MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
January
Sun Mon Tue Wed Thu Fri Sat
       
2006
Months
Jan


Tue, Jan 31, 2006 11:04 pm

QF File Found After Crash

A user sent an email message with a substantial number of large attachments, which exhausted the free space in the /var partition of a Linux email server, which was running low on space because of other large messages queued on the system and some large log files. That particular message proved to be the proverbial last straw on the camel's back. The system crashed and rebooted. In addition to the df file containing the message's body and attachments, I found a QF file, instead of the normal qf file, in the /var/spool/mqueue directory. The qf file contains the message's headers and other information.


# ls -lh *fk0PJ0eqI021438
-rw-------    1 root     smmsp         49M Jan 25 14:04 dfk0PJ0eqI021438
-rw-------    1 root     smmsp         948 Jan 25 14:04 Qfk0PJ0eqI021438

After clearing space on the partition, I didn't see the message associated with the two files when I used the mailq command, apparently because there was a QF file rather than a qf file.

So I renamed the Qf file changing the "Qf" to "qf" and then sent the message with sendmail -v -qIk0PJ0eqI021438. You can have sendmail manually process a queue by using a "-qI" option followed by the queue ID, which is the sequence of letters and digits after the "qf" in the filename. Adding a "-v" as well provides verbose information on what is happening as the queued message is processed.

The message was then processed by the server. It was addressed to two hotmail.com addresses. The hotmail server didn't like its size either, though, and rejected it. Apparently, though Microsoft now offers 250 MB of free storage with their free hotmail.com accounts, there is a limit on the size of any individual email message and the Hotmail email server regarded a 49 MB message as too large and bounced it back to the sender.


[root@example mqueue]# sendmail -v -qIk0PJ0eqI021438
 
Running /var/spool/mqueue/k0PJ0eqI021438 (sequence 1 of 1)
<mollychanged2@hotmail.com>,<danielchanged2@hotmail.com>... Connecting to mx1.hotmail.com. via esmtp...
220 bay0-mc1-f16.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail
to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Tue, 31 Jan 2006 19:19:37 -0800
>>> EHLO example.com
250-bay0-mc1-f16.bay0.hotmail.com (3.1.0.18) Hello [192.168.0.26]
250-SIZE 29696000
250-PIPELINING
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-AUTH LOGIN
250-AUTH=LOGIN
250 OK
>>> MAIL From:<laura3@example.com> SIZE=51191604
552 Message size exceeds fixed maximum message size
Service unavailable
<laura3@example.com>... Connecting to local...
<laura3@example.com>... Sent
Closing connection to mx1.hotmail.com.
>>> QUIT
221 bay0-mc1-f16.bay0.hotmail.com Service closing transmission channel

References:

  1. [Chapter 23] 23.3 A Bogus qf File (V8 only): Qf
  2. Hotmail to offer 250MB of free storage
    By Jim Hu
    Staff Writer, CNET News.com
    Published: June 23, 2004

[/network/email/sendmail] permanent link

Tue, Jan 31, 2006 9:51 pm

Messages File Too Large

I needed to make some more free space in the /var partition on a Linux system and found that the largest file in /var/log was the messages file, which had grown to 75 MB, because it was no longer being rotated. I moved the current messages file to another partition and then used /etc/init.d/syslog restart, which restarts syslogd, which was the process that had the messages file open. Restarting syslogd leads to the creation of a new messages file

[/os/unix/syslog] permanent link

Tue, Jan 31, 2006 9:16 pm

PowerPoint Animation Schemes Grayed Out

If you find that the entries under "Animation Schemes" in Microsoft PowerPoint 2003 are grayed out, you may need to change a PowerPoint option setting. For instance, if you click on "Slide Show" and select "Animation Schemes", but see that the Animation Schemes entries are unavailable, i.e. they are grayed out, then the "New animation effects" option may be set to "disabled". To re-enable the Animation Schemes effects, within PowerPoint, click on "Tools", then "Options" and then make sure that "New animation effects", under "Disable new features", is not checked.

