ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.

ThreatExpert takes a threat file, places it in a self-contained simulated virtual environment, deliberately executes the threat in this environment and then monitors its behavior. A combination of file, Windows Registry and memory snapshots are recorded, in addition to a series of specific ‘hooks’ that intercept communication routes typically exploited by threat infections. These hooks ‘deceive’ the threat into communicating across a simulated network, whereas the threat’s communication actions are actually being recorded in detail by ThreatExpert. Using this invaluable recorded data, a detailed report is generated, consisting of file and Windows Registry changes, memory dump analyses, and other important system activities caused by the threat.

1. Browse to C:\Documents and Settings\ u s e r n a m e \Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001
2. Delete all the files and folders in this folder
3. Browse to C:\Documents and Settings\ … \Application Data\Macromedia\Flash Player \ macromedia.com \ support \ flashplayer \ sys
4. Delete all the files and folders in the directory
5. Restart Firefox

Youtube has slowly started to create better quality versions of many videos, adding links that say, “Watch this video in higher quality.” See this High Quality example and compare it to Youtube’s Normal Quality.

Comparison of Normal Youtube vs Youtube High Quality

-	Normal Youtube	High Quality Youtube
Screen Res.	320 x 240	480 x 360
Bitrate	≅ 200 kbps	≅ 900 kbps
Audio	22KHz 64 kbps Mono ABR	44.1KHz 96 kbps Mono CBR
Frame Rate	30	30
Video Codec	Flash Sorenson	Flash Sorenson
Audio Codec	Mp3	Mp3

Getting iPod compatible mp4s!

Adding &fmt=6 to the end of any youtube video’s url will give you Youtube’s new high quality setting. Changing the number from 6 to something else yields different formats though it’s not obvious which numbers work. Format 18 generates an mp4 using h264 with AAC stereo, which is compatible with video iPods. This is way better than using a service like vixy.net, which transcodes the crappy quality youtube vid into an mp4. Using fmt=18, you get a video transcoded from the original clip the user uploaded. The bitrate is lower on the mp4 version, but since the resolution is smaller it compensates. The h.264 codec has better looking videos at lower bitrates anyway. We finally see stereo on youtube with the mp4 version! It has a widescreen 16/9 aspect ratio rather than 4/3.

Correction:

Previously I thought the mp4 screen resolution was 480 x 270, but it’s also 480x360. It could be that both formats have the possibility to be 480x270 if their aspect ratio is close to 16/9 width/height. The mp4 version may add an additional small audio gain and a small sharpening effect.

-	fmt 18 / MP4	fmt 6 / HQ FLV
Screen Res.	480 x 360	480 x 360
Bitrate	≅ 512 kbps	≅ 900 kbps
Audio	44.1KHz 128 kbps Stereo	44.1KHz 96 kbps Mono CBR
Frame Rate	24	30
Video Codec	h.264	Flash Sorenson
Audio Codec	AAC	Mp3

Downloading the MP4 and High Quality Videos

Video downloaders like keepvid still work. Enter the url, click download, now grab the link and add &fmt=6 or &fmt=18 (for mp4) to the end. The good people at lifehacker created an easy to use firefox extension that will put a download link under each vid. You can also get the download url if you follow my wireshark tutorial but the process is pretty tedious.

You can do it manually too, but it’s annoying. Go to any video on youtube, right click then click view source. Click ctrl+F, which will open a searchbox and type &t=. Next copy the value after the t= but before any “&” characters. Grab that and the video_id and your set. The vid id is the v=something part of the url. Just copy the variables into the url below.

www.youtube.com/get_video?video_id=&t=&fmt=18

Example
Vid URL: http://www.youtube.com/watch?v=pVYp2sgA9M0
Output: right click - save as

You may want to pass it to a download manager like wget. If you load it in the browser it will display a bunch of gibberish while it loads the entire video’s ASCII representation into your browser.

Howto Get Videos to Play HQ by Default

This option has not been implemented on many accounts but the howto is already present in the youtube help pages. You need a youtube account to be able to do this.

1. Go to your Account page.
2. Under “Manage My Videos” click the “HQ Video Playback Setting” link.
3. Select the playback setting that makes sense for you.
4. Click the “Save” button.

Criteria for a Video to Become HQ

The exact settings aren’t know yet for the video to become high quality. We could assume that the exact minimum settings are the same as encoded format listed above, however youtube has changed their “best format to upload high quality” help page to set the video resolution to 640 x 480. Maybe high quality will support different formats and aspect ratios in the future. It’s best to upload as high quality as possible. The new multi video uploader makes it easy on a unreliable connection. Even if your upload times out or you get disconnected it will restart the uploading process exactly where it left off.

