• Home
• Blog
• Downloads
• Info
• Reviews
• Virus Warnings
• Search Site

[ More Info ]

[/network/email/spam/barracuda] permanent link

The problem can be fixed with Resource Hacker.

[ More Info ]

[/security/spyware/spybot/teatimer] permanent link

C:\Documents and Settings\administrator>net start | find /i "pcanywhere"
   pcAnywhere Host Service

Knowing that it is "pcAnywhere Host Service", you can then use net stop "pcanywhere host service" to stop the service and net start "pcanywhere host service" to restart it.

References:

1. How to Use the net Command
   Cisco Systems, Inc.
   May 17, 2006

[/os/windows/software/remote-control/pcanywhere] permanent link

[ More Info ]

[/os/windows/office/outlook] permanent link

Pktstat is free software for Linux and Unix systems that will display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by various network connections. It partially decodes the HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. It also accepts filter expressions á la tcpdump.

An RPM file that can be used to install the software on Linux systems is available from http://www.stearns.org/pktstat/. As of December 13, 2006, the current version is 1.7.2q. I installed the software from the RPM file.

# wget http://www.stearns.org/pktstat/pktstat-1.7.2q-0.i386.rpm

# rpm -qip pktstat-1.7.2q-0.i386.rpm
warning: pktstat-1.7.2q-0.i386.rpm: V3 RSA/MD5 signature: NOKEY, key ID f322929d
Name        : pktstat                      Relocations: (not relocateable)
Version     : 1.7.2q                            Vendor: David Leonard
Release     : 0                             Build Date: Thu 10 Jul 2003 12:38:40 AM EDT
Install Date: (not installed)               Build Host: sparrow
Group       : Applications/Internet         Source RPM: pktstat-1.7.2q-0.src.rpmSize        : 145837                           License: Public Domain
Signature   : RSA/MD5, Thu 10 Jul 2003 12:38:40 AM EDT, Key ID 012334cbf322929d
Packager    : William Stearns 
URL         : http://www.itee.uq.edu.au/~leonard/personal/software/#pktstat
Summary     : Displays a live list of active connections and what files are being transferred.
Description :
Display a real-time list of active connections seen on a network
interface, and how much bandwidth is being used by what. Partially
decodes HTTP and FTP protocols to show what filename is being
transferred. X11 application names are also shown. Entries hang around
on the screen for a few seconds so you can see what just happened. Also
accepts filter expressions a la tcpdump.

# rpm --install pktstat-1.7.2q-0.i386.rpm
warning: pktstat-1.7.2q-0.i386.rpm: V3 RSA/MD5 signature: NOKEY, key ID f322929d

Once installed the software can be run with the pktstat command. If you need to install from the source code rather from the RPM package, the steps to install the software are fairly straightforward and can be found at Bandwidth Monitoring Tools, which also lists a number of other free bandwidth monitoring tools.

The software can show you what files people are accessing on your web server in realtime as shown below:

interface: eth0
load averages: 6.3k 3.2k 1.4k bps

   bps    % desc
 779.9   2% icmp unreach port frostdragon -> ns2
            tcp adsl-68-126-206-36:2039 <-> frostdragon:http
            - GET /notebook/encyclopedia/s/slr_chibimoon.htm
            tcp adsl-68-126-206-36:2041 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon.htm
            tcp adsl-68-126-206-36:2042 <-> frostdragon:http
            - 304 GET /graphics/notepad.gif
            tcp adsl-68-126-206-36:2043 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-title.jpg
            tcp adsl-68-126-206-36:2044 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-002.jpg
            tcp adsl-68-126-206-36:2045 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-001.jpg
            tcp adsl-68-126-206-36:2046 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-lunapball.gif
 278.1   0% tcp adsl-68-126-206-36:2047 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-ckey2.gif
  1.6k   5% tcp adsl-68-126-206-36:2048 <-> frostdragon:http
            - 304 GET /notebook/encyclopedia/s/slr_chibimoon-compact.gif

You can use tcpdump style filter expressions to limit the displayed information to just traffic you are interested in at the moment. For instance, if I just want to monitor email traffic, i.e. SMTP traffic on port 25, I can use the command pktstat port 25 when I start the program.

interface: eth0
load averages: 5.6k 1.2k 421.1 bps
filter: port 25
   bps    % desc
            tcp 245:29801 <-> frostdragon:smtp
            tcp bny92-4-82-228-126-176:1672 <-> frostdragon:smtp
 19.0k  51% tcp frostdragon:53388 <-> mx01:smtp
  55.6   0% tcp frostdragon:smtp <-> mail:22421
 18.0k  48% tcp frostdragon:smtp <-> pool-71-245-166-13:62216

By default, pktstat does not show the Fully Qualified Domain Name (FQDN) of systems. But you can change that behavior with the -F option.

         -F    Show full hostnames.  Normally, hostnames are truncated to
               the first component of their domain name before display.

For instance I could have it show the full name for systems that are exchanging email with my server with pktstat -F port 25

interface: eth0
load averages: 98.9 21.9 7.4 bps
filter: port 25
   bps    % desc
            tcp frostdragon.com:smtp <-> gateway.blackspider.com:43181

If you would prefer to see IP addresses and port numbers rather than names, you can use the -n option. E.g. I could use pktstat -n port 25 to again monitor only SMTP traffic, but this time display IP addresses rather than the host names and the port number, 25, rather than its description, which is smtp.

          -n    Do not try and resolve hostnames or service port numbers.

interface: eth0
load averages: 55.2 11.4 3.8 bps
filter: port 25
   bps    % desc
 587.1  85% tcp 66.104.202.96:36199 <-> 66.22.186.53:25
  98.4  14% tcp 66.22.186.53:25 <-> 67.172.4.27:4681

References:

1. Bandwidth Monitoring Tools
   Planet Malaysia Blog
2. pktstat
   By David Leonard
3. pktstat file listing
   By William Stearns
   Mary 13, 2006

[/os/unix/linux/network] permanent link

I've been looking at PCs for a Christmas gift for a family member. Many of those I've looked at come with Microsoft Windows XP Media Center Edition (MCE). Likely as part of its marketing strategy to be able to charge more for a "business" edition of Windows, i.e. Windows XP Professional, Microsoft has crippled the MCE edition of Windows so that it can't be joined to a domain, at least not easily. I did find instructions on how to join a Windows MCE PC to a domain at Windows Media Center 2005 Can't Join Domains, though. If there is actually a way to join a system running MCE to the domain in the house, I am more apt to buy a system with that Microsoft operating system.

Oh, well, another way in which Linux is superior to Windows. Unfortunately, two users of the system use it to play GoPets and I don't believe there is a Linux client, though I did find a comment from a GoPets representative at F13.net - Usefully Cynical Commentary >> AGC Interview with GoPets! that their partner in the Phillipines have suggested a Linux client be created.

I can remember how Microsoft used to charge hundreds more for Windows NT server than it did for Windows NT Workstation. An O'Reilly webpage, Differences Between NT Server and Workstation are Minimal, states the difference was $800 and that Microsoft claimed that there were technical reasons why there were restrictions on the number of simultaneous connections you could have to a web server running on Windows NT Workstation. Yet all it took to get the same functionality on Windows NT Workstation were a couple of registry changes. For those who remember the olden days when DOS was the predominant operating system, it would be like charging hundreds more for a few simple modifications to your config.sys or autoexec.bat file.

