No one wants their last words to be "Oh my God! The old gypsy woman was right..."
While I still haven’t solved the whole “you don’t have administrator rights” thing in XP Pro, I thought I would go ahead and get crazy last night and install HardyHeron (Ubuntu 8.04)desktop edition on my laptop using Wubi to install it inside XP as a virtual environment.
The installation is pretty slick, and once done it loads very fast. Nice desktop. Now the real fun begins. I can’t get it to see my wireless network and it doesn’t see my 19″ Acer AL1916 LCD monitor. Ah the joys of working on computers 
If I can figure out the wireless problem then I’ll probably download the server edition and throw it on either my old P3 500MHz box, or the old P4 1.7GHz box that belongs to the company, add a wireless card and toss that in the basement (they’re both noisy) and use it for a home server.
Technorati Tags: HardyHeron, Ubuntu 8.04, Wubi, virtual environment, wireless network, Acer AL1916, home server
from Digistan
The Hague Declaration
Adopted and proclaimed
by the founders of the Digital Standards Organization
in The Hague on 21 May 2008.Whereas almost 60 years ago the Universal Declaration of Human Rights, established in international law these rights and freedoms:
1. Freedom from discrimination by government or law (Article 2, Article 7).
2. Freedom of movement within the borders of each state (Article 13.1).
3. The right to participate in government (Article 21.1).
4. The right of equal access to public services (Article 21.2).Whereas these rights and freedoms are today accepted by every democratic government and backed by the constitutions of most states;
Considering that all countries are moving, at different rates and from different starting points, towards a society in which full and effective participation in government and society, and access to public services, education and opportunity, are increasingly dependent upon access to electronic communications;
Considering more specifically that:
* Government information, services and resources are increasingly provided virtually rather than physically;
* Freedom of speech and association are increasingly exercised on line rather than in person;
* The Internet and the Web provide an unprecedented avenue to equality of education and opportunity for all peoples throughout the world;Considering that the benefits of the Internet may only be guaranteed, and our hard-won human rights may only be preserved as we make the transition to a digital society, by ensuring affordable, equal access to the Internet, and if the openness of the Internet is also preserved;
Considering the unique role that free and open digital standards can play in ensuring this result by fostering competition and innovation, lowering costs and increasing choice;
Considering that governments, through example and procurement, are uniquely able to ensure that all people achieve the benefits that free and open digital standards can provide;
Considering that these benefits are of particular importance to the economically, socially, and geographically disadvantaged peoples of the world;
Considering that there is increasing consensus on the attributes of a free and open digital standard;
We call on all governments to:
1. Procure only information technology that implements free and open standards;
2. Deliver e-government services based exclusively on free and open standards;
3. Use only free and open digital standards in their own activities.
Damn piece of crap MS code . (and no Dougie I won’t get a Mac). I’ve spent hours trying to install XP SP3 and I can’t get it to install. e first time I tried it failed and I think it was because of delays in my firewall requesting permission to let Windows Update install some parts when I was away from my computer. It went through the whole install procedure right up to and part way through final cleanup then told me that the update had failed. Well it didn’t completely fail as I noticed this morning that at least one Windows app - Remote Desktop Client had changed. So I tried again and this time I only got as far as the Windows Update page and as soon as I started the upgrade I get a message stating it can’t be done because I don’t have administrator privileges - wrongo Billo - I do. Anyway I logged of and this time logged in as Administrator - Ha! that ought to do I think. Sadly, no, same result - start the upgrade and get told I don’t have Administrator rights. So obviously a setting has been switched in the registry but I have no idea where. I checked in the control panel and both accounts have Admin rights - can’t figure out how to fix this and MS wants money to assist me. I’m really pissed. To add insult to industry another program I installed last night after all of this screwed with my VOIP softphone for work and it kept exiting with an error every time there was an incoming call grrrrrrr. It’s been uninstalled of course. IO’m not a happy camper today.
Technorati Tags: XP SP3, Windows Update, Windows Update, Administrator rights, registry, I’m really pissed
A Study of Passwords and Methods Used in Brute Force SSH Attacks (.pdf) a really good article on SSH security and a honeypot experiment the authors, Jim Owens and Jeanna Matthews, carried out. If you are interested in server security this is a must read.
