Sunday, January 26, 2014

GSD Linkfest - Trash-mix (buffalo style) edition

It is a well known unknown fact that every Christmas when we travel up to spend Christmas with Lavie’s family, we need to bring a 5-gallon bucket or two.

See, Lavie’s mother makes heaps of traditional “Chex®” brand party mix and all her kids (and in-lawed kids) get tins of it to haul home. Sadly, the out-lawed kids get nothin.

So needless to say, fights and brawls and thievery ensue to see who can sneak home with the most by pilfering each others.

It’s all great family holiday fun.

Now Lavie’s mother does put her own spin on the blend…no wheat Chex® pieces or bagel chips, peanuts only (no mixed nuts), and probably a bit heavier allotment of butter and Worcestershire sauce than is listed.

However, today I may have found a replacement.

It’s brilliant! Almost all the regular bits but instead of Worcestershire sauce blend…Buffalo Sauce is used! Yummers.  Our mega-market carries almost an entire shelf of different blends of buffalo sauces so the possibilities are endless.

I simply love the amazingly good (and mostly healthy) recipes Tieghan presents on her blog. I like cooking and watch a lot of PBS hosted cooking shows (Food network…not so much anymore), but Tieghan’s blog is one of just a very tiny handful that I follow daily via RSS feeds. Half Baked Harvest - Made with Love

Anyway, this start of the week blogpost is like that…a yummy collection of finger-clicking snack-sized links for your pleasure.

I use Microsoft Security Essentials, jumped to Bitdefender Antivirus Free, and was very happy with the performance and management features…but totally put-out by how hard it was (nay, nearly impossible) to restore quarantined files into a normal state. Having a bunch of very specialized tools and utilities that often fall into the PUP/hacktool classifications…I can’t have my toolset tossed out each time the AV/AM scanner runs.

However, I’ve not given up yet and now have been toying with going back to AVG Free on a trial run (testing in a Windows VM has been positive) or (gasp) ponying up some extra $$ for Kaspersky’s home AV toolset based on its high performance ratings.

Stay tuned to GSD…as the situation develops.

Updates: Disk2vhd v2.01, PsPing v3.21 - Sysinternals Site Discussion - new Sysinternals tool updates are out.

SimpleProgramDebugger - Nirsoft - New tool release by Nir Sofer. “SimpleProgramDebugger is a simple debugging tool for Windows that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit Process, Load DLL, Unload Dll, and Debug String.“

More WinFE work and research! - Windows Forensic Environment

Windows Forensics Analysis, Fourth Edition - Windows Forensic Environment - Brett Shavers breaks news of a new 4th edition release by the Windows incident-response/forensic-focused master, Harlan Carvey. This new addition will support the “new” Windows 8 platform. The volume on my bookshelf is “2E” (handling XP) so I really need to get with the times and pick up this one along with the third edition which focuses on Windows 7.

Quick EnCase v6 & v7 EnScript to find files that have been encrypted by Cryptolocker - ForensicKB blog - GSD has been on a bit of a PSA binge (GSD post link 1 & post link 2)regarding Cryptolocker. So it was refreshing to see a forensically-angled post related to it.

Who Is On My WiFi -Wireless Network Security Software - Spotted via a Love My Tools blog post, this network-scanning/auditing/logging software offers to help you monitor your network and identify when other unknown connections are made. It also comes in a handy iPhone app (Android app also available).

It reminded me very much of Overlook Soft’s FING network monitoring and discovery tool. It’s been a while since I played with Fing and their free command-line Windows version had been upgraded to 2.2 some time ago. My installed version previously was 1.4. Because they still haven’t released a “GUI” mode to FING, I’m not sure it appeals to non-network-admin types but the CLI tool is good and pretty powerful…particularly with outputting findings.  While I don’t regularly run the CLI software on my “desktop” system, I have installed their free Fing - Network Scanner iPhone App on my iPhone 5 and run it several times each week for quick scans. It is great.

You might want to pop over and review this GSD post Mostly Wi-Fi and Network Security: Linkfest for other Wi-Fi related network scanning tools, including these Wi-Fi specialized apps…

  • Wireless Network Watcher - free NirSoft tool that shows who is connected to your wireless network.
  • SoftPerfect WiFi Guard - free app that also shows who is on your wireless network, but has an added feature of alerting you if a new device joins that is unknown

One potential drawback of these is they may have limited ability to pick up mobile device connections on your network. Wireless Network Watcher could do so…however I had to enable background scanning mode to get it to pick up the devices…and then it didn’t always capture them unless they were actively transmitting on the network.  In comparison, my Fing iPhone App nailed all my wired objects along with the iPhones, iPad, and Kindle devices every time…labeling and ID’ing them perfectly.

And in trending news this week -- gasp! -- browser users get hijacked via add-ons!

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates - Ars Technica

Many Browser Extensions Have Become Adware or Malware. Check Yours Now - Lifehacker

Warning: Your Browser Extensions Are Spying On You - How-To Geek - Primary article

Add-On Danger List: Warning: Your Browser Extensions Are Spying On You - How-To Geek supplemental post that lists all the (currently known) Chrome add-ons that can inject adware or enhanced tracking into your browsing sessions. Yuck!  I had two myself; Sexy undo Close Tab and Neat Bookmarks.Those got dumped.

I’ve not heard of the Mozilla Add-on & Firefox community having quite the same level of issues as Chrome has. I’m not sure of the Chrome add-on vetting process but as I understand it, Mozilla uses a team of volunteers, contractors, and paid staff to review and vet add-ons as part of the add-on review process  before they get added to the official AMO site. That may help a bit.

