InfoSecPodcast.com » Software

New blog theme

Chris Harrington — Thu, 26 Jun 2008 15:06:09 +0000

I’ve been working on a new theme for the blog. Please let me know what you think of the new theme!

Thanks!

–Chris

Security for Web Meetings?

Chris Harrington — Wed, 25 Jun 2008 15:25:04 +0000

I am seeing an increased need and proliferation of web based collaboration tools. WebEx, GoToMeeting, MS LiveMeeting, etc. While these tools are necessary as we see people and organizations looking for collaboration, how secure are they? A couple concerns come to mind. NOTE: I have not done any research into this nor read much of the product literature.

What can these services see?
In a hosted model these companies act a the middle man between the person giving a PowerPoint presentation and the ones viewing it, as an example. Can WebEx or GoToMeeting see the presentation? If so, is it done overtly or covertly? Any audit trail? Is the presentation stored on their servers?

Sharing of desktops?
I know some of these services have the ability to share their desktops or applications. Some can even give control of their entire PC over to another person in the meeting. That could have some significant security implications in certain environments.

How do you handle these technologies? Do you block them? Have an approved one and block the rest?

I would love to hear what you do.

–Chris

Technorati Tags: GoToMeeting, WebEx, Web Meeting

Another reason to like a Mac

Chris Harrington — Fri, 26 Oct 2007 14:27:03 +0000

I saw this today over at CrunchGear. A completely un-attended OSX Leopard upgrade. Yes, you probably can do this on Windows. I would imagine it would take a custom upgrade CD, RIS, or some other magic. Which is fine if you are an administrator on a corporate network. Home users are a different story, most could not do that.

For the record, I do not nor have I ever owned a Mac. I am however lobbying for one at work. John, hint hint.

–Chris

Technorati Tags: Mac, OSX, Leopard

Useful Windows applications

Chris Harrington — Tue, 21 Aug 2007 11:48:52 +0000

Over the last few days I have come across some rather useful (to me anyway) Windows apps. Feel free to post anything you have found recently as well.

PC Decrapifier
This little utility does a great job of removing software that comes bundled with a new PC like AOL, Dell URL Assistant, trial version of AV products.

MediaInfo
This one is for the media geeks out there. An open source project that helps you work with those media files that will not play. MediaInfo will identify the file and what codec or encoding used and provide a link to download the proper player and / or codec. This is a much safer way to download codecs than just pulling down a random pack off the web. There are so many trojans and other nasties out there pretending to be video codecs.

OpenProj
I love this one. An open source, cross-platform version of Microsoft Project. It even opens your existing .mpp project files.

Easy Duplicate Finder
The name pretty much describes it. If you need to free up some drive space this tool will find the duplicate files on your drive.

There is also a great list of replacements for Windows applications (like Notepad, Explorer, Paint) over at Lifehacker

–Chris

Technorati Tags: OpenProj, MediaInfo, Lifehacker, PC Decrapifier

Firefox extension for Pen Testing

Chris Harrington — Wed, 06 Dec 2006 13:49:44 +0000

I found an extension for Firefox called TamperData. It allows you to view and modify HTTP requests. Useful for testing those home grown (or not so home grown) web apps. There are probably better tools for the job but this is a quick tool when you don’t want to pull out Spike Proxy or others.

–Chris

Technorati Tags: Firefox, Tamperdata, pentest, Information Security

I need a GOOD Anti-Spam Client

Chris Harrington — Sat, 04 Nov 2006 18:46:40 +0000

I have about 6 different email addresses that I use Outlook 2003 to manage. So far I have tried McAfee’s AntiSpam client, Spambayes and Norton’s as well. My personal opinion is that McAfee’s and Norton’s suck when it comes to their detection rate. Spambayes does a much better job but it’s system requirements bring Outlook (and the rest of the system) to its knees when processing new mail.

If you have a favorite AntiSpam client that works with Outlook 2003 please let me know what it is and why you like it. Please DO NOT tell me to switch mail clients. I have an MS Exchange environment and make heavy use of shared calendars , published folders and most importantly RPC over HTTPS. I know there are alternatives like Evolution for Windows and Thunderbird / Lightning that would get me most of the way. It’s the RPC over HTTPS function that seals the deal for me.

Thanks!!

–Chris

Technorati Tags: Spam, Outlook, Thunderbird, Evolution, RPC over HTTPS, McAfee, Norton, Spambayes, Information Security

A GUI for WinXP slipstream CD’s

Chris Harrington — Thu, 02 Nov 2006 01:05:31 +0000

For those who deploy Windows XP from CD you know what a pain it is to have to apply all the updates to a fresh install. Back a few years ago I used a technique called slipstreaming where you could create a WinXP install CD that had these updates already included. It was a bit of a pain to create these CD’s through a manual process. Mike over at MikeTechShow.com posted a link recently to an application called RVM Integrator. It is basically a GUI front end to help create these time saving CD’s. In addition to the latest service pack and hotfixes you can install other applications like Adobe Acrobat, Firefox, Quicktime, etc.

I have not tried it yet but it looks to be a real time saver for those who don’t use VMWare.

–Chris

Technorati Tags: Windows XP, SP2, Slipstream, Miketechshow, vmware

Top 10 Open Source Windows Applications

Chris Harrington — Fri, 20 Oct 2006 21:10:37 +0000

Gina at Lifehacker posted a list of her top 10 open source favorites for Windows. Of course FireFox and Thunderbird are on the list. There are a few noteworthy security apps as well, such as ClamWin, TrueCrypt and Keepass.

–Chris

Technorati Tags: Open Source, Windows, ClamWin, TrueCrypt, Keepass, Firefox, Thunderbird

15 Windows Explorer replacements

Chris Harrington — Tue, 17 Oct 2006 15:59:14 +0000

SimpleHelp has compiled a list of 15 replacement programs for Windows Explorer. There is a mix of free and commercial tools alike. My personal favorite is A43.

–Chris

Technorati Tags: Windows Explorer

Security Search Plugins for Firefox

Chris Harrington — Thu, 13 Jul 2006 22:50:28 +0000

One of the things I enjoy most about Firefox is it’s ease of customization. This includes the ability to write search plugins for your favorite sites. This allows you to search your favorite sites just by entering your search phrase in Firefox’s search box. If you have not tried Firefox…you should. It makes a great alternative to Internet Explorer. Click the link below to give it a spin.

There are limitations since the search plugins only support the HTTP Get method, not HTTP Post. This is unfortunate since Post is a popular method of submitting phrases to search mechanisms. Being a self-proclaimed Security Geek (and Firefox user) I’ve written plugins for several security related sites including SecurityFocus, Secunia, OSVDB and others. I’ve also included ones for PacketStorm, CVE, SANS, ISECOM and Help Net Secrity that I did not write but found on the web in various places like Local Area Security. To install the plugins you can either

a. Click on the link below for the plugin you want and it will be installed automatically.

b. Download this Zip and extract the contents to your Firefox searchplugin directory. That directory is here (C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\XXXXXXX.default\searchplugins)

Since we are on the subject of search plugins, there is a good Firefox extension that makes it easy to delete search plugins you no longer want. It’s called SearchPluginHacks and you can get it here. There are also many, many more plugins on the Mozilla site here.

If you have any questions or comments please let me know.

Bleeding Snort
CVE Keyword
CVE Name
Help Net Security
ISECOM Ports
McAfee Antivirus
Open Source Vulnerability Database
PacketStorm Security
SANS Reading Room
Secunia
Securityfocus
Snort

All plugins in a single Zip can be found here.

–Chris

Technorati Tags: Firefox, Security, Search Plugins