Diary of a Network Geek

I am not a designer.

This may be painfully evident from the look and feel of this website, which, I did not code myself.  It is a WordPress-based website which, at best, I have “themed” myself, but with lots of help from code “borrowed” via Google and other sources.  In fact, there are so many code sources it would be hard to link to them all or list them all or thank them all.  It’s the way of the web, I’m…
Read More

I am NOT a designer or web programmer.

Sure, I’ve dabbled with Perl enough to be a Level 11 Perl Monk on Perlmonks.org, but I’m not really a programmer.  And I’m sure not a designer, either, even though I can appreciate really good design work.  In fact, my ex-wife used to say that I was from the “big orange button” school of design, because I was more interested in the technology behind the button you pushed on a website than making…
Read More

In honor of the first Friday of NaNoWriMo, I’m bringing you a free writing tool and not from my usual main site.

This week, I’m originating my regular Friday Fun Post from JKHoffman.com, where I hope to move most of my more creative work, instead of my regular Diary of a Network Geek.
If you’ve given serious thought to writing, you have probably heard of both National Novel Writing Month, AKA NaNoWriMo, and a writer’s program called Scrivener.  Personally, I’ve done most…
Read More

Do you trust everything you see?

We’ve all seen QR codes, even if we may not have all recognized what they are.  These little, square dot patterns are everywhere these days, especially in advertising.  In fact, some people have gotten so used to scanning them with their smart phones to get more information about products and services that hackers are now exploiting them.  I recently read a very interesting article on TechRepublic by Michael Kassner titled Beware of QR Codes about an exploit found in the wild, and QR code exploits in general.  The problem is, we tend to trust them, mainly, I think, because they’re too new for us to have been burned bad by them yet, and they are popping up everywhere!  Pay attention as you go through your day and see how many of these little deals you bump into.  They’re in everything from magazine ads to product labels to posters to coupons!  Even Doonesbury has run a strip with a QR code in it!

So, as you swim out there, awash in the ocean of marketing and sales that we live in, pay attention to those who might subvert your complacency.  If it’s easy for you to use, it’s probably easy for someone to abuse, just like the QR code seems to be!

DNS has inherent weakness.

In it’s current form the Domain Name System, by it’s open nature, is pretty primed for exploitation.
Some of these attacks are more obvious than others, but there are two that I find particularly troubling.  More so that I can see them being used together to really mess with a website owner.
The first of these two attacks isn’t new.  But, the fact that it isn’t new and has been dealt with before doesn’t mean that it has suddenly stopped being effective.  The attack is called “DNS poisoning” and it works by corrupting the DNS cache on a server, which then forwards those poisoned DNS records as legitimate to other, unsuspecting servers.  The end result is that the attackers can redirect traffic from a legitimate website to their own site.  It’s hard to flat out stop right now, though, once discovered, it can be fixed with relatively little trouble.  This attack was used recently against several websites who were supporting SOPA and PIPA.  Of course, since these folks were trying to make a statement, it was pretty clear what had happened, so techs were working to fix it pretty quickly.
The second attack, which I would think include the first attack at its initial stages, is sub-domain hijacking.  In this attack, the attackers redirect the sub-domain of an existing site to another location.  This is a little more subtle and hard to detect.  In this case, the attackers are looking to profit from a well-established domain by “piggy-backing” on their reputation.  They poison the DNS records to point something like Viagra.google.com to their actual website, selling Viagra, or a site filled with spammy links that redirect a potential victim to their website selling Viagra, or whatever.   This attack takes a proactive system administrator to catch.  Since it doesn’t redirect any of the main, honest, actual site anywhere, but only uses its reputation to improve their own spammy links, it’s not always obvious that it’s going on.  Regular DNS record audits are about the only way to catch this, barring an angry end-user contacting the main site.

The internet is still a wild and wooly place sometimes, folks.  The reasons the professionals get paid what they do is because, theoretically, they have to deal with all that stuff and keep us safe!  Which reminds me, I have to go check my own company’s websites and DNS records, not to mention my own!
(The title, incidentally, was inspired by the movie that helped get me into this business, Sneakers. “Cattle mutilations are up.“)

There are more free sysadmin tools for Windows than you can shake a memory stick at these days.