Y U Phish Me? [Part 1] - Open Security Research - Nice pick-apart of a phishing campaign.

Windows Hotfix Downloader 5.5 - New (to me) little tool to help manage, download, and off-line updater. Spotted via this The Windows Club post. Interesting as besides being a portable app, “Windows Hotfix Downloader lets you select and download the General Updates, Hotfixes, Security Updates, Additional Updates and Extra Updates for your operating system.”

Fits in nicely with my personal favorite WSUS Offline Updater and the slightly differently structured (but still good) Portable Update tool for Windows updates.

Cheers!

--Claus V.

Saturday, January 25, 2014

Target not the only one wearing a target apparently…

Last week I posted some information on the Target POS breach:

POS attack - a bit more now known - Grand Stream Dreams blog

That post has a lot of good general information on what was involved in the the attack, how it seems to have operated, and some technical analysis on the malware used.

There hasn’t been much new information on the story recently.

While Target has been the primary focus in the media, those following the story and security news sites heard the distant rumbling that hinted that Target (and its customers) were not the only victims. There were likely to be other companies and their customers hit as well.

It does seem that the malware platform that was used on Target was modified for that attack, which means that similar malware platforms might have been purchased by others and/or modified for the attacks on other merchant companies as well.

Now that thunder is rolling closer and being more defined.

It isn’t clear if these attacks are coordinated (probably not) or coincidental (more likely) and just has been found as company incident response and audit teams sweep their own systems to see if anything is miss since. Or it could be that security researches are finding large batches of card data from specific companies suddenly coming up on the market. In several cases it seems that credit card processors themselves are identifying unauthorized payment card activity and noticing enough of a pattern to smell something is wrong.

Regardless, the writing on the wall is pretty clear…our credit card POS system and infrastructure here in the US needs some serious fix’n-up. And the writing is on the wall that something had better change.

Bother…

--Claus V.

Broken…or not? Give me data.

So yesterday Google’s Gmail service (and Blogger along with a few other services) went down for a short period of time.

The way the Net responded, it seemed darn close to the zombie apocalypse being upon us.

Trying to get fast status information was hard. I set about trying to get some data to answer a very critical question; did I break Gmail??!!!

Turns out I didn’t.

Google managed to break itself; Official Blog: Today’s outage for several Google services

I found a few handy resources for reference next time.

This handy tool provides great data on the service availability status of most of the key Google applications.  It doesn’t provide a lot of detail (granularity limited to “no issues”, “service disruption”, or “service outage”). However it does give clear feedback on what’s going on.

You might get lucky finding info on the Official Blog for Google.

Once we cleared that hurdle, I popped over to the Is It Down Right Now? Website Down or Not? site.

Their dashboard provides a lot of availability data across a wide range of web-services. Including Mail.google.com - Is Gmail Down Right Now?

You can check out the comment threads to get the pulse of what is happening in the service you are interested in.

Of course there is also the Down For Everyone Or Just Me -> Check if your website is down or up? site. I’ve found it handy as well.

In a non-related note, I recently popped in to my Google Analytics dashboard to check some stats for this humble little blog and found Analytics had completely been re-designed (again). I was lost for a little while, but the new UI is fairly intuitive. With some poking around and check-ins at the help center, I was finally able to drill down to what I was seeking.

Cheers.

Claus V.

BOSSIEs You Might Like - 2013 Edition

I first discovered the BOSSIES back in mid 2009.

It is an annual collection of the Best of Open Source Software as presented by InfoWorld.

InfoWorld Bossie Awards – InfoWorld

InfoWorld Bossies (Best of Open Source Software)

Each year, InfoWorld's Bossies (Best of Open Source Software awards) recognize the best open source software for business. The InfoWorld Test Center's central mission has always been to identify the most promising and cost-effective products available to IT organizations. Increasingly, those products -- from application development tools to platforms and infrastructure software to CRM and ERP applications -- come from the open source camp.

2013 InfoWorld Bossies

Here are are the ones I am highlighting as particular interest to me in three (of a total of seven) different categories. Check the main page or the category links for the full set of winners:

Bossie Awards 2013: The best open source desktop and mobile software - note links open to application homepage.

  • Classic Shell - start menu button replacement for Windows 8/8.1
  • OpenOffice 4.0 - alternative office application suite
  • LibreOffice - alternative office application suite
  • KeePass - password management utility
  • pdfcreator - make/print/manage PDF formatted documents
  • PeaZip - file compression utility -- supports all kinds of compressed file archive formats
  • ProjectLibre - alternative project management software
  • VLC - super rich media player

Bossie Awards 2013: The best open source networking and security software  - note links open to application homepage.

  • OpenVPN - create your own VPN solutions.
  • Zentyal Server - Linux based small business server package all rolled up in one.
  • Maltego - network mapping tool to create and display relationship between people and network resources. Commercial and community editions available.
  • Kali Linux - pentesting Linux specialized distro
  • Angry IP Scanner - network resource scanner.

Bossie Awards 2013: The best open source admin tools - note links open to application homepage.

  • UNetbootin - create bootable Live USB drive for Ubuntu, Fedora, and other Linux Live CD distros.
  • Process Hacker - utility to monitor system resources, debug software, hunt down malware, etc.
  • Clonezilla - disk imaging software
  • RackTables - neat tool to help manage datacenter & server room assets.

More than a few of these were already in my software collection so it’s nice to see them recognized here.

I’ve apparently missed out on previous BOSSIE years so I’ve got some catching up to do!

Hope you find something fun and new here!

