(in)Secure IT: June 2008

Saturday, June 28, 2008

Insignia NS-DPF10A 10.4" Digital Picture Frame

Here's the box as it was purchased from eBay.

Good packaging, just that if any weight were placed in the middle then your frame would definitely break.

Here's everything that comes in the box.

If you don't like brown then you can go with the default black frame.

This digital frame, per the manual, claims to have 256MB of onboard memory, aside from about 3 different other card slots to expand or plug-in media. To add content, pictures or movies, to show on the frame simply plug-in via firewire-to-USB to a laptop or desktop, open the shared device, and drop the content.

Here's what a Windows user would see using the default view settings, just pictures.

Looks clean, but really its not. By default the auto-start feature is running and has therefore run a file called autorun.inf which in turn has already called another file called server.exe that works in combination and again calls copy.exe. Oh really, where are these files?

Malware and bots have gotten sneakier and abuse some of the experience feaures of Windows, in the particular the use of the hidden and system attributes.

Simply select to un-hide and show extensions as well as operating system files .....

.... suddenly these files I mentioned above are revealed!

For those a bit more versed in the old MS-DOS command shell, you can run the command "dir /ah" (list all hidden files) and you'll see the same files.

And to see the 2nd trick I mentioned, using the system attributes plus making the files read only and resistance to standard deletion we can run "attrib" (list files and their attributes) and voila ....

So for the files mentioned, we've created new descriptions to link them together in an understandable description as WORM_PERLOVGA.G

Essentially the infection on the Insignia is mid-2nd stage attack. Everything starts with a drive-by-download from the web of TROJ_DROPPER.CFV which pulls down BKDR_SMALL.DDE and finally ending up grabbing the WORM_PERLOVGA.G package online and here we are.

Wednesday, June 25, 2008

Kubuntu: the Alternative CD

I had Unbuntu Hard Heron version installed on my test machine previously and just barely got it to doing RAID 5. Several books later and a run-in with LinuxMCE and MythTV had me reconsidering to move to the KDE gui though.

So I've just burned Kubuntu 8.-4 Hardy Heron using the alternative CD as it seems to be the only way to get any Linux distribution going right out on install and not as a post-install chore. In preparation I've got the the instructions all laid out for me. Wish me luck.

I figured a perfect way to recycle the PATA (IDE) drives from the older FreeNAS by putting it in a better looking case.... Enter the AMS T4U (DS-2340UBK) that I bought off half-price at eBay. This is a 4-bay unit with built-in JBOD capability which I've re-purposed into a RAID-5 via the independent drive setting. Combined with the Dell XPS its going to be extra storage hopefully for a bring-anywhere system. My original plans were to finally install Mythbuntu on it, but that project's taken a short break for now.

Sunday, June 22, 2008

Windows XP: Service Pack 3

I've got two-(2) Windows XP machines being backed up using HP MSS (mostly gigabytes worth of .PST files) and its all working fine. Machines are of course top of the line updated via Microsoft Update to avoid some of the common distractions like botnets scanning for victims. Of course all of this is behind a serious hardware firewall in combination with the default Windows Firewall.

The thing is, Windows XP SP3 has been out for some time and its a humongous update. Lots of things that I didn't think were too broken appear to be critically so. But I won't update, not too soon.

And why is that? Well, simply the fact that on a basis there are two-(2) factors. Perhaps the underpinning issue is that I'm running WHS PP1 which is sort on beta stage; and the other is that SP3 appears to have broken RDP to the WHS -- not good considering that the WHS Console is a basic RDP subset to control the system.

Nothing to do with issue #1 as something has go to get fixed from the 60's (get my drift?). Besides that, I'm still using the core basic system unchanged for warranty's sake (am breaking down on this stance real soon now if it gets MSS to a level faster than Windows XP on a Pentium II). Of course for issue #2 I've got RDP Beta running on my Mac (thanks MS guys!) and can probably survive somewhat, but that basically does make WHSC useless in the interim, eh? :-(

Give me a few days, will update the experience and the machines by then.

Wednesday, June 18, 2008

LinuxMCE: WPA2

Its been some tiring hours, but I finally have Kubuntu recognizing my D-Link DWA-142 using ndiswrapper. Before that though, finding out what the default login passwords if you're one of those who just dive first into a project was a chore.

However WPA2 is still a bit tricky to configure and I still need to find a configuration that will make it stick. Some inspiration to get things going, I found here. Well, one problem at a time.

