Diary of a Network Geek

Or, the lack thereof.

Okay, so, those of you who know me and my professional career know that security is near and dear to my heart.  Now, I’m no hacker or even a full time security professional, but I’m very, very aware of security and how important it is.  In my last post, I mentioned how much I love having so much wifi connectivity and how nice it was when I was in the hospital to have that easy access.  Well, that’s still true, but I also know how open and insecure that wireless connection is.
This year at DefCon, there was a very popular demo that showed just how easy it was to get information off a wireless connection and exploit it.  In fact, some poor attendee, who should have known better, got his Gmail account hacked, in public, because he didn’t secure his connection properly.  And, earlier this year, some German security experts went on at length about how insecure the WEP protocol is and why that shouldn’t be your only line of defense on wireless networks.

Now, as much as I enjoy my wifi, I’ve also been very vocal about how insecure wifi networks are, by their very nature, for years.  In fact, I got into a rather heated “discussion” with a co-worker and our mutual manager about that at a former job.  Somehow, neither of these gentlemen quite understood how throwing packets out all over, where anyone could snoop them, was an inherently insecure system, even if you used advanced encryption.  Encryption, as the hackers say, is meant to be broken, and sooner or later, it always is.  Again, this is all just logic and reason, but, in a world where anyone who manages a website and a handfull of PCs can call himself a Director of IT, the practical application of logic and reason is a rare thing indeed.
So, enjoy those free wifi connections at your favorite coffee house, but, keep in mind how easy it is for a hacker, or even a script kiddie, to pull vital information off that wide open connection.

(And, if you’re going to DefCon, check out their “Be Prepared” guide, or the DefCon survival guide at the Register.)

Advice from your Uncle Jim:
"A man is known by the company his mind keeps."
   --Thomas Bailey Aldrich

Microsoft has a new advertising campaign.

“People drive business” is their theme and they’re trying to get bloggers to include specific text in their blogs that include that “people ready business” message, along with links to the Microsoft marketing website, of course. Here’s the text they seem to have wanted people to include:

People drive business success. Human imagination creates the ideas that move business forward. Human conversations and human effort shape those ideas into products and services for the market. The unique ability of people to listen, respond, persuade, and think for themselves enables companies to sell effectively, serve their customers, and work together with their business partners in rich, satisfying ways that create lasting, high-value relationships.In an era where some see technology as a force that promises to make people subservient to highly structured or automated processes, Microsoft sees a better way to unlock the potential of every person. Systems can only create efficiency: It is people who create value. And the more people can do in their roles, the more value they can create. When Microsoft looks ahead, we see a world where organizations succeed by empowering people to harness information, expertise and the possibilities of complex networks with tools that give them insight, reach and opportunities.

Naturally, I’ve included all that just to screw with the search engines that will be spidering my website this week. Why? Well, I figure it’s got to make things worse for Microsoft and might actually boost my own rankings with all those highly-priced keywords that the marketing drones are no doubt shelling out for over in Redmond. I could be wrong, but, even if I am, it’s probably not going to do any damage to my Googlerank or my blog.

Not quite as exciting as gun-wielding maniacs…

But, this is still a big deal to Novell and Linux worshipers.   First, over the weekend, there was a story run by Reuter’s saying, in essence, that the Free Software Foundation might somehow ban Novell from selling or packaging Linux in the future.  Naturally, this sent a lot of people into quite a tizzy.  That would be a terrible blow to Novell, who’s really staked their future on the success of Linux and their products on Linux.  I would imagine their stock took quite a hit today.

Thankfully, the folks over at Linux Magazine have a clearer picture of what’s going on.  First,  the FSF doesn’t control Linux or Linux distribution rights.  Secondly, what they’re actually talking about is moving certain key utilities and chucks of code from the current license, the GPLv2, to a new license, GPLv3, which might, somehow, restrict who could redistribute the code.  Linus himself has said that he will NOT move the Linux kernel, which is the heart of Linux, to the newer, more restrictive GPLv3.  So, in short, what we have is a Linux community that’s panicked over the deal Novell made with Microsoft and is spreading a little, old-fashioned FUD.  Interestingly enough, that’s a technique that Microsoft used to fight Linux.  Oh, how the worm turns.

