco VPN under Windows x64 (XP, Vista and Windows 7) – Xenomorph.net Blog Cisco VPN Client Solution for Windows 7 32-bit (for now) Windows 7 32-bit users are also a “bit” on their own as well. However, there has been quite a lot more work done by the frustrated sysadmin crowd on this front. The main complaint is that once folks go to install the Cisco VPN client on Windows 7, they seem to be working fine but get treated with a BSOD on reboot. Bummers. Fortunately, there seem to be well-regarded workarounds…and they do require a bit of work. How to prevent Cisco VPN client version 5.0.4.0300 installation from bluescreening Windows 7 x32 Build 7000 – Aaron Tiensivu’s Blog From Aaron’s hard-fought efforts: Updated with notes from JoshP - 100% working:I have tried many--many different ways to get the Cisco VPN client install on Windows 7--all resulting in BSOD (ndis.sys). I have found the following procedure has worked 100% of the time on multiple hardware platforms (including VMware): 1. Install Cisco DNEupdate.2. Reboot3. Take ownership and delete ndis.sys (in c:\windows\system32\drivers).4. Take ownership and delete ndis.sys.mui (in c:\windows\system32\drivers\en-us).5. Install Cisco VPN Client 5.0.04.0300.6. Reboot7. Windows 7 will repair itself (should take a few seconds) and automatically reboot.8. Cisco VPN Client should work without any other tweaks. As Mark Wilson points out in his blog post (linked below) The DNEupdate is actually the Citrix Deterministic Network Enhancer (DNE) update . He provided this direct link to the installer file. markwilson.it » Installing the Cisco VPN client on Windows 7 – Mark Wilson’s blog How to (Successfully) Install Cisco VPN Client on Windows 7 - Brenton House’s blog So with full props to Aaron, Mark, and Brenton, go get your Cisco VPN for Windows 7 on. As for me? Well, I’m resigned to the likely-hood our shop will be chugging on down the tracks on XP Pro deployments for many years to come… It’s a mixed blessing. Claus Update: While chasing do[...]
Kon-Boot post (minor) update 2009-05-30T15:31:07.432-05:00 Just a couple of additional notes regarding the recent post on Kon-Boot. Kon-Boot: Bypass Windows Login Security (and some helpful blocking solutions) TrueCrypt 6.2 Update and Kon-Boot Protection Commenter “Bozo” posted this question: Hey Claus, could it be that TrueCrypt gathers some info about the BIOS (for example, size of BIOS and a hash code)? and the too much memory error reflects TrueCrypt detecting BIOS corruption? And my response was thus: I don't think so. Now, I'm not a TrueCrypt advanced user. I've used it in this test for whole-desk encryption/preboot authentication, but mostly I use it to create truecrypt volume files that can protect key files. As far as I know, TrueCrypt doesn't do any BIOS hashing. And I guess that's a good thing. Imagine the headache you would have if it did and you did a BIOS flash to upgrade the system. Bummer. While I was responding, I did check in with TrueCrypt for more info and discovered some more items that could have a bearing on Kon-Boot. On May 11th, 2009, True Crypt released version 6.2 with new features. The boot loader now supports motherboards with BIOSes that reserve large amounts of base memory (typically for onboard RAID controllers). Note: In order to be able to take advantage of this improvement under Windows Vista, you will have to install Service Pack 1 or higher first. Service Pack 1 for Windows Vista resolved an issue causing a shortage of free base memory during system boot. (Windows Vista / XP / 2008 / 2003) See also these links: Dell studio xps i7: "bios reserved too much memory" error with TrueCrypt 6.1a - Google Cache page [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usageTrueCrypt 6.2 disk encryption software released - Heise Security All this really left me with the impression that the TrueCrypt “pre-boot authentication” was programmed to load itself into the BIOS memory range before it allows the handoff to the system boot. I (still) haven't looked at a TrueCrypt encrypted system's MBR at the sector-level, but I suspect once the BIOS loads to the RAM section, that points to the MBR where it finds the instruction set to load the TrueCrypt loader which has to load into the same lower basic memory range shared with the BIOS. Normally that wouldn't pose any problems, but in the case of a Kon-Boot, pre-load, it has already loaded it's own modified instruction set into that same BIOS memory range first. So when TrueCrypt comes along and tries to jump on the hay-ride trailer, there is no room left so it fails out. When I did the first Kon-Boot protection test with TrueCrypt in my original post, I used version 6.1a as can be seen in the screen capture. With the change of Version 6.2 and its support for systems that load/reserve larger amounts of base-memory for the BIOS, I didn’t know if TrueCrypt still provides that "protection" or not since it...just the situation which might occur with Kon-Boot jumping into the base system memory range first.. So I tested it this morning on an XP Pro virtual machine I set a new local-user account password and verified I could not log onto the account unless the correct password was used. Then I booted it with Kon-Boot and successfully bypassed the password to verify Kon-Boot was working correctly. Then I used TrueCrypt version 6.2 to fully encrypt the drive, set a volume password for pre-boot authentication. I booted the system again with Kon-Boot Nope; TrueCrypt still would not boot the system and gave the same error as last time: Error: BIOS reserved too much memory: 569 It seems that once Kon-Boot had injected itself into the boot memory, there still wasn’t enough base system memory left for TrueCrypt to do its thing and bring the system up. So the boot kit hack failed even [...]