Embed High Quality Youtube Clips

Update

This code works fine to embed the mp4 version. The magic query string var is “&ap=%2526fmt%3D18″ specifying format 18. Just replace (VIDEO EMBED URL) with the video ID. Note that there’s a huge disadvantage in that there is no seeking. The fmt=6 embed version is less reliable.

<object width="480″ height="397″><param name="movie” value="(VIDEO EMBED URL)&ap=%2526fmt%3D18″></param><param name="wmode” value="window"></param><embed src="(VIDEO EMBED URL)&ap=%2526fmt%3D18″ type="application/x-shockwave-flash” wmode="window” width="480″ height="397″></embed></object>

Ignore Below

Currently there is no official way to embed the High Quality videos on your website / myspace / blogs. It’s possible, but a big hassle, and it’s impossible to turn off autoplay. Here’s an example you can embed if you want to see it for yourself.

Remove the line breaks for best results

<object width="425″ height="355″><embed autoplay="false” quality="high” src="http://www.youtube.com/player2.swf” flashvars="vq=2
&sourceid=r
&video_id=pVYp2sgA9M0
&l=239
&sk=5E_4xTZlkQqZYuyEXwBRzQU
&fmt_map=18/512000/9/0/115
&t=OEgsToPDskItDX5Cg05utBXEP1wh76mc
&hl=en
&plid=AARIM8FsSohHKlMVAAAAIIAoQAA
&playnext=0″ type="application/x-shockwave-flash” wmode="transparent” width="425″ height="355″></embed></object>

It only works with youtube’s in-site player, player2.swf, rather than the player youtube has for embeds. The problem is youtube’s in-site player does not have a variable to turn autoplay on or off and if you try embedding it to your site flash issues a warning that the script is trying to contact a remote server (youtube.com). Player2.swf seems to have an internal “ap” variable hidden in the actionscript but it seems to just break the vid no matter what options I set. The key flashvar for high quality is “fmt_map=6/0/7/0/0″ and “fmt_map=18/512000/9/0/115″ for mp4s. When enabled, the flv file comes from cache.googlevideo.com/videoplayback?itag=6, without the fmt_map var it comes from cache.googlevideo.com/get_video, with normal quality.

To embed a high quality video you need to go to the video’s page on youtube, view source, and grab the flashvar data. The most important vars are video_id, t, and sk. Just use the above embed code as a template and replace those values. As for the rest: L defines how long the video is in seconds, hl is the home language, plid tries to find any associated playlists, playnext plays the next item on the playlist if there is one.

Making your youtube videos High Quality

Youtube will be automatically creating high quality versions of many videos for those that meet the guidelines. The video quality is bad on youtube, partly because youtube encodes to such a small screen resolution with a low bitrate, but mainly because people post really low quality videos.

The crappy resolution youtube is actually what got it so popular. Google video had originally allowed 640 x 480 with a great bitrate, but they failed miserably to compete against youtube (so they later bought em out). It made online video making / viewing possible even on crappy connections. Take the time to resize your vid and sharpen it a bit before uploading. A little noise reduction and color correction can’t hurt either. Use virtualdub and avisynth. They’re free. Use xvid or x264 and lame acm for the audio. Divx is fine if you can get the pro version. See doom9 for tons of guides on video creation / editing / improvement.

Youtube High Quality Hack

There is also a hack using total video converter where if you make an flv with certain settings you can upload a video of super high quality and have youtube keep the screen resolution and bitrate.

Youtube High Quality Hack Settings Howto

Select what you want to encode into an flv in total video converter with these settings.

Sample Rate: 44100 Hz
audio bit rate: 320.000 kbit/s
Audio codec: mp3
Custom video bit rate: any
Resolution: any

Cons

It messes up the time on the video. A 30 second video can read as 9 minutes. The way it tells how long the video is seems very random but it constantly says the video is much longer than it really is. Having the resolution or bitrate too high causes it to not stream well and get stuck.

1. Mac/Linux users: Click Edit > Preferences. Windows users: Tools > Options
2. Go to the Content Tab
3. To the right of “Enable Javascript,” hit “Advanced…”
4. Uncheck “Move or resize existing windows”

bind9 google apps zone template (See related posts)
Change 1.2.3.4 for your accelerator’s ip and mydomain.net for your domain name

$TTL 86400
@ IN SOA ns1.mydomain.net. hostmaster.mydomain.net. (
2007052701 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS ns1.mydomain.net.
IN NS ns1.everydns.net.
IN NS ns2.everydns.net.
IN NS ns3.everydns.net.
IN NS ns4.everydns.net.

@ IN TXT “v=spf1 ip4:1.2.3.4 include:gmail.com~all include:mydomain.joyent.net~all ~all”

@ IN MX 1 aspmx.l.google.com.
@ IN MX 3 alt1.aspmx.l.google.com.
@ IN MX 3 alt2.aspmx.l.google.com.
@ IN MX 5 aspmx2.googlemail.com.
@ IN MX 5 aspmx3.googlemail.com.
@ IN MX 5 aspmx4.googlemail.com.
@ IN MX 5 aspmx5.googlemail.com.

