Bittorrent Sync changes name to Resilio Sync. What’s the deal?

It looks like Bittorrent Sync has been deprecated (basically the name) and its developers have left the Bittorrent name to form a company named Resilio. Well, at least that’s what Bittorrent Sync is saying. They claim that the application Bit Torrent Sync is no longer being maintained or updated. The new application is now called Resilio Sync, and when you update it you see the following: resiliosync

I’ve been using Bittorrent Sync for a few years to basically keep a backup cloned copy of important folders on two of my laptops. It works great

Windows Server 2016 TP 5 leaks out as a torrent. heres the product keys

It is confusing why this technical preview has not been released to the public yet, since it is version 14291, and the windows 10 technical preview build is already 14316, but I’m guessing that maybe they are going to release technical preview 5 as a later build, hopefully one that is more similar to the latest windows 10 preview build. It is very strange that it wasn’t released to the public, because at build, there were some sessions that mentioned Server technical preview 5 and said it was going to be released soon, but it’s been almost a month and still nothing. However, since the torrents are available to download I tried it out, and if you install it over technical preview 4, it’s going to ask for a product key, (if you clean install, it lets you skip this by selecting I do not have a product key). The product keys accepted are the same as the technical preview 4 release, and I will list them below:
Server 2016 Datacenter TP5 Key: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Server 2016 Essentials TP5 Key: FVPY2-6KNF7-8CKF8-YHJDY-BBDJ8

Should we let the FBI access our encrypted data?

The strong encryption debate… I have been researching FBI Director James Comey’s “Conversations” with the House of Representatives and with U.S. Senators, as well as anything having to do with the subject for the past 6 months or so. This has been taking up most of my time, as I am using the research for several courses in my last semester at W.G.U. My first research paper is for my English course and it just needs to be about 10-15 pages, however it has been taking me a long time since I keep finding more sources, and I am just about done with my annotated bibliography. This bibliography needs to have 10 sources cited using A.P.A formatting, along with a summary, Source Credibility, and Source Relevance for each source. This ‘annotated bibliography’ is almost 10 pages long itself, and I am looking into cutting it shorter to save some of this information for the actual paper.

Anyway, my thesis is similar to the following…
The United States government should not implement legislation to require device manufacturers and internet communications firms to put backdoors into their devices for law enforcement to be able to access users' encrypted data because this would only hurt United States companies since users wanting encryption would simply use services and devices from outside the United States and further complicating encryption with mandated exceptional access will only cause already complicated software to become more complicated and therefore will lead to more vulnerabilities. Backing up my argument I use the relatively small amount of available credible sources on this subject. I have had to use Hearings on C-Span and magazine articles since I have only found about 5 scholarly journals on the subject (available without paying a fee online).

Now of course, anyone who really understands encryption knows that only the sender and the receiver should be able to know what is in the message. However, this has actually become rare, as cloud services often keep a key that they use to be able to get into your data if they are presented with a court order. For example, Dropbox, OneDrive, and Google Drive all tell you that your data is encrypted, but that doesn’t mean that the provider cannot find out what you are storing, as long as you don’t pre-encrypt what you upload to the cloud, they have to be able to show you your data, like when you use a browser to access your cloud storage. This means that if the government goes to Google and gives them your email address, they can access your cloud drive data and give it to law enforcement. There are solutions that allow you to pre-encrypt your data before you send it up there (into the cloud storage) but what then happens is that if you use the providers methods of accessing the data, it will then be encrypted and unreadable until you use your encryption solution to enter the key and then be able to read your data again.

New York and California are attempting to pass legislation that will require device manufacturers to be able to decrypt any devices sold in those states, however, it is easy enough to purchase a mobile phone from anywhere in the world on the internet, so I don’t see how this is going to affect terrorists or criminals, who will most likely just purchase phones from elsewhere if this becomes law. If you want to read my paper you can download it from the following link, just click below and save it to your computer.
EncryptionResearchPaperFinalDraft
Encryption: Decriminalizing Necessary Security – DOI: 10.13140/RG.2.1.4874.0888
https://www.researchgate.net/publication/292604299_Encryption_Decriminalizing_Necessary_Security

Try the new Amazon Kindle Unlimited for free for 7 days, then 30 more

I just received Kindle Unlimited 7 day trial and they are letting me read any books I want for 7 days, well that’s not long enough to even read one book when you are doing a million other things, but its nice to be able to read anything you ever wanted to check out for free, even if its only for a week, UPDATE: After you finish your 7 days, Amazon will shoot you an email to extend the trial for another 30 days, then you have to click the link in the email, sign back into Amazon, and then….

Well, that’s where it gets tricky, I was on my phone this morning and I did what the email said, only to then log in and be on a screen that said, CONTINUE YOUR AMAZON UNLIMITED Subscription… so I’m gonna do some more hunting around to figure out how to extend the trial for 30 days more, but I wanted to update this post, so the 7 day trial won’t discourage anyone from giving it a shot.

Click the following link to check out the kindle store, you may have to do a little digging to get the free trial but it is available if you never used it before.
Shop Amazon – Kindle Book Deals

EMET 5.5 Beta available now

Emet IconMicrosoft has released a Beta version of its EMET tool. You can download it from here: http://www.microsoft.com/en-us/download/details.aspx?id=49166 This was released back in October but I have been running version 5.2 for a long time, so I installed the new Beta version to see whats new. If you are running an older operating system such as Windows Vista or Windows 7, you probably won’t benefit from any new features much but if you are running Windows 10 or Server 2012r2, I would suggest trying it in a lab environment first before deploying it to any production environments.

Changes to the GUI interface include most noticeably a new section that says “Block Untrusted Fonts”. This setting is included to support Windows 10 only. Other new features include better configuration of various mitigations via GPO, however I am still trying to figure out how not to crash the app when clicking on the Group Policy button. There are also EAF/EAF+ pseudo-mitigation performance improvements. More information can be found on the technet blog.

The first bug I found on my Windows 10 system was that there is a new button that says Group Policy in the toolbar on the top left. I clicked the button and a box opened up that said the name of my domain at the top but it also said LOCAL GROUP POLICY and it eventually crashed the emet gui dashboard before anything else happened. I collected a dump and I’m analyzing it as it may be related to my Domain’s group policy settings anyway, so this may not affect you as it did over here. However, this crash happens on more than one computer so I sent it in to Microsoft’s Emet feedback.

After uninstalling SCCM tp3 “successfully,” System Center Configuration Manager TP4 refuses to install

So, I uninstalled System Center Configuration Manager Technical Preview 3 last night. The uninstaller said it was successful, however when attempting to install the newest technical preview on the same machine, I was met with the following failures:

  1. Remote Differential Compression is needed, Well, this is already installed and has never been a problem before on this machine.
  2. Previous components are still installed from an earlier installation of System Center Configuration Manager.
    Really?, the uninstaller said it was able to uninstall everything, I even went into the registry and deleted anything related to SMS or SCCM tp3.

So, this was of course very annoying and I spent a couple hours trying to solve this problem, by reading the logs, and hunting through the registry, but after searching the web I found posts that suggested starting the RemoteRegistry service, and although I had it set to start automatically, it must have not started itself, so I just went and started it, now I am installing.
Update: even after starting the remoteregistry service install still is stuck with the same two prereqchk errors

this is still not solved…

System Center Configuration Manager Technical Preview 4 Available Now

System Center Configuration Manger

You can download the latest preview of System Center Configuration Manager and Endpoint Protection now from the Technet Evaluation Center. I have not seen any posts or documentation detailing anything specific to the 4th preview, so it must have just been released. Hopefully they have fixed a bug that I have found in the 3rd T.P. where the application catalog and the application catalog web service roles will not install because of a IIS version check error. I have been getting the error that IIS version 7 or above must be installed, however version 10 is installed along with all of the required prerequisites, so I am about to install it and check what has changed in this new preview version.

As with the other technical preview versions of configuration manager, this preview is also only good for 60 days, and upgrades are not supported, (which is annoying if you have been using the 3rd technical preview. I am going to have to uninstall the TP 3 before installing the 4th Technical preview.

Detecting WinShellEventLogging malicious tasks with Pooface, Spdc32.exe, and CBInt.exe Malware

There is this annoying malware that I found on a bunch of computers that seemed to be just downloading adware and several malicious programs. Most of the files were not recognized or cleaned automatically by Microsoft Windows Defender. I first noticed this malware when looking in Task Manager and seeing a few executables running that did not belong. There was spdc32.exe, SBCint.exe, and Pooface.exe. Upon killing these processes, and hunting for the source of these files, it seemed to start in the Windows\Temp folder. However, this most likely was related to two Task Scheduler tasks that were found in all of the infected computers. These tasks were called WIN Shell EventLogging and WIN Shell EVENT NOTIFICATION. If you have these tasks in your task scheduler, disable them immediately and then delete them, all that they do is download more spyware/adware/malware secretly into your temp folders.

If you look in task manager or Process Explorer and see spdc32.exe, or SBCint.exe, or pooface.exe, or if you see any folders in the Windows\TEMP directory that look like these pictures, there’s a good chance that you also may have this CRAPware lurking somewhere. The most interesting thing about this set of malware files is that it spread around the network and was only affecting the WIndows Server 2012R2, or WIndows 10 technical previews. It did not seem to infect windows 7 desktops or Windows 8.1 either. The source of this malware is still being investigated, but I have a feeling it may have been introduced with a torrent ISO download of one of the earlier WIndows 10 Technical preview builds, as this is where it seemed to originate. The good news is that after simply deleting all of these found executables and tasks, the computers seem to be clean, and we are looking at them very thoroughly. However before deleting these files, I took hashes of them and added Software Restriction Policies forbidding running any of these executables on all of the machines in this network. AppLocker has also been introduced however, we are still running in audit mode at this time. If you have any questions about this malware please contact me because I could not finish the article as I am now in the hospital for almost 2 months. poofaceEXEfileLocationblowfishDLLsLocation

Some of my favorite sessions from Microsoft’s Ignite Conference (Mark Russinovich & Paula Januszkiewicz)

Malware Hunting with Sysinternals Tools
Date: May 6, 2015 from 5:00PM to 6:15PM Day 3 Arie Crown Theater BRK3319
Speakers: Mark Russinovich

Adventures in Underland: What Your System Stores on the Disk without Telling You
Date: May 8, 2015 from 12:30PM to 1:45PM Day 5 E450 BRK3320
Speakers: Paula Januszkiewicz

Recalling Windows Memories: A Useful Guide to Retrieving and Analyzing Memory Content
Date: May 8, 2015 from 9:00AM to 10:15AM Day 5 S102 BRK2342
Speakers: Paula Januszkiewicz

Hidden Talents: Things Administrators Never Expect from Their Users Regarding Security
Date: May 7, 2015 from 3:15PM to 4:30PM Day 4 N231 BRK3323
Speakers: Paula Januszkiewicz

The Ultimate Hardening Guide: What to Do to Make Hackers Pick Someone Else
Date: May 7, 2015 from 10:45AM to 12:00PM Day 4 S503 BRK3343
Speakers: Paula Januszkiewicz

Hack Proof Your Clients And Servers in a Day – (Ignite Session)

This video was recorded at Microsoft Ignite conference last week, and it was one of my favorite sessions. Marcus Murray and Hasain Alshakarti demonstrate some hacks using the Metasploit Framework, Mimikatz, and PowerShell. They show you how easy it is to gain access to any system, to steal the passwords from Windows servers and clients, and also how easy it has become to evade anti-virus. They also offer many reasons why you should not be using the same passwords on more than one website. My advice is of course to start using LastPass everywhere. Here’s a referral link for Last Pass Premium: https://lastpass.com/f?169066 … Enjoy the video@!