Password manager LastPass

,

safeHaving problems remembering those damn passwords?

Well there are tons of password managers out there, so how is this one different?  Well it is cloud based and that gives you the advantage that your passwords are also stored in the cloud (encrypted of cause), so if you need them on a different machine or you reinstall – yep you guessed your passwords are still there.

Features like browser integration etc. is still there so that is pretty regular.

https://lastpass.com/

I have not yet tried this, but it sounds neat.

Two good alternatives (not cloud based) are;
http://passwordsafe.sourceforge.net/
http://keepass.info/

/by

Enhanced Mitigation Evaluation Toolkit 1.0.2

,

Microsoft has released a nifty FREE security ‘suite’ to protect just about any existing .exe file, this is done by hardening the existing compiled .exe file by adding DEP and other neat protection features (overflow protection etc) – for the “full” description see link at the bottom.

The documentation is sadly very poor, but here is a quick guide to getting started.

The concept would be something like this;

Download; http://go.microsoft.com/fwlink/?LinkID=162309

Install/copy the files to;

 C:\windows\system32

Find an exefile you want to protect (eg. notepad.exe)

Start a command prompt and type;

C:\>EMET_conf.exe --add c:\windows\notepad.exe

This is the output;

EMET 1.0.2 Adding c:\windows\notepad.exe to EMET-ized processes: Ok

Type;

EMET_conf.exe --list

to list all protected applications.

Once the above is done the application is protected, protected against what?  Well protected by among other DEPwhich will greatly improve security against buffer overflows etc. plus a few other protection schemes.  The cool thing is that this is done without modifying the application, and hence just about any application can be protected.  Note, not all applications may work when protected, if you protect an application that afterwards no longer work then unprotect it from a command prompt by typing

C:\>EMET_conf.exe --delete <application file> (eg. c:\windows\notepad.exe)

Warning!!!

Do not remove the EMET files from c:\windows\system32 before unprotecting the .exe files, the protected applications WILL NOT RUN without these files (they will still work on another machine, the .exe files are not modified).

Links;
http://blogs.technet.com/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx

http://go.microsoft.com/fwlink/?LinkID=162309

Update Nov 5th 2009;

After working a bit with this EMET I contacted their technical dept. to get some info on how it works (as mentioned the documentation is fairly superficial), and I actually got something useful back;

The protection is ‘obtained’ by setting a debug code that launches the application via the EMET launcher (EMET_launcher.exe), this is done by creating a key for the protected application under “Image File Execution Options” in registry “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options” .  Thus every time you launch the protected application the execution is intercepted by “Image File Execution Options” and passed on to “EMET_launcher.exe” and launched in a shielded environment.

An interesting detail is that if you include a path when adding an application (EMET_conf.exe –add c:\windows\notepad.exe) then this will only affect this one file (eg. c:\windows\notepad.exe), but if you only protect like this; EMET_conf.exe –add notepad.exe then ALL instances of notepad.exe will be protected (no matter where they are on the disk)..  Renaming a protected file will remove the protection, it only works by file name.

The latter might sound like fairly poor protection and/or easy to bypass, however keep in mind this is not an antivirus solution it is an additional shielding against known and unknown buffer overflow (and more)  for existing applications, so with this in mind I think it is ok..  EMET is an easy to implement additional security feature.

/by

Microsoft Security Essentials – LMHost file

Just a quick update on my previous posting regarding “Microsoft Security Essentials”. It has been brought to my attention, that there is a minor issue during the installation process. – During the “Microsoft Security Essentials” installation the LMHost file is replaced with a new one, now most users will never notice this – but if you made additions to your LMHost file (for security or anti commercial wise) you might find this annoying and might have spend some time debugging before you found this (your original lmhost.ini is renamed to lmhost.bak btw).

Nothing major, just something to think about.

/1 Comment/by

File check-summing – MD5

,

winmd5_screenshotSome times you download large files and you might want to verify the integrity of the file, or it could be that you are the distrustful type and simply want to verify the file integrity just because you can!?

MD5 is an older check-summing algorithm, basically you put data through this algorithm and it spits out a long check-sum – change as much as a comma in the file or text and the check-sum changes.  MD5 is no longer considered ‘safe’ as some vulnerabilities have been discovered, however it would still be complicated to ‘fake’ the right check-sum for a file – so for something as trivial as file check-summing I would consider MD5 safe enough – then again it depends what are you looking for corruption errors or deliberate attempts of tampering (for the latter you should perhaps go with SHA1 instead).

Fine, so you got the MD5 check-sum (eg. 73f48840b60ab6da68b03acd322445ee) from the website, how do you compare it to the file you just downloaded?

Well I found this util which is free and fairly easy to use.
http://www.winmd5.com/?rid=winmd5

Direct Download

/by

Microsoft Security Essentials – Final version released

,

Microsoft-Security-EssentialsThe long awaited “Microsoft Security Essentials” is released 🙂  and as the beta looked promising and the company I work for has been using “Forefront Client Security” (the corporate version) for a year now, I was looking forward to trying this out…

I fired up my browser and went to “http://www.microsoft.com/security_essentials/“, however as I live in Denmark I was met by this message;

Not available in your country or region
You appear to be in a country or region where
Microsoft Security Essentials is not available.
Thank you for your interest in Microsoft Security Essentials.

