Skip to main content


Showing posts from June, 2010

Live CD for Remote Incident Handling

This paper was written by Bert Hayes. Bert Hayes is a security professional at the University of Texas. When Bert originally wrote this paper, he submitted it to me for the SANS Gold process, and I helped push the paper in the right direction, however, while it was an excellent paper and well written, it didn't really meet the criteria we were looking for.

However, I thought "Wow, what a great idea, what a great paper. I am sure a lot of organizations will benefit from this."

Of course Bert nor I can be held liable for any damage you to do a computer while using this, (just to get that disclaimer out of the way), and it's recommended that if you are going to use the contents of the computer you are doing the investigation on for a prosecution, don't use this. (Changing the state of the data on the drive during a forensic investigation is generally frowned upon.)

But, as I said, this is a great paper and you should definitely download it and give it a read.


I had to submit a bug report

The Google Command Line Tool

Enough of the readers of this blog can be classified as "Command Line Nerds", myself included, and this post is aimed at you.

Apparently they don't have enough to do at Google, so they sit around and make tools to collect your wifi data, read your email and give you ads for them, and various other nifty Google ideas.  (Yes, I still love Google.)

But apparently they had enough time to make a tool to interact with Google via the command line.  Using Python you can do a whole mess of things..

You can Post to Blogger!

google blogger post --title "Just like this" "This is my blog entry, there are many like it but this one is mine"

You can Post to your Google Calendar!

google calendar add "Take out garbage at 7 pm on Tuesday"

You can perform various tasks with your Contacts!

google contacts list name,email --name *joel* > joel.csv

You can edit some Google docs!

google docs edit --title "Document title here"

You can upload photos to Picasa easily…

Apple updates Anti-Malware file

Last year in August I wrote a post called "Snow Leopard is coming..." where I mentioned the XProtect.plist file.  This file protects and defends the OSX system against "downloader" trojans.  Ones that you receive via iChat, or download via Safari, Mail.. basically if you download the trojan to your system.

In the most recent update of Snow Leopard that came out last week (10.6.4), that I didn't cover, it seems Apple has updated the XProtect.plist file to include a new trojan named "HellRTS".

I guess this answers my original question, if they are going to keep it updated, am I am glad they are, however, I'd like to see them update it even more often than that, and of course include more things.  It's better than nothing, I suppose..  but I'd like to see more.

As of right now, there are a whole three trojans protected against in the XProtect file.
You can find this file in the:


Find My iPhone App Now Available

Along with rolling out some nice GUI improvements to MobileMe (yes, I use it.  It's simple, it works, and I don't have to mess with it.) last night for Mail, Contacts, Calendars, etc.  Apple also released a "Find my iPhone app" available from the App Store.

In the past, if you lost your iPhone, you couldn't log into MobileMe from your buddy's phone (or iPad) and find your phone.  Now, with this app, you can do that.

Grab the app: here.

Apple - MobileMe - News - Find My iPhone App Now Available.

Black Background in

I've noticed that for some reason, after you install Safari 5 on OSX, if you are to do a command where it creates an email out of a file.  For instance:

Open a PDF in Preview and you want to email that to someone else, you go to File, and click "Email this PDF" (or similar)  It'll create a new email message, but the background of the mail message will be black.

I've noticed this in Omnifocus as well, if I use a shortcut key to create a "To-Do" from another application by using the "Clipping" function, the background of the "To-Do" will be black.

Well, at least in Mail there is a fix.

If you want to keep the email HTML, Command -A will select the contents of the email, Cut it (not copy it), (command x), then repaste it with Option-Shift-Command-V  (Paste and Match Style -- this is in the Edit menu).  Or...  You can change the email to Plain Text (which will get rid of the black box), Plain Text is in the Format menu.  Or Command Shift T.


Safari 5.0 and Safari 4.1 patches

About the security content of Safari 5.0 and Safari 4.1.

Apple posted Safari 5.0 for 10.5.8 and 10.6, and Safari 4.1 for 10.4.11 yesterday and above is a link to the full patch list (and it's quite extensive)

The things patched in this update are below:

ColorSync (Windows versions only)
Handling of PDF files
Arbitrary code execution (Windows only)
Webkit (tons of updates here including the infamous wushi exploits from team509, also lots of mentions of Chris Evans and Mark Dowd.  Nice work guys.)

Check the full list at the above URL for complete details.

Safari 5. A smackdown to Google?

Safari 5, released yesterday from Apple, introduced many new things (also patched a bunch of Security vulnerabilities as well, I'll touch on those in a second).  One of the things introduced could be interpreted as a smackdown to Google.

