The MS XP Change Analysis Tool creates a list of recent key changes that have been made to a given system. Important things such as new programs, OS updates and drivers.

Scott Fendley notes some false positive to be aware of:

...some software packages appear to make changes in more places then I even knew was occurring. For example, Symantec Antivirus Corporate Edition changes the path to certain driver files with virus definition updates. These will be reported as:

Changed from “\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070326.020\navex15.sys” to “\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070327.019\navex15.sys”

Adobe Acrobat apparently also makes regular modifications to the startup folder for its Speed Launcher program.

It could be useful to troubleshoot your own XP machine, or someone you’re trying to help out. Another tool to add to your security utility belt. It can be downloaded here [via SANS ]

Good blog post here about how to hack passwords. See if he mentions yours right-out.

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

He goes on to mention password crackers and how fast they do their jobs. A little scary, actually…

The folks at Dark Reading have a story on called What to Do When Your Security’s Breached.

The following are six steps you should take if you encounter a possible security breach. Some experts recommend eight, some have 10, but these are the ones that most authorities agree on. Oh, and they also agree on this: You should have done the first three steps before you had the breach.
1. Assemble an incident response team.
2. Assess the initial damage and the risk for more.
3. Develop a notification plan.
4. Begin remediating the problem.
5. Document everything.
6. Develop a strategy for stopping the next attack.

It’s worth a read. And, you should really consider working on those first three steps…

Pretty cool, the Flash version here [via SANS ]

OK, I hate to travel into territory usually saved for other blogs but I just have to rant on this one. The TSA Brochure says:

Pack liquids/gels/aerosols in your checked baggage. For a short trip you are permitted to carry-on 1 quartsize, clear plastic, zip-top bag holding 3 ounces or less containers of liquids, gels or aerosols. Limited to one bag per traveler.

This afternoon, I had a 4 oz container of toothpaste that was about 1/4 full—perhaps holding 1 oz of toothpaste—dutifully packed with my other toiletries in my quart size baggie. I was flagged at screening, and pulled aside because of this. They claimed that since the package said an amount greater than 3.4 oz, it was not acceptable, and gave me the choice of checking my bag or tossing it.

Seriously, what potential terrorist act was this going to prevent? Let’s say I’m a terrorist concocting a liquid bomb. I need 4 oz to make it work, so I’ll use a 4 oz toothpaste tube — then squirt most of it out?! Your tax dollars at work ladies and gentlemen. Let’s let ‘em know how we feel.

Any major event, especially those revolving around sports make people more likely to get caught in scams offering tickets, insider information, and other deals.

Skip the emails, go straight to the source (men’s and women’s). Even though trusted sites can’t always be trusted, it’s your best bet.

This is great. We covered Microsoft OneCare when it was first announced and again when Vista was nearing release. Now comes news from SecurityFocus that Microsoft OneCare deleted Outlook e-mails...

Recent reports suggest Microsoft’s OneCare anti-virus offering suffered a bug that could have caused it to delete or quarantine all e-mail in a user’s Outlook inbox, in certain cases when it finds a virus.

Well isn’t that nice. You have a spam/virus email in your PST, so to get rid of it, we’ll just delete the entire PST file. Yikes. Glad they didn’t include it in Vista as Anil had suggested.

Hackers, the ones we once knew and loved are dead. That’s right, killed by movies, the Internet, and well…popularity. The hacker used to be the guy or gal a long, long time ago that would tinker. Yes, tinker, like al-Khwarizmi or da Vinci or Curie... people who wanted to figure out how things work. No, how they really work.

Now we have life-hackers, Hackers, and criminals who have taken the word. The general public has thought for a while that people “hack” are bad. Hackers steal your credit card number online and can get into your ex-boyfriends computer and read all of his juicy emails. In their free time they run up to ATMs and magically remove wads of cash to fund their pizza, video game, and skateboarding habits.

Hackers are so blessed as evil human beings that they even have a secret code to getting all of this done. They just “know” how to steal passwords and read instant messages. There is a golden key that hackers hold, confidential to only the worthy, which gives them a power over the common man and woman in cyberspace.

The word is gone and the real hackers are trying to get it back from the old hackers back to what it meant for the oldest hackers. The “real” hackers have now realized that getting the word back is near impossible, so they’re doing what they know best and hack a solution. That’s why we’ve got “white-hat” and “black-hat” hackers, crackers and haxors.

So what is a hacker really?

Someone who tinkers with stuff. It sounds simple and really it is. There is no magic code or knowledge that a “hacker” possesses. The solutions they find, the security vulnerabilities, Nintendo emulators inside of cell phones weren’t there before them. The hackers created them.

Children are the ultimate hackers, watch one with a set of Legos or with some super glue and see what happens. They are always pushing things to their limits. The questions children ask adults can baffle them sometimes, because, well, they weren’t expecting it. Hackers do the same thing – push stuff to do what it wasn’t quite intended to, and ask the questions others haven’t or won’t.

There is no magic code, no super formula, nothing like that. What really drives the hacker is passion for what they are doing and a curiosity about the world around them.

It’s what they find that criminals take and use to steal money and passwords, giving the geniuses a bad name at the same time.

It is a growing problem and now “Operation Spamalot” has forced big business to join forces, as the bad guys have.

Via the Washington Post:

Securities regulators yesterday halted trading in nearly three dozen companies — the initial salvo in “Operation Spamalot,” a campaign to block e-mails promoting stocks to unsuspecting investors.

The crackdown against investment spam amounts to the biggest such action in the history of the Securities and Exchange Commission. Shareholders lost tens of millions of dollars in the past year by biting on fraudulent Internet offers to “ride the bull” or win “fast money” by buying thinly traded stocks, agency officials said. They continue to investigate whether the spam emanated from third-party stock promoters, corporate insiders or both.

This has a chance to be effective as the emails are traceable (we know if they’ve been sent) and the results are hard to deny or overlook.

Stock trading in each of the companies, including CTR Investments & Consulting of Pasadena, Md., will be halted for at least 10 days, according to the terms of an emergency order that regulators sought yesterday. Authorities said that “questions have arisen regarding the adequacy and accuracy of press releases concerning the company’s operations,” according to the order.

Plus there’s money involved, that always gets things moving and makes security concerns all-of-a-sudden important.

One of the e-mails investigators released yesterday promoted the “huge news expected out on APPM, get in before the wire.” Trading volume on Dec. 18, 2006, the first weekday after the e-mail launch, rose nearly 140-fold, to 484,568 from 3,500 shares, and the stock price rose to 19 cents per share from 6 cents. Less than two weeks later, the stock of Apparel Manufacturing Associates, of Bloomfield, Conn., slid back to 10 cents per share.

Here [via SANS ].

For example:

Paradise Systems sells a product called Car-Safe, which is designed to protect your valuables while they are being stored/transported in the trunk of your vehicle.

Better yet, carry your laptop with you at all times possible.