[ More Info ]

[/os/windows/office/powerpoint] permanent link

Tue, Jan 31, 2006 9:00 pm

Windows Security Center.AntiVirusOverride

If you run Spybot Search & Destroy 1.4 and find that it detects Windows Security Center.AntiVirusOverride, that is not necessarily anything to worry about and, in fact, you may want to deselect this item as one that Spybot will "fix".

[ More Info ]

[/security/spyware/spybot] permanent link

Fri, Jan 27, 2006 2:34 pm

File Export

I wanted to view the files within an MSI file, i.e. a .msi file. I found a VBScript, called File Export at Export File List to Excel From MSI Using VBScript, which will create an Excel spreadsheet, i.e. a .xls file that lists the contents of an MSI file.


' File Export v 1.0

' Export File Table from a given MSI Database to an Excel Spreadsheet
' J.Loomes Nov 2000



Option Explicit

Const msiOpenDatabaseModeReadOnly = 0


On Error Resume Next
Dim installer : Set installer = Nothing
Dim szMSI

szMSI = InputBox("Enter MSI File (including full path)", "Select MSI", "")
DIM folder : folder = InputBox("Enter Folder to Write Table to...", "Select Export Folder","")

Set installer = Wscript.CreateObject("WindowsInstaller.Installer") : CheckError

Dim database : Set database = installer.OpenDatabase(szMSI, msiOpenDatabaseModeReadOnly) : CheckError

Dim table, view, record

        table = "File"
   
        Set view = database.OpenView("SELECT 'Name' FROM _Tables")
        view.Execute : CheckError
        Do
            Set record = view.Fetch : CheckError
            If record Is Nothing Then Exit Do
            Export table, folder : CheckError
        Loop
        Set view = Nothing
       
   
        Export table, folder : CheckError


Wscript.Quit(0)

Sub Export(table, folder)
    Dim file :file = table & ".xls"
    database.Export table, folder, file
End Sub


Sub CheckError
    Dim message, errRec
    If Err = 0 Then Exit Sub
    message = Err.Source & " " & Hex(Err) & ": " & Err.Description
    If Not installer Is Nothing Then
        Set errRec = installer.LastErrorRecord
        If Not errRec Is Nothing Then message = message & vbNewLine & errRec.FormatText
    End If
    Wscript.Echo message
    Wscript.Quit 2
End Sub

If saved as File-Export.vbs, the script can be run by double-clicking on it in Windows Explorer or typing File-Export.vbs, or cscript /nologo File-Export.vbs.

The script will prompt for the MSI file to process. Enter the full path to the file and the filename at the prompt. Make sure you type it correctly as you may see no error message and no output otherwise.

You will then be prompted for the export folder. A file named File.xls will be created in the directory you specify.

An examination of the MSI file contained within the whoami_setup.exe setup file for Microsoft's Windows 2000 Resource Kit utility Whoami, produced this File.xls, which can be viewed here.

If you would like further information on how an MSI file is structured, see Inside the MSI file format by Rob Mensching.

References:

  1. File Extension Details for .MSI
    FilExt - The File Extension Source
  2. Export File List to Excel From MSI Using VBScript
    By John Loomes
    December 7, 2000
  3. Whoami
    Microsoft Corporation
    March 8, 2001
  4. Inside the MSI file format
    Rob Mensching's blog
    November 25, 2003

[/os/windows/msi] permanent link

Wed, Jan 25, 2006 8:04 pm

Google and Government Control

MSNBC.com has an article today titled Google Vs. the Government where David Vise, author of 'The Google Story', discusses how Google has dealt with censorship in China and the recent attempt by the U.S. government to monitor what U.S. citizens are searching for on the Internet by demanding that search engine companies turn over massivive amounts of search records to the government, ostensibly so the government can protect children from pornography. China and Singapore also claim they must control their citizenry's web browsing to protect citizens from pornography.

The interview with David Vise also mentions that the former chef for the Grateful Dead was the executive chef for Google for awhile, but has since left to start his own restaurant.

