Vehicle For Dissertation - Tech Edition

A resource for technology information I find interesting... And maybe you will too.

Monday, February 28, 2005

Hard disk data recovery using Stellar Phoenix NTFS

I have a workstation I've been working with recently that began having hard disk problems. It has two Maxtor Atlas 10k RPM 147GB U320 SCSI and one Maxtor Atlas 15k RPM 73GB U320 SCSI hard drives. One of the large 147GB drives began giving errors stating "could not write file to E:\$Mft. The data has been lost" or things to similar effect. Sometimes after a reboot the drive would be usable and sometimes it would be totally missing. (The SCSI card was detecting it so I knew it wasn't bad at that level). Some of the data disappeared also... Soon the drive would only give an "corrupt or unreadable" error if you tried to access it in Windows (XP Pro).

A usual "chkdsk" didn't help out, in fact it couldn't complete the scan. Sometimes it was necessary to reactivate the disk in the Disk Management snap-in, however that still didn't prove much use. The drive was visible in Windows but was no longer accessible so I decided I'd better look and see what kind of software could be found to recover the data off of a disk in such circumstances.

A search brought me to Stellar Information Systems Ltd. (it was the first result...). I looked around a little and saw that they have a demo of their Stellar Phoenix data recovery software. The demo allows you to scan your hard disk(s) and see what data can be recovered. I used Stellar Phoenix NTFS since I was working with NTFS partitions however you can also get versions for use with FAT, ext2, ext3, Novell etc. The company states the key features as:

NTFS Data Recovery software provides recovery of deleted files and folders even after recycle bin has been emptied or use of Shift+Del key.

Provides partition recovery from deleted partition or formatted logical drives.


Provides Data Recovery from Missing or Lost folders.


Performs NTFS data recovery after corruption of critical system data area structures like MFT record.


Recognizes and preserves long file names when restoring files & folders.


Multi-Disk Drive Support - Performs NTFS partition recovery on all IDE, EIDE and SCSI disk devices.


Advanced search options for file search and file filter for selected recovery of files and folders.




I thought it was worth a look at the demo and downloaded it. I first chose a disk to work with (once in the program) and then was given the option to use the partition table info to locate logical drives or to scan for logical drives. (see below)... I chose to scan for drives at first but later found that in my case it was unnecessary and took to much time. After the logical drives are located you are able to select which one you wish to recover the data from. I had only on partition on the drive and thus, one logical drive. It began scanning the drive and sure enouch, there was a list of all the files I needed off of the disk. Of course I couldn't recover it with the demo version...




The full version of the software is $99 for a download which seemed worth it in this case. It just so happened though, that I had product activation troubles. I was able to purchase and download the software without problems but once it was installed I attempted to activate it through the wizard which activates the product automtatically if you have and Internet connection. It was unable to connect to the server so I chose to activate via email. It was a Saturday night though and it didn't seem likely I was going to get anywhere over the weekend. I didn't... On Monday morning there was still nothing in the Inbox so I looked up their support line. Actually it features prominently on their website.

The company is in India and my call was answered immediately by an actual tech assist. guy. We had to work through a few problems and email and call back and forth a couple of times to resolve the problem. When you purchase the product you are provided with a serial # which is sent in some form the them for so that the company can send you an activation (or site) key to unlock your product. Initially we tried verifying the serial number over the phone but that is always risking when speaking the English language! It turned out that the serial I was using had and zero which I had mistaken for the letter O (it was in a string of letters and wasn't differentiated as the numeral).

I attempted to use the new serial in the wizard without success. My tech guy then generated a site key for me to use in the manual registration option but no results came from that either. In the end the solution he directed me to was to delete several files, disconnect from the Internet, and run the wizard. Since it has no network connection the wizard instead saves the generated site key to the desktop in a .txt file. I then emailed this to him and received a working site code in about 20 min.

After that it was quite easy. There's button at the top to restore all file and folders (even previously deleted ones). I selected it and chose another drive on which to save the restored data to. It took about 45-60 minutes to restore 48,000 files at around 65GB. If I hadn't run into activation problems the whole process would have been very quick and smooth. It was great, since I did have problems, to have the quality of tech support available that I did. I was curious though... does anyone have (or is developing) open source disk recovery software? I really haven't any idea what goes into that type of software. Or are there any other good programs available you can suggest? If so, leave a comment with a link etc.

