andrewallen.co.uk (aggregated feed)

There are now quite a number of podcasts available, covering all areas of Information Security - I find it a great way to stay up to date with the industry news, particularly when commuting. A fairly comprehensive list can be found at http://getmon.com/, while my current regular favorites are below:

Paul Dot Com Security Weekly (feed) - one of the longest established US based security podcasts, normally around 2 hours long, with interviews, technical segments and industry news.
Risky Business (feed) - an Australian based ~30 minute show, neatly split into news, interview and sponsor interview
2600 | Off The Hook (feed) - airs every Wednesday night at 7:00 PM EST in New York City on listener supported WBAI 99.5 FM.

I've created an aggregated feed of my Podroll, which makes subscribing quick and simple - on my phone, it means adding just one feed, instead of lots of different feeds for different podcasts (very useful when rebuilding your phone after flashing the latest ROM)... I did try RSSmix.com, which IronGeek also uses, but I found updates through the site don't seem to be that regular (and the site itself can run pretty slow as well), which means missing out on the latest content. Instead, I use Yahoo Pipes to merge and manipulate the various feeds together, and then publish through Feedburner to get some extra control / statistics.

You can subscribe to my Podroll feed here (http://feeds.andrewallen.co.uk/andrewallen/podroll), or you can view the Yahoo Pipes source here.

Update - Dec 14

I've updated the pipe to include the following feeds, and also strip posts with no enclosures:

RB2 (feed)

Network Security Podcast (feed)

Security Justice (feed)

Securabit (feed)

Tenable Network Security Podcast (feed)

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

User Failure

Tue, 08 Dec 2009 05:49:11 -0800

Throughout my career, I've come across may acronyms for situations where the user has been at fault with a particular issue. I thought I'd try a list them all out in one place:

ID-TEN-T - An Idiot
PIBKAC / PIBCAK - Problem Is Between Keyboard And Chair / Chair and Keyboard
PEBCAK / PEBKAC - Problem Exists Between Keyboard And Chair / Chair And Keyboard
Wetware Failure - Brain Fail
Layer 8 - In the OSI model, Layer 8 is sometimes jokingly referred to as the user

Have you come across any others?

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

PostgreSQL not starting on BackTrack 4 Pre-Final

Fri, 13 Nov 2009 13:51:00 -0800

If you are following the latest releases in regards to BackTrack, following a recent update you may have experienced error when PostgreSQL attempts to start:

Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output:

Then further down:

could not load server certificate file “server.crt”: No such file or directory

Here is a quick fix - at the console, type:

cd /etc/ssl/certs

ls -ld /etc/ssl/private

sudo ls -l /etc/ssl/private/

make-ssl-cert generate-default-snakeoil –force-overwrite

cd /etc/ssl/certs

Re-run the update commands, and you should be good to go:

apt-get update

apt-get upgrade

apt-get dist-upgrade

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Connecting USB Devices to VirtualBox Guests

Tue, 03 Nov 2009 05:45:00 -0800

About 6 months ago I switched to using VirtualBox on my Mac, in place of VMware Fusion - It provided decent performance, works well across multiple spaces and of course is free. I have always felt that VMware have dumbed down the Fusion client when compared to Workstation on Windows, as various options seem hidden away from view (although configurable when you get down and dirty in the VMX files).

The only remaining issue I had experienced until recently, was that some USB devices would not map through correctly to the guest - in my case Windows 7 Ultimate 64-bit. When trying to connect the device on the first attempt, nothing would appear to happen, then when you tried to map it through again you'd get various error messages.

After a brief Googling session, I found the fix was to add a 'USB Device Filter' for the affected device, under the 'USB Settings' of the guest, but making sure to clear all fields except the 'Name'. Once the guest was powered up, I no longer had any issues mapping through the USB device.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

The Google Story

Thu, 29 Oct 2009 13:59:15 -0700

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Update the Search Behaviour of the Firefox Address Bar

Mon, 12 Oct 2009 02:32:00 -0700

After having used Chrome for so long on my Mac (in the dev channel via the very useful Chromium Updater), switching back to Firefox reveals an interesting habit - searching via the address bar. In Chrome, you can type your search directly in the address bar and you'll get redirected to Google for your search results, however in Firefox it reacts slightly differently - it will carry out a Google "I'm feeling lucky" search which will direct you to the first result Google returns.

