Well I moved to Florida this month. What a pain. I’ll never do that again (yeah right). Anyway I’m also unemployed now, which is great. So I don’t know that I’ll have much to blog about for a while but we’ll see. I’m spending most of my days job hunting. Need a Sys Admin in Florida? Let me know.
Sometimes things are so simple I wonder why I didn’t think of that. Here is another tidbit I learn from the Security Now podcast over on the Twit Network.
I know that Vista asks you if you are connecting to a home, work or public wireless connection and adjusts its security settings accordingly. If you are using XP and connecting to a public WiFi one easy thing to do that helps your security profile is turn off Flie and Printer Sharing for Microsoft Networks on just the wireless connection.
For instance, at home I plug my laptop into the router with a cable most of the time. So on the Local Area Connection I want file and printer sharing turned on all the time.
However I often use my laptop at coffee shops where I’m on a network with a bunch of others (I believe Starbuck’s AT&T connection is this way too). If I left my file sharing on then everyone at the coffee shop would have access to my shared files and certain malware will take advantage of this.
So to disable just file and printer sharing for your wireless connection go to your Wireless Network Connection properties and uncheck “File and Printer Sharing for Microsoft Networks”. The you’ll be a tad bit safer on public WiFi.
I never new about this one but we had a reason so use it yesterday. Computers at one of the stores were being given false DNS entries by a false DHCP server. Since others may see this malware on their systems the DNS Servers it used were: 64.86.133.51 and 63.243.173.162
On one of the machines in the dealership that was acting as a DHCP server, but how to find it? The DHCP entries didn’t give any clues because they said the false DHCP server was our gateway router. Even though the gateway router could support DHCP it was not configured to do so. My first thought was to turn off our valid DHCP server, use Wireshark on a PC, intiate some DHCP request from a PC, and see where replies were coming from. Probably would’ve worked but this was even easier.
DHCPLOC is a ulitity included in Windows Support Tools. Basically you run it from a computer connected to the network and it will monitor DHCP replies. Depending on the syntax you use it can filter out responses from your valid DHCP servers or just show everything. The syntax I used was:
dhcploc /p ComputerIPAddresss ValidDHCPServerIPAddress
/p - dhcploc will not show packets from valid DHCP servers
ComputerIPAddress - ip address of the computer you are running dhcploc from
ValidDHCPServerIPAddress - ip address of valid DHCP server that /p will ignore
Anyway it worked like a charm. DHCP replies were coming from an IP that shouldn’t be responding to DHCP requests. I looked up the IP, called the store, and had them unplug it from the network till I could get out there. Problem solved.
I’ll refer you to WindowsNetworking.com for more information on using DHCPLOC since that’s were I learned about it.
For whatever reason this is hard to find. Paypay.com offers delivery confirmation from USPS for 18 cents (vs. 60 cents from USPS). You just have to buy your label from PayPal.
https://www.paypal.com/us/cgi-bin/webscr?cmd=_ship-now&info
You’ll need to have a PayPal account and it will ask you to log in before you’ll see the shipping options.
Maybe there is an easier way to do this, but I found myself desperately trying to change the permissions on a bunch of folders using XP Home. Turns out that unless your in Safe Mode (I haven’t tried this) you can’t see the Security tab for a given folder in XP Home Edition.
One solution for this is to install the Security Configuration Manager (made by Microsoft for Windows 2000). Then even if you are not in Safe Mode you can see the Security Tab and make changes to the NTFS permissions.
Here is the link I used to find this information with a little howto:
http://www.dougknox.com/xp/tips/xp_home_sectab.htm
Are you curious why I couldn’t boot in Safe Mode? I was using Crossloop to remote into the machine in question.
Ok I admit it, I like IE 8. It runs good enough, looks good, InPrivate Browsing is good, and I like that one tab or window won’t crash all my IE tabs. However I won’t use it because it doesn’t have in-line spell checking.
Sure I can download a add-on to get spell checking but that’s not in-line either. As I type Firefox will underline misspelled words. With IE8, the best I can do is a spell check after I’m done typing and that’s using an add-on call ieSpell. If they can do it in MS Word why not in IE???
I installed Internet Explorer 8 this morning and noticed it checked for Malicious Software before installing. My guess is it used MSRT’s (Malicious Software Removal Tool) quick scan because it didn’t take very long. I don’t know why but I think that’s kind of cool.
I like this program. Stardock Fences will organize your icons into… well… fences. So if your the type that has a lot of desktop icons then fences is certainly for you. The best feature is the ability to scroll through icons in a fence. If the number of icons fills up the space you allow for their corresponding fence then a scroll bar appears when you hover over the fence and you can scroll through them.
Pictures speak louder than words, no?
I was just listening to Security Now with Steve Gibson (episode 180) and he talked about running Microsoft’s Malicious Software Removal Tool (MSRT) from the Windows Run dialog box. Like him I thought “No way is that possible” but it most certainly is. I tried it in both XP and Vista.
Of course there may be no reason to run this on a fully updated machine. MSRT is updated monthly and it will run on it’s own the next time you reboot after the update. MSRT does not run actively. So if you think there might be an infection since the last MSRT update why not give it a try.
Running MSRT is quite simple:
click Start | click Run | type MRT | click Ok
Just follow the instructions presented in the MSRT GUI and that’s all.
Step 1: Click Start | then Run | type MRT | click OK
Step 2: Decide if you want to view the malware that MSRT can remove, otherwise click Next.
Step 3: Choose your scan type Full, Quick, or Custom | click Next.
Step 4: Let it do its thing.
Step 5: All done, if something is found then MSRT will give you the option to remove the malware.
This was a bit of a strange one. A client had an HP Pavilion dv6000 laptop that was stuck on “Configuring Updates: 3 of 3.” The the laptop would reboot automatically and configure update 3 of 3 again.
Normally I would use the Vista Recovery disk but it would just boot to a blank screen. I would get to the Vista loading bar but then the optical drive would stop spinning and the screen would go blank. I tried multiple boot disk finally getting Ubuntu’s live CD to boot. In retrospect I wish I had tried an XP disk to get to the recovery console.
To stop the configuring update loop, I deleted the pending.xml file under c:\windows\winsxs folder. Details on that procedure can be found over at The Fake Geek. Initially it looked like it was going to do the loop again but it went past that to let me log in.
Once I was in, I noticed that Windows Updates wouldn’t run (Could not search updates). I tried a variety of solutions that existed on the net however in the end SP1 saved me. I had to enable a bunch of services that had been set to manual for some reason, including the Windows Installer. Then I installed SP1 using the standalone download.
That was all. SP1 fixed all the services and Windows Updates. I never did figure out why so many boot CDs go to a blank screen. One Linux distro had problems with the graphics card. Which lends me to think it might be a video card firmware issue but Linux distros often have problems with graphics cards.
If you enjoyed the post, make sure you subscribe to the RSS feed.
© 2008 TypeBased. All Rights Reserved.
Powered by WordPress. Design by 