Arstechnica published a guide to new windows command line at: http://arstechnica.com/guides/other/msh.ars
Oct 262005
VIA and Mini-box have revealed the ultra-compact x86 VoomPC, a barebones computer system for your vehicle priced between US $299 to $399. The VoomPC integrates the Mini-box M1-ATX 12V power supply unit, this is specially designed for vehicles since it can protect itself from power surges, it can also eliminate car battery drain by monitoring car battery levels, even when the car is off.
The processor powering the system is VIA’s C3 1000MHz chip, it consumes a low wattage of about 15-30 watts, this less than the dimmest parking lights found in any car.
Compatible with all standard Linux or Microsoft Windows operating systems and built within Mini-box’s signature compact chassis of just 21cm x 25cm x 6.7cm, the VoomPC is equipped with rich peripheral connectivity, multimedia and telematics options afforded by the feature-packed VIA EPIA Mini-ITX mainboard, including USB2.0, Firewire, Ethernet, PCMCIA types I and II CardBus interface for GPRS/Wifi, S-Video, VGA and six-channel audio.
15 admin tools you can’t live without!
Tool 1: Hyena
Tool 2: Toad for Oracle
Tool 3: Fastpush
Tool 4: Belarc Advisor
Tool 5: Angry IP Scanner
Tool 6: Dameware NT
Tool 7: Microsoft Computer Management Tool
Tool 8: PC Duo and PC Duo Enterprise
Tool 9: CheckIt Pro
Tool 10: WinSCP 3.7.5
Tool 11: Treepad
Tool 12: Remote Administrator
Tool 13: BartPE
Tool 14: Sam Spade
Tool 15: EventID.net
Oct 262005
Belated thanks for jobs well done
When your favorite open source security tools go commercial, don’t look back in anger
By Roger A. Grimes October 14, 2005
Times are a-changing. Check Point is purchasing Sourcefire. Nessus is going commercial. Even the Linux logo now requires a licensing fee.
The Sourcefire purchase isn’t overly concerning, because Sourcefire has been the commercial arm of the open source Snort intrusion-detection tool since its creation, and creator Marty Roesch says open source Snort will continue on.
Nessus’ 2.x current GPL code will remain open source and has started a new development fork, but version 3.x with bug fixes and performance enhancements will be a commercial-only product.
We are rightly worried about any commercial company’s commitment to its open source software cousin. But I’m a capitalist living in a capitalist country, and I think making money legitimately is a fair goal, even when it possibly comes at the expense of my favorite free software.
I have, however, seen many people frustrated and angry when their beloved open source program begins to wither or die. I even saw a few people throw heated rants and curse words toward previous open source advocates that seem to have “gone to the dark side.” My wife has taught me to count my blessings and to be thankful for what I do have — and what I did have. With that in mind, I would like to take a moment and thank some of the most important free resources I have used over the past five years.
So, thanks to Snort and Nessus for the good times. I hope we have many more years of free innovation ahead. Thanks to Linus Torvalds and the rest of the Linux team for the Linux kernel. Thanks to Richard Stallman, GNU, the GPL license, and all the other, myriad open source and free licenses. Thanks to all of the hundreds of thousands of coders who give us free software — guaranteeing choice and competition.
I appreciate all the commercial companies that give us lots of free software tools. Thanks to the Sysinternals Web site for every single ultracool, free utility. I don’t know a Windows hacker who doesn’t thank Mark Russinovich and Bryce Cogswell for Regmon, Filemon, and all the PsTools. Thanks for the excellent, excellent Autoruns: Not only can we see what’s automatically running on our Windows systems, but we can turn things off. Possibly the only more accurate autorun program finder is the free SilentRunners.vbs script by Andrew Aronoff. And who could forget HijackThis, which started the search for spyware and adware?
Thanks to Foundstone, which I do a lot of consulting for; eEye; Steve Gibson’s Gibson Research Corporation; and Yahoo and Google for making so much of the Web instantaneous.
