Backtrack 5

Seems like I have been sleeping in class 🙂  Backtrack 5 was released in May without my noticing it :-/

Download it here and take it for a spin 🙂
http://www.backtrack-linux.org/downloads/

BackTrack 5 – Penetration Testing Distribution from Offensive Security on Vimeo.

Airport security ‘improved’ – Good/Bad?

I just read about IATA’s newly proposed security screening process and I must say I am very sceptical 😐 it would seem to rely heavily on sensitive personal data being shared with authorities and cross country borders.. Being a privacy advocate I really don’t like the way things are heading… This newfound “fear” of terror seem to create a number of loopholes in the protection of peoples privacy. I am very concerned about the level og details I have to share with airlines already, having to share more is very unattractive to me, I would prefer them hireing more airport police instead..

Also I don’t think I should be treated like a crook or second class traveler just because I care about my privacy.

Microsoft rootkit and malware scanner (Beta)

Recently I mentioned the Microsoft Security Scanner (http://www.kanmandet.dk/?p=2011) a portable/standalone scanner for your pc, well it seem Microsoft is stepping up their Anti Malware/Rootkit effords – link to their new beta project;  http://connect.microsoft.com/systemsweeper

The link is to a beta project from Microsoft introducing a bootable ISO that will help getting rid of rootkits and what now (Rootkits which logically are notorious difficult to detect and remote from within the OS installation).

It’s still in Beta, but looks interesting indeed.

32 bit version; http://go.microsoft.com/fwlink/?LinkId=215854

64 bit version; http://go.microsoft.com/fwlink/?LinkId=215855

Microsoft site; http://connect.microsoft.com/systemsweeper

It is also worth noticing that the latest version of Microsoft DART “ERD commander” (the old Winternal/Sysinternal utility to boot, modify and fix Windows installations) now also contain a malware scanning and removal utility (Standalone System Sweeper) – this is however sadly only available to Microsoft corporate license holders.

Filter bubbles

A very interesting ‘webcast’ on what could be named “Filter bubbles”, it is an interesting observation on how Google and Facebook automatically filter certain information away for you (all in good faith I hope, but still)..  Your search on “Egypt” may thus bring very different results than the same search done on a friends computer, good or bad?  well it is hard to tell but it offers some scary prospects.  Take the 9 minuts and listen to this, it is interesting stuff.

Microsoft Security Scanner

Microsoft has released a no-nonsense simple to use, free and downloadable tool – Microsoft Security Scanner – to check and cleanup virus infections (or suspected infections).

This tool is not intended as an antivirus, it is intended as a cleanup utility for infected computers or as a tool you can download and do a double-check to confirm you are not infected (say your installed antivirus is unable to detect a certain virus/malware, then you can double check using Microsoft Security Scanner).

You can download it free from here (note the download only works for 10 days, then you have to re-download an updated version, this is to ensure the virus detection patterns are always fully up to date);
http://www.microsoft.com/security/scanner/en-us/default.aspx

A good thing to also do is to run Microsoft Malicious Software Removal Tool from time to time – this is done automatically as part of  Windows Update, however this is only the ‘fast/quick’ scan – by starting the MRT.EXE manually you can do a FULL scan.  The Malicious Software Removal Tool is installed on all windows machines and updated/maintained via Windows Updates.

to run it;

Btw; McAfee has  a similar yet not so comprehensive utility called Stinger (also free download);
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Cold war story – The early days of keylogging

It is stated in;
http://www.governmentattic.org/4docs/NSA_AmerCryptColdWarBk4_1999.pdf  (around page 11 in the PDF)

That the CIA in the 1980’s found an early version of what was basically a keylogger in US Typewriters (IBM Selectrics), it was suspected that these had been installed by KGB during their way through Russian or Polish customs, data collected from the typewriters was collected and emitted via radio transmissions.

With that in mind, I am afraid to think what is possible today with the technology we have now 🙂

KeyScrambler – the cure against keyloggers? hmmm

I just stumbled across this lately, it’s a piece of software you install that should insert itself as a driver between the keyboard and the OS and encrypt all keystrokes – the idea would be that it would foil keyloggers.

An interesting concept, however I’m not fully convinced – I guess that I don’t fully understand how this works – but I tried installing it on a test machine and it did no harm – so I guess it won’t do any harm installing it.  There is a free version that works with IE and other popular browsers – to make it work with everything you need the pro (payed) version – IE is fine but just how do you test a product like this?  Install a keylogger yourself *lol* well let’s see…

http://www.qfxsoftware.com/

a couple more detailed reviews here (although they did also omit installing a keylogger to test the software ;-));  
http://www.brighthub.com/computing/smb-security/reviews/27606.aspx
http://www.vikitech.com/830/protect-yourself-from-keyloggers-with-keyscrambler

Blocking google ads via your hostfile

Nothing new here, just a quick way to block google ads via a simple addition to your hostfile – Not that I am against Google ads (I use them myself on this blog), but sometimes they are put in annoying places and besides I respect that some people just don’t like advertising.

Here’s how to;

Fire up your Notepad (if you are running Vista,7 you MUST launch in administrator mode – rightclick notepad and select “run as administrator”), open the file “hosts” found here; c:\windows\system32\drivers\etc.

Now add these two lines to the bottom of the hosts file (there should be a tab between the numbers and text);

127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com

save and your done, no more google ads.

Outlook auto PST file backup

I have been trying to recall the name of this little addon to Outlook for ages now, a few of my friends really need this to keep a valid backup of their Outlook PST file..  Fianlly I rediscovered it..

The problem is that some use online backup services, and once they start windows they launch Outlook – subsequently the online backup is unable to ‘lock’ their PST file and their Outlook data file newer gets backed up..

This little add on will a specified intervals create a backup copy which will obviously not be ‘locked’ as an open file and can thus be backed up without issues.

Hopefully the Outlook 2010 version will become available soon?

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8b081f3a-b7d0-4b16-b8af-5a6322f4fd01

By applying the fix below it should be possible to make the older versions work with Outlook 2010;
http://support.microsoft.com/kb/2030523

Virus cleanup – unable to delete directories named “con.” and “nul.”

A barnch office in China had a virus incident where a workstation was infected with a virus, this virus created two directories on a server share named “con.” and “nul.”.  I quickly discovered that “con” and “nul” (and also “aux”, “lpt” etc etc) are protected names in Windows and you can’t create directories with such names, well you can actually by ‘cheating’;

Create dir;

md \\.\c:\con
md \\.\c:\nul

Remove dir;

rd \\.\c:\con
rd \\.\c:\nul

This is all well and good, but it does not work for folders named “con.” and “nul.”, my next thought was well perhaps there is a ‘hidden’ character after the “.” (eg. the ALT+255 char) so I piped a dir to a text file for examination (dir c:\ > output.txt) however no luck it simply ended with the “.” and that was that.  Checkdisk had no luck and utilities to unlock files had no luck.

Anyhow I put it on Technet forums and “Brent Hu” was kind enough to offer some useful advice, he pointed to a utility called “DelInvFile” from here; http://www.purgeie.com/delinv/dldelinv.htm  and in seconds the two directories was gone 😀  nice… and as the software came with 3 free deletes it did not even cost a penny, excellent.  Anyhow, if you experience invalid files/directories in your directory structure take a look at this util, it may just save your day 🙂