Kon-Boot: Bypass Windows Login Security (and some helpful blocking solutions) 2009-05-30T09:07:16.001-05:00 A number of weeks ago I received a tip from TinyApps.Org Blog that has become a real safari event. KON-BOOT - ULTIMATE WINDOWS/LINUX HACKING UTILITY – free boot utility from Piotr Bania From the developer’s description: Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0. …it provides support for Microsoft Windows systems and also the Linux systems listed in the next sections. Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. This tool changes the contents of Windows kernel while booting, everything is done virtually - without any interferences with physical system changes. So far following systems were tested to work correctly with Kon-Boot (however its quite possible other versions of listed Windows systems may be suitable as well): Windows versions of logins that it supports/bypasses are: Server 2008 Standard SP2 (v.275), Vista Business, Vista Ultimate, Server 2003 Enterprise, XP, Windows 7. Although not a “well-known” tool (yet), notice of Kon-Boot is slowly beginning to show up around the blog-o-sphere and security blogs. Kon-Boot "root a box" on the fly .. it’s a kind of magic ! – Security Database Tools Watch KON-BOOT for Windows and Linux (Password Bypassing Utility for Forgetting Heads) - DailyDave Login to Windows Administrator and Linux Root Account Without Knowing or Changing Current Password - Raymond.CC Blog Kon-Boot CD:110KB Floppy image/CD ISO to remove your Windows admin and Linux root pwd – Hacker News I’ve avoided posting on it for some time as (like TinyApps blogger Miles) I’ve felt compelled to first try to understand what it is, how it may be working, and what impact (negative/positive) it might have on a system. To use it, download one of the image files (I used the CD ISO) and burn the ISO file to a disk. Boot your target Windows system from the CD and you will get the Kon-Boot splash screen. Hit
Sunday Linkfest Salvo 2009-05-24T15:59:24.315-05:00 USS Texas (BB-35)Firing her 14"/45 main battery guns, during long range battle practice, February 1928.U.S. Naval Historical Center Photograph from USN Ship Types--New York class (BB-34 and BB-35) Windows 7 RC Shelling As previously noted, I’ve been loading Windows 7 RC on our laptop systems here at the house. One requirement of this is to pick and install some AV/AM protection. Microsoft kindly provides links to some “free” AV/AM software that is compatible with Windows 7. Local TechBlog guru Dwight Silverman also details why this is a good idea: TechBlog: Getting the Windows 7 RC? You’ll need protection. But be careful, many of the offerings listed by Microsoft, while good, are also significantly time-limited and may require some registration hoops to go through. Instead of going with one of these, I decided to give Sunbelt Software’s VIPRE security product a go. Thanks to a generous reach-out by Alex Eckelberry some time ago, I’ve got a few full-licenses for our home systems. As blogged before briefly here, I love VIPRE. I had seen a link ( Vipre from Sunbelt now compatible with Windows 7 – PlanetAMD64 ) that indicated that VIPRE would work with Windows 7 so I thought I would see how it did on our Windows 7 RC (64-bit) installations. I downloaded VIPRE and (despite Windows 7 not being “officially” listed under the VIPRE Requirements tab) started an install. It went on just fine on my Gateway system in Windows 7 RC 64-bit. However the updates would not, no matter what, kick off. It just stayed at definitions 0. So I tried “kick-starting” it by manually downloading the VIPRE DAT files and then pointing VIPRE to update from this source file. That did the trick. Once seeded with the definitions, all subsequent auto-update actions have launched, downloaded, and installed without fail. Curiously, when I did the same thing on Lavie’s Compaq notebook (also Windows 7 RC 64-bit) this trick wasn’t required. It kicked off the updates just fine automatically. I’ve not had any issues at all running/scanning/configuring Sunbelt Software’s VIPRE under Windows 7 RC 64-bit. It is rock solid and remains highly recommended. (And yes, a GSD blog post perspective on VIPRE is still planned! Stay tuned.) Lifehacker - Install Windows 7 on Almost Any Netbook - Windows 7 netbook – Lifehacker – Nice how-to on getting Win 7 on a Netbook. The deal here is that many netbooks do not have an optical drive. The workaround is porting your Windows 7 ISO install files over onto a USB stick and installing from there. Good info to keep handy. And even if you do have an optical drive to use on any system you are loading Windows 7 on, if your system supports it, installing from USB generally results in a faster install time as USB media is much faster in the transfer rates than optical media. Windows 7 RC UAC security vulnerability: Auto elevation – 4sysops blog – Michael looks at an ongoing security issue with Windows 7 that doesn’t seem to have been fully solved quite yet. The myth about the standard user in Windows Vista and Windows 7 – 4sysops blog – More security musings on Windows 7 (and Vista) from Michael. Good reading. 15 Things To Do After Installing Windows 7 RC - Tweaking with Vishal. Miscellaneous tips and pointers to consider attending to after you load Windows 7. XdN Tweaker - (freeware) - Current Version v 0.9.1.6 just released this May now adds Windows 7 to it’s awesome tweaking support. Available in both an exe installer and a portable zip version, this tool still remains my #1 favorite (out of many, many, many) great Windows tweaking tool[...]