Incidentally, I noted that GoPets Ltd. which is a company based in Korea has been engaged in a domain dispute with someone in America who was apparently cybersquatting on the gopets.com domain name, putting up just a page with a handful of links at that address. Some people buy domain names using names that companies are using to do business solely so they can demand large sums of money from those companies for the domain names.

[/os/windows/xp] permanent link

bash-3.00$ cdrw -i KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
Looking for CD devices...
Initializing device...done.
Size required (730036224 bytes) is greater than available space (681986048 bytes).

The file I was trying to write to the CD was 696 MB, which won't fit on a 650 MB CD, but I was using an 80 minute 700 MB CD.

The problem can be resolved by using the -C option with the cdrw command. Without that option, cdrw will assume a default capacity of 650 MB for CDs. To use the full 700MB capacity, you need the -C option.

     -C       Uses stated media capacity.  Without  this  option,
              cdrw  uses  a  default value for writable CD media,
              which is 74 minutes  for  an  audio  CD,  681984000
              bytes for a data CD, or 4.7 Gbytes for a DVD.

Once I used the option, I was able to write the .iso file to a blank CD.

bash-3.00$ cdrw -C -i KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
Looking for CD devices...
Initializing device...done.
Writing track 1...40 %

[/os/unix/solaris] permanent link

Balance is a load balancing solution, which uses a simple but powerful generic TCP proxy with round robin load balancing and failover mechanisms. Its behaviour can be controlled at runtime using a simple command line syntax, which is listed below.

balance 3.19
Copyright (c) 2000-2003,2004 by Inlab Software GmbH, Gruenwald, Germany.
All rights reserved.

usage:
  balance [-b host] [-t sec] [-T sec] [-dfp] \
          port [h1[:p1[:maxc1]] [!] [ ... hN[:pN[:maxcN]]]]
  balance [-b host] -i [-d] port
  balance [-b host] -c cmd  [-d] port

  -b host   bind to specific host address on listen
  -B host   bind to specific host address for outgoing connections
  -c cmd    execute specified interactive command
  -d        debugging on
  -f        stay in foregound
  -i        interactive control
  -H        failover even if Hash Type is used
  -p        packetdump
  -t sec    specify connect timeout in seconds (default=5)
  -T sec    timeout (seconds) for select (0 => never) (default=0)
   !        separates channelgroups (declaring previous to be Round Robin)
   %        as !, but declaring previous group to be a Hash Type

example:
  balance smtp mailhost1:smtp mailhost2:25 mailhost3
  balance -i smtp

Balance is Open Source Software (OSS) and is provided under the Gnu Public License (GPL). It runs on Linux, FreeBSD, BSD/OS, Solaris, Windows using Cygwin, Mac-OS X, HP-UX, and other operating systems.

To use balance to forward print jobs from the PC through the Ultra 5 workstation to printers on the other side of the Ultra 5 workstation, I installed balance on the Ultra 5 system and then issued the following command:

# balance -b 192.168.1.1 515 bermuda.somewhere.org:515

I specified the -b option, since I did not want balance listening on both of the Ultra 5 network interfaces, only the one that faces the PC. The address for the network card to which the PC connects is 192.168.1.1. The 515 after that address specifies that balance should listen on TCP port 515 on that interface. I then want balance to forward any data it receives on port 515 on the 192.168.1.1 interface to a printer with a network name of bermuda.somewhere.org. The :515 at the end of the printer's network name indicates that balance should forward data to port 515 on the printer. TCP port 515 is the port for the Line Printer Daemon (LPD) protocol. It is a standard port on which network printers listen for print jobs. If you wish balance to listen on ports less than 1024, which are the "well known" ports, then you must issue the command to run balance from the root account.

I then needed to tell the PC that there is a printer available at the 192.168.1.1 address, though in actuality, the workstation at that address will simply forward any data it receives on port 515 to the bermuda printer.

First, I checked to see what printers the PC already thought were available through the lptstat command.

# lpstat -a
laserjet accepting requests since Dec 05 19:23 2006

The system already is set up to print to laserjet, but unfortunately that printer is no longer accessible, which is why I need to use balance and the bermuda printer.

I then used the lpadmin command on the PC running Solaris 10 PC to add the new printer.

# lpadmin -p bermuda -s 192.168.1.1

The first lpadmin command has a -p argument, which specifies the printer name I want to use on the PC for the printer. I am going to use the name bermuda to make it match the name on the network name of that printer, but it wouldn't have to match. The next argument is specified with -s. The -s option is followed by a system name, e.g. ultra5.somewhere.org, or IP address. I used the latter and specified the IP address on the Ultra 5 workstation to which the PC is connected. The -s option is used to make a printer available on another system available to the local system.

     -s system-name[!printer-name]

         Make a remote printer (one that must be accessed through
         another  system)  accessible  to  users  on your system.
         system-name is the name of the remote  system  on  which
         the  remote  printer  is located it. printer-name is the
         name used on the remote system  for  that  printer.  For
         example,  if  you want to access printer1 on system1 and
         you want it called printer2 on your system:

         -p printer2 -s system1!printer1

Once I added the printer, I wanted to make it the default printer, which I can do with the -d option for lpadmin.

# lpadmin -d bermuda

If you want to check which printer is the default printer, you can use the command lpstat -d.

# lpstat -d
system default destination: bermuda

Now, if I check printer status with lpstat -a, I see both the old and new printers listed.

# lpstat -a
laserjet accepting requests since Dec 08 19:32 2006
bermuda accepting requests since Dec 08 19:32 2006
_default accepting requests since Dec 08 19:32 2006

If I want more details, I can use lpstat -s.

# lpstat -s
scheduler is not running
system default destination: bermuda
system for laserjet: 192.168.1.1
system for bermuda: 192.168.1.1
system for _default: 192.168.1.1 (as printer bermuda)

To get rid of the entry for the no longer accessible laserjet printer, I used the lpadmin -x command.

# lpadmin -x laserjet
# lpstat -a
bermuda accepting requests since Dec 08 19:57 2006
_default accepting requests since Dec 08 19:57 2006

Solaris stores the information about printers in /etc/printers.conf, so the lpadmin commands are modifying that file.

After adding the printer, if I then want to make it visible to a user account that is using the Java Desktop System for the user interface, I need to take the following steps:

1. Click on Launch.
2. Select Preferences.
3. Select Printer Preferences.
4. Click on View.
5. Click on Select Printers to Show.
6. Bermuda is now in the list of available printers, so click on it to select it and then click on OK.
7. Right-click on it and select Set as Default.
8. Close the Printer Manager window.

Now when printing from the Solaris 10 PC, I can print to the bermuda printer from the user account under which I made the above changes by selecting it as the printer in applications.