Shown in 9 languages (of cause not in Danish), well bummer…   However as I have access to a US proxy I just changed the proxy settings and things brightened up 🙂  So I am now the happy ‘owner’ of “Microsoft Security Essentials”, the thing about this is it’s free 😀

Should you want to check this product out, just direct your browser to; http://www.microsoft.com/security_essentials/

And should you get the same annoying message stating that it is ‘Not available in your country’, then you might want to take a look at; www.torproject.org  TorProject is mostly an anonymity solution that allows you to browse without being tracked by IP etc, however they also offer the possibility to select which breakout/proxy you wish to use, and here you can select a US breakout and you can fool the MS server into letting you download all the same – you may also need to modify your IE settings to show a US regional code etc. but it should all be possible..

Want more details and maybe a review?
Visit here; http://www.winsupersite.com/win7/mse.asp

Enjoy.

Update!
You may be able to download MSE from here even if you are not in the US 🙂

/by

Yubikey II – got it

, ,

yubikeySo I just received my YubiKey II in the mail yesterday, it’s quite nice not as pretty as the original YubiKey but way more robust.

What is a Yubikey you ask, well that is complicated to explain, but basically it’s a token that will generate one time passwords – you can hence use it to login to websites and services (that of cause need to support the Yubikey), the cool thing here is that with “One time passwords” you do not need to fear that someone steals your password (malware, virus or keylogger) as you get a new password every time you use the key to login..

It’s way cool, and quite easy to implement on your own website or in your own software as there are numerous public API’s available..

The company behind and their description of the key
http://www.yubico.com
http://www.yubico.com/products/description/

Various videos on the Yubikey
http://www.youtube.com/results?search_query=yubikey&search_type=&aq=f

A technical walk through of the Yubikey
Security Now – Episode #143 – 08 May 2008 – 84 min.
http://media.grc.com/sn/sn-143-lq.mp3

Developers look here
http://www.yubico.com/developers/clients/

Update; 2010 January
Coupon/discount code available here;
http://www.ghacks.net/2010/01/12/yubico-usb-key-provides-extra-login-protection-security/

/by

Protect your data – block USB mass storage

,

Do your PC’s or network contain important confidential data, and are you afraid of data theft by employees?

In that case take a look at this article, it describes how to disable USB mass storage devices (USB pens, disks) on machines complete with GPO/ADM templates and all.

http://diaryproducts.net/about/operating_systems/windows/disable_usb_sticks

Based in part on this article (German);
http://www.gruppenrichtlinien.de/index.html?/HowTo/usb_sticks_deaktivieren.htm

/by

Free personal email certificate

,

clip_image001Would you like a FREE certificate so you can send signed and encrypted emails?

Well seek no further, here you can get a 100% free certificate so you can start encrypting and signing your mails (note for encrypting your recipients will also need to have a certificate, this is how it is supposed to work)…  But you can sign mails right out of the box.

http://www.comodo.com/home/internet-security/free-email-certificate.php

/by

Account locked out – debugging

, ,

If you are a sysadmin you have likely experienced that some odd user keep getting his/her Windows Domain Account locked out, there can be numerous reasons for this but while debugging the exact reason the user keep getting locked out and keep calling you every hour or so to be unlocked.

Well I came up with a workaround, you download a simple freeware utility called unlock.exe, and then schedule a batch job to run every 15-30 min that simply unlocks the account.  Now this is not the solution, as you really need to find the cause, but as debugging things like these can take some time and perhaps you have other pressing matters as well – then this is a fair workaround.

The batch file would look something like this;
unlock.exe . username

The unlock command also allow for listing locked accounts, and now I am thinking, maybe I could even set up some surveillance with this, creating a list of locked accounts every morning…  but that’s another story 🙂

http://www.joeware.net/freetools/tools/unlock/index.htm

/by

FCS Tamper Protection ++

If you are using Forefronturing  Client Security you know that it is not big in the corporate configuration department, much can however be done using GPO’s and general AD management..  Yes I also prefer having these options in a management console, but atlas it is still possible..

Read this article to get the low down.
Every Anti-Virus has a mechanism called tamper protection that helps administrator keep users from mishandling there antivirus settings and services. Forefront Client Security only offers basic control over what the user can or cannot do with the FCS Client Console on his client machine. What the FCS System doesn’t provide is a built-in mechanism to protect FCS services from being stopped or prevent FCS from being removed by the user.

It’s true that some of these are possible to prevent by not giving administrative privileges on the client workstation, but some of us don’t have that luxury.

Windows Group Policy has built-in settings that allow you both protect your services and disable removal by unauthorized users. This is how it’s done.

Protecting Forefront Client Security Services

http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx

/by