Procrastinations…and Why XP can’t be VHD booted under W7 2009-05-24T13:47:35.236-05:00 As has recently become a curious pattern, I’ve continued to allow myself to be distracted with “off-list” tasks. These are not to be confused with “honey-do’s” which are those items performed at the last minute as requested by dearest Lavie and Alvis. No, these are when I get a brilliant idea that isn’t on my weekend project list, and when started, will distract me with singular determination. When I look up a whole day has passed. Bother. Such was Saturday when I took on trying to configure Alvis’s hand-me-down laptop to dual-boot Windows 7 RC and XP. Background Flush with my success in getting both our Vista laptops to dual-boot Windows 7 RC by using the new “boot from VHD” feature, I decided that Alvis’s laptop was next. Her laptop is a smaller model. Still big-enough to be a laptop and not a “netbook” but much smaller than the monster laptops that Lavie and I use (monster in size, not necessarily performance BTW..). Unlike our laptops that were already running Vista, her laptop is running XP. Because the XP boot loader is different from Vista/Win7 I had to take a different tack. The Operation Alvis’s laptop has a single partition. So (using one of my custom PE 3.0 boot disks) I captured a WIM image of it using ImageX. Took about 1 1/2 hours to complete. Girl’s got a lot of icanhascheezburger images downloaded on it… WIM was dumped to a portable USB drive. Next I re-formatted the drive and dumped Windows 7 RC (32-bit) on it. It does have a Turion64 processor so I could have gone 64-bit like I did successfully on the other laptops, but it only has 1 GB of RAM so I didn’t want to push things. Installation went on in about 30 minutes; and in another 30 I had the basic configuration done. Next I followed my previous steps in GSD How To: Dual Boot Windows 7 on Vista via VHD... post and created the VHD file for the XP system to go. I then used my PE disk to re-boot the system, figured out what drive-letter the VHD file was reporting in on, and then reapplied the ImageX WIM back into the VHD file. Took about 35 min. Reboot and…. it went directly into Windows 7 RC. Troubleshooting Turns out I had to do some additional bcdedit work to get the Windows 7 boot loader to correctly see and offer the XP VHD drive. Stuff I didn’t have to do in my previous VHD dual-booting work. I used a combination of bcdedit command-line work and XdN Tweaker GUI tool to keep things organized. Add a Native-Boot Virtual Hard Disk to the Boot Menu – MS Technet Specifically this part: bcdedit /set {guid} device vhd=[locate]\windows7.vhd Once I got it all together and rebooted, the boot loader now offered me both the Windows 7 system and the XP (VHD) system. However, once the NTLDR process kicked off inside the XP VHD, I would get a boot.ini error and the load would tank. Soo…? Turns out (DOH!) I should have not taken the time to even try this. The Windows 7 boot loader is an updated version of the Vista boot loader. You can replace the Vista boot loader file with the Windows 7 and not have any issues. The Windows 7 boot loader supports booting from VHD…the Vista one does not. The XP boot loader is completely different than the XP one. Not even close. The XP boot loader, like the Vista boot loader does not support booting from a VHD. So while the handoff can take place to the XP OS inside the VHD, once there the XP system doesn’t know (lack of driver support) how to handle using the VHD wrapper as a physical volume. So until someone can take the time to work out tricking (or modifying) the XP OS files to mount and access the VHD file like a physical drive, it doesn’[...]
Updated: Goin' Win7 64-bit – It Rocks! 2009-05-16T22:27:23.518-05:00 Update This is pretty scary, in a good way. Install of Win7-64 bit went off without a hitch. Had it fully running in about an hour and half. Performance is outstanding. I can’t get a performance rating in that I am running off a VHD file drive. However, subjectively, the laptop performance feels much snappier and crisper than in Vista Home Premium 32-bit. I did have to spend an extra fifteen minutes figuring out my wireless setup. I manually added my wireless network device, but Win7 just wouldn’t pick it up. Then I found the setting to auto-connect to the router even if SSID broadcasting is off (it is on my router). That did the trick. During the on-line update process the system found a compatible NVidia video driver which is working fantastic. The Vista 64bit printer driver is doing fine. Because the vast majority of my applications are “portable” I just have to create new shortcuts to my “standalone” programs from their folder on the main drive. The system isn’t having any trouble jumping out and running them from outside the VHD drive it is running directly from. Imagine that. Jumping to a Windows 7 64-bit install and zero, yes, ZERO driver issues so far. I’ve got quite a lot of “tweaking” of Win7 to do, but if it continues to run this smoothly, I’ll almost assuredly be standing in line to upgrade both our Vista Home Premium 32-bit systems to Windows 7 Home Premium 64-bit. The XP desktop system will likely remain that way for the foreseeable future. And the jury is still out on whether to upgrade the third laptop (XP Home) that Alvis uses or not. I probably will. I’ve found that the XdN Tweaker that I have previously mentioned for XP/Vista tweaking has just released an updated version that is compatible with Windows 7. Lavie’s asking when her laptop gets the dual-boot upgrade to Win7 64-bit next. I’ve got a whopper of a post planned for tomorrow, but maybe tomorrow night I will give her Compaq laptop the treatment as well. Two enthusiastic thumbs up for Windows 7 (RC) 64-bit! --Cheers! CV. original post below…. Of course I would pick an inopportune time to do so. Leaving in about an hour and a half to take mom out for a belated-Mommy's Day dinner in Houston. Not the best timing to do a major OS dual-boot configuration. I'm setting my laptop up on Windows 7 RC with the 64-bit flavor this time, just to see if there is any real performance benefit in doing so. To keep things flexible, I'm choosing to dual-boot and retain my existing Vista Home Premium 32-bit system installation. I'm applying the steps in this GSD post: GSD How To: Dual Boot Windows 7 on Vista via VHD file So far so smooth. It's going on very fast and no errors have been encountered. Lavie is already asking me when I'm going to set her laptop up that way! I'll give a report later tonight (if I'm not too full and tired from the dinner outing)! Cheers! --Claus V. PS--been watching the Shuttle servicing mission live today on NASA TV. Really cool and amazing stuff. [...]
