MoonPoint Support Logo




Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
           
23 24 25 26 27 28 29
30            
2008
Months
NovDec


Thu, Nov 06, 2008 10:02 pm

NSA and the Army Seek Quantum Physics Answers

The NSA and the US Army Research Office are seeking answers to quantum physics questions. They have 3 broad goals:

The agencies expect to make one to three awards of less than two hundred thousand per year in 2009.

The agencies stipulate that "Investigators should presuppose the existence of a fully functional quantum computer and consider what algorithmic tasks are particularly well suited to such a machine."

References:

  1. NSA and Army on quest for quantum physics jackpot
    Date: October 28, 2008
    Network World

[/news] permanent link

Thu, Nov 06, 2008 10:00 pm

Eight Common Social Engineering Tactics

Network World, posted an article Social Engineering: 8 Common Tactics that lists common tactics used by people hoping to glean information by social engineering techniques that will allow them to break into systems, learn sensitive information, or manipulate people into taking action that benefits the social engineer, e.g. using spam to tout a stock and drive up its price temporarily.

[/security/social_engineering] permanent link

Mon, Nov 03, 2008 8:03 pm

Renaming a category in Microsoft Money 2007

To rename a category in Microsoft Money 2007, take the following steps in Money:
  1. From the home screen, where you see Account List, Account Register, Cash Flow, Manage Online Services, etc., click on Account List.
  2. You will see a menu bar above the Account List with Account Tools. Morgages & Loans, etc. on it. Click on Account Tools and select Categories & Payees.
  3. Find the category or subcategory you wish to rename, and right-click on it and choose Rename.
  4. Type the new name for the category and click on the OK button.

Any entries in Money, that were under the previous name for the category will now be under the new name.

[/os/windows/software/financial] permanent link

Thu, Oct 23, 2008 10:30 pm

Checks on ThelmaLou

When I logged into the ThelmaLou system as the administrator to check it today, I saw the following error message:

applnch.exe - Ordinal Not Found
The ordinal 140 could not be located in the dynamic link library MAPI32.dll

OK

 

When I clicked on OK, I then saw the following:

hkcmd Module
hkcmd Module has encounterd a problem and needs to
close. We are sorry for the inconvenience.
If you were in the middle of someting, the information you were working on
might be lost.

For more information about this error, click here.

Close

 

When I clicked on "click here", I saw the following error signature information:

AppName: hkcmd.exe	 AppVer: 3.0.0.1607	 ModName: oleaut32.dll
ModVer: 5.1.2600.3266	 Offset: 000344f1 

The file C:\DOCUME~1\ADMINI~1.MAY\LOCALS~1\Temp\c0f3_appcompat.txt was associated with the error report.

I checked the system with Bazooka Adware and Spyware Scanner, even though it's malware definitions haven't been updated in almost a year; they are 340 days old now. It didn't find any malware.

I then checked the system with Spybot Search & Destroy. It reported Microsoft.WindowsSecurityCenter_disabled. with registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not)W=2, but nothing else, aside from 2 cookies. I eliminated the two cookies, one for DoubleClick and one for ValueClick.

[/security/scans] permanent link

Thu, Oct 23, 2008 10:14 pm

Multiple Hbpoid.exe and Hpbpro.exe Processes Running

When I checked a Windows XP Professional Service Pack 2 system for which I had received a report from the user that it was running very slowly, I found multiple HPBOID.EXE and HPBPRO.EXE processes running. I counted them with tasklist /fi "imagename eq hpboid.exe | find /c /i "hpboid.exe" and tasklist /fi "imagename eq hpbpro.exe" | find /c /i "hpbpro.exe". I found there were 63 instances of hpboid.exe and 49 instances of hpbpro.exe running. The processes were each taking from 56K to 76K of memory.

At hpboid.exe Windows process - What is it?, I found the hpboid process described as follows:

The process HP Status Server Module belongs to the software HP Status Server or HP Deskjet or HP Status Server Module by Hewlett-Packard Company (www.hp.com).

Description: File hpboid.exe is located in a subfolder of C:\Windows\System32 or sometimes in the folder C:\Windows\System32. Known file sizes on Windows XP are 73728 bytes (96% of all occurrence), 61440 bytes.
The program has no visible window. File hpboid.exe is not a Windows system file.

