ColSec

Security Vs Convenience

2010-11-19T09:39:00.005Z

That's right, the old argument is rearing its head again. My post here is brought on by the story published on the BBC today which goes on to say that "Security is broken" etc. Usual old story, which as far as I am concerned is correct. We should keep on top of these things and comply with regulations and stop our users from using whatever they wish.

Well, on the flip side you have people like Ted Schadler writing books about Empowerment and suggesting its a good idea to let your staff use technology, this is conflicting, at least in my mind with some of the concerns in the BBC article mentioned above.

So where does that leave us, the techies doing the work? It leaves us wherever our management decide to leave us of course! The company I work for doesn't care heaps about security, they care about giving the users the flexibility to do their jobs - if that means using Google Docs or their iPads then so be it. Heck they are even encouraged to bring in their MACs... I can see a problem forming... will they learn from it? Perhaps.

I'll give you an example. Do you use Skype? Safe, right? How do you know for sure? Lets see, it's an encrypted EXE using an encrypted proprietary protocol. How do you know there isn't some nasty traffic in there? That's right, you don't. In our company the CEO uses Skype and loves it. Great. So if some hacker has exploited it and is using it for their own gains, not only are they on millions of PCs worldwide but they are also on our CEO's machine. No doubt our CEO has admin rights to their machine too, so the hacker has everything.

Can you say pwned?

Rdpclip.exe stop it already

2010-08-10T11:02:00.003+01:00

I'm sure, if you use Terminal Services on Windows 2003 you will have seen it too. You are working away all day, no problems, using the the TS Clipboard, copying and pasting text + images between your session and many others, only for it to stop working mid way through doing something mega-fucking-important.

Well its an easy fix, but fucking annoying all the same.

Run task manager and just look at your own processes, click "end task" on RDPCLIP.EXE and kill the fucker. Do File, Run and type in "rdpclip.exe" and you will see a nice new one spawn into the process list. Now go do your copy + paste again, works fine, but for how long?

Come on Microsoft you must know about this one, fix it already!

There's still an app for that.... sigh...

2010-07-06T07:29:00.004+01:00

I'm still annoyed about all these iPhone/Blackberry/Android applications that are worthless and a waste of time. We all have web browsers with bookmark functionality, why oh why do we need all these stupid applications to do what a web browser can do all day long?

This news story highlights my point nicely - http://news.bbc.co.uk/1/hi/technology/10514367.stm

Here is the UK Government wasting our money on iPhone apps, for what? A fucking travel advisor? When I could bookmark the web page and use it as I travel quite easily. Thanks for wasting my tax money you bunch of buffoons. Of course the present coalition will just blame the previous government's decisions and duck any blame. Sometimes, I hate democracy.

F***ING MCAFEEEE!!!!!

2010-04-21T21:40:00.004+01:00

Well a lot of people are saying that today aren't they? If you've read this blog you know my hate for Anti Virus technology in general (signature based) and this just goes to boil my blood further on the subject.

Quick catch up on the subject - http://isc.sans.org/diary.html?storyid=8656

In case you're a MAC user or have been living in a cave, McAfee released DAT 5958 today, without obviously bothering their arses to test on Windows XP SP3 to any great extent. The DAT file thought that SVCHOST.EXE was infected with W32/Wecorl.a. This causes Windows to have a little fit and argue with McAfee over the validity of the file and no doubt arguing with Windows File Protection and ending up causing it to get corrupted.

This makes the machine have fits of all sorted, reboots, missing start buttons, no network and various versions of these symptoms. There are stories of NASA facilities being affected and the state of Kentucky has been mentioned (like the whole state is down oops).

I have been watching the story on Twitter all afternoon and helping people with updated information as I get it, helping one person almost completely subvert disaster (nice one).

I guess we'll hear tomorrow the sheer scale of this problem, we really have no idea what the impact will be until the calls stop coming in.

We are looking at setting up an SMS job with the old DAT file in and possibly using http://www.bitsum.com/wfpreplace.php to put the SVCHOST.EXE back to the correct version.

update...

Check this very weak post from Barry McPherson http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/

McAfee detected it did they? More like we fucking detected it when hundreds of our computers started rebooting dipshit. How about admitting that it could be 1 million computers or more? How about fucking apologising?

Idiots, and these are the bastards that we trust with our corporate anti virus?

update 2

New blog post, slightly more apologetic - http://siblog.mcafee.com/support/a-long-day-at-mcafee/

Still fucking ludicrous that this is the 3RD TIME in 12 months that McAfee have fucked us over. I know what I will be recommending the next time I am asked what AV Solution we will be using. Something like "BACK THE FUCK AWAY FROM MCAFEE"

There's an app for that!

2009-10-15T11:58:00.004+01:00

So we've all heard this phrase recently, especially since the iPhone has started to take a hold of the market. Personally I have a Blackberry and its the same "there's an app for that".

I cant help thinking why we need all these apps? Are we going back in time to early 1990's internet? I realise that there are bandwidth restrictions and what not, but with G3 and the Web browsers on Windows starting to adhere to standards and the like, I think this is one of the innovations we are yet to see on the mobile device.

All these guys need to look towards HTML5 and start properly developing their browsers to handle the next generation of browsing standards. Only then might we see web developers building web applications for mobile browsers rather than another app for this and another app for that.

Why cant we have the same standard of development on the mobile that we currently enjoy on the desktop? I want Facebook on my mobile, and I want it with all the applications inside Facebook that I have on the desktop. I want to be able to open Youtube, listen to streaming music, browse to iPlayer, hell I might even want to look at porn.

At the moment, the only real contender I can see for this sort of thing might be Opera's mobile browser, ok so we cant do any of the things I mentioned already, but will it be Opera that drives the idea? Are Opera the only people offering a decent mobile browser for multiple devices?

Until Mozilla/Microsoft/Google make a move I guess we're just going to have to wait and see.

Chasing Virus signatures

2009-10-08T07:29:00.004+01:00

So we've had another virus outbreak at work, this time pulling a whole site from the network to contain it. It was a new unknown variant of a nasty little bugger which infected EXE files.

It scanned the network looking for open shares and areas the infected user could access, in this specific case, that turned out to be all the adjacent PCs too. Nice.

Anyway, stupid set ups and lax security aside, we are still chasing signatures. This pisses me off something rotten. We are at the mercy of the AV vendors seeing a threat before we are protected some 24-48 hours later, meanwhile the virus wreaks havoc destroying whatever it finds it can write to in its path. We were lucky in this case that the virus didn't accidentally get Domain Admin rights because we'd have had a much larger problem then.

Needless to say, now we are looking (again) at heuristics and forcing the firewalls active on all clients, we might actually get some buy in this time eh.

Firefox stop eating my memory!!!

2009-09-07T14:06:00.002+01:00

I love Firefox, I really do. I've used it for years and always ask my friends to use it after I've rescued them from yet another stinking Virus infection.

But enough with the memory usage already, its starting to drive me bananas. I am writing this in FF now, with only this tab open, nothing else what-so-ever.

Hazard a guess how much memory I'm using now? 50MB? Nope, keep going. Ok I'll save you the 10 guesses - 514,104k right now - just over 500MBs. What the fuck.

I really want this fixed, I use a few add-ons that are very useful and I've never managed to replicate those features in any other browser. Please Mozilla, do something about it.

Anti Virus or no Anti Virus?

2009-05-27T13:57:00.003+01:00

This article sparked me to post again about having AV installed or not. On my main home machine I have not had Anti Virus installed for about 8 years now, and I have not had a single virus problem, even though I download stuff from the net and actually use Windows.

Bollocks you might say, and I can hear you shouting "how do you know you've not had a virus?". Simple really. There are hundreds of on-line scanners that you can go to when you feel the need, in fact I use http://safety.live.com all the time to check other machines for a second opinion. If I suspect something on my home machine I also use that site to check, and to date I've never found a live virus on my system. Yes I rebuild Windows quite a bit, sometimes playing with Windows 7 RC or Linux as most of us "techies" do so that probably helps keep me clean to some extent.

I personally, do not want "mom and pop" uninstalling Anti Virus in the quest to release a couple of ounces of performance from their aging laptops. They should look at memory for laptops these days its so bloody cheap its hard to ignore. I have in fact rescued 2 friends from replacement laptops by simply getting them 2GB ram instead of the 256mb that they had installed (LOL). Uninstalling AV would no doubt have actually slowed their computers down over time (as they get infected of course!).

For me though, I refuse AV. Its a dead product, it needs re-thinking. The virus database is growing and growing and to be honest I do not think its valuable checking every single thing in memory and on disk for a possible hit on millions of combinations of virus string. I have evaded AV before, its actually quite easy to change a few bits of a virus and be able to by pass most of the AV on the market (as shown to me in a recent course I attended).

So what is AV for? Non-IT people who do not know what they are doing, they need nannying and that's what AV is for: Its a Nanny for the non-IT f-wits. lol.

What of the above article? Absolute stupidity. I do not need the non-IT f-wits calling ME to fix their Virus problem do I? No. Get AV you numbnutts.

Windows 7 Speech Recognition (ASR)

2009-05-21T11:49:00.002+01:00

I was using ASR quite nicely in Beta W7, so assumed that it would get better for RC (logical thought right?). No.

Its terrible now, it was acceptable before but now its unusable.

I have quite back RSI at the moment so am needing something to take the strain off my right hand which is suffering quite badly (for the last 5 weeks now). I was overjoyed to find that in W7 Beta I could set that up and start talking to my PC. It works well in some applications and like shit in others (IE and Firefox are crap at it, but Live Messenger works well).

But unfortunately in RC its completely un-usable. When you start the training, the dialog hangs and says "(not responding)" for ages, then it pauses even thought you didn't say pause and so on and so forth. Once you spend 20 mins training it and waiting on it catching up you switch it on. Then it just starts making up commands from your breathing or other background noises and never hears what you shout at it.

I've looked around for ways to tell MS about these problems but I don't see an easy way, at least with the Beta you could click on the title bar and let them know.

Windows 7 - beware, its a virus!!!

2009-05-08T19:35:00.003+01:00

Ok so I used an attention grabbing headline but bear with me. I now have Windows 7 RC installed on 2 machines and the other 3 are feeling all left out so I think they will get infected with the Windows 7 'virus' over the weekend possibly.

This is not only testament to how much I'm loving the latest build of Microsoft's Desktop Flagship, but it is also showing MS's marketing genius has been at work on the RC build if you ask me. Think about it. I will be possibly installing 5 copies of RC around my home, when those all run out in 1 years time I will have a nasty OS bill to pay unless I come up with some nice way of getting them legal (MSDN or something like that?).

I bet I am not the only person too, plenty people at work are downloading and installing for themselves. I have chosen to go the 64-bit route so I'm having to use the XP VM to get into my work's VPN which is only 32bit, which incidentally, works well enough. When I first installed it yesteday it was slow and nasty but today I've used it all day with plenty of success. I guess its this that has made me feel comfortable installing it on the remaining machines (one of which is my main work laptop).

I seriously hope there is a way to get these copies all nice and legal in the next 12 months as I am not looking forward to the backwards step to XP!!

BBC "Crossing the line" - shut up already

2009-03-20T14:57:00.004Z

Waaaa waaaaa, is all I'm hearing on the mailing lists. Waaaa waaaaa, this isn't what I paid my TV License for, waaa waaa they've broke the law waaaaaa.

Give it a fucking rest already.

Its called Journalism and they are doing a pretty decent job of it. Massive mailing list discussions, I'm sure countless forum topics and no doubt Tweets and all sorts of crap going on, great innit, all generating interest in BBC's story as its meant to. The more people that hear about it and talk about it then the more people learn of the things that go on.

So what they used our money to buy into a botnet or purchase some Credit card details, they are highlighting a problem. So when things like this have been done in the past, where were the nay-sayers then? Like when Journos buy guns to show how easy it is in the UK, then hand them into Police. You don't hear of the Journalist being arrested for firearms offences [citation needed lol].

I'm done with all the moaning. Would it have made a difference if it wasn't the BBC? OK so you care about how you're TV License is spent? Take a look out your window or somewhere near you, I bet you there are roadworks going on as, that's right its the end of March. Councils apparently need to burn up their budgets (not an urban myth by the way) before the next financial year starts. That's how well your hundreds of pounds of Council Tax gets spent, and you're complaining about 11 pounds a month and one or two measley stories about criminal activity on the net. Give me a fucking break.

Ah I feel better after a little rant, now going out for some sunshine!! Woo.

Google issues again?

2009-02-24T13:36:00.003Z

So we know that Gmail went down this morning for a while, but I also had a problem Google which I had a couple of weeks back, in that everything I typed was viewed as looking like a BOT request. It has fixed itself again, but I keep getting this on and off, this is the first time when trying to get into Gmail tho, interesting! Watch what you guys are clicking on please! (message to the Google staff lol).

Losing civil liberties? I think so.

2009-02-17T10:52:00.003Z

I am an amature photographer (LOL) and I occasionally take pics around town etc. Well this new law has been introduced in the UK monday further restricting our freedom and rights to record things happening around us.

The next time you see someone being beaten up by the Police (yeah sure I know, happens all the time lol, but you catch my drift) and you try to record it on your phone, do you think they are going to let you keep recording? Not bloody likely. No where does it mention (in the aforelinked article) the removal of the camera from the photographer or the destruction of the film. I have heard stories and infact read on the BBC news site of people getting their cameras taken from them.

Seems the Police Force need to educate their officers on the details of the laws, instead of letting them think they also own the pictures themselves.

Another side note that I just thought of, the new act makes it a crime to "elicit, publish or communicate information" about British police or military personnel. Does this mean I cannot go into Twitter and type "oh the Police are now moving closer to the suspect" or stuff along those lines? Will I get my Twitter account closed? LOL all sounds like fun.

Windows 7, same old copying problem?

2009-02-11T11:44:00.004Z

Most of us had the problem in Vista pre-SP1. The dreaded "calculating...." message when trying to copy files around the place using Explorer.

I just tried to copy 10GB of data from drive to another and its still trying to work out how long it will take. My guess is a LONG TIME at 0 bytes/sec lol. Its still trying now as I type this, rock on Windows 7.

Pity its doing this I must say, I was really liking the experience and I've not seen this before on this build. I am kind of hoping that the external drive is faulty, but at the same time I dont want to lose the drive!

Will report back later once I know for sure.

/update
I left it over lunch and it seems to have copied. Windows 7 got that annoying problem or not? I am not sure!

Windows 7

2009-01-16T14:26:00.003Z

So far so good, clean install, nothing broken. Some setup.exe's dont work as they are doing OS checks, but other than that, pretty good.

Got Crysis Warhead installed and it looks fantastic, dont remember it running quite this quickly under XP x64 either, hmm.

I have the odd time W7 wont shut down and I have the occasional application crash, but I do lots of weird and funky things on my machines so it could just be me causing it :P

And see the proper Windows 7 bootup logo above, no imitation there :)

UK Government and Data

2008-11-05T07:56:00.002Z

They just suck don't they?

They want a national health database, they would like a national biometrics database, they would love all kinds of databases with our DNA and other details in.

They what would they do with the data?

Lose DVDs?
Lose memory sticks?

What do they blame it on? The Facebook Generation?

How about taking a look at yourselves before trying to blame the younger folks? The whole system is to blame not the individual, they should know this by now. The individual should not be able to make mistakes on that scale, its that simple.

And ministers are bemused at why people would want to opt out from their next IT scheme, is it that fucking hard to imagine why?

Live / MSN Messenger - error 8100036

2008-09-11T11:40:00.004+01:00

You are not alone people, I have friends all over the place that cannot connect. Just thought I'd share in case you thought you were going nutts. I spent tuesday upgrading and downgrading the router firmware in my house because I thought it was me!!

Something in the water....

Error code is 8100036 btw. loads of people complaining.... damn...

Update -

Well seems ok for me now, I have 2 accounts working again.... for how long.....

Google Chrome

2008-09-03T07:41:00.005+01:00

Sorry you Google bashers. I like it. I am a self confessed Googleite and probably always will be, so I was probably destined to love their browser offering, but I've used it for a good few hours and I have to tell you that I like it.

The separate process thread for each tab is great. This must have been done already no? Seems so logical, cant believe someone has only come up with this idea now.
Using the IE core proxy settings - about time another browser did this. This means its manageable centrally, and if you play with your proxy settings means you only have to change them once. {update - later this morning Chrome started prompting for Proxy Authentication credentials which it did not earlier in the day, multiple reports. Could be a dodgy proxy but not sure}
The new tab page is shaping up quite nicely, as I use more of my normal sites its starting to show me what my basic browsing habits look like.
Speed - its fast. Seems to be visibly faster than even FireFox 3, which I didn't really think was possible, and here we are.
About:Memory - handy feature this one, lets you monitor all Internet Browsers memory usage, quite good fun (for a geek like me!). Chrome seems to sit somewhere between IE and FF in terms of usage and the memory does nicely jump up and down with more and less tabs as you would expect.
Incognito Tab - excellent feature, some people may call this a gimmick, but they obviously don't look at porn as much as the rest of us then eh, or more likely admit to looking at porn. Let me clear this up - I look at porn. I am a red blooded male who looks at porn. Glad we got that out of the way.
Grab a tab! How MANY times have I wanted to break a tab out from FireFox? Many many times. Now I can with Chrome woo hoo.

What about bugs?

Well, I've already seen that the scroll feature on this laptop doesn't work properly (and reported it to Google of course) and I've only seen one or two sites which don't display properly (and forgotten to report those of course).

Gmail? Blisteringly quick.

As I say I've only had a few hours to play with it, but its looking like a good effort all round, I am liking what I see. The fact that its open source and doesn't use IE's rendering engine only helps to make me feel even warmer and fuzzier about it.

As long as Google can finish this product and actually release it to the masses (i.e. don't leave the "Beta" tag on it for 2 years) then I will be happy, and guess what? I think I'll be switching my main browser.

All your web are belong to us... ?

2008-08-27T08:36:00.005+01:00

Are we under threat again? We've only just started to calm down over the recent DNS hoohah and now we're being told that the Internet's backbone is possibly open to a man in the middle attack. Two researchers have demonstrated an attack that can intercept internet traffic for sections of the web. Should we be worried?

Reference: Wired

If you look at the Wired article above and believe it all we should be, but then is that the full story? Do we the public ever get told the full story on *anything*?

Here is an interesting counter article which states that ISPs (up to 72%) actually filter routes anyway, so are we bothered? Yes and no I guess. I'm no expert, but hat other 28% or so could be a problem eh.

Another one that we'll just have to wait and see I guess eh. Back to work!

Vista security "completely useless" | Patch Tuesday | Skype giving away the keys?

2008-08-08T13:36:00.003+01:00

Interesting mention on Neowin of a new exploit technique that gets around Vista's security systems to do what they like where they like in the system.

This could be bad news all round really, some experts are also saying this could be hard to fix too. The article suggests that .Net is an attack vector, which would be worrying since we all have business applications using .Net these days.

---

Patch Tuesday next week - 14 patches coming out. Yikes. Means I'll be busy next week, ah well guess that's what I'm being paid for huh lol.

---

Skype. Security built in yes? Err, yes and no.

So it employs SSL type encryption on its connections, so sniffing is on the large part taken care of isnt it? Unless there is a back door of course, then its just a matter of time before the bad guys find it isnt it? Some people are worried about the good guys using it too though of course.

Reference.

MS advisory magic

2008-07-08T07:53:00.005+01:00

There are a couple of Microsoft advisories on the go at the moment, a new one about the snapshot ActiveX component no doubt we'll see a patch on this one, I notice a couple of funtionality advisories too - one for WSUS and one for SMS. I realised that the WPAD advisory was no longer showing in the list of "open advisories". So does this mean MS has fixed the problem? Course it does...? Err nope.

The problem is still there unpatched and awaiting attention. So just how many unpatched problems are there? If you look at FrSIRT then there are more than 50. WTF? Ok so only 2 of these are "red" and one "orange" so they cant be that bad I guess eh, a few DoS's and some other information disclosures etc. But hang on what about this WPAD one where we think its possible to engineer a large scale attack? Still unpatched and only marked as "Yellow" on FrSIRT's page. So how many of these could have the same impact? It certainly makes you think, these 50+ vulnerabilities are known, just imagine the un-disclosed and un-known (did I just sound a tiny bit like Bush?). I am going to remain paranoid given what I've found today.

Stumbled across this article on CIO.com which was written for Application Developers, but in all honesty applies on many levels. Most companies have lots of talent already working there, yet, most CIOs and their cronies bring in consultants from external companies that cost a fortune and are cracking away on the expenses.

We've recently had a new CIO so we've not had time to form an opinion on him yet. The previous CIO was a classic example though, I wont start on that subject as I could go on all day and I dont have time to sit and blog for 8 hours :)

Corporate IM solution?

2008-07-03T08:26:00.004+01:00

I have heard on the grape vine that we have a new "corporate IM solution" (I use the term loosely!) . Wait for it, wait.... MSN Messenger!! Woo. Well I assume they mean Live Messenger anyway.

So I am waiting for the request to roll out the software to the whole network, giving all our employees access to unencrypted advertisement enriched IP revealing bloatware piece of shit that is Microsoft's IM solution.

My biggest problem with this whole fiasco is that its unencrypted, clear text communications over the LAN and Internet. And they know this and still made the decision. /queue the applause.

In my shitty little ignored opinion I would have gone for GoogleTalk. I am a self proclaimed Google lover it has to be said, however - GoogleTalk just works! Our proxies like it and its SSL over Jabber, and it doesn't work if you try to use it unencrypted. The program is simple and nice to look at, with no bloat at all. If I can think of a negative, possible its not developed as it should be (when was the last time you seen an update?).

Renamed blog.... & changing hardware for changing sake?

2008-07-01T08:37:00.007+01:00

Shows how many blogs I read huh? I only just noticed another well known blog on Wired called "Security Matters" lol, so I've renamed this to match the URL - ColSec. Update: Actually I would like to put it out there that I was copied, but I can't prove this. Bastards.

It will still be the same drivel from me, don't worry :)

So what's up this week? Oh we're still going on about changing hardware in the office. Currently we use HP as our main supplier and some jumped up donkey wants to change to something else, why we ask, W H Y !!!!!???!!???!

I think they are looking to make a name for themselves, when in reality they are just solidifying our suspicion that they are a complete nonce. We use HP, we use them for a reason, i.e. cost, quality, reliability and we like the look of them. This person is looking at alternatives like Dell (ugh please no) Lenovo (hell no) and others to mention just two.

We have buildings all over the world kitted out with HP docking stations and power supplies so you can sit almost anywhere and work away. If we switch kit this situation will crumble and VIPs and lowlifes alike will struggle to find somewhere to sit and work quickly and efficiently.

We are not saying that we shouldn't investigate our options, obviously we should once in a while. However, I mentioned cost to this person and they laughed in my face. I am a shareholder dammit and I wont stand for this kind of lunacy when it comes to spending money.

What does this have to do with Security? Err not much. Its my blog and I'll blog how I like :)

MAC OSX Trojans and Virus' and other voodoo

2008-06-26T17:44:00.002+01:00

So what else has been going on in my little world? Well I guess I should mention Security as this is what this blog is supposed to be about(!). Something of interest in the MAC OSX world, or is it? The Reg mentions a few stories, which get various reactions in the comments if you care to scroll through them all.

Is it really interesting? Not to an old Windows Admin like myself. I expected MACs would get close to where we are with windows now, was really just a matter of time. I like the look of MACs but havent have the chance to play with them, so cant really say too much about them. But some of the crap I've heard in the past "100% secure operating system" bollocks like that just wasnt going to sit well with this cynical old git. The only 100% secure system around here is one that never gets switched on or used, ever.. and gets kept in a very very dark far away place.. you get the point.

What has happened is that MACs have come of age, more people have them, so the criminals amongst us turn their attention to them. Bigger market share, bigger "market scare" shall we call it for cheesyness sake.

AV companies will continue to turn their attention that way and MACs all over the world will start to slow down having to check every bastarding file passing through the memory/disk/etc.

I hate Anti Virus actually, its a bit shit. Ok so it can save your bacon sometimes, but you shouldnt have been there in the first place no? I actually have about 3 machines with no AV on at all, but I'm the only user so I can trust myself not to be a tit on them and get them all spunked up. The only machine I've lost in recent times was actually running AVG so I learned a little lesson and dont bother with free AV there any more either ;)

I wonder if I'm on to something here actually. Imagine a system, with its own AVPU (Anti Virus Processing Unit), perhaps as well as that, a dedicated disk running volume shadow copy of the main disks, checking files and stuff off to the side of the main machine? I thought for a minute I had just invented an idea, sadly Google fucked me over again (not read it guessing the disk part of the idea is mine?). The only flaw with my idea is the system picking up real time problems I guess, but that problem would be down the programmers to fix.

Anyway enough blabbering I'm heading out for the evening, have a nice one.

Land of the free? Err nope.

2008-05-13T07:44:00.004+01:00

So I don't pretend to know much about the subject, America and its constitution etc. But it gives citizens the right to protect their property stuff like that yes? Meant to be anyway...

What do you think about talking about the constitution and its content? See that as a threat to national security? No? The feds seem to!

Reference: http://prisonplanet.com/articles/may2008/051208_feds_accuse.htm

This story is triggered by someone at a university who briefly lectured some boy scouts on the constitution and what is right for America. Apparently that conversation was recorded and he was presented with a script of what was said by the men in suits, and wait for it, was then called a Terrorist.

Seems like what founded the "land of the free" is now a national threat. Is that a surprise? After you've got over the shock of the stupidity of it, it starts to make sense (for what is a dumb ass government anyway it has to be said). For a Government that wants to have a free reign over its people, the constitution must be a real pain in the ass eh. People getting their guns out to protect their property, woo what a crime.

Seems to me that the US Government is going too far, its debatable whether any terrorists actually did anything to the US people, now they are threatening people who stick to the very document that founded the country.

I am scared. But not of terrorists. I am way more scared of losing rights as a citizen of the country I live in, losing free speech, the ability to go where I please.

Finally I've seen the light!

2008-04-25T16:17:00.003+01:00

Well, I've had enough. Vista is gone. I no longer have it on any machines, thank fuck for that is all I can say. I can now work faster and harder again, yipee.. no sorry, I can now actually work.

Partly due to the Nortel VPN client being a piece of shit, coupled with Vista's pathetic boot up times. Those two faults on their own caused me to turn my back on it.

I am now hoping Windows 7 actually works. LOL as if.

Have a good weekend.

Smug mode:on

2008-04-16T07:41:00.004+01:00

OK so its not a huge deal, anyone could see it coming. The ISPs and BBC debate over the iPlayer's impact on their infrastructure.

I posted something in December which was a laugh at BT saying there was no problem with the infrastructure. Now I realise these two arguments are slightly different, but essentially we're talking about the same thing - bandwidth - contention - whatever it boils down to - the infrastructure is struggling to cope with the video demands being put on it by its customers.

Funny how the BBC and the ISPs get into a debate over it, when 4OD, Sky Anytime and others have been operating in this area for some time. They stay quiet though, BBC bless them, have opened dialogues with the ISPs and this is where the debate has come about.

Everyone should remember that the BBC is an institution, and the others are just here for profit. So why are the ISPs picking on the BBC? Because its more popular? Perhaps. Because its not a "business" in the normal sense and maybe they could get some public funded network upgrades due to it? Perhaps.

Why don't all the fuckers that make real money off this shit start to pay up? BT's profits are souring, probably not down to broadband that mind, more likely business deals etc. What about Sky? Ok, not souring profits, but still hundreds of millions. Channel 4? Cant be bothered to look, but let me guess - nice profits? (note: did check in the end and C4 are struggling).

So WHY THE FUCK are the ISPs picking on the poor old BBC? Please leave them alone and pick on the large, profit hungry corporations that you all are. Bastards.

On a side note, I actually disagree with the way the BBC is funded. We have no choice, pay your TV license, or face heavy fines. Democracy? Not in the TV license world I'm afraid. 10 pounds a month is good value for the programming we receive, and the frankly brilliant web services we can use, but my point is - no choice - If I don't want the BBC, I still have to pay for it. Monopoly? Not quite. Illegal? Should be.

References -

Profits-
BT profits
Sky profits
C4 profits

The argument-
Slashdot
BBC news

Identity theft leads to kiddie porn arrests...

2008-04-08T07:23:00.003+01:00

Interesting twist in the child porn case where Simon Bunce was arrested and accused of possession of child pornography.

Ref: BBC News, Fox News.

The guy lost his job, his family stopped speaking to him and no doubt he was subjected to many other things that would come hand in hand with this sort of accusation.

The Police took so long to dis-prove his accusation that he went and found out for himself what had happened. He managed to find out that his card had been used from a PC in a remote location so it was obvious he wasnt the person using it. It took the Police some time longer to confirm what had happened.

This sort of thing happens all the time.

Someone in my workplace was taken away one day, 2 Police officers arrived took him and his computer on the spot. The story here was that his credit card had been used to purchase child porn, but no other information came my way so I dont quite know what happened. Some time later his PC was returned and he eventually returned too. I believe the company I work for is quite understanding so you actually have to be proven guilty with something before you will be sacked. So he was obviously never proven guilty, the machines must have been scanned and found to be clean. Did the same thing happen to him? Wouldn't the Police have figured this out already?

So how do we prevent ourselves from falling victim to this type of thing? Err... stop using the internet? Not really. Simon's details were stolen from an online retailer, he wont say which one, but he should do. It should be made public, dammit I might have my details stored on there - I want to know. Anyway, prevention? Throw away credit cards I think might just nail this, but they are a bit of a pain.

Anyway, 8 new MS patches out this evening, that should be fun.

Heathrow T5 problems... technical problems or something else?

2008-04-04T21:51:00.004+01:00

Interesting little side-theory on the T5 mess discussed here.

Are we to believe this organised crime thing goes on? Are we naive to think it doesn't go on?

In this day and age, we have organised prostitution, people trafficking, cockle picking, drugs, and probably many more. So there probably is organised crime or sorts inside the baggage handling ranks at Heathrow.

Is it this that explains missing bags, missing items from bags etc? We all know someone that has been affected by a missing bag or seen something dodgy around baggage. I have a friend that worked at an airport behind the scenes and he wont even tell us the stories (apart from that he wont ever fly using a main airport ever again - makes me wonder anyway).

So, how many people work in the baggage handling at Heathrow? Enough to have a percentage of criminals all getting sneaky and organised? This Guardian article suggests numbers in the region of 1600 staff, in 2005 with no T5 at that point. So we could be in excess of 2200 staff. That sounds like enough people for their to be something going on within. But then this reads a little like lots of the systems are automated, boggled my puny mind at least why they still need 2200 people, but then I've never seen the size of the place ;)

I think there's always part of us that thinks this dark under-world exists, I like a good conspiracy story when I hear one so I'm usually open minded (too much so?). The other question is, do the companies allow it to happen? Are they held to ransom? This should be stopped, right?

All computers vulnerable to Firewire attack

2008-03-10T08:37:00.003Z

So you've probably read about the Firewire attack that has been recently discovered (although is it recent? "Owned by an iPod" suggests otherwise). Not only is Vista with Bitlocker vulnerable, but so are MACs, Linux machines and XP, you name it - if it has a firewire port its vulnerable.

Linux has a method for switching off DMA, which Windows apparently doesn't yet, however MS have apparently said there is, but no mention of how you actually switch it off, my money is on a registry hack. Also should be said that disabling DMA stops some firewire devices from working, but not all.

Usual Reg-spin link for you. It references some of the material I've been reading on the subject for the last week.

Interesting thing was that one researcher claimed he could compromise a laptop with no firewire port by using its PCCard slot, he didnt go into detail and I cant remember where I read it. Not much use then am I! I guess it would be a Firewire PCCard which automatically installs using basic XP/Vista drivers, then opens its memory to that interface, LOL.

This just strengthens the physical security problem, dont leave your machine anywhere locked or otherwise if it has NASA Secrets on it! Or of course if you work for the UK Government, dont bother your arse, cos some ass-wipe will just lose those records in the post on a DVD, I guess it will be BluRay in future and it will be all 60 million people's details lol.

Anyone else want to start a game where we compromise as many laptops as possible on a train journey? :)

Vista SP1... come on in the water's lovely

2008-02-26T17:54:00.004Z

Stop all the moaning people, so some OLD versions of some programs don't work on SP1. Mind you, are people actually moaning or is this just a teency wee bit of press spin? OK so there are a few people moaning in the comments on that article, but people like to moan don't they? Some people have had good experiences some have had bad, same with every Windows upgrade. I guess MAC owners don't have any issues cos all hardware configurations have been tested and catered for?

XP SP2 was way worse than this remember, as pointed out by Susan Bradley in the Patch Management mailing list today. This is also mentioned in the comments in the El Reg article linked above.

My experience is that SP1 is an improvement, I was having issues with Vista, now I am not. If I am lucky enough not to run into a driver issue (mainly due to the driver being a problem, not Vista remember) then I will be happy.

We should be shouting at the hardware & software manufacturers for our pain. Remember its them that need to support operating system improvements (for the most part!). From what I've seen its them that are slow to move and cause the issues in the first place. They should be getting Betas and testing them out with their kit - not waiting for us to get the new OS and complain about it.

Anyway rant over, as you were!

Suppliers, gotta love them

2008-02-22T11:28:00.000Z

Our datacentre supplier, who shall remain nameless for now. They wanted some rights applying to some servers, we looked at the request and thought it would be nice to give them some of this to do themselves.

So we let them have rights to the GPO that controls the servers they were after, with strict instructions to raise a change control along with any changes.

24 hours later, all those servers stop working.

Checked it out, found the setting "access this computer from the network" had been altered some 1 hour 30 mins before. They had neglected to realise that when you add something in here (as with many GPO settings) it not only adds what you enter, but removes all existing. So you have to add in local administrators, users, etc etc. "replace" rather than "merge" - one of the basics of Group Policy in Active Directory it has to be said.

As a friend put it when I told him the story "what a bunch of goons" - well said Steve.

Vista SP1 applied!

2008-02-21T07:37:00.011Z

Well I've taken the plunge and I took no pre-cautions what-so-ever (In my usual style).

My main work's laptop is now running Vista Ultimate SP1. Conclusion? Yee fucking ha!

I've only been using it for a few hours, but yes, certain little things do seem faster. Some of the old issues are still there, but it does seem to have given the machine a little spruce up and its running smoother.

Things that I've noticed (I've been updating this list since the original post) -

Bootup & logon still takes fricking ages (add a vista machine to a Windows domain and you will see)
After a couple of reboots... god forbid - my Outlook 2007 seems ok too now! SHOCK HORROR! Watch this space for more moans if it fucks up again.
Suspend, resume, switch from LAN to WLAN all seems fast and seamless now (yipee). Further testing has shown this to be even more the case - it just works now, I might even say better than XP in my experience.
It took 1 hour 45 minutes to install - WTF? - At least its done some good, so appeasing me a little.
TS sessions: /console no longer interpreted. Now you have to use /admin for various reasons, I have to give credit to James for providing links and info :)
Ping command: strangely there is a carriage return missing in the ping results (for me at least)
TS sessions: on SP0 I had an issue with ALT TABbing between TS sessions, where ALT would get pressed inside the session (so annoyingly losing focus on what your doing) - this, for me, is now resolved.
The dreaded copying problem ("calculating time remaining....") appears to have been fixed. I have copied around on the local drive and over the network without issue. Contrary to what the cynic in me wants to think, they didn't just disable the calculating time feature either. :)
DIVX is crashing when trying to generate thumbnails. It works, just crashes and must be re-starting in the background. - This was fixed by updating DIVX (see, that was easy!)
TS client: the authentication prompt before login to servers was annoying, especially for servers that didn't take the information (W2K for example). This is now removed and handled slightly differently.
OL2007: When I copy and paste text into a table in a new mail, it comes up blank until I use the scroll wheel on the mouse. I have had this problem since I started with Vista+Office 2007, now I have SP1 of both and I still get this issue.
IE7: "click to activate" ActiveX controls function is gone, I knew I had read that MS had paid them off somewhere (was a licensing issue).

No doubt there is more to come! Have fun folks, I've had no problems but that doesn't mean you wont :)

OL2007 slooooooow

2008-02-05T14:57:00.000Z

Ok I know there have been LOADS of discussions on outlook 2007 being a crock of shit. This, for me at least, is different.

I like Outlook 2007. When I got it I was ready to cut MS to threads with how crap it was... nope. I like it, its fast and usable (for me!). Ok so I don't use it for POP emails, where a few people have had speed issues. I use it on exchange and it works fine for the most part.

Just this week, me and a few colleagues noticed our Outlooks slowing down. Not the usual "not responding" that people have been complaining about just when typing in people's email addresses or names into the "To" field (or deleting them for that matter). It just took my machine 4 seconds to delete 4 characters from the To: field in a new email, last week this task was instant.

I have a dual core laptop with 2GB ram if it matters (it doesn't) and I don't think we've installed any patches since mid-Jan so surely cant be patch related. Exchange server side problem perhaps? Anyone got any insight? I am wondering about this indexing service on my machine (instant search). If I start Outlook in safe mode it seems better but not brilliant. I've also looked at add-ons and disabled them all, but didn't seem better. Weird!

/edit

Just timed it - it just took 21 seconds to delete 6 characters from the "To:" field. Dammit.

Spying on your employees.

2008-01-22T14:24:00.000Z

I have been doing this for a few years now, usually after the event. You know the thing - find out how and why user X did Y on company equipment. I certainly enjoy the kind of work, IT Geek becomes detective lol.

Anyway the matter of morality has been creeping up on me since I posted something on a mailing list asking for pointers. Some people on the list reacted violently at the privacy issues caused by spying on people unknown to them. (would it be spying if they knew?).

Yes, I feel bad when I'm finding out details about someone's home life that perhaps I don't need to know. That's tough cookies when you cross that line and decide its OK to use company equipment for your email conversations with your ex-wife or other dramatical home life situation. I don't actually do it all that often myself, but then I work from home so I can do it in person. :)

When people start work here, they do a couple of things that allows us to look at their machine and usage as we please. 1. They sign a computer use policy and 2. They click OK on a legal notice when they log on to their machines. That legal notice mentions that they will be remotely monitored to ensure they are using the computer according to the guidelines in the policy.

Don't get me wrong, we don't just go spying on people. We only react to issues or solid information about a security problem as they arise.

I'm happy at the moment doing what I'm doing, but I do feel guilty sometimes when I find out personal information about someone that I'd rather not know.

Anyone else got any thoughts on this? Might stick a poll up.

BT Hub / MS08-001 exploit? / RIAA site empty

2008-01-21T16:12:00.000Z

3 things today (ok 4 if you count the stuff about my PC, but I dont)

BT Home Hub vulnerablity

GNU Citizen reports {site slow at time of writing} that an attacker can trick a user into clicking a link. This link tells the user's BT Home Hub to ring the phone like they are receiving a phone call. In actual fact their phone is dialling out. I shouldn't have to explain the uses for this but the nice easy one would be a premium rate phone number in Nigeria. The Adrian at GNU reports other uses like part of a very nice phishing attack for example.

MS08-001 exploit coming soon?

This article on PCAdvisor.co.uk indicates that its possible MS are not right in saying MS08-001 is hard to exploit. The article reckons there are lots of people having a go at this one now as its TCPIP after all and would be a sweet spreading worm if it can be coded. If you haven't rolled with MS08-001 then now might be the time to get on with it!

RIAA Site Hacked?

What a shame that would be eh! This article here spots a few issues with their site, what a damn shame eh. LOL.

Finally...

I've been over-clocking, got my 3dMark score up from 12k to 14k not bad eh! Obviously I went for more then the graphics driver crashed out. Nice that Vista can cope with that though, pretty sure XP would have needed a reboot to recover from that. Got the CPU running at 3.0Ghz with no problems seen. In fact the CPU under load is still 35c (same as it was before). Only the motherboard complains a little about getting hot, but it is passively cooled after all (comes with an extra fan if needed, might be fitting that then!).

Cheers.

New Rig...

2008-01-17T00:17:00.001Z

Just got it built, not too bad. I notice its only showing 3.25GB ram when I have 4GB installed, will check that out at some point. The Bios thought 4GB if I remember correctly. CPUz is picking it up right, so will have a think about that.

3D Mark score is a little disappointing, as is the Vista Experience Rating, think I was assuming it would crack 6.0 but nope. Doh! There may be driver and Bios updates I can do before I want to start overclocking. I'll be trying the COD4 demo later today, see if that blows me away. Installing Steam now to get the usual HL2 bits installed :)

Barlcays boss gets ID stolen

2008-01-16T10:53:00.000Z

So the UK Barclays Bank boss gets his ID stolen and a card re-issued. The thief then simply walks into a branch and withdraws cash. Kind of funny as the staff in the branch didn't think "hey that's the boss" or anything like that. Guess you wouldn't even think about it.

Ref: IT News AU

Seems like the Register haven't picked this up yet, bet they do before lunch. :)

Vista SP1 coming... can't wait... oh no... I'll have to wait...

2008-01-15T07:40:00.000Z

MS are getting into testing this more and more. Sounds like fun doesn't it? Er no. Install 3 updates that are pre-requisites, reboot (possibly multiple times), if you have an earlier beta of SP1 installed you need to un-install that and wait some time then try installing the actual comment is "Microsoft instructs users to wait one hour after uninstalling so Windows can clean up and complete the un-install prior to installing RC Refresh."

So Windows Vista has some kind of installation monkey that works on your machine while you work? Cleaning things up while you send emails and surf Facebook! Nice. Wonder what its called ooh ooh I know - TRUSTEDINSTALLER.EXE. Fucking thing eats up CPU and buggers your machine over while it does its nails, I remember (unless you have a phat dual/quad core machine then you wont notice the monkey doing its shits around the place).

I think the full release of SP1 will be pre-dated with these 3 updates (1 is already out and installed on my machine) and we await the arrival of the next 2 pre-SP1 monkey feeders so that the monkey can have its larger SP1 meal later in this quarter. All this so the monkey can swing in the Vista trees properly, which, it should have been doing since its release. Poor monkey.