_xmpp-server._tcp IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp IN SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp IN SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp IN SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp IN SRV 20 0 5269 xmpp-server4.l.google.com.

_jabber._tcp IN SRV 5 0 5269 xmpp-server.l.google.com.
_jabber._tcp IN SRV 20 0 5269 xmpp-server1.l.google.com.
_jabber._tcp IN SRV 20 0 5269 xmpp-server2.l.google.com.
_jabber._tcp IN SRV 20 0 5269 xmpp-server3.l.google.com.
_jabber._tcp IN SRV 20 0 5269 xmpp-server4.l.google.com.

@ IN A 1.2.3.4
www IN CNAME @
mail IN CNAME ghs.google.com.
start IN CNAME ghs.google.com.
calendar IN CNAME ghs.google.com.

It wasn’t really my intent to go back and revisit all these security post lists. That’s just how it seems to have turned out. That’s OK. Software gets developed and updated. Lists grow. New and better versions get released….

So this time, I’m re-visiting my original anti-rootkit post: Windows Rootkit Detectors

To summarize: “…a rootkit is executable code that attempts to evade detection of running processes, files or system data. There are many ways it can do this, but the end result is that they are very hard to find and can make an infected system look clean and safe even to traditional anti-virus and anti-malware software.” More here: Wikipedia : Rootkit

At the time of my original post, there were just a handful of anti-rootkit tools available to the public. I just offered five.

Now most all major anti-virus/security software vendors have issued anti-rootkit solutions, though some are still in a beta release form.

The Threat

How seriously concerned should the average user be? Well…if you are practicing “safe-surfing” by staying away from “risky” websites, keeping your operating system patched, scanning all files downloaded and sent in email with an up-to-date anti-virus program, you should be mostly ok. I say mostly because it is still possible for a system to become compromised with a rootkit, even if you are playing by the rules.

Certain individuals would like nothing else than to get a home-broadband user’s system infected with a rootkit. Not so much to steal your personal information–though that’s always a potential target–but to install trojan services that would allow them to leverage the system for attacks on other larger systems, spam-mail-bot rental services, or even hosting of their hidden/illegal files on the system. Any of these events could seriously make a home or corporate user’s system a great big pile of steaming cow-dung for the user and those impacted by those services. Bummer!

SANS-ISC recent reported that Europe has been pounded lately by emails which include variants of a virus/trojan loader file: European Storm Video E-Mail. While bad, it doesn’t sound too serious…but!

heiseSecurity in Germany expands the story with more details, much more disconcerting: “Storm worm” sloshes through the internet. What the trojan seems to be doing is download additional files from the internet, and “…according to GDATA, one action it takes is to install the rootkit Win32.agent.dh.” Depending on the anti-virus company, different names may be used.

Over at the Anti Rootkit blog: New Storm-Worm Rootkit creating Botnets Steo does some more research on just how this rootkit does its deed. Interesting.

Rootkit writers aren’t happy about the attention. Just this week, they have worked to get the GMER anti-rootkit mirrors shut down under a massive DDOS attack. As soon as new mirrors for the files went up, they also were attacked. More information: GMER Anti Rootkit & People Power, and Martijnc’s blog post: DDoS attack

The battle for pc security rages on.

The Response

There are a number of ways to look for a rootkit on your system.

The first is to download and run several of these rootkit detection tools on your live system. These rootkit detection tools are specially programmed to check for hidden files and masked running or injected processes. It’s a cat and mouse game, and some tools and methods are more effective than others. Just as hard as the security programmers work to prevent and detect these rootkits, the developers on the other side are working to make them more difficult to be detected.

A second technique is to download and run several of these rootkit detection tools onto a USB drive. Then using a bootable “LiveCD” like BartPE or Linux, run the appropriate rootkit detection tools on the “dead” system’s drive(s). This may be a much more effective approach. Since the infected system isn’t being booted, the drives just contain “static” data files that shouldn’t be executed. They could be, but that’s the point…to not run or launch any files on the potentially compromised system. That way they can be detected and removed while “dormant". Using a Linux “LiveCD” to scan a Windows system disk is even more safe as the likelihood of cross-contamination is almost non-existent.

If a rootkit is found you have two options: 1) Use one of the detection/removal tools to–hopefully!–remove it. Or, 2) recover your critical data files to another drive/media location, then do a full wipe of the infected system, and reinstall it fresh.

Speaking as a half-way competent computer geek, I personally would feel more comfortable going with option two, because otherwise I would always have a shadow of doubt of the system’s integrity. Nor would I have have the patience to pick through a manual removal process if the tools failed to remove it.

