TinyApps.Org Blog

TinyApps.Org

Small is beautiful

HOME

  0. Internet
  1. Text
  2. Graphics
  3. System
  4. File
  5. Misc
  6. Palm
  7. OS X

BLOG

DOCS

FAQ

LINKS

CONTACT

Windows XP hanging after login #
Upon logging in to Windows XP, the Volume icon would appear in the system tray (yes, I like calling it "the system tray" - so does Microsoft - OK, well, not always) and then nothing else would happen for about two or three minutes. During this time, the System Properties and Network Connections windows would not open. Finally, the wireless and wired network icons would appear with a flurry of disk activity. This unhappy state of affairs was solved (after several frustrating hours) by simply disabling the Workstation service.

/windows | Jul 13, 2008

fseventer - FileMon for OS X #
fseventer 2.6.2 [450k] Monitors filesystem changes - think "FileMon for OS X".

/mac | Jul 12, 2008

Dear Apple: Please Consider These Proposed Changes to the Airport Firewall #

Stealth Mode
- Just like "Enable Stealth Mode" in Tiger: "Ensures that any uninvited traffic receives no response - not even an acknowledgement that your computer exists."
- Demand is apparent
- Offered by virtually every other consumer-grade router. Here's a port scan on the $51.99 Linksys WRT54GL:
  
  And here's one run against the $299 Time Capsule:
Stateful Packet Inspection (SPI)
Dynamic DNS (DDNS) support

/mac | Jul 05, 2008

Who is watching the watchmen? We are. #
Several millennia ago, Juvenal asked Quis custodiet ipsos custodes? ("Who will guard the guardians?"). It might please him to know that, increasingly, the answer is "everyone":

Using Sousveillance to Defend the Commons - Technology is letting citizens "watch from below" and so make power more accountable (via reddit)
Sousveillance in Seattle - Watching the Watchers
Sousveillance - Steve Mann's 2002 article in which he coins the term

/misc | Jun 24, 2008

Convert Outlook Express DBX files to MBOX or EML #
Ulrich Krebs' free and open source DbxConv can convert Outlook Express DBX files to both MBOX and EML formats.
DbxConv

/windows | Jun 06, 2008

Cleaning Microsoft Word HTML #
Microsoft's Office 2000 HTML Filter 2.0 combined with TidyGUI has performed well for me in the past when converting MSWord-generated HTML. Sadly, the former does not work with Office 2003, so I tried half a dozen or so alternatives (including the latest version of Tidy) to no avail. At long last I stumbled upon CleanWordHtml, a 3k .NET console app that (along with TidyGUI and a little batch replace) did a wonderful job of cleaning up the mess.

/windows | May 24, 2008

Relocating default directories with symbolic links (symlinks) #
While helping a friend setup his new 1TB RAID array, we discovered that iMovie '08 does not provide any apparent mechanism to change its default save directory (~/Movies). So we decided on the same technique I had previously used to move the Music, Pictures, and Movies folders out of a FileVault-encrypted home directory: symlinks. Wikipedia describes them best: "Symbolic links operate transparently: programs which read or write to files named by a symbolic link will behave as if operating directly on the target file." The following process worked great for our purposes, but please be aware that the slightest mistake or misunderstanding can cause irreparable data loss.

Create Movies directory on RAID
$ mkdir /Volumes/RAID/Movies
Move existing files and folders from ~/Movies to Movies on RAID
$ mv ~/Movies/* /Volumes/RAID/Movies/
Delete the now empty ~/Movies folder so we can create the symbolic link
$ rmdir ~/Movies
Create symbolic link named ~/Movies which points to the new location on RAID
$ ln -s /Volumes/RAID/Movies ~/Movies

/mac | May 23, 2008

Identifying suspicious executable files #
Last year, the folks at Panda found that "79% of new malware is using some type of packing technique". Here are two apps to help you identify such suspicious executables:

Red Curtain "examines multiple aspects of an executable, looking at things such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat 'score.'" (via Grand Stream Dreams)
PEiD "detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files." Features include: heuristic scanning options, disassembler, hex viewer, and many more.

UPDATE: James kindly informs us of findssv, an app his professor built to "statically analyze an executable file for its administrative content, its layout and various security vulnerabilities". Further details can be found in this research paper (PDF) or this PowerPoint slideshow. For those who prefer plain text, here's the gist (quoted from the PPT):

It quickly pares down a group of executable files to the ones in which secure programming was not an objective of the software developers
It can do in seconds what could take a security analyst days or weeks to do using hex editors and file dump utilities
- It knows what to look for and where to look for it in the PE format
- It knows when to stop looking when specific security vulnerability indicators are not present
Determine the compiler and linker used to build an executable file
Establish the relationship between DLL function use and program purpose
Provide more details on unknown regions
Reveal the names of files stored in compressed file regions
Detect the use of standard C functions by way of function call signatures searched for in the code sections of a PE file

/windows | May 11, 2008

ThreatExpert - Like your own automated malware testing sandbox #
Yet another post on the aforementioned Offensive Computing has turned up an excellent resource: ThreatExpert (developed by PC Tools). You upload a threat, their system apparently runs and monitors the threat in a sandbox, and then spits out a report listing file system, memory, and registry modifications - very cool!

UPDATE 1: A similar submission service is available from Sunbelt: CWSandbox.
UPDATE 2: CastleCops has a list of these sandboxing scan services here.

/windows | May 11, 2008

A few anti-malware links #
After reading Reverse Engineering Malware, I wanted to find a white hat malware sample site. Google turned up this post on Bugtraq from a few years ago announcing just such a site called Offensive Computing. It is still going strong, with almost 285,000 malware samples available. As an added bonus, a quick trip to the forums revealed OSAM, an autorun manager with a number of unique features for combatting malware (including rootkits). A portable version is available here; you may need the DLLs at the bottom of the page as well.

UPDATE: Just stumbled on this Offensive Computing presentation from DEFCON 15: Malware Secrets. A bit more digging has revealed a list of their videos.

/windows | May 11, 2008

Categories

/blosxom
/mac
/misc
/nix
/palm
/windows

Blosxom Archive

2005: 10 11 12
2006: 1 2 3 4 5 6 7 8 9 10 11 12
2007: 1 2 3 4 5 6 7 8 9 10 11 12
2008: 1 2 3 4 5 6 7

Blogger Archive

2003: 6 7 8 9 10 11 12
2004: 1 2 3 4 5 6 7 8 9 10 11 12
2005: 1 2 3 4 5 6 7 8 9 10

Ezine Archive

2001: 10 11 12
2002: 1 2 3 5 6 7 8 9 10 12
2003: 1 2 4 5 6 7 8 9 12
2004: 1 2 3 4