On my own server I have implemented a lot of security features (thank you CSF), not the least of which is turning off password authentication for SSH and making it accessible by public/private key authentication only. Given that I get about a dozen brute force dictionary attacks a day, this allows me to sleep a little better. Hacked once makes Doug one very paranoid sysadmin. Still, I’m going to move SSH to a random high port number for a little extra security.
One of the more interesting parts of that study comes right at the start
For most of the recorded history of botnets, dating back to 1999, the robot computers, or zombies, that populate them have been understood to consist primarily of compromised systems running a version of the Microsoft Windows operating system [7,22]. Propagation of zombie code has been observed to occur through a number of Windows-specific worms, viruses, Trojans, and other forms of malware [3]. More recently, vulnerabilities in Linux machines are being recognized as an important part of the problem. In October 2007 Dave Cullinane, chief information and security officer at eBay, announced at the Trust Online conference that an internal investigation of the security threats faced by the online auction service had been traced to “rootkitted Linux boxes.” [20] Alfred Huger, vice president for Symantec Security Response, echoed Cullinane’s comments, saying that compromised Linux machines were frequently observed to make up a large portion of the command and control networks for botnets. [emphasis mine - Doug]
While it is true that computers running Linux are not subject to the many worms, viruses, and other malware that target Windows platforms, the Linux platform is known to be vulnerable to other forms of exploitation. A 2004 study conducted by the London based
security analysis and consulting firm mi2g found that Linux systems accounted for 65% of “digital breaches” recorded during the twelve-month period ending in October 2004 [6].
As someone who works in the datacenter business I can vouch for that conclusion. Customers who do not keep their OS, and more importantly the applications running on their servers, patched ultimately end up with a rooted system (and the usual intrusion point is a poorly written PHP script - I don’t know what its status is today but for a number of years PHPBB was highly vulnerable and the single most common source of rooted systems that we saw.)
Here’s a good starting point. Make your password at least 14 characters long (15 to 20 would be better), completely random string of letters, numbers and characters. If you can’t memorize it get yourself a cheap (but name brand, not made in China (as they often contain rootkits)) USB memory stick and keep it on there with no information attached to it that
That way if it is lost or stolen it can’t be used against you. Then, assuming you have created such a strong password, make it the only one you use (type it out often enough and you’ll memorize it )
Technorati Tags: A Study of Passwords and Methods Used in Brute Force SSH Attacks, SSH security, honeypot, server security, security, CSF, SSH, public/private key authenticatio, brute force dictionary attacks, random high port number, botnets, robot computers, zombies, rootkitted Linux boxes, strong password
I put up a new post at work today on Server Security
Technorati Tags: RackForce, server security
Don’t you just hate it when upgrades go wroing 
I upgraded Apache to 2.2.8, MySQL to 5.0.45-community and PHP to 5.2.6 last night and, if you tried visiting here you know it did not go well :(. Before you can recompile Apache on a cPanel system it’s always advisable to upgrade cPanel first to the latest version. That’s where things went wroing [sic]. It seems there was problem with the MD5 hash on one of the update files and at that point my limited skills fell apart and I had to get the great support guys at work (RackForce) to fix the cPanel upgrade for me so I could recompile Apache. This all started because I wanted to add some more layers of security , in particular suhosin to harden PHP. In any case, I’m back, I’m sure much yo your great disappointment LOL.
fwiw: if any of you are familiar with CSF (ConfigServerFirewall) my rating is currently
0 to 21 > Wet Paper Bag
22 to 43 > Dry Paper Bag
44 to 65 > Wooden Box
66 to 87 > Brick Wall
88 to 93 > Reinforced Concrete
*This scoring is just a bit of fun and does not reflect the security of your server or the relative merits of each check
and no I won’t tell you which two items I haven’t fixed yet
Technorati Tags: upgrades go wroing, Apache, MySQL, PHP, cPanel, MD5 hash, RackForce, suhosin, server upgrade, great support, using up my nine lives very quickly
Describe your problem: ____________________________________________
Now, describe the problem accurately: _____________________________
Speculate wildly about the cause of the problem: __________________
Problem Severity:
A. Minor__
B. Minor__
C. Minor__
D. Trivial__
Nature of the problem:
A. Locked Up__
B. Frozen__
C. Hung__
D. Shot__
Is your computer plugged in? Yes__ No__
Is it turned on? Yes__ No__
Have you tried to fix it yourself? Yes__ No__
Have you made it worse? Yes__
Have you read the manual? Yes__ No__
Are you sure you’ve read the manual? Yes__ No__
Are you absolutely certain you’ve read the manual? No__
Do you think you understood it? Yes__ No__
If `Yes’ then why can’t you fix the problem yourself?