Cheers,

--Claus Valca

Friday, January 24, 2014

Claus’s iPhone App List - Updated (Jan 2014)

So it has been a little while since I’ve posted an update to my last iPhone App List so I figured “why not now?”

Before we get to that, let me point out a few new apps I’ve added that stand out:

I have a very well-rounded collection of weather apps on my iPhone (see below). That class of apps is probably the most used set on a daily basis, followed by my RSS feed reader, web browser, and email app.

BeWeather - (free/$$) - App Store on iTunes - This one is new to me, though apparently Blackberry users have loved it for a long time. I really like the way the data is displayed and the background images are very pleasing but not distracting. The free version has almost all the features the average Joe could want, except a detailed (by the minute) precipitation forecast (available in the $$ version) and unlimited numbers of weather location saves (for when you want to quick-check the weather in more than your current location---also opened up in the paid version). Next time I get an iTunes card I’ll probably go ahead and buy it. However it faces some already stiff and entrenched competition from apps like Wunderground weather and The Weather Channel that cover all the same features and a few more. Still, I don’t mind having it handy and would recommend it. Check it out.

Reeder 2 - ($$) - App Store on iTunes - I had been using the previous version “Reeder” for my RSS feed reading. It went from ($$) to free a while back during a short window before the developer yanked it from the iTunes store. I could continue using it but decided to show my support and pony up the $$ for the new Reeder 2 edition. It has more bells and whistles and I really works nicely for my OMPL (standalone) RSS feed reading. I don’t use any cloud-based RSS services (now that Google’s feed service shut down). This app really rocks for my purposes; and it does support a lot of cloud-based RSS feed services if that is your thing.

VNC Viewer - (free) - App Store on iTunes - I spotted news that a free Android version of VNC was available and went looking to see if there was a free iOS version out. Yep. This is it. I use TightVNC on our home systems for my remote-support needs and VNC Viewer is pleasantly compatible with it. No surprise there. I found the iOS app interface for VNC Viewer to be very easy and stable to use. I did previously pay for the ($$$) version of Mocha VNC and it seems to have more features so I’m sticking with it, but I will keep VNC Viewer app on my phone and will use it as well.

The TeamViewer for iOS app offerings is a mess.  I’ve been using this TeamViewer for Remote Control (free) on my phone for the (very) limited times I’ve needed to perform emergency remote-support to family and friends while on the road but it was very kludgy. When I launched the app today it recommended I jump to a new version (not an upgrade of the current one I had). It pointed me to this one TeamViewer: Remote Control (also free) which has been optimized for iOS 7. So I downloaded it and installed along side. There is also this older (free) TeamViewer HD for Remote Control app for iOS as well. It’s a bit hard to tell the difference between the two older versions feature-wise. Anyway, if you need it and you have a newer platform/iOS version you probably want to go with the middle one I linked to above.

Microsoft Remote Desktop - (free) - this one is of limited value to me at the moment. I can use it to connect to an virtualized version of Window 7 (IETester) Enterprise I have, but since my primary systems are running Win 7 Home it doesn’t work. We don’t really use RDC/RDP at work so no use there.

CNP Mobile Outage Tracker - (free) - A while back my brother called me to check if we had power on our side of town. We did but he did not. Localized outage. I pointed him to this (regionally useful) app so he could check for status updates himself over his iPhone. If you live around the Houston area and have CenterPoint as your electricity infrastructure provider, you may find it useful. Works OK in an emergency but really could use an overhaul for iOS 7.

VLC for iOS - (free) - This app has gone through a series of updates. I really like it, especially being able to upload video files to it directly from my PC when I’m too lazy to connect my iPhone via USB and iTunes to drag-n-drop the files over. Plays great. Great features. Lots of fun.

Updated January 2014

Not a lot of “new” installations…though lots of existing apps have been updated to newer versions.

Here is an updated listing, semi-categorized, of iOS iPhone apps I’m using on my iPhone 5.

All links will be to the iTunes App Store page unless otherwise noted. I’ve updated the permanent link on the sidebar under “Claus’s Toolbox”.

I’m only listing Apps that I use (or plan to purchase relatively soon for use). This post is for me to self-reference and primarily be a way to recommend/share Apps with the few family and friends who have iPhone discussions with me.

A mini price-range key:

  • free = free. May or may not be ad-supported. That said, if it is ad-supported or pop-up in-app notifications to upgrade to a paid-version are too annoying or obtrusive, the app is deleted.
  • $ = $.99 to $2.99 range.
  • $$ = $3 to $7.99 range.
  • $$$ = $8 to $9.99 range
  • $$$$ = over $9.99

Note that when posted, some apps may be on a special pricing discount for holiday or promotions. I’ll try to keep an eye on things but it’s only a rough guide.

“Default” apps that come installed/bundled with the iOS don’t get listed.

I have a few great Apps I won’t list for privacy reasons; banking/insurance/shipping/specific shopping/vendors, etc. Just because you don’t see those listed, doesn’t mean I don’t use them.

Finally, just because all these apps fit on and run on my iPhone 5 (64 GB), currently iOS 7.0.4, doesn’t mean they will all fit on your own iPhone.

Here’s the list.