References:

  1. Google Vs. the Government
    MSNBC.com
    Date: January 25, 2006
  2. Internet Filtering in Singapore in 2004-2005: A Country Study
  3. Censorshipo in Singapore
    From Wikipedia, the free encyclopedia
  4. Internet Censorhip - China

[/network/web/search] permanent link

Tue, Jan 24, 2006 9:04 pm

Environmental Impact of Hardware Disposal

Most people blithely dispose of old electronic equipment without any thought to the environmental impact. But, if such equipment ends up in a landfill or an incinerator, toxic chemicals can be released into the environment.

Electronic equipment, such as computers and monitors, may contain lead, mercury, cadmium, and hexavalent chromium. A Cathode Ray Tube (CRT) monitor may contain 4 to 5 pounds of lead4. Even the newer flat panel Liquid Crystal Display (LCD) monitors will contain hazardous materials, though they don't need the large amounts of lead required in the heavier CRT monitors, which require the lead to shield the user from X-ray radiation generated by the monitor. Mercury and lead have long been known to cause neurological damage. Some have speculated that the lead in wine storage vessels, food, and plumbing used by the Roman ruling classes was a major contributing factor in the downfall of the Roman empire. Though the Romans were aware of the serious health problems that could be caused by lead, they used it for many purposes and didn't consider the long-term implications of everyday use. Modern Americans use 10 times as much lead per person per year than the ancient Romans did before the downfall of Rome5.

Mercury, too, can have devastating effects on the human body. Many may be familiar with the Mad Hatter in Lewis Carroll's Alice in Wonderland. The reason madness was associated with hatters is that mercury was commonly used in the fur, felt, and hat industries of a few centuries ago7. When Lewis Carroll published Alice in Wonderland in 1865, mercury was widely used in the creation of the felt hats worn in England at that time and the phrase "mad as a hatter had been in common use for almost 3 decades. The effects of mercury poisoning on hatters included erratic, flamboyant behavior, excessive drooling, mood swings, and various debilities. A hatter might developer what were known as "hatter's shakes", which were characterized by severe and uncontrollable muscular tremors and twitching limbs. Hatters with advanced cases of mercury poisoning sufferred from hallucinations and other psychotic symptoms8.

Of the other harzardous substances in computers, hexavalent chromium (trivalent Chromium is actually an important component of a human diet) has been shown to cause high blood pressure, iron-poor blood, liver disease, and nerve and brain damage in animals. The movie Erin Brockovich is based on a true story of how Ms. Brockovich brought to public attention the environmental contamination in the town of Hinkley in the Mojave Desert resulting from the use of hexavalent chromium as an anti-corrosive in the cooling tower of a gas compressor station in the town. Residents of the town had been experiencing an array of health problems, such as liver, heart, respiratory and reproductive failure, Hodgkin disease, frequent miscarriages, and cancers of the brain, kidney, breast, uterus, and gastrointestinal systems at an alarming rate. As a result of Ms. Brockovich's actions, the town's residents were successful in seeking damages from PG&E, which was responsible for the gas compressor station9. But no amount of money can bring a loved one back from the dead or restore lives ruined by devastating health problems.

Cadmium, also found in computers, is a known carcinogen and chronic exposure to dust or fumes containing cadmium can irreversibly damage the lungs. Eating food or drinking water contaminated with high levels of cadmium severely irritates the stomach, causing vomiting and diarrhea. An accumulation of cadmium in the body can lead to kidney failure. Cadmium stays in the body a long time and can build up in the body to dangerous levels through many years of low level exposure10. For further information on the health risks posed by exposure to cadmium, see the Cadmium entry at the Corrosion Doctors website.

So, if you don't want to contaminate your own or someone else's air or water, you should not just dump your outdated computers, monitors, and other electronic equipment in the trash.

The Your Planet section of an article, Is Your Computer Killing You?, lists a number of alternatives to simply throwing the equipment in the trash. An 800 number, 1-800-CLEANUP, is listed for state-specific information for the U.S. on how to safely discard such equipment. You can also visit Earth 911 for general recycling information as well as information specifically related to the disposal of cell phones and computers.