You can customise this behavior in the 'about:config' page within Firefox. Type 'about:config' into the address bar, and then update the 'keyword.URL' field to your chosen search engine. For example, if you wanted to use Scroogle instead, you would type:

http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=

By the way, If you are not already using Scroogle, it's a simple way to anonymise your search requests.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Installing and Uninstalling Software in Windows Safe Mode

Sat, 10 Oct 2009 06:18:00 -0700

It's quite common that you need to remove some software when running in Safe Mode, particularly when you find your system is unusable when running normally. However, by default, the key service required to manage installed software is not running, and cannot be started (the Windows Installer Service, aka MSIServer).

Here is a quick way around this issue - by adding the registry entry below, you'll then be able to start the service and remove / install the software you require.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
sc start msiserver

Once this change is made, it will remain permanent, and you won't need to re-apply it in the future, although you'll still need to start the msiserver service when required.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Duty Calls

Mon, 05 Oct 2009 06:57:35 -0700

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Qipit - Copy and share documents

Thu, 01 Oct 2009 06:19:45 -0700

Copy documents, whiteboards and handwritten notes with your camera phone or digital camera to store, fax, email or publish!

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Transferring Files from a Decommissioned Netware Server

Thu, 01 Oct 2009 05:59:54 -0700

Here's the situation - you've remotely migrated all the data and printing services from a Netware server onto it's replacement, and you have just completed uninstalling eDirectory / NDS... the servers are locked away in the data center.

Just before you power it off, you find that one of the migrated volumes are not complete - data is missing! D'oh!

The old server is still powered up, but you can no longer authenticate to it across the network (no longer in the tree) - tools such as Adrem Free Console are no good, since you need to be able to authenticate. You still access to the server console, via the iLO (Integrated Lights-Out) / DRAC (Dell Remote Access Controller) - whew!

Getting the data off via ftp is the most straight forward, but is not a native app - thankfully it can be accessed via Bash. At the console prompt, type 'bash' then <enter> to drop into the shell. By default you'll find yourself on the SYS volume, with no obvious way of getting onto any of the other volumes. The data you need to rescue is on the DATA volume.

At the Bash prompt, type 'mkdir /data', then press <enter>
Type 'vi /etc/PATHTAB', then <enter>.
Hit 'i' to enter insert mode and type '/data data:\'.
Press 'Escape', then ':wq' and <enter>.
Type 'exit' <enter> to unload the Bash shell, then type 'BASH' <enter> at the console prompt to load the shell again.
Type 'cd /data' <enter> then 'ls' <enter> to display the root of the DATA volume - voila.

Now you have access to the data, the final step is to manually transfer over the missing portions of the data - using ftp, navigate to your selected folder, type 'ftp' <enter>, then 'open <new server>'. Once you've entered your username and password, you can now 'put <file>' to transfer across your missing data - you get the idea anyway.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Customising the Command Prompt

Wed, 30 Sep 2009 05:23:00 -0700

If you don't currently follow the Command line Kung Fu blog, I highly suggest you do! Originally started back in February this year by Paul Asadoorian (of PaulDotCom), Ed Skoudis and Hal Pomeranz, each week they publish solutions to challenges posed to each other, using only the command line utilities included on a default installation of Windows, Linux and Mac OS - many of the published solutions contain really useful snippets of code to include in your own scripts.

Something that was covered in Episodes #28, #49 and #52 was customising the command prompt in various ways. On my own Windows systems I now include the following command prompt customisation by default:

30/09/2009 13:30:34.98 C:\>

Why? The biggest benefit is knowing when commands were started, and when they completed. Many tools don't provide feedback with time and dates, and so by the nature of the date and time being printed on screen each time a prompt is provided, you get a quick and dirty way to see how long a command took to execute.

Setting the prompt temporarily can be done with the 'prompt' command (or 'set prompt'), while making the change permanently can be done by adding an entry to the registry - both can be seen below.

In addition, my prompt also displays how many paths are on the pushd and popd stack, as also seen above.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Sanitise Your Database Inputs

Tue, 29 Sep 2009 09:53:22 -0700

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Indisposable Tools - Notepad++, a Notepad Replacement for Windows

Mon, 28 Sep 2009 06:14:00 -0700

Microsoft Notepad is probably (and unintentionally) one of my most used utilities, for example, when when stripping text formatting from content cut/copied from Word or Internet Explorer, or editing batch, vb, or <insert language here> scripts.