Microsoft XP Mode link-dump 2009-05-10T23:13:28.250-05:00 CC Photo Credit: by Choctopus on Flickr I’ve been besieged with too many interesting topics and issues these past two weeks. Way too many links for a borderline OCD geek to digest. The problem with this is that when an interesting technology swells, sometimes I am unable to climb up and ride it in Instead I get wiped out and when I finally reach the beach the wave has long since crashed and I’m left with a humongous collection of linkage that serves better as a reference post than I had hoped. That is the case this time with news that Windows 7 has a neat feature for some supported versions called XP Mode (XPM). Windows XP Mode is available for Windows 7 Professional, Windows 7 Ultimate and Windows 7 Enterprise customers. If you want a quick and excellent “how-to” on getting it up and running on your Windows 7 RC installation just pop over to this link. I guarantee it is the shiznizzle. Set Up and Use XP Mode in Windows 7 - Windows 7 XP Mode – Lifehacker It’s got everything you need to know to determine if this is for you, and what steps you should follow to get XPM running on your system. The rest of this post is just linkage for the tech-heads or sadly curious. What’s so Exciting Anyway? Let’s let Rafael Rivera explain it from his Within Windows blog XPM announcement: Secret No More: Revealing Windows XP Mode for Windows 7 XP Mode consists of the Virtual PC-based virtual environment and a fully licensed copy of Windows XP with Service Pack 3 (SP3). It will be made available, for free, to users of Windows 7 Professional, Enterprise, and Ultimate editions via a download from the Microsoft web site. (That is, it will not be included in the box with Windows 7, but is considered an out-of-band update, like Windows Live Essentials.) XPM works much like today’s Virtual PC products, but with one important exception: As with the enterprise-based MED-V (Microsoft Enterprise Desktop Virtualization) product, XPM does not require you to run the virtual environment as a separate Windows desktop. Instead, as you install applications inside the virtual XP environment, they are published to the host (Windows 7) OS as well. (With shortcuts placed in the Start Menu.) That way, users can run Windows XP-based applications (like IE 6) alongside Windows 7 applications under a single desktop. Basically XPM mode embeds a fully functional XP Pro OS build inside supported Windows 7 OS builds, then wraps it so tightly around that you might not know where the host OS begins and the virtualized XP system ends. Documents are not stored inside the XP VHD but back on the Windows 7 libraries. When you launch an application installed inside the XPM VHD, you don’t have to launch XPM first, it happens automagically. That’s the promise, at least. If fully delivered, it will be pretty cool and useful for a select class of users. Supporting XPM: Virtual PC (beta) Windows Virtual PC home page – Go here to download the Windows Virtual PC beta package specially crafted for Windows 7 systems. There is not (yet) an updated version for XP/Vista systems. So for you, you must content yourself with the current Virtual PC 2007 release build. The Windows Virtual PC (beta) features do now include some wonderful virtualization features that VPC has been lacking; USB support - Users can access USB devices attached to the host directly from virtual Windows XP. These devices include printers and scanners, flash memory/sticks and external hard disks, digital cameras, and more. Seamless applications - Publish and launch applications installed on Virtual Windows XP directly from[...]