The InformationWeek article also lists steps you can take to minimize health problems, such as carpal tunnel syndrome and eyestrain, associated with prolonged computer use.

Some computer manufacturers, such as Dell, have their own recycling programs. Dell will recycle your unwanted PC or computer electronics for a flat fee per item. If you buy a new Dell desktop or laptop, you can select the free recycling option at the time of purchase to recycle your old PC and monitor.

References:

  1. Is Your Computer Killing You?
    By Lee Hamrick
    Small Business Pipeline
    January 18, 2006
  2. Earth 911
  3. Dell Recycling
  4. Disposal of Old Computer Equipment
    A Mounting Environmental Problem
    By Michael J. Meyer, Waleed Abu El Ella, and Ronald M. Young
    The CPA Journal
    A Publication of the New York State Society of CPAs
  5. Lead Poisoning: A Historical Perspective
    By Jack Lewis
    EPA Journal - May 1985
    United States Environmental Protection Agnecy (EPA)
  6. Lead in history
    Corrosion Doctors
  7. Mercury Toxicology
    Corrosion Doctors
  8. Mad as a hatter
    Corrosion Doctors
  9. Chromium health and environment
    Corrosion Doctors
  10. Cadmium health and environment
    Corrosion Doctors

[/hardware/recycling] permanent link

Tue, Jan 24, 2006 7:40 am

GCN Interview of Vinton Cerf

Vinton Cerf is often referred to as the “father of the Internet”, though he modestly declines the title, crediting Bob Kahn with starting the internetting project at DARPA in late 1972 or early 1973. He later joined with Bob Kahn to work on network ideas after joining the Stanford University faculty. But Mr. Cerf certainly is one of the fathers of the Internet.

Government Computer News (GCN) has an interview with Mr. Cerf, who now works for Google, at The search continues. In it he states, when asked what Internet developments have most impressed him over the years, that "The massive sharing of information among individuals who offer their expertise and knowledge has been stunning in its scope." I think that is the most important benefit of the Internet. I've benefitted enormously from the information others have been willing to freely share on the Internet and I hope that information I provide will also benefit others.

I believe the impact of the Internet will be comparable to the impact the invention of the printing press had on civilization in helping to eradicate ignorance and disseminate knowledge. Just as the printing press sparked the Reformation and the Enlightenment, the Internet will spark new ways of looking at the world. The Internet, though at last enjoying wide popularity, is still in its infancy and its full impact has not yet been realized.

Reference:

  1. The search continues
    By Brad Grimes
    GCN Staff
    January 23, 2006

[/network/Internet] permanent link

Mon, Jan 23, 2006 11:12 pm

CDT Asks FTC to Stop Adware Developer 180solutions

The Center for Democracy and Technology (CDT), a nonprofit technology group, has asked the U.S. Federal Trade Commission (FTC) to stop 180solutions, Inc. from distributing software deployed using "deceptive and unfair" methods to generate pop-up ads.

180solutions develops adware products such as Zango Search Assistant and Seekmo Search Assistant, which generate pop-up ads. Like most adware distributors, the company asserts that users have consented to be bombarded with such ads.

The CDT asserts that 180solutions isn't aggressive enough in policing its distribution partners. Often adware/spyware developers will rely on other companies or individuals to distribute their products. Some of those distribution partners will use surreptitious means to install the adware on a system. When confronted about such nefarious practices, the developer can blame the distributor and claim it doesn't countenance such practices. The CDT cites CJB Management, Inc., which provides free web hosting services, as an example of how a 180solutions distributor misleads consumers who visit CJB websites. People who visit CJB websites are notified to expect advertising, but aren't told software will be installed on their systems that continuously monitors their Internet activities in order to send targetted ads to them.

