Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted. FORENSICS QUICKIES These posts will consist of small tidbits of useful information that can be explained very succinctly. I saw this tweet from phillmoore recently. Discover all the SSL certificates from the globally recognized certificate authority Thawte. Find the right offer for you. Download the free trial version below to get started. Doubleclick the downloaded file to install the software. Windows Error Reporting WER codenamed Watson is a crash reporting technology introduced by Microsoft with Windows XP and included in later Windows versions and. Security. Lets face it. Software has holes. And hackers love to exploit them. New vulnerabilities appear almost daily. If you have software we all do you need to. A Vulnerability is a state in a computing system or set of systems which either a allows an attacker to execute commands as another user, b allows an attacker. Buy the best code signing certificates and Site Security software from Thawte. Available for Microsoft Authenticode Office, Java, Adobe AIR, Mac. A. A B Design A Basses AC Dayton A class AData Technology A E AE Television Networks Lifetime TV A M Supplies Apollo AMark A. N. D. Further down in this thread, we also see that the target browser is a 5 year old version of Firefox. Ive written in the past about verifying program behavior using source code. In fact, the previous post uses Firefox as an example. Given the information that we have and even though this is somewhat of a fringe case lets run through how to get the answer. SYMWISE/TRUST_SERVICES/Tech_Support/SO1737/Reissue.jpg' alt='Authenticode Digital Id For Microsoft' title='Authenticode Digital Id For Microsoft' />Remember its one thing to know that an artifact exists its another to know how to find, understand, and make use of it. So, from start to finish, lets delve into how youd go about answering the question Phill posted. Scenario. You want to determine where an older version of Firefox stores the settings for the Clear Recent History dialog. The Solution. First, we need to identify a version of Firefox that is about 5 years old. Mozilla hosts a page that lists all past releases of Firefox and links each to their respective release notes including the dates of release. Clicking around a bit, I found that Firefox version 1. Nov 2. 01. 2. With that out of the way, I needed to locate the source code and compiled executables archive for past releases. MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/47/13/metablogapi/7024.image_7232CA1A.png' alt='Authenticode Digital Id For Microsoft' title='Authenticode Digital Id For Microsoft' />Googling brought me to Mozillas Downloading Source Archives page. There are tons of ways to download the source, but I wanted a quick and easy way, so I navigated to https archive. Following down the index, I found what I needed at https archive. US. Now that I have the v. I can start testing. Im targeting the Clear Recent History dialog, so I install Firefox v. VM, and use the Firefox tab within the browser to navigate to History Clear Recent History. Default Clear Recent History Dialog for Firefox v. Id like to find where the logic for this dialog is located within the source code. To make that easier, I need to grab a fairly unique string from this dialog one that wont come back with a lot of hits across many different source files. Time range to clear seems unique enough, so lets go with that. There are many different ways to go about searching the extracted source code, but since Im on Windows and want to run a quick and dirty search across many files, Ill just use Astro. Grep. Using Astro. Grep to recursively search Firefox source code for a unique string. I provide my search path that contains the source code, define my search string, and perform the search recursively across all file types. The results show two files that contain my unique string. The sanitize. dtd file sounds interesting, so lets open that one up. Contents of sanitize. The first hit for our unique string can be seen at line 1. By looking around this area, we can gather some clues in order to pivot to other files that have more meat to them. Particularly interesting are lines 5 and 6. Im looking for the settings within the dialog titled Clear Recent History, so lets run an Astro. Grep search for sanitize. Dialog. 2. Using Astro. Grep to recursively search Firefox source code for sanitize. Dialog. 2. Again, the search string is unique enough to cut down on the amount of results we need to review. The file named sanitize. Entrust SSL encryption customers have access to an extensive knowledge base of technotes covering installation, configuration, and error resolution for SSL products. Dialog. js seems to be what were looking for here. Contents of sanitize. Dialog. js showing our searched string. Line 6. 4 shows our searched string. It also looks like we have something more than just localization and property data in this file. Browsing through this file would probably be a good idea. Contents of sanitize. Dialog. js showing the sanitize function. Line 1. 00 contains the beginning of the sanitize function and references the update. Prefs function. A few lines down, we see what thats all about. Contents of sanitize. Dialog. js showing the update. Prefs function. The update. Prefs function provides even more clues. It gets the timespan that the user sets within the dialog and hints at what we saw on line 1. Domain of privacy. We see downloads and history tacked on to that string, which leads me to believe that were getting really close. An Astro. Grep search for privacy. Using Astro. Grep to recursively search Firefox source code for privacy. The very first result, firefox. These labels more or less line up with the checkboxes we saw in our Clear Recent History dialog at the beginning of this post. Folder Lock Pro Version Cracked Games. It gets even more interesting as we review the contents of firefox. Contents of firefox. As we can see, the source code is set up to check some of the items in the dialog by default. There are some other interesting lines here, but well get to that in a minute. What really caught my eye was line 4. Having done some research on Firefox proxy settings in the past, I knew that those settings were stored in the prefs. Firefox profiles. Couple that with the location of the firefox. C 4n. 6kfirefox 1. C Users4n. 6kApp. DataRoamingMozillaFirefoxProfiles. We can test this theory by performing a set of actions as a normal user would and documenting the results. Test 0. 1 Perform a default Clear Recent History The first test was to open Firefox v. VM that did not have Firefox already installed and clear the history using the default values within the dialog. Heres what a default Clear Recent History action looks like on Firefox v. A default Clear Recent History action on Firefox v. No settings were changed. By default, the time range is set to Last Hour, and the Browsing Download History, Cookies, Cache, and Active Logins checkboxes are selected. The Offline Website Data and Site Preferences checkboxes are not selected. Note prefs. js Complete Re write Upon Exit. Upon hitting the Clear Now button, Firefox at least in the case of v. The prefs. js file gets written to upon closing the application. And, per the warning at the top of the file, the entirety of the file will get re written upon application exit. In other words, the born time and last written time get updated upon Firefoxs exit it is a brand new file. Every prefs. js file in these tests was acquired after application closure. For reference, you can view the prefs. BEFORE  AFTERA quick comparison of the two prefs. Beyond Compare shows very few changes. None are relevant to what were testing. Using Beyond Compare to compare two prefs. No relevant differences are seen here. Test 0. 2 Perform a default Clear Recent History after form data input In the previous test, the Form Search History checkbox is grayed out. I wanted to test the default history clear while that checkbox was enabled, so I browsed to Twitter and logged in. That was enough to save some form data for the username field. A default Clear Recent History action on Firefox v. Note that I did not check the Form Search History checkbox. It was checked by default after some form data was introduced. This variance did not show anything new there was no relevant change in the prefs. BEFORE  AFTERUsing Beyond Compare to compare two prefs. No relevant differences are seen here. Test 0. 3 Perform a Clear Recent History with all boxes selected  2hr time span For this test, a few websites were browsed, form data was input, all checkboxes were selected, and the time range to clear was changed from the default 1 hour to 2 hours. A modified Clear Recent History action on Firefox v. All boxes are selected and time span is changed. With these changes, we finally see some relevant items get written to the prefs.