Bob's Tech

Internet Explorer CSS Tag Parsing Code Execution Vulnerability

2010-11-05T09:48:00.000-06:00

Yet another IE Code Execution Vulnerability:

Description:

Internet Explorer, Microsoft's flagship browser, is susceptible to a memory corruption vulnerability. The code responsible for parsing cascading stylesheet (CSS) tags can be made to overwrite a pointer to a virtual function, potentially resulting in code execution.

The beta version of Internet Explorer 9 is not susceptible, but other versions are. An attacker must entice a target to view a malicious site in order to exploit this vulnerability, which can be used to execute arbitrary code on the target's machine. No updates are currently available for this vulnerability, which is being actively exploited in the wild.

Status: vendor confirmed, updates not available

References:

SecurityFocus Bugtraq ID http://www.securityfocus.com/bid/44536

Again, why are you still using IE? Really, why?

-Bob

Amazon S3 IP Blocks

2010-07-29T18:18:00.000-05:00

Today I need to help a customer that uses Amazon S3 for offsite backups (using duplicity). Up until now they had been accessing S3 through a squid proxy to get the data to and from S3. This enables them to limit the outgoing HTTP connections from their hosts.

Recently, they discovered that the performance of backups has been highly variable and restores are extremely slow. In testing today we found that performance through the proxy (with just duplicity) was much slower than it was going direct to S3. Of course, this now caused some problems with firewall configuration. In order to try to limit access, we need to find the IP addresses that are used by S3. Unfortunately, this does appear to be an easy task. Google was not immediately helpful.

I then started looking at DNS. It appears that *.s3.amazonaws.com goes through a number of CNAME records before arriving at an IP address. The last step alone the way appears to be one of three host names:

s3-1-w.amazonaws.com.
s3-2-w.amazonaws.com.
s3-3-w.amazonaws.com.

It appears that each of these host names resolve to IP addresses in different blocks. By running whois queries against an IP address in each block I was able to discover the following blocks:

72.21.192.0/19
87.238.80.0/21
207.171.160.0/19

For now, this is good enough...

-Bob

The Perseids are Coming

2009-08-11T16:38:00.003-05:00

From: http://science.nasa.gov/headlines/y2009/31jul_perseids2009.htm

For sky watchers in North America, the watch begins after nightfall on August 11th and continues until sunrise on the 12th. Veteran observers suggest the following strategy: Unfold a blanket on a flat patch of ground. (Note: The middle of your street is not a good choice.) Lie down and look up. Perseids can appear in any part of the sky, their tails all pointing back to the shower's radiant in the constellation Perseus. Get away from city lights if you can.

-Bob

A couple of Microsoft Zero Day Vulnerabilities

2008-12-11T20:38:00.002-06:00

For those still using Internet Explorer for regular web browsing, you need to read this:

From the "@RISK: The Consensus Security Vulnerability Alert - Week 50 2008"

(1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (0day)

Affected:

Microsoft Internet Explorer 7 and possibly prior

Description: Microsoft Internet Explorer contains a remote code execution vulnerability in its handling of certain XML structures. A specially crafted web page can result in remote code execution with the privileges of the current user. This vulnerability is currently being exploited in the wild, and is reportedly not mitigated by the most recent Microsoft patches. No further technical details are publicly available for this vulnerability.

Status: Vendor confirmed, no updates available.

References:

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/961051.mspx

SecurityFocus BID

http://www.securityfocus.com/bid/32721

US-CERT Vulnerability Note

http://www.kb.cert.org/vuls/id/493881

Network World Article

http://www.networkworld.com/news/2008/120908-new-web-attack-exploits-unpatched.html?fsrc=rss-security

SecurityFocus BID

http://www.securityfocus.com/bid/32721

***********************************************

(2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (0day)

Affected:

Microsoft Windows XP prior to Service Pack 3.

Description: Microsoft WordPad is a Rich Text Format (RTF) editor included by default in Microsoft Windows. It is the default viewer for RTF files. It contains a flaw in its Text Converter component. A specially crafted RTF document could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is being actively exploited in the wild and is reportedly not mitigated by the most recent set of Microsoft patches.

Status: Vendor confirmed, no updates available.

References:

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/960906.mspx

US-CERT Vulnerability Note

http://www.kb.cert.org/vuls/id/926676

SecurityFocus BID

http://www.securityfocus.com/bid/32718

So why aren't you using something else? If you didn't know, there's Chrome, Firefox, Opera, and Safari available for Windows users, among others. The excuse that "I need IE for site X" may be valid for site X, but, why are you using it for everything else?

-Bob

How to set size limits for messages in Exchange Server

2008-10-10T14:25:00.003-05:00

I was asked by a customer today how to configure the SMTP message size limit in Exchange. Here is what I found: http://support.microsoft.com/kb/322679

-Bob

BlueScreen Saver...

2008-06-28T00:43:00.004-05:00

This has got to be one of the funniest screen savers there ever was, BlueScreen. Of all places, this one comes from Microsoft (http://technet.microsoft.com/en-us/sysinternals/bb897558.aspx).

One of the "Top 10 Harmless Geek Pranks".

-Bob

Footpeg springs for the Oset

2008-06-14T22:45:00.007-05:00

I had enough of watching how frustrated my son got with the foot pegs on his Oset. Frequently, as he picked up his feet, the would brush by the foot pegs and the one (or both) of the foot pegs would stick in the folded position. Often this would occur just as he was about to enter a section. This would cause to stop and reset the pegs before continuing. Here's how the foot pegs look on a stock bike (click on the images for larger versions):

Obviously, something had to be done...

A trip to the hardware store was in order to find some suitable springs. After a bit of searching, I found these:

Back at home, it was time to figure out how to put these in place. I started by drilling a hole in the leading edge of each foot peg (see red arrow). The hole was just slightly large then wire diameter of the springs. The hole positioned so that the straight part of the spring would reach to the inner end of the plate portion of the foot peg (see the yellow arrow):

For the other end of the spring, I drilled a hole in the frame just below the foot peg mount. To test this idea I used Ring Terminal electrical connector:

I removed the insulation and threaded the other end of the spring (the end with the loop like a key ring) on to the ring terminal. The ring portion of the ring terminal was "bolted" to the frame using the hole I had drilled just below the foot peg mount. Here are the results:

This done with just a drill and common hand tools. If had a welder, I would have welded a small loop to the frame just below the foot peg mount. This would be much more solid than the current configuration.

So far, this has held up through two events. I've lost count on the number of time the bike has fallen over. Only once did I have to crimp one of the ring terminals back together.

Total cost: about $4.

If you have any suggestions for improvements, please let me know!

-Bob

The BristleBot

2008-03-26T16:26:00.003-06:00

Check this out:

At least a few minutes of fun...

Now, where can I get a pager motor?

-Bob

Computer Stupidities

2008-02-29T15:46:00.001-06:00

Do you want to waste a lot of time ROTFL? Try: http://rinkworks.com/stupid/ It's a great collection of all of those IT support stories that you've been looking for.

Thanks Ron!

-Bob

Vomit or Linux: your choice

2008-02-29T15:42:00.002-06:00

"Imagine standing on the road. An oncoming car is heading rapidly towards you. You have a choice to move, or to stay. Now consider that in business you need to choose a server platform wisely but often Windows shops become entrenched because it is the status quo. A couple of user experiences show why you ought to think about it more."

For the rest: http://www.itwire.com/content/view/16891/1141/

-Bob

Head Tracking for Desktop VR Displays using the WiiRemote

2008-02-14T23:20:00.003-06:00

Is this cool or what?

-Bob

backup-clamav.sh - backup ClamAV data files prior to upgrade

2007-12-24T02:57:00.000-06:00

#!/bin/sh
#
# backup-clamav.sh - backup ClamAV data files
#
# History:
# 2007/12/23 rwsiv1@gmail.com
# Created this file based on the ClamAV documentation (http://wiki.clamav.net/Main/UpgradeInstructions).
#
# Notes:
# This file can also be downloaded from: http://docs.google.com/Doc?id=dgwx5z52_90ftmz92gg
#

BACKUPDIR="/tmp/clamav"
TIMESTAMP=`date '+%Y%m%d-%H%M%S'`
ETCDIR="/usr/local/etc/"
BACKUPETCFILE="${BACKUPDIR}/backup-etc-${TIMESTAMP}.tgz"
SIGDIR="/usr/local/share/clamav/"
BACKUPSIGFILE="${BACKUPDIR}/backup-sig-${TIMESTAMP}.tgz"

#
# Functions
#
# failed() - print an error message and exit.
# args: message [errno]
#
failed () {
EXITCODE="1"

if [ -n "$1" ]; then
echo "$0 - $1"
if [ "$2" -gt 0 ]; then
EXITCODE="$2"
fi
fi
exit ${EXITCODE}
}

#
# Make sure that the backup directory exists
#
[ -d ${BACKUPDIR} ] || mkdir ${BACKUPDIR} || failed "unable to access or create ${BACKUPDIR}"

#
# Backup the directories
#
# etc files
#
cd ${ETCDIR} || failed "unable to cd to ${ETCDIR}"
tar czvpf ${BACKUPETCFILE} /usr/local/etc/clam*.conf /usr/local/etc/freshclam.conf
#
# signature files
#
cd ${SIGDIR} || failed "unable to cd to ${SIGDIR}"
tar czvpf ${BACKUPSIGFILE} /usr/local/share/clamav/

Block adult sites with OpenDNS (for free!)

2007-09-27T14:54:00.001-05:00

Do you want to block access to adult sites from your network? Want to do it for free?

If so, just use OpenDNS. Create yourself an account and configured your account to "Block Adult Sites". What could be easier?

In additional to being able to block adult site, you can also block or whitelist any domain that you choose. OpenDNS put the power in your hands.

Can you tell I like it? I expect that you will too!

-Bob

VMware VMX-file parameters

2007-08-30T09:08:00.000-05:00

Today I found this site: VMX-file parameters that documents most, if not virtually all, of the VMware .vmx file parameters.

-Bob

Using my XV6700 as a USB wireless modem

2007-08-16T02:27:00.001-05:00

Tonight I was challenged with finding a way to get an Internet connection from my laptop when the DSL connection I am using (at my Dad's house) at the moment is down.

At the moment I am accessing the Internet from my laptop (Vista) using my XV6700 as a wireless modem (USB connection). It was a bit of a challenge, but, I was able to getting it working. It much easier to establish a bluetooth connection, but, the USB connection offers much better speed. If I were in 1X land BT would have been fine. But, given that I have a strong EVDO signal here in KC, MO, I wanted to see how well it could run.

After a bit a swapping back and forth from the BT to the USB configuration on the phone, I was able to download a couple web pages that offered up the information I needed. http://forum.brighthand.com/archive/index.php?t-222120.html got me the phone configuration information that I needed . I was able to download the USB driver I needed from http://www.myehud.com/xv6600/usbmodem.html. (I don't have the Verizon CD with me). I was able to get the driver installed by following the instructions at http://www.howardforums.com/showthread.php?threadid=1137398. From there I was able to use the standard Windows Vista "Connect to a Network" wizard using "Dial-up networking" via the "CMDA1X USB Modem" that was created in the earlier steps.

Here is the fruit of my labor:

That image shows a very reasonable 1702 x 119 Kbps connection. Overall, it's not nearly as responsive as the DSL connection (higher latency), but, it appears to work well enough!

-Bob

Apache and Subversion authentication with Microsoft Active Directory

2007-06-20T16:56:00.001-05:00

Here is a good article on how to integrate Active Directory authentication with Apache:
http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_with_microsoft_active_directory/

Of course, the first thing that must be done is getting past the pain of dealing with Active Directory. It pays off in the end when you have a well integrated system that "just works".

-Bob

Please explain why the Jeopardy Style of e-mail composition is a "good thing"

2007-05-25T08:11:00.000-05:00

I don't understand this, please help me out. To me, the Jeopardy Style of e-mail composition, made popular by Microsoft, is a mess. Imagine trying to tell a new user how to read an e-mail. I envision it would go something like this:

Go to the bottom of the e-mail.
Find the beginning of the first e-mail.
Read the first e-mail.
Working your way back up, find the beginning of the first reply.
Read the reply.
Continue the process of moving up and down throughout the e-mail and it's replies until you have read everything in the order that it was originally written.

Replying to an e-mail would go something like this:

Try to remember everything you had read before (see previous steps).
Try to compose your reply in such a fashion that it might be understood without the context added by all of the previous content.
Of course, all of the previous content, including signatures and disclaimers from previous senders, is included below your message, in reverse chronological order.

Please, please help me understand why this is a "good thing"? Or, is virtually everyone just a Lemming that is following the other Lemmings, not knowing why?

-Bob

MORE THAN I EVER WANTED TO KNOW ABOUT CHROOT JAILS

2007-05-25T02:44:00.001-05:00

"The idea is that the customers need to upload content to our content
server, but we want to do it in a secure and private way. Customer One
should not be able to see Customer Two, for example. And neither
customer should be able to do anything that might damage the server in
any way."

COMPLETE STORY:

http://nl.internet.com/ct.html?rtr=on&s=1,37f1,1,4j30,gy0r,ct5s,55dr

-Bob

RT SCRATCHES A TROUBLE-TICKETING ITCH

2007-05-25T02:31:00.001-05:00

"Much available help desk software is quite bland, with two exceptions:
open source RT and the more corporate Remedy Help Desk. The two have
quite different goals, but they both do one common thing: track trouble
tickets. The question is, which one will meet your needs?"

COMPLETE STORY:

http://nl.internet.com/ct.html?rtr=on&s=1,37f1,1,6dr4,1ox6,ct5s,55dr

-Bob

HOW TO SECURE VNC REMOTE ACCESS WITH TWO-FACTOR AUTHENTICATION

2007-05-25T02:28:00.001-05:00

"VNC is the most popular remote access solution today. However, it was
developed to provide remote access, not to provide secure remote access."

COMPLETE STORY:

http://nl.internet.com/ct.html?rtr=on&s=1,37f1,1,4nw,34ga,ct5s,55dr

-Bob