• Category Archives Uncategorized
  • Specialized Email Phishing Attacks Highly Likely

    By Craig Szymanski

    This week many of you have received emails from companies (Best Buy, Chase, Citi, Disney, Walgreens, TiVo, etc, etc..), whose website’s you’ve registered with with that mentions a data or security breach in which your Name and Email address was stolen from a company called Epsilon. Epsilon is a company that send out gazillions of emails for a lot of companies(About 2,500). Simply they are a very busy email marketing delivery service with a lot of personal information.

    The Problem: Since these criminals now have your name, email address and the actual company associated with that information, you can expect that they will be sending you email communications posing as a legitimate company. I’m not going to get in to the technical aspects of how they will do this, just know that they can and will.

    The Solution: In a previous blog post I mentioned phishing attacks that appear to come from a legitimate source yet do not. In that post I summarized at the end a few things that you should do to be cautious and protect your information/identity from being stolen. What I really should have said is simply: Do not click on links in an email*.

    If you get an email from your bank, read it, maybe it is real (Do you always believe everything you read?) and something you need to take care of. Instead of clicking on that convenient link in the message, manually open your web browser(hopefully you use Firefox or Chrome), go to the companies site that you should have bookmarked and take care of business.

    For a fairly complete list of companies that were exposed check this website: http://www.databreaches.net/?p=17374

    For more on Phishing attacks the FBI.gov site has a good example: http://www.fbi.gov/news/stories/2009/april/spearphishing_040109

    If you want learn more about computer security I recommend this weekly podcast: http://twit.tv/sn . They have hundreds of shows online with notes: http://wiki.twit.tv/wiki/Category:Security_Now_Show_Notes

    ——————————————————-

    * Unless of course you know what message headers or HTML source code are and how to decipher what they actually mean. I only look at them since it is part of my job and I am curious. In reality, it is easier and safer to just go to the companies website manually.

    Filed under:

    Category: Computer Security, For-Facebook, For-My-Facebook, Phishing, Email, Epsilon, phishing


  • Symantec BackupExec 12.5 RALUS on Ubuntu

    Although backup exec 12.5 does not officially support Remote Agent installation on Ubuntu I have had success installing it on my Ubuntu Hardy servers. Just download the agents from Symantec File Connect and extract the contents. Then go to this folder: BEWS_12.5.2213_LINUX-UNIX-MAC-SAP_AGENTS/pkgs/Linux/VRTSralus/ Inside is a file called VRTSralus.tar.gz. Extract the contents of that and you will see a .DEB file that you can install on a debian based system (VRTSralus-12.5.2213-0.i386.deb).

    Install that as root like so…

    dpkg -i VRTSralus-12.5.2213-0.i386.deb

    Once that is installed you will want to patch it. On the BackupExec server go to the Backup Exec installation directory and find this file in the patches folder(C:\Program Files\Symantec\Backup Exec\Agents\RALUS\Linux\). Copy VTRSralusPatch.tar.gz somewhere that you can extract it’s contents and edit the installraluspatch.sh file.

    Look for this line (mine was on line 19).
    if [ `cat /etc/issue | grep Debian | wc -l` = 1 ]

    Change that to this…
    if [ `cat /etc/issue | grep Ubuntu | wc -l` = 1 ]

    …and run the installer.


  • Apple 10.6.5 update Failure (Fix)-2

    By crmanski

    I have been pulling my hair out trying to get 10.6.5 to install on a particular macbook and kept getting this error with software udpate…
    “An Installation error occurred.”
    …and then I would have to reboot.

    or this one with the Full Combo update package…
    “The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.”

    The fix was to set the max file limit to 10000. This appears to have be adjusted by the Smart Board software that is installed on the laptop. This is all I had to run in the terminal…

    sudo sysctl -w kern.maxfiles=10000
    sudo sysctl -w kern.maxfilesperproc=10000

    The second one actually showed a schange from 2000 to 10000.
    I re-ran the Combo Update and had no problems with the install.

    I gleaned this from reading a few thread on Apple Support and actually found the fix here…
    http://discussions.apple.com/thread.jspa?threadID=2468522&tstart=0

    So, if you have “Smart” software installed and cannot install this update this might help.

    Technology:


  • Apple 10.6.5 update Failure (Fix)

    I have been pulling my hair out trying to get 10.6.5 to install on a particular macbook and kept getting this error with software udpate…
    “An Installation error occurred.”
    …and then I would have to reboot.

    or this one with the Full Combo update package…
    “The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.”