Rootkit Detector Tool List

InformationWeek posted an excellent article recently titled Review: Six Rootkit Detectors Protect Your System. I was familiar with some of them, and had come across a few more on my own that didn’t make the author’s cut. But that got me observing the increase in the number to tools now at our disposal. With some more careful searching, I’ve ended up collecting quite a list. Almost all are offered as freeware or trialware.

I have only used a handful of these tools and only keep a few with me on my USB system administrator’s stick. So far, I haven’t found a rootkit on my systems (here or at work) so I can’t speak of their effectiveness in removal. Also, because of the nature of how these tools work and where they look, it is quite possible that removal of a real rootkit or a listed file in error (that wasn’t actually malicious) can cause your Windows system to fail, not boot, or BSOD to the point you will be recovering files off the dead OS drive and then reinstalling your system.

You’ve been warned!.

• F-Secure BlackLight - Restrictive wizard interface, but easy to use for the uninitiated.
• IceSword 1.20 - Developed in China but nicely translated into English. Busy interface but updated often. Has some advanced tools like the ability to “reboot and monitor” during the boot process.
• RKDetector 2.0 - Two tools in one; 1) scans for hidden files on drives, 2) scans for hidden processes and hooks. Takes a bit of work to run the scans, and can’t do a global system scan with both.
• Trend Micro RootkitBuster 1.6 - Runs scans in five system areas and exports a nice log file. You can then opt to remove the detected items.
• RootkitRevealer 1.71 - From the Sysinternal’s team. Easy to use, but does often turn up documented false-positives. Just identifies suspicious processes…you are on your own to delete them with other methods and applications. Better for system checking and monitoring, rather than protection and removal in-of-itself.
• Rootkit Unhooker 3.0A - Russian software team project. Does a self-test to make sure it hasn’t been compromised; that’s a good feature. Provides lots of details and the ability to do focused scans or a global element scan. Also provides multiple methods to address/remove the located processes and files.
• McAfee Rootkit Detective Beta - “McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.” Nice interface.
• Sophos Anti-Rootkit - “Sophos Anti-Rootkit provides an extra layer of detection, by safely and reliably detecting and removing any rootkit that might already have secreted itself onto your system.” Note: Registration required for download from the vendor’s site. The utility itself is free.
• Gmer - The tool that’s got everyone in a fuss! Scans for hidden processes, services, files, registry keys, drivers, and hooks. Also allows some system function monitoring. Highly regarded by the antirootkit professionals. More screenshots (while the site is up).
• Advanced Rootkit Detector for Windows (rkdetector) - This command-line based scanner was one of the very first rootkit detectors I became familiar with. I don’t think it has been updated since it’s original release (back in 2004). The website is in Spanish, but the application worked just fine for me. I can’t say it now can handle the newest rootkit methods of attacks, but just for posterity I’m offering it here.

More follow as discovered on Antirootkit.com’s incredible website. They’ve done a bang-up job of finding and detailing all these. Please check out their site for more information as well as some screenshots, reviews and evaluation ratings. These guys (and gals?) are doing great work and deserve full credit for locating these wide selections of tools.

Note: Some products here are beta products and may not be available or will work past a certain date. Others are trialware/crippleware. In these cases I have chosen to still include them so you can keep an eye on possible future development or releases.

• Gromozon, Rustock, Haxdor related removal tools - Specialized and targeted rootkit removal tool list via Antirootkit.com
• Aries Sony Rootkit Remover - Tool to remove the Sony/BMG DRM CD protection software.
• Archon Scanner - More of a process, injection, hooking scanner. But has other specialties as well. - current version was beta and has expired…developer’s promise new one sometime.
• AVG AntiRootkit - Beta product. Doesn’t seem to be offered anywhere but from Antirootkit.com.
• Avira Rootkit Detection - Beta product disabled after 1-4-07. See Antirootkit.com’s page for file.
• DarkSpy - Chinese developed tool. Supports process, kernel mode, file, registry scan (disabled in test version) and hidden port detection. Screenshot via Antirootkit.com.
• Helios - Alpha level program right now. Behavior-based, not signature based detection. Interesting interface and approach. Worth looking at, but remember it is alpha/beta level… Developers offer videos as well of their tool in action.
• HiddenFinder - trialware - Shows hidden processes and drivers on a system and then allows for killing of the desired process.
• HookExplorer - Tiny little application. Displays import address table (IAT) hijacks and “detour style hooks.” Lots of information in the tiny display!
• OS X Rootkit Hunter - Mac OS X 10.4 product. I don’t support Apple systems, but there you are. Screenshot page by developer. (I didn’t think Mac’s got sick like this!)
• chkrootkit - Linux rootkit scanner
• Panda Anti-Rootkit - beta software. Looks at hidden drivers, processes, modules, files, registry items, hooks. Not a lot of user options…scan, clean, and view results.
• Process Master - trialware - API comparison tool.
• RootKit Hook Analyzer - Reports on any system hooks and modules and displays findings.
• Rootkit Hunter - Linux rootkit scanner.
• RootKitShark - trialware - Command-line scanner. Unmasks located files and prevents from boot-execution. Then can be manually removed by user or using other security tools.
• WinShark - trialware - GUI based version that incorporates RootKitShark (above) among other features. Allows process and user monitoring of systems. (Intrusion Detection System). Detection enabled in trial version, but rootkit elimination feature only in the fully-licensed version.
• RootKit Uncover - beta - Appears to be a hidden process and file scanner. See Antirootkit.com’s page for overview. Bitdefender doesn’t have any information on their site for it.
• SEEM - Multi-purpose system reporting tool that has an interesting interface. Includes a rootkit scanner as part of it’s features. Website (translated from French) has quite a bit of good information on rootkits and as they apply to their program. Download page (kinda hard to find in French). Get the English version unless you know French.
• System Virginity Verifier - Tool developed by Joanna Rutkowska to validate system integrity by checking important Windows System components targeted by hidden malware. She also provides links to some related PowerPoint presentations.
• Unhackme - trialware - limited to 10 runs until license purchased and entered - In standard, “Roaming” and “Professional” editions. University of Minnesota’s Safe Computing page documents rootkit removal tutorial with Unhackme.
• Zeppoo - Linux rootkit scanner. Screenshot page. Blog page.