Ref: The Register

So just to summarise in case you missed it. I've named TrustedInstaller.exe the Vista Monkey. You read it here first people. I like it when I deal with important matters such as this.

uPNP: What we suspected all along. | Switch those LCDs off

2008-01-14T07:59:00.000Z

uPNP. Useful? Are you using it for something? I've always disabled it, also the services in Windows XP. I was never 100% sure why I was doing it, just knew that it was trouble (I must have read something somewhere). I never got into any depth on why I thought it was crap.

Well PDPArchitect is back with a great post on the subject. He is able to use Flash and other technologies to re-configure your router over the internet without you knowing. Indeed without even using your computer.

So switch it off people and leave it off, for the time being at least.

See: http://www.gnucitizen.org/blog/hacking-the-interwebs

The above link is 100% safe to click on, Gnucitizen are one of the most responsible hacker groups you will come across. Read some of the articles while your there, very interesting.

The Register picking this up a day after me. (gloat mode on).
--------------

Funny one for you (unless you were presenting at CES of course). You have an LCD screen in your living room most likely now, does it have an IR port? (lol most likely it does!).

Check this gizmondo link out and what they were up to at CES. Quite funny and makes you think.

Have fun.

Vista easy to hack, quick run for the hills!

2008-01-11T08:57:00.001Z

eEye saying Vista is easy to hack. That may be. Marc only briefly mentions that there's a great big pop-up shouting about security issues when the hack goes off. I think most users would be interested to click on the balloon with the big red cross telling them something is up. Granted we still have some pretty dumb ass users on the planet too though. Not sure I'd be logging into my bank with that dirty security message on my vista machine, but I guess I'm not typical of all users.

I think this is the first one I've seen that doesn't somehow try some trick with UAC, but I guess they have used a known exploit and used an un-patched machine.

Happy New Year and all that folks.

MP4 Codec Vulnerability

2007-12-12T08:07:00.000Z

Not much discussion going on about this one, but I think it will happen.

PoC released here. Looks quite nasty, providing the hacker with a reverse shell (firewalls allowing of course).

I'm not sure why no one's discussing it, but no doubt there are people working in the background to figure out what it can do and what other products and versions are affected.

The media player version affected is listed as 6.4, which as far as I can tell is Windows NT4 and Windows 95 only (edit: just noticed its the default for Windows 2000). However, if this is a codec problem, then why are other versions not affected? no doubt we'll find out over the coming days.

Should be noted that "Media Player Classic" is also affected, which alot of us have installed as an alternative to Media Player (if you go and install a free codec pack for example). I would really be quite surprised if other versions were not also vulnerable.

Loads of new patches out today, 3 quite nasty ones if you are not careful. Get patched!

[edit 13th December]
Thanks to Mark Leeds pointing out the obvious on the BugTraq mailing list. This is a vulnerability in the 3ivx MP4 codec. So technically any player with access to that codec is vulnerable.

To check what you have installed, you should open the control panel, sound options, hardware tab, click on Video Codecs and properties. You should see something "3ivx" is you have it installed. Better still Google for "sherlock codec detective" and use that. Doesn't seem to be the standard install on Windows XP so this vulnerability has reduced in criticality somewhat (to almost nil for me).
[/edit]

2007-12-05T08:11:00.000Z

Sorry for the slightly off topic posts, i.e. not strictly security but I have to voice what I see when I see it. Yesterday we were presented with this little charmer "Push for faster net premature". So BT is getting shirty about actually spending some REAL money on the infrastructure. Haven't we been hearing scaremongering stories about the net collapsing in 2 years due to video services? BT doesn't think so.

Then, today, we get these 3 stories -

Gamers get on demand TV

Net user's want film downloads

Rise in Broadband use in Europe

I'm sorry but something isn't adding up. 43% of European households have broadband. XBOX Live users are getting film downloads on the 11th December. And users in general want more film downloads.

To me that all sounds like an infrastructure that is going to have some issues coping with all this extra content. This is what they were talking about with the scaremongering. Its here now and we are all along for the ride. If BT is right, then everything will keep running fine in the UK for years to come (on shitty copper cables). If BT is wrong, then we are facing doom and gloom of restricted services for years until BT or someone else decides its time to upgrade.

I can understand that it will cost millions to upgrade the infrastructure. Did I say millions? Oooh, didn't BT in fact make BILLIONS last year? (link)

So isn't it time that BT pulled up its socks and told its shareholders to swallow some of the cost and get on with it? What happened to British pride in having the best? BT needs to be careful as the cable companies could start to clean up here. ADSL gets congested then people will switch to whatever they can switch to. Remember BT its the british public that made you what you are, its about time you put something back into it (I am aware you have already put some things back in, but its not enough). Sweden have 100Mb broadband to their houses for 30 euros a month and we get 8Mb for around the same.

BBC News: Games content concerns parents

2007-12-04T06:52:00.000Z

Link: BBC News

I've had enough of this shit. Quote: "Some 43% of the surveyed parents said they were not aware of ratings systems for games to determine suitability." WHAT THE FUCK?

Have we not had videos with parental ratings for 30 years? Have you, as a parent, never bothered to read the fucking label? You know the big 18 in a red circle on the back, recognise it from somewhere no? Yes that's right its the same rating system you find on DVD's Videos and the like.

Parents need to buck up and pull their heads out of their own arses. I am a parent and its pretty bloody obvious what games I should buy my kids and what games I should take from them if I find them.

This is shirking of responsibility when something happens, i.e. someones kid goes out and stabs someone - oh that must have happened because he's been playing that game on the Play Station. Wake up people your kids aren't always angels. They will go out and do things, every murderer has parents, every rapist also has parents. Do you think they were all affected by some film or some game? No, they were rapists and murderers already, if a game was involved its got nothing to do with it, just might have given them a few extra ideas.

Release Man Hunt 2 (whatever the recent banned game was) and show parents that its an 18 certificate and everything will be fine and dandy (ok maybe not but you get my point).

Take it easy.

This Week

2007-11-30T08:34:00.000Z

Been busy this week, looks like my job is safe for the moment which is nice.

So what's been happening in Security this week?

Microsoft is busy looking at a problem with "WPAD" which is the mechanism in DNS used to automatically configure Internet Explorer proxy settings in an enterprise. Seems like an attacker might be able to put their own server into the mix and get some control over clients - full control its being said. [more]

The UK government is taking a lot of heat for the data loss fiasco. In case you've been living under a rock a government department needed to send 25 million public's details to another site. So they used their internal post "The Grid" to send some DVDs, which never arrived. So they sent the DVDs over Royal Mail post, which also never arrived. There are lots of varying reports in the press but apparently the data was sent unencrypted. Nice job guys. In my job I have to think about SARBOX regulations and sending 25 million people's personal details along with millions of people's bank details would have to be done slightly better than this I expect. [more] Have a good click around on the BBC's site and look at related stories, it just gets better.

More on the UK government now, apparently illegal funding operations going on. Not looking good for Gordon Brown's reign as Prime Minister it has to be said. [more]

Another day another Microsoft vulnerability. This time its the FTP client. Lots of noise for a little shitty problem. The issue requires the user to perform about 10 tasks which is basically ridiculous. [Advisory]

Sideline - a hacker uses the PS3 to massively increase his password cracking capabilities. Nice. [more]

Firefox was updated again this week. Nice to see coders responding quickly and plugging holes efficiently. I'm sure they've not plugged all the problems with FF but still better than MS's 7 month wait that sometimes crops up.

Oh the story about the UK teacher in Africa being jailed for allowing her class to call a teddy bear "Mohammed" what can I say? For Fuck Sake is all I can think of. A class of kids, a teddy bear and someone gets jailed, get a fucking life. I'm not religious and I don't pretend to know the 1st thing about Islam or any other religion, but this is taking the piss. I stick to my line "religion is the root of all evil"

Well all I have time to talk about at the moment, more from me next week, have a great weekend wherever you are.

Jailed for exposing failings?

2007-11-15T07:53:00.001Z

So your a security researcher, and you notice something big. You notice that governments are using very weak security in their email systems. You investigate and realise you can read embassy emails of the Turkish embassy in London for example (that is just an example of lots of different email systems you can access).

So you do the right thing and notify these parties about their security holes and hear nothing - nadda.

So you wait.... wait... nothing... chase it up - tell them AGAIN you can read their emails.

Nothing.

So what do you do next? Go public that's what. So you post a list of 100 email addresses that you can access and have accessed. You are SURE that there are hackers doing the same already. The implications are huge, you could send emails from the Turkish government to the UK government telling them to go fuck themselves (ok you get the idea now).

2 months later you get arrested, your computer equipment taken and your web site taken off-line.

Did you break any laws? Were you doing the right thing?

Damn right you were doing the right thing. Were you breaking laws? Possibly. Will you be charged and given a sentence? Possibly.

This all sounds quite theoretical eh? Well its all true and the researcher is Dan Egerstad and his web site was derangedsecurity.com which is now off-line.

He took a lot of flack at the time in the comments of his blog, people claiming he was compromising the security of governments world-wide. Give us a break people. The governments involved were exposing their OWN security, the fact that Dan spotted it, tried to report it and then went public is not something he should be shot down for. He should be applauded for his integrity as a researcher (unless there are things he's not telling us, but we like to think he's straight up).

Where does this leave other security researchers? If someone stumbles across a security hole in say NASA or MI5 systems, what does he do? Try to tell them of course.. hear nothing - then what? Tell the international security police? Oh wait they don't exist.

Its possible there was something else he could have done, perhaps went to the UN with his findings (would they have been interested, or would they know what he was on about?). That might have protected him a bit more, or possibly contacted his local Swedish authorities, they might have had a louder voice if he had them on his side (assuming of course they believed he had good intentions).

There's a lot to be said for going public though. Kudos in the industry is one, not that that is important to every researcher, but its something nice to have if you can get it. The other thing is that its logged publicly - imagine you went to your local authorities and they took you and your computers away and throw you in prison. You have no public log of what happened, if that's actually worth anything of course.

If you haven't read any of the history, then please see this link (Google cache), unfortunately Dan had a robots.txt file preventing the WayBack machine from archiving his site, so we cant see the whole story.

One thing I just noticed, the site was taken down the beginning of September by the US Government. Jeez, the things you have to put up with to be a security researcher.

References

News breaking
Dan being arrested

Electronic Jihad?

2007-11-13T07:27:00.000Z

Apparently Sunday there was supposed to be some kind of electronic attack (see here)

After event information here

So it never happened. Are we bothered? Not yet at least.

I imagine if these "jihad" people managed to get there hands on half of the storm worm's bot network then they might have a chance of causing some damage, but we've yet to see anything happen. Rumours can be as dangerous as the real thing if you ask me, mind you, rumours like these keeps us on our toes.

Reminds me of the Jihad version of the "Whassaaaaap" videos... jiiiiiiiihaaaaaaaaaddddd

LOL.