It's very quick to bring up Notepad (Windows + R, notepad <return>) as quick dumping ground for the clipboard, and uses very little resources, however it does have it's limitations - Unix carriage returns, no regular expression support to name but a few.

A highly recommended tool open-source replacement, which has now become one of my indisposable tools, is Notepad++.

"Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License."

"Based on a powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment."

Some of the key benefits, for me anyway, include:

Syntax Highlighting and Syntax Folding for various languages (including XML, HTML, Perl, Python, VB/VBS, Batch etc)
Multi-Document and Multi-View allowing you to view multiple documents and have multiple views between them, or in the same document
Regular expression Search/Replace is fully supported
File status Auto-detection, which is particularly useful when working on live files, such as logs etc

There are also a large number of plugins, which extend Notepad++ even further.

Installation is straight forward - just download the latest installer (or the .zip file), and accept all the defaults. I can also highly recommend installing the Notepad++ launcher, which will allow you to replace Notepad completely:

Backup your original Notepad.exe
Copy notepad.exe which comes with this package into 4 directories (in given order) :
- c:\windows\servicepackfiles\i386
- c:\windows\system32\dllcache
- c:\windows\system32
- c:\windows
When you replace notepad.exe in c:\windows\system32 and c:\windows, a "Windows File Protection" message box appears, click Cancel. Then another message box appears, click OK.
Modify you registry (if you use installer to install your Notepad++, you don't need to do this step): Create key \HKEY_LOCAL_MACHINE\SOFTWARE\Notepad++, then add your Notepad++ full path as the default value of this key. In my case, it's C:\Program Files\Notepad++.

If you need any further information, check out the NpWiki++.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

The Five Minute Guide to MacPorts

Fri, 25 Sep 2009 03:15:14 -0700

Underneath Mac OS X is Darwin, the Unix-derived core that provides the underlying foundation for Mac OS X, and although born of BSD, by default many tools you may be used to on a *nix system are not present.

And so in steps The MacPorts Project as an easy way to install open-source software onto your machine.

"The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac OS X operating system. To that end we provide the command-line driven MacPorts software package under a BSD License, and through it easy access to thousands of ports that greatly simplify the task of compiling and installing open-source software on your Mac."

For example, I recently rebuilt my Mac with Snow Leopard, and needed wget back on the system. Here is a quick how-to on getting MacPorts + wget installed:

Download and install the appropriate MacPorts dmg file from http://distfiles.macports.org/MacPorts/ - you can accept all the default installation choices. In my case, I downloaded MacPorts-1.8.0-10.6-SnowLeopard.dmg
Once installed, open up a Terminal, and type 'sudo port selfupdate' and enter your password when prompted - this will make sure your local ports tree and base files are all up to date.
Finally, installing a package is as simple as typing 'sudo port install <package name>', so in my case I installed wget with 'sudo port install wget'. All required dependencies are also automatically installed.

MacPorts currently has over 6200 ports distributed among 92 different categories, and more are being added on a regular basis. If you need further information, check out the official docs.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] WinToFlash - Install Windows from USB

Thu, 24 Sep 2009 06:26:18 -0700

WinToFlash starts a wizard that will help pull over the contents of a windows installation CD or DVD and prep the USB drive to become a bootable replacement for the optical drive. It can alsow do this with your LiveCD.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Metasploit Unleashed now available!

Tue, 22 Sep 2009 05:43:00 -0700

Over on the Offensive Security blog, muts has just announced that the free version of their online course ‘Metasploit Unleashed – Mastering the Framework’ is now available.

“The current version of the online course is based on donations – if you enjoy the course – consider making a donation to HFC via the “donations” page. The Video / PDF version of the course has been held back until the MSF will release a stable v3.3 – so we don’t miss out on all the new and wonderful features which are being included.”

Over the past month, I’ve been working through Penetration Testing with BackTrack online course, which I can highly recommend – I’ll definitely be looking forward to the video / pdf version of Metasploit Unleashed J

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

3 minute loading times - those were the days

Tue, 22 Sep 2009 04:26:07 -0700

Brings back a few memories J

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Command Line Fu

Sun, 20 Sep 2009 03:31:55 -0700

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

How to be a Computer Expert

Fri, 18 Sep 2009 09:23:26 -0700

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Adding a tape drive to Netware

Fri, 18 Sep 2009 07:53:00 -0700

It's been a while since I've had involvement with Netware configuration, but I've recently had to add a tape drive to a Novell Netware 6.5 SP6 server - the key point is to update STARTUP.NCF on the DOS partition to include the required drivers for the SCSI card. For example, I added the lines:

LOAD NWTAPE.CDM

LOAD LSIMPTNW.HAM SLOT=2

The PCI card is loaded into PCI Slot 2 (hence the line above) - you can check which slot your device has been installed to by checking Novell Remote Manager (http://yourserver:8008/ or https://yourserver:8009/), under 'Manage Hardware' -> 'PCI Devices'. Once the driver has loaded (you can load the above drivers manually, without having to reboot the server), check the device is visible using 'LIST DEVICES' on the console.

