Noisy Brain Home

Two Tools End-of-Life

Eric Fredericksen — Tue, 29 Jun 2010 22:29:53 +0000

Two of the tools on this site have outlived their usefulness. For that reason I am no longer going to support them or provide further downloads. They are

There is at least one more on the chopping block. I'll decide on that one soon, so stay tuned. :}

Thanks,

Eric

Updated Secure Parcel Delivery

Eric Fredericksen — Thu, 08 Apr 2010 01:32:49 +0000

Secure Parcel Delivery version 1.2 brings a number of long-awaited improvements.

Switching to the latest and greatest Cryptographic Service Provider (CSP)
- Microsoft Enhanced RSA and AES Cryptographic Provider
- Valid for Windows XP and later
Adding the Advanced Encryption Standard (AES) symmetric cipher to the fold
Restricting symmetric encryption ciphers and key strengths to those allowed by FIPS 140-2 (and FIPS 140-3)
- See http://en.wikipedia.org/wiki/FIPS_140-2
- Allowed ciphers include triple DES and AES with a minimum key length of 128 bits
- Disabling selection of RC4, RC2, DES, 2-key 3DES
Allowing user selection of RSA key size from 1024 to 16384 bits in 256 bit steps
- I suggest you take the default RSA key size of 3072 bits
- FIPS 140-3 will require at least 3072 bits (to set a minimum cryptographic strength of 128 bits overall) but the program will let you choose keys down to 1024 bits at this time
Consolidation of User and Key interface elements to simplify configuration

This version is 32-bit only and tested on:

Windows 7 Professional x64
Windows Vista Business x86
Windows XP SP3 x86

Cheers!

-Eric

Software Tool Updates

Eric Fredericksen — Sat, 03 Apr 2010 23:57:41 +0000

I've updated several tools today. The changes include a bug fix and a small expansion of capability as listed below. :)

Oh, and an update to the Secure Parcel Delivery program is on the way.

Cheers!

-Eric

MyCryptInfo -> version 1.4

The tool is expanded to detect more block cipher modes of operation. That is, the algorithms employed to make a block cipher encrypt a chunk of data bigger than the native block size. I noticed that some new modes had been added in the Microsoft header files since last I looked. Although these modes don't seem to be available with the Microsoft native Cryptographic Service Providers (CSPs), they must be available in some third party CSPs. The modes added are:

CBCI - ANSI CBC Interleaved
CFBP - ANSI CFB Pipelined
OFBP - ANSI OFB Pipelined
CBCOFM - ANSI CBC + OF Masking
CBCOFMI - ANSI CBC + OFM Interleaved

MyNetwork -> version 1.3

Fixed a bug in the formatting of the lease times for interfaces with DHCP enabled. This turned out to be a 32-bit to 64-bit portability issue on windows.

MTFileTransfer -> version 1.3

Fixed the same bug in the formatting of the lease times for interfaces with DHCP enabled.

Open Sourcing Some Example Code

Eric Fredericksen — Wed, 24 Mar 2010 23:07:14 +0000

In order to make some examples of thread and TCP/IP server management clearer I decided to clean up the full, standalone project and post it here for your download. The project files build with Visual Studio 2008 (VC9) for Release and Debug mode on both x86 and x64 systems. Note that this project is simply a demonstration of thread and TCP/IP server management on an MS Windows system. A full-fledged application would have much more in the way of error checking, unit tests, and other infrastructure. :)

These are all plain source code files, not executables, and I'm making them available under the Mozilla trifecta license.

Cheers!

-Eric

Updated MyCryptInfo

Eric Fredericksen — Wed, 17 Mar 2010 23:52:28 +0000

Today's update is for the MyCryptInfo tool that allows you to explore the Microsoft Cryptographic Service Providers (CSPs) on your system. It has been updated to run on 64-bit systems and to include some missing information about the SHA2 hash that is in the AES enabled CSP.

Otherwise the tool hasn't needed to change much.

Have fun, and don't delete any cryptographic containers that you really need!

-Eric

Another Updated Software Tool

Eric Fredericksen — Sun, 14 Mar 2010 00:02:07 +0000

I took time today to update the ThreadMonitor tool and adapt it to 64-bit systems. The 32-bit version still works on 32-bit systems but also works correctly for 32-bit programs on 64-bit systems. However, if you want to monitor a 64-bit program then you'll need to use the 64-bit version of ThreadMonitor.

Oh, I also moved some user interface bits around. The "Company" and "Product" fields have been merged into a single base path and the edit field was made a bit longer. Why? Well, so that it is easier for you to make the path what you want it to be rather than trying to follow my personal registry versioning process.

Enjoy!

-Eric

Updated Software Tools

Eric Fredericksen — Thu, 11 Mar 2010 01:40:15 +0000

OK! :) After too much time I have completed updating several tools. The updates include fixing some bugs, modifying the code to run on 64-bit Windows systems, and general stuff like that. The tools updated in this batch include

I'm still working on the IP Packet Sniffer and IP Packet Filter Configurator tools. The Windows OS has had enough changes that their usefulness is in question -- I need to evaluate that. I have hope that I can work out just how munged raw sockets have become.

I'm still working, so come back later. ;)

Crazy, Amazing Bit Rot

Eric Fredericksen — Wed, 10 Mar 2010 00:48:05 +0000

It's true what they say - if you leave software unattended the bits rot and strange things start going wrong. ;)

If you have tried to use any of the software tools under the Tools and Software section on anything later than Windows XP, I apologize. They were last looked at some years ago and there has been some incredible bit rot. Some work on Windows 7 and Vista, and others don't. The raw sockets and packet level tools need the most care and attention, it seems.

Well, perhaps it is fairer to say that Microsoft operating system API's and configurations have seen some drift over the past years and that I was not keeping up. :| Darn me for wanting some free time!

In any case, I'm in the process of picking out the rotten bits, patching, fixing, and generally rehabilitating those thngs. Don't be surprised if I just retire one or two [raw sockets are so passé when we can use (Win)PCap ].

Stay tuned!

Data, Data, Everywhere

Eric Fredericksen — Sun, 21 Feb 2010 06:42:07 +0000

Suppose your security system chooses 10,000 controls (vulnerability checks, scripts, signatures, etc -- pick your preferred terminology) that can be applied to some example asset (a server, executive laptop, or whatever). That number could be smaller or it could be larger depending on the system but let’s say that 10,000 is the count after filtering out those controls that don’t apply (e.g., there’s no Apache server on that Windows 7 laptop).

Now, suppose that each control returns 100 characters of evidence data. That means you have 1,000,000 characters of data for one full assessment of one system. You are going to store those data in Unicode format because our company is international and hence so are our evidence data. That turns our 1,000,000 characters into 2,000,000 bytes of data.

The original story was on the M2GRC blog: http://m2grc.com/2010/01/18/data-data-everywhere/

The full article can also be found here. :)

Malware Slaying

Eric Fredericksen — Sun, 21 Feb 2010 06:37:39 +0000

Give me a few minutes of your attention and I’ll tell you how some very real "electronic vampires", while not very entertaining, are remarkably similar to fictional vampires. I think you’ll find vampires and malware behave very much alike and that the rules for dealing with vampires are a good guide for dealing with malware.

You can find the original story over at the M2GRC blog: http://m2grc.com/2010/02/16/mcafee-the-malware-slayer/ :)

The story can also be found here. :)