Saturday, February 26, 2005

FreeSBIE 1.1: A FreeBSD Live CD

I think I'm addicted to live CDs... I've tried several recently, all Linux versions. Then I saw this article on NewsForge about a Italian programming contest in which a FreeBSD live CD won the award for "Best User Interaction". It was called FreeSBIE. Of course I had to download it...

I had installed FreeBSD on on of my hard drives before and thought it was okay but didn't take a lot of time to mess with it. This live CD though... I really like it. When you boot you're given the option of a normal boot, single user mode etc. Then you are also asked for your desired language and keyboard layout (I chose "Traditional Unix Workstation" under the USA section). You can also choose between a tcshell session, Fluxbox, Xfce or the installer which will install FreeSBIE to your HD. I haven't tried that yet.

I loaded both Fluxbox and Xfce (at different times of course) and found them both pretty smooth. You've got Firefox 1.0 and Thunderbird to work with as well as Gaim, XChat OpenOffice, Ethereal, The GIMP, etc. Firefox looks really cool in Fluxbox...

There are also system status indicators on the desktop showing RAM and CPU usage as well as system uptime.

You can read more about FreeSBIE in the documentation right here. And yeah, this post was put up with Firefox 1.0 on FreeSBIE running Fluxbox...

Friday, February 25, 2005

Firefox 1.0.1 Released

Mozilla has released the latest update for Firefox web browser. The 1.01. version of the Thunderbird email client is also on it's way. Check out the Firefox 1.0.1 Release Notes here to see what's new. Microsoft has announced work on Internet Explorer 7 however, it will really have to have some great features to get me to use IE again. And despite the claims and counter-claims I think that Firefox is a better browser from the security viewpoint. Some folks have been stating recently that Firefox is going to "become" less secure over time as more people adopt it becuase malicious folks will set their sights on it. I wouldn't be too sure about that.

In anycase everyone has their own preferences but it would be a good idea to try Firefox if you haven't. My favorite feature is the tabbed browsing which allows me to open multiple (sometimes I have around 15) web pages in one Firefox window. It makes web surfing faster and links more efficient. You don't have to use the "Back" button so much. And it uses less computer resources (memory aka RAM etc.) than Internet Explorer.


Get Firefox!

Thursday, February 24, 2005

Italian programming tournament announces winners

I thought this looked like something interesting when I saw the headline on NewsForge. I'll have to check out the FreeSBIE Live CD. Some of the other project links opened in some languages I couldn't read but I'll have to take a longer look at some of these. You can at:

The NewsForge Article

Wednesday, February 23, 2005

An interview with Mozilla Chairman Mitch Kapor

Tom's Hardware Guide has an interesting interview with Mozilla Chairman Mitch Kapor... Read it here: THG Interview.

Monday, February 21, 2005

P4 600 Series and Extreme Edition 3.73 GHz

Give a click here for a bit of review on Intel's new P4 series processors. The conclusion at Tom's Hardware Guide seems to be that while Intel has implemented some “new” features, some of which AMD has already, the price they stick on them is a bit steep.


Some of the aforesaid features are: “...EM64T 64-bit extensions, the Execute Disable Bit, Thermal Monitoring 2, the Enhanced Halt State and Enhanced SpeedStep...”


Prescott Reworked: The P4 600 Series and Extreme Edition 3.73 GHz

Saturday, February 19, 2005

More info on BlueSniper

As I said below I wanted to look up some more info on BlueSniper and its capabilities. Here a few things I found...with a little Google search of course...

IMterview with John Hering at Gizmodo

Article at Wired.com

Vulnerable Devices

Neat stuff at RSA Con 2005

Tom's Hardware Guide has an article about some cool stuff from the RSA Conference '05. Some of the most intruging things (in my opinion, of course) were the Encase Enterprise Version 5 forensics software by Guidance Software, BlueSniper and an actual Enigma code machine that the NSA had setup.

I'll have to see what else I can find to post about BlueSniper. It's a Bluetooth wireless "sniper weapon" that was first shown, I believe, at Defcon 12. Actually this one is an improved version of the Defcon build and is capable of sniffing out info from Bluetooth devices that are hundreds of meters distant!

Tuesday, February 15, 2005

Internet Explorer 7 is on its way!

What an announcement! Actually I don't think it would be much news at all if it wouldn't be for the attention browsers have been getting of late. I don't remember anything special about IE 5 or 6 coming out, but of course I wasn't paying any attention then. Really the Mozilla folks have brought attention to the browser sector. If you've read here you may know that I prefer Firefox. However, a new version of IE would certainly be good.

The good things would be (hopefully): better security, option to enable tabbed browsing and perhaps kill ActiveX. Of course the killing of ActiveX is something I don't expect to happen. Maybe it shouldn't. But there is a lot of problems with the fact that it is integrated and perhaps it would be better without it.

An issue I see is that this release is being developed primarily for users of WinXP SP2. The Windows 2000 support sounded a little shaky. I use Win2k and wouldn't want to have to upgrade my OS to upgrade my browser (though I don't actually use it much). So...Is IE7 going to be properly backwards compatible? Also... this is "small potatoes" but to quote the IEBlog: "This new release will build on the work we did in Windows XP SP2 and (among other things) go further to defend users from phishing as well as deceptive or malicious software". Defense is alright but invulnerability would be preferable.

With the beta coming this summer we'll have a chance to try it out.

Saturday, February 12, 2005

Experimenting with Clusterix

I have plans to do some experimenting on running a Linux cluster. I don't know much about it yet. Of course that is the point. Self-education.

So. First I looked up some live CD that were created especially for the purpose. The Live CD List provided some options and I downloaded Clusterix.

The Clusterix distro is based on Morphix, Knoppix and Debian. It certainly does resemble Knoppix when booting. I initially tried it on an old Dell Precision 610 with a P3 Xeon 550 CPU. When I got the option to choose a desktop environment I decided to try XPde 0.5. (Check out some screenshots here). It began to load and then suddenly switched to INIT 6 and started over. I then tried the default environment which is Xfce and watched a bit more closely this time. It seems it was having trouble with the 3DLabs Wildcat 4110 graphics card. So I switched to my more conventional system and things loaded up better. I stilled experienced some odd screen flashes in both Xfce and XPde.

That's as far as I've been presently. Just a quick boot to see what it was like. More experimentation shall follow...

Microsoft insists Windows is safer...

Here's an article about it. Not the greatest thing but it is interesting to hear them saying that. I use Windows and haven't had huge security problems though I doubt I'm a high value target... But the number of patches released or not released doesn't exactly indicate security.

Another thing I wondered is how succesfull are SuSE and RedHat's patch programs compared to MS? My instructor was talking a couple weeks ago about a Windows Server 2003 update that ended up making the server OS unusable. His solution was to install Linux.

The debate continues... Use both :)

Thursday, February 10, 2005

Creating a bootable Linux USB flash drive

It's project time in my Linux class. My part (or part of my part) is making a bootable flash drive that will run Linux. I was originally going to use SLAX (and may still) but the Lexar JumpDrive I had available (I'm to cheap to buy one at this point. Even if they are cheap) was a 256MB model. That would actually be alright except that my classmate I borrowed it from had partitioned it half "public" and half "secure". Somehow when he formatted it we lost access to the secure section. It just didn't seem to be there.

I know there are ways to hack the "secure" jump drive. But I hadn't tried before and didn't want to get into that as it seemed a distraction from the project. So I began looking for another smaller Linux distro and found Feather Linux. There were others but I decided to go with Feather. They have a specialized download for use on USB drives besides the normal CD .iso image.

To summarize for the moment. I got it downloaded (111MB) and extracted to the drive. I ran syslinux on it to make it bootable but it seems the version of syslinux that RedHat 9 has is 2.00. Feather Linux states that it needs at least version 2.11. So that is still to be done. I did try it after running syslinux and it did not work. So the project shall continue...

I found out that SLAX runs pretty slow (it's a live CD) when you have a 111MB file saved to the desktop. The system I was using had 512MB of RAM (I think. It may be the computers in the other lab that have 512MB) but with the OS to run and files taking up space it was slowing down quite a bit. It's is currently my pet live CD though...

Tuesday, February 08, 2005

An odd situation...redirecting to Microsoft?

I was adding a couple links to my other site and found out something new. New to me in any case.

I had accidentally entered the link in the HTML as http://http://www.gutenberg.org when I did a page preview and clicked the link it took me to Microsoft's website. Now Project Gutenberg doesn't have much to do with the software company in Redmond...

When I was looking over the code again I realized my mistake. But why does it redirect to MS? I booted up SLAX and tried it in Konqueror and it says "An error occurred while loading..." etc.

Monday, February 07, 2005

Site spoofing vulnerability in non-IE browsers

Eric Johanson (with others) has demonstrated a spoofing vulnerability in browsers other than Internet Explorer. IE can however, be vulnerable, depending on what plugins you have installed.


The exploit is possible because of the way browsers such as Mozilla, Firefox, Opera and others handle International Domain Name support. IDNs have been forwarded by such advocates as Verisign.


You can see just what I'm talking about by looking at the proof of concept site here


Proof of concept


It will take you to a simple site with links to PayPal... Or rather links to a site that masquerades as PayPal if you look at the address bar. The site itself is obviously not PayPal but you can see how easy it would be to make it look as if it were by adding the appropriate graphics.


I tried it in Firefox and it worked just as described. Using IE I clicked the links on the PoC site and received a “page cannot be displayed” error.


To disable support for IDNs which make this spoofing possible you can do the following (in Firefox or Mozilla).


In the address bar enter about:config to get the configuration options page. You want to look for the value network.enableIDN which you can double-click to disable. Now if you return to the proof of concept site and click the PayPal link you'll receive an error stating that the site couldn't be found.


To see Eric Johanson's description of the issue you can click here.

Sunday, February 06, 2005

Getting access to South Station's network (and others)

A great example of easy access through lousy configuration. Aaron Greenspan, CEO of Think Computer Corporation, published a white paper detailing his discovery of holes in the guestBOX service provided by Atlantis Technology Corporation. He found it all in the comfort of an anonymous laptop user at South Station in Boston, MA. You can read the press release and the whitepaper at the links below:

Press Release


South: Station White Paper

Thursday, February 03, 2005

Review of Linksys WRT54GX at ET

I said I'd be watching out for a review of Linksys' WRT54GX router. And here one is. I use the WRT54G and was also interested when I read about the new release from Linksys.

The company promised increased speed from this router which incorporates MIMO (Multiple In - Multiple Out) based technology which Linksys calls SRX (speed-range extender).

The folks at ExtremeTech report:

"What we found was very encouraging: 30+Mbits/sec throughput at a distance of 25 feet through two walls. But we were also able to get 30+Mbits/sec of throughput and very smooth playback of streamed video content...at the same time."

Read more here:
The review at ExtremeTech

Passwords Aren't Any Good... I guess.

Here's an argument for relying more on security methods other than passwords. They're hard to remember, you've gotta use 'em everywhere and their getting increasingly easier to crack. I should mention that I read this after seeing the link on Slashdot (good stuff there). You can read the case for less reliance on passwords here:

The Password Is Fayleyure

It's definitely an interesting idea. I'm inclined to think that there is a very good point there. However I'm not likely to begin using only four character passwords. I don't find them too hard to remember unless I go months without using some pass needed for an obscure site I don't use much. If you type well, even a small phrase isn't hard to use for a password.

Opera 8 Beta and GMail...not compatible

I downloaded the beta version of Opera 8 not long ago just to try even though I'm a Firefox user. I tried Opera back when I still had dial-up and found that it was a little faster than IE then. Now it just doesn't matter and I like the Firefox UI and features better. Besides with the free version of Opera you have ads at the top. The good thing is that you can now choose Google text ads instead of flashing graphics etc.

In any case... I tried logging into GMail today while in Opera and found out it doesn't work. Take a look at the screenshots below. You might need to give them a click to make it more readable. I think my Opera build is 7401. I pretty sure the Opera folk are at work on the problem so that's good for any Opera folks out there. I've had only one hit on my site with Opera so far. It isn't a bad browser it just somehow isn't as popular.

Get Opera

Try Firefox



We're sorry...


GMail does not currently support your browser...

Wednesday, February 02, 2005

Linux LiveCD Roundup

OSNews.com has a review of 18 Live Linux CDs. I've tried two of these: SLAX and Knoppix. Somehow I like SLAX better. It may be because of the more personable website run by the guy behind SLAX, Tomas Matejicek. Makes you feel like your using his distro. Knoppix does have tools like Nessus though but it didn't work well on two of my systems. It's great to have options! In any case you can see the whole OSNews. com article here:

Linux Live CD Roundup

Tuesday, February 01, 2005

Tom's Hardware Guide Readers' Choice Awards

The results for the 2004 THG Readers' Choice awards are out. I noticed that Asus got the top spot in the Best Motherboard Mfg. category. I've used several Asus boards and like them quite well so I agree with that one. I believe MSI took second. There quite good also.

Good old AMD took the Best Innovation in Desktop CPUs. Linksys was a popular brand for networking stuff. I'm keeping an eye out for some reviews of their new WRT54GX router. I saw one in Best Buy today. It was running about $200 I believe.

Well, if you'd like to take a look at the other top hardware choices for the past year you can see them all at:

THG Readers' Choice Awards 2004