February 28, 2005

2 comments - The online resource for process information!: "In the recesses of your computer, 20-30 invisible processes run silently in the background. Some hog system resources, turning your PC into a sluggish computer. Worse yet, other useless processes harbour spyware and Trojans - violating your privacy and giving hackers free reign on your computer. is an invaluable resource for anyone who wants to know the exact purpose of every single process."

Awesome resource.. it had information for every process running on my system (with the exception of rare or custom stuff).


February 24, 2005


Sysinternals Freeware - PsExec: "PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. "

Here's Windows IT Pro Mark Russinovich's article on PsExec.

Free Books / Tutorial Resources

February 23, 2005

0 comments - Free Online Programming Tutorials - You will find over 300 programming language tutorials, lessons, and how-to's.

Table of Contents - Practical PHP Programming: "Welcome to the home of the online book, 'Practical PHP Programming'. "

Free Programming and Computer Science Books - tons of free technical books. RSS feed:



Sysinternals Freeware - Utilities for Windows NT and Windows 2000 - RootkitRevealer: "RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT
4 and higher and its output lists Registry and file system API discrepancies that
may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect memory-based rootkits like Fu that don't survive reboots)."

Symantec Antivirus May Execute Virus Code

February 10, 2005


Slashdot | Symantec Antivirus May Execute Virus Code

Symantec flaw leaves opening for viruses: ZDNet Australia: News: Security - "Symantec has issued a patch for a flaw in its scanning software that could cause a virus to run, rather than catch it."

"Symantec is distributing patches to its customers through its LiveUpdate automatic update service and other mechanisms. It warned companies that do not use those services to download the patches from its Web site and apply them as soon as possible. "

This could have been a VERY bad situation. Luckily, Symantec was able to update thier software via thier subscription service, but just imagine the trouble and headache that would occur if thier auto-update wasn't possible for this fix...

Black Tuesday - Flood 'o' Patches - 12 total, 8 critical

February 08, 2005


Microsoft Security Bulletin MS05-004: ASP.NET Path Validation Vulnerability (887219) - Important

Microsoft Security Bulletin MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) - Critical

Microsoft Security Bulletin MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) - Moderate

Microsoft Security Bulletin MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) - Important

Microsoft Security Bulletin MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) - Important

Microsoft Security Bulletin MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) - Critical

Microsoft Security Bulletin MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834) - Critical

Microsoft Security Bulletin MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) - Critical

Microsoft Security Bulletin MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) - Critical

Microsoft Security Bulletin MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) - Critical

Microsoft Security Bulletin MS05-014: Cumulative Security Update for Internet Explorer (867282) - Critical

Microsoft Security Bulletin MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) - Critical

All I can say is: DAMN.

The Windows XP Layout

February 03, 2005


The Windows XP Layout: "This sample book chapter looks at the file and folder structure created by a Windows XP installation, provides a roadmap for important programs, and discusses other issues related to file structure and layout."

Nice little bit of reading material. It is important to note that the author, Stu Sjouwerman, is of NTSysAdmin list fame.

0 comments - Analysis of the Texas Instruments DST RFID - "The Texas Instruments DST tag is a cryptographically enabled RFID transponder used in several wide-scale systems including vehicle immobilizers and the ExxonMobil SpeedPass system. This page serves as an overview of our successful attacks on DST enabled systems. A preliminary version of the full academic paper describing our attacks in detail is also available below. "

This is pretty sweet. They describe their attack and show you the practical applications of it in the field, complete with videos.



PromqryUI.exe - "PromqryUI can accurately determine if a modern (Windows 2000 and later) managed Windows system has network interfaces in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.

PromqryUI cannot detect standalone sniffers or sniffers running on non-Windows operating systems."

Here's the command line utility: Promqrycmd.exe

Directory Disk Usage

February 02, 2005


Diruse.exe: Directory Disk Usage: "This command-line tool displays directory size information, including compression information for NTFS volumes. You can use Diruse to determine the actual usage of space for compressed files and directories. You can also specify a maximum folder size. Diruse then marks any folders that exceed the specified limit and, if you choose, alerts you to the problem. Diruse is similar to du used in UNIX."

This tool, although small, is a great addition to any administrator's toolkit. I recently was able to use it in a way that solved a very large and time consuming monitoring issue that I had.