Dec 24, 2011

Sorry, IT: These 5 Technologies Belong To Users

Sorry, IT: These 5 Technologies Belong To Users: GMGruman writes "The BYOD (bring your own device) phenomenon hasn't been easy on IT, which has seen its control slip. But for these five technologies — mobile devices, cloud computing services, social technology, exploratory analytics, and specialty apps — it has already slipped, and Forrester and others argue IT needs to let go of them. That also means not investing time and money in all the management apps that vendors are happy to sell to IT shops afraid of BYOD — as this post shows, many just won't deliver what IT hopes."

Dec 20, 2011

Windows 2003 Server Domain Time

I have a system with a 5 minute time delay. It's domain joined but for unknown reasons it has a 5 minute delay. Now being an e-commerce system this is a bad deal. Credit Card companies don't like it when transactions are delayed by 5 minutes (can you say "man-in-the-middle"?).

Now I just need to figure out why it was off in the first place.

Here is the command to reset the time to the Doman time.

C:\Documents and Settings\wal>net time /?
The syntax of this command is:

[\\computername | /DOMAIN[:domainname] | /RTSDOMAIN[:domainname]] [/SET]
         [\\computername] /QUERYSNTP
         [\\computername] /SETSNTP[:ntp server list]

C:\Documents and Settings\wal>net time / /set
Current time at \\ is 12/20/2011 9:56 AM

The current local clock is 12/20/2011 9:51 AM
Do you want to set the local computer's time to match the
time at \\ (Y/N) [Y]: y
The command completed successfully.

C:\Documents and Settings\wal>

Dec 12, 2011

Verify Email with Telnet

Stolen from:

We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.

Example of a correctly formatted email address but still wrong: [VALID email format but it does not exist]

Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.

The solution
A quick & simple check below can be implemented in most programming language including PHP, Python etc. It relies on using the same SMTP which is used to send emails.
To check if user entered email really exists go through the following in command prompt.

First - Find mail exchanger of
nslookup – q=mx
RESPONSE:      MX preference = 10, mail exchanger = internet address =

Second - Connect to mail server
telnet 25
220 ESMTP Postfix NO UCE NO UEMA  C=US L=CA Unsolicated electronic mail advertisements strictly prohibited, subject to fine under CA law CBPC 17538.45.  This electronic mail service provider’s equipment is located in the State of California.  See for more information.
helo hi
mail from: <>
250 2.1.0 Ok
rcpt to: <>
550 5.1.1 <>: Recipient address rejected: User unknown in local recipient table
221 2.0.0 Bye

1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.

Dec 1, 2011

Importing Ringtones to iTunes

After you convert the song/sound to the AAC version (m4a), make sure to delete the AAC version of the song/sound in iTunes (while keeping the file). Then, after you rename the file to the Ringtone (m4r) version, you can import that file back into iTunes. Otherwise it won't show up in the "Tones" section and be 'syncable' to your device.

Nov 4, 2011

Lion, iTunes, Airport Express, IPv6 Bug

I have a stumbled upon a problem with iTunes, Lion, IPv6 and using an Airport Express.

It seems that when upgrading to Lion you lose the ability to "disable" IPv6. After upgrading to Lion your IPv6 config will still be set to "off", but if you change it, that choice goes away. You are only left with Link-Local, Automatic, and Manual as choices. None of these will allow you to connect to an Airport Express.

According to this post on the Apple forums, setting it to "Link-Local" will disable it. However your iTunes doesn't think so. So following these instruction from that same post you can return it to the "off" setting that allows iTunes to work properly with your Airport Express.

I had to change both the Airport and the Ethernet configs to __INACTIVE__ before it would allow me to connect to my Airport Express.
Here is what worked for me in Lion.
I edited /Library/Preferences/SystemConfiguration/preferences.plist
and changed the IPv6 ConfigMethod's string to __INACTIVE__ manually for the appropriate adapter. This is what I believe the GUI would change in SL10.6. Looks like it still accepts the option, Just dosen't provied it.
sudo vi /Library/Preferences/SystemConfiguration/preferences.plist
The section under your unique adapter key will look like this when you're done.
When completed reboot. Your inet6 address should not show for that adapter in ifconfig anymore.
Hope this helps.

