Wednesday, February 29, 2012

Blackberry and General Mobile Device STIGs released

A couple of new STIGs and guides have been released over the last couple of days:

  • IAVM to CVE Mapping Spreadsheet - Updated February 24, 2012

  • Windows 7 STIG Benchmark Version 1, Release 8 - Updated February 22, 2012
  • IAVM 2011 Benchmarks - Updated February 22, 2012

  • IAVM 2012 Benchmarks - Updated February 22, 2012

  • BlackBerry STIG - Version 2, Release 1 - Updated February 20, 2012

  • IAVM to CVE Mapping Spreadsheet - Updated February 17, 2012

  • General Mobile Device (Non-Enterprise Activated) STIG Version 1, Release 1 - Updated February 16, 2012

Thursday, February 23, 2012

Is Firefoxforensics.com down? Missing? Replaced? Upgraded?

An anonymous commenter on this post mentioned that Firefoxforensics.com was down.  I've checked over the last couple of days, and the site can not be found by various browsers.  Whois says the domain is still good.  Has anyone heard if it is down for good?  Or, since Firefox is up to version 10, are there new tools replacing F3E?  I may have missed an announcement, if so, feel free to clue me in. 

Monday, February 20, 2012

Life Update

I know I haven't posted in a while.....

Firstly, I've been getting upset frustrated with DoD auditing in support of DIACAP, or whatever it is going to be called in the future.  After doing this auditing for close to four years, I see numerous problems with no clear-cut solution.  But, that is a post for another day.  I'll still post DoD IA posts, but expect to see more incident response / digital forensics posts.

While I started my post-college career in software development, specifically COBOL, I figured it was time to learn a scripting language.  Currently, I write many of my auditing tools using vbscript, however, it is not portable across multiple platforms.  After thinking about it for a while, I've decided to teach myself Python; so there could be some Python posts in the future.  Many of the open source DFIR tools that I've seen/used are either written in either Perl or Python, so it's high-time I learned one of those languages.

Finally, if there are (larger than normal) gaps in posting, it is because I am studying for my SANS GCIH re-certification.  Without realizing it, I took my GCFA class outside of the window where I could have used it for my GCIH re-certification credits.  Fortunately, I really like the material in the GCIH, and I put much of it into practice.  It's been fun to read the updated manuals and go through the DVD with new and updated software.

Thursday, February 9, 2012

Ovaldi error message: missing MSVCP100.dll

I downloaded the new version of Ovaldi.exe the other day, version 5.10.1.1.  After ensuring that I had the correct definition file, I kicked off a scan on a Windows 7 machine.  Rather quickly, I received the following error message:
I would love to hear any ideas to solve this.  I don't see the DLL in the zipped up package, and I don't know if this is a DLL typical to Windows 7 machines.  Googling the DLL did not yield any obvious solutions.  For the time being, I rolled back to the 5.9.1 schema, but I would like to use a newer version.

February DISA and Mitre updates

I received an email the other day that DISA has released a draft of the Internet Explorer 9 STIG.  Comments need to be submitted by 21 February.

Further, while updating my Oval definitions today, I noticed two definition files I had not seen before:  XP Media Center Edition and XP Tablet PC edition.  They might have been there a while, but it is the first time I have seen them.  (And in reality, I have not come across those editions in the DoD world, yet.)

Thursday, February 2, 2012

First Quarter 2012 STIG releases

Over the past couple of weeks, DISA has released their updates to various STIGs.  From what I have been able to compile, the following STIGs and benchmarks have been updated:

Windows 7 STIG Benchmark Version 1, Release 7 - Updated February 1, 2012
Draft IPSEC VPN Gateway STIG - Updated January 31, 2012
Draft IPSEC VPN Gateway STIG TIM Memo - Updated January 31, 2012
Draft IPSEC VPN Gateway STIG Comment Matrix - Updated January 31, 2012
IAVM to CVE Mapping Spreadsheet - Updated January 27, 2012
Microsoft Office 2007 STIG - Version 4, Release 6 - Updated January 26, 2012
Internet Explorer 7 STIG - Version 4, Release 5 - Updated January 26, 2012
Windows 2008 R2 DC STIG Benchmark Version 6, Release 3 - Updated January 25, 2012
Windows 2008 R2 MS STIG Benchmark Version 6, Release 3 - Updated January 25, 2012
Windows 2008 DC STIG Benchmark Version 6, Release 1.17 - Updated January 25, 2012
Windows 2008 MS STIG Benchmark Version 6, Release 1.17 - Updated January 25, 2012
Windows 2003 DC STIG Benchmark Version 6, Release 1.24 - Updated January 25, 2012
Windows 2003 MS STIG Benchmark Version 6, Release 1.24 - Updated January 25, 2012
Windows XP STIG Benchmark Version 6, Release 1.24 - Updated January 25, 2012
Windows Vista STIG Benchmark Version 6, Release 1.24 - Updated January 25, 2012
Network Firewall - Version 8, Release 9 - Updated January 25, 2012
Network IDS/IPS - Version 8, Release 9 - Updated January 25, 2012
Network Policy - Version 8, Release 9 - Updated January 25, 2012
Network Infrastructure Router L3 Switch - Version 8, Release 9 - Updated January 25, 2012
Network L2 Switch STIG Version 8 Release 9 - Updated January 25, 2012
Network Other Devices - Version 8, Release 9 - Updated January 25, 2012
RAS Remote Access Server STIG Version 2, Release 6 - Updated January 24, 2012
Remote Access Policy STIG Version 2, Release 6 - Updated January 24, 2012
Remote Access VPN STIG Version 2, Release 6 - Updated January 24, 2012
Remote Endpoint STIG Version 2, Release 6 - Updated January 24, 2012
Remote XenApp ICA Thin Client STIG Version 2, Release 6 - Updated January 24, 2012
JVAP Administrative STIG Version 3, Release 13 - Updated January 24, 2012
DoD Host Based Security System (HBSS) STIG - Version 3, Release 5 - Updated January 24, 2012
Windows 2008 R2 STIGS - Updated January 24, 2012
Windows 2008 STIGS - Updated January 24, 2012
Windows 2003 STIGS - Updated January 24, 2012
Windows 7 STIGS - Updated January 24, 2012
Windows Vista STIGS - Updated January 24, 2012
Windows XP STIGS - Updated January 24, 2012
Gold Disk (*PKI) - Updated January 23, 2012
zOS STIGS - Updated January 23, 2012
zOS STIGS (*PKI) - Updated January 23, 2012