The reason of course for all this is to introduce a nested network. And it would really help your various orbiters and media directors if you had the LinuxMCE network on its own separate wireless network.

Friday, June 13, 2008

LinuxMCE vs WindowsMCE

While MS Windows Home Server running in my HP EX475 is a cool thing (albeit my grumpiness for that AMD Sempron chip), long before this I'd already been playing around with LinuxMCE.

PS> And before that I'd also been playing around with Windows XP Media Center 2005 and got the Media Center Extender for the original Xbox -- no cigar there though. The OS license is now done for and Microsoft refuses to honor my soft-modded Xbox even if I was paying for Xbox Live for 2-years. I said goodbye to that righteous setup, its now just a standalone game station with the rest of its console brethren in the living room.

The base machine I was using for my initial test was from spare parts from the office, basically an Intel P4 clone and an 80GB IDE HDD with built-in sound card. Its video card was built-in and not really fit to run as the core/hybrid system -- yet given that LinuxMCE is taking advantage of Kubuntu 7.04 (or if you like then install Ubuntu and just convert it from the default to KDE) it ran well enough. Installation was pretty straightforward similar to the video (sans the Fiire producs which I only sort of drool about).

Some quick things about LinuxMCE:
1. its the spin-off from the Pluto Home project; the project actually links back to the LinuxMCE for those DIY people like me
2. Pluto Home and thus LinuxMCE is being OEM'ed (or licensed or whatever), the point is that apparently Monster Cable based their Monster Home product on it
3. it has more built-in functionality than whatever WindowsMCE has yet to offer, up to home security and automation
4. it supports orbiters of almost all walks and sizes right down to your Symbian 60 phone
5. it is FREE, FREE, FREE, get it, FREE

Some digression. All my media is pending to be streamed from the MSS (and I mean pending given that the most promising thing I've gotten to do on it is probably have a server to host websites at home and some pictures which isn't much given the bandwidth limitations that Comcast has for serving files, gee the puny UM150 from Verizon gives me almost the same speed -- thus I may have to resort to using PhotoSync+Flickr or linking my Picassa/PhotoBucket/Kodak instead). I've installed the SageTV add-in and made a quick test which was pretty slow rendering on my MacBook Pro -- attributing this to the EX475's lowend AMD Sempron and 512MB memory. TVersity actually does a better job at streaming my media, but its not a full MCE that I've yet to see stream stuff like TV Guide.

Last night I thought about an alternative form factor similar to the MSS and started my eBay search. That net me a Shuttle XPC Legend with 2-GB memory, Intel GMA950 display, and a P4 3-GHz chip for starters (in fairness it would cost just a wee bit less at $500 with a 1-TB HDD purchase, add the approximate cost of the WHS OS license and its a cost match). I'm planning to combine this with the Hauppauge WinTV-HVR 950 and see what happens.

I've also started to be a bit more active in the wiki and put up my first contribution to it this morning, pending updates when the rig gets put together some time next week.

Stay tuned...

Thursday, June 12, 2008

MSS: SageTV add-in

I know nothing about this add-in apart from it being one of the top downloads at one of the MSS sites that my browsing leads me to. SageTV is of course a commercial distribution and its 21-day evaluation period sounds acceptable (why no 30-days?). There's a .DMG instalation for Sage PlaceShifter, thats what I tested briefly via wireless. All I can say is that its not SlingBox and not intuitive enough for an easy install by consumers (who usually forego reading the manual and here wizard setups are a must). Disappointed. I wonder about MythTV ....

----------------------

Recently, I made some commentary on errors seen on PowerPack 1's installation. Not too major as its still working well far as I can tell. Just to make things interesting though, I decided to move the MSS beside the router in the hopes that proximity could improve whatever video streaming plans from it (such as the above SageTV).

So, I proceeded to shut down and got this screen. Now, WTF is that all about? Of course, wanting this to be a true consumer experience I simply ignored the error and forced shut-down. Moved the rig to the living room next to the router and haven't RDP'ed to it yet to see if other errors came up on reboot. As far as my WHSC's on the other computers and other operations things appear to be running normal. Not too worried, yet.

Wednesday, June 11, 2008

Gadgets: Pantech UM150 USB Modem

Enter the Pantech UM150.

After two-(2) years of using the Kyocera PC5750 and having moved to the Macbook Pro last month, it was time to change devices. The apparent "upgrade" (as Verizon puts it) isn't really because my older card wasn't working but rather the fact that Apple decided to go the ExpressCard way thus making my previous EV-DO card incompatible. Well, thank you very much ... I think.