Nov 3, 2011

3.5 Million People Are Still Using AOL Dialup (!!!) [Factoid]

Too scary.

3.5 Million People Are Still Using AOL Dialup (!!!) [Factoid]:
EEEEEEEEERRRRRRRRRRRRRNDguzzzzzzzzzzzzzzzdungahdungahdungahhhhhhh. That sound you hear isn't a 56k modem, it's the sound of my brain collapsing upon itself as I read AOL not only has 3.5 million dialup users, but added 200,000 since last year. How can this be? More »

Oct 28, 2011

PaperCut 11.5 is now available for download

PaperCut 11.5 is now available for download:
Picture of an antique cash till

Cashier Updated!

Along with usual collection of enhancements and fixes comes PaperCut Web Cashier. This feature will be useful for educational institutions and other organisations who want to offer a simple mechanism for users to purchase good and services, such as binding, using PaperCut accounts. As well as purchasing items, users can also make over the counter deposits.

Behind the scenes at PaperCut we have new staff member in Australia. Alec is joining the team as a technical project manager and many customers will get to hear from him over time. Not only he is already planning the next release but also committing code to our Subversion repo (using git-svn). Even the project managers need to be geeks here! Alec’s details have already been added to the about page so head on over if you want to see his important qualifications in coffee appreciation.

The full list of changes in version 11.5 can be found on the release history pages:

Download Now

Photo credit: Ivy Dawned. CC Licensed

Release: VMware View Client for iPad v1.2

Release: VMware View Client for iPad v1.2:
Fresh off the upgrade to the vSphere client for iPad comes an updated View client. You can head right to the download in iTunes here for the upgrade. As always, here’s the What’s new from iTunes:

What’s New in version 1.2

  • Optimized for VMware View 5 with improved performance
  • Support for iOS 5 including Airplay
  • Presentation Mode for use with external display and Airplay
  • Embedded RSA soft token simplifies login to desktop
  • Background tasking to move between Windows and iOS apps
  • Updated look and feel
  • Integrated online help
  • Buffered text input for multibyte text entry
  • Now in French, German, Japanese, Korean, and Simplified Chinese
  • Bug fixes

Sep 27, 2011

Geektool and Todotxt Desktop

I recently started using Geektool on my Mac for my background. I can't say enough about it. It really makes my desktop look nice. Apple should really look at incorporating this into the operating system if they haven't already.

One thing I have done that I haven't seen on many other examples is using the Todotxt todo list application for displaying my Todo list right on my desktop. I have it set to update every 30 seconds so it keeps things up to date and lets me know what to do next.

Just create a shell tool and have it run It is very simple and easy with no custom scripts or tools. Using custom shell scripts you could create many lists that display different projects, locations and priorities.

Here are a couple examples.

Tasks to do around the house:
todo ls @home

Stuff to do at work:
todo ls -@home

Buddhist task list:
todo ls @monastery + renunciation +harmlessness +goodwill

Aug 16, 2011

Firefox 6 patches 10 dangerous security holes

Firefox 6 patches 10 dangerous security holes: "The vulnerabilities are serious enough to allow an attacker to launch harmful code and install software, requiring no user interaction beyond normal browsing."

Aug 14, 2011

Another Malware Victim

Yesterday I had a visit from a family friend and of course, they brought along an infected laptop. His daughter's new Toshiba laptop was all shiny and fresh out of the box but it just wasn't working like it used to. Of course not; it had over 50 infections of various breeds of malware and trojans.

This was a brand new PC running the latest version of Windows and fully patched. There were two well known AV programs installed not to mention Microsoft Security Essentials.  The reason she was infected is simple: "click this box to save the world".  No amount of security in the world will protect people from their own infallible minds.  We can try to protect people from all sorts of threats in the world; virus, terrorists, crime, even taxes but in the end we are all victims of our own gullible minds. Let's face it, if bad people can design a web page to look legit, they can just as easily make an application look identical to any number of seemingly safe applications. One errant click and "it's goodbye Seattle" --Steve Martin. 