References:

1. balance
   Author: Thomas Obermair
   freshmeat.net
2. Balance
   Inlab Software GmbH
3. Line Printer Daemon protocol
   Wikipedia
4. Print Server Port Numbers for Netcat
   By Jeff Liebermann
   May 17, 2000
5. How to Add a Network Printer Locally on a UNIX Solaris SPARC Workstation
   Citrix
   January 13, 2003
6. Proxying the LPD Port with Balance
   MoonPoint Support
   March 3, 2006
7. Balance
   MoonPoint Support

[/os/unix/solaris] permanent link

The uninstall procedure on the Kephyr webage suggested using "Add or Remove Programs" from the Windows Control Panel to remove entries named "Surf Sidekick", "ItalMgr", "Command", "RelevantKnowledge" and "MarketScore" before going through the manual uninstall instructions. However, none of those existed.

The Kephyr site indicates that the presence of any of the files or directories listed below may indicate a system is infected with this malware.

%ProgramsDir%\Msnmaker\
%ProgramsDir%\Quick Links\
%ProgramsDir%\InetGet\
%ProgramsDir%\FREEPR~1\
%ProgramsDir%\Freeprod Toolbar\
%ProgramsDir%\Cas\
%ProgramsDir%\CasStub\
%ProgramsDir%\CMSystem\
%ProgramsDir%\System Files\System.exe
%ProgramsDir%\System Files\plugin.dll
%ProgramsDir%\Yazzle Sudoku\
%WinDir%\etb\pokapoka73.exe
%WinDir%\etb\pokapoka75.exe
%WinDir%\exe82.exe
%WinDir%\bsx32\
%WinDir%\etb\
%WinDir%\jptc.dat
%WinDir%\offun.exe
%WinDir%\rk.exe
%WinDir%\rlvknlg.exe
%SystemDir%\PSof1.exe
%SystemDir%\exp.exe
%SystemDir%\wintask.exe
%SystemDir%\adcomplusanalytic.exe
%SystemDir%\ichckupd.exe
%SystemDir%\bho.dll
%SystemDir%\nsb12.dll
%SystemDir%\APD123.exe
%SystemDir%\wuauclt.dll
%SystemDir%\202_app13.exe
%SystemDir%\APD123.exe
%SystemDir%\MTE2ODM6ODoxNg.exe
%SystemDir%\PopOops.dll
%SystemDir%\PopOops.dll
%SystemDir%\SI.exe
%SystemDir%\SWLAD1.dll
%SystemDir%\SWLAD1.dll
%SystemDir%\atmtd.dll
%SystemDir%\atmtd.dll._
%SystemDir%\dist001.exe
%SystemDir%\installer216.exe
%SystemDir%\nstD.dll
%SystemDir%\uc.exe
%SystemDir%\wuauclt.dll
%SystemDir%\AOP2.exe
%SystemDir%\repairs302972979.dll

%WinDir% is a variable. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).

%SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%ProgramsDir% is a variable. By default, this is C:\Program Files.

I created a batch file, pacerd_bundle-files.bat to search for any intances of the above files or directories on the system. None were found.

I then checked the registry for the presence of any of the registry keys the Kephyr webpage listed as being associated with the malware. I found only one of the listed registry keys. The one I found was associated with a Windows startup entry for winsync.

C:\>reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /
v winsync

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    winsync     REG_SZ  C:\WINDOWS\System32\kdkgpx.exe reg_run

However, I did not see that file on the system, even when I booted into safe mode. And none of the listed files were found on the system when I checked under safe mode, also.

I deleted the registry key with the reg delete command.

C:\Documents and Settings\Administrator\My Documents>reg delete HKEY_LOCAL_MACHI
NE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v winsync

Delete the registry value winsync (Y/N)? y

The operation completed successfully

When I scanned the system again with Bazooka, it did not report the presence of Pacerd.bundle. The registry key it found previously was likely a remnant of spyware previously removed by another antispyware program on the system.

References:

1. Pacerd.bundle

[/security/spyware/pacerd_bundle] permanent link

The uninstall procedure on the Kephyr webage suggested using "Add or Remove Programs" in the Windows® Control Panel to remove the malware. I looked for "SpySheriff" and "WeirdOnTheWeb" entries as suggested, but found none.

The Kephyr site indicates that the presence of any of the files or directories listed below may indicate a system is infected with this malware.

c:\loader.exe
c:\mailz.txt
c:\sys.exe
c:\tmp.txt
c:\trig.dtl
c:\winstall.exe
%WinDir%\weirdontheweb_topc.exe
%WinDir%\zsettings.dll
%WinDir%\tool1.exe
%WinDir%\tool2.exe
%WinDir%\tool3.exe
%WinDir%\svchost.exe
%WinDir%\ms1.exe
%WinDir%\ms2.exe
%WinDir%\ms3.exe
%WinDir%\ms4.exe
%WinDir%\msmsgr2.exe
%WinDir%\drexinit.dll
%WinDir%\kernels32.exe
%WinDir%\vr_sys.dll
%WinDir%\desktop.html
%WinDir%\dvpd.dll
%WinDir%\installer_SIAC.exe
%WinDir%\sasent.dll
%WinDir%\sasetup.dll
%WinDir%\cdmweb\
%SystemDir%\latest.exe
%SystemDir%\maxd.exe
%SystemDir%\newdial.exe
%SystemDir%\realupd32.exe
%SystemDir%\realupd_32.exe
%SystemDir%\thn.dll
%SystemDir%\thn32.dll
%SystemDir%\tibs.exe
%SystemDir%\vx.tll
%SystemDir%\init32m.exe
%SystemDir%\cssrs.exe
%SystemDir%\abc.exe
%SystemDir%\paytime.exe
%SystemDir%\vxgame1.exe
%SystemDir%\vxgame2.exe
%SystemDir%\vxgame3.exe
%SystemDir%\vxgame4.exe
%SystemDir%\win32.exe
%SystemDir%\newdial1.exe
%SystemDir%\zolk.dll
%SystemDir%\ztoolber.dll
%SystemDir%\ztoolbar.bmp
%SystemDir%\ztoolbar.xml
%SystemDir%\~update.exe
%ProgramsDir%WeirdOnTheWeb\

%WinDir% is a variable. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).

%SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%ProgramsDir% is a variable. By default, this is C:\Program Files.

The file svchost.exe is part of the list, but is also a file normally found on Windows systems. On Windows NT and later systems, though, it is found in %WinDir%\system32, rather than in %WinDir%. The Kephyr webpage indicates its presence in the %WinDir% directory indicates the presence of this malware.

I created a batch file, searchterror-files.bat to search for any intances of the above files or directories on the system. The script did not find either of the two directories associated with the malware %WinDir%\cdmweb\ nor %ProgramsDir\%WeirdOnTheWeb\. The only file from the list which it found was C:\temp.txt, which had a creation timestamp of Thursday, December 23, 2004, 4:21:31 PM. When I renamed that file, Bazooka no longer reported the presence of Exploit searchterror.com on the system. Since it didn't find any registry entries associated with the malware, I believe the report was a false positive.

References:

1. Exploit searchterror.com

[/security/spyware/searchterror] permanent link

Rdesktop for Solaris 10 on the Intel platform is available from sunfreeware.com at Freeware for Solaris.

rdesktop-1.5.0-sol10-x86-local.gz Rdesktop is a client for Windows terminal servers - installs in /usr/local. You will also need to install libiconv, openssl-0.9.8d, and to obtain /usr/local/lib/libgcc_s.so.1 you will need to have installed libgcc-3.4.6 or gcc-3.4.6 or higher.

rdesktop-1.5.0.tar.gz Source Code. [Details]

When I checked for libiconv on my Solaris 10 system, I did not find evidence of its presence.

