Diary of a Network Geek

Are there really any websites that aren’t essentially blogs?

Okay, I know there are, but, considering that some people estimate about 1 out of every 5 sites runs WordPress, it amounts to the same thing.
In any case, these two tools I’m about to share can actually be useful to any website design.

First, there’s the graphic “place-holder” generator, lorempixel.
Using their tool, you can find and download “place holder” images that are generic, in either color or b&w, and the size you need…
Read More

I am not a designer.

This may be painfully evident from the look and feel of this website, which, I did not code myself.  It is a WordPress-based website which, at best, I have “themed” myself, but with lots of help from code “borrowed” via Google and other sources.  In fact, there are so many code sources it would be hard to link to them all or list them all or thank them all.  It’s the way of the web, I’m…
Read More

No, not a real mother.

Maybe, not even a real invention, either!
I think science-fiction has changed a lot.  I don’t mean that it’s different today than it was when I was a kid, though, I think that’s true, too.  No, what I mean is that the intrepid science-fiction authors who have entertained us for so many years have actually changed things with their stories.  One way I think they’ve changed things is via invention.  They’re constantly coming up with crazy, new, almost magical inventions for their stories.  Devices that do things we’d like to be able to do or at least do faster or easier.  Some of these are pretty Earth-shattering, like a personal communication device you can fit in your pocket, and are so incredible that they actually inspire someone to invent them, like the cell phone.  (Okay, yeah, there may not be a direct link between science-fiction and cell phones, but, you have to admit, it existed in sci-fi before we had it in our hand!)
Well, a little site called Technovelgy has put together a timeline of science-fiction inventions.

It’s fun and I think if you look at some of these things, you’ll recognize their modern equivalent.  But, maybe most interesting of all is the stuff that’s been talked about in science-fiction that doesn’t exist… Yet.  So, here’s your chance, you freshly graduated engineers and hopeful inventors, pick something from the list and make it come true!
But, for the rest of us, check out the list and day dream your Friday away.

Not all 404 pages are created equal.

Most of us will never see a 404 page.  In fact, if things are going well on your website, 404 pages shouldn’t normally come up.  (For those of you not familiar a 404 page is the error page you get on a website when the page you’re looking for is missing or can’t be found.)  In the old days, 404 pages were pretty much blank, outside of the error message itself.  They were meant for developers to troubleshoot and debug their websites, really.  They were a kind of place-holder page and, at best, an irritant to the average internet browser.
But, as the web grew up and became more sophisticated, so have 404 pages.  On many sites, they’ve become a kind of “Easter egg“, offering a look at the wit and sense of humor of the site designers and programmers.  What was an annoyance has become a fun bit of art!

Clearly, not even all “fun” 404 pages are created equal, so here are the best 404 Pages according to Gizmodo, one of the premiere gadget and technology blogs.  My favorite is the one they feature first, which strikes me as especially funny, considering my frustrations with Match.com lately.  There are some really good ones there, some more fun and some more useful than others, but all worth another look.  And, even though I know these are Gizmodo’s favorites, there are plenty of good ones that haven’t been listed here.  If you have any, please, leave a link in the comments!

And, hey, why not go check out that gallery today?  It is, after all, Friday, and surely you’ve earned some slack time by now!

Hackers are porting Linux viruses (virii ?) to OS X.

Last week Monday, ZDNet reported that hackers have ported code for a trojan from Linux to Apple’s OS X.  For those of my readers who don’t know what a trojan is I’m referring to a malicious program that opens the door for other, usually even worse, programs to come into the infected operating system, like the Greeks did in the classic stratagem known as the Trojan Horse.  It hasn’t been seen in the wild yet, but apparently the C source code for this has been available for quite some time.

Frankly, I’m surprised that this doesn’t happen more often than it does.  In the old days, virus writers had to really know something because they used assembly to create them.  Now, with Windows and all the other object-oriented programming languages filled with bloated libraries of programming calls, along with the availability of existing code on the internet, they hardly have to know anything to write fairly nasty malware.  And, as I’ve mentioned before, as Apple laptops become more popular, more malware will start to show up there.  I’m sure it’s only a matter of time before they figure out how to infect iPads and iPhones, too, if they haven’t already.

I hate people like this.
I spent most of my day today cleaning a malware infection off a machine.  This little bugger had not only disabled the Windows Task Manager, which is pretty common these days, but it also cleaned out the Start Menu, including all the built-in things like the link to Control Panel and My Documents and all those things on the right side of the Windows XP default Start Menu.  But, it also flagged most of the drive as Hidden and System, making it even more difficult to load the software I used to clean it.  I had to go into Safe Mode just to get the system clean enough to restart into Safe Mode with Networking so I could update Malwarebytes, which is what I eventually used to get rid of the beastie.   (I used Spybot Search and Destroy to keep the malware from loading to make the machine useable with networking support so I could update Malwarebytes, incidentally.)
So, yeah, these slimeballs keep me in a job, but, really, I’d appreciate it if they stopped helping me stay employed.  I promise I can find plenty of other things to do!

