General discussion

Locked

The Bit Bucket

By gary ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

32 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

The Bit Bucket

by gary In reply to The Bit Bucket

General rants about live mostly centered on the IT Industry.

Collapse -

Welcome

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">My first blog posting................<br />
<br />Guess the best way to do this is to start by introducing myself.<br />I work in IT and Im a geek. Pure and simple!!!!<br />
<br />The 'plan' (or maybe that's better put as the loose set of ideas) for this blog is to pass on hints tips, tricks and comments on the IT industry, Along the way I have no doubt I'll post some useful stuff as well as some real crap and from time to time I'll go off on a tangent............<br />
<br />Enjoy the ride!</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/08/welcome.html">This post originally appeared on an external website</a></div>

Collapse -

Computer Security

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Ok, It's happended once again. A virus has been unleased that exploits a windows security hole.<br />
<br />I suspect a lot of people will think this is normal for windows and you'd be right, just a few years back we had SQL slammer, my doom and the 'love bug'.<br />So, if it's so normal for windows and everyone expects it why has it been allowed to happen again?<br />
<br />You'd think corporations and internet-savvy home users will be battening down the hatches, being ultra cautious of opening attachments, making sure AV definitions are up to date. Nope they are not.<br />
<br />Why not?<br />
<br />Because it's too much hard work. Stupid isn't it?<br />
<br />Corporations spend millions on servers, projects and basic security yet each time a hole is exploited they are not ready.<br />
<br />Why not? Well, a lot of it is because the staff are actually not that interested in making security a priorty. Think about this - Anytime you make something more secure you also make it a pain in the arse to administer because of that security.<br />Security is a balance between usability and protection yet it is something that will also cause the most number of arguments of anything.<br />
<br />Over the next few blogs I'm going to go into the world of computer security and show how a patch works, how to take it apart, test it as well as (hopefully) show a few things that just may make life a bit easier.<br />
<br />Keep reading :-)</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/08/computer-security.html">This post originally appeared on an external website</a></div>

Collapse -

Computer Security Part 1

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Computer security is not about eliminating risk. It's about managing it.<br />
<br />To elimate risk you'd need to swich off your PC, unplug the network cable and lock it in a safe and then hope that no one steals the safe.<br />
<br />Whatever happens there is always an element of risk when you have a computer connected to the internet.<br />
<br />Once you accept that risk the next step is to get to know the enemy and that enemy is quite simply everyone around you.<br />I'm sure you have received an email from someone that you know with an interesting subject line and then opened the attachment. You know you shouldn't, you know it's probably not going to be any good but yet you HAVE to see what the email contains.<br />Bang, you have a virus and may not even know it.<br />
<br />This sort of thing can be stopped but it means doing the one thing a lot of people loath. upsetting the users.<br />
<br />Firstly, there is no reason for ANY user aside from delegated accounts to have any sort of elevated admin access. You want to do something on the network? Go logon with the relevant account. Your own account should not have any special permissions.<br />
<br />I've seen many sites where the IT team are all domain admins and go around merrily logging on and forgetting to log off again afterwards.<br />
<br />Secondly, Remove administrator rights from the users. This WILL **** them off. Tough.<br />This second step ties nicely in with a sound policy that MUST be followed.<br />Too often I have seen places that have good polices over software installation that are then ignored simply because the company concerned doesn't know just how dangerous unauthorised software can be.<br />
<br />Of course, the question then is:<br />How can I as a member of the IT dept make sure the management know that they are at risk?<br />
<br />Remind them each and everytime. Unfortunatley, Management aren't very good at heading warnings and it will take a couple of incidents before they might, just, MIGHT pay attention.<br />
<br />It's a long shot but all too often it's the only shot we have.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/08/computer-security-part-1.html">This post originally appeared on an external website</a></div>