# find / -name libiconv\*

When I checked which version of OpenSSL I had on the system, I found I had an older version than the one recommended.

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004

I also found an older version of libgcc than the one recommended.

# find / -name libgcc\* -print
/usr/sfw/lib/amd64/libgcc_s_amd64.so
/usr/sfw/lib/amd64/libgcc_s.so.1
/usr/sfw/lib/libgcc_s.so
/usr/sfw/lib/libgcc_s.so.1
/usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/amd64/libgcc.a
/usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/amd64/libgcc_eh.a
/usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/libgcc.a
/usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/libgcc_eh.a

I found gcc in /usr/sfw/bin, but it was version 3.4.3, not version 3.4.6 as recommended.

# pkgchk -l -p /usr/sfw/bin/gcc
Pathname: /usr/sfw/bin/gcc
Type: linked file
Source of link: ../../../usr/sfw/bin/i386-pc-solaris2.10-gcc-3.4.3
Referenced by the following packages:
        SUNWgcc
Current status: installed

Since libgcc-3.4.6 or gcc-3.4.6 was recommended for libiconv, I installed gcc version 3.4.6 first.

References:

1. Freeware for Solaris (x86/Solaris 10)

[/os/unix/solaris] permanent link

You can verify this is the source of the problem by clicking "File", then selecting "Page Setup" in Excel. With the "Page" tab selected, you will see the "Print Quality" setting for the currently selected worksheet. Let's say it is "300 dpi". But if you select the second worksheet titled "Page 2", when you take the same steps to view the print quality setting and don't see the print quality specified or it is different, then the variation in print quality settings is the source of the problem.

When the print quality settings vary between worksheets in the workbook, Adobe Acrobat will attempt to create multiple PDF files, one for each worksheet in the workbook, which is why it will prompt you multiple times for a file name. If you enter different filenames at each prompt, it will put each worksheet in a separate file.

To rectify the problem, make the print quality settings the same for each worksheet. In the case above, you could specify a print quality setting of 300 dpi for the "Page 2" worksheet as well.

You can change the print quality settings one by one for each worksheet in the workbook or you can select all of the worksheets at once by holding down the Ctrl key while clicking on the tabs at the bottom of the Excel window for the other worksheets one by one to select all of them, if you are working on a Windows system (you would use the Shift key on an Apple system). When all the worksheets are selected, you can release the Ctrl key then click on "File" and "Page Setup" to specify the print quality settings for all of the worksheets at once.

The minimum dpi for a laser printer is normally 300 dpi and is probably adquate for most spreadsheets you will print. Adobe uses 600 dpi as the default setting for Adobe Acrobat and Distiller and recommends that setting, but you can make the setting whatever you like. The output you will get when printing will depend on whether the printer selected can actually support the dpi value you've selected, though.

Once, you have set the print quality settings to be the same for all worksheets, take the following steps to print the workbook.

1. Click on "File".
2. Select "Print".
3. Select "Adobe PDF" as the printer.
4. In the "Print what" section, select "Entire workbook".

You should now have one PDF file containing all of the worksheets.

References:

1. More than one PDF file is created from an Excel workbook (Acrobat 5.0-6.x on Windows or Mac OS)
   Adobe Systems Incorporated

[/os/windows/software/pdf] permanent link

     rsh [-n] [-l username] hostname command

     rsh hostname [-n] [-l username] command

     remsh [-n] [-l username] hostname command

     remsh hostname [-n] [-l username] command

     hostname [-n] [-l username] command

On Solaris systems, rsh and remsh can be used equivalently. If you are using a Linux system, the rsh command may be available, but not the remsh command. The Remote Shell service is even available for Windows systems from Microsoft's Resource Kit (see Adding R* to Windows NT by Robert Flannigan). Or commercial versions are available for Windows 95 and later from Denicomp Systems (you can download a time-limited evaluation version).

The following options are supported for rsh and remsh:

     -l username
           Uses username as the remote username instead  of  your
           local  username.  In  the  absence of this option, the
           remote username is the same as your local username.

     -n    Redirects the input of rsh to /dev/null. You sometimes
           need  this  option  to  avoid unfortunate interactions
           between rsh and the shell which invokes it.  For exam-
           ple,  if  you  are running rsh and invoke a rsh in the
           background without redirecting its input away from the
           terminal, it will block even if no reads are posted by
           the remote command.  The -n option will prevent this.

The remsh and rsh commands connect to the specified hostname and execute the specified command. If no command is entered, i.e. you use rsh hostname or remsh hostname, you will be logged into the remote system. The type of remote shell (bash, sh, rsh, or other) is determined by the user's entry in the file /etc/passwd on the remote system.

If you have an account on the remote system with the same userid as the account you are currently using on the local system, you will be prompted for the password for the remote system and, when the correct password is supplied, will receive a shell prompt on the remote system where you can enter commands on the remote system.

bash-2.03$ remsh 192.168.1.6
Password:
Last login: Tue Oct 10 17:07:07 on console
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
You have new mail.
-bash-3.00$

If you include a command to be executed, then you must have permission to remotely execute commands. Otherwise you will get a "permission denied" response from the remote system.

bash-2.03$ remsh 192.168.1.6 uname -a
permission denied

To grant permission for the remote command execution, you can create a .rhosts file in the home directory of the user account on the remote system that specifies the hostnames of the systems from which remote commands can be submitted. For instance, you could put a line with the hostname mypc.abcd.com in the .rhosts file, if you wanted to allow commands to be remotely submitted from the system mypc.abcd.com. If you want to allow connections from multiple systems, put them on separate lines.

-bash-3.00$ cat .rhosts
mypc.abcd.com
mac2.abcd.com

With the above .rhosts file on the remote system, you will be able to login to the remote system from either mypc.abcd.com or mac2.abcd.com or submit commands remotely with rsh remotesys or remsh remotesys given that the remote system you want to log into is named remotesys and you have the same userid on both systems. You won't need to enter a password, even if the password on the local system differs from the password for the remote system.

You can also execute commands on the remote system and see the output on the local system.

E.g.

bash-2.03$ remsh 192.168.1.6 uname -a
SunOS hofud 5.10 Generic i86pc i386 i86p

Be sure to use the command chmod 600 .rhosts after you create the .rhosts file so that others can not view its contents.

Shell metacharacters that are not quoted are interpreted on the local host; quoted metacharacters are interpreted on the remote host.

E.g.

remsh remotehost cat remotefile >> localfile will append the remote file remotefile to the local file localfile, while the command line remsh remotehost cat remotefile ">>" otherremotefile appends remotefile to the remote file otherremotefile.

If you wish to login using a different userid, e.g. jsmith on the remote system, then you can use the -l option to specify a userid other than the one you are logged in under on the local system. You will be prompted for the password for that account.

# remsh -l jsmith 192.168.1.6
Password:

You won't be able to remotely execute commands, however, if you are using an account that doesn't match the userid on the remote system even with the -l option, if that account is not listed in the .rhosts file. You will get a "permission denied" error.