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Startup Mode Selector

Sun, 30 Aug 2009 10:57:36 -0700

# it shows whether you have a 32-bit or a 64-bit processor
# it shows whether you have a 32-bit or a 64-bit EFI
# it shows whether the MacOS X Kernel is set to boot in 32-bit or in 64-bit mode
# it shows whether the MacOS X Kernel is running in 32-bit or in 64-bit mode
# it shows whether Apple officially supports booting a 64-bit kernel on your Mac
# it allows you to select whether you want to start the MacOS X Kernel in 32-bit or in 64-bit mode (the setting might be ignored on MacBooks, depending on how Apple implements the restriction)
# accompanying webpage explains what the whole commotion about 32-bit and 64-bit in MacOS X Snow Leopard is about

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Application for Incident Response Teams (AIRT)

Tue, 25 Aug 2009 04:32:44 -0700

AIRT is a web-based application that has been designed and developed to support the day to day operations of a computer security incident response team. The application supports highly automated processing of incident reports and facilitates coordination of multiple incidents by a security operations center.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] WebJob

Tue, 25 Aug 2009 04:32:29 -0700

WebJob downloads a program or script from a remote WebJob server and executes it in one unified operation. Any output produced by the program/script is packaged up and sent to a remote, possibly different, WebJob server. WebJob is useful because it provides a mechanism for running known good programs on damaged or potentially compromised systems. This makes it ideal for remote diagnostics, incident response, and evidence collection. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios such as periodic system checks, file updates, integrity monitoring, patch/package management, and so on.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] DEFT Linux - Computer Forensics live cd

Mon, 24 Aug 2009 23:43:35 -0700

DEFT (acronym for Digital Evidence & Forensic Toolkit) is a Xubuntu Linux-based Computer Forensics live CD. It is designed to meet police, investigators, system administrator and Computer Forensics specialist’s needs.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] need-less light pollution

Mon, 24 Aug 2009 05:53:40 -0700

Light pollution worldwide is increasing faster than ever but why should we care?

Let's face it, there is a good chance you may not have much interest in astronomy and you may not have noticed the orange glow obscuring the night sky before. Perhaps you see other issues as more important than light pollution. If this is you, don't worry, you have come to the right place! This website has been set up to raise awareness of the impact of light pollution on everyone, not just astronomers, and why we should all be more concerned.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Outdoor Lighting Reviews - Energy and money saving anti-light pollution home security lights

Mon, 24 Aug 2009 05:53:26 -0700

Well designed outdoor light fittings can light your home or small business safely and without dangerous glare, and can help you save money and reduce light pollution too. This site reviews the best power-saving sky-friendly home security lights and floodlights available in the UK, and recommends online shops where you can buy them at the best prices.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] NetWitness - Total Network Knowledge™ - Investigator

Mon, 24 Aug 2009 00:13:00 -0700

etWitness® Investigator is the award-winning interactive threat analysis application of the NetWitness NextGen product suite. Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] FOCA OnLine

Wed, 19 Aug 2009 06:28:51 -0700

Tags: no_tag

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] OSSIM (Open Source Security Information Management)

Sun, 09 Aug 2009 13:51:06 -0700

Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc...
Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services.

All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional.

Tags: security management monitor

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Wikto: Web Server Assessment Tool

Sun, 09 Aug 2009 13:19:48 -0700

Last updated 2008/12/14
Release of Wikto 2.1.0.0 (XMAS edition)

Tags: security testing assessment

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Edge-Security - Metagoofil - Metadata analyzer - Information Gathering

Sun, 09 Aug 2009 12:08:54 -0700

theHarvester is a tool for gathering e-mail accounts and user names from different public sources. It's a really simple tool, but very effective.