Additional Resources

• Antirootkit.com - Anti Rootkit Software, News, Articles and Forums
• Anti Rootkit Blog - Blog page for Antirootkit.com
• InvisibleThings.org - Website of security guru and brilliant mind Joanna Rutkowska. Presented “Blue Pill” concept. Lots of neat tools and detailed rootkit related information on her website.
• Episode #9 of Security Now - Rootkit discussion between Leo Laporte and Steve Gibson. Good foundational information.
• Behavioral Analysis of Rootkit Malware - Basic article from an ISC-SANS handler (with pictures!).
• Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series) (Paperback) - Amazon.com
• Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization (Paperback) - Amazon.com
• Rootkits for Dummies (For Dummies (Computer/Tech)) (Paperback) - Amazon.com
• Oddysee Rootkit Test - Very nice, well documented and illustrated post on how a rootkit shows up on various security scanners.

See you in the skies…

NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, turn off your monitor, open the door of your CD-ROM drive, and more…

Executing NirCmd commands on remote computers
Starting from version 1.40, you can execute all NirCmd commands in remote computers. However, you should be aware of the following restrictions and problems:

* This option is only available for Windows NT, Windows 2000 and Windows XP. You cannot use it on Windows 9x machines.
* You must log on to the remote machine as administrator.
* The Schedule service in the remote machine must be started. (By default, the Schedule service is automatically started in all NT/2000/XP machines, so you don’t have to worry too much about this)
* Due to some limitations of the Schedule service, you have to wait up to 60 seconds until the command is actually executed in the remote machine.
* The command in the remote machine is executed under ‘SYSTEM’ account, and thus some commands may not work in the same way as you execute them locally.

There are 2 commands for executing NirCmd in remote machines:

* remote - for executing command on a single remote computer.
* multiremote - for executing command on multiple remote computers.

General Purpose Settings - up to 6 minutes

A simple way to ensure that the quality is there is to export to MPEG-4 with:

* H.264 video at 2000Kbits/sec (2Mbits/sec or 250KBytes/sec)
* 320x240 video size (deinterlaced or simply use one field)
* Mono audio with AAC at 64 Kbit/sec (or 128 Kbit/sec for stereo)
* Recommended Sample Rate and
* Best Encoding Quality.
* In the Video Options Main Profile should be checked on and Best Quality (Multi-pass) is advised for best quality.

To stop this service, open [Command Prompt] (Start>Run>cmd>Enter) and type the following command sc stop wuauserv. This will not prevent Automatic Updates from starting at the next boot. So don’t worry, you’ll keep getting Windows updates. Just don’t forget to restart eventually.

Now, to get rid of it:
Start / Run / gpedit.msc / Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Windows Update / Re-prompt for restart with scheduled installations

What is the scene

The SceneThe scene aka the warez scene is the pretty unknown worldwide network where people trade pirated goods, like dvd’s, movies, games, applications etc. Warez refers primarily to copyrighted material traded in violation of its copyright license. It does not refer to commercial for-profit software counterfeiting. First warez is released by releasegroups, groups which are specialized in publishing warez. They copy a dvd or break the security of game, and will make it available for other people, as a so-called release. When these releasegroups finish a release it will be uploaded to sites. These sites are very fast private ftp-servers, and the first stadium in the distribution of a release. Eventually, at the end of the distribution, the releases are available for everyone on p2p-software. About The Scene… nastavak

Recently, I ordered four 32 MB USB drives. It was one of those impulse buys because they were so cheap. Once they arrived, I then thought, “OK. Now what?” So, I thought I would give these drives away in a contest!