Collapse -

Tools for detecting Rbot and security holes that Rbot uses

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">As mentioned previously, There is now a vulnerability out on the net that exploits the latest security hole in MS Windows.<br />
<br />Whilst Microsoft has released a patch (<a href="http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx">MS05-039</a&gt it will only work on Windows 2000 SP4 and above so if your like the majority and running SP3 it's time to get over it and upgrade to SP4 then deploy these patches.<br />
<br />
<a href="http://www.eeye.com/html/company/press/PR20050812.html">Eeye </a>have released a free network scanning tool that will show what machines are vulnerable to this security hole. Note: It doesn't work on NT4 so other methods will need to be used to be sure that NT4 domain controllers are safe. Note that at this time there is no way of knowing for certain if they have been affected, it may well be that the architecture of NT4 is such that this security hole cannot be exploited.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/08/tools-for-detecting-rbot-and-security.html">This post originally appeared on an external website</a></div>

Collapse -

I WANT a security hole in Windows!!

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Raymond Chen has a pretty good blog called <a href="http://blogs.msdn.com/oldnewthing/">'the old new thing'</a>, this blog is partly based on his style. One of his common issues he, as an ms developer comes across, is 'people who ask for security holes' and its worth reading to get an idea of how misguided some peoples idea of security is.<br />
<br />In a similar vien I had a conversation that went like this:<br />'User x has changed the local admin password and removed domain adminstrators from local admins, how can I get admin access to the machine?'<br />
<br />When I semi patiently explained that such an ability would be a security hole and thst, generally speaking, you don't allow end users to be so disruptive he exploded 'Well, I'll bet MS has such a tool somewhere'.<br />
<br />Yes, Of course they do and I'll bet its called hack-my-pc-v1.exe<br />
<br />This is, of course, the very same sort of person who complains loudly about security holes when MS release patches.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/08/i-want-security-hole-in-windows.html">This post originally appeared on an external website</a></div>

Collapse -

Bulldog

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">There are some things that get under my skin, Cyclists riding through a closed cycle lane for one but Bulldog is one of two companies that has managed to REALLY get under my skin....<br />
<br />Back in March, The company I worked for designed that all IS staff were to have home DSL solutions installed. At the end of March I had a BT Engineer visit and install a new phone line - This was hooked up to Easynet and everything worked perfectly for two months.<br />
<br />Then comes along Bulldog who WITHOUT ANY AUTHORITY pull my Easynet connection and hook it up to themselves.<br />It took me a week to track down where the connection had been moved to but eventually I got through to Bulldog's complaints who appeared to be quite helpful without actually lifting a finger to get anything done.<br />
<br />a month into the problem, still with no DSL access I FINALLY get hold the complaints dept who promptly close ranks with a 'nuffing to do wiv us guv' type of attitude. Several unreturned phone calls and ignored emails later I have no choice but to lodge a complaint with ofcom which was subsequently dealt with by the company I work for.<br />
<br />I have no idea what happened with the OfCom complaint as I've never been told which is a bit frustrating but the most annoying thing about this whole episode is the one simple fact that there is NO department at BT that you can speak to who will sort these issues out. The only thing you get told is 'Can't happen'. At one point I managed to get hold of the DSL line provisioning dept who were horrified that I, a mere customer had even spoken to them as they only deal with ISP's.<br />
<br />Anyway, Last weekend I was out shopping when a bulldog customer agent came up to me and asked me if I wanted a Bulldog connection - I politely refused yet he persisted. The look on his face, when I told him just how bad I thought Bulldog is was an absolute picture.<br />
<br />Bulldog persist in sending me sales rubbish so I persist in being as annoying as possible to them - the perfect combination!!<br />
<br />I'd be interested to hear if anyone else has suffered problems from Bulldog illegally seizing thier phone/DSL circuit.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/11/bulldog.html">This post originally appeared on an external website</a></div>

