There’s some other cool new features including Favorites and support for new large sector disks (waiting for these to come down in price).  You can read the full Truecrypt change log here.

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

LastPass is free!

LastPass Premium (no ads, mobile support) is only $1 a month!

LastPass imports from over 20 password managers

Go check it out now.  I’ve already switched from KeePassX and Firefox Password Manager.  I’ll be getting the rest of my family moved on to it this weekend.  If you still need more convincing Episode 256 of Security Now, Steve Gibson walks listeners through the LastPass architecture.  Also don’t forget to run the LastPass Security Challenge — it will score you based on your average password strength, use of two factor authentication, blank passwords, duplicate passwords, etc.

FYI:  Chris and Ryan hosted TruTV’s Tiger Team show which had a shorter life then the Microsoft Kin.

• Increase in criminal use of digital technology
• Lack of dedicated personnel
• Need for better training at multiple levels
• Need for improvements in information sharing and collaboration
• Need for better reporting, strategy and policy

I learned via Twitter from Alejandro, whose twit handle is @microtwit32, that NoScript, the favorite script blocker for Firefox, quietly added support for tabnabbing. We talked about tabnabbing last week or the week before. Remember that that’s an interesting exploit where pages that you’re not viewing currently, for example in Firefox, can be changed in a way that, if you went back to the page, it could easily fool you to believe that your eBay session had timed out, or Google Mail session had timed out, or something saying, oh, please, reauthenticate. The idea being that the page changes when it’s not the tab on top, so you’re not viewing the page at the time, don’t notice that it changed from something completely different to something that is spoofing one of the services that you are using.

It turns out that scripting is powerful enough now to allow a probing of the services you do use so that a sufficiently sophisticated script could figure out what it is that, like, what banking site you tend to use, and present something convincing on the tab that you’re not viewing. So when you switch back to that, it’s like, oh, look, my banking site says I need to log in again. So what our NoScript author did at v1.9.9.81 and since – I went back and looked through the update and feature notes. He quietly added a new option which is not – it does not surface to the level of the user interface. So it’s not a button you can click on the UI. But if you go, if you put into the Firefox browser’s URL field “about:config” and hit Enter, that will take you to a huge page of alphabetically sorted security and UI and every kind of option under the sun that basically governs in great granular detail the way Firefox operates.

The item you’re looking for is noscript.forbidBGRefresh, as in background refresh. So again, it’s noscript.forbidBGRefresh. Now, that can have a value of 0, 1, 2, or 3. 0 is no change of behavior at all, no blocking of background page refresh changes. 1, which is the default mine had been set to, blocks refreshes on untrusted, unfocused tabs only. Now, trust and untrust is relative to NoScript, that is, have you said that you trust this page, like Amazon.com, for example, or not. The setting of 2 blocks refreshes on trusted, unfocused tabs. I don’t know why you would choose that because it doesn’t block them on untrusted tabs. But setting 3 blocks them on both trusted and untrusted tabs.

And I changed mine to 3 because I can’t really see a valid reason why, whether I trust a site or not, if I’m not looking at the page, I don’t think it needs to change what I’m not seeing. And in fact I’ve noticed that I’m sometimes distracted when I notice a page that I’m not looking at is changing, is, like, refreshing. Some script timer timed out, and it’s changing the ads on the page, or it’s refreshing the whole page in order to get new content or something. Well, I’d just rather not have it do that behind the scenes. So I like the fact that NoScript now lets us prevent any nonfocused page from changing itself. Seems like a useful thing to do.

Do you ever receive a suspicious file via email or hesitant to download software from a webpage?  You can upload the executable to one of the malware analyzers below and they’ll run it through several different AVs and give you the results. CWsandbox will also take a basic attempt to reverse engineering the app and let you know what type of handles it’s creating. Some very neat tools….

• http://www.virustotal.com/
• https://cwsandbox.org/
• http://anubis.iseclab.org/
• http://sandbox.norman.no/
• http://www.joebox.org/
• http://fileadvisor.bit9.com/
• http://www.mwanalysis.org/