So, look lively out there people!  Be suspicious of what you download and click on!

UPDATE:  Apparently, this has been found out in the wild now.  And, according to TechWorld, it has a purpose; to use your system to generate BitCoins for it’s evil masters.  Very clever.  Nasty, but, still, very clever.

Well, this is interesting…

Some time ago, I read about a revolutionary new idea in cameras; focusing after taking the photograph.
Having had autofocus occasionally grab the wrong thing in a photo, this idea intrigued me.  The idea that a camera could simply capture all the available light, store it in a photographic format, and let you choose later where you wanted to focus seemed, frankly, like an impossibility.  It seemed like science-fiction.  Well, apparently, the future is now, because this camera…
Read More

I love free!

So, most everyone in my business has heard of Adobe.  Mainly because they’re the top design and graphics software publisher in business right now.  Well, they’ve released a FREE program called Muse that lets you layout and publish webpages without having to write code.  Now, myself, personally, I’m okay writing the HTML code behind simple webpages, but, frankly, it’s a lot faster to do it in a nice graphical user interface that’s filled with point-and-click tools.  Also, since this comes from Adobe, you know that they’re going to have a great interface and make it easy to use for the novice.  Not sure how the output is, but, frankly, for most users, as long as the page looks nice when they’re done, the code behind it doesn’t really matter.

The program itself runs on their Adobe AIR platform, which means it’s pretty lightweight and fast.  You can read about all the features on the Muse website.
Oh, and while this is free right now, it will, eventually, be for sale in 2012, when they’ll be charging by the month for it.  So, you’d better get this while you can!

Hey, free, creative software just in time for the weekend, how can you beat that?
Well, enjoy your Friday, in any case.

I hope so!

And, by that I mean, I hope all that Mac Malware we heard about a couple weeks ago is gone.
Now, I know several Mac fanboy blogs linked to the note I put up about the Mac malware some time back thought I was going out of my way to bash Apple, but, honestly, nothing could be further from the truth.  In fact, I hadn’t given it another thought until Ed Bott wrote “Where did all the Mac malware go?“  I threw the original story out there as a warning to all the Apple users who think the Mac and OS X is entirely free from any malware and utterly safe.  That’s just not true.  It is, I have to admit, much safer, in general, than Windows.  There are a couple reasons for that, but, mostly, it’s because of market share and how Apple does, well, everything.

So, that last explosion of malware may be the only shot you hear fired.  At least, for a while.
Frankly, I hope so.  And, I hope that it put enough scare into people that they take security seriously anyway.  As Apple’s market share grows, their products will all become a more appealing target for hackers and crackers.  Though I hope to be proven wrong, I suspect that there is malware being written to attack Macs and, possibly, iPhones and iPads.   In fact, that malware may be already written and just waiting for the right infection vector.  Maybe.

Maybe I’m just a bit cynical and I’m waiting for the proverbial other shoe to drop.
For years, Apple fanboys have told people that Macs were completely virus free and were more secure by their very nature.  Sadly, that’s not true.  We’ve heard the first shots fired in a new skirmish in the secret war for desktops of all kinds.  It’s big business.  I don’ t think this is the last we’ve heard about Mac malware.
But, maybe I’m wrong.  Maybe Apple has closed that hole and all the other holes, too.  Maybe the Macs are all safe and that’s why we haven’t heard about that malware recently.
Maybe.

But, can you afford to take the chance?

I’m seeing traffic about this, so I thought I’d write up what I found.

I tweeted about a strange DNS-based network/malware attack that I saw on Friday, but, at the time, I didn’t see any interest, so I didn’t go into any real details.  Besides, I may be a hardcore geek, but I do have a life and was going out.  But, now, I’m seeing search engine traffic hitting my blog apparently looking for details, so I thought I’d describe the attack, as I saw it.

First of all, let me mention that I’ve seen a higher-than-usual occurrence of malware infections the past couple of weeks.  I mean, it’s a hazard of my business that, sooner or later, people are going to get infected, either through bad behavior or by accident, but the past three weeks or so I’ve seen way more problems like that than is even remotely normal.  So, bearing that in mind, I’ve been on a kind of high-alert status looking for any malware problems, but this was something new.

It started with someone from another location, who’s on a totally, physically separate network which uses a different internet service provider to connect to the Internet, calling me with a problem.  It was, apparently, a recurrence of a virus he had previously that we cleaned.  He described being taken to a webpage that featured a maroon graphic background with a white icon of a policeman holding up his hand to indicate “stop”.  The text on the page gave a message that said the user’s browser was not the correct version to access the page and that an upgrade was required.  Helpfully, it provided a button to press to receive the “upgrade”.  Obviously, the “upgrade” was an infection.  (You can see an example of the graphic here.)  Thankfully, I trained my users well enough to be suspicious of these kinds of things and no one who reported this actually clicked on it.