One of the most interesting GUI tools is Cain & Abel. A great interface with dozens of hacking tools, it has more than a dozen password crackers, can ARP (address resolution protocol) spoof, dump secret registry keys, and sniff on the wire. Man-in-the middle attacks are point-and-click. If you haven’t run this tool on your network and seen how easy it is to crack low-hanging fruit, you might not be doing enough to secure your network.
Thanks to Ettercap, which comes in Windows and Unix versions, for first making man-in-the middle and injection attacks easy to demonstrate to management.
Thanks to John the Ripper for making it easier to validate the strength of password hashes. And where would we be without Fyodor’s cross-platform Nmap, the world’s best, free network port scanner? Kudos also to Ofir Arkin for his excellent OS fingerprinting tool, Xprobe2.
Let’s not forget all the great mailing lists where we learn, vent, and learn again. My current favorites are: SecurityFocus (too many good lists to list), Russ Cooper’s NTBugTraq, BugTraq, DShield (who doesn’t love the Handler’s Diary?), SANS, and FrSIRT.
Packet Storm is a great repository of information and tools. Thanks to SourceForge for being a provider and development environment for free software. Congrats to newcomer Metasploit for making vulnerability checking easier.
A very big thanks to the creators and maintainers of the free and cross-platform network sniffer Ethereal. You prove that open source can be feature-rich, have a great GUI, and be long-term sustainable — all at once.
Thanks to the makers of little, but important, WinPcap. Without WinPcap, probably half of today’s free network analysis tools would not be available on the Windows platform. Of course, almost all network sniffers owe credit to libpcap and tcpdump for developing a network sniffer library and general use format.
I could go on and on, but there isn’t room in all of InfoWorld, much less this column, to do all the thanking I need to do. Overall, I want to thank all those coders who spent months to years of their lives giving, developing, storing, and releasing free and open source tools that benefit society in general.
Take a moment today and thank your favorite free coder or vendor. Send an e-mail, send a few dollars, or volunteer your time on the project. If you can’t code, help a new beginner out instead of flaming them. And when your favorite open source project goes commercial, look back on the good times and be thankful.
InfoWorld Test Center Contributing Editor Roger A. Grimes is a computer security veteran and author who has done consulting work for many Fortune 500 companies.
Oct 212005
http://www.slipstick.com/problems/repair2gbpst.htm
http://www.slipstick.com/problems/scanpst.htm
Oct 182005
George Poulose puts out a nice ODBC query tool.
These guys are offering free colo services to non-profit organizations (501c3 or not!).
Oct 112005
| Bulletin | Supersedes | Severity | Impact |
| MS05-044 | NA | Moderate | Tampering |
| MS05-045 | NA | Moderate | Denial of Service |
| MS05-046 | NA | Important | Remote Code Execution |
| MS05-047 | MS05-039 | Important | Remote Code Execution and Local Elevation of Privilege |
| MS05-048 | NA | Important | Remote Code Execution |
| MS05-049 | MS05-016, MS05-024 | Important | Remote Code Execution |
| MS05-050 | MS05-030 | Critical | Remote Code Execution |
| MS05-051 | MS05-010, MS05-026, MS05-039, MS05-012, MS04-012 | Critical | Remote Code Execution |
| MS05-052 | MS05-037, MS05-038 | Critical | Remote Code Execution |
Microsoft has announced that for Windows Server 2003 R2 Enterprise Edition, which is due out shortly, customers can run up to four virtual instances on one physical server at no additional cost.
For the Longhorn Datacenter Edition, customers can run an unlimited number of virtual instances on one physical server. The changes go into effect on December 1, 2005.
The company also said that customers that use products that are licensed per processor, which include SQL Server 2005, BizTalk Server and Internet Security & Acceleration Server, will now only pay for the number of virtual processors being used, not physical processors.
Last October, Microsoft made a similar bold change in its licensing policy by breaking with the software industry, saying it will treat multi-core processors as single units when counting licenses.
Microsoft said it will also be developing virtualization models for its System Center technologies. Customers with a management pack for Microsoft Operation Manager, for example, will be able to manage a virtual machine in the same way they manage a physical machine.
Oct 112005
The Sea-Tug meeting scheduled for tomorrow, October 12th, has been ** Cancelled **.
The next meeting will be held November 9th.