Patching annoying components in Windows

2007-11-12T08:07:00.000Z

Like .Net framework and MDAC. If you run a WSUS server and look after clients, you will know what I'm talking about.

This patch wont install until that other patch has been removed, and another installed.... pain in the ass!

Cant MS just make all the patches work with one another? Check file versions and patch the lot? Too simple? Sorry think that's me being logical again.

MDAC is one of the worst, .net framework not being as bad, i.e. not as many issues arising. MDAC is terrible though. WSUS will say a patch is required but the machine will keep trying to install it in a loop. You eventually find that you have to uninstall another patch and re-install another patch that was missing, then WSUS can take over and install 2 patches. What if you have 1000 machines like this? Yes, not good.

On another note, we should all find out if we have jobs today. Interesting that our lives have been hanging in the balance for 2 years and it all comes to a head today. Lets hope they do it properly and we do actually know, not just another "lets wait and see". Would it be a nice Christmas present to find out you have no job? Perhaps! Whatever happens I will take the positive from it and use it to make my life better (try anyway!). I have a mortgage to pay like the next guy so its still important eh (+ 2 kids to feed!).

Have fun, I will try to keep posting as I've been a bit slack lately.

Job on line, Bebo/Facebook,

2007-10-26T13:28:00.000+01:00

Been working quite hard, hence quite quiet on the blog.

We're possibly finding out that our jobs could really be on the line in a few weeks, we'll see. Things happen and they hopefully work out for the best in the end. We've worked in uncertain times for the last 2 years now, so this is nothing new. Things are moving away from my team though and possibly the UK too, so could the time be up? Not sure.

Facebook and Bebo etc. Good ideas? I'm thinking they are ok places to spend some time on line, but its not a massive revolution or anything. I mean there are lots of places on the net you can play games and stuff, but its quite useful to be "socialising" with friends online. I'm not very sociable in real life, so its easier for me to be sociable in virtual life - keep in touch with all those people I probably wouldn't bother with otherwise (sorry guys nothing against you I'm lazy!).

By the way I think myspace is shit due to the totally un-user friendly set up of it. Bebo and Facebook have it licked in that department. Out of those two I think I like Facebook more (probably more to do with my friends choices)

Updated my CV this morning, probably needs more work, but I needed to get it out for a position so we'll see how that goes eh.

Have a good weekend folks.

TrustedInstaller.exe - power hungry process

2007-10-18T08:20:00.000+01:00

If you have a single core Vista machine, you will know what I'm talking about here.

So your sitting doing something on your machine and it starts to stutter... grind... slooooooowww down.... quick open task manager and see whats doing on. "TrustedInstaller.exe" bashing away at your CPU making everything else slow down.

Did some googling, not really clear what it does, but from my own experiences it actually appears to be the patching engine for Vista. So I guess its checking Microsoft Update when its not patching. Nice... MS have re-designed the patching engine, and probably only tested it on a dual core machine. LOL.

C'mon guys you can do better than this!

Suppose I can go and get a dual core for 50 GBP these days, but should I have to?

Quality Of Service? lol

2007-10-16T13:30:00.000+01:00

Yeah so we got QoS running on our WAN links. Works lovely... or does it?

I'm no comms guy, as I may have mentioned already, so I take things as I see them. I get told QoS will allow me to patch clients over a WAN link without worrying about impacting more important traffic like SAP for example. So I go ahead and let rip with patches... gets a phone call "oh the WAN link to site X is saturated" - erm hello? QoS?

We have the WSUS traffic as "unclassified" so it shouldn't affect the 3 levels of defined traffic in the QoS rules. Seems the comms guys have different excuses for each situation - oh QoS doesnt work when X and Y are happening, etc, things like that.

Didn't we pay lots of money for this technology? I want our money back!

So now I have to throttle everything all the time and deliver patches slowly, just because some people on some sites need to get to their Bebo/Facebook/MySpace pages - LOL.

On holiday

2007-10-11T21:42:00.000+01:00

Not around this week, off on a short break where the internet is relatively slow, the wind strong, the rain horizontal, sheep a-plenty... yes you guessed it up in the Highlands!

Lovely up here I love it, loads of things to do, just lots of long drives to get to those places lol.

New patches out this week, not looked at them yet, as on holiday why should I bother! (the temptation is killing me though).

Will leave it at that and get posting again next week, have fun people. :)

Issues? Checked with Comms?

2007-10-02T11:34:00.000+01:00

Yesterday was spent fire fighting a problem with 2 more DCs. DNS was playing up on them, causing slow logons for 1200+ people on one of our most important sites.

As the morning progressed, we fixed the DCs, but slow logons were still happening. Turns out there was a problem with a Data Server also. Some time later, also a printer server and another data server. Hmmmm.

Just after lunch we have confirmation that there is a problem with a switch in the comms room. Re-patching of the problem servers into another switch solved the problem. The switch was rebooted over night to clear the errors.

Nice! So we wasted almost a whole day chasing our tails trying to fix problems with servers, when in fact it was networking all along! Just a pity we didn't get all the information to hand at the beginning of the day, then we'd have saved a day's work.

Historically we've assumed comms in lots of situations, but we quickly found this was the wrong thing to do. With servers failing in weird ways quite often, a lot of the time it was our problem. So now we assume its not comms unless something indicates otherwise... wrong in this case eh.

Lessons learned I guess.

Strange faults on DCs

2007-09-28T15:16:00.000+01:00

We held our hands up. We made a minor mistake and WSUS'd 2 DCs on the same site at the same time. Unfortunately it was an important site.

Both DCs stopped functioning as DNS servers at the same time killing authentication and DNS services in that site for almost all applications/resources in that site.

We assumed a patch caused this, but a call with MS proved otherwise. The servers got themselves in what MS coined a "race condition" where the Netlogon and DNS services get into a deadlock as they wait for each other to initialise fully.

You can get round this by pointing the DNS settings on the NICs to another site (which is what we did before calling MS, this restored the service), MS are saying there is no best practice for this issue, its so rare.

We obviously now have about 4 things we can change to prevent this happening in the future. Begs the question though, if its so rare why did we get it on 2 DCs at the same time? Might be we triggered it by bouncing them at the same time, MS are not able to tell us.

We've learned a few lessons here, perhaps we were getting slightly more complacent with our patching strategy, might be about time we tightened it up again.

Have a good weekend folks!

Single factor authentication

2007-09-21T07:31:00.000+01:00

Our company recently moved from Lotus Notes to Exchange (yes that was fun!).

One part of the remit was to implement Web Mail. I would have assumed that they were also going to implement SecureID or similar... no they didn't. No certs, nothing. Just Domain ID and PW on a web page on the internet. Niiice.

I had a play with web scarab and very quickly realised that I could lock out every single ID in all the domains with a few clicks - yes even domain admin accounts that do not have mail boxes. very clever.

So are we at risk of a denial of service attack? I think we are. All it will take is a disgruntled employee to leave with a list of all user accounts and then they have a wee play with web scarab and they are laughing. Imagine continued attacks, management would have us switch off account lockouts - I guarantee it (then we would be up shit creak).

I was asked to investigate a lockout on a very important person's account. I spent 10 minutes tracing it to the web mail system, then 3 days trying to get all the logs from the perimeter web servers. Once I had them I had to then find out we had time skew on the perimeter boxes. Once I knew we had 10.4 minutes time skew I was able to locate the IP of the person who locked the account. It was a BT Wholesale UK IP address (so any non BT ADSL provider that uses BT equipment).

Could we take it further? No. Because we have no legal notice no the web mail web page.

Did management learn anything from it? Dont think so. We still have no legal notice and we are still using single factor authentication.

The management argue that its easy to get to web mail this way - yes thats true. It would be easier without passwords altogether though wouldnt it? Of course securing things makes it harder to use them, thats life. Yes more expensive too, but what cost to you put on having an exposed domain?

In my opinion this is one of the daftest things our company has done. You never, ever, expose your domain accounts to the perimeter without having other factors in the way first.

Imagine the carnage I could cause if I got fired one day... yummy. Of course I would hide behind a foreign anonymous web proxy... and they have fired me so who would investigate it? Muhahah. Oh and of course, no legal notice, so no leg to stand on even if they did want to challenge me legally. Pity.

On another note about authentication, this is a good point about banks and their supposed increased security levels.

Office 2003 SP3 - stand well clear?

2007-09-20T11:00:00.000+01:00

Its looking that way!

Check out this post from Susan Bradley on the Patch Management mailing list, ouch thats a list of problems. Also be sure to check the replies as some people are mentioning some of the issues they are having.

I was asked yesterday at work whether we should be looking at SP3, just replied "absolutely not".

I'm not sure if MS are tightening security up (similar to XP SP2 perhaps?) or if they have just not fully tested all scenarios.

We were lead to believe that MS fully test each service pack, so I'm sure this has all been picked up and logged somewhere, hence Susan's post. I will be testing it myself, but I cannot recreate every single situation that we might face in our company so I guess I'll be wasting my time for the most part. The first time I've tried to install SP3 it failed so we'll see how this bad boy pans out eh.

The lesson here is you have to test it yourself, dont just assume that MS has tested everything. They roll out Service Packs to their staff and test, but my bet is that most of their staff are running Office 2007 now anyway (or beta of the next version).

Happy patching.

VCPoker are useless

2007-09-16T08:02:00.000+01:00

Obsolutely useless. Was playing at 3 different tables this morning, doing ok too. POP goes the software. Try again, no chance. Try to visit their web site, no chance, try pinging their web site, no response. Numpties cant even keep their networks up.

Last time this happened it was a sneaky upgrade to their software. Nice.

Nowhere else on the net will you see so much mucking around with people's money. They dont give a damn where you were in a given tournament, they just refund your buy in. You could have had 80,000 in chips and been runaway chip leader, they dont care.

This is a poker system, with 4000+ people all signed in spending money in your servers, and you cannot keep the systems up for more than a few days at a time? Honestly where are the millions going? I believe its time for me to move to another poker site, this is getting beyond stupidity.

To block ads or not?

2007-09-11T16:14:00.001+01:00

We mostly dislike them, most of us don't click on them, but they still generate revenue for people running web sites (possibly feeding many people's kids!).

I don't like ads, but I put up with them. I really dis-like pop-up or pop-under ads, so I generally back away from sites using them.

What if you hate ads that much that you've installed the FireFox add in "Adblock Plus"? Well theres a guy that dislikes that extension so much he's trying to start a backlash and block all Firefox users, just in case they have the extension installed. Bit extreme if you ask me.

CNet story

This guy's site

Personally, I think he's wasting good development time. Are there REALLY that many people running the extension that he's losing revenue? Does he think that people with the extension are suddenly going to run out and use IE AND THEN click on his ads? Very unlikely.