At have multiple hpboid.exe & hpbpro.exe processes, WHY?, I found others reporting the same problem. Someone posted the following script as a solution for eliminating the processes.

net stop spooler
sleep 5
taskkill /F /IM HPBOID.exe
taskkill /F /IM HPBPRO.exe
sleep 5
net start spooler

The poster suggested the script be saved as kill_hpprocess.cmd and run through the Windows task scheduler. The poster stated he found the script at HPBOID.EXE remove it permanently. The author of the blog article there states the following:

Some HP Printer drivers install a service called HP Status Server based on an executable called hpboid.exe, on terminal service machine it start itself many times and it doesn't remove it whenever user disconnect itself consuming too much resources.

He offers some steps to solve the problem on that webpage. Someone else posted the script there as a way to solve the problem. Another poster suggests the problem can be solved instead following advice from Hewlett-Packard (HP), which is the company responsible for hpboid.exe and hpbpro.exe. He references HP Deskjet 6980 Series Printer - Computer Crashes when Printing Over a Network and Network Task Manager Shows Multiple Instances of hpboid.exe Running

The HP webpage lists the following as solutions to the problem:

Issue
Task Manager shows multiple instances of hpboid.exe running. This consumes all the resources and the computer ultimately crashes. This happens when the printer is printing over a network.
Solution
Choose one of the solutions below.
Solution one
Follow the steps below to resolve this issue.
  1. Click Start , and then click Run.
  2. In the Run dialog box, type services.msc and click OK.
  3. Search for HP status server and right-click it. Click Properties, and then click Stop
  4. Click Apply and then click OK.
  5. Check whether the issue persists. If the issue persists, repeat the same steps for HP port resolver and stop this service.
Solution two
Search for hpboid.exe and delete the file. Deleting the file will not affect the printing functionality.

I followed the steps HP listed in solution one. I stoped the HP Status Server service. That reduced the number of hpboid.exe processes by only one, however, from 63 to 62. It did not reduce the number of hpbpro.exe processes. I stopped the HP Port Resolver service. That reduced the number of hpbpro.exe processes by one from 49 to 48. Since there were still many instances of each process running, I killed all of the others with the following commands:

taskkill /f /fi "imagename eq hpboid.exe"
taskkill /f /fi "imagename eq hpbpro.exe"

I saw a substantial reduction in the amount of memory being used when I killed all instances of those two processes.

References:

  1. hpboid.exe Windows process - What is it?
    file.net - Windows XP file forum
  2. have multiple hpboid.exe & hpbpro.exe processes, WHY?
    September 21, 2007
    Experts Exchange
  3. HPBOID.EXE remove it permanently
    October 2007
    Vittorio Pavesi
  4. HP Deskjet 6980 Series Printer - Computer Crashes when Printing Over a Network and Network Task Manager Shows Multiple Instances of hpboid.exe Running
    Hewlett-Packard Development Company, L.P.

[/os/windows/printers] permanent link

Thu, Oct 23, 2008 3:53 pm

Setting the Time Zone from the Command Line

After moving my Outlook data to another laptop, which was running Windows XP Home edition, I noticed that the timestamp on messages appeared to be hours behind when I thought the messages were likely received. When I sent a message where my own address was on the cc line, I noticed that there was a 3 hour difference between the timestamp on the message in my sent folder and the one I received in my Outlook inbox. I thought the timezone was likely set incorrectly, but when I tried cheking it from the account I was logged in under by clicking on the time in the lower right-hand corner of the screen, I recieved a message that "You do not have the proper privilege to change the System Time." Since I had a lot of applications open, I didn't want to close all of my open files, logoff, logon under an administrator account, change the time zone, log back into my account, and then reopen all of the applications and files I had open previously. There is a way that you can check the time zone and change it from the command line.

I used the runas command to run the following command under an administrator account on the system. In this case the "owner" account was in the administrators group on the system.

C:\>runas /user:owner "RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\syst em32\TIMEDATE.cpl"

NOTE: You do not encapsulate the time zone string in quotation (") marks. I have quotation marks around the entire rundll32 command for entering a command with spaces in it to the runas command.

That command opened the Date and Time Properties window. When I clicked on the Time Zone tab, I found the time zone set to "GMT-8:00 Pacific Time (US & Canada)", whereas it should have been set to "GMT-5:00 Eastern Time (US & Canda)". I could now change the timze zone.

The time zone can also be specified on the command line rather than changing it through the Date and Time Properties window. E.g. the command C:\>runas /user:owner "RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl,,/Z US Eastern Standard Time" would allow one to change the time zone to "(GMT-5:00) Indiana (East)". Of course, you don't need the runas /user:owner, if you are already logged into the system as an administrator.

You can see what the values are that you should use on the command line for your specific time zone by running regedit and navigating to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Time Zones\.

In this case, I needed to use RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl,,/Z Eastern Standard Time rather than using "US Eastern Standard Time" to have the time zone be "(GMT-5:00) Eastern Time US & Canada". The value that appears under the Time Zone tab in the Date and Time Properties window is what is listed for the display value under each time zone within the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Time Zones\ registry key.

When I changed the time zone, the time changed also to match the time zone change. I needed to reset it, which I did by opening a command window from the "owner" administrator account using runas /user:owner cmd. I then used the time command to reset the time.

References:

  1. JSI Tip 7525. How do I set the Time Zone from the command line?
    A Web Exclusive from FAQ for Windows
    Jerold Schulman
    WindowsITPro

[/os/windows/xp] permanent link

Fri, Sep 26, 2008 12:51 pm

Maillog Not Rotating

The maillog file in /var/log had been rotated every night to produce maillog.1, maillog.2, etc. on a CentOS Linux server. But the log file rotation stopped at some point and the maillog file has been growning huge. The file contains entries related to messages processed by sendmail on the system.

In email from the Cron Daemon to the root account, I found messages with the following within them:

/etc/cron.daily/logrotate:

error: syslog:1 duplicate log entry for /var/log/maillog

I checked /etc/logrotate.conf, but didn't find any references to rotation of the maillog file there.

Contents of /etc/logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

I then checked the /etc/logrotate.d directory. I found maillogrotate there.

Contents of /etc/logrotate.d/maillogrotate:

# Begin maillogrotate control file
/var/log/maillog {
   daily
   rotate 14
   sharedscripts
   create 0600 root root
   missingok
   postrotate
   /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
   endscript
}
# End maillogrotate control file

I also checked the /etc/logrotate.d/syslog file, since syslog may rotate the file.

Contents of /etc/logrotate.d/syslog:
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

So it appears that both the /etc/logrotate.d/maillogrotate and the /etc/logrotate.d/syslog files were attempting to rotate the maillog file on a daily basis.

Checking notes posted on my blog, I found I resolved the problem on another email server, a Redhat Linux server, on Friday, September 17 of 2004, almost exactly 4 years ago, and had posted my notes in Daily Rotation of Mail Logs. In that case, I had removed the /var/log/maillog reference from /etc/logrotate.d/syslog, so I did the same thing in this case as well. But this time, I decided to leave the maillogrotate file in /etc/logrotate.d.

Checking my notes for the CentOS email server, I see that I had in the past removed the /var/log/maillog reference from /etc/logrotate.d/syslog. Some installation or upgrade must of led to the version of the file I created then being overwritten.

References:

  1. [Rocks-Discuss] /var/log/maillog in syslog.conf vs. /var/log/mail in logrotate.d/rocks
    Date: September 13, 2006
    SDSC Mailing List Server
  2. Pflogsumm issues
    Date: July 16, 2008
    HowtoForge - Linux Howtos and Tutorials
  3. Configuration: centos50
    System Configuration Collector (SCC)
  4. What the hell is rotating my mail.log?
    Date: February 23, 2007
    Stephan Paukner
  5. Rotating Linux Log Files - Part 1: syslog
    Date: Nisan 22, 2007
    Netlojik
  6. Logging, Log File Rotation, and Syslog Tutorial
    Wayne Pollock's Home Page
  7. Daily Rotation of Mail Logs
    Date: September 17, 2004
    MoonPoint Support

[/network/email/sendmail] permanent link

Tue, Sep 16, 2008 11:42 pm

Did Al Gore Say He Invented The Internet?