The first thing I wanted to do was a speed test, naturally. Below are the results for my area and a quick average is 1-Mbps down and 280 Kbps up:

What are the apparent improvements from the previous wireless device? Lets see just from the box info:

Nothing much wouldn't you say? But wait, here's the thing - USB vs PCMCIA.

That meaning, it doesn't matter what operating system you use the Pantech on nor does it matter what device from laptops, desktops, and depending on how much a gadget freak you are , like me, direct as a shared access point in your network :-)

WHS: Power Pack 1

I've finally gotten TVersity running on the MSS, but its a tad slow though due to the memory requirements of codec translation. Pretty much that chip and memory upgrade regardless of the warranty breaking is looking like a decent proposition right now if it can boost productivity (come on HP, give it up and let us poor folk who bought this expensive hardware do it already!). Joe's already done it with one of his systems taking a cue from that other guy from HomeServerHacks.

Anyway, moving along. Joe personally invited me to beta test the supposed new WHS SP1 coming out in June last month. My lazy excuse here is that so many projects in the works and I've not been on personal email too much recently. What I did do though is sign-up for the WHS Beta Program as mentioned in another forum which allowed me to get WHS Power Pack 1 just the other day. Skipping the instructions I simply dumped everything in the MSS/Software directory and initiated a Remote Desktop session and installed it from there.... Done!

WHS MSS upgraded and my WHS Connect Software as expected complained about a need for an upgrade by flashing (!) on the taskbar icon as well as (oh, thank you MS guys for thinking of backward compatibility issues) in the original WHS Connect console. Looking good so far.

------------------

I've gone back to the document today to see if I missed some steps and to verify the installation. Its still a multi-disk system but am not ready to just turn on disk duplication back on for my critical multi-media files just yet. The aim of my beta test is to (1) ensure the installation works, and funny enough it was Patch Tuesday yesterday so there's possibly a new update available and so (2) ensure that patches are installed successfully.

There two-(2) consoles I'm using WHSC on and per the update instructions there's a manual way to get the update from the WHS (on page #19), which I did. And why is that? Simply because using the download instructions from the beta document got me a possible update from Microsoft but it wasn't connecting to my MSS! Best assumption then is to get what was really packaged where it was installed thus the above steps done.

Right then, on to verification but not before seeing what would happen if I followed the written instructions on page #12. Clicking on the "Update Now" button resulted in the following window inside WHSC.

Ah, so was this a result of the Power Pack 1 update or were these patches from Patch Tuesday? Looks to me that IE 7's being updated so it must be the latter. More on this later.

And suddenly, an Application Error on [homeserverconsole.exe].

Uh, WTF? Clicking on the "OK" button resulted in that WHSC v.1 session crashing. Fine, closed it and moved to the WHSC v.2 session which was of course locked off from registering and connecting to the MSS due to inability for a concurrent session.

Now WHSC is based on Windows 2003 server, so why aren't concurrent sessions allowed?!!

Once more check if the update pushed through, and apparently it did (oh really?).

Here's the version check as mentioned from page #17. It plainly shows WHS with PP1, and components at version 6.0.1771.0

When in doubt, check again. So I made an RDP session and discovered that apparently the updates continued to go on regardless of the previous application error, and is now requiring me to reboot.

In fact, the reboot timer did this for me. And yes, just last night I refused the reboot on my Windows XP production machine since I had a couple of emails that were pending and earmarked for response...

But nooooo, the system went ahead and did it in my sleep!

Bummer, now I've got to go back and re-read and possibly miss responding to some items. (Hello MS Office 2007 guys, a good feature would be to re-open messages in similar cases. Someone work with the patch update team please?!).

Alright, so the HP MSS EX475 rebooted successfully. I did a once over update check again and WHSC reports no more updates

available. Via RDP the system profile shows I'm still running WHS SP2 after the update. Unfortunately, the WHSC still tells the story of Hotel California, that my update is current as of 1969.

"Good night", said the watchman. We are programmed to deceive. "You can check out any time you like, but you can never leave."

PS> A quick comment on the new WHSC is that during all the tests it was running alot better, by that I mean it had faster response. Something tells me the WHS Team may have sped up some connection problems either as part of the update or inadvertently. For that, I'm really thankful! You guys rock.

