I am always amazed at how much space the Multi-Lingual files take up when installing OS X (let's not mention the print drivers). So why should I be surprised when I save so much space using this application? It managed to trim off 2.3GB in just a few minutes. That's not a lot in this era of 500GB drives but every little bit helps. That's a whole movie burned to disk!
I know I should be ashamed for using the default install in the first place. Like everyone who gets a new MacBookPro I was a little eager to start using it. The last thing I wanted to do was wait for a new install. Now if it was a new Dell it would be a different story. I have no qualms about booting right from a DVD when a new Dell shows up.
http://monolingual.sourceforge.net/
Thanks Tyler!
SANS Internet Storm Center, InfoCON: green
Thursday, March 11, 2010
Wednesday, March 3, 2010
More Windows XP Problems, the F1 key?
Even though it's one of the most widely used operating systems on the planet, Windows XP has its problems. It won't be long before it goes the way of IE6 in recent news.
Microsoft Says, Don't Press the F1 Key In XP: "Ian Lamont writes 'Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box.'
Microsoft Says, Don't Press the F1 Key In XP: "Ian Lamont writes 'Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box.'
Thursday, February 25, 2010
Support Stories
The Daily WTF often has some great stories. Here is one that I can really relate to. Back in the day, I fixed PCs and I remember actually fixing a down machine before discovering I was at the wrong location.
Here are 3 great stories of tech support nightmares.
Problematic Problem (from Ben)
Way back when, I was responsible for doing on-site support for a fairly complex ERP solution that our company sold. My support radius was 100 miles, which meant I was on the road a lot and traveled to places I wasn't all that familiar with. My trusty navigation aide was a compass and a Rand McNally map book. Fancy, online mapping services weren't around yet, let alone super-fancy GPS units.
One day, I was assigned to visit a customer on the far end of my region (99.9999999 miles), first thing in the morning. It meant that, not only would I need to battle rush-hour traffic through the city, but then drive another 60 miles once that cleared. I was not a fan of early mornings, and getting that client on that wintry day meant a 5:30A departure with a 2.5 hour commute.
That morning, traffic was even worse than I anticipated. And to make matters worse, I had a terrible time finding the place. Fortunately, a kind fellow at the gas station pointed me in the right direction, and I was able to ring the client from the nearest pay phone to let them know I was running behind.
When I arrived, everything seemed to be downhill from there. I went to the receptionist, tacked on my visitor badge, headed over to the server room, set my briefcase down, and got to work. Before I could even try logging in, someone walked up to me and said, "hey, I know this isn't really your thing, but I'm desperate, and reeeeaaaallly need some help getting this report for our PM meeting."
It certainly wasn't my thing, but given that I was 30 minutes late, a little goodwill towards helping a company executive could only help. So I followed her to her office and helped troubleshoot the problem. An hour-and-a-half later, we had the report running, no problem. She was thrilled, and I headed back to the server room.
For some reason, I couldn't log-in to the server console, but the generous IT guy helped me past that hurdle by logging in with his credentials. But then I had another problem: I couldn't access any of the servers listed on my sheet. In fact, I couldn't even find a server that looked anything like ours.
I called the IT guy over again and asked him where our ERP server was. He shot a confused look to me, and said that he's pretty sure they don't have an ERP server. I assured him that they did, so he went back and looked into things on his end. Thirty minutes later, he assured me that they absolutely, positively, definitely don't have an ERP server.
We were both utterly confused. And then something dawned on me, and I silently prayed it wasn't true. I pulled out my sheet, showed it to the IT guy, and pointed towards the customer address heading. "That's you guys, right?"
As it turned out, not so much. Our actual customer was down the street, in another un-marked office building.
Problem supply (from Brendan)
Working as a coder for a small company that operates worldwide, I was on the team that deployed a project to China. Now I realize that my English is far from perfect, but dealing with Chinese customers in English has been quite the experience. One day, four months after going live with the new system, I received this mail from our Chinese client:
A Text-Destroying Problem (from Esko Tanakka)
Back in 1999, I was just beginning my career and worked at a small store that built and configured computers for the public. Occasionally, I'd have to answer customer calls and help people with general computing problems.
One day, a man called in and immediately started complaining about how we sell utter crap, that we should take responsibility for our problems, and that he was owed money back because of the problems we caused.
I begged him to calm down and explain specifically what was wrong. He told me that our computer is destroying his text, and that something had to be done. At first, I thought his files were disappearing, but after more investigation, I discovered what his actual problem was: typing text in Microsoft Word overwrote previous text.
