Shopping for Best Laptop (for under $800) with QuadCore i7 for the new year.

Heres some deals that I am looking at. My goal is to buy the best laptop for under $800 since I can now get one with a i7-quad core processor and I like to upgrade them myself, there’s no reason to pay over $1,000 for a laptop anymore, unless you want a Mac and I prefer Microsoft to Mac so here are the best deals I am finding so far on Amazon…

HP Envy dv6-7247cl 15.6″Laptop, Intel® CoreTM i7-3630QM, 8GB RAM, 750GB HDD, Beats Audio, Windows 8
HP Envy dv6-7247cl 15.6″Laptop, Intel® CoreTM i7-3630QM, 8GB RAM, 750GB HDD, Beats Audio, Windows 8

Toshiba Satellite S855-S5379 15.6-Inch Laptop (Ice Blue Brushed Aluminum)
Toshiba Satellite S855-S5379 15.6-Inch Laptop (Ice Blue Brushed Aluminum)

HP Envy dv6 Laptop(Latest Model), Intel 3rd generation Core i7-3630QM 2.4Ghz, 8GB RAM, 750GB HD, 15.6″ 1366×768, Beats Audio, Windows 8
HP Envy dv6 Laptop(Latest Model), Intel 3rd generation Core i7-3630QM 2.4Ghz, 8GB RAM, 750GB HD, 15.6″ 1366×768, Beats Audio, Windows 8

Toshiba 15.6″ Laptop with Intel® CoreTM i7-3630QM Processor, 6GB memory, 640GB Hard Drive, Windows 8 – Mercury Silver
Toshiba 15.6″ Laptop with Intel® CoreTM i7-3630QM Processor, 6GB memory, 640GB Hard Drive, Windows 8 – Mercury Silver

Acer Aspire V3-571-9890 15.6-Inch Laptop (Black)
Acer Aspire V3-571-9890 15.6-Inch Laptop (Black)

Dell Inspiron i15R-2369sLV 15-Inch Laptop
Dell Inspiron i15R-2369sLV 15-Inch Laptop

And then we have this Lenovo Edge E430 3254ALU i7-3720QM 2.60-3.60GHz 8GB 500GB 7200rpm DVD-RW 14″ LED which is right now being sold for $814 by third-party dealer.

Defcon Preview Video

This is a preview of a forthcoming documentary about Defcon which was filmed at Defcon 20 and is supposed to be free when released. Enjoy the preview it is cool.

Getting the Print Spooler back in the Services List!!

I have had this happen in a domain environment because of trying to give a regular user permissions to start the print spooler service. The solution was hard to find on the internet so here is how I did it. Go to an administrator command prompt on one of the affected servers that no longer had the print spooler service in the services list and type …
sc sdshow spooler (just to check that the permissions is the problem.) If you see anything but this
D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWRPWPDTLOCRRC;;;SY) S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD), you may have a permissions problem. To be sure, many commands would have been giving you the error 5 Access is Denied message, for example if you type net start spooler and got the access denied message, this tip may in fact help you. I need to give credit to the few blogposts that helped me solve this problem… and (a post on Technet about Printer Redirection problems).

Anyway once I typed in sc sdset spooler D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWRPWPDTLOCRRC;;;SY) S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) The spooler reappeared on all of my servers and workstations and started itself and everything was back to normal.

nice office setup

homeoffice

Apologies…I forgot to link this blog as well…

Cleaning Up after Citadel – Department of Justice Ransomware (FakeDRM.bj)

Citadel Malware Screen

Citadel Malware Ransomware Screen

A client of mine was hit with a variant of the Citadel Ransomware yesterday. He was just surfing the web and looking for a movie to watch, when he was hit by the drive-by download. It placed a big old warning message with Your Computer Has Been Blocked on the left and The United States Department OF Justice warning on the right, and a picture of a naked girl in a sexual position near the bottom, while asking for a moneypak payment to unlock the computer.
Upon receiving the computer, I rebooted and used a Kaspersky Rescue CD to boot and scan the harddrive. It found the following files… 4 files labeled as “Trojan.Downloader.WMA.FakeDRM.bj” and 10 files labeled as “Win32.Katusha.n”. The exact filenames don’t matter because they are just a bunch of random letters and numbers. After I deleted these 14 items with Kaspersky, I took out the cd and rebooted.