Collapse -

Computer Security Part 2

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Ok Kiddies, I promised you that I would show you the mysteries behind security patches and this entry is the first part of that.<br />
<br />First of all, it's import to note what a security patch actually is.<br />It is simply one or more files that have corrections to code in them that close up certain loop holes in code that allows an undesired event to occur.<br />This will make more sense later.<br />
<br />For various reasons, security patches will fail to deploy or may say they are needed when they are not. These articles will hopefully explain why these events occur and give you the knowledge to fix them.<br />
<br />For now, You really should have access to the following:<br />A Windows 2000 SP4 box with SP4 and NO patches (vmware is excellent)<br />A Windows XP SP2 box with NO patches (vmware is excellent)<br />A copy of the Microsoft baseline security analyser <a href="http://www.microsoft.com/technet/security/tools/mbsahome.mspx">See this page</a>
<br />An <a href="http://www.etree.org/md5com.html">MD5 tool</a> (MD5SUM works particually and will be used in the examples)<br />The <a href="http://www.sysinternals.com/Utilities/PendMoves.html">Pendmoves</a> sysinterals tool.<br />
<br />A pen or pencil and some paper.<br />
<br />Let's take a Windows 2000 SP4 machine first.<br />
<br />Install the MBSA and perform a local scan looking for missing security patches first and you will find you can't because of an error message titled:<br />
<br />
<em>"the catalog file is damaged or an invalid catalog."</em>
<br />
<em />
<br />The fix for this problem is to apply the following <a href="http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx">security patch</a>
<br />
<br />It seems a little daft that a security tool actually can't work without a particular security patch being applied but there you go....<br />
<br />Once the patch is applied try running the scan again. You should see something similar to the screenshot here:<br />
<br />
<a href="http://www.gdwnet.com/blog/uploaded_images/mbsa_missing_2ksp4-743991.jpg">
<img alt="" border="0" src="http://www.gdwnet.com/blog/uploaded_images/mbsa_missing_2ksp4-739319.jpg" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" />
</a>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />That's enough for now - We have got the MBSA up and running and have a list of patches.<br />
<br />Next time I will show you how to break a patch.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2005/11/computer-security-part-2.html">This post originally appeared on an external website</a></div>

Collapse -

Computer Security Part 2

by ciebie95 In reply to Computer Security Part 2

<p><em>""   "the catalog file is damaged or an invalid catalog."</em> <br /><em><br />The fix for this problem is to apply the following <a href="http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx"><font color="#0000ff">security patch</font></a>  ""</em></p>
<p> </p>
<p><em>I had this problem for some time. None of the suggested solutions (from several internet forums) worked. Has nothing to do with downloading problems, firewals, etc. The security patch did not work, because I'm on XP/sp2. After several attempts, this worked for me:</em></p>
<p><em>- after downloading wsusscan.cab to (administrator) \......\cache   (one of the solutions that did not work at first), I ran "C:\Program Files\Microsoft Baseline Security Analyzer 2\MBSACLI.exe"  /nd   and to my surprise a 1kb "wsusscan.cab.dat" file appeared in the cache directory next to the .cab file. After that I can run MBSA2, although the download problem still exists.</em></p>
<p><em>Hope this helps somebody.</em></p>
<p><em>Regards, Kees.</em></p>
<p> </p>

Collapse -

Whatever happend to NTBUGTRAQ?

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">I've been on the NT Bugtraq mailing list for months and then one cold September night (it may not actually have BEEN cold but I digress...) the list seemed to disappear only to reappear months later with no posting, no announcement of security patches.<br />
<br />Its a shame because NTBUGTRAQ was one **** of a good site promoting the free flow of security information and teaching the uninitiated good security practises and now all that is left is a somewhat bleak site with no more postings.<br />
<br />I hope NTBUGTRAQ can be resurrected as without it the security arena is a more lonely and dangerous place.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/01/whatever-happend-to-ntbugtraq.html">This post originally appeared on an external website</a></div>

Back to After Hours Forum
32 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums