December 12, 2010

HD by default on YouTube

If you're tired of changing video playback quality each time you click on a YouTube link (and don't like the idea of providing your credentials for privacy reasons) you should take a look at this Greasemonkey script which I have been using for a while. Makes your life much simpler and you can enjoy videos in the best available quality.


Head on to userscripts.org to install the Greasemonkey script. If you don't have the Greasemonkey plugin installed follow the instructions provided in my Connecting to Facebook via HTTPS post.

Enjoy!

November 23, 2010

Investigating deleted files on MS file servers

If you've dealt with issues related to users deleting (probably accidentally) shared files and not saying a word about it, then you've probably also dealt with another user wanting to restore these files and finding out who did the "bad thing".

You of course need to have auditing turned on on your share. If you do, then you'll need to look for two events in your security log, Event ID 560 and Event ID 564. Search for Event ID 560 and enter the filename (or part of it) in the "description" field:



This is what 560 looks like (long story short.. it shows the file name and user who modified the file in question):


Event Type:    Success Audit
Event Source:    Security
Event Category:    Object Access
Event ID:    560
Date:        DD/MM/YYYY
<===== Modification DATE
Time:        HH:MM:SS
<===== Modification TIME
User:        YOURDOMAIN\USER <===== USER NAME of the user who made the change
Computer:    SERVER_HOSTNAME
Description:
Object Open:
     Object Server:    Security
     Object Type:    File
     Object Name:    D:\SiteShare\MyFolder\MyFile.docx
<===== PATH and FILE NAME
     Handle ID:    666
<===== HANDLE ID
     Operation ID:    {0,2XXXXXXXXX}
     Process ID:    4
     Image File Name:    
     Primary User Name:    SERVER_HOSTNAME$
     Primary Domain:    YOURDOMAIN
     Primary Logon ID:    (0x0,0x2XX)
     Client User Name:    USER
     Client Domain:    YOURDOMAIN
     Client Logon ID:    (0x0,0xBXXXXXX)
     Accesses:    DELETE
            ReadAttributes
            
     Privileges:    -
     Restricted Sid Count:    0
     Access Mask:    0x10080


An here is 564, it does not contain the file name but confirms deletion of an object and that's why we'll usually need to search for 560 first:

Event Type:    Success Audit
Event Source:    Security
Event Category:    Object Access
Event ID:    564
Date:        DD/MM/YYYY
<===== Modification DATE
Time:        HH:MM:SS <===== Modification TIME
User:        YOURDOMAIN\USER <===== USER NAME of the user who made the change
Computer:    SERVER_HOSTNAME
Description:
Object Deleted:
<===== USER NAME of the user who made the change
     Object Server:    Security
     Handle ID:    666
<===== HANDLE ID
     Process ID:    4
     Image File Name:

Looking at these two events you will notice that they will have the same Handle ID and usually the same time and date, although in some cases 564 can be logged much later than 560.

Event ID 560 is logged whenever a program calls upon an object which has been enabled for auditing.

Event ID 564 is logged upon object deletion.

Voila! You've found the guilty one :)

October 9, 2010

Another record batch of Microsoft Security Bulletins - October

Looks like we have another record patch weekend ahead of us in October. This time Microsoft is issuing 16 security bulletins addressing 49 vulnerabilities. 4 Bulletins are tagged as critical. 8 will require a restart so get ready for a little doubtful "fun".

Take a look at the advance notification for details or register for Wednesday's webcast

September 24, 2010

PsExec and multiple hosts

This is to show how you can run a single command on multiple hosts in order to automate a process which would otherwise take up a lot of time.

Some will argue that VBScript might be a better idea but I like to keep it really simple and I'm a huge fan of Mark Russinovich and his SysInternals suite. So here it goes.

First create a TXT file with server host names (or IP addresses) listed in a column (one per line) like so:

SERVER1
SERVER2

(...)

Save the text file as whatever name you wish.. for example server_list.txt

Lets say you want to schedule the defrag command to run every Saturday of every week at 5am starting on the next occurrence of a Saturday.

The following assumes that you run PsExec from the same folder as your server_list.txt file and have administrative privileges on the machines defined in the list file. This would be the syntax for running defrag on the system partition:

psexec.exe @server_list.txt at 05:00 /every:S "defrag.exe c:"

Command exits out with the following:

Added a new job with job ID = 8
at exited on SERVER1 with error code 0.


You can now take a look at the servers Scheduled Tasks and will notice a new task with ID 8 as in the command output. A drive defrag will now run every week as scheduled.

As many of us like logging everything possible, you might want to do the following:

psexec.exe @server_list.txt at 05:00 /every:S "defrag.exe c:" > psexeclog.txt

This will log all events and errors and pipe them to psexeclog.txt created on your local machine. Output of psexeclog.txt looks like so:

Added a new job with job ID = 12
Added a new job with job ID = 13
\\SERVER1:
\\SERVER2:


This means that job 12 was created on SERVER1 and job 13 on SERVER2. Note that the job ID might be different on each server depending on the past scheduled jobs count.

If you wish to have a full error output add 2>&1 to the previous command like so:

psexec.exe @server_list.txt at 05:00 /every:S "defrag.exe c:" > psexeclog.txt 2>&1



Remember that you can also run batch commands using psexec. So in the case of this example you might schedule multiple jobs to run on multiple servers by simply adding the commands to the batch.

Have fun!

September 21, 2010

New Twitter bug/virus

A new bug or virus is spreading throughout Twitter. The below function puts a layer (overlay) on the Twitter website which triggers a retweet of the status of the person you follow automatically (onmouseover function). I hope that Twitter solves this problem soon.


Here's what the code looks like:

http://t.co/@"onmouseover=document.getElementByld('status').value='RT Matsta';$('status-update-form').submit();class="modal-overlay"/

Update: Twitter posted information that the threat has been eliminated.

Update 2: If you would like to read more about this specific worm and alike haunting Twitter's past I would suggest to take a look at Graham Cluley's blog (Sophos). A good read!

Here's a video showing the vulnerabilities (also from Sophos):

September 18, 2010

Google violating user privacy again

There was yet another user privacy violation at Google. This time a Google engineer - David Barksdale, 27 - had accessed users accounts curious about their voice calls, chats and contact lists. Barksdale has been fired but Google also acknowledged that such an incident has happened before with another employee, also terminated.

Barksdale accessed the accounts of a few minors apparently to impress them with his administrative access level. Google said that there was no sexual motive in his actions. I'm curious about the ethics training that the data collecting giant's employees take part in.

Gawker reports:

"It’s unclear how widespread Barksdale’s abuses were, but in at least four cases, Barksdale spied on minors’ Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her."

This problem is pretty sensitive as Google gathers information about chats, emails, videos watched, blogs, voice calls, articles read, pages seen, search queries and so on.. If we are to trust them with our data they better get their employees straight and keep our data available only for the use of search bots and advertisement purposes.

Bear in mind that Google possesses more information about its users than probably the worlds intelligence agencies combined. Talking about a *true* know-it-all. I would probably suggest that the big G should only employ people with the appropriate security clearance, training and certifications for positions that deal closely with user data.

Google Senior Vice President, Engineering stated (per Gawker):

"We dismissed David Barksdale for breaking Google’s strict internal privacy policies. We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously."

Let's just hope that this isn't a bold PR statement (although it surely is PR) and that Google will do something about this.

Sources:

SANS Institute
Gawker
The Register
Wired

September 17, 2010

Duplicate Blackberry calendar entries

Do you use multiple calendars on your Blackberry? Have you ever had a problem with calendar entries duplicating for some reason and the "default" calendar showing out of nowhere? One of the triggers of such a situation, at least in my case was the integration with the Facebook calendar. At some point (I think it was after the last Facebook update) the FB calendar just merged with the default one and entries appeared duplicated. Well, in case any of you did encounter such issues I have a few solutions to this problem.

Solution 1:
  1. Go to your calendar -> Menu button -> Options -> Go to the "Default" calendar
  2. Take a look at "Number of entries"
  3. If the number is relatively low then just go back to your calendar and try to locate the entries associated with the "Default" calendar and simply delete them.
  4. After you do so, the "Default" calendar will simply disappear

Solution 2:
  1. You can try to merge the "Default" calendar with your main calendar (such as email@somedomain.com)
  2. Go to your calendar -> Menu button -> Options -> select the "Default" calendar -> type (yes, just type it on your BB keyboard) the letters "move" -> a prompt will appear asking if you would like to merge the "Default" calendar with your main one.
  3. Confirm and you have a good chance that the duplicates will merge and the entries which were missing will become part of your email@somedomain.com calendar.
Solution 3:

This is the ultimate solution which is going to solve your problem for sure, but it is a little more time consuming than the other two mentioned above. The procedure has been taken from a Blackberry Support Forum and provided by JSanders. Just make sure that you make the necessary backups beforehand as it might delete all calendar databases. Here it goes..

"If you are having errors in your Calendar or Address Book on your BlackBerry, and you wish to delete the entire Calendar (or Address Book) database on your BlackBerry, follow the directions below. Make certain you have a good copy of your Calendar or Contacts elsewhere, as this procedure will complete delete ALL Calendar entries and/or Address Book entries on your BlackBerry.
  1. Open Desktop Manager on your PC.
  2. Open up Backup/Restore > Advanced.
  3. From Advanced you'll see a split pane screen. The left pane is what is going to be backed up from your device and the right is a list of the currently existing databases.
  4. Highlight on the right side your Address Book database (or your Calendar database) and click the arrow in the middle pointing to the left. This will copy the information over and prepare it for back-up.
  5. Once the back-up has completed, hit the Clear button at the bottom to erase and clean out the entire address book database (or Calendar database).
  6. After it's finished, it will ask you if you want to save the back-up you've created, say yes and check the device to make sure the address book (or calendar) has been properly cleared out. Now, resync the necessary contact information and you should be set to go."

Google Music?

Billboard Magazine reports that Google will be going into the music sales business in the near future. Gossip is spreading.. $25/year as a subscription fee which would include cloud storage for all purchased music which could be streamed to supported devices. Another rumor is that their new service will be offering a one-time full preview of all tracks in their library. Wow, that sounds pretty good :)

Per DailyTech "An album download will reportedly generally cost $7. Most tracks will cost 70 cents, "superstar tracks" will cost 91 cents, and "catalog tracks" will cost 49 cents". They also wisely point out that Google is more flexible in providing both storage and traffic redirection and already has massive experience in the field thanks to YouTube as a multimedia streaming service.

Moreover, so many of us use their services that they can readily reach a sixth of the world population. I can sense that Apple might be working overtime in the time to come...

The main question here is will Google and its deals with music rights owners be DRM free or will they lock us down within their cloud?

September 16, 2010

Internet Explorer 9 Beta released

IE 9 is now available in beta if you feel like trying it out. I'm personally more of a Firefox fan for many reasons, and I also use Chrome occasionally. But if you're more of the adventurous type go ahead and check it out, make sure you have some active protection as it's still beta so you never know what you're going to get ;)

Update:

IE 9 features:

  • Wow! You could easily compare the speed to Chrome
  • Graphics hardware acceleration
  • Has only one address/search field and even if using Google as the default search provider it will not send over your real-time keystrokes. So a plus on privacy and bandwidth saving in congested network infrastructures (imagine a few thousand people on one network typing in searches.. ouch!)
  • New download manager
  • You can now drag tabs out of the parent window like in Chrome of Firefox
  • Improved HTML5 support
The downside is that it's still in beta so most of us wouldn't probably want to use it on a daily basis (possible security risks) and if you install now it will replace IE 8 on your PC. No way to install it side by side with it's predecessor.

The newly refreshed Twitter

Twitter has made some significant changes to it's interface and capabilities.. For a full list of new features take a look at their official blog. The main attraction is the addition of embedded media which will allow users to check out YouTube and other links such as pictures directly on Twitter without leaving the site or having to open up a new tab in your browser. A few other functions like a detail pane will allow to take a closer look at a users profile right on the main page.

Different ideals and goals but might this be a bite off of Facebook's cake?

September 14, 2010

Damn Vulnerable Linux

Ever wanted to play around with a vulnerable system but you're just too much into a habit of patching every piece of software as soon as a security update becomes available? Well do I have a treat for you guys!

It's called Damn Vulnerable Linux (don't mistake it with DSL - Damn Small Linux). It's a new distro which has been specifically crafted to be broken, out of date and just as vulnerable as it can be.

DVL calls itself "the most complete training environment for IT security" and includes "tons of training material and exercises".

Sounds like a lot of fun, doesn't it? I can't wait to set that baby up on a VM as soon I as get some more time on my hands. I'll keep you posted!

New York City free WiFi teaser

nydailynews.com reports that Time Warner and Cablevision are teaming up to bring "free" WiFi to 32 NYC parks. Seems funny though as so many cities around the world now offer free wireless internet in public locations (mostly parks, downtown and sightseeing areas) but NYC decided to choose commercial providers willing to invest $10 million dollars to provide 30 (!!) minutes of free WiFi per user per month. Let me just say that again.. thirty minutes per month. And if that wouldn't be enough to bring a sarcastic grin to your face.. that 30 minutes will be divided in 3 10 minute batches.

If the 10 minutes wouldn't be enough, users will be charged 99 cents per day. That's reasonable for the occasional user but calling it "free WiFi" seems to be a bit off.

September 12, 2010

Remote Desktop Services (ex-Terminal Services) Windows Server 2008 R2

I was searching for some information in order to get acquainted with Terminal Services which is now called "Remote Desktop Services" since Windows Server 2008 R2 and found a series of pretty decent videos on Microsoft's Edge site:

Part 1:



Part 2:



Part 3:



Part 4:



Part 5:

New DropBox Blackberry beta

If you're a DropBox and Blackberry user you should definitely head down to the DropBox Blackberry Beta site and upgrade or sign up (1000 new beta slots) if you haven't use their service before. Please use my referral if you don't yet have an account. It'll give you an extra 256 MB over the free 2 GB they give away to start with. It's a pretty cool and useful startup, some of the media on this site is actually hosted on DropBox.. If you use a few different computers and like to have some of your data synced up it's the right place to go for PC, Mac and Linux.