I'll make another list:
1)  Faster Javascript Engine
Safari uses a Javascript Engine named "Nitro".  Apple claims that it runs 30% faster than Safari 4, 3% faster than Chrome, and over 2x as fast as Firefox.  I don't know what the degree for error is in those percentage numbers, but that 3% sounds mighty close to me.
2) DNS Prefetching and improved caching
DNS Prefetching works like this.. when you go to a webpage, or you search for something, Safari uses DNS prefetching to look up all the URL's that are found through hyperlinks on a given webpage. I think Chrome has been doing this for awhile, and I know Firefox has been doing it for years, so it's good to Safari doing this as well.  Every little bit helps when it comes to th…

iPhone 4

Yesterday Steve Jobs got up on stage and announced the new iPhone, iPhone 4.  It has a list of slick features, I'll write a couple, then an opinion or two about each.
1. FaceTime
Facetime is a new feature to the iPhone family.  It's basically, Video Calling.  Using the front or the back camera of the iPhone you can make a Video call with one another.  Right now FaceTime is limited to Wifi only, and Apple is going to work with the cell carriers to get their networks up to speed to allow FaceTime on 3G calling.

Opinion:  I think is a really neat innovation.  I can see a lot of use for this, however...  I have a feeling that no one will use it, it will be a pain in the ass for it to work, and it'll get bad press.  I am sure there will be ports to open on the firewall for it to work, and it won't work for $REASON.  I guess we'll find out, but overall I think this is really neat and I'd love to use it with my family, especially after my new baby is born.  It's also…

Burnout videos of 2010 All-Ford Nationals at Carlisle, PA

Here are some videos that I shot this past weekend of the Burnout contest in Carlisle, PA.  These are kinda loud, so mind your speakers.


This lady was 63 years old, she went the whole 3 minutes and smoked the tires!


This was a Starsky and Hutch replica 1975 Gran Torino, complete with sirens, flashing lights, and flashing headlights.  This was a great car:


This one was great, a piece of the rubber flew up and hit me in the arm (that's why the camera moves suddenly when the tire shreds).  Yes, it was hot.


This car was named "Uncle Buck", both of his tires shredded at the same time:


Single Threaded Data Processing Pipelines and the Intel Architecture

VRT: Single Threaded Data Processing Pipelines and the Intel Architecture.

I wanted to bring this post to the attention of my blog readers as well, just in case my readers are also not subscribers to the VRT blog.

Marty Roesch (Sourcefire's benevolent dictator/CTO) guest-blogged on the VRT blog about Snort, multi-threading, Intel architectures, hyperthreading, and cores.  It's a really great post about why

Multithreading isn't all it's cracked up to be, and is only useful when used correctly.  Just because you "Multithread" everything, doesn't mean it'll run faster.  That's a common misconception that Marty is trying to debunk here, and I encourage a read of his article.  Snort is an extremely well performing piece of software and we get a lot of questions about why we aren't pushing "Snort 3.0" harder (as it has multithreading)

Hopefully this post answers some of that.

Pictures from the 2010 Carlisle All-Ford Nationals

Here are some pictures I took at the 2010 Carlisle All-Ford Nationals this weekend up in Carlisle, PA.

I didn't take as many pictures as I should have/wanted, but there were so many cars there it just became overwhelming to try and remember them all.  I annotated each of the photos in the gallery, so for the full caption, just click on the individual photo to make it bigger.

ATM Skimmers: Separating Cruft from Craft

Below is a link to a good article by Brian Krebs (Former reporter for the Washington Post on security) about ATM Skimmers.  I know when I go to an ATM I give the card reader a good yank and fiddle around with it a minute to make sure there isn't anything stuck on there.

Recently my wife's card was used for some fraudulent transactions, and while we still don't know (investigation is underway) how people got the card, the bank did catch the fraud.

You have to be careful out there, even in my small town recently, the local gas station had skimmers installed, which were promptly removed -- but still, you have to be aware of the threat out there.

ATM Skimmers: Separating Cruft from Craft — Krebs on Security.

(Sorry about posting links to other articles recently, I am just trying to keep all my links in one place instead of spreading it across the Internet on a bunch of social media applications.  I figure if I just post everything here, it propagates out.)

Google ditches Windows on security concerns

Trying not to bash Windows here, as I personally think that Windows 7 is a much better operating system than it's predecessors.  However, I think this is interesting.  I've seen this happen at several companies lately.  While Google has been very Mac centric for awhile now, according to friends I have in the company, a conscience effort to move everyone off the platform in such a big company is an interesting effort. / Technology - Google ditches Windows on security concerns.