Core Apps

  • Reeder 2 - ($$) Supports “standalone” RSS feeds rather than one of many supported on-line RSS services. Newer version has many more nice interface features and GUI enhancements.
  • Chrome - free
  • Gmail - free
  • Google Maps - free
  • MiniKeePass - free
  • Naturespace - free/in-app $ (and I purchase a LOT of these tracks)
  • Wave Alarm - free (note I sprung for the in-app $ paid version). Wakes me up every day!
  • Wave Timer - free (note I sprung for the in-app $ paid version)
Productivity/Organization Apps Weather Apps
  • Weather Underground - free - (I paid $ for a 1-year in-app removal of ads) “realtime” radar data map display makes this app priceless to me! + it comes with lots of tropical weather (hurricane) tools and links so I may not need to purchase a hurricane-specific app.
  • WeatherMap+ - $ - Super cool forecast data projections. Awesomeness!
  • The Weather Channel® Max - $$
  • BeWeather -free/$$ - very nice GUI and great features.
  • NOAA Hi-Def Radar - $ - beautiful image quality but radar data lags from several to +5 min behind current time. I want near real-time radar data please!
Text/Reading Apps Networking/IT/SysAdmin Apps Faith Apps Media & Sports Apps Specialized Utilities Photography/Art Health/Fitness/Education/Fun Hardware Support
These are the primary “hardware” items I use (or will be using) with my iPhone. Note: Price rating system suspended here. Do the research if you are curious.
  • Bluetooth Headset, Jabra WAVE - Got this in lieu of a Jawbone ERA. The reviews were good but the two factors that really sold me on this replacement headset for my battered Jawbone were the ability to connect/pair it to TWO iPhones at once (I now carry two, one from work and one is my personal) so hands-free car-driving is a joy again…and the fit around my ear due to the design means it stays fast and put when I am working and playing…no sag like the Jawbone ear loop does after a while. Highly Valca recommended device. Call quality is quite good (my own experience and feedback from family/friends on the far end).
  • Jawbone JAMBOX Wireless Speaker - Christmas present from Lavie. GSD post: It just has to be bigger on the inside…
  • Lightning Digital AV Adapter - Lightning to HDMI - Apple Store (U.S.) - Hey Mom, seen movie (insert title here) yet? Nope? Want to watch it right now off my iPhone on your HDMI TV? Great! Let’s go!
  • Jawbone (version 2) - (obtained back in 2008) - still running strong, though highly battered. Now retired but still works in a pinch.
Previously Used Apps (free) Upgraded to Purchased Versions or Alternatives
These are apps that I previously had on my iPhone but later upgraded to purchased versions and/or removed to make way for another/different version of the same app function. They are still highly recommended. Still pending purchase/installation - (sooner or later)

Hope you find this helpful.

--Claus V.

Wednesday, January 22, 2014

QuickPost: Apple iTunes 11.1.4 Update Runtime error R6034

So after a long day in the trenches, I find the following news:

I’m less concerned with new features in iTunes than I am addressing vulnerabilities. So before bed, I decided to do a quick update. Big mistake.

I’m running iTunes on Window 7 x64 platform.

I launch iTunes, go to Help on the menu bar and then “Check for Updates”.

Sure enough, the Apple software updater finds the new update.  I check it and it does the download thing.

Then it fails the download/patch and suggests I try again.

I do and again the download/patch update process fails.  It suggests that if it happens again I manually download and apply the iTunes installer.

OK.

So I pop over to the Apple - iTunes - Download iTunes Now link and download the full package.

I run the installer and this time get confronted with several errors including problems starting a service as well as the very clear C++ Runtime error with a code R6034.  Ignoring or retrying doesn’t help. I’m seeing that error so much now tonight I think it’s trying to flirt with me and pick me up.

A few more failed re-installation attempts leads me to the Googles.

I first tried doing a “repair” of the older (still) installed version of iTunes on my system via the “Programs and Features” section of Control Panel. Sadly the repair also bombed out on me and failed. Not a good sign.

(Un)Fortunately I find more than a few users tonight banging their heads on the desk with the same error after attempting to upgrade to the new 11.1.4 version of iTunes. I can’t say it is an issue with the new installer/updater package but one wonders…

Anyway, I got past the error and got the 11.1.4 version successfully installed by following the following tip offered by “jmcyr1” in that first link above.

Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8 - Apple Support - KB HT1923

1. Remove iTunes and related components from the Control Panel

Use the Control Panel to uninstall iTunes and related software components in the following order and then restart your computer:
    iTunes
    Apple Software Update
    Apple Mobile Device Support
    Bonjour
    Apple Application Support (iTunes 9 or later)

Important: Uninstalling these components in a different order, or only uninstalling some of these components may have unintended affects.

2. Verify iTunes and related components are completely uninstalled

In most cases, removing iTunes and its related components from the Control Panel will remove all supporting files belonging to those programs. In some rare cases, files may be left behind. After following the previous steps, you should confirm that the following files and folders have been removed. If any are left behind, remove them now:

If you have a 64-bit version of Windows, you'll need to confirm that the following folders have been removed:
    C:\Program Files (x86)\Bonjour
    C:\Program Files (x86)\Common Files\Apple\
    C:\Program Files (x86)\iTunes\
    C:\Program Files (x86)\iPod\   

Note: Follow the additional steps at the end of this article if you receive the alert "Cannot delete iPodService.exe: It is being used by another person or program" when trying to delete this folder.

3. Reinstall iTunes and related components

After verifying that iTunes is completely uninstalled, restart your computer and download and install the latest version of iTunes.

I carefully followed the order of component uninstallation listed in step 1 above.

All of the folders listed in step 2 were fully removed so I didn’t find any of them leftover.

I played it safe and did a full system reboot like step 3 says, but I just reused the just downloaded full installer I had previously downloaded from Apple earlier in tonight’s troubleshooting.

I re-ran the installer and this time it went on like the glass slipper on Cinderella’s foot…a perfect fit.

Launched iTunes and everything was present and accounted for.

iTunes update mischief managed.

YMMV.

--Claus V.

