Diary of a Network Geek

There is one, apparently.

So, it seems someone has figured out the answer to an old question which has often plagued IT professionals: How long are your skills good?  According to Eric Bloom, over at IT World, longer than you think.  He claims that the tech skills you have now will be half as marketable in two years.  If you read Slashdot, you’ve seen this article and the comments that followed.  Here are my thoughts, though.

First, I think it depends on the skills involved.
For example, if you’re working on Windows Server, your skills will probably translate fairly well and that two-year half-life is about right.  For Unix, maybe a bit longer than that.  For Novell, well, sadly, I’m not sure who actually uses that old warhorse any more, as much as it makes me sad to write it.  For other, less vendor oriented skills, I think two-years may be a bit short-sighted.  Take routers, for instance.  Now basic routing hasn’t really changed in quite a long time.  Even Cisco routers, the creme-de-la-creme of enterprise routers, haven’t really changed that much on the inside in the last 15 years.  I was in one the other day and I have to admit I was shocked at how quickly the skills came back to me after quite literally years of disuse.  Far more than two years, I might add.
Also, skills that are a little harder to quantify certainly stay “fresh” longer than those hypothetical two years.  Things like troubleshooting and the so-called soft skills involved with user support are something that I think are deeply engrained in someone.  They’re part of a work ethic.  So the customer service skills I learned more than 20 years ago when I worked for Hyatt Hotels are certainly still more than “good”.

Secondly, Mr. Bloom is talking about marketability, not actual utility.
So, the fact that, for instance, I don’t have a Cisco certification, even though I’m clearly capable of configuring a Cisco router, means that quite probably was never what he would have considered a “marketable skill”.  In fact, based on what many recruiters may have felt about the marketability of my skills, I should be farming beets right now, not working as the Lead Tech/IT Manager of a fairly prosperous design and manufacturing company.  Instead, of course, all through my career, I’ve managed to talk my way through the door and then show the people in charge that versatility and adaptability, not to mention mad Google-query-crafting skills, are far more important than any specific past experience or certification.

So, what about you, gentle readers?  What do you think?  How long are tech skills “good”?  And does working on legacy systems harm your future employability?

No, seriously, it is.

If it makes you feel any better, most people’s passwords are too weak.
I suppose you think it doesn’t matter how “strong” your Gmail (or Hotmail or whatever free email you use) password is, right?  Well, you’d be wrong.  I recently read an account about how one person’s Gmail account was hacked and used to spam and try to get her friends to send the hacker money, all posed as her.  Of course, that was after deleting more than 4 Gigabytes of stored messages and photos.  You can read that account, as told by her husband, over at the Atlantic, in an article titled “Hacked!”  It’s worth reading, especially if you’re not in the IT business.  And, frankly, even for a fellow professional computer geek, it might be eye-opening to see how hacked email accounts are being used these days.  I have to admit, I was a little surprised that the attacker in question actually used the account personally to try and con money out of the victim’s friends and family.

I was not, however, all that shocked to see how many accounts are compromised on a regular basis.  Think the thousands.  Daily.
Right, so thousands of email accounts on which people depend are hijacked, used and abused on a daily basis.  If it hasn’t happened to you, it’s probably only a matter of time.  So, how do they do it?  Shared, easily guessable passwords.
Yes, it’s that easy.
Stop for a minute and think about how many passwords you use on a regular basis.  How many are the same?  How many accounts do you have for things like bank accounts and credit cards and medical records that use the same password as your email?  And how many of those accounts use that same email address as the username?
Getting the picture?

So, what do you do?
First, stop reusing passwords.
Second, make more secure passwords.  And, don’t think that the old way of replacing “L” with the numeral one or the letter “O” with the numeral zero and that kind of thing will work, either.  The hackers are on to that.  It’s better to use words that are not in the dictionary.  So, yes, made up words.  Or, even better, phrases, which is what I’ve recommended for some time.  Having a hard time coming up with one?  Try using one generated randomly for you at passphra.se, a random passphrase generator which was inspired by an XKCD comic.  The comic explains the reasoning behind the passphrase idea and the generator.  Also, XKCD is pretty funny and if you’re geeky like me at all, it’s well worth checking out.