But, here are a few of the better collections of them.
First, from Infoworld, 15 “Essential” Open Source Tools for Windows Admins.  I’m not sure I’d say these are all essential, but they are a pretty good start.  I can only vouch for three of them on this list; Wireshark, Nmap, and ClamWin Antivirus.  Though I’m familiar with them from the Linux/Unix world, these are the Windows equivalents and they work just fine.  Old network geeks will recognize Wireshark and Nmap as a reliable packet sniffer and a security vulnerability scan tool, respectively.  You may not be as familiar with ClamWin.  It’s based on the ClamAV engine, which in its Linux boot-disk incarnation, has saved my bacon more than once!  There are a couple inventory tools in this list I plan on looking more closely at, not to mention the add-on for Nmap they talk about.  Good stuff and worth checking out!

Secondly, from TechRepublic, there’s Five Free Windows Registry Cleaners.  Again, I’ve only used two of these five; CCleaner and Wise Registry Cleaner.  CCleaner does everything I generally need in regards to shoring up old, creaky registries, but I’m always looking for new tools.  The version of Wise Registry Cleaner I used was an older one, but it worked well enough.  And, it does have the nice feature of being able to backup and restore older versions of your registry.  Believe me, that can come in handy sometimes!

Thirdly, also from TechRepublic, Five Microsoft Tools to help with Server Management.  Of these five, again, I’ve only used one; dcdiag.  Naturally, it’s the only command-line tool in the bunch.  Though, I hear Microsoft has been talking about going back to a command-line, terminal interface for their server products.  I’m a little leary of any security utility that is based on a wizard, but I have to admit, at least it’s something that might encourage Windows sysadmins to do some work at securing their servers more.  And, I have to admit, I wish I had known more about the file server migration wizard a few years ago.  It sure would have helped me more than once!

And, finally, the venerable, but ultimately useful, More Sysinternals for Windows Admins.  Now, these I’ve used quite a bit!  At least, some of them.  All the disk usage utilities have been super helpful over the years in determining who has been sucking up all the drive space on my servers!  And I’ve used PsInfo to attempt to gather information in various attempts to inventory my various networks.  And, these days, everyone will need the RootKitRevealer sooner or later.  Sadly, almost everyone has been, or will be, effected by a rootkit virus of some kind.  It seems inevitable.

So, there you go, system administrators.  There’s my gift to you in the form of links to tools to do your jobs, faster, easier and more efficiently.  Enjoy!

Let’s start the year slow.

So, I’m sure a lot of you got new PCs or laptops, or upgraded your old ones, this holiday season.  Maybe it was a Christmas gift.  Maybe a Christmas gift to yourself.  Maybe you just took advantage of the post-holiday sales.  Whatever it was or how ever you got it, you probably are feeling the pain of reinstalling all those “essential” programs that you use on a regular basis.  Things like Firefox and Mozilla or Chrome and Skype or Winamp or Flash or .Net or iTunes or LibreOffice or any number of similar little things.  You’ll be feeling the pain of having to go to all those individual websites to collect the various install files to run.

Well, I have the solution to the problem you didn’t realize you had.  It’s a little site called “Ninite” and they call themselves “…the fastest way to install, reinstall or upgrade free software”.
You go to the site, check the different bits of software and click the “Get Installer” button and the site will serve up a downloadable installer file that will install the free software you checked on the form.  You run the file and your software gets installed.  That simple.  Oh, and the basic service itself is free.
Now, if you want to maintain that free software and keep it updated, they have a very reasonable service for that, too.  For the personal edition for a single computer, it’s just $9.99 a year, at the moment, but, of course, that may change.

Both the free and pay services are available for Windows or Linux, which I think is pretty damn extra cool.

Anyway, there’s your first fun/cool/useful link for the new year.  I think it bridges the fun, the free and the very geeky stuff that this blog is, I hope, known and appreciated for sharing.
Happy New Year everyone!

Hackers are porting Linux viruses (virii ?) to OS X.

Last week Monday, ZDNet reported that hackers have ported code for a trojan from Linux to Apple’s OS X.  For those of my readers who don’t know what a trojan is I’m referring to a malicious program that opens the door for other, usually even worse, programs to come into the infected operating system, like the Greeks did in the classic stratagem known as the Trojan Horse.  It hasn’t been seen in the wild yet, but apparently the C source code for this has been available for quite some time.

Frankly, I’m surprised that this doesn’t happen more often than it does.  In the old days, virus writers had to really know something because they used assembly to create them.  Now, with Windows and all the other object-oriented programming languages filled with bloated libraries of programming calls, along with the availability of existing code on the internet, they hardly have to know anything to write fairly nasty malware.  And, as I’ve mentioned before, as Apple laptops become more popular, more malware will start to show up there.  I’m sure it’s only a matter of time before they figure out how to infect iPads and iPhones, too, if they haven’t already.