Mother’s Day Yummers! Linkfest 2009-05-10T14:12:43.964-05:00 Image attribution under CC to Anita Chu at Dessert First blog One of the best southern grocery-store treats in our family was Mother’s Circus Cookies. A bag of these would last only long enough in the time taken to transit the space between bag and bowl. Most were intercepted before making it. Give me a cup of coffee and cream, Lavie and Alvis on each side and a good movie and we are in heaven. Thus it was with deep sadness when we learned last year that Mother’s Cookies went out of business and the Circus Animals left town for good. Some post-apocalypse survivalists no doubt purchased many supplies and kept them cached away safely. Other intrepid fans labored long hours in kitchen labs to concoct their own frosted Island of Dr. Moreau animal creations: Dessert First: Goodbye, Mother’s Cookies with more apparent success than Dr. Moreau had. Fortunately for the masses like us, news comes that Kellogg’s has revived the brand and recipe from the bankruptcy vaults and stores across the South will again be filled this summer with these wonderful confectionary indulgences. Rejoice! These links aren’t quite as tasty as the cookies mentioned above, but they won’t leave colored sprinkles on the corner of your lips and fingers to give your secret passions away! Autoruns v9.5 - (freeware) – Sysinternals tool got a major add-in element this week: video codex reporting. “This update to Autoruns…adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution. I’ve tried it and it does indeed bring this element to advanced system administrators. However, I believe that Nir Sofer’s freeware InstalledCodec utility covers a few more bases/codecs. For a fast-look Autoruns is still it, but for a trusted second opinion, you have to go with Nir’s tool. IE Testing VPC Images Updated – Free VHD file images from Microsoft roll up XP Pro with SP3 for IE testers. I don’t test IE rendering in them but find they provide excellent reusable base XP/Vista virtual desktops for software testing and proving. The XP ones (3) are time-bombed for an August 2009 kill date. While the Vista Business images (2) expire after 120 days. Virtual Varia : WIM2VHD Release Candidate now available! – (freeware) – If you work with WIM files and VHD files, you’ve got to check out this updated Windows(R) Image to Virtual Hard Disk (WIM2VHD) Converter. It (when coupled with the freshly available Windows 7 RC WAIK) allows you to perform some tricky conversions of a WIM file into a VHD supported format. Neat! Upcoming Action Center Changes for Security Vendor Software - Windows Security Blog. Post details some changes in Windows Vista and Windows 7 with how security vendors software will be allowed to interact with the Security Center interface. Viewing Folder Sizes in Explorer – Ask the Performance Team blog – Microsoft again rolls out the explanations (reasonable as they are) on why folder sizes are not reported automatically in the open in Windows Explorer. Yes, it is a performance thing… Q&A: Windows 7 File Extension Hiding - F-Secure Weblog – Security software provider takes a look at file-extension handling under Windows 7 and finds that it (still) comes up lacking. Switching my Windows 7 Boot Disk from D to C with BCDBoot rather than BCDEdit - Scott Hanselman’s Computer Zen blog – Scott gets himself out of a jam when he upgrades a multi-volume system to Windows 7 RC. He gets out of it, but it is a[...]
Firefox and Chrom(ium) News 2009-05-10T00:03:41.401-05:00 First the Fox Alex Faaborg - » Thinking about Refreshing the Firefox Icon – Alex Faaborg. Alex begins to opine on the need to refresh the Firefox icon. Firefox has made some changes over the years on their icon and I’ve got mixed feelings on an iconic icon reboot. Multi-processor support coming for Firefox – Mozilla Links blog. From Percy Cabello’s post: Mozilla has started a new project to make Firefox split in several processes at a time: one running the main user interface (chrome), and another or several others running the web content in each tab. Like Chrome or Internet Explorer 8 which have implemented this behavior to some degree, the main benefit would be the increase of stability: a single tab crash would not take down the whole session with it, as well as performance improvements in multiprocessor systems that are progressively becoming the norm. The title is a bit misleading. Firefox already runs just fine on multi-processors, and is in fact, multi-threaded as well. What the MozillaWiki section on this feature build-in actually seems to describe is to run the chrome (GUI) element in it’s own process, and the tab content in a different process. Then the feature would be expanded to have each tab operate in it’s own process; similar to Chrome as well as IE 8. And eventually getting to the point of sandboxing each tab/process from each other. As I understand it, this is a pretty complicated process. Also, Mr. Cabello mentions that Mozilla developers might shed their current networking stack design and pick up the one in use by Chromium. So it seems we won’t see a multiprocess Firefox for at least a year or so. However, some decisions like taking Chromium’s networking stack to replace Necko, could accelerate the process. As you may know, Chromium is the open source version of Google’s Chrome. This consideration on merging platform elements is an interesting development as well. BTW, Did you miss the NoScript – Adblock Plus stealth-war going on over the past few weeks? I use both of these Firefox add-ons and I sure did. NoScript Developer Apologizes For Meddling With AdBlock – InformationWeek NoScript - AdBlock War Finds Closure… For Now – Information Week Basically it’s like this: AdBlock is designed to block ads for Firefox users. NoScript is designed to block/control javascript and other page-load actions for Firefox users. I, like many, use both and swear by both. No Script is supported in part by GoogleAds. AdBlock would block those ads. The developer of NoScript programmed his extension to “white-list” those ads on his site by impacting the other extension AdBlock plus. As changes were made by AdBlock plus to get around those efforts, NoScript escalated its attempts as well. Eventually Giorgio Maone got called out and the whole thing turned public, shortly after he attempted to make amends and back off the whole bull-ride he found himself on. Mr. Maone clarified his actions, intentions, and offered a surprisingly detailed and humble (IMHO) apology on his blogsite: hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community Good enough for me as I didn’t really know there was an issue to begin with. And I appreciate Mr. Maone’s repentance. Granted, he’s got some major trust-rebuilding to do with the community at large, but I think everyone will come out of this much wiser and more focused than before…or at least I hope so. Then the Chrome Rather than using the installed version of Goo[...]