In today’s world, we’re way too interconnected and digital and reliant on those systems to have relaxed security.  It doesn’t matter if you’re a geek or not.  Please, think about your passwords and how easily they might be compromised.  Then think about what that might mean to your life, digital and otherwise.
Now, if you’ll excuse me, I have to go change some passwords…

Advice from your Uncle Jim:
"What is necessary to change a person is to change his awareness of himself."
   --Abraham Maslow

I guess QR codes aren’t quite dead yet!

Back in the day, hobos, or “gentlemen of the rails”, used to use a kind of code that let other hobos know important information.  For instance, if they marked a cat-like symbol on a fence, it meant that a kind-hearted woman lived at that house and might give a hungry drifter food.  Or, three diagonal lines means that the place is unsafe and a hobo should get out of there as quickly as they can.  (You can see more codes on Wikipedia.)
Well, someone has updated that for the modern world and smart phones.  That’s right, someone has made QR Code Hobo Codes.  Now, you can just print up templates and spray them with paint out there in the world and people can shoot them with their iPhone, or Droid, or whatever, and see the information.  And the codes have been updated for modern life, too!  Now, they’ve added things like “bad coffee”, “dangerous homophobes”, “camera perverts”, “no outlets”, and “insecure wifi”, among others.

So, who knew?!
Now, while you’re out adventuring this weekend, keep an eye out for QR codes to scan!  You may find some interesting things along your way!
Have a great Friday and enjoy your weekend!

I love free!

So, most everyone in my business has heard of Adobe.  Mainly because they’re the top design and graphics software publisher in business right now.  Well, they’ve released a FREE program called Muse that lets you layout and publish webpages without having to write code.  Now, myself, personally, I’m okay writing the HTML code behind simple webpages, but, frankly, it’s a lot faster to do it in a nice graphical user interface that’s filled with point-and-click tools.  Also, since this comes from Adobe, you know that they’re going to have a great interface and make it easy to use for the novice.  Not sure how the output is, but, frankly, for most users, as long as the page looks nice when they’re done, the code behind it doesn’t really matter.

The program itself runs on their Adobe AIR platform, which means it’s pretty lightweight and fast.  You can read about all the features on the Muse website.
Oh, and while this is free right now, it will, eventually, be for sale in 2012, when they’ll be charging by the month for it.  So, you’d better get this while you can!

Hey, free, creative software just in time for the weekend, how can you beat that?
Well, enjoy your Friday, in any case.

No, not a flu that your synthetic humanoid might catch.

Virus writers target operating systems with a large installed user base.  There’s nothing controversial or even particularly interesting about that statement.  It’s a generally accepted concept based on observation, if not actual hard facts.  For a long time, that’s why there were so many viral attacks on Windows.  Windows enjoyed the greatest market penetration, so Windows users had to put up with the most frequent attempts to penetrate their machines.
But, that’s changing as the distribution of operating systems changes.  Android, in various forms and flavors, is now the most installed operating system.  Yeah, that’s right, someone has been writing viruses (virii ?) that attack your Android phone.

I’ve seen two new stories about this today.  One from a Houston local tech celebrity, Dwight Silverman over at the Houston Chronicle, and elsewhere, both talking about a new Android Trojan that can actually record your voice conversations.
One of the things that people like about Android is that it can load software from places other than a restricted, safe, controlled marketplace, but, that’s also one of the liabilities.  Apparently, the malware takes advantage of that ability to load itself onto your phone’s SIM chip and force the phone to record conversations to the chip then, optionally, upload those recordings to a server, presumably controlled by an attacker.  It’s somewhat unclear how that process would be initiated, but the simple fact that it can do it at all is chilling to me.  Also unclear from the articles was whether or not this has been spotted in the wild.
Hopefully, not yet.