So, in short, while this all made for great pseudo news, it’s not much more than smoke and mirrors.  Of course, it’s smoke and mirrors that will no doubt effect Novell’s stock price, but, still…

Have I got a tool for you! (Oh, that sounded wrong in all the “not-safe-for-work” ways…)

So, I had this “little problem” at work with a machine from a remote site. We don’t have high-speed connections between offices, so each office is their own Domain, right? Well, no one could remember any username/password combonations on this machine so I could sign in and fix the other problem.
Luckily, I found the “Offline NT Password and Registry Editor“.

I used the bootable cd ISO and in less time than it took to download and burn the CD, I had reset the admin password and was working. Did I mention this is a free tool?

I have a dream.

It is a simple dream. No, not winning the lottery, or world peace, or the perpetual motion engine, or even a mythical trip to the Playboy Mansion. No, my dream is that I might get through an entire task without interruption, distraction, mishap, mayhem, or… Sorry, lost my train of thought because the dog started barking at something outside. Now, where was I?

Right, so, Monday, I started out with a few simple bullet items to accomplish. Easy, uncomplicated goals. Just configure a laptop and run a couple of cables out in the shop. Seems fairly straight-forward, doesn’t it? Sadly, those two simple, easy, straight-forward things are still not done, two days later.
Instead, I dealt with spy ware installed on a machine in Bellechasse. A machine that I personally cleaned of spy ware last week. In some cases, deleting, by hand, files and directories and Windows registry entries to kill the offending malware. Two full days I spent on this infernal machine, meticulously cleaning every last scrap of naughty code, only to have it completely reinfected not more than five minutes after it was powered on by the user. Why? Because, no matter how many times I tell my users not to click on any random link they get in e-mail from Bubba Mussolini or Archimedes Hirohito or Kwabena Mieles, no matter how fascinating their offer sounds. Nor should they click on any stupid web page that comes up in a search they can’t imagine would be a problem, no matter how personal it might be. And a guy who’s used AutoCAD for years asked me for help on printing. Me, who’s never so much as opened a drawing in the latest version of AutoCAD, much less tried to send it to a plotter. Naturally, I’ve got him printing in less than thirty minutes.
Then, at home, I made marinara which proceeded to find every piece of clothing I was wearing. That was followed by an attempt at a berry smoothie, made with frozen strawberries, blueberries and raspberries. A smoothie that was so thick and frozen it “poured” like a blender full of half-solid mud. The splash from that minor accident found the clothes that the marinara missed. But, before I could try to stop those stains from setting, I had to hurry and nail up some boards from the fence because my dog had tried to chase a squirrel through the rickety, old thing. Oh, and speaking of dogs, Hilda found something dead and nasty to roll in, after having had a bath Sunday. Now, even though I live far enough away from the city that I pass cows on the way to work, they’re still not in my backyard. Nor am I so close to the projects that she should have found a diaper in the backyard, so what she rolled in, I’m not sure, but, at least now, you have some idea what I was smelling while I tried to get it off her. Again.
(As an aside, I should note that Monday evening, while I was actually having fun installing a blog for a fellow blogger plagued by comment spam, I saw a gecko that was about the size of my pinky scurry across the floor. An hour later, I saw a cockroach by the back door that was at least twice the size of pinky. Who lost the bet with God that allowed roaches twice the size of their natural predator?)

Tuesday, was more of the same, but spiced with visits from phone switch vendors trying to sell me things that I’ve been told I can’t buy. Instead, I have to explain, carefully, to these people that I have two choices for phone switches because a mysterious, invisible “consultant” of some kind, who I’ve never met or talked with, has convinced someone who matters in my company that those are the only two choices that matter. Oh, and the guys in the shop who’ve been waiting on that cable since last week asked about it. And the director of sales needs a photo editor for the Mac he doesn’t want to use, so he can resize pictures to send to clients. And, the engineering department has rehired a former employee, so I need to shuffle people around to get to a computer that has to be totally reconfigured by Monday. (Which is actually an improvement, since I normally get an hour or two’s notice before the guy starts.) And, a giant monitor went out and needed to be replaced. And I have to spec out PCs and a new server, which I’ll have to go install, for that Bellechasse office. And… I’m sorry, something shiny passed by my screen. Where was I?

