Sunday, March 16, 2008

Weekly Quality Finds: Music, Passwords, and Microsoft Mixes

Maybe it has just been me feeling sick and mentally fatigued, but this past week seemed to present less than the usual number of interesting blog posts in all my favorite blogs and tech-feed sites.

It was really hard finding anything to be excited about.

I really had to stray far off the beaten-path to find good material.

Miscellanies

The Apple MacBook Air commercial that has been airing have had a singer with a voice that reminded me very much of the Heartless Bastards' lead singer Erika Wennerstrom a bit, both in the style and tempo as well as the "rough-around-the-edges" quality of the voice.

I did a search and found that the singer for the Apple Air commercial is actually a French-born Israeli singer by the name of Yael Naïm and the tune is called "New Soul".  Buzz Sugar has a great post about her as well as some YouTube video links: Singer to Watch: Who’s Singing That MacBook Commercial?

I'll be adding her album to my iTunes collection.

I still say the song is rhythmically very similar to something the HB's would come up with.

BTW, there are a lot of great YouTube videos for the Heartless Bastards; "All This Time", "brazen", and "Grey" for just a few.

Mouse Print - Neat little website devoted to "reading the fine print." Good number of posts that go into the details of all the "gotcha's" associated with consumer goods and services.  Posts average about one a week but they are fun and interesting to read.

Got Passwords?

I don't usually password most of my files or documents at home.  However, Having the tools to manage them is always a good thing. 

I was helping my father-in-law last night (via the fantastic and free ShowMyPC) change his POP3 and SMTP email server settings to the new secure servers and settings after his DSL provider got gobbled up by AT&T.  He didn't remember what his Thunderbird password was and as these were new servers, we were having to enter them in again to authenticate for the first time.

In Thunderbird it is very easy (assuming they have be set to be stored). just go into Tools --> Options --> Security --> View Saved Passwords. Then in the Password Manager, click "Show Passwords."

Got him up and going again.

NirSoft has a great collection of freeware Password Recovery Utilities. The ones I carry on my USB sticks are Asterisk Logger which shows passwords displayed behind asterisks in Windows boxes, Protected Storage PassView which shows passwords of POP3 accounts for IE, Outlook Express and MS-Outlook, IE PassView which shows passwords stored in Internet Explorer, AsterWin IE which allows you to view web-form asterisk hidden passwords in IE, Mail PassView which can recover the passwords for Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts, PstPassword which recovers passwords from Outlook PST files, Access PassView which reveals Microsoft Access database passwords for Microsoft Access 95/97/2000/XP, and AsterWin which allows you to view asterisk hidden passwords in Windows Text boxes.

If you have lots of passwords to manage and want a way to both generate super-secure passwords and save them, then look no further than KeePass Password Safe.  This Open Source (freeware) application cannot be topped when it comes to password management.  It is about as rock-solid dependable as you can get and the GUI is highly refined.  You can install it on your main system, or get and use the USB "portable" version as well.  I will not recommend any other password manager than this one. Period.  That's how good I think it is.

For the few files I do want to password, these may be Microsoft Office and PDF documents I have passworded to prevent modification. Not to hide any secrets.  I also will password compressed files that contain malware that I have located and am saving for review or sending to anti-virus companies for analysis.  I do this to prevent their accidental opening and "re-launch".

For the very select group of files (usually financial in nature) that I do wish to keep 100% secure, I use TrueCrypt to tuck them away in a encrypted file "TrueCrypt" volume.  This Open Source (freeware) product is another of the best encryption programs that I am aware of. The latest version supports entire "live" partition or storage device encryption on the fly, it can create encrypted "virtual disk" files which it can mount so you can access the contents, and it can encrypt the same partition or drive where Windows installed (using pre-boot authentication).  It is really cool and effective.  There are lots of great commercial/enterprise drive/partition encryption products out there, but I must say, this is one of the best and as it is Open Source, it is 100% free and actively being maintained and features added.  The Security Now Podcast covered TrueCrypt in depth in their Episode 41 and the newest features in Episode 133.

But what do you do if you have passworded a file in the past, but you forgot the name and where you saved it? Or maybe you are examining a target system and as part of your review methodology, you want to see if there are any passworded files present?

It would take a lot of time to open every file on the system.

Until now.

Password Encryption Analyzer - (free/$$$) - This product scans a target system to see if any of the over 100 file formats it recognizes are present and passworded.

I installed it on my system and ran the "Recommended" scan.  My drive is a 500GB drive with four partitions.  The program scanned almost 96,000 files in just over 32 minutes.  It found 23 passworded files.  Six were ones that we had ourselves passworded,  four were PDF files that were passworded by their authors against modification/text copying, and the rest were assorted program files passworded by the software developer.

Scan results provide you the file-name, folder path, suggested recovery options, file-type, document type, protection method, and modified date and file size.  It's a pretty big application (by my standards) but seems to be "portable" and can run off USB.

Really neat tool.