Post Update: 02/02/2014 - MORE TIPS! - This post which I tossed up super-quick when I encountered this problem has generated a lot of very kind feedback. I’m pleased to hear the fix process described above is working for most users who find it.

However since the post went up, more official info has come out of Apple support specifically for it and a few folks have had some issues as well where the tip above (sadly) did not work.  In a comment response to Renee (Netherlands) I’ve found some more information. I wanted to add it here into the original post for the folks who aren’t checking the comments. Fingers crossed that if the process above doesn’t work, one of these will.

I would suggest to take a look at this "official" Apple recommendation for iTunes 11.1.4 issues:

It has two different suggestions, one is to look for some specific DLL files and re(move) them. then reboot, and retry the uninstall.

If that doesn't work it also recommends trying to use the Microsoft Program Install and Uninstall Utility. I haven't played with that utility so I can't say if it will help or what impact it could have. If you go that way, go cautiously!

Another Apple Support tip from "turingtest2" is here:

It has some additional tips you might want to try and is very well written. Props to turningtest2 for documenting the recommendations so well!

Finally, there is what I would call an "advanced" technique offered where you download the iTunes update install package, then use another tool "WinRAR" to extract the installer package up into its sub-installers, then install them one at a time. Not for the feint of heart and I haven't seen clear feedback this actually works but it makes sense if you have tried everything else...

Try a standalone Apple Application Support install - Apple Support Communities

Best of luck to all.

--Claus V.

Monday, January 20, 2014

And now…back to regular GSD posting…

ForSec News

Most of these seem to be timely links in light of the recent malware-induced data breaches of late…

Patch Time Again!

Yesterday when flipping channels between a re-broadcast of Downton Abbey and the AFC playoff game (yeah--real contrast right?) Dad called in a panic as his dear wife had been browsing the InterTubes on their Vista system and they got an apparent Microsoft Security Essentials virus detection alert.

Only it didn’t quite look like what they were used to. So I popped on remotely and took a look.

Long story short, it was actually a fake AV alert image embedded in an IE tab page. Clever. Not.

Using ProcessExplorer I was able to confirm it was a “click here to clean” IE browser session only and not an actual malware fake AV binary causing the display. So a few targeted process kills later all was gone.

We did a trial to show again how the real MSSE client they have running on their system presents a legitimate detection alert.

This is a pretty common event now for them and their system. The vector seems to be that she opens up IE (the latest IE version offered for MS Vista is 9 which they have). Her home page is Yahoo.com. So then she just types in what she is looking for in the “handy” Yahoo search bar on that page and flows down the Internet River.  Often getting amazing numbers of multi-page ad/scam loads in new browser tab sessions. Yahoo seems to be the wild-west of this time of ad/page hijacking. Anyway…

We set up Google Chrome for her to use and depreciated IE as much as we could from the desktop/quick-launch in hopes that Chrome might provide a bit more protection. I ran out of time before having to head to the church-house for service support and didn’t get a chance to load it up with some additional ad-block protections but that is on the to-do list.

Anyway, before I bailed I also brought up their Java (needed unfortunately), Flash, Shockwave, Air versions to current status.

Fingers cross this will hold the dam back a bit more until little brother and I can convince Dad it is time for an OS upgrade to Win7/8 from Vista.

So with that background in mind…go get your patches!

XP support under Microsoft Security Essentials Extended (kinda)

Microsoft has come out with clarification that their Microsoft Security Essentials product will no longer be offered for download to XP OS system users after April 2014. However MS will continue to offer DAT file downloads/updates for already installed MSSE clients on XP though April 2015.

Small consolation, but really, other than looking for AV support of XP from other security software vendors, it really is time to upgrade to Windows 7 (or Win 8 I suppose).

Sysadmin Links

Defrag Tools over at Channel 9 has posted “Part 3” of their Message Analyzer video set:

TRAINING: “Windows Performance Jump Start” – Jan 23rd, Online - Kurt Shintaku's Blog

Bitrot and atomic COWs: Inside “next-gen” filesystems - Ars Technica

How to nuke your encrypted Kali install - Kali Linux

New Utilities of Note

PCI-Z - freeware - Detect unknown PCI devices. Spotted via this Identify unknown PC hardware with PCI-Z post over at BetaNews.

Recuva - freeware - version update to 1.50. - This file recovery software has some major feature updates added.

Piriform News - Recuva v1.50

Change log:

  • Added ISO 9660 file system support
  • Added recovery from unmounted drives
  • Improved duplicated file name recovery
  • Added Junction Point recovery support
  • Improved optical drive detection and recovery
  • Improved scan statistics accuracy

Bit more detail on what some of those features mean over at this Betanews post: Recuva now recovers data from unmounted drives, ISO-formatted optical discs

Cheers!

Claus V.

The GSD Curmudgeon comments…

I am so glad that the 2014 CES is over!

I’m tired of seeing my RSS feed pile filled with articles touting the wonderful Jetson’s-like world where everything will be networked together chatting away to make my life “better”.

…and Google buying Nest and the potential in-home data leakage it may bring out in our homes. But then good points (on both sides) have already been made on the topic.

image

And so the GSD Curmudgeon dumps these links for those crazy kids running rough-shod all over my carefully groomed IT yard this month.

Almost enough to generate a paradigm shift for some folks…just not in the direction you think:

As a sociology major, I’m curious to see how as technology merges and our “life-experience” becomes even more interconnected, if there won’t be a measurable trend in the number of persons and families seeking alternative shelter and community in other non-traditional technology eschewing (or limiting) religious groups.

As a sysadmin, I’m curious to see how security technology and practices will rise to meet the interconnected new product world for our protection and data leakage control.