Facebook surpasses Google in time spent on-site?

Seems a bit odd that many media companies post this info as comScore (apparently the source of this hot topic) seems to have omitted it both on their website as their blog. Interesting.. I've seen news articles on Yahoo!, MoreTechNews.com and the New York Post. These three sites posted info choosing comScore as their source although you can't find any links to the actual internet marketing research company's study. Could this be a hoax story that no one has yet verified? Might be. Unless comScore has just not updated their website (wouldn't that just be sad, right?).. Time will tell.

September 11, 2010

Microsoft Funeral for iPhone and BB

DailyTech - Microsoft Holds Mock Funeral for iPhone, BlackBerry

Isn't it a bit too early to organize funerals? I still remember the reason for switching over from WM to BB very well and believe me, these wounds won't go away quickly. Well.. good luck Microsoft, I do wish you well but mocking other platforms just isn't the way to go (eh.. maybe it is for the sake of all those marketing department employees)!

Sales Demolition

Video conversion bash script

For all of you who have been looking for an easy and "no fuss" way to convert your movies (or FLV files downloaded from Youtube) here's a nice bash script for converting videos to AVI format. Personally I use it in Ubuntu so you might need to fill in the blanks on this one. Try it out.

First you'll need to fetch mencoder as without it it's a "no go":

sudo apt-get install mencoder

Once done just paste the following to a file:

#!/bin/bash

FILE=$1

## Remove hash sign and replace previous position with a hash to choose resolution

RES=480:270 # resolution, 16:9 ratio

#RES=480:300 # resolution, 16:10 ratio

#RES=480:360 # resolution, 4:3 ratio



## modify bitrate to suit your needs. Higher bitrate means larger file size
ABR=64 # audio
VBR=230 # video

mencoder "$FILE" \
-o "${FILE%.*}_new.avi" \
-of avi \
-ovc lavc \
-oac mp3lame \
-lavcopts vcodec=mpeg4:vbitrate=$VBR:acodec=mp3:abitrate=$ABR \
-vf scale=$RES

Then save the file as let's say "videoconverter" and make it an executable:

chmod 700 videoconverter

Ready to use. Please just take a look inside of the file to adjust the resolution you need. In the one above a 16:9 resolution ratio is currently selected (480 x 270px). Should you choose to change it just put a # in fromt of that line and remove a # in front of the resolution you would like to use. Feel free to experiment with the audio and video bitrates to adjust quality/filesize.

To convert a file simply run:

videoconverter [filename]

It will dump the conversion to an AVI file adding a "_new.avi" suffix to the original filename.

Enjoy!

September 10, 2010

Connecting to Facebook via HTTPS

Many of us use Facebook on a regular basis today. It's a great social site via which keeping in touch and interacting with friends is sometimes easier than sending an email. Facebook actually pushes you to interact, sometimes subconsciously. You see a friends picture somewhere on the site an think "oh, it's been a while since I've seen X or wrote to X.", so.. we write.

To enable most of Facebook's features or just to actually make it usable we usually divulge a lot of private information. And it's not a question if we trust Facebook to keep our data safe or not, because even if they do secure our personal information with the best possible encryption algorithms out there and establish their data center inside Fort Knox itself, our information still won't be secured on its way to their servers.

Why you ask? Facebook let's us connect to its site through an unsecured connection only. At least they have the courtesy of sending our password through an encrypted connection (HTTPS). But unfortunately everything else that happens in Facebook once we walk through that initial steps of logging in might not necessarily stay there.

I was looking for a secure way to access Facebook all the way as there is no "natural" way of forcing the site to use HTTPS and found one. A Greasemonkey script written by therm000 called Facebook Secure Pro which forces Facebook via Firefox to use the HTTPS protocol by default to access the specific site.

So here it goes:

  1. If you don't have Mozilla Firefox, go ahead and grab it from GetFirefox
  2. Install Greasemonkey which is a neat Firefox add-on for running JS (more info on their website)
  3. You will be prompted to restart Firefox once the plug-in downloads, make sure to bookmark whatever tabs you have open
  4. Browse to Userscripts.org to download the Facebook Secure Pro script (just click on "install")
  5. Voila! All done. You can now navigate to Facebook and see for yourself.

This trick is mostly useful while connecting through public WiFi hot spots. Enjoy!

Sales Guy vs Web Dude

One of my all time favorites :)