Of course, the free version just allows you to find the files.  You have to pony-up for advanced features.  And if you want to actually try to breach the passwords, they do offer their Passware Password Recovery Kit (standard or Enterprise versions available) but we are talking serious three to four-figure $'s here.

Certainly not a tool for everyone, but for those who need it, not a bad utility to have handy.

Other related freeware tools the company offers are Asterisk - Password Unmasker and Instant Messengers.

Spotted via Download Squad.

Microsoft Mix - LUA Tools

I have to stay up on developments on Microsoft products as most all of our systems are Microsoft based.  Usually I am looking for utilities and tips/tricks that will help me better administer the Windows systems we support.

Aaron Margosis' "Non-Admin" WebLog mostly covers Windows security-related issues revolving around the use of "least-privilege" user accounts.  The idea being that to have maximum "system" security, a user's account should be set at a level with the least amount of system privileges necessary to still run the needed applications.  This way if an attack (virus/trojan or otherwise) occurs on the system, the attack vector will have difficulty (or be totally prevented) from doing system-wide damage by leveraging unused higher privileges the user account may carry but the user doesn't ever need.

It's a difficult thing getting this set just right, and Aaron works hard on his blog to clear up misconceptions and provide tips and techniques for both coders and admin's alike.

Two tools that he uses are LUA Buglight and the Microsoft Standard User Analyzer tool.  The MSUA is no longer downloadable as a standalone program, but has been incorporated into the Microsoft Application Compatibility Toolkit v5.0

LUA Buglight helps programmers and sysadmins identify why a program isn't running correctly under "Least-privilege User Account" settings. Download the free file, unzip it, run the exe unpacker and the files are ready to run.  There is a great Word Doc file that provides some great in-depth usage information.

The Microsoft Standard User Analyzer (SUA)..."is a tool that independent software vendors (ISVs) and IT developers can use to diagnose and identify possible application compatibility issues when migrating applications from running as administrator on down level Windows operating systems to Windows Vista which even with administrators run most programs with standard user privileges by default."

Microsoft Mix - IE8 Details

Meanwhile, the IEBlog team has had a number of interesting posts providing more background information on the Internet Explorer 8 version.

IEBlog : Installing IE8 - details on what systems IE8 is supported on and how to install/remove it.

IEBlog : IE8 and Loosely-Coupled IE (LCIE) - technical details on how IE8 may be more secure by "sandboxing" each tab/frame element process from the IE8 iexplore.exe system process.

IEBlog : The IE8 Favorites Bar - nice light review of some of the finer elements that are changing in the "favorites" bar in IE8.

IEBlog : Address Bar Improvements in Internet Explorer 8 Beta 1 - some changes are harder to find than others.

IEBlog : Using The Emulate IE7 Button - yes, I know it is hard to believe, but many sites don't recognize the IE8 user agent string as a supported/allowed web-browser.  IE8 beta currently ships with an embedded "emulate IE7" button so you can try to trick web-servers into thinking you are really using IE7. Clever.

Curious now and want to try out this very beta version of the next Internet Explorer build?

I would warn you against it, but that might not do any good....

Here you go: Internet Explorer 8 Beta: Home Page

You are on your own.

We haven't even officially adopted/approved use of IE7 yet in our computing environments; we are still using IE6.  Only us desktop support and IT folks are using it.  No word yet when (if ever) we will release it to the masses of our users.  So it seems kinda funny to already be talking about IE8 right now.

Me? I'll keep following IE8's developments, and may eventually get around to loading it on one of my Virtual PC XP systems to play around with it.  But for the long-haul, I'm still sticking with Firefox 3.

Microsoft Mix - Workstation Migration Assistant GUI (beta) out

Dan Cunningham has been very hard at work making a GUI interface for Microsoft's User State Migration Tool (USMT).   T isn't really for most individual (home) users.  USMT is a command-prompt based tool, so it can be a bit clunky.  Having the GUI wrapper should make the process much easier for many administrators.  It has been in beta for quite a while, but now Dan has made available a public download for the beta version

Workstation Migration Assistant 1.0 RC1 - via Dan Cunningham.

Note, this tool does require the Windows User State Migration Tool (USMT) to be installed. The program will auto-download the file (upon user confirmation) or you can download the latest release (version 3.0.1) from the above link.

Source systems supported are Windows 2000, XP, and Vista.  Destination systems supported are XP and Vista only.

Related link of Windows user-account transfer tools and resources: Random Signals: A Linkfest.

Microsoft Mix - Vista SP1 coming soon!

Finally, word on the street is that this week, Microsoft will start publicly releasing Windows Vista SP1.  You can manually download the "standalone" installer/update file or wait until April when it should show up in the Windows Updates offerings.  TechBlog's Dwight Silverman recently provided a great list of things you should do to get your Vista system ready for the SP1 upgrade: TechBlog: Available next week: Windows Vista SP1.

You might want to get your Vista Recovery Disk burned and ready in advance. And make sure you have your OEM system-restore disk handy as well. 

Now...where did I put ours?

No word when XP SP3 (final) will get presented to the public launch-pad.

--Claus

No comments: