Friday, June 25

Live CD for Remote Incident Handling

This paper was written by Bert Hayes. Bert Hayes is a security professional at the University of Texas. When Bert originally wrote this paper, he submitted it to me for the SANS Gold process, and I helped push the paper in the right direction, however, while it was an excellent paper and well written, it didn't really meet the criteria we were looking for.

However, I thought "Wow, what a great idea, what a great paper. I am sure a lot of organizations will benefit from this."

Of course Bert nor I can be held liable for any damage you to do a computer while using this, (just to get that disclaimer out of the way), and it's recommended that if you are going to use the contents of the computer you are doing the investigation on for a prosecution, don't use this. (Changing the state of the data on the drive during a forensic investigation is generally frowned upon.)

But, as I said, this is a great paper and you should definitely download it and give it a read.

  • http://security.utexas.edu/consensus/How_To_UTIRD2.pdf


Enjoy

Friday, June 18

The Google Command Line Tool

Enough of the readers of this blog can be classified as "Command Line Nerds", myself included, and this post is aimed at you.

Apparently they don't have enough to do at Google, so they sit around and make tools to collect your wifi data, read your email and give you ads for them, and various other nifty Google ideas.  (Yes, I still love Google.)

But apparently they had enough time to make a tool to interact with Google via the command line.  Using Python you can do a whole mess of things..

  • You can Post to Blogger!


google blogger post --title "Just like this" "This is my blog entry, there are many like it but this one is mine"


  • You can Post to your Google Calendar!


google calendar add "Take out garbage at 7 pm on Tuesday"


  • You can perform various tasks with your Contacts!


google contacts list name,email --name *joel* > joel.csv


  • You can edit some Google docs!


google docs edit --title "Document title here"


  • You can upload photos to Picasa easily!


google picasa create --album "Photos of my car" ~/Pictures/Mustang/*.jpg


  • You can even upload videos to Youtube!


google youtube post --category Entertainment video.mov

They have a package available for debian (ubuntu) and they have a tar.gz bundle as well.  So happy computing, check it out here.

But You Know, this might be nifty for uploading pictures to picasa, or scripting it to upload many things to docs, or youtube.  But you know the one thing you can't do with your google command line?

Search Google.

Apple updates Anti-Malware file

Last year in August I wrote a post called "Snow Leopard is coming..." where I mentioned the XProtect.plist file.  This file protects and defends the OSX system against "downloader" trojans.  Ones that you receive via iChat, or download via Safari, Mail.. basically if you download the trojan to your system.

In the most recent update of Snow Leopard that came out last week (10.6.4), that I didn't cover, it seems Apple has updated the XProtect.plist file to include a new trojan named "HellRTS".

I guess this answers my original question, if they are going to keep it updated, am I am glad they are, however, I'd like to see them update it even more often than that, and of course include more things.  It's better than nothing, I suppose..  but I'd like to see more.

As of right now, there are a whole three trojans protected against in the XProtect file.
  • OSX.RSPlug.A
  • OSX.Iservice
  • OSX.HellRTS

You can find this file in the:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/

directory.

This article by Sophos turned me onto the update, but I reposted without the conspiracy theories:

http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates

Find My iPhone App Now Available

Along with rolling out some nice GUI improvements to MobileMe (yes, I use it.  It's simple, it works, and I don't have to mess with it.) last night for Mail, Contacts, Calendars, etc.  Apple also released a "Find my iPhone app" available from the App Store.

In the past, if you lost your iPhone, you couldn't log into MobileMe from your buddy's phone (or iPad) and find your phone.  Now, with this app, you can do that.

Grab the app: here.

Apple - MobileMe - News - Find My iPhone App Now Available.

Thursday, June 17

Black Background in Mail.app

I've noticed that for some reason, after you install Safari 5 on OSX, if you are to do a command where it creates an email out of a file.  For instance:

Open a PDF in Preview and you want to email that to someone else, you go to File, and click "Email this PDF" (or similar)  It'll create a new email message, but the background of the mail message will be black.

I've noticed this in Omnifocus as well, if I use a shortcut key to create a "To-Do" from another application by using the "Clipping" function, the background of the "To-Do" will be black.

Well, at least in Mail there is a fix.

If you want to keep the email HTML, Command -A will select the contents of the email, Cut it (not copy it), (command x), then repaste it with Option-Shift-Command-V  (Paste and Match Style -- this is in the Edit menu).  Or...  You can change the email to Plain Text (which will get rid of the black box), Plain Text is in the Format menu.  Or Command Shift T.

Plain Text is usually better anyway.

Tuesday, June 8

Safari 5.0 and Safari 4.1 patches

About the security content of Safari 5.0 and Safari 4.1.

Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it's quite extensive)

The things patched in this update are below:

  • ColorSync (Windows versions only)

  • Phishing

  • Handling of PDF files

  • Arbitrary code execution (Windows only)

  • Webkit (tons of updates here including the infamous wushi exploits from team509, also lots of mentions of Chris Evans and Mark Dowd.  Nice work guys.)


Check the full list at the above URL for complete details.

Safari 5. A smackdown to Google?

Safari 5, released yesterday from Apple, introduced many new things (also patched a bunch of Security vulnerabilities as well, I'll touch on those in a second).  One of the things introduced could be interpreted as a smackdown to Google.

I'll make another list:

1)  Faster Javascript Engine


Safari uses a Javascript Engine named "Nitro".  Apple claims that it runs 30% faster than Safari 4, 3% faster than Chrome, and over 2x as fast as Firefox.  I don't know what the degree for error is in those percentage numbers, but that 3% sounds mighty close to me.

2) DNS Prefetching and improved caching


DNS Prefetching works like this.. when you go to a webpage, or you search for something, Safari uses DNS prefetching to look up all the URL's that are found through hyperlinks on a given webpage. I think Chrome has been doing this for awhile, and I know Firefox has been doing it for years, so it's good to Safari doing this as well.  Every little bit helps when it comes to the web I guess.

3) Bing


Apple added the Bing search engine in addition to Google and Yahoo! that were already in the browser.  I've only used Bing a couple times when it first came out, thought it was inferior and stuck with Google.  However, since it's a choice now in the search bar of the Safari Browser (I switch back and forth between Safari and Google Chrome) I'll give Bing a shot.  We'll see.

4) Safari Extensions


Apple has had extensibility in Safari for a couple versions now, so it seems the only thing that is new about it is that they are pushing it hard now.  Already there are a bunch of extensions coming out, so we'll see how far this goes.

5) Smarter Address Field


Sure.  Not really a big deal, but it does better suggestions using your history than it used to.

6) Location Services


It's been in Chrome for awhile now, so glad to see it's in Safari finally, but the browser can now be aware of your location.  For a good example of how this works, go to http://maps.google.com with either Safari or Chrome, and hit this button (the blue one):



That's the location button, the browser should use CoreLocation and be able to find you.

7) Better Html5 support


Hooray.  But every browser should be doing this.

8) Full-screen view and Closed Captions for html5 video


Good. Also glad when computers can help out in Assistive ways (like Closed Captioning)

9) and Finally, Safari Reader


This is the thing I think is the smackdown to Google.  Reader is kinda like a "cleanup" for webpages.  Kinda like Readability is, I blogged about that awhile back as well.  So, let me give you an example, I'll just browse to TUAW.com right quick:



Ad, Ad, Ad, header, links, annoying, annoying...

Now, in the url bar you'll see a button that says "Reader":



When you hit that button, everything is stripped away from the page, and you only get the article:



Nice.  Very nice.  Then, if you mouse over it, you get these options:



Zoom, (and it remembers how big you want your text too!), Email (just the "Reader"-ized version of the webpage), Print, and close.

Why do I say this screws Google?  How does Google make money?  Ads.

This removes Ads.

iPhone 4

Yesterday Steve Jobs got up on stage and announced the new iPhone, iPhone 4.  It has a list of slick features, I'll write a couple, then an opinion or two about each.

1. FaceTime


Facetime is a new feature to the iPhone family.  It's basically, Video Calling.  Using the front or the back camera of the iPhone you can make a Video call with one another.  Right now FaceTime is limited to Wifi only, and Apple is going to work with the cell carriers to get their networks up to speed to allow FaceTime on 3G calling.