Microsoft Security Scanner is a frequently updated tool (it is only valid for 10 days) that can be downloaded and copied to an infected system either in safe mode or from a secondary boot method. This tool should find and remove most malware or virus.

Jul 19, 2011

NoScript Awarded $10,000

NoScript Awarded $10,000: "An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: 'NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment.'"

Jul 12, 2011

PuTTY version 0.61 is released

PuTTY version 0.61 is released

All the pre-built binaries, and the source code, are now available
from the PuTTY website at

It's been more than four years since 0.60 was released, and we've had
quite a lot of email asking if PuTTY was still under development, and
occasionally asking if we were even still alive. Well, we are, and it
has been! Sorry about the long wait.

New features in 0.61 include:

- Support for SSH-2 authentication using GSSAPI, on both Windows and
   Unix. Users in a Kerberos realm should now be able to use their
   existing Kerberos single sign-on in their PuTTY SSH connections.
   (While this has been successfully deployed in several realms, some
   small gaps are known to exist in this functionality, and we would
   welcome further testing and advice from Kerberos experts.)

- On Windows: PuTTY's X11 forwarding can now authenticate with the
   local X server, if you point it at an X authority file where it can
   find the authentication details. So you can now use Windows PuTTY
   with X forwarding and not have to open your X server up to all
   connections from localhost.

- On Windows: the Appearance panel now includes a checkbox to allow
   the selection of non-fixed-width fonts, which PuTTY will coerce
   into a fixed-width grid in its terminal emulation. In particular,
   this allows you to use GNU Unifont and Fixedsys Excelsior. (Thanks
   to Randall Munroe for a serious suggestion that inspired this.)

- On Unix: the GTK port now compiles with GTK version 2, which is
   generally shinier and in particular provides access to client-side
   scalable fonts. (Though, unlike some GTK 2 applications, we have
   retained support for old-style X11 server-side bitmap fonts too.)

   Some Linux distributions have been shipping pre-release versions of
   GTK 2 PuTTY for years, so this won't be a surprise to anyone using
   Unix PuTTY or pterm via Debian or Ubuntu. But this is the first
   official release containing that functionality.

- A small but important feature: you can now manually tell PuTTY the
   name of the host you expect to end up talking to, in cases where
   that differs from where it's physically connecting to (e.g. when
   port forwarding). If you do this, the host key will be looked up
   and cached under the former name.

- Assorted optimisation and speedup work. SSH key exchange should be
   faster by about a factor of three compared to 0.60; SSH-2
   connections are started up in a way that reduces the number of
   network round trip delays; SSH-2 window management has also been
   revised to reduce round trip delays during any large-volume data
   transfer (including port forwardings as well as SFTP/SCP).

- Support for OpenSSH's security-tweaked form of SSH compression (so
   PuTTY can now use compression again when talking to modern OpenSSH

- Support for Windows 7's new user interface features. The new Aero
   window management should now play nicely with PuTTY's complicated
   window resize handling, and Windows 7 jump lists are now supported
   so you can launch saved sessions directly from the taskbar.

Bug fixes include:

- Better support for importing OpenSSH private keys in PuTTYgen: we
   now support key files encrypted with AES, and we cope with keys
   whose primes are listed in the opposite order from the one we

- Corruption of data transferred over port forwardings is _probably_
   fixed (though there is the possibility that it was due to more than
   one bug, so we want to hear about it if it's still happening).

- Crashing when the server unexpectedly closes the network connection
   should be fixed. On Windows Vista and 7, PuTTY also no longer goes
   into a tight loop in this situation.

- PSCP and PSFTP should no longer hang on exit in some failure cases.

- On Windows: fixed a hang in the serial port back end.