The purpose of this contest is to come up with the four best, unique ideas for a small 32 MB USB drive. The four best ideas will have their ideas created by me on one of the USB drives and mailed out to them! The USB drive system will also be named after the creator. Here are the rules:

1. Everything that you want to use for the USB drive must fit into the 32 MB drive.
2. The drive can be used in conjunction with software installed on the computer as long as the software either comes with a default installation of the OS or can be installed from the USB drive.
3. Any software used on the drive must be available as either freeware, open source, or something that I could cook up quickly with AutoIt.
4. You may enter as often as you wish but each time must be with a unique idea.
5. All components required for the USB drive must be described in detail.
6. Only entries submitted in the comments at http://www.dailycupoftech.com/32-mb-usb-drive-contest/ between the dates of December 4 and 8, 2006 will be eligible.
7. Winners will be selected by votes collected between the dates of December 11 to 15, 2006.
8. Winners will be contained via e-mail for the mailing address so that they can receive their prize.

This little fix will move Firefox to your hard drive when you minimize it, and as a result it will take up less than 10MB of memory while minimized. So far, from my experiences with using this today, when you maximize Firefox it will obviously increase the memory usage. However, it does not seem to go back up to the insane amount that it was at before minimizing it. For example, Firefox was at 180MB of memory usage and then I minimized it and after a few seconds I maximized it. After maximizing it and continuing on my routine business it appeared to only have gone up to 60MB. This seems to be a good solution for me right now since I frequently maximize and minimize Firefox anyways.

MozLab is a suite of tools and libraries that help make your life easier and your time more productive as a developer of AJAX and Mozilla applications. It’s packaged as a Firefox/Thunderbird extension and released as open source. Have a look at the videos for some of the cool things you can do with it…

Large companies appear to be jumping en masse onto the software-as-a-service bandwagon, according to a new survey of CIOs by management consultants McKinsey & Company. The survey found that 61% of North American companies with sales over $1 billion plan to adopt one or more SaaS applications over the next year, a dramatic increase from the 38% who were planning to install SaaS apps in 2005.

Nicholas Carr: SaaS adoption set to explode

Diagramming in your web browser without downloading additional software
Desktop application feel in a web-based diagramming solution
Add collaborators to your work and watch it grow
Link to published Gliffy drawings from your blog or wiki
Create many types of diagrams such as Flowcharts, UI wireframes, Floor plans, Network diagrams, UML diagrams, or any other simple drawing or diagram

Open Source Project and Document Management

Upload, Manage and Share documents online
Epiware enables organizations to easily share information and effectively collaborate on documents in a browser-based environment.

Bring together people, content, and process
Epiware enables the creation of virtual teams by providing an online workspace for users to collaborate and exchange information in a secure, protected setting. It is intuitive and easy to use, which allows users to concentrate on what they do best rather than on trying to master an application.

With Epiware, costs can be lowered, projects can be expedited, decisions can be made in a more efficient and timely manner, changes can be executed more quickly, and errors due to miscommunications can be reduced or eliminated.

LanSpy is network security scanner, which allows getting different information about computer: Domain and NetBios names, MAC address, Server information, Domain and Domain controller information, Remote control, Time, Discs, Transports, Users, Global and local users groups, Policy settings, Shared resources, Sessions, Open files, Services, Registry and Event log information.

LanCalculator — makes possible not only to easily calculate the subnet addresses range and subnet masks but also broadcast address, net address, net prefix and net mask inversion which is used in the access control lists (ACL) of Cisco network equipment. One key press is enough to calculate all parameters after net address and mask were entered. To complete the picture additional display is given in binary, decimal and hexadecimal notation

LanWhoIs — this program helps you find out who, where and when registered the domain or site you are interested in, and the information about those who serves it now. LanWhoIs will answer all your questions about domain (site) holder or IP address!

tcping.exe is a small console application that operates similarly to ‘ping’, however it works over a tcp port. Not a terribly interesting concept, but I had trouble finding a windows utility to do this that I was happy with.

ShrinkTo5 is the new, powerful and fast DVD copying engine. ShrinkTo5 has been developed as a cross-platform engine available for free for anyone. To ensure a fast spreading to other platforms ShrinkTo5 is distributed as open-source.

ShrinkTo5 can copy movies with an undeniably superior picture quality. No matter if you wish to copy just the main movie or the whole movie DVD, ShrinkTo5 always produces a superb picture quality, since the ShrinkTo5 engine always concentrates on the main movie. No tedious configuration is needed like with other copying tools, ShrinkTo5 will always find the perfect balance automatically.