Claus V.

POS attack - a bit more now known

Just about the same time our replacement bank-cards are rolling in, better details on the Target consumer data breach also are trickling out.

I’m mostly posting this for friends and family, who like us, have been fairly regular customers of this merchant and were hit hard by the breach.

Naturally we are invested in understanding just what happened and what (if anything) we as consumers (and IT sysadmins) can learn from it.

Tech and security journalist Brian Krebs has the most details, and there is little doubt more will be coming as the investigation and forensic response continues to mature.

Super-basically summarizing the reported information to-date, the attackers appear to have breached Target’s perimeter defenses and compromise a company web-server. From there they installed (pushed?) malware onto store POS terminals (all? some?) the cashiers use (as opposed to skimmers on the card-swipe hardware). It captured the raw card data read off the magnetic stripe swiped on the terminal while it was in the POS terminal’s memory, and then used a control server inside Target’s network to accumulate all the scraped card data. From there, about 6-days later the stolen data was transmitted out to an external FTP server using another infected system inside Target’s network. The data was then grabbed and removed off the FTP server over a two-week period.

So this is quite a bit more complex and sophisticated than hacking into a company network and finding a big pile of customer account information just sitting around for the taking in a company-created database file-set, grabbing it, and running for the hills.

It appears from Mr. Krebs’ articles that the Target POS systems were using custom software on top of Windows XP Embedded and Windows Embedded for POS. How the malware interacted with the OS and how the OS was protected by security software (AV/AM/heuristic) protection is also not known.

What is reported is that the malware used wasn’t flagged (at the time and at least though January 16th) by any of the 40+ AV tools listed on virustotal.com. And someone uploaded a copy of the POS malware used in the attack to ThreatExpert.com on Dec. 18th.

Side-note…I’ve not seen it reported but wonder if any of the other online automated malware analysis sandbox services (short GSD list from 2012 Malware Analysis Resources) also got a copy uploaded for the record to them?

Attacks like this may be much more common moving forward.

You can hardly go shopping or eat out in a restaurant, or pull cash from an ATM, or visit the doctor who is carrying a specialized tablet and not see a POS terminal doing the job. And just because the GUI doesn’t look like Windows doesn’t mean that there isn’t the possibility that Windows (or another OS) is actually running underneath.

Microsoft will continue to support Windows Embedded XP for a number more years, even though their primary consumer/enterprise XP OS platform support will be ending in Spring of 2014. That means merchants get some more time to decide to keep on running as is, look to upgrade their POS systems to a newer “modern” version of Windows Embedded, or look to a different POS OS solution entirely.

Either choice may be costly…and to be fair to the POS OS…we don’t yet know how the POS’s themselves were compromised. It might have been nothing to do with any vulnerabilities in the Windows Embedded OS itself. Clearly if the internal network structure is compromised and actors are able to push a software installation or “update” to the POS systems, then that might not be an OS issue at all but rather an operational security one.

It seems more likely that a good portion of the defense in depth layer was breached. The more important questions would be how was it possible, how could the breakdown/breach of each of those separate events been detected sooner, and how could the activity generated been identified and flagged; on the server(s), on the POS systems, and finally, on the network traffic inbound/outbound/internally.

I’m sure there will be lots of great (hard) lessons to be learned across the board on this one.

More linkage:

Stay tuned for updates.

Claus V.

Internet Explorer 11 - Delayed launch time issue fixed

Since I seem to be on a troubleshooting post streak at the moment, here is another issue for reference.

I’m running a Windows 7 (x64) system, 8 GB system RAM, a fast (but not blazing) standard HDD.  Firefox and Chrome are my preferred browsers but I still have Internet Explorer (11) set as my default system browser.

When I do need IE and try to launch it, it can take over 30 seconds to launch…or longer.

It has been a nuisance but since I don’t use IE every day, I haven’t dwelt on it much.

Yesterday I did some Googling on the issue and found a number of links for forums that were addressing a similar problem.

The basic troubleshooting with this type of problem is as follows:

  1. Launch IE with Add-ons disabled by typing “iexplore.exe" -extoff” in the Run field from the start-menu.
  2. IE launched super fast.  Suggesting that an Add-on was causing the delayed launch.
  3. Drop into the “manage add-ons” option in IE.
  4. Select and disable an add-on that may be questionable, save and relaunch IE to test.
  5. If it didn’t help, re-enable the add-on and move on and disable the next.
  6. Repeat until the offender is found.

In my case it turned out to be the IE add-on for Fiddler.

Once disabled, IE launches very fast again.

I’ve left it disabled (as I have also done for the Add-on in Firefox) and will enable it “on-demand” when I have a specific need for it in IE.

Just posting in case others have this issue.

Cheers,

Claus V.

Minor RSS feed irritation squashed…

So here I am using Omea Reader to handle my RSS feeds.  It doesn’t seem like it has been updated in forever. I do keep my eye out for new and exciting developments in client-based RSS feed readers. So far nothing I’ve found yet exceed the capabilities I need that Omea can’t handle.

I’m following something like 200-230 RSS/Atom feed sources with it.  On an average day that will translate to about 500-600 articles to clear.

Note: that sounds pretty bad but I do also watch them on my iPhone with my Reeder 2 ($$) app. during the work-day so I can pick-out the ones I want to focus on and then cull down the bulk of them when I get home with some speed-feed-reading.

I do dread getting backed up at work or sick because when I’m too worn out to check my feed list daily, I can have close to 2000 articles to review and pick out what I want to spend more time on.