- On Windows: PuTTY reads from the clipboard in a separate thread
   from its main one, which fixes a deadlock when trying to cut and
   paste into PuTTY from an X11 application or Remote Desktop session
   tunnelled through the same instance of PuTTY.

- Many, many other bug fixes.

Enjoy using PuTTY!

Jun 28, 2011

Citi Hackers Got Away With $2.7 Million

No wonder I get a Credit Card offer from them in the mail EVERY DAY!

Citi Hackers Got Away With $2.7 Million: "angry tapir writes 'Citigroup suffered about US$2.7 million in losses after hackers found a way to steal credit card numbers from its website and post fraudulent charges. Citi acknowledged the breach earlier this month, saying hackers had accessed more than 360,000 Citi credit card accounts of U.S. customers. The hackers didn't get into Citi's main credit card processing system, but were reportedly able to obtain the numbers, along with the customers' names and contact information, by logging into the Citi Account Online website and guessing account numbers.'

May 27, 2011

Call Interception Demonstrated On New Cisco Phones

Call Interception Demonstrated On New Cisco Phones: "mask.of.sanity writes 'Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements.'

Confessions of a Computer Repairman

Confessions of a Computer Repairman: "nk497 writes "What really happens to your PC when it's handed over to computer repair cowboys? We reveal the horror stories from computer repair shops — the dodgy technicians that install pirated software, steal personal photos, lie about hardware upgrades, upsell to the unsavvy, or simply steal your PC to sell on. Plus, we tell you how to avoid such dodgy fixers and find a trustworthy repairman."

May 3, 2011

Repudiate This!

I've been hearing this term at work a lot lately so here is the Wikipedia definition for digital non-repudiation.

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1]
  • A service that provides proof of the integrity and origin of data.
  • An authentication that with high assurance can be asserted to be genuine.
Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.
The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. They can also be used for encryption. The digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.

Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE

Wow, this is just incredible.

Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE: "An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
'... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.'"

Google Chrome Canary Now Available for Mac [Downloads]

Click here to read Google Chrome Canary Now Available for MacGoogle Chrome Canary Now Available for Mac [Downloads]: "OS X: Google's released the 'Canary' version of their popular Chrome browser for OS X, giving Mac users earlier access to advanced features. More »"

Apr 22, 2011

CERN, LHC Sets New Luminosity World Record

For Charles.

CERN, LHC Sets New Luminosity World Record: "An anonymous reader writes 'Since last night, the Large Hadron Collider is officially the most powerful accelerator in the world. While a record energy level had been reached last year, the new luminosity level, surpassing Fermilab's capabilities, is a new achievement. 'Higher intensity means more data, and more data means greater discovery potential,' as CERN Director General Rolf Heuer says.'"

Dropbox Can't See Your Dat– Er, Never Mind

Hmm, just set this up too.

Dropbox Can't See Your Dat– Er, Never Mind: "bizwriter writes 'Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so.'"

Gmail Now Lets You Make Longer Labels (Without Wasting Screen Space) [In Brief]

Another Gmail bonus. Not that I have super long labels.

Gmail Now Lets You Make Longer Labels (Without Wasting Screen Space) [In Brief]: "
Up until today, you could only make new Gmail labels that were 40 characters long—which could sometimes prove difficult. They've now extended that limit to 225 characters, giving you a lot more leeway in how you organize your messages. They've also truncated the actual labels themselves in your inbox, so they don't take up too much space if they're long or buried in a long trail of nested folders (mousing over them, however, will show you the full label name or path). It's just a few small changes, but certainly welcome ones for label addicts. [Official Gmail Blog] More »"

How to Port Your Number to Google Voice Without Paying an Arm and a Leg [Video]

I've always wondered if this was possible...
How to Port Your Number to Google Voice Without Paying an Arm and a Leg [Video]: "

Google Voice is a great service, but changing your phone number can seem like pulling teeth. If you've been thinking about porting your existing number to Voice, here's what you need to know to make it go as smoothly as possible. More »"

Apr 21, 2011

Apple Logging Locations of All iPhone Users

Apple Logging Locations of All iPhone Users: "An anonymous reader writes 'The Guardian reports that researchers have found a hidden file on all iPhones, iPads and any computers to which they synchronize, logging timestamped latitude and longitude coordinates of the user since June 2010. A tool is available on their website to check on your own.'"