Lego MiniFig Extravaganza 2009-05-09T11:28:34.990-05:00 picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “little” tip a few weeks ago from the TinyApps.Org Blog, my personal blogging workload has increased magnificently. In trying to get all that material organized and understood, my brain-cells have melted a bit. So I am posting this fun diversionary material. Confession time: Growing up I enjoyed playing with two things more than most anything else: Lego building blocks and dolls Star Wars action figures. Our family (Mom, bro, Alvis, sometimes Dad) continues to enjoy them as they frequent our birthday parties as gifts. They have become much more sophisticated than those I had growing up. I remember when getting the new triangle shapes, clear wind-screens, or the tiny wheels was awesome. We even had a small “boat” with hull pieces and a big sailboat-like ballast-weight. That was neat. So when the first Lego mini-figs came out that was even more cool. We had the early ones and though we have a number of specialized modern ones (Star Wars) it wasn’t until I found the following posts on the web recently that I realized just how important these pieces are to the Lego universe. Every Star Wars Lego Minifig Ever! – Wired Blog Gizmodo - Exclusive: The Lego Minifig Timeline – LEGO – Gizmodo Both links have awesome visual coverage about the Lego Mini-figs. I spotted more than a few from my childhood. Gizmodo also has this really great article about some of the lesser known facts on Lego: Gizmodo - Everything You Always Wanted to Know About Lego Want more? BrickForge BrickArms Custom Minifig Shop » Products Page Sites where you can (while supplies last) pick up custom gear for your Lego mini-figs. MOCpages.com : Share your LEGO creations – is a website where some nice build work is on display. However check out The Brothers Brick for real Lego custom awesomeness. It has a wealth of fun and original content. Then if you really want to blow out the afternoon, check their side-bar that has a host of wonderful links to Lego official sites, the very best Lego blogs, Lego community sites (such as Brickshelf), and Lego “web-comics”. I’ve still got two Lego Star Wars vehicle sets still in the boxes I haven’t torn into yet. I’m saving them for a rainy day when the Internet is knocked out of service. Lavie and Alvis love to help sort out parts for builds and Alvis particularly enjoys trying to beat me in “build-off” contests. (She’s got ton’s of Harry Potter Lego sets.) Cheers. --Claus V. [...]
Security Slugfests: Curious Full Circle Version 2009-05-04T23:02:32.803-05:00 Some interesting bits these past weeks on the Windows security front. [Note: all product names are assumed owned by and trademarked by their representative corporations or organizations…we are all respectful adults here (I hope!).] Going Gumshoe Harlan’s Windows Incident Response blog post Windows Incident Response: Tools contained a nice shout-out (Cheers!) as well as introduction to a neat new tool (to me). Internet Evidence Finder – JADSoftware – Free tool that “…searches for Facebook chat messages and page fragments, Yahoo chat, and MSN chat messages on drives and within memory dumps”. Given the proliferation of these type of social networking sites as well as a workplace with many users dependent on them for socializing (or other things…) having a tool geared for searching a system for usage is quite handy. I’ve “registered” and downloaded it but haven’t had a chance to toss it at a system where I know Facebook usage is present. Harlan’s post has some great positive feedback on it so I’m looking forward to the report results. Harlan then dropped this Windows Incident Response: e-Evidence updates post all full of goodies! Links are a-plenty on forensics and incident response presentations and papers. However, from the sysadmin perspective, I really found great value in Diane Barrett’s presentation on Virtual Traces, Being interested in local-system usage of virtualization (Virtual PC, VirtualBox, VMWare, etc.) it had a lot of great material. I’m also interested in how the new Windows 7 XPM mode virtualization will come into play both from a forensics perspective as well as incident response. Read Harlan’s post, view the presentation, then check the comments section on his post for some additional thoughts I left and others have responded to. It’s a fun discussion. Windows 7 Soup: No AutoPlay for You! Windows 7 will bring a new security “feature”. Turns out that the latest version of Windows 7 RC will now no longer auto-play (most) removable media such as USB drives. CD/DVD media will still be allowed. Somehow that is seen as less of a threat-vector. Not quite sure that is the case. For the technicals, please see the following posts. Improvements to AutoPlay - Engineering Windows 7 blog AutoRun changes in Windows 7 - Security Research & Defense blog AutoRun To Be Disabled, But Not Completely - Sûnnet Beskerming blog Anyway, while a nice move forward, it doesn’t currently have an XP/Vista patch counterpart. There are still lots of other solutions for XP/Vista that you can try in the meantime: My USB Security: AutoRunGuard, Encryption options, and Forensics post details Didier Stevens’ USBVirusScan which can be configured to launch an AV application when a USB stick gets inserted. Then there was AutoRunGuard – a freeware bat-file work combined with Didier’s USBVirusScan tool. It also mentions a few auto-run threats and related issues. For some other USB defenses for XP/Vista consider Panda USB and AutoRun Vaccine - (freeware) - Panda Research Blog provides a two-stage tool. Stage one locks down your entire system from auto-run exploit. Stage two renders any USB drive that the tool is applied to “inoculated” against infection by an auto-play vectoring malware infection. Read carefully before applying. Some could be “permanent” (at least without reformatting the removable device). Hype-free security bloggist cdman83 has a good analysis on that to[...]