Oh, right, I should be planning for … Something. Shouldn’t I? Shouldn’t I be planning projects? Planning to improve their IT infrastructure? Something? Who knows. And, what’s more, I don’t have time to worry about it because about the time I have more than two minutes to string together, something else will distract me.
Well, at least they’re still paying me!
But, on the upside, tomorrow night I go in for my last therapy appointment. My head-shrink has pronounced me well. Or, at least, well enough to be turned loose without a keeper, which is all anyone can really hope for, right?

Well, now, if you’ll pardon me, it’s time to head off to work, so I need to put my cup and mouth guard in before I pull on my stain-resistant body armor.
You know, it really didn’t seem like such a big, impossible dream when I got into this business. Ah, well, maybe next year.

I really don’t mind flying with my boss, but I wish he’d stop saying that.

So, Thursday last week, things started to go wrong with our server in Bellechasse, or, as I think of it, the Sweaty Armpit of the Gulf Coast. First, it was a user who just couldn’t seem to connect. Then, there was another user who couldn’t connect, though that turned out to be a totally unrelated problem. After dinking around with the server and the workstation over the phone, we finally rebooted the server and the problems seemed to be solved.

Turns out, not so much. Friday I got a call shortly after 8:30AM letting me know that now four users can’t connect to the server. So, again, after a few minutes of screwing around with a work station, I had them reboot the server, figuring that what worked the day before should work again. Seems like sound logic, right? Well, it is a Windows 2000 server, so logic probably wasn’t the best tool to apply. Everything seemed fine, right up until the server hung up at the “Preparing network connections” message. We rebooted the server at least three times after that and even tried Safe Mode, but, to no avail. So, I broke the news to my boss who was barely able to contain his joy at having an excuse to fly.

I should mention that I’ve flown with him on several occasions without incident and, as far as I can tell, he seems to be a very fine pilot. Certainly the flight itself has been smoother than most commercial flights I’ve been on. And, being able to bypass any sort of security checkpoints or limited schedules is really nice. It means, generally, that I can fly over, fix the problem and fly back in the same day. All with out needing to fill out an expense report, I might add.

So, well before sunup on Tuesday, we flew over to a little flat spot on the edge of New Orleans they call Lakefront Airport. This trip, I noticed that the same roofs seemed to have the blue FEMA tarps over them, but more yards had the pre-distressed FEMA trailers in them. Not sure if that’s progress or not, but, somehow, it seems like it should be. At least more of the traffic lights were working. Certainly, that has to be considered progress.
In any case, we got to the office about 9:00AM and I walked right to the server and got to work. I started by rebooting, just to see if I was going to get lucky. Naturally, I wasn’t or this post would’ve just ended. So, I cycled through several different boot options and finally, after much weeping and wailing and gnashing of teeth, I got the server into a semi-stable state by booting into Safe Mode with Networking Support, but via the Repair Mode on the Windows 2000 install disk. (No, don’t ask me to recreate the steps because I wasn’t taking notes and I was probably running a fever.)

So, guesses on what was wrong? Out of disk space. Or rather, there wasn’t enough disk space for Active Directory to run properly. So, I killed a bunch of temporary files and cranked down on the size of the virtual memory paging file. Sure enough, when I rebooted into “normal” mode, the server came up and everyone was able to log in and all was well with the world. All done before lunch, I might add!
And, so it was that I humbly asked to be brought an oyster po’boy, dressed, sans tomato, with fries for lunch while I attempted to kill all spyware and adware and other such nastiness. What I got was a catfish po’boy, two hours later, and one machine that still has some spyware remnants on it that need to be cleaned up. How fleeting is glory… Oh, and that’s not to mention the several requests I got that were far, far outside the scope of “fixing problems”, which was, in fact, my stated purpose.

Interestingly enough, when we touched down again in Houston an essential piece of navigational hardware in the boss’ plane locked and threw an error message. Then, up popped the infamous Windows NT “Blue Screen of Death”, upside down on that oh, so essential monitor. Yes, boys and girls, our lives depended on hardware that runs the most unstable, buggy, crash-prone version of Windows I’ve ever worked with.
Yeah, we sure cheated death again. Barely.

Please note: I am not now, nor have I ever been, a trained killer.