References:

  1. Group Asks FTC to Stop Software Developer
    By Anick Jesdanun AP Internet Writer
    January 23, 2006

[/security/spyware] permanent link

Fri, Jan 20, 2006 8:03 pm

Internet Explorer JavaScript Support

JavaScript is often used to create dynamic webpages. However, when designing webpages you can't be certain that all users will visit your webpages with a browser capable of handling JavaScript code. Very old browsers or text-only browsers won't process the JavaScript code. Or an Internet Explorer user may have JavaScript support disabled. You can include code on a webpage to test whether JavaScript is supported and enabled.

[ More Info ]

[/network/web/browser/javascript] permanent link

Wed, Jan 18, 2006 1:07 pm

Network Solutions DNS Outage on January 18, 2006

A short while ago I found that I couldn't access my website. I then discovered that I couldn't retrieve IP addresses for any of my domain names for which I have DNS service from Network Solutions. Network Solutions is probably the largest domain name registrar in the world. I've been using GoDaddy primarily for registering domain names for quite some time, since their service is as good or better than Network Solutions service and they are a lot cheaper, but I still have some domain names registered with Network Solutions.

At the Internet Storm Center (ISC), I found a posting from Swa Frantzen at 2006-01-18 17:14:32 UTC regarding reports that Network Solutionsworldnic DNS servers are not responding to name queries. Network Solutions name servers have names of the form nsxx.worldnic.com, where xx is some number.

I called the Network Solutions customer support number. I heard a recorded message stating that they are experiencing a widespread outage and are working diligently to resolve the problem, which is their highest priority at the moment. There was no estimated time for restoring service.

The 24 x 7 Network Solutions support numbers are as follows:

In the U.S. and Canada call:
1.888.642.9675 (General Support)
1.866.391.HELP (Technical Assistance)

Outside the U.S. call:
1.570.708.8788

I first noticed the problem at noon US EST. At 12:55 PM EST, the problem was resolved. I could then successfully lookup IP addresses for domain names hosted with Network Solutions. I don't know when the problem first started, but it appears to have taken at least an hour to resolve (I'm presuming I didn't see it at the exact moment it started).

[/network/dns] permanent link

Wed, Jan 18, 2006 11:09 am

Auotmatically Starting Apache When the Server Reboots

If you wish to have the Apache web server software start automatically when a Solaris 2.7 system reboots, you can create a script with root ownership in /etc/rc3.d. Start the script's file name with Sxx where xx is a number not already being used in a filename for an existing script in the directory. For instance, if you have S34dhcp already in the /etc/rc3.d directory, you shouldn't use S34httpd, but you could use S88httpd, if S88 wasn't already used as the start of some other script name. The text that comes after the Sxx part of the name is arbitrary. You could call it S88httpd, or S88apache, or whatever else you choose.

You then need only the following line in the file to have Apache start automatically, presuming apachectl is located in /usr/local/apache2/bin.

/usr/local/apache2/bin/apachectl start

You can then change the permissions on the file to make it executable, though I found Apache was still started with permission settings of 644, i.e. "-rw-r--r--".

chmod 744 /etc/rc3.d/S88httpd

[/os/unix/solaris] permanent link

Tue, Jan 17, 2006 9:57 pm

Allowing Authenticated Senders From Otherwise Blocked IP Addresses

I had a user who uses Verizon's wireless broadband service report that he could not send email from his laptop. I had Outlook on his laptop configured to use sender authentication when sending email, i.e. I had "My outgoing server (SMTP) requires authentication" and "Use same settings as my incoming mail server" checked for his email account properties. Yet when Outlook attempted to send email, he would see messages similar to the following:

Task 'rberry1@moonpoint.com - Sending' reported error (0x800CCC78) : 'Unable to send the message. Please verify the e-mail address in your account properties.
The server responded: 550 5.7.1 Mail from 70.195.76.138 refused - see http://www.dnsbl.us.sorbs.net/'

The IP address assigned to his laptop by the Verizon network was in a range listed on the Spam and Open Relay Blocking System (SORBS) blocklist as being a dynamically assigned address range. I would expect a fair amount of spam to come from spammers using infected home users' systems as spam distribution points with most home users having dynamically assigned IP addresses, so I wanted to keep the SORBS blocklist in place on the server, but I did need to allow the user to send email through the server.

