Having just installed Windows 7, like many people since its release, I ran into a perculier problem. Windows 7 was able to detect that my Apple Time Capsule was serving up its disk and, as a result, was prompting my shiny new Windows 7 box to authenticate for access. I tried using the Airport password…nothing…I tried changing my Time Capsule to use a static password for network disk access…still nothing. It turns out that this solution fixed everything.

Here are the details:

Open the Local Security Policy MMC applet, you can do this by searching for Security in the start menu or from the command prompt by typing:

%windir%system32secpol.msc /s

Once there open the Local Policies folder, then the Security Options view. From there find “Network security: LAN Manager authentication level” – you will probably find this is set to “Send NTLMv2 response only” – change this to “Send LM & NTLM – use NTLMv2 session security if negotiated” – this does lower your security level but is pretty much required to work with anything pre-vista.

Further down you should see “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” – you may have to make sure that both require boxes there are unchecked as well.

This should get your Time Capsule, Airport Disks, and Pre-Vista SMB/CIFS shares working again!

Though this does lower the security constraints imposed by Windows 7 (for your benefit) it shouldn’t make much of a difference in a mixed, non-domain enabled, environment….plus no reboot required! 🙂

P.S. Special thanks to the DotBlag.Com blog for this little gem.

Whilst looking through some of my Google News RSS feeds I noticed a press release that made me groan, laugh, and angry…all at the same time. Who is marketing writing these press releases for anyway? They certainly aren’t writing them for the technicians implementing the products who care nothing for the buzzwords and standard slime phrases, nor are they writing them for decision makers with their vague statements that don’t mean anything.

It begs the question: “Who is the target audience of your Marketing department?”

Let’s take a quick look at some recent press releases as examples:

Example 1: Original MARS Creators Set Out to Take Cisco Users Beyond CS-MARS

The Goods: The package offers a cost-effective migration option in response to those users assessing the recent Cisco policy of diminished CS-MARS support of non-Cisco devices. AccelOps’ founders, who previously created Cisco’s popular security monitoring appliance, offer a holistic monitoring approach that results in greater operational control, efficient incident response and compliance automation beyond that of current SIEMs (Security Information Event Management systems).

Leveraging a breakthrough architectural framework and dynamic Web 2.0 GUI, AccelOps combines powerful analytics engine, automated CMDB and event consolidation, intelligent anomaly detection, innovative identity and location binding, business service impact awareness and prioritization, robust search and reporting, and optimized data management for real-time and long-term data analysis.

Come on….”a holistic monitoring approach that results in greater operational control, efficient incident response and compliance automation beyond that of current SIEMs“. I suspect that if you call 10 SIEM vendors and ask them if their product provides the aforementioned “features” all 10 will say an emphatic “YES!”. Not only that, but they’ll say that they’re the only ones that do it.

Example 2: Aspect Delivers New IT-Ready Quality Management Capabilities in Productive Workforce UC Application

The Goods: PerformanceEdge® Quality Management 3.0 offers a number of features for improved business processes across multiple agents, sites and platforms. New capabilities provide cradle-to-grave interaction tracking, enhanced security and compliance, improved alerting, redundancy, system management, and increased features for outsourcers, allowing for full-time call logging and quality recording in mid- to large-sized call centers. The new features add significant value to Productive Workforce, enabling companies to leverage robust, scalable quality management.

“Cradle-to-grave interaction”….”enabling companies to leverage robust, scalable quality management”…..jeeeeeeeez. Try using some real words and not mumbo-jumbo.

Example 3: Tufin Extends Security Lifecycle Management Across the Network With Support for Devices From Juniper Networks, Cisco, HP and Others

The Goods: By extending Tufin’s comprehensive, automated change tracking, in-depth security policy optimization, and built-in compliance reports across heterogeneous network infrastructures, Tufin enables organizations to cost-effectively manage network security policy, eliminate manual, error prone processes, comply with regulatory standards, and minimize IT risk. Supporting the broadest set of network infrastructure, Tufin continues to demonstrate its ability to innovate and successfully execute on its vision for Security Lifecycle Management.

If a company couldn’t “continue to demonstrate its ability to innovate and successfully execute on its vision” it wouldn’t be in business for very long in a competitive space. Why bother writing this?

As far as I can tell these press releases are drafted for the benefit of marketing people and their competitors, not the people actually looking to purchase the products. Whenever a technical person reads over one of these press releases a little part of them dies inside whilst another part tries to keep them from vomiting a little in their mouths. Whenever a manager reads a press release they leave with more questions than they had before they read the press release. Press releases of this nature are a breeding ground for anger and confusion.

Business owners, please do everyone a favour and tell your marketing team to stop spurting stupid.

Thanks to Syngress, and their great discounts lately, I have a full forensic library to read through this fall (and probably through the winter). Also, I blame Rob Lee for my new found love of forensics.

Here are some of the books that I have picked up recently:

Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin, Eoghan Casey, and James M. Aquilina

Product Description
Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of “live forensics,” where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss “live forensics” on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system.

UNIX and Linux Forensic Analysis DVD Toolkit by Chris Pogue, Cory Altheide, and Todd Haverkos

Product Description
This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or “live” UNIX environment where readers can test the skills they’ve learned in the book and use custom tools developed by the authors.

Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit by Ryan R. Kubasiak, Sean Morrissey, and Jesse Varsalone

Product Description
This book and companion DVD provide digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. The companion DVD contains custom tools developed by the authors, which can be used in real-life digital forensic investigations.

Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan Carvey

Product Description
Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book’s companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author.

SQL Injection Attacks and Defense by Justin Clark

Product Description
SQL injection represents one of the most dangerous and well-known, yet misunderstood, security vulnerabilities on the Internet, largely because there is no central repository of information to turn to for help. This is the only book devoted exclusively to this long-established but recently growing threat. It includes all the currently known information about these attacks and significant insight from its contributing team of SQL injection experts.