___________________________________________________________________
How tall are you? Are you above this line? _______
What were you doing with your computer at the time the problem occurred?
___________________________________________________________________
If `nothing’ explain why you were logged in.
___________________________________________________________________
Are you sure you aren’t imagining the problem? Yes__ No__
How does this problem make you feel? ______________________________
Tell me about your childhood ______________________________________
Do you have any independent witnesses of the problem? Yes__ No__
Can’t you do something else, instead of bothering me? Yes__
[tags]BOFH, Bastard Operator From Hell,Tech Support,clueby,humour,humor,jokes[tags]
It seems everyone and their dog has a web bot these days. They are a major source of bandwidth use (which could cost you money), but, worse, each time one scrapes your site it registers in your web stats as a visit. Identifying bots is not easy. Some stats programs, like Firestats, the one I use on my blogs, have a list of known bots and ignores any hits from them. This is a good thing but there are unscrupulous bot overlords out there who try and disguise their activity by faking their browser/OS identification packet headers and spreading their hits out several minutes apart. Here’s a good example of one such bot out of the Ukraine* - probably a SPAM bot as the former SSR states are the major source of SPAM bots (it’s not just SPAM bots that are being unethical - there’s one bot out of Sweden that pulls the same trick and when one site owner confronted the bot owner he claimed to be developing a Nordic search bot.)
Note: those stats are not referrers, they are actual hits on the site from the same IP. 92.112.201.0/24 (that a Class C or 0-255 in the IP range) just hit my firewall deny rules
*inetnum: 92.112.109.0 - 92.113.255.255
netname: UKRTELNET
descr: Ukrtelecom IP access network
descr: NCC#
country: ua
remarks: E-mail for SPAM and abuse postmaster@ukrtel.net
admin-c: ARM42-RIPE
tech-c: ARM42-RIPE
status: ASSIGNED PA “status:” definitions
mnt-by: AS6849-MNT
source: RIPE # Filtered
person: Remiga Alexander
address: JSC UKRTELECOM
address: 18, Shevchenko blvd
address: Ukraine, Kiev
phone: +380 (44) 230-9024
nic-hdl: ARM42-RIPE
mnt-by: AS6849-MNT
source: RIPE # Filtered
Technorati Tags: web bot, bandwidth, web stats, Identifying bots, Firestats, SPAM
Like many people who have been using computers for a long time I regularly try out new software. For a long time I used ZoneAlarm as my client firewall (as backup to my router firewall - you are using a router between your computer and the intertubes aren’t you?), but I haven’t been too satisfied with it for some time now as it’s messages are too cryptic (not enough information.) Recently I discovered the Comodo free personal firewall and I can say without hesitation that it is great. Not only does it give you full information in a pop-up as to what is going on but it has a feature I really appreciate. When you are installing new software, unlike ZoneAlarm where you have to sit there and approve each request for change or access, you can set Comodo, in the first pop-up, to recognize the process as an install and it won’t bug you anymore until it is finished, at which point Comodo will remind you to switch back to defense mode.
Comodo has quite a few, very good,free security products available for download. I am currently using the firewall, iVault and anti-Spam programs and when my paid subscription to a AVG’s Anti-Spyware runs out I’ll switch to Comodo’s Anti-Malware software.
Technorati Tags: ZoneAlarm, firewall, router firewall, Comodo, iVault, Spam, Spyware, Malware
this is the type of software shit I just positively loathe. Logic I can deal with (quit laughing) but randomness I can’t….ever. Since my last post I have made no changes yet now quicktags.js is working and I can flip back and forth between Visual and HTML mode. I know it’s not a question of Firefox’s cache as I emptied that umpteen times while troubleshooting this, and it didn’t work in Opera or IE either. Now - it’s working. Go figure.