Mar 30, 2011

Google Fiber coming to Kansas

Looks like Google has decided on Kansas City, KS for the first fiber installation. We can only hope this will reach as far as Lawrence in the near future.

Google Fiber on YouTube

Mar 11, 2011

Dear Microsoft: Resource Monitor Sucks

Dear Microsoft:

If I can watch a movie, play a game with thousands of people with live news and weather feeds scrolling across the screen from around the world all on this hardware, why can't you make a performance monitor that looks decent and doesn't chug along like an over worked grandma?


Every Windows Sysadmin in the World!

Mar 9, 2011

Dear Mildred...

Here is a blatant cut and paste from PCPro. I love stories like this as they educate PC users around the world.

I was going to contribute to Stewart Mitchell’s request for horror stories about computer repair people; then I was completely diverted by a panic phone call from an old friend, which helped me to realise that I was far more of a repairer than a customer of repairers.
That 72 hours of raw-edged panic was quite enough for me to focus on the sins of those who come and ask for help, which can be every bit as difficult as the sins of the fixers. So pardon me while I abuse the Pro blogs to let my friend know how I felt about her approach to the whole sorry matter.

Dear Mildred (name changed to protect the innocent here),
It was delightful to hear about your holiday in Kuala Lumpur, for 20 minutes, before you got around to mentioning that you had brought back a DVD burned for you by a charismatic local photographer and thrown it in that laptop you obtained from me six months or more ago.  It was sadly not surprising to hear that once that DVD had been introduced to the laptop, you had laid yourself wide open to every hacker and script kiddie on the planet. The parts I did find surprising then came so thick and fast that I was barely able to assemble a coherent reply, so let’s unpack all your assumptions and deal with them item by item, now that facts can take precedence over emotional blackmail.

- No, it doesn’t matter how you imagine viruses work: they will not be amenable to persuasion, they will do what they like. Responses like “that seems a bit far-fetched” won’t get your laptop fixed, or keep the hackers away. After the initial, invisible infection has granted the underworld open access to your PC, they are unlikely to steal your personal data – you’re not rich enough – but they will sell off access to your machine, for a relative pittance, to much less accomplished hackers. It’s their lesser efforts you can see, and they’re just evidence of the basic high-quality infection.

- No, you can’t sue AVG. You put a physical piece of storage in your DVD drive and clicked on various dialog boxes, some of which you neither understood, nor can now remember, because you wanted to get at the content on the disk. Once you do that, it’s game over.

- No, I am not responsible for everything that befalls something I once owned. It is now your laptop and your responsibility. Curiously, I am not sitting around at home doing nothing waiting for machines to die, and there is no way that you can cajole, seduce or otherwise influence me to “just spend ten minutes on it”. There are two reasons for this. One is that it’s perfectly clear that if I do touch it, I will never hear the end of the matter for as long as I live. The other is that once you stuck that DVD in there and started saying “yes, OK” to every resulting dialog box, you sank the whole thing. It doesn’t take 10 minutes to sort that out; it requires a complete machine reload to properly guarantee the infection is history.

- No, there is no neat and handy way I’ve been keeping secret that allows you to retain your extensive collection of stolen software licences loaded on that laptop. It’s even possible (but unlikely) that one of those copies you downloaded from total strangers via BitTorrent was actually the source of infection, not the DVD from that far-off and well-known training school for global cybercrime supercriminals. But you don’t believe that possibility either, so that’s me told good and proper. I personally remember all those nights in the 90’s when your standard response to any creative suggestion was “that’s great, but don’t tell anyone else so they can’t steal your idea” – rampant hypocrisy always offends me, especially when the software you’ve stolen is used to maintain your creative business. Perhaps you wouldn’t be in this dire situation if you had actually paid for the things you use (and therefore could reinstall them), even paying for a decent image-based backup program would have saved your bacon. Just because I use one and recommend it to everyone doesn’t mean it must therefore be nerdy and incomprehensible so you shouldn’t touch it.