Highlights and Sticky Notes:

theHarvester 1.4b - Tar (28/05/2009)

Tags: security google harvester

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Details - BattCursor.Net

Tue, 04 Aug 2009 07:09:12 -0700

BattCursor is a very good configurable and thus flexible software. Each feature can free discretion Aktiviert-or disabled are. Also you can determine to yourself when what should happen. BattCursor offers for each function a user-friendly range of events to when what you want.

Tags: tools utilities

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] NirSoft Utilities Panel

Mon, 03 Aug 2009 01:17:47 -0700

NirSoft Utilities Panel is an experimental Web page that contains icons with links to all major NirSoft Utilities as exe files. When you move the mouse over the desired icon, you'll see the current version and the last update date of the utility.

Tags: utilities tools

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] KLS SOFT - WSCC - Windows System Control Center

Mon, 03 Aug 2009 01:16:14 -0700

WSCC is a free, portable program that allows you to install, update, execute and organize the utilities from various system utility suites. WSCC is only an interface, you need to download and install the utilities separately. Alternatively, WSCC can use the http protocol to download and run the programs.

Highlights and Sticky Notes:

This edition of WSCC supports the following utility suites:

Windows Sysinternals Suite (including support for Sysinternals Live service)
NirSoft Utilities

Tags: utilities tools portable

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Microsoft Bluehat Security Briefings

Sun, 02 Aug 2009 11:27:45 -0700

BlueHat is a by-invitation-only Microsoft security conference aimed at bringing Microsoft security professionals and external security researchers together in a relaxed environment to promote the sharing of ideas and social networking. BlueHat is a cutting-edge conference aimed at improving the security of Microsoft products. BlueHat continuously seeks out new and innovative material, highlighting important emergent technologies, techniques, and industry best practices.

Highlights and Sticky Notes:

You'll find session descriptions, speaker bios, and podcast or video interviews with presenters for previous BlueHat events at the following links:

Tags: security microsoft bluehat conference

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] inSSIDer | MetaGeek

Sat, 01 Aug 2009 02:34:52 -0700

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn't work well with Vista and 64-bit XP, we built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems. A year later, inSSIDer was discussed by Lifehacker and Tekzilla!

Tags: security wireless scanner

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] NIST Special Publications (800 Series)

Wed, 29 Jul 2009 05:15:47 -0700

Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

Highlights and Sticky Notes:

SP 800-123 Jul 2008 Guide to General Server Security
SP800-123.pdf

SP 800-115 Sept 2008 Technical Guide to Information Security Testing and Assessment
SP800-115.pdf

SP 800-100 Oct 2006 Information Security Handbook: A Guide for Managers
SP800-100-Mar07-2007.pdf

SP 800-94 Feb 2007 Guide to Intrusion Detection and Prevention Systems (IDPS)
SP800-94.pdf

SP 800-92 Sep 2006 Guide to Computer Security Log Management
SP800-92.pdf

SP 800-88 Sep 2006 Guidelines for Media Sanitization
NISTSP800-88_rev1.pdf

SP 800-86 Aug 2006 Guide to Integrating Forensic Techniques into Incident Response
SP800-86.pdf

SP 800-83 Nov 2005 Guide to Malware Incident Prevention and Handling
SP800-83.pdf

SP 800-61 Rev. 1 Mar 2008 Computer Security Incident Handling Guide
SP800-61rev1.pdf

SP 800-50 Oct 2003 Building an Information Technology Security Awareness and Training Program
NIST-SP800-50.pdf

SP 800-41 Rev. 1 July 9, 2008 DRAFT Guidelines on Firewalls and Firewall Policy
Draft-SP800-41rev1.pdf SP 800-41 Jan 2002 Guidelines on Firewalls and Firewall Policy
sp800-41.pdf

SP 800-40 Version 2.0 Nov 2005 Creating a Patch and Vulnerability Management Program
SP800-40v2.pdf

Tags: security incident response malware

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

[bookmark] Half Price Refresher Training from 7Safe | 7Safe Information Security Services

Sun, 26 Jul 2009 14:33:31 -0700

You’ve experienced 7Safe’s hands-on training before. Techniques and principles move on - so does the training.
Now, available exclusively to individuals who have previously attended the same course title, return to experience a 7Safe Refresher Training course for half the current list price.

Choose from ethical hacking, computer forensics, security incident investigation and ISO 27001.