Technorati Tags: software, quicktags.js, Visual and HTML mode, Firefox, Opera, IE, random acts of software terrorism, WordPress 2.5
I have quicktags.js installed in the right place /wp-includes/js/ but they are not showing up in the editor. If anyone has any ideas on how to fix this I’m listening
I’ve also noticed that WP 2.5 does not seem to like switching back and forth between Visual and HTML editors.
Amazing!
Technorati Tags: Wii hack, 3d video, whiteboard, Johnny Lee
Here are a couple of interesting videos from the recent RSA conference. Enjoy!
In this first one Ron Teixeira, executive director of the National Cybersecurity Alliance discusses how education and technology could defeat the threat of botnets.
In this second video Yuval Ben-Itzhak, CTO Finjan, discusses the tools and techniques hackers are using to conduct attacks and also some of the latest threats to Web applications.
Technorati Tags: RSA, Ron Teixeira, National Cybersecurity Alliance, botnets, Yuval Ben-Itzhak, Finjan, hacker, attacks
I noticed something interesting today when looking at my stats for my humour blog. I’m not certain if it is someone scraping my site, a potential spam bot, an indexing bot or something else entirely. There were 26 hits spread over 42 minutes coming from 82.99.30.0/26 (that’s a 64 IP subnet in Sweden). Each hit was from a separate IP in that subnet. No two hits were from the same IP.
Information related to ‘82.99.30.0 - 82.99.30.127′
inetnum: 82.99.30.0 - 82.99.30.127
netname: MUNAXNET
descr: Munax AB
country: SE
admin-c: JG3201-RIPE
tech-c: JG3201-RIPE
status: ASSIGNED PA “status:” definitions
mnt-by: IP-ONLY-MNT
source: RIPE # Filtered
a traceroute to one of the IPs ends at
22 218 ms 320 ms 218 ms SESTO0001-RD2.ip-only.net [82.99.32.98]
before it hits a firewall
IP-only.net is an infrastructure backbone provider in Sweden
As there was no referrer listed in the stats I’ve ruled out someone posting a link to these jokes (and each hit was to a different page.)
AHA! - after spending the last 30 minutes or so researching this I found http://incredibill.blogspot.com/2007/11/munax-stealth-crawler.html, a very useful source of information on bots and Munax appears to be a very arrogant crawler out of Sweden - arrogant as in it ignores your robot.txt . Well screw you Munax - your entire IP range is now blocked at my server’s firewall.
I’m getting really sick of all the crawlers out there sucking up server resources and bandwidth.
Technorati Tags: MUNAXNET, robot.txt, Munax, crawlers, server resources
Symantec has released its Global Internet Security Threat Report Volume XIII. As it is a long document (105pp) here is the executive summary they put out
| Goods and services | Percentage | Range of prices |
|---|---|---|
| Bank accounts | 22% | $10-$1000 |
| Credit cards | 13% | $0.40-$20 |
| Full identities | 9% | $1-$15 |
| eBay accounts | 7% | $1-$8 |
| Scams | 7% | $2.5/week - $50/week for hosting.$25 for design |
| Mailers | 6% | $1-$10 |
| Email addresses | 5% | $0.83/MB-$10/MB |
| Email passwords | 5% | $4-$30 |
| Drop (request or offer) | 5% | 10%-50% of total drop amount |
| Proxies | 5% | $1.50-$30 |
Source:Global Internet Security Threat Report Volume XIII, page 23. (via SANS)
I found the figures on bank accounts and credit cards interesting as in my line of work I can tell you that ~40 - 45% of all credit card orders (this includes debit cards that act as credit cards) are fraudulent. On pretty much a daily basis I’m the first one to notify victims that their credit data has been stolen. I get a lot of thank yous for that.
Technorati Tags: Symantec, Global Internet Security Threat Report Volume XIII, Global Internet Security Threat Report Volume XIII, SANS, bank accounts, credit cards, fraud