About the same time this happened, I noticed that my iPhone wasn’t connecting to the wifi hotspot I have setup in my office.  I checked the configuration and noticed that the DNS servers listed were wrong.  In fact, they’d all been replaced with a single DNS server; 188.229.88.7  Obviously, that seemed suspicious to me, so I opened a command prompt on my PC and did a tracert to see if I could figure out where this server was and, from that, why it had become the default DNS server on part of my network, despite my having very carefully configured totally different DNS servers that I knew were safe.  It looked like the tracert results showed me a network path that led out of the country somewhere, which was, to me, very suspicious.

Before I could really pursue that, though, I got another call from a user at my location reporting the exact same error message and graphic, but going to a totally different website! I went to his computer and checked the IP configuration and found that his DNS servers had been replaced by the rogue server as well.  I refreshed his network config, several times actually, and the DNS servers reset, but, when I thought to check some other people in the same area of the building, his configuration set itself back to the rogue DNS server!  So, I reset the local network equipment to clear the DNS cache, and whatever other caches may have gotten poisoned by this attack, and the problem seemed to go away.  Unfortunately, whatever had caused the compromise was still active and seemed to poison the DNS cache and the DNS configuration again.  It did seem sporadic, though, as if the ISP was trying to correct the issue at their end.

As far as I can tell, the attack actually seemed to be network-based in some way.
At least, I couldn’t find any computer on my network that was infected with anything that AVG, Norton Anti-virus, or Malware Bytes could find.  It is, I suppose, possible, that this attack was so new that no of those programs had an updated detection pattern for it, but, based on the lack of detection, and the fact that it happened on two physically separate networks almost simultaneously, leads me to believe that this was a network-based attack.  I suspect that an ARP cache or DNS cache or something similar was attacked and compromised on a major network router somewhere.  Possibly one of the edge routers at a trans-continental connection somewhere.  From the tracert results I had, it looked like it was the East Coast somewhere, leading to Europe via London to France, though I could be wrong.  It’s possible that was a blind alley meant to throw researchers off the trail in some way.
Also, as of this writing the rogue DNS server seems to be out of commission, though that might change, too.

The Internet is a wild and wooly place, ladies and gents, and you can’t always count on your friendly, neighborhood Network Geek to watch over you and keep you safe!  So, be careful out there!
(And, if you’re a fellow professional who’s seen this, too, leave me comments and tell me what you found!)
UPDATE: Looks like the server is still active, but my ISP has blocked DNS traffic to it, to fix the problem.
Also?  I hate the bastards that do these things.  I hate every last one of the little rat bastards!

UPDATE/FOLLOW-UP: So, it seems like a lot of people have been effected by this problem!
Check the comments for what other folks did and tools they might suggest to help with the problem.  Frankly, I wish I’d had known about those tools when I started my day!  Yes, I was *totally* wrong when I said it looked like it was coming in from outside the routers.  It was, in fact, *several* PCs that were infected with whatever it was.  I found it, much like at least one commenter, by checking the results of “ipconfig /all” in a command prompt.  I noticed that the DHCP server listed in the config was NOT my actual DHCP server!  So, as I went from machine to machine, I saw several PCs that kept coming up as DHCP servers.  I used Malware Bytes to scan the infected PCs and it seemed to clean them off.  At least, for now.  I’m not sure what I’ll find in the morning.
Apparently, Friday, when it looked like the problem was getting cleaned up, it was really just people shutting their workstations down early for the long weekend.
In any case, as at least one commenter has mentioned, it looks like updates for the various scanners should be coming out this week, so keep updating your antivirus and antispyware programs and scan your networks!  Well, scan them more completely and carefully than you already have.
And, as always, if you have any new information or suggestions for tools to clear up the issue, please, leave them in the comments!

Good news!

First, there are things you can do to protect yourself from this new Mac malware:
Start by disabling the automatic opening of downloaded files.  The world has changed for you Mac users and you simply can’t trust just any download any more.  Welcome to the world that Windows users have lived in for years and years.
Also, don’t let things install on your machine unless you’ve gone out looking for them!  Again, don’t trust anything that looks like an automatic update or a “free” program that wants to install automatically, especially if you haven’t been searching for any thing!
Seriously, you can’t trust people on the Internet.  I know this may come as a shock to the Hippie, “free-love” sort of people Mac users think themselves to generally be, but, yeah, not everyone on the Internet has your best interests at heart.  Well, except me.  You can trust me.  Honest.

Secondly, in a “few days” Apple will allegedly put out an update to make you safe again.
At least, that’s what they’re saying.  No definite deadline on that, though, so be careful and make sure to check your updates regularly!  Staying up to date on patches is one of the better ways to help prevent an infection.  Also, if you haven’t already, please, consider getting an anti-virus program for your Mac.  OS X is a growing target for hackers as the installed user-base grows, so, sooner or later, you’ll see more of these little nasties coming your way.  Your platform’s growing popularity will make it a growing target!  So, before it’s too late and you’re asking your friendly, neighborhood network geek for help in cleaning up the mess, install an anti-virus to prevent the mess in the first place.  The computer you save may be your own!