I told him that he simply had the INSERT key on, but he insisted that he never pressed that key, and that pressing the key did nothing. Running out of phone-support options, I told him he’d need to bring in his computer. But first, I needed his warranty information.
Well, it turned out that he bought the computer seven years earlier, then had another company install Windows 95 and the Corel Office Suite. After hearing that, I told him that I obviously couldn't take the machine in. That just made him more angry, and he accused me of working for "Satan and his minions", and threw all sorts of other ridiculous insults at me. But then all of a sudden, he calmed down. Apparently, he actually tried pressing the INSERT key (as I asked him to do before), and his computer stopped destroying his text.
Here are 3 great stories of tech support nightmares.
Problematic Problem (from Ben)
Way back when, I was responsible for doing on-site support for a fairly complex ERP solution that our company sold. My support radius was 100 miles, which meant I was on the road a lot and traveled to places I wasn't all that familiar with. My trusty navigation aide was a compass and a Rand McNally map book. Fancy, online mapping services weren't around yet, let alone super-fancy GPS units.
One day, I was assigned to visit a customer on the far end of my region (99.9999999 miles), first thing in the morning. It meant that, not only would I need to battle rush-hour traffic through the city, but then drive another 60 miles once that cleared. I was not a fan of early mornings, and getting that client on that wintry day meant a 5:30A departure with a 2.5 hour commute.
That morning, traffic was even worse than I anticipated. And to make matters worse, I had a terrible time finding the place. Fortunately, a kind fellow at the gas station pointed me in the right direction, and I was able to ring the client from the nearest pay phone to let them know I was running behind.
When I arrived, everything seemed to be downhill from there. I went to the receptionist, tacked on my visitor badge, headed over to the server room, set my briefcase down, and got to work. Before I could even try logging in, someone walked up to me and said, "hey, I know this isn't really your thing, but I'm desperate, and reeeeaaaallly need some help getting this report for our PM meeting."
It certainly wasn't my thing, but given that I was 30 minutes late, a little goodwill towards helping a company executive could only help. So I followed her to her office and helped troubleshoot the problem. An hour-and-a-half later, we had the report running, no problem. She was thrilled, and I headed back to the server room.
For some reason, I couldn't log-in to the server console, but the generous IT guy helped me past that hurdle by logging in with his credentials. But then I had another problem: I couldn't access any of the servers listed on my sheet. In fact, I couldn't even find a server that looked anything like ours.
I called the IT guy over again and asked him where our ERP server was. He shot a confused look to me, and said that he's pretty sure they don't have an ERP server. I assured him that they did, so he went back and looked into things on his end. Thirty minutes later, he assured me that they absolutely, positively, definitely don't have an ERP server.
We were both utterly confused. And then something dawned on me, and I silently prayed it wasn't true. I pulled out my sheet, showed it to the IT guy, and pointed towards the customer address heading. "That's you guys, right?"
As it turned out, not so much. Our actual customer was down the street, in another un-marked office building.
Problem supply (from Brendan)
Working as a coder for a small company that operates worldwide, I was on the team that deployed a project to China. Now I realize that my English is far from perfect, but dealing with Chinese customers in English has been quite the experience. One day, four months after going live with the new system, I received this mail from our Chinese client:
From: Louis ChangAh, the lingo of the busisness... I can imagine that you'd have the faintest idea what he was talking about... but don't worry, neither did I. So I replied to him, hoping to get a better description of his issue:
To: Brendan ******
Subject: Problem supply
_____________________________________________________
Hi Brendan,
Sorry disturbing you. There is a problem with supply programme on the
button. Please advice?
Regards,
Lou Chang
From: Louis ChangI didn't have to wait long for his clarification, as his problem seemed to be really urgent.
To: Brendan ******
Subject: RE: Problem supply
_____________________________________________________
Hi Lou,
Could you please state your problem more clearly?
Thanks,
Brendan
From: Louis ChangYup. Much better. Thanks.
To: Brendan ******
Subject: RE: Problem supply
_____________________________________________________
There is a problem
with supply
programme on
the button.
Please advice?
A Text-Destroying Problem (from Esko Tanakka)
Back in 1999, I was just beginning my career and worked at a small store that built and configured computers for the public. Occasionally, I'd have to answer customer calls and help people with general computing problems.
One day, a man called in and immediately started complaining about how we sell utter crap, that we should take responsibility for our problems, and that he was owed money back because of the problems we caused.