Mini-Linkfest 2009-05-04T20:19:16.108-05:00 I’m sitting on I think at least three interesting posts right now. I’m trying to clean out these other links I’ve got sitting here so I can clear my mind and get really focused on them exclusively. Bear with me for the brevity. Panda launches free anti-Virus – offloads almost everything to cloud – Security – The Tech Herald. Interesting on multiple points. Panda is providing a “thin” solution to AV bloat by offering a new “free” anti-virus product that installs on the local system, but then gets its protection and analysis from “cloud-based” computing. I’ve seen a number of other AV products that this method as well. Panda Cloud Antivirus FREE – Panda Security I haven’t had a chance to play with it on a virtual system, but one person who has states that the installer alone is 18 MB in size. Not necessarily what I would consider “thin.” Contrast that with another “cloud-based” free A/V scanner Prevx Edge which delivers it’s local product as an EXE that weighs in at about 800 kb. Hop over to TinyApps.Org Blog : A better NOD32? for more linkage on that product. I’ll add more on Panda when I get the opportunity. I’m OK with the theory but a bit skeptical on the actual delivery. Adding to the “free” march is Outpost Firewall Free 2009. Outpost has had a good reputation and this new offering should delight folks looking for another free firewall solution from a trusted player in the field. Outpost Firewall FREE – Agnitum Supports both XP and Vista. Agnitum finally blog about their free Firewall :-) - Donna’s SecurityFlash Agnitum’s Outpost Firewall goes free – Agnitum Blog Old new now but Firefox 3.5 Beta 4 available for testing now - Mozilla Links. With the patch to NewsFox now in place, I’ve only started using this build version heavily today. This is interesting: Tip: How to install and uninstall a program in Safe Mode – 4sysops blog The post details how to do a registry hack to get the installer service going in Safe Mode. I prefer to use SafeMSI (download link off that Computer Business 101 blog page) instead which is a single exe file solution I keep handy on USB sticks. Anyway, that’s not what is curious to me…I’ve been trying to leave a blog comment on 4sysops but now cannot get the website to load at home or work. Only way I can reach it is via a proxy. I’ve not been able to leave a comment over there to tip off on SafeMSI as an alternative technique. I serious doubted I would be blocked somehow from the site from two different IP address (though that could be possible). I’ve also tried in several other browsers to see if a particular Firefox add-on might be doing it but no-dice. Strange. I’m going to try to drop the site a direct line to see if something is up. Short: vLite screws up Windows Vista SP1 upgrade path - Within Windows Turns out that using vLite to optimize a Vista installation disk might strip the Vista OS version of components needed and called to during a Vista SP2 upgrade run. So (according to Microsoft) if you have used vLite to deploy Vista, you might get bit when Vista SP2 rolls out. IEBlog : Customization in IE8 – Most folks (including myself) probably just roll with the toolbar layout and elements as it is presented to them. While I’ve got my Firefox build pretty tricked out as far as toolbars, icons, element layout items, etc. I don’t really use IE enough to do all the tweaking it can[...]
NewsFox XML Error in Firefox 3.5 b4 patched 2009-05-04T20:20:52.367-05:00 Despite a rather involved search for an acceptable RSS feed reader (client or “embedded”) I’ve yet to find a RSS feed reader that surpasses the way the Firefox RSS Add-on NewsFox works for the way I surf/blog and read feeds. NewsFox has been working fine with my RSS/Atom feed rendering up to and including the Firefox 3.1 beta 3 build I have been using. Recently Firefox 3.5 beta 4 was released and NewsFox started throwing XML rendering issues on a number of feed posts. Some RSS feeds would render correctly 100% of the time in NewsFox. Other RSS feeds would have some articles displayed properly and others did not. Testing for a corrupt profile or Add-on cross-conflict didn’t resolve the issue so I assumed the issue had either to do with changes in the newer Firefox rendering engine code or the NewsFox parser wasn’t able interface with it correctly. I’ve been using NewsFox version 1.0.5.RC1 with no issues (until now). The developers of NewsFox have been on a much deserved vacation according to the NewsFox forum so I decided to just keep using Firefox 3.1 beta 3 until a newer version came up. After about of week of periodic searches for others with a similar problem, I figured the NewsFox developers might not know what is going on so I posted a forum comment about my observations and error. Amazingly I got a fast response from vaganyik wondering if it was related to Bug 20801. Turns out it was. R. Pruitt (a.k.a. wa84it) quickly posted this on the bug page: The prior NewsFox strategy for displaying XML wasAtom and XML -> display XMLRSS -> try XML -> success: display as XML -> failure: display as HTMLUnfortunately with Gecko 1.9.1, the 'try XML' step generates fatal errorsunable to be caught. At least it seems so from looking at it for 2 minutes.Here is a version that does not do the 'try XML' step, and so should work finewith FF3.5 and SM2.0. Final solutions will await when I really start lookingat things which may be a week or two. The only downside(ie why I bothered withthe 'try XML' step at all) is that SVG graphics and other XML goodies won'tdisplay in RSS feeds, although they still will work in atom feeds.Great background information on how NewsFox is working behind the scenes.He also provides a CGI file there as well.If you are running NewsFox, encounter the XML error on your feeds, and are using Firefox 3.5 beta 4 (tested in Windows (XP/Vista)) and want to be rid of them, then give the following “patch” a fix.Download the no XML errors in Gecko 1.9.1 (id=5854) CGI file by clicking on the link provided. It should offer you the change to install software into your Firefox build.Allow the install at the top notification bar.You should then get the “Software Installation” pop-up to install “attachment.cgi”.Don’t freak. The cgi file is like an XPI file.Allow the installation to progress. (You might have to override any “maxVersion’ compatibility checking.)You should then see NewsFox as listed being updated and Firefox needing a restart.Allow the restart and then recheck your NewsFox RSS feeds. All should now be well.NewsFox should now report (post patch) in as NewsFox version 1.0.5rc1_noXMLPlease note that this is just a temporary patch until the NewsFox coding guru’s can get back to work and do a more elegant fix.Besides showing just how awesome the NewsFox maintainer R. Pruitt is, this has also clarified for me another question.Often when adding new feeds, I am presented [...]
