Jul 30, 2010

Happy Sysadmin Day

Have a beer with lunch everyone!

Happy Sysadmin Day!

Jul 29, 2010

Use a Batch Script to Keep SysInternals Utilities Updated [Batch Scripts]

Click here to read Use a Batch Script to Keep SysInternals Utilities Updated Use a Batch Script to Keep SysInternals Utilities Updated [Batch Scripts]: "Windows only: The SysInternals suite of utilities, including the excellent Process Explorer tool, are a must-have for any serious geek, but they don't come with a built-in way to keep them updated. Here's how to keep them automatically updated. More »

Millions of Android users hit by malicious data theft app

Surprised?

Millions of Android users hit by malicious data theft app: "An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store."

Jul 28, 2010

Data Storage Capacity Mostly Wasted In Data Center

Data Storage Capacity Mostly Wasted In Data Center: "Lucas123 writes 'Even after the introduction of technologies such as thin provisioning, capacity reclamation and storage monitoring and reporting software, 60% to 70% of data capacity remains unused in data centers due to over provisioning for applications and misconfiguring data storage systems. While the price of storage resource management software can be high, the cost of wasted storage is even higher with 100TB equalling $1 million when human resources, floor space, and electricity is figured in. 'It's a bit of a paradox. Users don't seem to be willing to spend the money to see what they have,' said Andrew Reichman, an analyst at Forrester Research.'"

Jul 26, 2010

Monitoring Software

I have added a box of links on the left for "Monitoring Software". I have experience with Nagios and Zenoss and find them both to be adequate. As with anything IT related you get out whatever you put into it.

If you expect to have a quick easy fix for all your monitoring needs it just won't happen with any package you choose. You have to take time to study it and deploy it correctly. You have to configure all devices the same and keep them up to date. You have to make sure you follow procedures. Above all else you have to document the whole process and refer back to the documentation when you have a question.

Another big problem is making sure to investigate each and every problem created. You have to find out why something was reported and if it was legitimate or not. If not, you have to make sure it doesn't happen again.

False positives will kill months and months of preparation done on any monitoring system. If you can't trust what it tells you, you shouldn't be wasting your time figuring it out.

Jul 21, 2010

Microsoft Zero-Day: Malformed Shortcut Vulnerability

Microsoft Zero-Day: Malformed Shortcut Vulnerability:
"Today Microsoft updated the security advisory that was initially published last Friday (July 16), stating that they’re working on issuing a security patch for this vulnerability. Earlier, malware exploiting this issue was found in the wild. Researchers at McAfee Labs have been busy tracking this issue over the weekend and we have come up with some more quick Q&A’s.

1. What is the issue with .LNK files and how can it be exploited?

A. McAfee Labs researchers analyzed malware that was exploiting a design flaw in parsing shortcut (.LNK) files. This issue gets triggered because the Windows Shell component does not validate parameters sent out in the shortcut. This issue can be exploited via any mechanism that makes the user load the icon of the .LNK file.

2. Does the malware need a payload (shellcode) to exploit this flaw?

A. Since this is a design issue in the way shortcuts are parsed, no malicious payload (shellcode) is required to exploit this flaw. The .LNK file needs to point to a malicious file, the path of which needs to be hardcoded in the shortcut.

3. What are the requirements to successfully exploit this flaw?

A. This flaw can be triggered when Windows Explorer or Internet Explorer tries to render a malformed .LNK file that points to a malicious executable. The user need not double-click on the .LNK file to trigger the vulnerability; just opening the folder containing the malicious shortcut is enough to get infected.

4. What are the most likely attack vectors used to exploit this vulnerability?

A. USB drives are likely to be affected the most. The malware discovered in the wild was exploiting this issue via a USB drive. File sharing over SMB is another likely vector to exploit this flaw and this can lead to widespread malware infections over internal networks. WebDAV shares are equally susceptible to exploitation.

5. What are the affected platforms?

A. Microsoft has acknowledged that all supported platforms are affected. More details are available in the Microsoft security advisory. Windows XP SP2 is not listed in the list of affected platforms from Microsoft, so there is a chance of Windows XP SP2 users might remain vulnerable.

6. How widely is the issue being exploited?

A. The issue is known to be exploited by malware in the wild. Initial attacks were limited. However, an exploit module in metasploit was published today that uses WebDAV shares as an exploit vector. We expect wider exploitation of this issue. Users should keep their anti-virus software updated with the latest DATs (signatures).

We’ll keep our readers updated on this issue as we analyze more malware and techniques used by malware writers to exploit this flaw."

Dell ships motherboard with malicious code

Apparently this is for the R410 replacement motherboards.

Dell ships motherboard with malicious code:
"Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware."

Jul 20, 2010

Keep All Facebook Applications from Ever Bothering You Again

And there was much rejoicing...

Keep All Facebook Applications from Ever Bothering You Again [Facebook]:

There are subtle, precise controls for getting your Facebook privacy back the way you like inside the social network's settings. If you want the nuclear option—no Facebook app messages or pings forever—tech blog Digital Inspiration shows you the switch. More »

Jul 19, 2010

Scan to email is usually a bad idea

Criminals pushing Rogue anti-Virus disguised as scanned documents: "Email messages masquerading as scanned documents are the latest attack vector being adopted by criminals to push Rogue anti-Virus Malware to the masses. The messages, which appear to have been sent from a Xerox WorkCentre Pro, come with a Zip file that will immediately infect the host system if accessed.

Update:
Since running this story on Friday, we’ve seen more examples of this attack."

Jul 8, 2010

Phone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in Finder [Downloads]

Click here to read Phone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in FinderPhone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in Finder [Downloads]:

Mac only: iPhone users have been able to browse the contents of their device using apps like previously mentioned iPhone Explorer for awhile, but Phone Disk integrates it with OS X, mounting your iPhone in the Finder instead of a separate app. More »

Blackboard to Buy Two Education-Software Companies—Elluminate and Wimba

Blackboard to Buy Two Education-Software Companies—Elluminate and Wimba:
Blackboard has a habit of acquiring an education-technology company every year, but this year it bought two—both of which offer similar services.

Jul 1, 2010

Airport Express joining DD-WRT wireless using WPA2

Okay, I've been hammering away at this for hours so I am posting something about it.

This afternoon something hosed my wireless router, big time. Not sure what happened but it wasn't acting right. I managed to get it reset back to defaults and it worked fine. This is good because I thought it was burned up or something.

I managed to get all my settings and DHCP reservations back but I couldn't get my Airport Express to join the WPA2 Personal network. Eventually I loaded the old firmware image and took some screen shots before it failed again.

Apparently the Airport Express will NOT use TKIP WPA Algorithms. It must use AES. As soon as I set it to AES the Airport Express turned green and I had my music. I haven't tried TKIP+AES. Perhaps that will work too. I'm too tired to test it.

I searched high and low but all I could find was information on using WDS in this environment. I found nothing relating to what WPA Algorithms the Airport Express should use. So, here it is.