I think he should look to come up with a good idea that sells itself, rather than relying on advertisements to make money.... or conform like the rest of us and get a job.

Of all the web sites I've created, I haven't put adverts on any of them. Why? Because I don't like them! Maybe if I had a site with high levels of hits, I'd be tempted... but I'd feel like I have crossed to the dark-side and that cant be good.

Anyway if I land on any site that re-directs me to his page, there's always the back button, and I'm pretty sure that's what all the other FireFox users will do too. So its their loss, not ours.

Exchange disk space

2007-09-10T10:03:00.001+01:00

Apparently our Exchange environment will creak and die mid-October when it runs out of disk space. We need to clear 5TB before then or it will happen.

Our provider says 8 weeks or more to implement a new server to move mail boxes to.

What do you imagine the solution from our management is? A new SAN? A new storage server somewhere that people can create PSTs on? No don't be daft.

Solution is to send a mail out to everyone telling them to create local PSTs on their machines and archive their mail off to a local copy. Nice job guys.

I can understand that storage is expensive, its obvious. However, telling people to move their archived mail to an un-secure location is almost as good as just telling everyone to delete all mail that's 30 days old or more.

I asked about how the re-charging mechanism works, you know to get expenses back for running exchange and was told that "there isnt one". So IT's funding the whole mail system from a central budget. Nice work again people.

Who's responsibility is this to make sure it all works? Ah the CIO, who's just left. Clever, wish I had thought of that!

So basically everything will turn to poo very shortly, with a poo problem and a poo solution. I've told them I want no part in it.

Doing 'homers'

2007-09-05T12:08:00.000+01:00

Just noticed the post from Tom on the ISC, about fixing his daughter's friends computer. Very funny have a read.

We've all done it though eh, fixed peoples machines for them. Almost always takes an age to do as usually the machines are old and the builds on them are well screwy. I've done a few myself and they usually come back to bite me in the ass I must say. What I have done in the past is set them up with a "Logmein.com" account. They give me the password and I can remote control them from home without having to poke holes in firewalls and such like (logmein works on client requests so firewalls allow outbound traffic). Have a look, its quite funny remote controlling your work's PC from home, it really freaks the comms guys out hehehe (careful though as they will just block logmein.com).

One of the best ones I've seen was a neighbour who had a Packard Bell machine. They had setup a function key that accessed a Windows XP setup partition, which would then start a re-installation of Windows. Great idea. I showed my neighbour how to rebuild his own machine when it went tits-up and never really heard from him again. Lovely. :)

Moral of the story? Dont bother with homers, they are usually a pain. Avoid as much as possible.

Sony Ericsson s/w on Vista

2007-09-03T22:47:00.000+01:00

Managed to actually find and use a very useful feature in the above software. Jumped on one of those Virgin Voyagers with the Orange repeater (whatever they use to boost the mobile signal) and was actually able to use Live Messenger at 100mph+. Woo.

This is probably the first time I've had any sort of internet on the move, there are loads of GNER trains with wireless these days so its not new to people that travel on lines where they are available.

Also its a plus for the Sony Ericsson software mentioned previously on these pages, as I was mostly cheesed off at it, this has made me think its not too bad. The software pulls the internet settings from the phone, which I thought was a nice feature (new to me too).

Could do with it syncing with Outlook but one step at a time :)

New P2P standard for HDTV

2007-09-02T08:58:00.000+01:00

So a new P2P system that looks promising... or does it?

BBC story here.

My prediction? Software that "manages" your TV Minutes. Just like every other P2P system there is usually a hack that manipulates your rating or in this case it will be TV Minutes.

I applaud the efforts of these people, getting HDTV over the internet will be one of the difficult things that the user base will want over the coming years and current infrastructure doesn't really support it (in the UK at least).

Now I have downloaded torrents like the next person, and some of those have been in Hi-Def. Some of them take a looong time to download, others don't. The absolute best I have achieved was a 4.3GB in 45minutes download. Obviously if everyone was playing fair with their sharing then there would be more fast downloads like that. It would be very very nice if this new standard "Tribler" would actually work without being hacked.

Time will tell, hackers/crackers may get a lookin, maybe not.

Blogger being attacked

2007-08-30T15:53:00.001+01:00

Just read the BBC news article here, didn't realise this was going on. I don't appear to have had any dodgy links posted in here, guess they are using another method to do the posting. Also I have "registered users only" on the comments settings (also switched on the Captcha).

Also realised the other day a really basic thing that we've all come to use a bit here and there - TinyUrl. Those bad boys could be pointing anywhere.

Watch what your clicking on people! :)

Sony at it again?

2007-08-29T11:26:00.000+01:00

Sony Sony Sony, what's your game? You think you can make some of the best electrical goods on the planet, then hide your software on our machines. Dammit, just realised, I've probably got a rootkit on my Vista laptop after installing the Phone Suite. LOL.

Yes, sorry, this post is about Sony's continued efforts to install rootkits on all our machines.

F-Secure has posted here and also Securi Team is running a blog post on the issue.

Its early days yet, but usually we end up seeing malware trying to hide in the hidden folders that these rootkits create. Just all boils down to making it harder to stay clean in Windows. Sure you could switch to Linux, but how would you play all your Windows games with your latest Nvidia hardware?

I only use Windows because I have to, I have tried to use Linux many times.... but things like this will make me think twice about buying Sony kit in the future (i.e. think to yourself in the shop - do I need to install software on my PC to make this work?).

Makes you wonder about the PSP software etc that Sony are pedalling at the moment. Plus your PSP into your PC, does it install a rootkit? Guess not as someone would have found it by now.

Getting caught red handed

2007-08-24T08:47:00.001+01:00

Very nice write up of a someone's blog getting hacked and his follow up to find out who did it and how. Here

If you are interested in tracing through things, as I am, then its a good read and good to see that the blogger found his man.

I have looked into hacks a few times and never actually bothered to trace the culprit - I was almost always more interested in closing the hole and restoring functionality. Perhaps the next time I will do a bit more digging and post something here for all to read.

The worst one I have seen was a charity web site that I now look after (didn't at the time of the hack), my customer phoned me and screamed for help.

I took a wee look at her site (using Firefox as you do) and everything appeared fine. After a bit of clicking around I realised that I needed to check with IE. Big mistake! My fully patched and up-to-date AV machine blue screened on the spot. Admittedly it was AVG Free Edition I was using (get what you pay for) but the machine would no longer boot up.

Quick hit of the magic buttons to restore to last known good and I was booting again.

So I went through the web files and found the iframe links that had been added to the compromised YabSSe forum (very old version - 2 years since killed off), manually edited the PHP files and restored the site to functionality. I also reset all the customer's passwords just in case, then went about upgrading from YabSSe to the latest version of PHPBB.

One happy customer. I just cant help thinking about all the nice people that were visiting her Charity web site and possibly getting infected with some rubbish virus, I just hope they were running better AV than I was!

The immediate reaction of the customer was "how can someone hack a charity web site like this" and I pointed out that it was probably a script that was run against multiple sites and it was unlikely anyone had actually looked at the site (use Google to find the sites, then run a script against them all).

The customer has learned a lesson and I will also take a lesson away from it - i.e. do what the guy above did and try to catch the culprit then name and shame.

Have fun out there folks, have a good weekend too! :)

Monster / Trend / Microsoft

2007-08-23T15:18:00.000+01:00

I've been following progress on this one. Seems like quite a big impact. Symantec are saying that its mainly US people affected, however I've heard of UK people impacted too (i.e. more spam around about the same time).

I like the last paragraph in that article "I would like to thank Hazel, one of our very patient colleagues in the HR department, for assisting us during this investigation." Does that suggest that they got hit by the virus to anyone else? Just a thought anyway.

Trend Micro were in the news today too, seems a buffer overflow has been getting exploited in their software. Looks like this was responsibly disclosed, unless I'm missing something, if that's the case interesting how quick someone responded by coding a virus or some sort of distributed attack at least. Probably they reverse engineered the patch... didnt see a PoC anywhere.. I could be having a blonde moment though hehe.

MS Patches seem to be testing out Ok, will post of any problems found.

Sonyericsson PC Suite for Vista (K750i)

2007-08-21T13:51:00.000+01:00

Finally noticed Sonyericsson has done the right thing and made a version for Windows Vista. All excited I went and installed it... rebooted (wasn't asked).... no worky.

Switched off bluetooth and tried on the cable... ah need USB drivers... got those... installed... rebooted.... no worky.

It always fails with "communication failure" which is a bit weird since using the USB cable.

Smells like Sonyericsson has some coding to do yet. Cant believe how long it is taking for these 3rd parties to sort out their crap honestly.

Its a new OS, granted, but the beta was out for a loooong time before released to the masses. Wasn't there someone in these companies testing it out? No? What were they doing, oh yes, playing snake or something on their phones lol.

Kudos to Logitech for coding new software for all their racing wheels and also doing 64 bit versions. Nice to see a company playing ball, one company at least.

Giving the helpdesk "full control" to the AD

2007-08-20T16:47:00.000+01:00

Our management wants to give our global help desks control over the AD. So that they can create, move, delete, sendas, access everyone in the company's mailbox.

How the hell can they think this is a good idea? Giving, what is technically the bottom of the IT pile, almost god rights in the AD? WTF?

Ok so maybe you can provide a better service for the odd individual, but what about all the messing around with mailboxes? I used to work on the help desk and I used to fiddle with the best of them. They are usually fresh into I.T. so are keen to learn things, and to learn you need to look around and fiddle a bit (or go on a course!).

The level of access that is being proposed is Full Control over the AD OU structure in all 3 child domains. So not only can they manipulate mail boxes they can give themselves permissions to things, and fiddle with other groups and people's accounts. We obviously have control of the high level groups so they are not at risk (Domain Admins etc).

Needless to say I'm going back and telling them that they should be looking for a lower level of access. I remember some time ago, going to an MS course, one of the first things we were told was "not to let management push you too much on the design of the AD etc" in reality - almost impossible to actually do. They push and push until your line manager tells you to do it, then what can you do? Pick up written warnings at that stage I guess.

Don't know where the SARBOX controls sit around this area either, but I bet someone would have some explaining to do on the next audit of AD permissions.

We'll see where we get to tomorrow.