So, here’s another warning for you.  Your devices, of any kind, are not safe.  Not ever.  If you have them powered on and they can connect to a network, even if you think they aren’t, you may still be vulnerable.  The Internet, in all its forms, is a wild and wooly and dangerous place.
Be careful out there, people.

I hope so!

And, by that I mean, I hope all that Mac Malware we heard about a couple weeks ago is gone.
Now, I know several Mac fanboy blogs linked to the note I put up about the Mac malware some time back thought I was going out of my way to bash Apple, but, honestly, nothing could be further from the truth.  In fact, I hadn’t given it another thought until Ed Bott wrote “Where did all the Mac malware go?”  I threw the original story out there as a warning to all the Apple users who think the Mac and OS X is entirely free from any malware and utterly safe.  That’s just not true.  It is, I have to admit, much safer, in general, than Windows.  There are a couple reasons for that, but, mostly, it’s because of market share and how Apple does, well, everything.

So, that last explosion of malware may be the only shot you hear fired.  At least, for a while.
Frankly, I hope so.  And, I hope that it put enough scare into people that they take security seriously anyway.  As Apple’s market share grows, their products will all become a more appealing target for hackers and crackers.  Though I hope to be proven wrong, I suspect that there is malware being written to attack Macs and, possibly, iPhones and iPads.   In fact, that malware may be already written and just waiting for the right infection vector.  Maybe.

Maybe I’m just a bit cynical and I’m waiting for the proverbial other shoe to drop.
For years, Apple fanboys have told people that Macs were completely virus free and were more secure by their very nature.  Sadly, that’s not true.  We’ve heard the first shots fired in a new skirmish in the secret war for desktops of all kinds.  It’s big business.  I don’ t think this is the last we’ve heard about Mac malware.
But, maybe I’m wrong.  Maybe Apple has closed that hole and all the other holes, too.  Maybe the Macs are all safe and that’s why we haven’t heard about that malware recently.
Maybe.

But, can you afford to take the chance?

I’m always looking for short-cuts.

No, seriously, there’s only one of me and my time is in HUGE demand, especially at the office.  So, I’m always looking for ways to automate stuff so I don’t have to do it myself.  Back in 2008, I cobbled together an imaging system that relied on Linux and a whole lot of personal documentation.  (You can read that, in two parts, here and here.)  It worked pretty well and I was pretty damn proud of myself for both figuring it out and saving me a whole lot of time doing each individual install of a machine.

Well, recently, we’ve started upgrading our engineers and draftsmen to the latest version of AutoCAD and Windows 7.
Naturally, Windows 7 uses disks in a totally different way than Windows XP, so all that work I did is now pretty much useless.  Which, frankly, is par for the course in our line of work.  IT is always changing, so we have to adapt, whether we like it or not.  In this case, I don’t mind so much.  Why?  Because Clonezilla pretty much does everything that I was doing by hand, only it does it almost automagically.  Just to be clear, I’m using the Clonezilla Live version and saving the images to my server.  Now that I’ve upgraded the storage capacity to a little over 4 terabytes, I’m not so worried about saving images there.  Especially because I still have most of the office convinced we only have a single terabyte of storage and that they need to keep their directories on the server lean.  It doesn’t help much, but it’s enough.

Seriously, if you have to image machines, go check out Clonezilla.  It works and, best of all, it’s FREE!
(Also?  It’s pretty damn fast on my network, which is a huge bonus!)

I’m seeing traffic about this, so I thought I’d write up what I found.

I tweeted about a strange DNS-based network/malware attack that I saw on Friday, but, at the time, I didn’t see any interest, so I didn’t go into any real details.  Besides, I may be a hardcore geek, but I do have a life and was going out.  But, now, I’m seeing search engine traffic hitting my blog apparently looking for details, so I thought I’d describe the attack, as I saw it.

First of all, let me mention that I’ve seen a higher-than-usual occurrence of malware infections the past couple of weeks.  I mean, it’s a hazard of my business that, sooner or later, people are going to get infected, either through bad behavior or by accident, but the past three weeks or so I’ve seen way more problems like that than is even remotely normal.  So, bearing that in mind, I’ve been on a kind of high-alert status looking for any malware problems, but this was something new.

It started with someone from another location, who’s on a totally, physically separate network which uses a different internet service provider to connect to the Internet, calling me with a problem.  It was, apparently, a recurrence of a virus he had previously that we cleaned.  He described being taken to a webpage that featured a maroon graphic background with a white icon of a policeman holding up his hand to indicate “stop”.  The text on the page gave a message that said the user’s browser was not the correct version to access the page and that an upgrade was required.  Helpfully, it provided a button to press to receive the “upgrade”.  Obviously, the “upgrade” was an infection.  (You can see an example of the graphic here.)  Thankfully, I trained my users well enough to be suspicious of these kinds of things and no one who reported this actually clicked on it.

About the same time this happened, I noticed that my iPhone wasn’t connecting to the wifi hotspot I have setup in my office.  I checked the configuration and noticed that the DNS servers listed were wrong.  In fact, they’d all been replaced with a single DNS server; 188.229.88.7  Obviously, that seemed suspicious to me, so I opened a command prompt on my PC and did a tracert to see if I could figure out where this server was and, from that, why it had become the default DNS server on part of my network, despite my having very carefully configured totally different DNS servers that I knew were safe.  It looked like the tracert results showed me a network path that led out of the country somewhere, which was, to me, very suspicious.

Before I could really pursue that, though, I got another call from a user at my location reporting the exact same error message and graphic, but going to a totally different website! I went to his computer and checked the IP configuration and found that his DNS servers had been replaced by the rogue server as well.  I refreshed his network config, several times actually, and the DNS servers reset, but, when I thought to check some other people in the same area of the building, his configuration set itself back to the rogue DNS server!  So, I reset the local network equipment to clear the DNS cache, and whatever other caches may have gotten poisoned by this attack, and the problem seemed to go away.  Unfortunately, whatever had caused the compromise was still active and seemed to poison the DNS cache and the DNS configuration again.  It did seem sporadic, though, as if the ISP was trying to correct the issue at their end.

As far as I can tell, the attack actually seemed to be network-based in some way.
At least, I couldn’t find any computer on my network that was infected with anything that AVG, Norton Anti-virus, or Malware Bytes could find.  It is, I suppose, possible, that this attack was so new that no of those programs had an updated detection pattern for it, but, based on the lack of detection, and the fact that it happened on two physically separate networks almost simultaneously, leads me to believe that this was a network-based attack.  I suspect that an ARP cache or DNS cache or something similar was attacked and compromised on a major network router somewhere.  Possibly one of the edge routers at a trans-continental connection somewhere.  From the tracert results I had, it looked like it was the East Coast somewhere, leading to Europe via London to France, though I could be wrong.  It’s possible that was a blind alley meant to throw researchers off the trail in some way.
Also, as of this writing the rogue DNS server seems to be out of commission, though that might change, too.

The Internet is a wild and wooly place, ladies and gents, and you can’t always count on your friendly, neighborhood Network Geek to watch over you and keep you safe!  So, be careful out there!
(And, if you’re a fellow professional who’s seen this, too, leave me comments and tell me what you found!)
UPDATE: Looks like the server is still active, but my ISP has blocked DNS traffic to it, to fix the problem.
Also?  I hate the bastards that do these things.  I hate every last one of the little rat bastards!

UPDATE/FOLLOW-UP: So, it seems like a lot of people have been effected by this problem!
Check the comments for what other folks did and tools they might suggest to help with the problem.  Frankly, I wish I’d had known about those tools when I started my day!  Yes, I was *totally* wrong when I said it looked like it was coming in from outside the routers.  It was, in fact, *several* PCs that were infected with whatever it was.  I found it, much like at least one commenter, by checking the results of “ipconfig /all” in a command prompt.  I noticed that the DHCP server listed in the config was NOT my actual DHCP server!  So, as I went from machine to machine, I saw several PCs that kept coming up as DHCP servers.  I used Malware Bytes to scan the infected PCs and it seemed to clean them off.  At least, for now.  I’m not sure what I’ll find in the morning.
Apparently, Friday, when it looked like the problem was getting cleaned up, it was really just people shutting their workstations down early for the long weekend.
In any case, as at least one commenter has mentioned, it looks like updates for the various scanners should be coming out this week, so keep updating your antivirus and antispyware programs and scan your networks!  Well, scan them more completely and carefully than you already have.
And, as always, if you have any new information or suggestions for tools to clear up the issue, please, leave them in the comments!

Good news!

First, there are things you can do to protect yourself from this new Mac malware:
Start by disabling the automatic opening of downloaded files.  The world has changed for you Mac users and you simply can’t trust just any download any more.  Welcome to the world that Windows users have lived in for years and years.
Also, don’t let things install on your machine unless you’ve gone out looking for them!  Again, don’t trust anything that looks like an automatic update or a “free” program that wants to install automatically, especially if you haven’t been searching for any thing!
Seriously, you can’t trust people on the Internet.  I know this may come as a shock to the Hippie, “free-love” sort of people Mac users think themselves to generally be, but, yeah, not everyone on the Internet has your best interests at heart.  Well, except me.  You can trust me.  Honest.

Secondly, in a “few days” Apple will allegedly put out an update to make you safe again.
At least, that’s what they’re saying.  No definite deadline on that, though, so be careful and make sure to check your updates regularly!  Staying up to date on patches is one of the better ways to help prevent an infection.  Also, if you haven’t already, please, consider getting an anti-virus program for your Mac.  OS X is a growing target for hackers as the installed user-base grows, so, sooner or later, you’ll see more of these little nasties coming your way.  Your platform’s growing popularity will make it a growing target!  So, before it’s too late and you’re asking your friendly, neighborhood network geek for help in cleaning up the mess, install an anti-virus to prevent the mess in the first place.  The computer you save may be your own!

I told you Macs weren’t safe!

Does anyone listen to me?  No.  Well, hardly ever.
I’m sure you’ve seen the news by now that there are growing numbers of Mac malware attacks.  In fact, Apple Care, the official Apple customer service division, has reported a staggering jump in the number of malware related calls they received in just the past several weeks.  Apparently, according to the interview, it’s gotten to be quite a large problem in just that short amount of time.  They estimate that, now, up to 50% of all calls they get are related in some way to a malware attack on an Apple product.  The indication from the article is that everything is focused on Mac OS X machines, but, with larger market share comes a bigger prize for hackers, so don’t be surprised if iPhones and iPads and even iPods are attacked next!
Of course, what makes matters worse is that, allegedly, Apple Care representatives are being told not to help with malware attacks!  So, all that safety you thought you were buying with Mac?  Apparently, not the best investment.  Of course, security through obscurity never is.

So far, the threat seems to be confined to a single, aggressive bit of malware called MacDefender.  Go to the link and you’ll see a screenshot of what it looks like when it tries to install.  It looks just like a standard Mac program, right from Apple.  This is the same tactic that Windows users have been facing for years.  There’s nothing new here, outside of a new installed base of users who have never had to deal with malware before.  Mac users must look like sheep ready for fleecing to these crooks.  So, if you know Mac users, warn them and spread the word.

For those of you lucky enough to have escaped harm so far, buy and install an antivirus product and keep it up to date.
For those of you who haven’t been lucky, here’s a link to a MacDefender Malware Removal Guide. (Thanks, @joefarace!)

Incidentally, I’ve been talking about this for years.  I knew it would happen eventually, but, hey, who am I?  I mean, besides a front-line grunt that cleans up everyone’s machine when they get infected with digital herpes.  Not being a “pundit” or “respected industry figure” just means that no one takes you seriously, not that we don’t know what we’re talking about.  Because, believe me, I’m not the only network geek in the trenches who saw this coming.  We ALL did, but no one listens.

Like I wrote earlier, get the word out and show Mac users what they might expect before they get hit.
The day you save may be your own!