Anyway…that long introduction to say that in Omea, I’ve noticed that some article feeds appear multiple times despite having just as single feed link to pull from.

That ends up generating additional “bulk” in my feed list to have to clear.

Case in point…and the solution…the feed for ArchDaily.

I love design and architecture…both modern structure design as well as older buildings as well. Some stuff I just don’t get and others the design can really evoke an emotional response out of me.

When I browse to the site in Firefox (or IE) and select the RSS feed icon it presents me with the following RSS feed source:

http://feeds.feedburner.com/ArchDaily

And that’s the one I have been using. Omea Reader accepted it and it looks quite normal…only when it loads the pulled articles, I have triples!  [Well really a double of the article is displayed with a third being the same article but for “comments”.]

Couple that feed article pulling behavior with the fact that the site produces many, many articles per day and I can have a lot of “fluff” in my unread feed count to sort though and clear.

Weird.  Especially so as I have my Omea feed setting for ArchDaily to not accept duplicates of the same article (it can do that).

Also, my feed entry for ArchDaily does have the Feedburner favicon showing, but the three articles have one Feedburner icon and two ArchDaily favicons.

otplmmvc.p0rLook Ma! Three for the price of one!

When I click the RSS icon on some sites, I may be offered feed link options to RSS 2.0, RSS 1.0, ATOM, or a feed source just for comments.  For ArchDaily I just get the feedburner link.

So this morning I browsed to ArchDaily over in Firefox again and this time launched the site with Firebug running so I could take a look at the page code.

Guess what I saw?

dc25xbh0.al3

Yep. Two RSS feed page references that didn’t have anything to do with Feedburner; http://www.archdaily.com/feed/rss/

Hmm.

So I copied that feed link, deleted the Feedburner one I had originally in Omea and recreated it with the discovered alternative RSS feed link, and hit refresh.

Voilla!

One RSS feed article per post, the correct favicon, and a lot less overhead.

imwdmkse.4fq

I have a few other feeds like this one that do doubles so I’m off to repeat the process of looking on the page-code for alternative RSS feed links.

So if you are an RSS feed junkie and the RSS option being offered is wonky, take a shot at exploring the page code and you just might get lucky and find a better “unpublished” feed source link

Cheers,

Claus V.

Saturday, January 11, 2014

ForSec News SuperPost

I’m really embarrassed I let this collection of ForSec posts grow this large. There really aren’t any good excuses.

Honestly.

If it were any other weekend, I might take the time to break them down into a series of smaller posts, but the weather is super-nice after our recent Gulf-Coast hard-freeze and I really want to get outside and play for a bit.

So either set aside a lot of time before you get started, get a nice beverage handy, or just bookmark the monster that it is and come back when the weather outside is frightful.

Seriously, it’s that big but the material posted is also that good.

Warm Up Exercises

Practical Cyber Security Training Techniques for New IT Support Employees - (PDF link) - SANS Reading Room paper.

(IN)SECURE Magazine - Issue 40 (December 2013) Released including topics

  • Testing anti-malware products
  • Using Tshark for malware detection
  • 5 questions for the head of a malware research team
  • Malware analysis on a shoestring budget
  • Report: Virus Bulletin 2013
  • Digital ship pirates: Researchers crack vessel tracking system
  • Exploring the challenges of malware analysis
  • Evading file-based sandboxes

Doing things faster - Hexacorn blog - nice summary of personal tools and techniques used to improve your IT workflow.

Hacked Via RDP: Really Dumb Passwords — Krebs on Security

All About the Windows AutoRun

The ISC Diary has been running a series of posts on Windows auto-run techniques.

These reminded me of a very long-running series of related (and highly-detailed) posts over at the Hexacorn blog that started back in 2012 with the most recent (Part 6) posted yesterday.

Well worth bookmarking for reading and refreshing.

Blog Posts from the Forensic Experts

Holidays and crazy winter weather hasn’t slowed the blogging production of these masters of the forsec world.

Speaking of RegRipper…

Moving down the road a bit

And over in the factory

And one last interesting post…

Case Studies

Sharpen your saw on these fascinating breakdowns of malware and incident responses.

Speaking of malware analysis, I recently found a new (to me) blog that has some great analysis posts.

The posts are quite detailed and richly illustrated. Definitely worth checking out and adding to your RSS feed pile as I have done.

Meanwhile, over at the Open Security Research blog, a new series has been started on using the debugging tool WinDBG.

WinFE News

It has been forever since I last built my WinFE. I’m hoping to update it by walking through a fresh build in the next month or so. Brett Shaver’s blog site is rich with great tips and tools and documentation that makes rolling your own (stock or custom) WinFE package a piece of cake.

More ForSec LiveCD News

Back when I started blogging a lifetime ago, there were really just less than a single handful of useful forensic-focused LiveCD builds available. Most have disappeared but luckily a wealth of others sprung up to take their place. It’s all I can to do to stay on top of all the updates and releases of my favorites.

Hackage & Pwnage (and other almost depressing news of late for consumers and from the thin front line)

Like about most every American, we woke up to very bad news around Christmastime with the announcement that Target had been seriously breached. The post-mortem work appears to be silently continuing but the news has been saturated with corporate data and account breaches lately. We are still waiting for our replacement cards to come in. What a drag but small price to pay. It seem like things are getting worse, but what is discouraging is that these are probably the only ones main-stream media is focusing on and people are paying attention to. These smaller breaches occur daily at businesses large and small. My only hope is that not only will excellent forensic analysis lead to applicable lessons learned to improve things (if actually deployed) but that the public will understand the sharper and narrower razor’s edge we seem to be walking down with our personal data and the dependency of data security. Of course this whole “NSA” backdrop is another fine mess but I’ll leave that for another day.