- Don’t worry. I don’t propose to identify the specific products you don’t have licences for, mainly because I think the whole business of what’s free and what’s not is now so murky and confused that I don’t think you are even doing anything special these days. It’s not something I will involve myself in, though, which is in part why I am more tilted towards the hardware business, than software, these days. I have gone about as far as I can here to make it clear why your approach to the way your laptop drives your business, mixed with your approach to the way that people in the computer business sell things to you, adds up to a disaster waiting to happen. And I do disaster recovery, not disaster participation.

Love and kisses,

Feb 17, 2011

How Your Username May Betray You

How Your Username May Betray You: "An anonymous reader writes "By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users."

PaperCut Version 11.1 Released

PaperCut Version 11.1 Released: "

Flooding in Melbourne streets
Some might think we took a holiday after releasing version 11.0 last month. Not so! We’ve been hard at work polishing the new features, making many minor improvements and of course avoiding all the floods and cyclones (hurricanes) that have been happening down under! PaperCut 11.1 is now ready for download.

We’ve had lots of great feedback about the dashboard and the new look interface – thanks to everyone who emailed in. Much to the delight of our support team the version 11.0 release last month went down smoothly and there were no major issues reported. If you’ve been holding off on the upgrade because you don’t like “dot zero” releases there is no excuse now! :)

Among the many little enhancements in this release we’ve expanded our watermarking support across a greater range of PCL6 printer drivers.

The full list of changes can be found in the release history. Happy downloading!

Flood image by Looking Glass / CC BY

New Windows SMB 0-Day Vulnerability

Windows 0-day SMB mrxsmb.dll vulnerability, (Wed, Feb 16th): "A new vulnerability has been discovered exploiting SMBcomponent of Windows. The attack involve ...(more)..."

Feb 8, 2011

Jan 28, 2011

New Critical Bug In All Current Windows Versions

New Critical Bug In All Current Windows Versions: "Trailrunner7 writes 'Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft issued an advisory about the MHTML vulnerability, which has been discussed among security researchers in recent days. There is some exploit code available for the bug, as well. In addition to the advisory, Microsoft has released a FixIt tool, which helps mitigate attacks against the vulnerability in Windows.'

Jan 25, 2011

Best Terminal App, EVAR!

This has to be the best terminal application ever. I don't think I will ever license it either. The picture degradation makes it sooo much more bettuh!

Cathode - Vintage Terminal Emulator

Jan 24, 2011

Apple hires former NSA, Navy analyst as security czar

Apple hires former NSA, Navy analyst as security czar: "In response to calls for increased security from enterprise clients, Apple has hired cybersecurity expert and author David Rice as its director of global security, a new report claims.

Jan 7, 2011

Splunk GEOIP Lookup

Here's a great Splunk feature. Using this query you can see what countries are hammering your boxes and make nice graphs for the boss.

sourcetype="linux_secure" name="Failed Password" | lookup geoip clientip as src_ip | timechart useother=false limit=5 count by client_country

You can easily change client_country with src_ip to start dropping the ban-hammer as well.

Jan 6, 2011

Useful Splunk Queries

So we finally have a working reliable installation of Splunk on site and I am starting to build some useful queries. There is so much information available it's almost too hard to make a reliable query that returns the information you need (without false positives).

sourcetype="WinEventLog:Security"  User Name: "CategoryString=Logon/Logoff" User_Name="administrator" | chart count(eval(Type="Failure Audit")) as "Login Failures" by src_ip

This will give you a nice chart showing a count of Administrator logon failures by source IP.

If you find yourself getting data that you aren't sure is real or should be ignored, I find the best way to be sure is to verify with a known failure or reproduction of the issue to be tracked. In this case, I simply attempted to log in with a bad password and my attempt showed up after a refresh.