In order to allow the user to send email via the email server, but keep the SORBS blocklist, I maintained the sender authentication on his system, but modified /etc/mail/sendmail.mc on the email server. I "uncommented" the delay_checks line in the sendmail.mc file as below:

Original line

dnl FEATURE(delay_checks)dnl

New line

FEATURE(delay_checks)dnl

I then regenerated the sendmail.cf file and restarted sendmail with the following commands:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

I was then able to send from his laptop while connected to the Verizon broadband wireless service without a problem.

The delay_checks feature delays checks of the IP address of the sender against blocklists, aka blacklists, until after sender authentication. If sender authentication succeeds the presence of the sender's IP address on a blocklist won't matter. His email will still be accepted.

References:

  1. Anti-UBE FEATUREs in Sendmail 8.10/8.11

[/network/email/sendmail] permanent link

Mon, Jan 16, 2006 12:01 pm

Burst Versus Apple

Last year, Burst.Com, got Microsoft to agree to settle Burst's patent and antitrust suit against Microsoft for $60 million. Microsoft agreed to license Burst's technology. Burst then threatened Apple with litigation. In turn, Apple is attempting to have Burst patents for audio and video software declared invalid. Burst claims that its patents apply to Apple's popular iPod player and iTunes software and service.

References:

  1. Jobs' Apple Locks Horns With Burst.com
    By Chris Noon
    January 9, 2006
  2. Win Some, Lose Some
    By Robert X. Cringely
    January 12, 2006
  3. Burst.com vs Microsoft
    September 9, 2004
  4. Bursts's lawsuit against Microsoft
    By BurstInvestors.com
  5. Burst.Com, Inc.: Company Snapshot
    By the Winthrop Corporation
  6. BRST.PK: Summary for Burst.Com Inc.
    Stock Price

[/software/patents] permanent link

Thu, Jan 12, 2006 12:47 am

Controlling a Windows System from a Linux System

If you need to remotely control a Windows system from a Linux or Unix system, you can use rdesktop. Rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of communicating with a Windows system using the Remote Desktop Protocol (RDP).

With rdesktop you get an X Window display on your Linux/Unix system that looks very similar to what you would see if you were sitting at the Windows system. It works much like Windows remote desktop software that allows you to control one Windows system with another.

If you are using a Linux system, rdesktop may already be present. You can check by issuing the command rdesktop. If it isn't present, installing rdesktop is easy. Download the file from www.rdesktop.org, SourceForge.net:rdesktop, or here and then issue the following commands on your Linux or Unix system, subsituting the particular version number you have downloaded:

tar -xvzf rdesktop-1.4.1.tar.gz
cd rdesktop-1.4.1
./configure
make
make install

You can then run the software with the rdesktop command. E.g., if I wanted to connect to a Windows system with IP address 192.168.0.3, I could issue the command rdesktop 192.168.0.3. If the Windows system is behind a firewall, you will need to open TCP port 3389.

I often boot a Windows system with a Knoppix Linux Live CD when I am working at a site, so that I can be sure that I am working on a secure system rather than a system that may have been compromised by viruses, trojans, spyware, etc. If I need to access a server at the site, such as a Windows Small Business Server (SBS) 2003 server, I can still access it from the system booted into Knoppix Linux with a Live CD by using rdesktop. Knoppix Linux comes with rdesktop, but you may have another Linux Live CD, which doesn't already provide rdesktop. Since you are booting from a Live CD and can't alter its contents, you need to specify a directory that is stored in memory rather than on the CD when you are installing rdesktop. You can do so by using "--prefix" to specify the directory into which you wish to install it. Otherwise, you will get the following error when you attempt to install it.

