Sven Welzel — Der Blog

Category: sysadmin

  • An update on Operation Aurora

    The attack (Operation Aurora) on around 20 companies in the US, including Google, Adobe, Juniper Networks and others using the zero-day exploit of Internet Explorer is partly linked to social engineering — as the carefully crafted emails were plausibly created and structured, users bought into it. Once the machine was owned after the payload was released, the affected machine would contact a Command and Control (C&C) server that would send back specific instructions based on Workgroup name and machine environment (OS etc), accepting and transmitting data via a home-made encryption based piggy-backed onto the 443 port — typically reserved for the HTTP SSL transfer of data. (more…)

  • And it’s time for 2.9.1

    After a few reported issues with prior WordPress version upgrade 2.9, 2.9.1 is here to save the day (full version, not even RC 🙂

    From the source:

    This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts.

    Yipee!! 🙂

  • Y2K vs 2010 vs 2016 — year rollover still an issue

    Ain’t that a kick in the head! Rollover from 2009 to 2010 has not been processed correctly on many systems, including Symantec’s Endpoint Protection Manager, they have confirmed in a statement

    An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.

    Remember that we spoke about Symantec in the glorious (dodgey) Virus Scanner Comparison.

    Australian POS systems have jumped from 2009 to 2016 (pity about the malformed dec2hex function they must have been using (or forgot to use?), and up to 30mil users in Germany can’t use their bank cards at ATMs or POS machines due to invalid date calculations.

    In addition, there also seems to be the occasional SMS (or text message) running through networks which have issues with future-stamped timestamps, causing a wide variety of reporting and integrity issues…

    Hm, I wonder what implications the 2011-2012 rollover will bring with it (cue Mayan death-drone…)

  • And it’s time for 2.9!

    As also noted on the blog, it’s time to upgrade (if you haven’t already) to version 2.9 of WordPress. There are a huge whack of benefits and improvements (over 500 bugfixes), like the online image editor and easier video embedding that’s included now.

    Well done, guys!!

    When doing the upgrade, just make sure all the /pomo/ files and wp-settings are updated appropriately…

  • Processing large data volumes

    So a compressed text file that ends up being 72GB sounds like a lot, right? Especially if you have to data-churn it with per-line processing. Fine. Wow. A lot.

    That pales in comparison to the (reported) volumes of data processed by Google and Facebook:

    In December 2007 (!) Google was processing 400 PB (petabytes) per month, with an average job size of 180GB.

    Facebook’s volumes have been steadily increasing, too: From March 2008’s 200GB of daily new data, they’ve moved up to 2TB per day in April 2009, to steady off to 4TB per day in October 2009.

    Most of which are, without a doubt, LolCat pictures 🙂

  • Google Analytics unzulässig nach deutschem Recht?

    Die Zeit berichtet, daß Datenschützer, auch mittels Bußgelder bis zu €50 000, von dem Gebrauch Google Analytics abraten möchten. “Google Inc. räumt sich ausdrücklich, in seinen beim Einsatz zu akzeptierenden Regularien das Recht ein, die über den einzelnen Nutzer mittels einer eindeutigen Kennung gewonnenen Daten mit anderen, bereits gespeicherten Daten” etwa aus Google Mail “zu verknüpfen und diese Informationen an Dritte weiterzugeben.” Der Hauptpunkt dieser Entscheidung hängt damit zusammen, daß der Benutzer sich nicht ausdrücklich einverstanden erklären muß, bevor die Privatdaten (etwa geografische Lage, Rechnereinstellungen) einfach an Dritte übertragen werden. Die Debatte läuft, mal sehen, was drauß wird!

    In short, to re-iterate what I wrote above in a short point: As you do not explicitly opt in to the use of Google Analytics, German lawmakers are trying to dissuade/stop the use of GA on sites in Germany with the added incentive of fines up to €50 000 so as to protect individual’s personal privacy rights.

  • nginx on Windows Vista / Windows 7 with php

    You can get the latest stable version of a Windows compile of nginx (0.7.64) here.

    Setup is quite straight forward; you’ll need the php-cgi.exe downloaded (copy the libmysql*.dll to the Windows system directory – quickest but dirtiest solution) and tied in; I assume that you can download and run the mysql application yourself?

    You may need to run the startup as a batch file (f: below is the drive installed on, php has been extracted into the php under nginx as you can see). PHP is set to listen on port 9000, which nginx interfaces requests to below. (more…)

  • Drupal 7 – Impressions

    So I’ve installed the current beta (for non-production environments) of Drupal 7 on an nginx/php/mysql setup to test speed, interface and ease of use. It was a double-whammy operation, on the one hand testing the server environment, and on the other, the new software. It’s not production-ready, so I don’t expect it to be ready by any stretch of the imagination. So these are just impressions. (more…)

  • Zombie postings with Captcha automation

    Just got another comment posting request relating to a version 5.0 release of automated forum/blog spamming software which is guaranteed to get your customers ‘closer to your products’ by improving product and site visibility. It can also do in-forum PMs ‘for a more personal touch’ — ie violate any terms and conditions of a user environment to spam the web for cheap cross-links (at $540 for the app — including automatic Captcha recognition). (more…)

  • Flash Exploit Protection

    The folks over at www.foregroundsecurity.com have discovered (another) Flash exploit that makes use of a same-origin policy interpretatino malformation in the application.

    This vulnerability allows the same-origin policy of Adobe Flash to be exploited to allow nearly any site that allows user generated content to be attacked. No fix for this vulnerability currently exists.

    Two ways of dealing with it (more…)

  • And we’re on 2.8.6

    Another quick upgrade to make it safe — 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. Not really pertinent here but good to keep it closed 🙂 The patching deals mainly with untrusted user issues, but “upgrading to 2.8.6 is recommended”.

    But you knew that already 🙂

  • Virus Scanner Comparison

    They ran a comparison of virus removal software in Oct ’09. Full results are here. Question is, why not compare latest versions throughout? Their methodology (a “work in progress”) suggests that the vendos provide their software, which is updated “as per the manual”… (more…)

  • Cloud Computing – on Crack

    There are a range of ways that cloud computing can be used to leverage the power of a range of machine to achieve cheaply what you wouldn’t necessarily invest physically in. And to crack PGP or system passwords, you typically just need a lot of machines. So there are a few demonstrations here and here that show off the whole process, including spawning more instances than they typicially want you to 🙂 It’s all based on using ElcomSoft’s Distributed Password Recovery.

    Cool! 🙂

  • And we’re on 2.8.5 – the hardened version

    …on all sites. Hurrah!

    But you knew that already, as it’s been out since 10/20/09…

  • Postfix maximum individual mail size and mailbox size

    If you’re getting the "5.3.4 Messag exceeds fixed limit” error, check on the default vs set values in your /etc/postfix/main.cf using
    postconf -d (for the default)
    and
    postconf -n (for the values you have set manually in the main.cf)
    Default for message_size_limit (maximum size per mail) is 10240000 (bytes, ie approx 10MB)

    Up this to your desired value, eg 30MB by setting
    postconf -e "message_size_limit = 30720000"
    specifiying the size in bytes.
    You can reset the maximum mailbox size using the same method (below just resets to the default value)
    postconf -e "virtual_mailbox_limit = 51200000"

    But you knew that already!

  • A note on WordPress security…

    There’s a note on why to keep patching – How To Keep WordPress Secure over at the WordPress dev blog – definately worth a read.

    Good sense.

  • RDP redirection via Putty (Linux Server) for Windows Remote Desktop

    Tunnel and SSH SelectionsTunneling via Putty is quite well documented. In Putty (the link points to the lastest version), create a new session.

    In the SSH section, make sure compression is enabled (for SSH v2 – you shouldn’t be using anything earlier, anyway).

    In the SSH=>Tunnel section , set the Source port to 127.0.0.2:3389, and the target to SERVER:3389 (where SERVER corresponds to your upstream Windows Terminal Server).

    Tunnel Information settingsOnce the connection has been created, and you’ve logged into the Putty session, connect to 127.0.0.2 on the local machine and you should be prompted by the remote machine.

    This is all as a result of the “localhost” restriction in RDP sessions – however, there is a patch.

    Simple as π 🙂

  • Trac and remote SVN servers

    Do the SVN server Trac relates to have to reside on the same as the Trac installation?

    At present, alas it seems so. (If you’re new to Trac and need a one-stop-shop of commands, look here.)

    http://trac.edgewall.org/ticket/2828 points to and abstracts http://trac.edgewall.org/ticket/493

    Seems like Trac and remote SVN is not happening yet, though SVN replication is an option… There is also an obscure comment some two years ago about a remote plugin, which was at alpha, but the project seems to have since disappeared/moved…

    Sigh…

  • OpenVPN on Vista (32-bit and 64-bit)

    Once and for all (as I keep forgetting):

    • modify the actual ovpn file by adding the following:

      route-method exe
      route-delay 2
    • Use openvpn-2.1_rc19
    • Make sure you install as Administrator

    And that’s it – you’re done! 🙂

  • Wipe all mp3s and avis from the filesystem

    So you want to run a script that removes all mp3 and avi files off the filesystem. One way (in bash) as below. Comment, suggestions and feedback are welcome 🙂 Using $EUID to check for root user, and $IFS to check for line breaks as the file names has spaces in them. IFS is saved to a temp variable, reset and then re-instated afterwards. C is the counter. Got two litte for loops in bash with backtick execution.

    (more…)