# remsh -l jsmith 192.168.1.6 uname -a
permission denied

You can fix that problem by adding the account to the rhosts file. For instance, suppose I am logged into the root account on the local system, but I want to execute a command on the remote system as the user jsmith. I can edit the .rhosts file on the remote system to contain the following 2 lines.

-bash-3.00$ cat .rhosts
mypc.abcd.com
mypc.abcd.com root

Now, supposing I have a userid jsmith on both systems that is my regular user account, I can execute commands while logged into the local system as jsmith or root. The first line in the .rhosts file doesn't have any username specified, so it will cover instances where the userid matches on both systems. The second line will allow me to specify commands to be run under the jsmith account on the remote system while I am logged into the local root account as shown below.

# remsh -l jsmith 192.168.1.6 pwd
/home/jsmith

As an alternative to using an .rhosts file in the home directory of an individual account on the remote system, you can create a hosts.equiv account in the /etc directory of the remote system, if you have root access on that system. Again, you should change the protection on the file after you have created it with chmod 600 /etc/hosts.equiv, so that not everyone on the system can read its contents.

You would use the same type of entries in that file as in the .rhosts file. E.g., to allow user jsmith to connect from mypc.abcd.com, you would would have the following /etc/hosts.equiv file.

# cat /etc/hosts.equiv
mypc.abcd.com jsmith

When you use rsh or remsh to remotely login to a system, you will be connected to TCP port 513. E.g., if you issued the command remsh 192.168.1.6 from the system with IP address 192.168.1.1, you would see the following connection established.

-bash-3.00$ netstat -an | grep 51[34] | grep ESTABLISHED
192.168.1.6.513      192.168.1.1.1023      8760      0 49640      0 ESTABLISHED

The source system is 192.168.1.1 and it has a connection to port 513 on 192.168.1.6. The source port on 192.168.1.1 is 1023.

If you are specifying a command with the rsh or remsh commands, then a TCP connection is established to port 514 on the remote system. You can confirm that connection by using the sleep command.

# remsh -l jsmith 192.168.1.6 sleep 180

The above command will execute the sleep command on the remote system using the jsmith account to execute the command. The argument of 180 tells the sleep command to suspend execution for 180 seconds. I.e. it justs pauses for 3 minutes.

If you were logged into the remote system in another window, you could then check network connections. This time, instead of a connection to port 513, there is one to TCP port 514. Again the source system from which the sleep command was submitted is 192.168.1.1 and the remote system is 192.168.1.6.

bash-3.00$ netstat -an | grep 51[34] | grep ESTABLISHED
192.168.1.6.514      192.168.1.1.1023      8760      0 49640      0 ESTABLISHED

Keep in mind that rsh and remsh don't encrypt any of the data flows. Though you may not be entering passwords when you have access permitted through an .rhosts or /etc/hosts.equiv file, the input and output is in clear text, i.e. can possibly be viewed by others on the network. The SSH and scp commands are secure alternatives, since they encrypt userids, passwords, and all data between the remote and local systems.

References:

1. rsh or remsh Command
2. Unix Manual Page for remsh
3. Configuring .rhosts
4. hosts.equiv, rhosts
5. remsh(1)
6. hosts.equiv(4)
7. remsh and the port number ?
8. UNIX Shell Metacharacters
9. Adding R* to Windows NT
   By Robert Flanagan

[/os/unix/commands] permanent link

Many web browsers, e.g. Internet Explorer, Mozilla, etc., can be configured to use a SOCKS proxy server. Other network applications which support the SOCKS protocol can also be configured to route their communications through a SOCKS proxy server.

By tunneling the SOCKS connections through an SSH connection, though, you can encrypt network traffic between the applications using SOCKS on your client system and the SOCKS proxy server so that others on the same network as your client system can not observe the traffic.

To set up a SOCKS server tunnel with SSH, issue the command ssh -ND n user@server where "n" is the port number you wish to use and "user@server" is a userid for your account on "server", which is an SSH server. For instance, ssh -ND 1080 jsmith@abcd.com would establish a SOCKS proxy server on TCP port 1080 on the SSH server abcd.com where you are logging in with the account jsmith. When you issue the command, you will be prompted for the password for the jsmith account. After you enter the password, you won't get a shell prompt from abcd.com, but you should then be able to configure your web browser to use the SOCKS proxy server running on abcd.com on port 1080. Port 1080 is the default port for the SOCKS protocol, but you can use any port (it will have to be a port above 1024, if you are not the root user). For instance ssh -ND 5555 jsmith@abcd.com would work just as well. You simply have to specify the selected port when configuring the applications that will use the SOCKS connection, such as your web browser. When the SOCKS proxy server is set up on abcd.com, only you will be able to use it through your tunneled SSH connection.

Configuring Browsers to Use SSH SOCKS Proxy Server

Internet Explorer 6.0
Firefox 2.0
Mozilla 1.7

If you want to verify that your web browser is now routing its communications through the SOCKS proxy server you can go to a website that will show the IP address websites are seeing for your system. For instance, www.showmyip.com will show your IP address. It should now show the IP address of abcd.com.

When you want to stop routing your browsers communications through the SOCKS proxy server, you can simply revert to the previous browser configuration.

Note: though your browser will now be receiving content from websites you visit through the SOCKS proxy server running on abcd.com and transmitting any input you provide to those websites through the SOCKS proxy server also, your client system, i.e. the system on which you ran the ssh -ND 1080 jsmith@abcd.com will still be looking up IP addresses for the websites you visit through the DNS servers specified on the client system when the SOCKS version 4 protocol is used. E.g., if you run the ssh command from mypc.mycompany.com, if you visit www.xyz.org, any content on the website www.xyz.org will be encrypted between the client system, mypc.mycompany.com and the SOCKS server, abcd.com, so no one else at mycompany.com will be able to observe the traffic using a sniffer. All that any network administrator will know is that you have a connection to abcd.com. However, mypc needs to translate the name www.xyz.org to its IP address. So mypc will need to query a local name server, e.g. mycompany.com name servers, to perform that translation. So someone sniffing traffic from/to mypc would see it perform a lookup of the IP address for www.xyz.org.

I've found this procedure works when the SSH server is running OpenSSH, even OpenSSH for Windows. It also worked when I tried connecting to a Sun Solaris 2.7 system running Sun_SSH_1.1.

References:

1. SOCKS
   Wikipedia


2. Tunnel Everything through SSH
   By Julius Plenz
   March 2, 2006

[/network/proxy] permanent link

I used a VBScript, office_versions.vbs to query the systems to determine which version of Office is installed on them. A limitation of the script is that it can only be expected to work on Windows XP systems.

[ More Info ]

[/os/windows/office] permanent link

HP states the following in regards to host-based printing:

Host-based printing requires a software print engine in the host operating system, and unlike a PDL (Printer Description Language) printer, cannot accept ASCII text direct from a computer. This means that the Host based printer will only work in the Windows and Macintosh environments that are specifically supported with the print engine written for that environment. Users of unsupported Windows and Macintosh environments, as well as users of Linux, Unix, OS/2 should consider a PDL printer like the HP Color LaserJet 2550 or CLJ3700.