I begged him to calm down and explain specifically what was wrong. He told me that our computer is destroying his text, and that something had to be done. At first, I thought his files were disappearing, but after more investigation, I discovered what his actual problem was: typing text in Microsoft Word overwrote previous text.
I told him that he simply had the INSERT key on, but he insisted that he never pressed that key, and that pressing the key did nothing. Running out of phone-support options, I told him he’d need to bring in his computer. But first, I needed his warranty information.
Well, it turned out that he bought the computer seven years earlier, then had another company install Windows 95 and the Corel Office Suite. After hearing that, I told him that I obviously couldn't take the machine in. That just made him more angry, and he accused me of working for "Satan and his minions", and threw all sorts of other ridiculous insults at me. But then all of a sudden, he calmed down. Apparently, he actually tried pressing the INSERT key (as I asked him to do before), and his computer stopped destroying his text.
Tuesday, February 2, 2010
Using Route Tables on Windows
I refer back to back to this article quite often so I thought it would be nice to post it here. It is written so that just about anyone can understand route tables.
Using Route Tables on Windows NT, 2000, and XP
Have you ever had a computer that didn't need to, or more over shouldn't talk to any other computer off campus? Well route rules are a way to accomplish this. Route rules are a common way of only allowing a computer to talk to certain known other hosts. Technically, route rules are a way of controlling your computers ability to talk to other computers outside of it's subnet (we'll get into that more later).
About Route Rules:
The internet is a big place. Most users of the internet (at least in work settings) do not access the. entire internet (say a site in Iceland or Botswana). This holds particularly true for servers, application workstation, and purpose built computers. These types of computers may access only campus, only your department, or only a few users. More importantly, there are no valid reasons that someone from outside the userbase should access them. These are the perfect systems for route rules. There are 4,294,967,296 IP addresses (and thus other possible computers) in the world, and if you only have 10 people that need to access your server you may as well keep the rest out.
For the purpose of this article we will address route rules as they pertain to Windows NT, Windows 2000, and Windows XP (Many other OS's support these in various forms). We will also assume that you have some understanding of how IP addresses, subnets and gateways work.
Route rules are often used for the following reasons
In order to make "Static" route rules on your computer (i.e. ones that you set), you must first remove the "default gateway" from your network configuration tab. Remember what your gateway is for you will need it later when you add routes. The default gateway on a computer is used to allow it to talk to other computers off it's subnet. By default a windows computer has a route to every host in the world, which is great if you want to browse the web, and terrible if you want to keep out hackers and worms. Simply open your TCP/IP settings windows and remove everything from the gateway box.
Once you have removed your gateway (also known as the "default route") you will not be able to access anything that isn't on your subnet. Your subnet is the computers with an IP in the same range as yours. For example, 129.237.100.1 and 129.237.100.24 share the same IP Octets all the way down to their last octect (everything after the last dot), thus they are very likely on the same subnetwork.
This is important to know in that even once you have removed the default route (in this case your gateway from the TCP/IP settings menu), your computer will still be able to talk to everyone on your subnet. This is becase of a network technology called ARP.. which is a bit more than we'll cover here. Just know that you do not need a gateway to talk to those computers "near you" on the network (for instance those in your building or on the same floor as you) and thus route rules can't add or deny them access to your computer, they are simple talk (with or without a route)
Now that you have removed your gateway you can begin to add back routes to other computers (or groups of computers as you'll soon see). You do this by using the "route add" command.
Lets pick appart the command above. The first part "route add" tells the route command that you want to add a route. The "-p" option tells route that you want it to be persistant. Persistant routes are written to the registry and thus will remain in place after a reboot (or anything else that turns off your network card). This is important because non-persistant routes will be removed at reboot. The next part of the command "129.237.37.60" is the IP address you would like to be able your computer to be able to talk to. In this case it is the IP address of the Windows Update Server we have here on campus (got to have those patches). The next part is a bit tricky, it is the MASK. A MASK is used, along with the IP address you specified in the first part, to make the rule. This is because a route rule can be used to add MANY computers, or just one. Basically, by saying "MASK 255.255.255.255" we have specified that we only want our computer to be able to talk to this one host. The final part of the rule is the gateway. This should be the same number that we removed from the TCP/IP menu. The gateway is the IP address of a device on the network that your computer talks to in order to find it's way to other computers. Think of it as the old style Telephone Operator sitting at a switchboard, without it, you can't talk to anyone too far away.
So in summary, we have told our computer that we want to add a persistant route, to 129.237.37.60 only and we told it to use the gateway in order to get there. Another rule that many people use is to group computers together and add them all at once.