The answer is "no". He did make a statement in an interview with Wolf Blitzer of CNN about his role in the creation of the Internet, but that statement was taken out of context to be used as a political attack tool. I've heard Al Gore mocked many times for his supposed statement and found someone else making what appeared to be a sarcastic comment in a post today to an article "The Web back in 1996-1997"

As I posted there, I would like to point out that he never claimed to have invented the Internet (see the Snopes article "Internet of Lies"). For a much fuller discussion of the topic and some history on the Internet’s development and Gore’s role in supporting advanced networking initiatives, I would recommend “Al Gore and the Creation of the Internet

His early vision of its potential and his support for funding of advanced networking activities was important. Vint Cerf, who has, I think appropriately, been dubbed the “father of the Internet” for his technical contributions, along with Bob Kahn, in designing the Internet Protocol, has credited Gore’s early support for advanced networking efforts (see "Vint Cerf responded to MSNBC").

I see the same tactic of taking an opponent’s statements out of context being widely used in the current campaign by both parties. Unfortunately, I suspect many Americans will make up their minds based on what they see in political ads that are designed to mislead them. The tactic used so successfully against Gore still works.

[/network/Internet] permanent link

Tue, Sep 16, 2008 9:27 am

CA Anti-Spyware Scan of J

I checked a Windows XP Professional Service Pack 3 system, J, with CA Anti-Spyware 2008 LE. That version is free and will detect malware, but not remove it. You can purchase a license to have the software remove any malware it finds.

[ More Info ]

[/security/spyware] permanent link

Sun, Sep 14, 2008 7:54 pm

CopSSH Installation on Windows Vista

I installed copSSH 1.4.6 on a Windows Vista Ultimate system. The software is an implementation of an SSH server and client for Windows systems. I had been using OpenSSH for Windows 3.8.1p1 on Windows 2000 and XP systems, but I haven't been able to get it to work under Windows Vista. I haven't had any problems getting copSSH to function as an SSH server under Vista.

At the end of the installation, the installation software displays the message below:

copSSH 1.4.6 Setup

After the installation, I clicked on Start, selected All Programs, then COPSSH, then Activate a User.

copSSH User Activation Wizard

I selected a user and then proceeded to the next step where I typed in a passphrase, which is used to protect the private key for the account.

copSSH Passphrase

I then clicked on the Activate button, which produced the message below.

copSSH Compatibility Assistant

I selected the "This program installed correctly" option.

Since the system was using the firewall capability built into Windows Vista, I then clicked on the Start button, selected Control Panel, then Security then Windows Firewall, and then Change Settings.

Windows Firewall Settings

I clicked on the Exceptions tab and then selected Add Port. At the Add Port window, I specified copSSH as the name for the firewall port and the default SSH port, which is port 22. SSH uses the TCP protocol.

Windows Firewall - Add a Port

I clicked on Ok and then OK again to create the firewall rule for copSSH. I was then able to use PuTTY to log into the system from another system.

If you would like to use another port other than the default port of 22, you need to edit the sshd_config file, which you will find within the etc directory beneath the directory in which you installed copSSH, e.g. \Program Files\copSSH\etc\sshd_config.

I suggest editing the file with WordPad rather than Notepad, because WordPad can handle the end of line characters used in the file so that each line appears one beneath the other rather than all lines appearing as one long line as they will in Notepad. WordPad can deal with the end of line character used on Unix and Linux systems better than Notepad. The file uses the linefeed character common for files on Unix and Linux systems rather than the combination of carriage return and linefeed characters that Microsoft Windows uses.

To change the port, locate the line below. Remove the "#" from the beginning of the line, which turns the line into a comment line. Then replace 22 with whatever number you wish to use for the port.

#Port 22

When you've changed the port, you will need to restart the SSH server service, which you can do by rebooting or simply stopping and restarting the service. To stop and restart the service from the command line, obtain a command prompt. If you aren't logged into an administrator account, you can use the command runas /user:administrator cmd from a command prompt to open another command prompt window under the administrator account.

C:\>net stop "Openssh SSHD"
The Openssh SSHD service is stopping.
The Openssh SSHD service was stopped successfully.


C:\>net start "Openssh SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

You can verify copSSH is listening on the new port using the netstat command. E.g., if you set the port to 5622, you could use the command below:

C:\>netstat -an | find "5622"
  TCP    0.0.0.0:5622          0.0.0.0:0              LISTENING

[/os/windows/network/ssh/copssh] permanent link

Blosxom logo