The HP Color LaserJet 3500 printer I wanted to use belongs to someone else. When I looked at it, it appeared to be a hefty printer; I didn't realize it was a low-end printer until I checked on whether it supported postscript. On its HP Color LaserJet 1500, 2600n, 3500 and 3550 Series Printers - Host-based Printing Strategy webpage, HP states in the "Limitations of Host-Based Printing" section that "Host-based printers are excellent small workgroup printers suitable for Windows and limited Mac printing to include internet and typical office printing but NOT EPS file printing."

1. HP Color LaserJet 1500, 2600n, 3500, and 3550 Series Printers - PCL and Postscript Printer Language Support on Host Based Printers
2. HP Color LaserJet 1500, 2600n, 3500 and 3550 Series Printers - Host-based Printing Strategy

[/os/unix/solaris] permanent link

[ More Info ]

[/os/unix/solaris] permanent link

[ More Info ]

[/os/windows/utilities/backup/ntbackup] permanent link

I've found I can get synchronization to work again by going into the Device Manager and then disabling the Standard Enhanced PCI to USB Host Controller and then re-enabling it. You can do so by the following procedure:

1. Click on Start.
2. Type devmgmt.msc and hit enter.
3. Within the Device Manager, scroll down to the Universal Serial Bus controllers section and click on the "+" sign to the left of that section to expand it.
4. Right-click on Standard Enhanced PCI to USB Host Controller and choose Disable.



5. You will see a warning that "Disasbling the device will cause it to stop functioning." Click on Yes to disable it.
6. After the entry shows a red "X" through it indicating it is disabled, right-click on it again and select, Enable.

I've found that once I've disabled and re-enabled the USB controller, I can then successfully HotSync from the Palm.

[/pda/palm] permanent link

<?php

$thisfile = pathinfo($_SERVER['PHP_SELF']);

echo "Last modified: ".date("l jS F Y g:ia",
filemtime($thisfile["basename"]));

?>

Note: your webpage must have a .php extension rather than .htm or .html and your webserver must provide PHP support in order for the code to work.

The above code would display the date and time the webpage was modified in the format below:

Last modified: Sunday 5th November 2006 8:57pm

The options to the PHP date function above are encluded in parentheses. Within the parentheses the first argument is the date format to be used, which is followed by a comma and then the time value to be formatted. In this case the time value to be formatted is the file modification time, filemtime of the webpage.

The lowercase "L" will display the day of the week, e.g. "Sunday". The lowercase "j" displays the day of the month without leading zeros, e.g. "5". Putting the "S" immediately after it displays two characters for the English ordinal suffix for the day of the month. In the case above it causes the "th" to be put after the "5". The "F" displays the full month name, e.g. "November" and the "Y" displays the year as 4 digits, e.g. "2006". The "g" displays the hour in 12 hour format without leading zeros, e.g. "8" in the above case. It is followed by a colon and then the "i" displays the minutes with leading zeros, e.g. "07" or in this case "57". The "a" displays a lowercase "am" or "pm" as the case may be.

The characters you can use to control the display of the date are as follows:

For another example, using the following code woulld display the same date as above as Sunday November 5, 2006 8:57 PM instead.

<?php

$thisfile = pathinfo($_SERVER['PHP_SELF']);

echo "Last modified: ".date("l F j, Y g:i A",
filemtime($thisfile["basename"]));

?>

You can put the code in a PHP file that can be included in every webpage, so that if you decide to change the format of the displayed date, you don't have to modify every web page that you have on your website. For instance, I include a "footer.php" file in webpages using incfile.

References:

1. php displaying last modification time
   thescripts developer community
   July 17, 2005
2. PHP:date - Manual
   The PHP Group
   September 28, 2006
3. PHP Date()
   W3Schools
4. Date Format php for month day year and time formatting
   Plus2net
5. Including Files in a Web Page with PHP
   MoonPoint Support
   February 8, 2006

[/languages/php] permanent link

[ More Info ]

[/os/windows/software/audio/winamp] permanent link

[ More Info ]

[/network/email/exchange] permanent link

[ More Info ]

[/security/zoo] permanent link

XPress Version
Patch Level
Serial Number
Processor Type
Windows Version
ATM Version
TrueType Enabled
Free memory
Language
Keyboard Type
Number of Colors
Display Driver
Display Driver Version
Default Printer
Printer Driver
Network

Note: The serial number shown has been altered

[/os/windows/software/quarkxpress] permanent link

[ More Info ]

[/network/email/exchange] permanent link

User-agent: *
Disallow:

After experimentation, I found that if I specifed some value for "Disallow", I could get htdig to index the site. I put in a dummy value, i.e. Disallow: /abcde12345, a directory I would never actually use on the site to resolve the problem.

[ More Info ]

[/os/unix/solaris] permanent link

If you just want to find all symbolic links pointing to a particular file, e.g. search.html, you can use the find command with the -lname option.

# find / -lname 'search.html' 2>/dev/null
/usr/share/htdig/index.html

In the above example, the -lname option tells find to look only for symbolic links to a file named search.html. Using 2>/dev/null discards error messages by sending them to /dev/null. Otherwise, you could a lot of " No such file or directory" messages as well as the symbolic link information for which you are looking.

If you wish to see full details returned regarding the file, you can use the -ls option.

# find / -lname 'search.html' -ls 2>/dev/null
146567    0 lrwxrwxrwx   1 root     root           11 Nov  8  2003 /usr/share/htdig/index.html -> search.html

References:

1. Using find to locate files
   Mo Budlong's UNIX 101 Sunworld column
2. Ln - LQWiki
   May 26, 2006

[/os/unix/commands] permanent link

usage: digest -l | [-v] -a [file...]

You specify the algorith you wish to use to generate the digest or checksum with the -a option. One of the algorithms is md5. You can see a list of available algorithms with digest -l.

# digest -l
sha1
md5
sha256
sha384
sha512

Use all lower case letters for the selected algorithm as they are case sensitive.

Example:

# digest -a md5 htdig-3.2.0b5-sol9-intel-local.gz
12834a33e31135131bd5c5f0083860b1

You can have the file name and the algorithm used included in the output by using the -v option.

# digest -a md5 -v *
md5 (idea-c.html) = 3f9f5e884189acec870c8044de11e044
md5 (idea.c.gz) = 374536bb2cdd68f5c0dce961ace26959

[/os/unix/solaris] permanent link

[ More Info ]

[/security/antivirus/f-secure] permanent link

[ More Info ]

[/security/trojans] permanent link

1. Right-click on the desktop.
2. Select "Tools".
3. Select "Admintool".
4. Click on "Browse".
5. Select "Printers".
6. Click on "Edit".
7. Select "Add".
8. Select "Access to Printer".
9. In the "Admintool: Add Access to Printer" window fill in the fields. For "Printer Name" type some name by which you wish to designate the printer. For "Print Server" you can enter the Fully Qualified Domain Name (FQDN) of the printer, e.g. hp-printer.mycompany.com. For description, you can put in whatever descriptive information you wish for the printer, e.g. "HP LaserJet 5". If you wish the printer to be your default printer, check the "Default Printer" checkbox.
10. Click on "OK"
11. Click on "File" then "Exit" to exit from the Admintool.