AND NOW, on to other hurdles like configuring the server to host either this blog or a portion of it; as well as figuring out how to start serving pictures and video for the family back home in Baguio City. Mama Linda, Jeng, Ashley, Jaune, Jay, Tin, Gavin, Len, Craig -- we miss you!

Sunday, June 08, 2008

Rogue Anti-Virus?

Now I'm really surprised that after a few weeks this website is still up and running!

TrustedAntivirus purchase site.

Aspder

A search reveals at least 43,000 hits on this particular SQL injection. Thats alarmingly still close the what the numbers where the first time this was reported. It seems the affected companies and industries related to wine, oil, movies, and so on haven't done enough to cleanup their backend databases -- or perhaps don't know how?

Over in Seattle a couple pages have been up discussing how to prevent and harden against SQL injection attacks have been put up.

Domain and website splits are:
.com - 17,401
.org - 22,901
.net - 699
.cn - 189
.us - 6
.hk - 6
.info - 4
.uk - 2
.sg - 2
.jp - 2
.nz - 1
.gov - 3
.in - 4

Some webhosters have been discussing the attack as it progressed on systems. A discussion of what the SQL requests is here. In the same month other malicious hosts were being identified. Attacks aren't simply on regular pages but those server side .ASP pages as well.

Friday, June 06, 2008

Broadband: FIOS and the Need for Speed

"For soothe!", say I. When will Comcast finally get FIOS working in my neighborhood?

My colleagues Brean (uh, I mean Bo in Boston) and Joe (in Seattle) already have it and it is sooooooo much better knowing you've got that much bandwidth to play with, particularly given that my day to day tasks require large file transfers.

Right here in Comcast land we're fettered with the best they can come up with at 16-Mbps but thats just the published rate and reality shows that it does vary from 8-Mbps to 12-Mbps (and the only reason I'm getting that is because I pay the monthly $10 premium to get the higher bandwidth tier!).

There's nothing more I can think of to increase my network speed as the really best to wish for is to get true LAN speed via 100-Mbps -- not happening yet. Best I've done as already mentioned is to increase traffic quality via my gigabit network and combine that with a switch. Thats been, and I say it again, miraculous relief for me to get some real work done.

Anyway, that speed bottleneck still appears to be true even if you're using Verizon FIOS as the Actiontec M1424WR router that they bundle now has markings attesting to only 10/100 -- thats not 1000 or Gigabit. Whats going on here?

Truly the M1424WR is a very nice piece of hardware with virtually the same if not more functions than my own setup of a Motorola SBV5220 (Comcast branded that gives me TriplePlay functionality) and D-Link DIR-655 combined. What i still missing is gigabit ethernet connectivity from t

he pipe instead of "to" the pipe.

A solution seems to be to virtually split the FIOS channels to its components, unbundling it which will of course breaks TriplePlay functionality but may fix many of the network congestion woes. In effect making the M1424WR a network bridge to your own gigabit enabled hardware (and here I still say the DIR-655 rocks but I may settle for having my own Darth Vader Tie Fighter as an alternative in terms of looks).

Mac OS X: Finally the GIMP !

Its been some time that Yna'd been looking for an Adobe Photoshop-like application for her Mac. Early in February I remember looking to get this down via MacPorts but couldn't seem to get it down right. :-(

Myself, I was pretty happy with The GIMP via its port from Linux to Windows. Of course, having just moved to the fun side of computing myself it became apparent that though the Mac has some pretty neat applications by default however I was sorely missing anything that resembled at least Painbrush!

Thanks to Wilbur who loves Apple and and a pointer to DarwinPorts I was able to get The GIMP going on Leopard without much hassle. Of course it does help that Apple bundled the latest XQuartz on its installation CD (and that I had to do some messing around before trying to get LiveQuartz working).

Now for some serious layer manipulation!

Mac OS X: Playing Nice on a Mixed Network

"Halt!", says my Macbook. "Who are you, and where are you going?!"

Anyone who's ever been on a large network would know the intricacies of granular file permissions. Access Control List (ACL), some people pronounce it like "uncle", have been around long before but during regular conversation you'll most probably hear this from people administering a dominantly Microsoft Windows network.

On Windows XP you get this granular feature if you turn off the easy file permission management which opens up other management tabs such as Audit trail when you start to share files and directories. Mac OS X has a similar neat feature better than Windows in its own version of the Control Panel called Shares under System Preferences.

What was missing was granular ACL ... until now. Have a gander at Sandbox for your specific sharing needs. BTW, it now works for Leopard, too! :-)

Postscript following morning at 9am:

Argh, just to say where no one has gone before is not the case, someone else made a few comments about the new file sharing properties on Mac OS X here.