Visually Inspired… 2009-05-04T08:50:56.891-05:00 Lavie is scheduled for another round of outpatient procedures today so I’ve taken the day off to play supportive husband. Expect intermittent blog posting today. Offered in this post are a number of items that are inspiring visually. First up, high-res desktop wallpaper guru Mando Gomez has presented a number of dual-monitor flag-themes over the years. These three have particularly inspired me and rotate on my desktops: mandolux desktops – Texas/v2 mandolux desktops ad – Hope YARRRR! on Mandolux Flickr Photostream (in case it wasn’t clear…attribution to all images is due Mando Gomez) I wasn’t sure about the last one with all this Somali pirate shenanigans going on. True piracy isn’t nearly as glamorous or entertaining as watching Johnny Depp carouse around. However, given that at least some folks in the Navy look to have a handle on individual situations, and it is just plain hard to find a good Jolly-Roger desktop image, I figured I’d pass it on. Crazy Dinosaur Comics artist Ryan North has this geek-inspired t-shirt: TopatoCo: Time Traveler Essentials Shirt It contains a summary of major scientific information that could be handy just in case you are swept unexpectedly through a time-space wormhole and pop up in say, the Middle-Ages. There is also a poster available as well. Graham Rawle has a collection of fun visual wordplay known as Lost Consonants. Here’s the formula: take sentence and remove a single consonant from one key word, turning it into another. Then add an image that goes with the repurposed sentence and see what you have got. Kids and (most) adults pick it up pretty quickly and it is pretty clever. Engineering Windows 7 : A Little Bit of Personality and TechBlog: Windows 7’s weird and wonderful wallpapers explained. Both posts take some time to highlight the amazing (really is this Microsoft coming up with these?) choices in wallpapering options under Windows 7. Many are quite “trippy” and I have to confess I’m liking the change from the traditional wallpapers offered by Microsoft. Vista’s standard default wallpaper collections were a large move forward, but these Windows 7 options are amazing; not just for the diverse artwork in itself, but also for the deviation from the button-down collar attitude. Fun! --Claus V. [...]
Feeding the Curious Mind… 2009-05-03T15:15:34.769-05:00 Been busy around here for the past couple of weeks. Trying to dig out from the crush of work as well as staying inspired mentally. Been a bit challenging. Here are some links—past and present—that I’ve been grooving on to keep things fresh in my brain. The Forgotten Underground I had seen a CNN video on some dudes who had (re)discovered a hidden train tunnel under the streets of New York. The video piece was completely uninspiring, but I figured more information was to be found online. It was. A Diamond Below - Curious Expeditions blog New York Observed - In Brooklyn, an Explorer Wants to Dig Again ... – The New York Times BHRA: Atlantic Avenue Tunnel – The Brooklyn Historic Railway Association It’s an amazing story inspired by tales of pages of John Wilkes Booth’s journal in a forgotten tunnel, and is layered with the rich and powerful, metro rail systems, a scam, and rediscovered plans buried in a non-descript locked box in a borough president’s office. And then there still remains an additional length of tunnel that may contain the abandoned train! Reminded me of Clive Cussler’s novel Night Probe! For more fun and adventures, check out the Curious Expeditions for more interesting places and things. Coincidentally, BLDBLOG posted this article The Rentable Basement Maze which eerily seemed to tie into the above story. Then there was the Sexy Archaeology Blog I dug up this weekend. It’s a tongue in cheek look at archaeological stories both mainstream and not. Fresh Scientific Perspectives With all the news saturation on the guinea-pig flew it’s been hard to hold a meaningful conversation on the topic. Even the watered-down news reports taste like cool-aid without the sugar. Bleah! While over at Kent Newsome's Blog I read his post on the subject with interest as well as his link to a great centralized source of scientific story blogs. It’s been hard finding good science blogs that strike a balance between readability, reliability, and application. Chron.com’s Eric Berger has his SciGuy blog and that is one of the few sources of daily science story material I take the time to RSS feed. Anyway, Kent linked to the ScienceBlogs site which immediately was added to my RSS feed reader. Despite an apparent and public distain for the Huffington Post, coverage and writing is spot-on and offers looks into Life Science, Physical Science, Environment, Humanities and Social Sciences, Education and Careers, Politics, Medicine and Health, Brain and Behavior, and finally, Technology. Select the whole mess or any particular topic to RSS feed. Anyway, per Kent’s recommendation, I’m now feeding Tara C. Smith’s Aetiology posts for the latest fair-and-balanced epidemiological news on the guinea-pig flew outbreak and response. Good stuff. [and yes, I’m referring to H1N1 as ‘guinea-pig flew’ for a reason…I don’t want to add GSD blog to the growing pile of material via search-engines by referring to to the other common and panic-inducing name it bears.] Crime and Punishment CYB3RCRIM3 – Law Professor Susan Brenner brings entertaining and informative analysis on intersections between technology and law. While I will watch Law & Order on cable with Lavie, generally discussions on case-law tend to make my eyes glaze over (despite recognition on how important it is to our society). Susan posts frequently an[...] |
|||||||||||||||||||||||||||||||
Buzz Saw
My Feedage
Email This
HTML2RSS
RSS Blender
http://grandstreamdreams.blogspot.com/feeds/posts/default