I mention this right up front because;

• I have been accused of being such a person
• I’m about to write about killing

Now, as you may recall, I have purchased a 4 Gig iPod Nano. I love my little music-maker, even if it’s in the shop at the moment. I have been quietly ripping many, many CDs and syncing them to my beloved, precious iPod. But, I had no idea that my little, friendly iPod Nano could turn deadly. Apparently, I don’t get out enough because this article over at Gizmodo really woke me up to the deadliness of my adorable, little Nano: 8 Ways to Kill Someone with the Nano. I am not making this up. Hell, I could not make this up.

It’s Friday, so don’t give me any backtalk. Go, click the link and learn how to be deadly with your iPod Nano in time for the weekend.

An old “trick” that never seems to get old, even when it doesn’t quite work.

Every once in a while, I actually talk about technical stuff on this blog and this week, I’m focused on Google. Oh, sure, it’s called “Diary of a Network Geek”, but I generally talk about all sorts of geeky things that have nothing to do with computers or networking at all. Well, today you get a treat, gentle readers, and I’ll write a little technical bit about what this is and how it works, or doesn’t. Here’s the trick, in a nutshell: Google a specific site or page with no extra parameters, using the “site:ryumaou.com” syntax. (To hit a specific page, “site:ryumaou.com/hoffman/netgeek/“) When you get your search results, notice at the bottom of each description, there is a link labelled “Cached”. Click that and you’re looking at the page as it resides on the Google servers. At this point, normally, you’d not be hitting the actual website at all, but simply viewing the page as it was stored on Google’s servers when they spidered the site for their search database.

Now, normally, that would hide you from a web log, but not from this blog. Why? Good question. What you see pictured in the graphic on this post is a rookie mistake. Googlecache browsing doesn’t work well to conceal one’s IP address when browsing dynamic content. I know it might not always seem like it, but this blog is, actually, fairly dynamic. In this particular case, what tripped up our inexperienced sneak is a plugin, or set of plugins, running on the blog. Mainly, it was the plugin that makes the pretty title graphics via PHP. When our tricksy, little Hobbit hit the Googlecached page, his browser made a call directly back to code stored on my site to generate the cool graphics. Graphics which, because they are generated dynamically, are not stored in Google’s cache, but created “on the fly” every time someone hits my page. Interestingly enough, even if our erstwhile intruder had turned off the ability to view graphics in his browser, the PHP code would have still generated graphic, thereby alerting me to his rather weak attempt to conceal his identity.
The only thing one might gain from this “hack” is the ability to get around a blocked IP address. Sadly, the sneak doesn’t need to do this, as I block very few IP addresses at all. For one thing, an IP block is of limited value for blocking spammers, since they change IPs regularly to avoid such blocks. For another, to deal with spam and other unwanted visitors, I have other tools that work much better. So, really, all this particular tricksy, little Hobbit did was, well, waste their own time and give me a handy topic to write a quick piece about very basic web security.

So, um, thanks. Now, c’mon in from the cold and just browse the site to your heart’s content, okay? Oh, and don’t forget to vote on the poll in the sidebar there everybody!

Advice from your Uncle Jim:
"Whether one believes in a religion or not, and whether one believes in rebirth or not, there isn't anyone who does not appreciate kindness and compassion."
   --Dalai Lama

If the only tool you have is a hammer, you tend to see every problem as a nail.
–Abraham Maslow

So, I’ve been doing a lot of strange things at work the past couple of weeks. And, by strange I mean working around problems like trying to get things done without spending money. That always seems to lead me through some interesting back doors and into areas that I’ve not been before.

First, I was asked to do some browser forensics. Basically, it was supposed that a particular employee, no myself, was spending a little too much tiem on the web. I was tasked with finding how much time and where they were going. Simple enough, right? Well, I had to do it on the “down low” and without sitting at their computer. Enter, Webhistorian, by Mandiant. This utility let me grab history files and arrange them into a nice, easy-to-read report that told me where, when and how long my intended target was spending time on the web. That combined with a drive mapped to the administrative share on his computer showed… That he was actually relatively innocent. Yeah, he went to some sports websites, but only first thing in the morning and at lunchtime. Nothing worth firing him over, at any rate.