This rule is much like the first, except you'll notice that the IP address and MASK end in zeros. We have told our computer that we would like to add ALL computers in 129.237.35.x to our route list (and thus allowing communication with our computer). This is very handy and why the MASK portion of the command is so important. It says..
In other words, only allow computers that are in 129, AND only allow computers that are also in .237 AND only allow computers that are in .35, and allow ANY computer that meets all those criteria
Used to display a list of current routes. This is handy if you would like to debug a rule or to print out rules for documentation (used with a common pipe)
Adds a route, this is where the real power comes in. For instance, this rule allows only hosts on campus to see or talk to your computer (you computer also can't see anything off the campus network)
Only prints out the rules that match argument (in this case all on campus routes)
Used to change an existing route rule
Removes the route defined to this host
Using Route Tables on Windows NT, 2000, and XP
Have you ever had a computer that didn't need to, or more over shouldn't talk to any other computer off campus? Well route rules are a way to accomplish this. Route rules are a common way of only allowing a computer to talk to certain known other hosts. Technically, route rules are a way of controlling your computers ability to talk to other computers outside of it's subnet (we'll get into that more later).
About Route Rules:
The internet is a big place. Most users of the internet (at least in work settings) do not access the. entire internet (say a site in Iceland or Botswana). This holds particularly true for servers, application workstation, and purpose built computers. These types of computers may access only campus, only your department, or only a few users. More importantly, there are no valid reasons that someone from outside the userbase should access them. These are the perfect systems for route rules. There are 4,294,967,296 IP addresses (and thus other possible computers) in the world, and if you only have 10 people that need to access your server you may as well keep the rest out.
For the purpose of this article we will address route rules as they pertain to Windows NT, Windows 2000, and Windows XP (Many other OS's support these in various forms). We will also assume that you have some understanding of how IP addresses, subnets and gateways work.
Route rules are often used for the following reasons
- They are fairly simple to use if you understand how IP addresses work
- They are quickly configurable and take effect immediately
- They can allow you finer control over what other computers can access yours
- They are commonly used in a "defense in depth" model as a final way of saying "none shall pass other than..."
- They are similar to those used on Unix and Linux boxes so are pretty well understood and familiar to some
In order to make "Static" route rules on your computer (i.e. ones that you set), you must first remove the "default gateway" from your network configuration tab. Remember what your gateway is for you will need it later when you add routes. The default gateway on a computer is used to allow it to talk to other computers off it's subnet. By default a windows computer has a route to every host in the world, which is great if you want to browse the web, and terrible if you want to keep out hackers and worms. Simply open your TCP/IP settings windows and remove everything from the gateway box.
Once you have removed your gateway (also known as the "default route") you will not be able to access anything that isn't on your subnet. Your subnet is the computers with an IP in the same range as yours. For example, 129.237.100.1 and 129.237.100.24 share the same IP Octets all the way down to their last octect (everything after the last dot), thus they are very likely on the same subnetwork.
This is important to know in that even once you have removed the default route (in this case your gateway from the TCP/IP settings menu), your computer will still be able to talk to everyone on your subnet. This is becase of a network technology called ARP.. which is a bit more than we'll cover here. Just know that you do not need a gateway to talk to those computers "near you" on the network (for instance those in your building or on the same floor as you) and thus route rules can't add or deny them access to your computer, they are simple talk (with or without a route)
Now that you have removed your gateway you can begin to add back routes to other computers (or groups of computers as you'll soon see). You do this by using the "route add" command.
route add -p 129.237.37.60 MASK 255.255.255.255 129.237.100.254 Lets pick appart the command above. The first part "route add" tells the route command that you want to add a route. The "-p" option tells route that you want it to be persistant. Persistant routes are written to the registry and thus will remain in place after a reboot (or anything else that turns off your network card). This is important because non-persistant routes will be removed at reboot. The next part of the command "129.237.37.60" is the IP address you would like to be able your computer to be able to talk to. In this case it is the IP address of the Windows Update Server we have here on campus (got to have those patches). The next part is a bit tricky, it is the MASK. A MASK is used, along with the IP address you specified in the first part, to make the rule. This is because a route rule can be used to add MANY computers, or just one. Basically, by saying "MASK 255.255.255.255" we have specified that we only want our computer to be able to talk to this one host. The final part of the rule is the gateway. This should be the same number that we removed from the TCP/IP menu. The gateway is the IP address of a device on the network that your computer talks to in order to find it's way to other computers. Think of it as the old style Telephone Operator sitting at a switchboard, without it, you can't talk to anyone too far away.
So in summary, we have told our computer that we want to add a persistant route, to 129.237.37.60 only and we told it to use the gateway in order to get there. Another rule that many people use is to group computers together and add them all at once.
route add -p 129.237.35.0 MASK 255.255.255.0 129.237.100.254 This rule is much like the first, except you'll notice that the IP address and MASK end in zeros. We have told our computer that we would like to add ALL computers in 129.237.35.x to our route list (and thus allowing communication with our computer). This is very handy and why the MASK portion of the command is so important. It says..
129.237.35.0255.255.255.0Only.Only.Only.AnyIn other words, only allow computers that are in 129, AND only allow computers that are also in .237 AND only allow computers that are in .35, and allow ANY computer that meets all those criteria
Arguments & Examples:
route PRINT Used to display a list of current routes. This is handy if you would like to debug a rule or to print out rules for documentation (used with a common pipe)
route ADD 129.237.0.0 MASK 255.255.0.0 129.237.100.254 destination^ ^mask ^gateway Adds a route, this is where the real power comes in. For instance, this rule allows only hosts on campus to see or talk to your computer (you computer also can't see anything off the campus network)
route PRINT 129.237.* Only prints out the rules that match argument (in this case all on campus routes)
route CHANGE 129.237.39.200 MASK 255.255.255.255 129.237.100.254 Used to change an existing route rule
route DELETE 129.237.39.200 Removes the route defined to this host
Wednesday, January 27, 2010
Google Toolbar Tracks Your Browsing, Even When Off
Are we supposed to be surprised? Isn't this what it's designed to do?
Google Toolbar Tracks Your Browsing, Even When Off: "garg0yle writes 'Google's Toolbar is supposed to allow the user to disable it. However, it was discovered by a researcher that it was still sending information even when disabled. A patch is now available, and Google claims this was just a bug, not a feature.'
Google Toolbar Tracks Your Browsing, Even When Off: "garg0yle writes 'Google's Toolbar is supposed to allow the user to disable it. However, it was discovered by a researcher that it was still sending information even when disabled. A patch is now available, and Google claims this was just a bug, not a feature.'
Friday, January 22, 2010
Microsoft "Zero-Day" Really a "180-Day"
Doesn't this make it a "180-Day", since they have known about it since September? I never understand why they don't patch these things sooner. If they really knew about it, why the delay? Is there some kind of denial system deep in the bowels of the Microsoft machine?
Threat Level Report on Microsoft's Latest Zero-Day IE Vulnerability
Threat Level Report on Microsoft's Latest Zero-Day IE Vulnerability
Wednesday, January 13, 2010
GMail Enables HTTPS by Default
I've always wondered why this wasn't the case to begin with...
To disable this feature, go to Gmail's settings page, select 'Don't always use https' and click on 'Save changes'. If you can't use Gmail offline when this feature is enabled, try this workaround.
Gmail's HTTPS Access Is Enabled by Default: "Unlike other popular webmail services, Gmail allows you to read your messages using a secure connection by visiting https://mail.google.com. In 2008, Gmail added an option that redirected you to the https version and now this option is enabled by default.
'Using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,' explains Gmail's blog.
Even if this feature is restricted to Gmail, there's an interesting side-effect: if you open Google Calendar, Google Docs, Google Sites and Google Reader by clicking on Gmail's navigational links, you'll use the https versions of those services.
Wednesday, December 30, 2009
Microsoft Response to Holiday IIS Zero Day
Here is the response from Microsoft. Looks like they are blaming it on configuration errors.
Results of Investigation into Holiday IIS Claim:
Results of Investigation into Holiday IIS Claim:
We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here’s a list of best practices resources:
The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog.
I hope this helps answer any questions.
Happy Holidays and Happy New Year.
Christopher
*This posting is provided 'AS IS' with no warranties, and confers no rights*
Tuesday, December 29, 2009
Possible IIS 6 0-day
News from SANS
Microsoft responds to possible IIS 6 0-day, (Tue, Dec 29th): "Following up to recent diaries 7816 and 7810 and numerous other sources regarding a possible IIS&nbs ...(more)..."
Microsoft responds to possible IIS 6 0-day, (Tue, Dec 29th): "Following up to recent diaries 7816 and 7810 and numerous other sources regarding a possible IIS&nbs ...(more)..."
Tuesday, December 15, 2009
Adobe Warns of Reader, Acrobat Attack
Adobe Warns of Reader, Acrobat Attack: "itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Subscribe to:
Posts (Atom)