Have you ever wanted to remove some Windows components like Media Player, Internet Explorer, Outlook Express, MSN Explorer, Messenger…

How about not even to install them with Windows ?

nLite is a GUI for permanent Windows component removal by your choice. After removal there is an option to make bootable image ready for burning on cd or testing in virtual machines. With nLite you will be able to have Windows installation which on install doesn’t include, or even contain on cd, unwanted components.

nLite Features

- Service Pack Integration
- Component Removal
- Unattended Setup
- Driver Integration *
- Hotfixes Integration **
- Tweaks
- Patches ***
- Bootable ISO creation

* - Textmode (CD Boot) and normal PnP
** - only new type 1 hotfixes (for example XP post SP2)
***- supports generic SFC, Uxtheme, TcpIp and Usb Polling patching.

So far it supports Windows 2000, XP x86/x64 and 2003 x86/x64 all languages. Longhorn will be supported when it reaches RTM.

You need .NET Framework 1.1 in order to run it… Check if you have it already in Add/Remove programs, or on your CDs before downloading it.

There, i hope you like it and have in mind it’s still in beta phase so report on the forum any bugs or annoyances found.

The Remote Desktop for Mobiles is a software designed for GSM mobile phones which support GPRS services and can be executing a Java (J2ME) applications. This software provides access to desktop of remote Windows-based computer from mobile phones and allowing to control the mouse and keyboard of remote computer.

Remote Desktop for Mobiles it is easy-to-use, reliable and secure remote control software which will allow you to work on the remote home or office computer from your mobile phone.

You will see the screen of the remote computer on your mobile phone and also you can operate mouse and keyboard of the remote computer.

Additional features of Remote Desktop for Mobiles allow you to execute any console commands on the remote computer and receive result to mobile phone. In addition has a set of commands for getting a system information and perform management of system.

The Remote Desktop for Mobiles software will consist of two part:
The Server which should be installed on the remote computer.
The Client which should be installed on mobile phone.

Server

The Server provides connection of the Client for control of a remote computer, sending a desktop screenshot to the Client and operate to the mouse and keyboard by commands from the Client.

The Server uses a TCP/IP connection to the Internet for receiving the Client connections.

There are no special system requirements to a hardware platform. The Server will works on any PC with minimal requirements to hardware resources. The Server will works under Microsoft Windows 98 / NT 4.0 / 2000 / XP / 2003.

Client

The Client is running on mobile phone and showing a desktop of the remote computer. Also, the Client transfer a mouse and keyboard control directly to the Server.

The Client has an “Address book” for saving addresses of controlled computers, executed commands history for reuse a commands, and many other useful features.

The Client is applying on mobiles with supporting Java (J2ME) Mobile Information Device Profile (MIDP) 1.0 (MIDP 2.0 is more acceptable) and should have not less than 2 Mb of memory. The recommended screen size not less than 132x170 at 65536 colors. The mobile phone should be supporting connection to GPRS network. The operator of mobile network to which your mobile phone are registered should to give GPRS service.

CARNet je +CERT.hr osnovao 1996. godine s ciljem posredovanja u rješavanju ra�?unalno sigurnosnih incidenata u kojima je barem jedna uklju�?ena strana iz Hrvatske, prikupljanja i distribucije sigurnosnih savjeta, preporuka i alata, edukacija i informiranje korisnika i javnosti o zna�?aju i poboljšanju sigurnosti ra�?unalnih sustava

Besplatna T-Com Antidialer zaštita

T-Com Antidialer je program koji presreće pokušaje spajanja ra�?unala putem telefonske (dial-up) veze te daje korisniku mogućnost kontrole nad spajanjima i mogućnost spre�?avanja neželjenih spajanja. Prilikom svakog pokušaja spajanja program će privremeno zaustaviti spajanje, korisnika obavijestiti o pokušaju, prikazati mu ime programa i broj telefona na koji se program pokušava spojiti te korisniku ponuditi dvije mogućnosti: da dozvoli vezu na taj broj ili da ju zabrani.

Besplatna T-Com Antidialer zaštita - nastavak…

Origins: Many readers have asked us about these pictures of Microsoft co-founder and Chairman Bill Gates since they were posted on a blog with a caption identifying them as photos taken for a ‘Teen Beat Photospread’ (i.e., a layout in a magazine featuring stories and pictures of ‘teen idol’-type celebrities, marketed primarily to prepubescent girls).

These images are actually publicity photos taken of the then 30-year-old Bill Gates coincident with the initial release of Microsoft Windows in 1985. The Corbis photo archive identifies their depiction thusly: “Bill Gates, CEO of Microsoft, reclines on his desk in his office soon after the release of Windows 1.0. 1985 Bellevue, Washington, USA.”