If you don't make the printer the default printer, i.e. the one Solaris will use by default when you select "File" and "Print" in an application, but later wish to make it the default printer, you can do so by the following steps:

1. Open the Admintool as above.
2. Click on "browse" and select "printers"
3. Select the printer.
4. Click on "Edit" and select "Modify".
5. Check the default printer checkbox and click on "OK.
6. Click on "File" then "Exit" to exit from the Admintool

[/os/unix/solaris] permanent link

[ More Info ]

[/os/windows/registry] permanent link

I was finally able to resolve the problem by holding down the Ctrl, Alt, and Shift keys while starting Photoshop to have it wipe out its stored settings

[ More Info ]

[/os/windows/software/graphics/adobe/photoshop] permanent link

[/security/spyware/spybot/teatimer] permanent link

When I first started one of the StarOffice applications to read a Microsoft Word document, I was asked to install it and then was presented with the option of a "workstation" install or a "local" install.

 

Select Installation Type

Choose the type of installation.
(*)	Workstation Installation
	This installation will be carried out so that the programs can be started directly from the network. 1.5 MB are needed for the local files.
( )	Local Installation
	Installs all StarOffice 7 components locally on the workstation. This installation requires 284.3 MB memory; temporary 284.3 MB.

The choices weren't entirely clear to me. It seemed to me that the first was suggesting that I might be loading the software from another system, either a server of my own or one of Sun's servers. I expect to use the office package a lot and want to run it locally not over the network. However I wasn't sure that I was correctly understanding the options presented. It seemed to me I should select the "local installation" option, but I wasn't sure, so I did some searching online.

It seems I'm not the only one confused by the options presented. In a February 2004 posting to his blog on the O'Reilly Network website, John Adams voiced a similar complaint:

Sun's choice of office suite is a no-brainer: StarOffice 7. I find one thing to be rather weird about Star Office, and also OpenOffice, and that's that you need to install them once for each user. Furthermore, the choice of installation options is confusing. I was given a choice between Workstation Install and Local Install. I want both! I consider my computer to be a workstation, and I want the software installed locally. The correct, and completely counterintuitive choice here is the Workstation Install, which is described as the install to use when running the StarOffice software from a network location, except that I'm not running it from a network location, I'm running it locally. Had I not already been through this a time or two in the Windows world, I'd have made the wrong choice. In fact, under Windows, it's always a frustration to get OpenOffice configured so that it can be used by multiple users, but I digress.

From his posting I concluded that perhaps the local installation makes a copy of most of the StarOffice files for each user rather than allowing users on the same system to share the application.

I also found a thread at Nomenclature change on installer: "Workstation" and "Local" ins on the OpenOffice website where others complained the nomenclature was confusing. From that thread, I concluded that the workstation install was best for a multi-user system, so I chose that option.

I love the software and think it is a great alternative to Microsoft Windows, but I'm afraid most users would find those installation choices confusing also.

References:

1. Seasonal Revenue for Webloggers? Or, Digital Democratic Fundraising
   By John Adams
   February 18, 2004
2. Nomenclature change on installer: "Workstation" and "Local" ins
   May 12, 2004
3. StartOffice on Sun Ray Terminals at UD
   University of Delaware IT Help Center
   October 3, 2005

[/os/unix/solaris] permanent link

[ More Info ]

[/network/email/exchange] permanent link

The subject line of such e-mail messages may include any of the following:

Online Access Agreement Update
SON Registration
Urgent Notification - Security Reminder
IMPORTANT: Notification of Federal Deposit Insurance Corporation

The e-mail may request that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded, or may direct recipients to a webpage requesting personal information. While the FDIC is working with the United States Computer Emergency Readiness Team (CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For further information on these "phishing" email messages, see the FDIC Consumer Alerts webpage at http://www.fdic.gov/consumers/consumer/alerts/index.html.

[/security/scams] permanent link

If you wish to open a photo in one of your collections with a particular program while working in Corel Photo Album 6, you can take the following steps.

[ More Info ]

[/os/windows/software/graphics/corel/photoalbum] permanent link

Some attacks may not be feasible except from systems on the same LAN as the attacked system, since a very fast connection between the attacker and target may be needed to make the attack practicable. If a webserver is in a datacenter with perhaps dozens or even hundreds of other systems, a compromised system within the datacenter could be used by an attacker to exploit these vulnerabilities on other servers within the same datacenter, however.

If you need to determine which version of OpenSSL you are running, you can use the command openssl version. You may need to specify the full path to the command if it isn't in your default path. For a Solaris 10 system, you can use the following path:

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004

For Solaris 7, use /usr/local/ssl/bin/openssl version.

References:

1. Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites
   Netcraft
   November 3, 2003
2. ESB-2003.0871 -- Sun Alert Notification -- OpenSSL Vulnerabilitiyes in Sun Grid Engine 5.3
   Australian Computer Emergency Response Team (AusCERT)
   December 24, 2003

[/security/vulnerabilities/multios] permanent link

Example for a Sun Sparc system running Solaris 7:

bash-2.03$ showrev
Hostname: pluto
Hostid: 80b11bbd
Release: 5.7
Kernel architecture: sun4u
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain:
Kernel version: SunOS 5.7 Generic 106541-39 Jan 2005

Example for an Intel-based PC running Solaris 10:

-bash-3.00$ showrev
Hostname: saturn
Hostid: 15db9095
Release: 5.10
Kernel architecture: i86pc
Application architecture: i386
Hardware provider:
Domain:
Kernel version: SunOS 5.10 Generic

If you use the -c option, showrev shows the PATH and LD_LIBRARY_PATH and finds out all the directories within the PATH that contain it. For each file found, its file type, revision, permissions, library information, and checksum are printed as well.

-bash-3.00$ showrev -c /usr/local/bin/mboxgrep

PATH is:
/usr/bin:/usr/ucb:/etc:.

PWD is:
/home/jsmith

LD_LIBRARY_PATH is not set in the current environment
________________________________________________________________________

File: /usr/local/bin/mboxgrep
=============================
File type: ELF 32-bit LSB executable 80386 Version 1, dynamically linked, stripped
Command version: GNU C crt1.s

GNU C crti.s

    SunOS 5.10 Generic January 2005

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GCC: (GNU) 3.4.2

GNU C crtn.o
ld: Software Generation Utilities - Solaris Link Editors: 5.10-1.477
File mode: rwxr-xr-x
User owning file: root
Group owning file: root
Library information:
        libbz2.so.1 =>   /usr/lib/libbz2.so.1
        libz.so.1 =>     /usr/lib/libz.so.1
        libpcre.so.0 =>  (file not found)
        libc.so.1 =>     /lib/libc.so.1
        libm.so.2 =>     /lib/libm.so.2
Sum: 28300
________________________________________________________________________

The -p option will show patch information.

-bash-3.00$ showrev -p
Patch: 116299-08 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWxsrt, SUNWjaxp, SUNWxrgrt, SUNWxrpcrt
Patch: 116303-02 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWxrpcrt

The -a option prints all available revision information, including Window system and patch information.