XBOX Live accounts still being pwned

2007-08-19T10:11:00.000+01:00

Following some discussions on Full Disclosure. Seems like accounts are still being taken over and in some cases Live accounts having some cash taken from (or items bought on behalf of the original owner). This is very similar to any kind of account ownership ownage, it could have been via a phishing attack or other social engineering trick. The problem this time is that most people think this is caused by MS themselves (MS seem to be admitting that too). The hacker calls MS with a few details, and the guy resets the password for them. MS says they are re-training, but surely there's more to it than that? Shouldn't MS be putting in more security measures at the point of contact, or some kind of password that cannot be forgotten. I.E. if you change your email and forget your password - your screwed. Or at least you should be able to provide ALL OTHER information then you MIGHT get your account back. (home address, mothers maiden name, DOB, first pet's name, etc.) You don't hear of Steam accounts getting owned all that often (other than via dumb-asses giving out their info in an IM conversation or similar), at least I've not heard of a Steam account being owned via the provider. Why doesn't MS get it right? The discussion on Full Disclosure was started again by Kevin Finisterre who as it happens, also sparked some news in March with the same issue reported by the BBC here

Easy enough to say "be vigilant" in keeping your details safe etc, but its not that simple, this is MS's problem as well as the users. They need to improve their account safety (not like MS has had security issues before is it?).

Anyway its Sunday I got relaxing to do :)

Skype outage last 24 hours

2007-08-17T08:46:00.001+01:00

If you are a Skype user, you may have noticed trouble logging in. At first I assumed this was a problem at my end as my colleagues seemed to be still using Skype all ok.

Then I see the outage page on Skype - here - saying its a software problem. Fair enough.

Then we see a Proof of Concept for a DoS on Skype - here - do we have to assume the 2 are related?

DoS's are quite funny, in that they generally achieve very little other than pain for the users. Sure there is a security problem with Skype's servers... but is there really any need to take the servers out for all users? I fail to see how the russians could make any money from this, as I doubt Skype will respond to any ransom demands.

Time will tell.

{edit}
Just realised people are linking to this post - and I've not put any reference to where I got the PoC from - thanks to Valery Marchuk for posting information on Full Disclosure (not writing the PoC just informing)
{/edit}

{edit2}
Is it good etiquette to edit posts, I don't know, I'm new at this :)

Someone called ASCII has just rubbished the PoC mentioned above on the Full Disclosure mailing list here.

Also someone mentioned on another blog somewhere (sorry I forgot where) that there are rumours that MS broke Skype with their patches. Interesting theory if you like to bash MS all the time.

If we trust Acsii then Skype must indeed be having software problems, just an interesting co-incidence? As I said earlier, time will tell :)
{/edit2}

Domain Admins privs in Windows

2007-08-15T09:18:00.000+01:00

Oh my god I'm getting sick of the bleating from various parties about not having Domain Admin rights. Man they can fuck off royally.

We have a 4 domain model, parent child, so the Enterprise Admins are at a higher level (there are only 5 Ent Admins globally). So the Americans give out Domain Admins to their domain on the back of corn flakes packets but in the UK we only give it out to people we know and trust. Enterprise Admins we have to trust 1000% or they just don't get the rights.

We have the Americans moaning about Dom Admins (in the other domains) and our new 3rd party moaning about it too. Just cos it makes their fucking jobs easier, or so they can snoop around I suppose. How about go and learn how windows works and show some fucking integrity before asking for something you don't know how to use? The 3rd party I'm talking about are a tier 1 support company and they are the biggest bunch of useless arses I've ever had the dis-pleasure of having to work with. Bring back the old contracts and companies all is forgiven.

Dammit a rant does make you feel better doesnt it.

Vista SP1 leaked...

2007-08-13T08:37:00.000+01:00

Looks like SP1 has leaked to the masses, well some people anyway. Still in beta the reports are good.

MS have been playing down the whole "Vista needs a service pack" thing, but looks like they are caving and might even have done a good job.

http://apcmag.com/6929/vista_sp1_in_depth

Enjoy :D

Privacy on the net

2007-08-13T07:55:00.000+01:00

Do you ever wonder how easy it would be to "find yourself" on the net? (not in the spiritual sense!)

I know where I have used my aliases, and I know how they all fit together so its quite easy for me to search for myself and see who I am. But how easy would it be for someone else to approach and tell me who I am from my information on the net? (not someone reading this who already knows me that would be cheating!).

I think I'm fairly loose with my privacy on the net, so I don't think it would be that hard for someone who doesn't know me already to find out my name and address (or one of my previous). I think I manage to keep my full name hidden most of the time, but I bet I've slipped up somewhere and its there for everyone to see.

Is all this important though? I have nothing to hide, I'm a mainly law abiding person, what should I have to hide? Perhaps someone could steal my identity with what they find, but they would need something more than just my on-line presence to get that surely?

Just my thought for the day anyway. If someone mails me with something scary I will no doubt go out there and remove everything I have ever signed up to... then become a paranoid net user...

FTPing with IE6 - safe? Nope...

2007-08-10T16:36:00.000+01:00

Just noticed a post on one of the mailing lists, could have been FunSec, linking to this. Basically, and I've not tested but will soon, apparently IE6 stores your ID and PW inside the downloaded file over FTP. WOW thats a biggie. I hope if your a web site administrator, then your not using IE6 to download/edit/upload html to your site as it could be exposing your ID and PW.

I'm going to have to nip through all my sites and check now as I might have used IE as a quick fix at some point... DOH!!

Duck folks, new patches coming next week - 9 OF THEM!! dooooooohhhh

Hey I can admit when I'm wrong

2007-08-03T07:50:00.000+01:00

So maybe I wasn't totally right. My Vista machine does seem.. well.. very slightly more reliable. Suspending, resuming then the wireless working is actually slightly more reliable. Its certainly doesnt feel any faster.

Here's a link to the Alienware badboy I was on about yesterday - yummy indeed.

2 x New patches for Vista

2007-08-02T15:29:00.000+01:00

MS are planning to release 2 patches for Vista - KB938194 & KB938979. They apparently are performance improvements and compatibility updates... beware they force driving signing if you find the leaked versions on the net anywhere and install them (no overclocking without pressing F8 on every boot).

So I installed them, knowing full well that my dual core lappy takes 5 mins + to get to a desktop (if the same machine has XP on it runs in under 30 seconds).

Yawn. More of the same, in fact I didnt notice a SINGLE DIFFERENCE.

In MS's defence, a friend at work experienced much better performance with his Standby and Resume functions as well as using Wireless networks etc. I have noticed absolutely nothing.

Maybe I was lucky and my machine was already playing ball, but I dont think so. It still fails to work on wireless after a resume often, and still takes 5+ mins to boot up. Unacceptable in my humble opinion.

If I didnt love Vista's look and feel so much, I'd be going back to XP tomorrow (and its a pain in the ass to get the VPN software configured etc). I want a machine that works - works fast and reliable - is that too much to ask?

I'm going back over to Alienware's site to configure me a £3,000 lappy again and drool over the spec... yummy....

Bloody Vista

2007-07-25T08:22:00.000+01:00

Man someone should tell MS how to bug test, honestly.

Couple of little things pissing me off this morning in Vista, both to do with the Terminal Services client.

1. ALT Tab away from an RDP session and back again, and the ALT key has been pressed. So when working you don't always realise ALT has been pressed and other crap happens you didn't expect.

2. The clip board between the local machine and the RDP doesn't always work, how annoying is that when you are trying to work!!!

Never mind all the other bollocks - like the Wireless not always working, the looooooong boot up time (5 mins plus), suspend sometimes getting its knickers in a twist.. and heavens sake don't get me started on 3rd parties and their slowness to write some bloody compatible software.

Ah feel better after that little rant... even though no one reads this hehe.

Kerberos anyone?

2007-07-24T08:21:00.000+01:00

We've recently migrated from Lotus Notes to Outlook/Exchange. Oh what a laugh.

As we are getting close to the end of the road with the migration, they migrated all the Distribution Lists over. OMG what a mess. We now have people not being able to log on to their machines, some people cannot connect to Exchange using Kerberos and we have issues with people from other child domains editing their Dist Lists in the main domain hosting Exchange.

Its all to do with Token sizes, being in too many groups and things like that (except the cross domain thing, thats a limitation in Outlook).

Its basically boiling down to AD and Exchange just not being very good at doing what its supposed to do. Put 40,000 users into 3 domains and install exchange for yourself and you'll see what I mean. We all thought Lotus Notes was bad, but come back IBM all is forgiven. :D

Data Centre Migration

2007-07-23T07:39:00.001+01:00

Does appear that we've done it. Migrated circa 300 Servers to another data centre in under 3 months. Mixture of Windows 2000, 2003 and Unix systems, all moved and up and running live 3000 miles away. All completed with very little preparation time what-so-ever.

About 40% of the servers were "P2V"d into a Vmware ESX Server farm, if it wasn't for Vmware technologies I think we'd still be going the work!

Finished migrating the major SAP systems last night and I also migrated a group of Citrix users over to follow the SAP systems.

This was all done under considerable pressure from management to complete the task, which I think adds to the success.

All a good set of stuff to have on the CV at the end of the day.

From a Security point of view there's probably a few things we shouldn't have done, but if we hadn't we wouldn't be where we are today. The challenge now is to re-visit everything and ensure its up to standard with Security.

All good fun.

Microsoft patching.. ok but what about the rest?

2007-07-19T08:31:00.001+01:00

Yes, we're now all patching Microsoft technologies. But are we patching the rest? Really?

Susan Bradley mentioned this recently on the Patch Management mailing list and it wasn't really picked up that well buy the others (she's good she is).

We all use SMS or WSUS to patch our clients and servers, or some patch management solution at least. What happens when there is a bug in Adobe Actrobat Reader though, are you patching that? Oh I see your letting your users patch it... so they have admin rights do they? More issues for that setup then.

So you have Adobe under control. What about Quicktime? Flash player? Shockwave player?

I know that at my work, we don't do anything other than MS patching. I worry about this on a daily basis, but what can I do with no funding and no resource? Wait for a large virus outbreak attacking Adobe Reader probably. Then the management will stand up and say "oh shit we need to patch this too".

Then there's things like Anti Virus, Java and all the other 3rd party apps that companies like to have on machines all over the shop.

Patching Windows + MS is one thing, the rest... well.. its up to you! (or management really).

Best practice for Anti Virus

2007-07-18T08:30:00.000+01:00

Perhaps someone reading this can clear this up for me.

I've always pushed the idea of having separate anti virus products on Servers than on Clients. Not sure why, I think I read it somewhere as being considered best practice. However, I've since posted on the "Anti Virus" mailing list, and they were all running McAfee across the board.

I realise that if you have a problem with virus definitions on one product, and you lose all your servers, then theres not much work can be done anyway but the users who are still working on their machines (and vice versa). But surely, if that was to happen, the problem and resulting fix would be a smaller fix?

Is it not a good idea to spread out the eggs across a couple of baskets?

Reason I bring this up, I've been overruled at work and some manager has decided to go the McAfee route, without talking to the technical teams, just doing it. That is not how to run a department.

New Blog

2007-07-17T22:49:00.000+01:00

Gonna take a wee look at using this Google job then. Have been using Live but not liking the photo side of things much. Will get into posting soon enough ;)