Highlights and Sticky Notes:

Tags: security training

Posted by: andrewallen

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Sandbox / Wiki now available

Thu, 05 Mar 2009 06:58:23 -0800

Well, this looks like the one year aniversary post... time flies :) Over the years I've kept my notes and bookmarks stored in various ways, and while trying to not duplicate content too much, I've simply not got around to posting new content to my blog. So, I've now decided to put up a (new) wiki, which I class as a sandbox, where I am now starting to drop content into - the idea being I can quickly post usable and interesting content (although don't always expect 'pretty'), with links and references to other parts of the inter-web. Although it is a wiki, it's not available for public editing.

A few pages I've already started include, recommended articles (inc. Books, Magazines, Publications), blogs, conferences, podcasts, software (such as the obligatory list of Firefox extensions) and webcasts (inc. Videos), as well my research into how to automate Kaspersky's Virus Removal Tool (AVPTool), and various Metasploit coolness. The Nokia E71, in my opinion is one of the most functional phones to date, so I've been compiling a list undocumented features and must-have software here.

I have also been putting together a kind of incident response / diagnostic support tool called DIAG.CMD, written in Batch (since on a Windows system, it's the lowest common denominator). Any feedback on this would be most welcome :)

http://feeds.andrewallen.co.uk/andrewallen, digital fingerprint: ve89kj996142ieomwrwmc8mzgx5nqo79

Citrix Web Interface and the Fatal Execution Engine Error

Thu, 13 Mar 2008 16:34:30 -0700

Having recently been focused on a Citrix Presentation Server 4.5 migration, I took some time out to build a development 64-bit environment just to become familiar with any 'gotchas'... This was a single, stand-alone Windows Server 2003 R2 Standard SP2 64-bit operating system, with the 64-bit Citrix Presentation Server 4.5 Enterprise Edition installed, running inside XenServer 4.1 RC7 XenServer 4.1 - I chose to install .NET Framework 3.5 (which includes the required .NET Framework 2.0) and JRE 1.5.0_09.

Additionally, I installed the following components onto the same box:

Citrix License Server 11.3 (inc. Microsoft Visual J# 2.0 )
Citrix Web Interface 4.6 (plus required Access Management Console Extension)

The following hotfixes were then applied to CPS:

Citrix Hotfix Rollup Pack PSE450W2K3X64R01.msp
Citrix Hotfix PSE450R01W2K3X64003.msp
Citrix Hotfix PSE450R01W2K3X64004.msp
Citrix Hotfix PSE450R01W2K3X64005.msp
Citrix Hotfix PSE450R01W2K3X64012.msp
Citrix Hotfix PSE450R01W2K3X64014.msp
Citrix Hotfix PSE450R01W2K3X64016.msp
Citrix Hotfix PSE450R01W2K3X64019.msp
Citrix Hotfix PSE450R01W2K3X64020.msp
Citrix Hotfix PSE450R01W2K3X64023.msp

As a side note, I had installation errors on the rollup, and hotfix 005, but all seems to be working ok... anyway, at some point post-installation the Web Interface decided to stop working. The following error was recorded in the application event log:

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 13/03/2008
Time: 13:05:20
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.>

Server reboots / iisresets had no effect, and after lots of Googling, it looked like there might be a specific .NET hotfix to address the issue (KB913384), however it was only applicable to an older version of the .NET Framework 2.0 - it is supposed to be included / resolved in SP1 (build 1433). Another google confirmed this. After much frustration from a lack of solutions on the Citrix forums / knowledge base, I ended up uninstalling .NET Framework completely (you have to uninstall 3.5, then 3.0 SP1, then 2.0 SP1 in that specific order), then reinstalling the .NET Framework 2.0 RTM (build 42).

Once I then re-installed Web Interface 4.6 (enabling 32-bit mode in the process, as prompted) and then deleted and re-added the existing site within the Access Management Console, it all sprang back into life. I've not yet re-patched .NET to see if it remains functional...

Update 1

The error has occured again:

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 14/03/2008
Time: 08:18:27
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.42 - Fatal Execution Engine Error (7A05E2B3) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.>

This time, the only change I've made is to install the latest Citrix XenCenter console 4.1 RC7, which itself is .NET application. I ended up having to install the KB913384 fix, which this time was appliable to the version of .NET I had installed. I am going to do a bit more testing to see what is causing it to re-fail.

Update 2

And again...

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 17/03/2008
Time: 10:55:32
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.63 - Fatal Execution Engine Error (7A05F093) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.>

This time I had installed and uninstalled Office 2007.