WinAPIOverride32:an advanced api monitoring software.

WinAPIOverride32 is an advanced api monitoring software.You can monitor and/or override any function of a process. This can be done for API functions or executable internal functions.It tries to fill the gap between classical API monitoring softwares and debuggers.

It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application.

Main differences between other API monitoring softwares :

- You can define filters on parameters or function result
- You can define filters on dll to discard calls from windows system dll

- You can hook functions inside the target process not only API

- You can hook asm functions with parameters passed through registers

- You can hook hardware and software exceptions
- Double and float results are logged
- You can easily override any API or any process internal function
- You can break process before or/and after function call to change memory or registers

- You can call functions which are inside the remote processes

- Can hook COM OLE and ActiveX interfaces
- User types (enum, struct and union) and user defines are supported
- All is is done like modules : you can log or override independently for any function
- Open Source
- A library is provided for developpers who intend to build their one hooking software

http://jacquelin.potier.free.fr/winapioverride32/

RTIR -A premiere Open Source incident handling system.

RTIR is the premiere Open Source incident handling system. We worked with over a dozen CERT and CSIRT teams to build a world-class incident handling system. RTIR helps you handle the ever-increasing volume incident reports. RTIR lets you tie multiple incident reports to specific incidents. RTIR makes it easy to launch investigations to work with law enforcement, network providers and other partners to get to the bottom of each incident and to track it through to a successful resolution.


It's easy to integrate RTIR into your existing systems and workflow. With open source code, a rich API and a vibrant community, RTIR can be tied into many external systems with only a few lines of configuration or a few minutes of programming. If you're using a publicly available product as part of your incident handling workflow, someone has probably already integrated it with RTIR

Download From:

http://www.bestpractical.com/rtir/download.html

Google Criticized for 'Buzz' Privacy Faults

Google has announced it will ask all users to reconfirm their preferred privacy settings on its social networking site 'Buzz'. It follows a controversial launch in which many believed, correctly or otherwise, that their privacy had been compromised.


Buzz is Google's rival to Facebook and Twitter. It's integrated into Gmail and allows users to follow and reply to posts made by people they decide to follow on the service.

The service also allows users to share information from other Google-owned services such as Google Reader (an RSS newsreader) and picture-sharing site Picasa. It was clearly designed to encourage users to spend more time in Gmail and thus be more attractive to advertisers.

Automated 'Followers' Idea Backfires

The big problem with the launch was that Google decided to "help" users by automatically adding in some online followers from their email address book. This annoyed many users as they felt some of their information was now being shared with other people without their permission.

In one extreme case, a woman said she was automatically made a Buzz contact of an abusive ex-partner who only appeared as a regular email contact because they had been sending harassing messages.

FTC Commissioner Critical of Service
To make things worse, many users were in the dark about the implications of the Buzz service, with some believing their entire email history had been exposed. Others found opt-out settings but, because of the close integration, believed that turning off Buzz could only be done by quitting the email service altogether.

A privacy watchdog and several politicians complained about the move to the Federal Trade Commission. Although not a formal response to the complaints, one commissioner later said "I do not believe consumer privacy [considerations] played any significant role in the release of Buzz." (Source: bbc.co.uk)

Google Confirms Test Failure

Google later admitted it had only tested the service on its own staff rather than the usual test panel of employees' friends and family. That may have meant the results were distorted, as Google workers may have been more tech-savvy and less concerned about privacy implications than the general public.

Shortly after the launch, Google responded to criticism by simplifying the processes for blocking "followers," changing privacy settings or quitting Buzz altogether, but this only applied to new Buzz users. The firm also dropped the automated following system and replaced it with a list of suggested contacts.

This week's announcement goes a step further: the firm will now ask every user to specifically change or reconfirm their privacy option settings. That move, albeit late in the day, will go some way towards answering criticism that both Buzz and other social networking services need to adopt a policy of making all user data as private as possible until the user specifically says otherwise. (Source: pcmag.com)

Payment Card Industry Rock

Do you remember those old School House Rock commercials from the 70’s? I do, in part because someone gave my kids a DVD set with all of them on it. And apparently the folks at the PCI Council remember them too, because they’ve created a video that looks a lot like those old commercials. My favorite part is the fact that Bob Russo let a cartoon version of himself be part of the video. I wonder if the real Mr. Russo can sing and play the guitar?

StreamArmor – Discover & Remove Alternate Data Streams (ADS)

What are ADS (Alternate Data Streams)?

If you’ve had any experience with advanced malware or Windows forensics you’d already know what ADS are, but if you haven’t is a lesser known feature of the Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. Any such stream associated with file/folder is not visible when viewed through conventional utilities such as Windows Explorer or DIR command or any other file browser tools.


StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams.

StreamArmor has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams. StreamArmor is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly.

Platform

Windows XP, 2K3, Vista, Longhorn and Windows 7 (both 32 & 64 bit versions) On 64 bit platform, only 32 bit processes are supported.

You can download StreamArmor v1.0 here
http://www.rootkitanalytics.com/tools/streamarmor.php