Wednesday, June 04, 2008

WHS: To Do List Projects

There's a couple of things lined up for the MSS when I get down to it. I've got too many open tabs though at the moment so best not to forget what they are:
1. phpBB
2. phpMyAdmin
3. MediaWiki

Some new add-ins that I may play around with from WeGotServed:
a. WHS Customizer
b. Whiist
c. DupeCleaner
d. uTorrent
e. WebGuide
f. ipsHomeControl
g. Homebase
h. easyRADIUS

These add-ins seem to already be in MSS at least last I looked via RDP:
i. FireFly
ii. MediaConnect Controller

All of the above of course is really dependent on the processing power at the moment for MSS as its still running the stock AMD Sempron and 512MB RAM. Thats going to cost at least $100 to get going and I'm not sure about cashing out yet (and even more so because hardware modification will almost certainly void whatever warranty Fry's and HP have on it). *sigh*

WHS: Cool Tools

Trying to move large files across you network can be awfully slow using standard Windows copy services. After searching for alternatives I came across these articles and indispensable tools:

1. FastCopy
2. TeraCopy and TeraMove

So far all but some thousand of clips I've collected through the years are at 87% moved. Due to some limited functionality none of the above has an easy file compare function -- or at least its not pretty obvious that it has one except for skip, overwrite old versions. Thats going to slow down completion of this mini-project of consolidation. To compare files I suggest:

3. Clone Cleaner Pro

And if you want to sync directories from a shared folder or via ftp my favorite is:

4. SyncBack SE

Finally, if for some reason you've truly f*cked up your system and are recovering bit-by-bit the best I've used for the last 2 years has been:

5. GetDataBack NTFS/FAT

Definitely cool tools to have in your arsenal. Fight!

Game Gems: Haze (PS3)

Finished.

I must say that the seizure warning is apt for this game, in fact the wife got a bit woozy after watching me kick some butt on "easy mode".

Yes, I know thats just so n00by of me to use weaner level but that's not the point of it all anyway when I go through a game. Some are in it for the realism or to test their whatever, I am in it for the story. After all you're supposed to play an immersing game with a complete plot that should be worth a movie (or even several so say hello Resident Evil franchise?).

That being said you start out as a Mantel soldier and brain washed (or should we say drug-washed) with Nectar (you have to love the allusion to bee's here, but nature has some fun color combo's, eh).

Nectar appears to be made out of a plant somewhere they speak Spanish. Its effects in the game include razor sharp targeting and a boost of speed. Now thats an interesting drug right there, more so that in-game calls of being a junkie are apt.

Game play has you start to go after the Rebels and eventually change sides for under the command of "Skin Coat", the Mantel nick name for a guy named Marino. The nick name is of course a lie fed to Mantel soldiers to increase emotional response against a supposedly viscous and inhumane cannibal. Disinformation in the ranks, Sun Tzu, ho hum ....

I think the telling piece here is when your buddy reveals the truth behind Mantel soldier disappearances and dies in the process. Classic. But this is where you get a question of morality between what is right and wrong. Basically, listen to your conscience to tell you what should be. The line references to "chemicals in your brain" said by both sides should be a dead give-away along the story line and lets you know that inevitably you should really be on neither but yourself. To some thats called indecision, to some that could be called integrity. I go for the latter having had too many landmark decisions happen in the course of work myself. At that point of surviving its time to sing "Vindicated" (surprisingly song #1 in the Spider Man soundtrack, how apt in the lines "with great power comes great responsibility").

There isn't much more depth in the story after disabling the "administrator" atop the highest peak in an observatory, then finally making the land carrier run aground and shooting up that drug crazed seargeant who' still ashamed to let mommy know he was a bad boy. Duh. The whole plot ends with Marino telling you he's going to manufacture a derivative of Nectar and make it available for anyone who wants it of his own free will. Thats the spoiler here folks, but that end does make it interesting as fodder for moral reflection -- at least to me.

I digress by saying the earlier TV show on law and crime in New York also puts alot of moral issues on the table. How far would anyone go to protect thousands of people and would you take the blame for it? What defiance of law and order is bad enough for you to be crucified after following your internal moral compass? Is a moral compass to do good built-in or is it taught? Thoughts to ponder. :-)

Overall, a good game to play on campaign. The online as far as I've tested works well, call me Head Shot Jones :-p

Pages