-bash-3.00$ showrev -a
Hostname: saturn
Hostid: 15db9095
Release: 5.10
Kernel architecture: i86pc
Application architecture: i386
Hardware provider:
Domain:
Kernel version: SunOS 5.10 Generic

OpenWindows version:
Solaris X11 Version 6.6.2 15 December 2004

Patch: 116299-08 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWxsrt, SUNWjaxp, SUNWxrgrt, SUNWxrpcrt
Patch: 116303-02 Obsoletes:  Requires:  Incompatibles:  Packages: SUNWxrpcrt

[/os/unix/solaris] permanent link

[ More Info ]

[/security/spyware/funwebproducts] permanent link

To zoom in or out of the drawing, click on the icon of the magnifying glass on the toolbar, which will change the cursor to a magnifying glass. Move the cursor into the drawing. To zoom in, while holding the left mouse button down (or the right mouse button, if you have the mouse configured for left-handed use), move the cursor left in the drawing. To zoom out, move the cursor right.

To zoom into a particular section of the drawing, click on the "zoom rectangle" tool. It has an icon that looks like a magnifying glass with a rectangle in it. It is immediately to the right of the magnifying tool that allows you to zoom in and out. Move the cursor into the drawing then click the mouse button and while holding down the mouse button drag the cursor to form a rectangle. When you release the mouse button, you will zoom into the area of the drawing you have defined by the rectangle you drew.

To pan the drawing, i.e. move to different sections of the drawing, click on the hand icon on the toolbar, which will change the cursor to a hand. Then move the cursor into the drawing. While holding the left mouse button down (or the right mouse button, if you have the mouse configured for left-handed use), move the cursor in the direction you wish to pan.

[/os/windows/software/cad/buzzsaw] permanent link

To create an email filter to stop some email from going to a Blackberry, e.g. messages that have been tagged as spam, take the following steps:

1. Open the BlackBerry Desktop Manager on the PC. If you don't see a shortcut for it, look under Start, All Programs, then BlackBerry.

   

2. Double-click on Redirector Settings.


3. Click on the Filters tab.


4. Click on the New button.


5. In the Filter Name field, type a name for the filter, e.g. "Spam". Check the Subject checkbox and type the text that will appear in the subject field that identifies spam. In the case where SpamAssassin marks probable spam with "[SPAM]", you would put [SPAM] in that field.
   
   If, instead, you did not want to forward messages from a particular email address, you would check the From checkbox. If you didn't want to forward messages from multiple senders, you could put all of their email addresses in the From field, separating the addresses by semicolons. You can also use an asterisk as a wildcard to block multiple sending addresses. For instance if you wanted to block all email from xyzcorp.com senders, you could put *@xyzcorp.com in the From field.
   
   When you have specified the filter you want, check "Don't forward messages to the handheld.

   

6. Click on OK.



7. Click on OK again.

[/network/email/blackberry] permanent link

Dear Sir/Madam,

As part of our security measures, we regularly screen activity in the
Barclays Online Bank system. we recently contacted you after noticing an
issue on your account. We requested information from you for the
following reason:

Our system requires further account verification.

Due to the recent update of the servers, you are requested to please
restore your account info at the following link.


https://update.barclays.co.uk/olb/p/LoginMember.do

*Important*
We have asked few additional information which is going to be the part of
secure login process. These additional information will be asked during
your future login security so, please provide all these info completely
and correctly otherwise due to security reasons we may have to close your
account temporarily.



J. S. Smith
Security Advisor
Barclays Bank PLC.




Please do not reply to this e-mail. Mail sent to this address cannot be
answered.
For assistance, log in to your Barclays Online Bank account and choose
the "Help" link on any page.

Barclays Email ID # 1009

But the URL was clearly pointing to http://www.spain-soccer.net.ru//administrator/components/ibank.barclays.co.uk/olb/p/LoginMember.do/.

I don't reside in the U.K. nor do I have a Barclays bank account, but I went to the webpage and put in dummy information. There were several pages of questions to answer with questions about one's Barclay bank account, spouse's information,and credit card information. After submitting the information I was taken to a valid Barclays Bank webpage. Anyone foolishly completing the questionnaire with valid information would not only allow the scammer to access his Barclays Bank account, but also commit identity theft.

I forwarded the information to internetsecurity @ barclays.co.uk, the email address listed at Barclays Bank scam email page.

HTML version of Scam Email

[/security/scams/phishing/barclays] permanent link

AOL's user base has been dwindling as users move to broadband services. Those that don't have access to broadband services or don't want to pay for broadband services are also likely to choose cheaper dial-up services rather than pay a premium price for AOL's ad-saturated dial-up service.

References:

1. AOL to slash 5,000 jobs
   CNNMoney.com
   August 3, 2006
2. AOL Tells Broadband Customers to Find New ISP
   MoonPoint Support
   November 12, 2004

[/network/Internet/ISP] permanent link

The problem went away on its own, but only for a couple of days, then recurred. I took the system out of the domain and put it in a workgroup, rebooted, then put it back in the domain to correct the problem. Apparently there are a variety of causes for such a problem.

[ More Info ]

[/os/windows/domain] permanent link

Linkdomain Operator Supported

MSN Search
AltaVista
AlltheWeb

Linkdomain Operator Not Supported

Google
AOL Search
Ask.com
Gigablast
LookSmart

With MSN Search you can also use "links to", e.g. links to support.moonpoint.com. See Search Builder and advanced search options for other MSN Search operators.

Google does not provide a linkdomain operator, but I could search on " support.moonpoint.com" to find pages that contain pages that contain the "support.moonpoint.com", though that will find only instances where the website name appears on a page, not instances where a link points to the site.

References:

1. Who is linking to my website?
   By Raghavendra Prabhu, a developer in Microsoft on the MSN/Windows Live Search backend team

[/network/web/search] permanent link

1. Open "Server Management" by clicking on Start, All Programs, Administrative Tools, then Server Management.
2. Click on Client Computers.
3. Select the computer for which the user needs remote access by right-clicking on it then selecting Manage Computer.
4. Double-click on Local Users and Groups.
5. Click on Groups.
6. Double-click on Remote Desktop Users in the right pane.
7. Click on the Add button to add a new user to the Remote Desktop Users group.
8. In the "Enter the object names to select" field, place the user's domain account. Put the domain name followed by a "\" and then the account name. E.g. Acme\jdoe. Or you can use the form jdoe@acme.com.
9. Click on Check Names to verify the account.
10. Click on OK.
11. Click on OK again to close the "Remote Desktop Users Properties" window.
12. Close the Computer Management window.

Or you can resolve the problem by logging into the computer for which the user needs access and then taking the following steps, if that system is a Windows XP Professional system.

1. Click on Start.
2. Click on All Programs.
3. Click on Control Panel.
4. Click on Performance and Maintenance, if the system is set for "category view". If it is set for "classic view", go to the next step.
5. Click on Administrative Tools.
6. Click on Computer Management.
7. Click on Groups.
8. Double-click on Remote Desktop Users in the right pane.
9. Click on the Add button to add a new user to the Remote Desktop Users group.
10. In the "Enter the object names to select" field, place the user's domain account. Put the domain name followed by a "\" and then the account name. E.g. Acme\jdoe. Or you can use the form jdoe@acme.com.
11. Click on Check Names to verify the account.
12. Click on OK.
13. Click on OK again to close the "Remote Desktop Users Properties" window.
14. Close the Computer Management window.

[/os/windows/software/remote-control] permanent link

[ More Info ]

[/os/windows/software/security/password] permanent link

Items to sell

[/pc/hardware] permanent