    The fix was to set the max file limit to 10000. This appears to have be adjusted by the Smart Board software that is installed on the laptop. This is all I had to run in the terminal…

    sudo sysctl -w kern.maxfiles=10000
    sudo sysctl -w kern.maxfilesperproc=10000

    The second one actually showed a schange from 2000 to 10000.
    I re-ran the Combo Update and had no problems with the install.

    I gleaned this from reading a few thread on Apple Support and actually found the fix here…
    http://discussions.apple.com/thread.jspa?threadID=2468522&tstart=0

    So, if you have “Smart” software installed and cannot install this update this might help.

     


  • Deploy Adobe Flash 10.1x with ARD-2

    By crmanski

    For some reason unbeknownst to myself Adobe decided to stop releasing flash player for Macintosh as a package sometime this summer. This is very inconvenient when trying to deploy the player on multiple machines in order to push patches to security holes in their software. With a little poking around I found that the package is in the download you just need to extract it. To do so…

    1. Download the player from Adobe’s site
    2. CTRL-Click on the file and choose show package contents
    3. Open the “Contents” folder and then the “Resources” folder. Inside you will see a files called “Adobe Flash Player.pkg”
    4. Drag/Drop or copy that package somewhere and use that to deploy the player with Apple Remote Desktop


  • Deploy Adobe Flash 10.1x with ARD

    For some reason unbeknownst to myself Adobe decided to stop releasing flash player for Macintosh as a package sometime this summer. This is very inconvenient when trying to deploy the player on multiple machines in order to push patches to security holes in their software. With a little poking around I found that the package is in the download you just need to extract it. To do so…

    1. Download the player from Adobe’s site
    2. CTRL-Click on the file and choose show package contents
    3. Open the “Contents” folder and then the “Resources” folder. Inside you will see a files called “Adobe Flash Player.pkg”
    4. Drag/Drop or copy that package somewhere and use that to deploy the player with Apple Remote Desktop

     


  • Silent Remote Installation of Mozilla Firefox 3.x-2

    By crmanski

    This is an example of how to deploy firefox remotely to your windows based domain client machines using psexec with proxy settings. First you need to download the latest 7-zip from here: www.7-zip.org after you have that installed find your firefox installer package. As of this articles writing the name of this file was “Firefox Setup 3.6.4.exe”. Right-click on it and choose the menu item under 7 zip called: Extract to Firefox Setup 3.6.4″

    Once the package unzips go into the directory called Firefox Setup 3.6.4 and have a look around.

    Home Page Setup:

    The first folder is called “localized” open the file called “browserconfig.properties” with wordpad and edit the urls to reflect the homepage that you want your clients to have. In my case the file looked like this when I was done…

    browser.startup.homepage=http://szone.berlinwall.org
    browser.startup.homepage_reset=http://szone.berlinwall.org

    There is also a prefs.js file in the localizeddefaultsprofile directory. You can add entries here is you like and they will be the default preferences. Having a look at about:config will give an idea of options that you can set: http://www.mozilla.org/support/firefox/edit#aboutconfig

    Proxy Settings:

    The proxy settings can be set in all.js file found in the nonlocalizedgreprefs folder. Search for the phrase proxy.type to jump to the part we are looking for. By default the value is 0 (no proxy). Setting the value to 1 will enable the proxy. If you have auto detection setup on your network you can use 4. Firefox 3 added the option of 5, which will use your “system” proxyIf your proxy was 192.168.1.1:8080 then you would make the file look like this…

    pref(“network.proxy.type”, 1);
    pref(“network.proxy.ftp”, “192.168.1.1”);
    pref(“network.proxy.ftp_port”, 8080);
    pref(“network.proxy.gopher”, “192.168.1.1”);
    pref(“network.proxy.gopher_port”, 8080);
    pref(“network.proxy.http”, “192.168.1.1”);
    pref(“network.proxy.http_port”, 8080);
    pref(“network.proxy.ssl”, “192.168.1.1”);
    pref(“network.proxy.ssl_port”, 8080);
    pref(“network.proxy.socks”, “192.168.1.1”);
    pref(“network.proxy.socks_port”, 1080);
    pref(“network.proxy.socks_version”, 5);
    pref(“network.proxy.socks_remote_dns”, false);
    pref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1,.192.168.1.1 , yourlocalserver.com”);

    There are a lot other settings in this file. Take a long look at it and make any changes you would like.

    Disabling Suggested Searches

    If you do not want hundreds of queries for search suggestions every time a single letter is typed in the search bar then open this file: nonlocalizeddefaultspreffirefox.js and search for “suggest”. You should find: pref(“browser.search.suggest.enabled”, true);

    Change it to: pref(“browser.search.suggest.enabled”, false);

    Disabling Application Updates

    When installing Firefox in an enterprise setting you do not want it to look for updates when a regular/non-admin user is logged on (You don’t let your users logon with administrators accounts do you?). In the firefox.js there is a line that looks like this: pref(“app.update.enabled”, true); Change that to: pref(“app.update.enabled”, false); and then your clients will not check for updates automatically.

    There are many other preferences in this file. Take a look at it and make any other changes you like.

    Remote Deployment

    Use the method that I share on this page: http://szone.berlinwall.org/win32/DeployinganInstallationPackagetoMultipleClients

    The batch file for firefox would be a little different than the example in that article. Something like this should work…

    echo “checking for Installers directory on the target…”
    if not exist %1C$installers mkdir %1C$installers
    if not exist %1C$installersfirefox3.6.4 mkdir %1C$installersfirefox3.6.4
    echo “copying Firefox install to install directory…”
    xcopy “MyServerUpdatesfirefox3.6.4*” “%1C$installersfirefox3.6.4” /e /y
    echo “Installing Firefox…”
    psexec.exe %1 “c:installersfirefox3.6.4setup.exe” -ms
    echo “All Done.”

    Credits: http://www.appdeploy.com/packages/detail.asp?id=357 (For the silent install switch)

    Moved Here


  • Silent Remote Installation of Mozilla Firefox 3.x

    This is an example of how to deploy firefox remotely to your windows based domain client machines using psexec with proxy settings. First you need to download the latest 7-zip from here: www.7-zip.org after you have that installed find your firefox installer package. As of this articles writing the name of this file was “Firefox Setup 3.6.4.exe”. Right-click on it and choose the menu item under 7 zip called: Extract to Firefox Setup 3.6.4″

    Once the package unzips go into the directory called Firefox Setup 3.6.4 and have a look around.

    Home Page Setup:

    The first folder is called “localized” open the file called “browserconfig.properties” with wordpad and edit the urls to reflect the homepage that you want your clients to have. In my case the file looked like this when I was done…

    browser.startup.homepage=http://szone.berlinwall.org
    browser.startup.homepage_reset=http://szone.berlinwall.org

    There is also a prefs.js file in the localized\defaults\profile directory. You can add entries here is you like and they will be the default preferences. Having a look at about:config will give an idea of options that you can set: http://www.mozilla.org/support/firefox/edit#aboutconfig

     

    Proxy Settings:

    The proxy settings can be set in all.js file found in the \nonlocalized\greprefs folder. Search for the phrase proxy.type to jump to the part we are looking for. By default the value is 0 (no proxy). Setting the value to 1 will enable the proxy. If you have auto detection setup on your network you can use 4. Firefox 3 added the option of 5, which will use your “system” proxyIf your proxy was 192.168.1.1:8080 then you would make the file look like this…

     

    pref(“network.proxy.type”, 1);
    pref(“network.proxy.ftp”, “192.168.1.1”);
    pref(“network.proxy.ftp_port”, 8080);
    pref(“network.proxy.gopher”, “192.168.1.1”);
    pref(“network.proxy.gopher_port”, 8080);
    pref(“network.proxy.http”, “192.168.1.1”);
    pref(“network.proxy.http_port”, 8080);
    pref(“network.proxy.ssl”, “192.168.1.1”);
    pref(“network.proxy.ssl_port”, 8080);
    pref(“network.proxy.socks”, “192.168.1.1”);
    pref(“network.proxy.socks_port”, 1080);
    pref(“network.proxy.socks_version”, 5);
    pref(“network.proxy.socks_remote_dns”, false);
    pref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1,.192.168.1.1 , yourlocalserver.com”);

     

    There are a lot other settings in this file. Take a long look at it and make any changes you would like.

    Disabling Suggested Searches

    If you do not want hundreds of queries for search suggestions every time a single letter is typed in the search bar then open this file: nonlocalized\defaults\pref\firefox.js and search for “suggest”. You should find: pref(“browser.search.suggest.enabled”, true);

    Change it to: pref(“browser.search.suggest.enabled”, false);

    Disabling Application Updates

    When installing Firefox in an enterprise setting you do not want it to look for updates when a regular/non-admin user is logged on (You don’t let your users logon with administrators accounts do you?). In the firefox.js there is a line that looks like this: pref(“app.update.enabled”, true); Change that to: pref(“app.update.enabled”, false); and then your clients will not check for updates automatically.

    There are many other preferences in this file. Take a look at it and make any other changes you like.

     

    Remote Deployment

    Use the method that I share on this page: http://szone.berlinwall.org/win32/DeployinganInstallationPackagetoMultipleClients

     

    The batch file for firefox would be a little different than the example in that article. Something like this should work…

     

    echo “checking for Installers directory on the target…”
    if not exist \\%1\C$\installers mkdir \\%1\C$\installers
    if not exist \\%1\C$\installers\firefox3.6.4 mkdir \\%1\C$\installers\firefox3.6.4
    echo “copying Firefox install to install directory…”
    xcopy “\\MyServer\Updates\firefox3.6.4\*” “\\%1\C$\installers\firefox3.6.4\” /e /y
    echo “Installing Firefox…”
    psexec.exe \\%1 “c:\installers\firefox3.6.4\setup.exe” -ms
    echo “All Done.”

    Credits: http://www.appdeploy.com/packages/detail.asp?id=357 (For the silent install switch)


  • MYSQL Replication: Changing a Slave Database Server to be a Master-2

    By crmanski

    Senario:
    Our webservers use a database backend which is also replicated to two other servers. In the even that there is a failure then one of the others can take over. oldserver1.berlinschools.org was not doing well and was also the master in a mysql replication setup with two “slave” servers. One older (olderserver2.berlinschools.org) and one basically new (newserver.berlinschools.org). The need was to make it so oldserver1’s master status was passed onto newserver and oldserver2 would look to ne for slave updates.

    Preparation:
    To make this easier on myself first in preparation I made sure that every php/mysql web app that I have running is using a dns name for its mysql server setting (drupal, moodle, gallery, xoops, etc). I choose master.berlinschools.org. To test this name I made sure that the command: dig master.berlinschools.org would respond correctly. I also checked the hosts file for entries. One did have this setting, because it was using an external service provider’s DNS instead of our internal.

    Making it happen:
    I opened 3 separate terminals to each mysql server and logged in as root. Then I logged onto mysql as root with this command…
    mysql -u root -pMyMYSQL-PasswordHERE (Note: no space between -p and the actual password)

    DNS:
    I moved back to my dns configuration and punched in the new ip address for the mysqlmaster dns entry and forced DNS to update. I updated the HOST file on the one that needed it.

    MYSQL:
    On the master first ran…
    FLUSH LOGS;

    On the new master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;

    On the slave I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress; (current IP of newserver)
    START SLAVE;

    Back to the old master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;
    START SLAVE;

    See the MYSQL official replication FAQ for more information:

    http://dev.mysql.com/doc/refman/5.0/en/replication-faq.html


  • MYSQL Replication: Changing a Slave Database Server to be a Master

    By crmanski

    Senario:
    Our webservers use a database backend which is also replicated to two other servers. In the even that there is a failure then one of the others can take over. oldserver1.berlinschools.org was not doing well and was also the master in a mysql replication setup with two “slave” servers. One older (olderserver2.berlinschools.org) and one basically new (newserver.berlinschools.org). The need was to make it so oldserver1’s master status was passed onto newserver and oldserver2 would look to ne for slave updates.

    Preparation:
    To make this easier on myself first in preparation I made sure that every php/mysql web app that I have running is using a dns name for its mysql server setting (drupal, moodle, gallery, xoops, etc). I choose master.berlinschools.org. To test this name I made sure that the command: dig master.berlinschools.org would respond correctly. I also checked the hosts file for entries. One did have this setting, because it was using an external service provider’s DNS instead of our internal.

    Making it happen:
    I opened 3 separate terminals to each mysql server and logged in as root. Then I logged onto mysql as root with this command…
    mysql -u root -pMyMYSQL-PasswordHERE (Note: no space between -p and the actual password)

    DNS:
    I moved back to my dns configuration and punched in the new ip address for the mysqlmaster dns entry and forced DNS to update. I updated the HOST file on the one that needed it.

    MYSQL:
    On the master first ran…
    FLUSH LOGS;

    On the new master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;

    On the slave I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress; (current IP of newserver)
    START SLAVE;

    Back to the old master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;
    START SLAVE;

    See the MYSQL official replication FAQ for more information:

    http://dev.mysql.com/doc/refman/5.0/en/replication-faq.html