Upon reboot, the computer came on and about a minute after being on, the warning screen came back on, which I was happy about because I wanted to get a closer look and a picture. Upon looking at the bottom of the screen I noticed there was a small black square that was blurry but changing and I moved aroung and noticed a picture of me there, as the web cam was recording and putting my picture right in the page next to the naked girl porno warning. I covered up the webcam with some tape and started to begin experimenting with the computer to see what I could do. After taking a picture of the screen for documentation purposes, I tried to do a few things and was surprised that it actually let me open up some windows and folders, I immediately noticed that it had created another false partition and a bootsect.bak. I rebooted into safemode and deleted all the recent temporary files and then used RogueKiller to run a quick scan and removal of about 8 registry keys and a batch file. I was still not out of the woods, but I was in total control of this bad boy at this point.

I downloaded MalwareBytes and let that scan and it found 15 items, mostly in the ProgramData folder. Check out the pictures for more detailed info. After deleting everything MalwareBytes found I uninstalled Microsoft Security Essentials and installed BitDefender. This is not the first time I have seen Microsoft Security Essentials fail to protect against older known malware. After removing everything to this point and rebooting, the computer seems back to normal, I am still searching through the registry and all folders for any remaining traces. Bitdefender and MalwareBytes are both returning completely clean and it really wasnt that difficult to remove this so I am still wary that there may be traces left behind. Scan findings 1Kasperskyrescuescan

Microsoft Security Compliance Manager Gets an Update (V3BetaRelease)

I have been involved in testing all aspects of Microsoft Group Policy for awhile, but I really never gave Microsoft’s Security Compliance Manager too much time, until now. I decided if I was going to really master Group Policy and everything it has to offer, that I need to utilize all the different utilities out there that Microsoft offers. I know there are many great third-party tools, but Microsoft has always offered many extra add-ons and Security Compliance Manager is one of my favorite. First I am going to discuss the old version of SCM v2.5. SCM is basically a package that you can install on your Main Administration computer which brings along a collection of Microsoft Baselines for Windows XP, Vista, 7, Server 2003, and 2008. These baselines are a combination of group policy settings that have been developed by Microsoft to offer a secure and compliant baseline for Windows XP, Windows 7, Internet Explorer 8, Microsoft Exchange 2007 & 2010, Office etc.

The Security Compliance Manager 2.5 includes all Operating Systems and Applications up to Windows 7 SP1 and Office 2010. You are able to explore the settings put into place in each of the baselines, before duplicating them, and then editing each of the settings to better resemble what you need in place for the networks that you are administering. SCM allows you to export the baselines to a Excel Workbook (.xlsm), a GPO Backup, SCAP v1.0(.cab), SCCM DCM 2007 (.cab), or a SCM (.cab). I have found the easiest one to work with in order to import the settings directly into the group policy management editor to be the GPO Backup.

Security Compliance Manager

Here is what the Security Compliance Manager looks like

I had just installed SCM v2.5 on my laptop when I thought about searching for a new version for Windows 8 and Server 2012. I then found out that in order to get the update you must join a Microsoft Connect Beta Program. So basically all you have to do is sign up and then you can download the SCM v3.0 Beta refresh. Microsoft describes the program like this … “Secure your environment with new product baselines for Windows Server 2012, Windows 8, and Windows Internet Explorer 10. The beta releases of Security Compliance Manager (SCM) 3.0 provide all the same great features for these new baselines, as well as an enhanced setting library for these new Microsoft products. The beta releases include fixes that resolve many previously reported issues in the setting library. The updated setting library also gives you the ability to further customize baselines. SCM 3.0 provides a single location for you to create, manage, analyze, and customize baselines to secure your environment faster and more efficiently.”

Note that there are 2 downloads for the SCM 3.0 Beta, the first “SCM 3.0 Beta” is the entire application and the second is “SCM 3.0 Beta Refresh” which is basically updated baselines only that you can import into the application.