I just started playing with this (great find by the way) and I really like the tool. However, be aware that you have to install Winpcap on any machine you want to use the packet sniffer on.

So far I must say I am very impressed.

That's funny, not something I would think to do (I'd just use LC5, John the Ripper, or something similar), very clever.

Is there ANYTHING that Google CAN'T do?

Many of the times listed in event logs are in the WMI time format (why they decided to use this format in the event logs I'll never know), here is a VBScript Function to convert them to a more easily readable format:

<CODE>

strDate = InputBox("Enter the WMI timestamp here")
wscript.echo WMITimestampConvert(strDate)

'#--------------------------------------------------------------------------
'# FUNCTION.......: WMITimestampConvert()
'# PURPOSE........: Converts WMI Timestamps to a more friendly format.
'# ARGUMENTS......: dtmInstallDate = The WMI timestamp to convert.
'# EXAMPLE........: strDate = InputBox("Enter the WMI timestamp here")
'# wscript.echo WMITimestampConvert(strDate)
'# REQUIREMENTS...: Tested on Win2k, XP, WS2003. Should work on Vista and
'# WS2008.
'# NOTES..........: In the example above, if you enter the WMI timestamp
'# 20011120042924.000000+000 the script will return:
'# 11/20/2001 4:29:24 AM (this is un UTC time, the offset
'# would be different (unless you are in the UTC time
'# zone).
'#--------------------------------------------------------------------------
Function WMITimestampConvert(dtmInstallDate)
WMITimestampConvert = CDate(Mid(dtmInstallDate, 5, 2) & "/" &_
Mid(dtmInstallDate, 7, 2) & "/" & Left(dtmInstallDate, 4) &_
" " & Mid (dtmInstallDate, 9, 2) & ":" &_
Mid(dtmInstallDate, 11, 2) & ":" & Mid(dtmInstallDate, 13, 2))
End Function

</CODE>

For *NIX try 'uptime', for the Win32 equivalent, go here (this is a Microsoft link) http://download.microsoft.com/download/winntsrv40...

Try 'uptime /a' on your system to get a nice set of information.

That's pretty odd. Was the same version of TC on both machines? I've moved drives that have TC on them plenty of times, and never run into that issue. /wonders_if_he_should_quickly_make_some_unencrypted_backups :)

No, can't say that I have. What kind of issues did you have?

I use a blended solution (Linux based):

Email is routed at our gateway to a linux server where it is received and processed by Postfix, which then passes it to Postgrey, and then in to the AmavisD process, where it is filtered for Virii (checked by ClamAV with an F-Prot backup if ClamAV fails), then passed through Spamassassin, Vipul's Razor, and Pyzor before finally being passed to Exchange for SPAM filtering there. Once it has passed all these tests it is either delivered to the user as good, or to me as possible spam depending on it's spam score.

To be honest it works quite well, but is kinda labor intensive (lots of updating to be done, and I have to check an average of 45 possible spam email per day). I've been thinking about moving to an appliance, but I can't decide between the Barracuda and the IronPort solutions (I hear good things about both). Then again a good friend of mine uses Postini and says it works awesomely.

If I ever get the time this is a big research project I want to work on. Too bad i can convince the vendors to send me eval units.

Hmmm, while I'm not sure about the wisdom of sticking a magnet into a server case I am a sucker for anything with an LED light AND a magnet in it. I've been trying to reason with myself about why I DON'T need this thing, but I have a feeling that I will be buying one before the day is out lol.

I still prefer TrueCrypt, and as of the 6.0 release it does full disk encryption. One of the neat features about TrueCrypt is the "plausible deniability" feature, which allows you to create hidden containers inside other containers, and now hidden OS's (haven't tried that one out yet, I don't really have much use for it).

However be aware that Bruce Schneier just found a bunch of holes in the plausible deniability thing (his findings were for v5.3), so take that part with a grain of salt. I believe in reading his findings that the plausible deniability thing will work for anyone not facing the NSA or any other alphabet soup government agency.

I use it solely to protect sensitive data that might be lost or stolen (pretty much my laptop and USB drives).

Man I feel your pain. I really feel that it is high time to design and implement Email 2.0, since email was not designed for any kind of security from the start, and what has since been added on security wise is vague at best (check out RFC 2554: http://www.faqs.org/rfcs/rfc2554.html).

As someone that deals with spam on a daily basis I can tell you that the situation is completely out of control (more than 78% of the email that hits my servers daily is rejected as spam).

I spend probably 10% of my day dealing with email issues related to spam and all the various filtering that I have to run to keep it out of our network (while that doesn't sound like a lot it equates to about 300+ hours per year). Here are my suggestions for Email 2.0:

- Forget blacklisting, we need to be using whitelisting. Obviously blacklisting is not working well (I use multiple blacklist providers and STILL get spam to users occasionally).

- All email servers should have the ability to require token based authentication. I would happily tell my users that they will not be able to send any email without this little token. DON'T LOSE IT. This would END spam.

- A system that functions like DNS (totally distributed and cared for by trusted parties) needs to be put in place so that email servers are vetted prior to email being accepted by any incoming mail server (something like the current SMTP handshake, but involving a third party - this new DNS like system) so that spoofing is not possible.

- Make mass spamming a crime punishable by death (I'll happily pull the trigger >:-)

I'm sure I am missing some things, but someone needs to look at this stuff.

Sorry for the rant, I have spent the past week cleaning spyware and adware off of multiple computers because some people can't resist clicking every damn thing they get in their webmail (I have filtering in place for anything that could be malicious in our corporate email), and this kind of struck a nerve with me.