$ make install
mkdir -p /usr/local/bin
mkdir: cannot create directory `/usr/local/bin': Permission denied
make: *** [installbin] Error 1

To eliminate the problem, you can use the following commands after you have downloaded the software into a virtual disk Live CDs will typically set up in memory. Suppose you have /ramdisk/tmp as such an area and you have made that your working directory.

tar -xvzf rdesktop-1.4.1.tar.gz
cd rdesktop-1.4.1
./configure --prefix=/ramdisk/tmp
make
make install
./rdesktop 192.168.0.3

Unless you specify otherwise, a new logon session will be established to the system. The current one won't be terminated. But, perhaps a user is already logged onto the system and you wish to connect to the current console session on the system, to see exactly what you would see if you were sitting at the system. Then you should use the -0 option to attach to the console, e.g. rdesktop -0 192.168.0.3. You can specify the userid to use with the -u option, e.g. rdesktop -0 -u administrator 192.168.0.3. You may also want to change the color depth with the -a option. The default value is 8-bit color, which gives you only 256 colors. If you use -a 16, you will get 16-bit color, which is 2 raised to the power of 16 colors, i.e. 65,536 colors. If you use rdesktop alone with no options, you will get a list of other available options for the command.

References:

  1. Administer Windows from Linux with rdesktop
  2. Using Rdesktop To Access Windows Terminal Services from A GNU/Linux Client

[/os/windows/software/remote-control/rdp] permanent link

Tue, Jan 10, 2006 10:56 pm

Windows Vulnerability in Embedded Web Fonts

Microsoft released a patch today, which is January's "Patch Tuesday", for a vulnerability in the way Windows handles fonts embedded in a webpage. The vulnerability could allow a malicious webpage developer, or someone who has compromised a website, to install an embedded font on a webpage such that when a user views the webpage the user's system could be compromised, potentially even allowing a remote attacker to take complete control of the user's PC.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Sun, Jan 08, 2006 11:48 pm

Attempted SpyAxe Installation

SpyAxe is suspect antispyware that, through deceptive and agressive deployment techniques, may be installed on a PC. If you see the message below, some malware is likely trying to install SpyAxe on the system.

Your computer is infected!
Dangerous malware infection was detected on your PC
The system will now download and install most efficient
antimalware program to prevent data loss and your private
information theft.
Click here to protect your computer from the biggest malware 
threats.

The software should not be installed. You can use the smitRem tool to remove the software which is attempting to set up SpyAxe on the system.

[ More Info ]

[/security/spyware/spyaxe] permanent link

Sat, Jan 07, 2006 6:02 pm

ClamAV Error While Loading Shared Libraries

I wanted to run the current version of the ClamAV antivirus software with a PLoP Linux boot CD. PLoP Linux provides a LiveCD that can be used to boot a Windows system and scan it for viruses. This can be useful when a Windows system is badly infected and you wish to avoid even booting into Windows to check the system. The version of PLoP Linux I downloaded from the developer's website at http://www.plop.at/page_en_0.html included ClamAV, but it was the 0.86.2 version rather than the current 0.87.1 version. I put the most current version of clamscan on a Zip disk, which I mounted after booting from the PLoP Linux CD, but when I tried to run the current version I got the message "error while loading shared libraries: libbz2.s0.1: cannot open shared object file: No such file or directory."

I used the ldd command on a Linux system where I had clamav working to find out what shared libraries it needed.


# ldd `which clamscan`
        libclamav.so.1 => /usr/lib/libclamav.so.1 (0x40022000)
        libz.so.1 => /usr/lib/libz.so.1 (0x4006e000)
        libbz2.so.1 => /usr/lib/libbz2.so.1 (0x4007c000)
        libgmp.so.3 => /usr/lib/libgmp.so.3 (0x4008b000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x400b8000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x400c6000)
        libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

I then copied all of those files to the same directory on the Zip disk where I had the clamscan program. But I got the same error message when I ran clamscan. So clamscan wasn't able to find the libraries it needed in the current directory.

After reading the article CLI Magic: ldconfig and friends by Joe Barr, I realized I need only add the directory where I had stored the libraries to /etc/ld.so.conf file. So I added /mnt/zip to the end of /etc/ld.so.conf.