Opinion:  I think is a really neat innovation.  I can see a lot of use for this, however...  I have a feeling that no one will use it, it will be a pain in the ass for it to work, and it'll get bad press.  I am sure there will be ports to open on the firewall for it to work, and it won't work for $REASON.  I guess we'll find out, but overall I think this is really neat and I'd love to use it with my family, especially after my new baby is born.  It's also going to be an "Open Standard", so hopefully lots of people build this into their phones/apps.  iChat probably won't get it until 1o.7, and the iPad won't get a camera until Round 2.

2. Retina Display


The Retina Display is a higher resolution screen 960x640 at 326 dpi.  It seals the front glass to the LCD by lamination (I believe that's how it works) so it eliminates the "Depth" in between the front glass and the icons.

Opinion:  Cool.  Love me some higher resolution.  Not much bad you can say about that.

3. Multitasking


The iPhone 4 has Multitasking through the use of services (instead of full apps running in the background).

Opinion:  Cool.  About time.  I've been really, really content with using one app at a time, EXCEPT when I am using something like Instant Messenger, or where I need to go back and forth really quickly between apps, and the app I need to switch back and forth to doesn't remember where I was at the last time I used the app.  Really annoying.  So glad this is getting fixed.  I've occasionally wanted multitasking on the iPhone, but I've wanted it more on my iPad.

4. HD Video Recording


You can now record HD (720p) video on the iPhone with it's new 5 Megapixel camera, put it into iMovie (a new app for the iPhone) make your own home movies and send them out on the internet.

Opinion:  Good.  I've been very content with the camera that is in my iPhone 3GS, so a better camera is always welcome, however, I know once you record video on the 3GS and try and MMS it to someone, it can be annoying as shit waiting for the upload to take place.  I know uploading a video from the iPhone 4 to Youtube, unless some magic happens, especially on the processor side..  sending a 720p video somewhere is going to be awful and take forever.

5. Mail


Unified inbox, email threading, and multiple Exchange accounts

Opinion:  About time.  I've been just fine the way it has been, however, I'm glad they are making it better.  The unified inbox especially.

6. Folders


The ability to group your apps together in a single button.

Opinion:  Useful.  I'll definitely use it to group things like games and Productivity apps together.  I've tried not to put too many apps on my phone.  But I've met some people that have pages upon pages of apps and this will be good for them.

7. iBooks


The ability to read your iBooks that you've purchased for your iPad up until now, on your iPhone.  Also includes a PDF reader (also coming to the iPad).

Opinion:  Okay.  I think reading a book on that small of a screen will be difficult, but we'll see.  I really like reading on my iPad, but it's big.  I also like the fact that PDFs can now be in a native app.

8. Stainless Steel case design


It doubles as the antenna for the phone and it gives it rigid stability.

Opinion:  Great.  Especially if it reduces the amount of calls I drop.  Looking at you AT&T.

9. Glass front and back


It has black (or white) Glass on the front and back of the phone as faces.

Opinion:  Am I going to scratch the shit out of this thing?  My iPhone glass hasn't scratched yet, so I feel okay I guess.  Whereas the plastic black of my iPhone 3GS is scratch city.

10. Extra Microphone for Noise Cancellation


There is now a Microphone on the top of the phone to listen to ambient noise and cancel it out.

Opinion:  If it's as good as the Jawbone, AWESOME.

Things that are missing still:

  • The ability to open a .ics file (Calendar invite) in Mail and add it to your calendar.  I mean, seriously?  It's not clear if iOS 4 will allow this, but we'll see.

  • Note syncing OTA.  Really?  I still have to plug in my iPhone to my laptop to sync notes?  No thanks, I'll use Evernote.

  • The ability for the "place" in a movie or song to auto-sync back to your actual library, through MobileMe, and down to other devices.  That way when I put down my laptop and pick up my iPad to watch the same movie, it's at the same place.

Screen shot 2010-06-08 at 9.24.56 PM

Screen shot 2010-06-08 at 9.24.37 PM

Screen shot 2010-06-08 at 9.23.44 PM

Screen shot 2010-06-08 at 9.09.26 PM

Screen shot 2010-06-08 at 9.02.57 PM

Monday, June 7

Burnout videos of 2010 All-Ford Nationals at Carlisle, PA

Here are some videos that I shot this past weekend of the Burnout contest in Carlisle, PA.  These are kinda loud, so mind your speakers.

Enjoy:

This lady was 63 years old, she went the whole 3 minutes and smoked the tires!

httpv://www.youtube.com/watch?v=h7udeweXLVg

This was a Starsky and Hutch replica 1975 Gran Torino, complete with sirens, flashing lights, and flashing headlights.  This was a great car:

httpv://www.youtube.com/watch?v=PagdZKlMkW8

This one was great, a piece of the rubber flew up and hit me in the arm (that's why the camera moves suddenly when the tire shreds).  Yes, it was hot.

httpv://www.youtube.com/watch?v=i3UHAfT3_LA

This car was named "Uncle Buck", both of his tires shredded at the same time:

httpv://www.youtube.com/watch?v=PL00p79lN-Q

Single Threaded Data Processing Pipelines and the Intel Architecture

VRT: Single Threaded Data Processing Pipelines and the Intel Architecture.

I wanted to bring this post to the attention of my blog readers as well, just in case my readers are also not subscribers to the VRT blog.

Marty Roesch (Sourcefire's benevolent dictator/CTO) guest-blogged on the VRT blog about Snort, multi-threading, Intel architectures, hyperthreading, and cores.  It's a really great post about why

Multithreading isn't all it's cracked up to be, and is only useful when used correctly.  Just because you "Multithread" everything, doesn't mean it'll run faster.  That's a common misconception that Marty is trying to debunk here, and I encourage a read of his article.  Snort is an extremely well performing piece of software and we get a lot of questions about why we aren't pushing "Snort 3.0" harder (as it has multithreading)

Hopefully this post answers some of that.

Pictures from the 2010 Carlisle All-Ford Nationals

Here are some pictures I took at the 2010 Carlisle All-Ford Nationals this weekend up in Carlisle, PA.

I didn't take as many pictures as I should have/wanted, but there were so many cars there it just became overwhelming to try and remember them all.  I annotated each of the photos in the gallery, so for the full caption, just click on the individual photo to make it bigger.

http://gallery.me.com/joel.esler/100207

Sunday, June 6

Pictures by a 3 year old

We occasionally let my daughter have one of our cameras so she can take pictures (which she apparently loves to do).  Here are a few of her shots.

http://gallery.me.com/joel.esler/100199

Yes, I know this is just a link to MobileMe, but that's where I am putting my pictures.

Thursday, June 3

ATM Skimmers: Separating Cruft from Craft

Below is a link to a good article by Brian Krebs (Former reporter for the Washington Post on security) about ATM Skimmers.  I know when I go to an ATM I give the card reader a good yank and fiddle around with it a minute to make sure there isn't anything stuck on there.

Recently my wife's card was used for some fraudulent transactions, and while we still don't know (investigation is underway) how people got the card, the bank did catch the fraud.

You have to be careful out there, even in my small town recently, the local gas station had skimmers installed, which were promptly removed -- but still, you have to be aware of the threat out there.

ATM Skimmers: Separating Cruft from Craft — Krebs on Security.

(Sorry about posting links to other articles recently, I am just trying to keep all my links in one place instead of spreading it across the Internet on a bunch of social media applications.  I figure if I just post everything here, it propagates out.)

Contact Me

You may contact me at the following email address:

joel.esler [at] me.com

Follow me on Twitter: http://twitter.com/joelesler

or

Call me below:



Type YOUR name and number in the above Google Voice box to contact me.

Tuesday, June 1

Google ditches Windows on security concerns

Trying not to bash Windows here, as I personally think that Windows 7 is a much better operating system than it's predecessors.  However, I think this is interesting.  I've seen this happen at several companies lately.  While Google has been very Mac centric for awhile now, according to friends I have in the company, a conscience effort to move everyone off the platform in such a big company is an interesting effort.

FT.com / Technology - Google ditches Windows on security concerns.