First the bad news recorded here for posterity.

And woe the consumer…

…and what about those SnapChat users?

Of course if you try to do the right thing…expect possible whack-a-mole response to your head…

Talk about frustrating…

Have I been pwned?

Meanwhile, leave it to an Aussie to continue to fight the good fight for consumer security.

Have I been pwned? -  Check if your email has been compromised in a data breach

It’s not only a great way to stay personally informed about any security breaches but it’s a good way to show non-technical family and friends this really does impact them. Family and friends may shake their heads at the news stories, but when you have them type one of their email addresses into here and it (unfortunately) shows up…it becomes much more personal.

A few odds-and-ends in closing…

Just some odds and ends I’ve found these past weeks

Avira PC Cleaner – a second opinion scanner - Avira – TechBlog. Spotted via this BetaNews blog post, Avira reveals stand-alone Avira PC Cleaner.

FBCacheView - NirSoft - Shows Facebook images stored in the cache of your Web browser

Security Essentials for Windows XP will die when the OS does - Ars Technica - Really? Like anybody was surprised by this news.

Cheers!

--Claus Valca

Sysadmin Linkfest Grab-Bag Collection

Over the past several months I’ve collected the following interesting links, articles, blog-posts, and utility notices that caught my fancy.

I’m pretty confident you will be able to find at least one link here to entertain yourself with.

ComputerZen Ultimate Utility List 2014 Edition

Scott Hanselman's 2014 Ultimate Developer and Power Users Tool List for Windows - Scott Hanselman - I found more than a few power-tools listed here that I use and several new ones I made the note to explore further. Many of the tools here are developer specific but that doesn’t mean the average sysadmin cannot locate something they could use.

Utility Rundown

Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31 - Sysinternals Site Discussion

Using Autoruns to validate system drivers - Clint Huffman's Windows Troubleshooting in the Field Blog

RawCopy - reboot.pro - NTFS file copier for low-level disk reading by parsing the $MFT, including locked ones.  Spotted via this BetaNews post: RawCopy lets you copy any NTFS file -- even if it’s locked

Of course that “RawCopy” shouldn’t be confused with these other (also great) file copiers:

USB Related

USB Image Tool 1.64 released. See the USB Image Tool main page for one of the best USB device imaging apps I’ve ever used.

Having trouble making files contiguous on a USB drive? - RMPrepUSB, Easy2Boot and USB booting.  Great tip on using Defraggler to make specific files contiguous on your USB drive.

Sysadmin Tips and Talk

How to Copy Recovery Drive to an External Drive in Windows 8.1 - Next of Windows

Adobe credentials and the serious insecurity of password hints - Troy Hunt’s blog

How to Get a Windows XP Mode Virtual Machine on Windows 8.1 - Lenny Zeltser - very clever!

Remotely query user profile information with PowerShell - 4sysops

WinSxS Folder Cleanup – Regain disk space in Windows 7 - 4sysops

Remoting Week: Non-Domain Remoting - Hey, Scripting Guy! Blog

Case Of The Missing Ini Files – A WinDbg Reconstruction - chentiangemalc - Brilliant explanation on how with tremendous patience and WinDbg, some missing INI files were re-created for customer program operation.

Video: Checking the Digital Signature of Windows Executables - Didier Stevens

Virtual Machines

Releasing IE11 virtual machines to modern.IE - Windows blog

IE11 Virtual Machines Now Available on modern.IE - IEBlog

Basically, IE 11 for Windows 7 and IE 11 on Windows 8.1 virtual machines have now been released by Microsoft. Go get ‘em!

Oracle VM VirtualBox - Version 4.3.6 was released a while back. See the Changelog for details.

Project Management Software

I hesitated dropping these links here rather than giving them their own post. But here they will sit.

Project Management Tips and Software - my original post from back in 2007. Been a while…

Express Project - free project planning software. I think this is what got my re-hunt for project management software restarted. Screenshots

GanttProject - free desktop project management tool

Bridging the Gantt - PDF Link - SANS Institute Reading Room paper. Nice intro to the Gantt tool.

OpenProj - Project Management - Free project management program.

Open Workbench - another free project management program.

TaskJuggler - free project tool.

dotproject - Open Source project and task management software

ΤΙΜΙΟΣ Gantt Chart Designer - almost as simple as you can get.

Manual Gantt Charting in Excel - David Seah

Miscellaneous Software Finds

NimbleText - a fine little freeware (for now) tool

PhotoFilmStrip - Ken-Burns Slideshows in Full-HD - just updated to version 2.0 in late November 2013. I love this tool and it really makes doing videos of static digital picture files much more interesting for presentations.

LibreCAD, 2D-CAD - version 2.0 was recently released.  MS Visio does all my heavy lifting, but I’ve seen some CAD masters do amazing floor plans with their CAD app that can run circles around my Visio work. So this seems like a great place to get your feet wet in CAD software at a great price point - Free! See also the large list of YouTube video tutorials: librecad - YouTube. For those who want to really try with no commitment, check out LibreCAD Portable 2.0.0 (2D computer-aided design (CAD) tool) over at PortableApps.com

Ultimate Windows Tweaker 3.0 for Windows 8 - I’ve not done much tweaking to Lavie’s Windows 8 system. We did add a start-button replacement utility and make some minor tweaks but that was pretty much it. That said, this would be a great tool for doing some more advanced tweaks to Windows 8.

Projects - Bitdefender Labs - Bitdefender has a number of free security-focused tools here for the interested.

Cheers,

Claus V.