Next, there was a more, um, general security question. And, okay, it wasn’t actually at work, but it’s good to know for work. A friend thought her computer might have been inadvertantly used in the comission of a crime by a “guest” and asked me to check it out. I can’t go into details because of pending legal action, but I decided to let her take it to the proper authorities first, in case I were to mess up any evidence. Once they’re satisfied, however, I’ll take a look at it. And, thanks to another blog I read, I’ll be using something called Helix.
I have read the aforementioned blog, A Day In The Life Of An Information Security Officer, for, well, years, actually. Mostly, it’s just an interesting diversion, but sometimes, I get good ideas from the posts and case files. This time, the new tool came from the comment section. Helix was suggested by another faithful reader. It’s a bootable, “live cd” Linux distribution. It’s also free, which is one of my main criteria for the tools I use.

I also had to clone a giant Windows XP disk this week. I tried a number of utilities, including Symantec’s Ghost, but it was another Linux distro that saved me. This time, I used Knoppix. Also a bootable, “live cd” distro which is available free from the Internet. I found the command by accident while searching for something else, but I also discovered there are other ways to clone a cd via Knoppix. My Google search turned up several HowTo documents. There was one on Knoppix.net’s forums, another on Linux.com and a third on Just Linux. I used the third method first, which turned out to not work so well at all. Something to do with XP and how finicky it is about hardware and booting, I suspect. So, I finally moved on to the appropriately named NTFSClone. I still had problems making it bootable, but I attribute that to the old disk running Windows XP. I hate XP. Truly. Still, I managed to have some good fun with all the different attempts. I enjoy a good intellectual challenge!

These days no one can afford to be just a “Windows Admin” or just a “Novell Admin” or, even just a “Unix admin”. We have to use the right tools to get the job done, whatever that looks like.
I’m the man behind the curtain who makes the great and powerful Oz go. If I want to outwit the flying monkeys that the Wicked Witch of the West sends after me, I’d better have a whole lot of tools in my toolbox besides my magic ruby hammer.
Even though I’m Linux certified, I don’t work with it enough for my taste, so I’ve finally gotten off my lazy butt and installed Open SuSE on two old laptops I have at the house. Again, it’s free and so were the laptops. One is an old Dell that came from an old job. The other is a Compaq that a friend gave me because he knew I’d get more use out of it than anyone who he might donate it to for the tax write-off. Either that, or I’ve become a charity. Hey, it could happen!
In any case, I’m working on expanding my toolbox, one piece at a time. And, now, you can take advantage of my tinkering to expand your own digital toolbox. Have fun with the new toys!

Ever wonder what various Google AdWords pay per click? Well the rumor over at bOingbOing has it that the breakdown goes like this:
$54.33 for “mesothelioma lawyers”
$47.79 for “what is mesothelioma”
$47.72 for “peritoneal mesothelioma”
$47.25 for “consolidate loans”
$47.16 for “refinancing mortgage”
$45.55 for “tax attorney”
$41.22 for “mesothelioma”
$38.86 for “car accident lawyer”
$38.68 for “ameriquest mortgage”

Those prices are per click, mind you. So, is it any wonder why people make entire blogs dedicated to subverting the Google Advertising system to boost ratings these key words? I’m not sure if they’re still doing it, but people used to created blogs just filled with certain keywords and redirects to their website to generate both traffic and a better click/dollar ratio. Pretty sneaky, isn’t it?

Now, of course, I would never do something so dirty and underhanded as all that, but, well, we all know how morally upright I am and all that. (Hey, that’s “upright”, not “uptight”!) I would also not ask anyone to click on the advertisments on my site, but only because it would violate the Google AdWords agreement and get me into trouble. Not that the advertising has helped much, to be honest. I had hoped to make enough money to pay for my monthly server fees at my webhost, but, sadly that’s not how it’s working out. Not that my webhost is expensive, because they’re not, but my click-through rate is terrible and the pay-out has been, well, hardly worth mentioning. I think we’ve become so numb to on-line advertising that we just ignore it, mostly. Even I fall into that trap, though, I do try to click on advertising on sites I like to show my support for them. I hope it makes enough of a difference that they don’t have to resort to a super-sneaky blog dedicated to that above-mentioned list of advertising words.
But, somehow, I doubt it.