I hate people like this.
I spent most of my day today cleaning a malware infection off a machine.  This little bugger had not only disabled the Windows Task Manager, which is pretty common these days, but it also cleaned out the Start Menu, including all the built-in things like the link to Control Panel and My Documents and all those things on the right side of the Windows XP default Start Menu.  But, it also flagged most of the drive as Hidden and System, making it even more difficult to load the software I used to clean it.  I had to go into Safe Mode just to get the system clean enough to restart into Safe Mode with Networking so I could update Malwarebytes, which is what I eventually used to get rid of the beastie.   (I used Spybot Search and Destroy to keep the malware from loading to make the machine useable with networking support so I could update Malwarebytes, incidentally.)
So, yeah, these slimeballs keep me in a job, but, really, I’d appreciate it if they stopped helping me stay employed.  I promise I can find plenty of other things to do!

So, look lively out there people!  Be suspicious of what you download and click on!

UPDATE:  Apparently, this has been found out in the wild now.  And, according to TechWorld, it has a purpose; to use your system to generate BitCoins for it’s evil masters.  Very clever.  Nasty, but, still, very clever.

No, seriously, it is.

If it makes you feel any better, most people’s passwords are too weak.
I suppose you think it doesn’t matter how “strong” your Gmail (or Hotmail or whatever free email you use) password is, right?  Well, you’d be wrong.  I recently read an account about how one person’s Gmail account was hacked and used to spam and try to get her friends to send the hacker money, all posed as her.  Of course, that was after deleting more than 4 Gigabytes of stored messages and photos.  You can read that account, as told by her husband, over at the Atlantic, in an article titled “Hacked!”  It’s worth reading, especially if you’re not in the IT business.  And, frankly, even for a fellow professional computer geek, it might be eye-opening to see how hacked email accounts are being used these days.  I have to admit, I was a little surprised that the attacker in question actually used the account personally to try and con money out of the victim’s friends and family.

I was not, however, all that shocked to see how many accounts are compromised on a regular basis.  Think the thousands.  Daily.
Right, so thousands of email accounts on which people depend are hijacked, used and abused on a daily basis.  If it hasn’t happened to you, it’s probably only a matter of time.  So, how do they do it?  Shared, easily guessable passwords.
Yes, it’s that easy.
Stop for a minute and think about how many passwords you use on a regular basis.  How many are the same?  How many accounts do you have for things like bank accounts and credit cards and medical records that use the same password as your email?  And how many of those accounts use that same email address as the username?
Getting the picture?

So, what do you do?
First, stop reusing passwords.
Second, make more secure passwords.  And, don’t think that the old way of replacing “L” with the numeral one or the letter “O” with the numeral zero and that kind of thing will work, either.  The hackers are on to that.  It’s better to use words that are not in the dictionary.  So, yes, made up words.  Or, even better, phrases, which is what I’ve recommended for some time.  Having a hard time coming up with one?  Try using one generated randomly for you at passphra.se, a random passphrase generator which was inspired by an XKCD comic.  The comic explains the reasoning behind the passphrase idea and the generator.  Also, XKCD is pretty funny and if you’re geeky like me at all, it’s well worth checking out.

In today’s world, we’re way too interconnected and digital and reliant on those systems to have relaxed security.  It doesn’t matter if you’re a geek or not.  Please, think about your passwords and how easily they might be compromised.  Then think about what that might mean to your life, digital and otherwise.
Now, if you’ll excuse me, I have to go change some passwords…

Advice from your Uncle Jim:
"When trouble arises and things look bad, there is always one individual who perceives a solution and is willing to take command. Very often, that individual is crazy."

I love free!

So, most everyone in my business has heard of Adobe.  Mainly because they’re the top design and graphics software publisher in business right now.  Well, they’ve released a FREE program called Muse that lets you layout and publish webpages without having to write code.  Now, myself, personally, I’m okay writing the HTML code behind simple webpages, but, frankly, it’s a lot faster to do it in a nice graphical user interface that’s filled with point-and-click tools.  Also, since this comes from Adobe, you know that they’re going to have a great interface and make it easy to use for the novice.  Not sure how the output is, but, frankly, for most users, as long as the page looks nice when they’re done, the code behind it doesn’t really matter.

The program itself runs on their Adobe AIR platform, which means it’s pretty lightweight and fast.  You can read about all the features on the Muse website.
Oh, and while this is free right now, it will, eventually, be for sale in 2012, when they’ll be charging by the month for it.  So, you’d better get this while you can!

Hey, free, creative software just in time for the weekend, how can you beat that?
Well, enjoy your Friday, in any case.