A tutorial on how to bypass Internet Censorship using Proxies, Shells, JAP e.t.c. Different ways to beat the filtering in schools, countries or companies (blocked ports e.t.c). This is the original and so newer than the translations because I’m still working on it.

In the last 10 years the Internet grew very, very fast. It is a bunch of thousands of little networks put together. Billion computers are connected and it is basically not controlled or even owned by a government or company. There are no laws, everybody can put his webpages online which can be accessed by everybody on the world who is sitting in front of a computer with Internet access. I believe that this can and will change the world as we know it today.
But there are several governments who think that this unlimited access to information is dangerous for their citizens. These are for example China, Saudi Arabia, Bahrain, Cuba, Jordan, Tunisia, Burma, Singapore, Uzbekistan, Yemen, Kuwait, Vietnam, Syria, Iran, United Arab Emirates and parts of Africa. and even in countries like Australia, Switzerland and in some parts of Germany they censor websites. This ranks from a very easy to circumvent DNS blocking of only 2 Nazi sites in parts of Germany to a government office with 30.000 employees only working in blocking thousands of websites, services and ports in China.
Though the blocking methods are different there are also different ways to bypass them. I will try to show you how to access the website of Amnesty International, BBC, Google and other blocked sites in your country. I made this website in very basic HTML, so that you can even view it with a very old computer. Please share this information, link the site, copy it, mirror it, print it (I didn’t “hide” any links, so that no link is lost when you print it) and teach your friends and relatives

Nastavak: HOWTO bypass Internet Censorship

The Shadow Internet

They start with a single stolen file and pump out bootleg games and movies by the millions. Inside the pirate networks that are terrorizing the entertainment business.

Just over a year ago, a hacker penetrated the corporate servers at Valve, the game company behind the popular first-person shooter Half-Life. He came away with a beta version of Half-Life 2. “We heard about it,” says 23-year-old Frank, a well-connected media pirate. “Everyone thought it would get bootlegged in Europe.” Instead, the hacker gave the source code to Frank - it turned out that he was a friend of a friend - so that Frank could give Half-Life 2 to the world. “I was like, ‘Let’s do this thing, yo!’” he says. “I put it on Anathema. After that, it was all over.”

Anathema is a so-called topsite, one of 30 or so underground, highly secretive servers where nearly all of the unlicensed music, movies, and videogames available on the Internet originate. Outside of a pirate elite and the Feds who track them, few know that topsites exist. Even fewer can log in.

Nastavak…The Shadow Internet

http://cwshredder.net/cwshredder/cwschronicles.html

CoolWebSearch variants
CWS.Datanotary
CWS.Bootconf
CWS.Oslogo
CWS.Msspi
CWS.Vrape
CWS.Oemsyspnp
CWS.Svchost32
CWS.Dnsrelay
CWS.Msinfo
CWS.Ctfmon32
CWS.Tapicfg
CWS.Svcinit
CWS.Msoffice
CWS.Dreplace
CWS.Mupdate
CWS.Addclass
CWS.Googlems
CWS.Xplugin
CWS.Alfasearch
CWS.Loadbat
CWS.Qttasks
CWS.Msconfd
CWS.Therealsearch
CWS.Control
CWS.Olehelp
CWS.Smartsearch
CWS.Yexe
CWS.Gonnasearch
CWS.Smartfinder
CWS.Winproc32
CWS.Msconfig
CWS.Xxxvideo
CWS.Winres
CWS.Xmlmimefilter
CWS.Aboutblank
CWS.Systeminit
CWS.Sounddrv
CWS.Searchx
CWS.Realyellowpage
CWS.SysTime
CWS.HomeSearch
Affiliate variants:
CWS.Aff.iedll
CWS.Aff.Winshow
CWS.Aff.Madfinder
CWS.Aff.Tooncomics

Our program is a good addition to system utility Windows Update. Microsoft Corporation doesn’t allow user to save updates on local drive - they are immediately removed after installation. This is not convenient. You will have to download update pack again to patch system with the same version on other partition or computer! But Windows update is required because of things like MSBlast attack and other reasons.

WUtooL will solve a problem. Launch program and click menu File >> Windows Update. WUtooL controls download and will save the patches to the special folder on your hard drive. Update operating with this program becomes very handy and simple.

Gadan kao virus, zao kao hemoroid!

Vazna napomena!

To sto ste instalirali cistace spywarea i nakon sto su oni preskenirali i pocistili vas stroj, ne znaci da ste sada potpuno sigurni i da se mozete samozadovoljno zavaliti u fotelju i frkati brkove. Jedino istinsko zadovoljstvo u sigurnosti je moguce svakodnevnim odricanjem i skidanjem update-a liste novostvorene gamadi. Oba navedena programa podrzavaju automatski update i neka vam to postane ritual jednak jutrokleku, checkiranju maila, sexu/masturbaciji, …)