/lib
/user/kerberos/lib
/usr/lib
/opt/multimedia/lib
/media/pluspacks/antivir
/mnt/zip

I then issued the ldconfig command. That allowed the newer version of clamscan I had on the Zip disk to look in the /mnt/zip directory while searching for the shared libraries it needed, when it couldn't find them in the other directories listed as locations for shared library files. I was then able to use /mnt/zip/clamscan to run the newer version on the Zip disk rather than the older version on the CD.

If you don't want to add a directory permanently to the list of directories searched for libraries, then you can issue the ldconfig command followed by the directory, e.g. ldconfig /mnt/zip would specify that the /mnt/zip directory be searched for libraries as well, but only until the system is rebooted.

References:

  1. CLI Magic: ldconfig and friends
    By Joe Barr
    May 16, 2005
  2. What is ldconfig used for?
    By Nathan Wallace, Kim Shrier
    August 3, 1999
  3. Shared Libraries
    By David A. Wheeler
    April 11, 2003
  4. Building and Using Static and Shared "C" Libraries
    By Guy Keren
    2002
  5. LDD Library Dependencies
    By Karsten M. Self
    April 8, 2005
  6. Automatic Dependencies
    By Red Hat, Inc.
    2000

[/security/antivirus/clamav] permanent link

Tue, Jan 03, 2006 8:17 pm

Disabling the FTP Service

If you wish to disable the FTP service on a Solaris 2.7 system, you can take the following steps while logged in as root.
  1. Edit /etc/inetd.conf, since the ftp daemon is started through inetd and comment out the ftp line.

    Old
    ftp stream tcp nowait root /usr/local/etc/tcpd /usr/sbin/in.ftpd

    New
    #ftp stream tcp nowait root /usr/local/etc/tcpd /usr/sbin/in.ftpd


  2. Send a "-HUP" signal to the inetd process, which will cause inetd to restart using the new contents of inetd.conf.

    # pkill -HUP inetd


If you issue the ps -e | grep inetd commands before and after the pkill command, you may see the same PID for the inetd process, but if you now try connecting to the system with FTP, you should get a "connection refused" message, since the ftp daemon will no longer be started by the inetd service.

[/os/unix/solaris] permanent link

Mon, Jan 02, 2006 11:45 pm

WMF Vulnerability Could Allow Remote Code Execution

Code that will allow attackers to compromise a Windows-based PC using a vulnerability in the way such systems handle images has been posted online over the holidays. Exploitation of this vulnerability by attackers could allow them to install spyware on a system or take complete control of it.

The vulnerability is within software that is part of the Windows operating system distribution. The affected software processes Windows MetaFile (WMF) images, but an attacker need only rename an infected WMF file with a JPG, GIF, PNG, or other common graphic file format extension to avoid any block on all WMF files, since a Windows system will examine the contents of files with those extensions and execute the code in them, if they are really WMF files.

An attacker can send infected images by email or put them on a website. The mere presence of an infected file on a system can lead to the system's infection, if file indexing software, such as Google's desktop search utility is presence. When the file is indexed, the exploit is triggered.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Sun, Jan 01, 2006 6:33 pm

Adding a Domain Account to the Administrators Group

To add a domain account to the local "Administrators" group on a Windows XP system, take the following steps:
  1. Click on "Start".
  2. Click on "Control Panel".
  3. Click on "Performance and Maintenance". If you don't see it, then you are in Windows XP's "classic" view and you can skip to the next step.
  4. Click on "Administrative Tools".
  5. Double-click on "Computer Management".
  6. Click on "Local Users and Groups" in the "Computer Management" window.
  7. Double-click on "Groups".
  8. Double-clik on the "Administrators" group in the right pane of the window.
  9. Click on the "Add" button.
  10. In the "Enter object names to select" field, put in the domain account name. E.g. if the domain was "example" and the user name was "Sally", you would put in "example\sally".
  11. Click on "Check Names" to verify the name you entered.
  12. Then click on "OK", if it was accepted. A "name not found" window will open if it wasn't accepted.
  13. Click on "OK" to close the "Administrators Properties" window, which should now show the name you added.

[/os/windows/domain] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo