Andrew G. Allen

Just announced on the Maltego blog (http://maltego.blogspot.com/2010/07/ce-is-live.html), the community edition of version 3.0 is now available. I downloaded and did a quick test of the new product this morning, which already seems quicker than the previous versions, and is themed with a Microsoft ribbon style interface.

Permalink | Leave a comment  »

Java is one of those components that most users have installed, but can be infrequently updated and forgotten about. Updates are published on a regular basis, the most recent of which having been set free in April of this year, and although supplied with a self-updating mechanism, it's just not suitable within controlled corporate environments with good acceptable use polices in place.

Following the trend of other popular software, the Java Runtime is also bloating out with other 'useful-less' components, so on a default install you can find yourself with extra memory resident processes, browser plug-ins and helper objects which are just not required to provide applications access to the Java Runtime.

Because of this, I now update my own lab environment with a scripted silent install of Java - it does not include the extra plug-ins and browser helper objects during installation, or the memory resident updater tool. Are there any other suggestions to keep the Java Runtime installation down to a minimum? I believe in only installing what is absolutely required.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Permalink | Leave a comment  »

There are now quite a number of podcasts available, covering all areas of Information Security - I find it a great way to stay up to date with the industry news, particularly when commuting. A fairly comprehensive list can be found at http://getmon.com/, while my current regular favorites are below:

• Paul Dot Com Security Weekly (feed) - one of the longest established US based security podcasts, normally around 2 hours long, with interviews, technical segments and industry news.
• Risky Business (feed) - an Australian based ~30 minute show, neatly split into news, interview and sponsor interview
• 2600 | Off The Hook (feed) - airs every Wednesday night at 7:00 PM EST in New York City on listener supported WBAI 99.5 FM.

I've created an aggregated feed of my Podroll, which makes subscribing quick and simple - on my phone, it means adding just one feed, instead of lots of different feeds for different podcasts (very useful when rebuilding your phone after flashing the latest ROM)... I did try RSSmix.com, which IronGeek also uses, but I found updates through the site don't seem to be that regular (and the site itself can run pretty slow as well), which means missing out on the latest content. Instead, I use Yahoo Pipes to merge and manipulate the various feeds together, and then publish through Feedburner to get some extra control / statistics.

Update - Dec 14

I've updated the pipe to include the following feeds, and also strip posts with no enclosures:

• RB2 (feed)
• Network Security Podcast (feed)
• Security Justice (feed)
• Securabit (feed)
• Tenable Network Security Podcast (feed)

Permalink | Leave a comment  »

If you are following the latest releases in regards to BackTrack, following a recent update you may have experienced error when PostgreSQL attempts to start:

Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output:

Then further down:

could not load server certificate file “server.crt”: No such file or directory

Here is a quick fix - at the console, type:

cd /etc/ssl/certs
ls -ld /etc/ssl/private
sudo ls -l /etc/ssl/private/
make-ssl-cert generate-default-snakeoil -force-overwrite
cd /etc/ssl/certs

Re-run the update commands, and you should be good to go:

apt-get update
apt-get upgrade
apt-get dist-upgrade

Permalink | Leave a comment  »

Permalink | Leave a comment  »

After having used Chrome for so long on my Mac (in the dev channel via the very useful Chromium Updater), switching back to Firefox reveals an interesting habit - searching via the address bar. In Chrome, you can type your search directly in the address bar and you'll get redirected to Google for your search results, however in Firefox it reacts slightly differently - it will carry out a Google "I'm feeling lucky" search which will direct you to the first result Google returns.

• http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=

By the way, If you are not already using Scroogle, it's a simple way to anonymise your search requests.

Permalink | Leave a comment  »

It's quite common that you need to remove some software when running in Safe Mode, particularly when you find your system is unusable when running normally. However, by default, the key service required to manage installed software is not running, and cannot be started (the Windows Installer Service, aka MSIServer).

Here is a quick way around this issue - by adding the registry entry below, you'll then be able to start the service and remove / install the software you require.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
sc start msiserver`

Once this change is made, it will remain permanent, and you won't need to re-apply it in the future, although you'll still need to start the msiserver service when required.

Permalink | Leave a comment  »

Permalink | Leave a comment  »

30/09/2009 13:30:34.98 C:\>

Permalink | Leave a comment  »

Permalink | Leave a comment  »

Permalink | Leave a comment  »

It's been a while since I've had involvement with Netware configuration, but I've recently had to add a tape drive to a Novell Netware 6.5 SP6 server - the key point is to update STARTUP.NCF on the DOS partition to include the required drivers for the SCSI card. For example, I added the lines:

LOAD NWTAPE.CDM
LOAD LSIMPTNW.HAM SLOT=2

The PCI card is loaded into PCI Slot 2 (hence the line above) - you can check which slot your device has been installed to by checking Novell Remote Manager (http://yourserver:8008/ or https://yourserver:8009/), under 'Manage Hardware' -> 'PCI Devices'. Once the driver has loaded (you can load the above drivers manually, without having to reboot the server), check the device is visible using 'LIST DEVICES' on the console.

Permalink | Leave a comment  »

Having recently been focused on a Citrix Presentation Server 4.5 migration, I took some time out to build a development 64-bit environment just to become familiar with any 'gotchas'... This was a single, stand-alone Windows Server 2003 R2 Standard SP2 64-bit operating system, with the 64-bit Citrix Presentation Server 4.5 Enterprise Edition installed, running inside XenServer 4.1 RC7 XenServer 4.1 - I chose to install .NET Framework 3.5 (which includes the required .NET Framework 2.0) and JRE 1.5.0_09.

Additionally, I installed the following components onto the same box:

• Citrix License Server 11.3 (inc. Microsoft Visual J# 2.0 )
• Citrix Web Interface 4.6 (plus required Access Management Console Extension)

The following hotfixes were then applied to CPS:

• Citrix Hotfix Rollup Pack PSE450W2K3X64R01.msp
• Citrix Hotfix PSE450R01W2K3X64003.msp
• Citrix Hotfix PSE450R01W2K3X64004.msp
• Citrix Hotfix PSE450R01W2K3X64005.msp
• Citrix Hotfix PSE450R01W2K3X64012.msp
• Citrix Hotfix PSE450R01W2K3X64014.msp
• Citrix Hotfix PSE450R01W2K3X64016.msp
• Citrix Hotfix PSE450R01W2K3X64019.msp
• Citrix Hotfix PSE450R01W2K3X64020.msp
• Citrix Hotfix PSE450R01W2K3X64023.msp

As a side note, I had installation errors on the rollup, and hotfix 005, but all seems to be working ok... anyway, at some point post-installation the Web Interface decided to stop working. The following error was recorded in the application event log:

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 13/03/2008
Time: 13:05:20
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

>

Server reboots / iisresets had no effect, and after lots of Googling, it looked like there might be a specific .NET hotfix to address the issue (KB913384), however it was only applicable to an older version of the .NET Framework 2.0 - it is supposed to be included / resolved in SP1 (build 1433). Another google confirmed this. After much frustration from a lack of solutions on the Citrix forums / knowledge base, I ended up uninstalling .NET Framework completely (you have to uninstall 3.5, then 3.0 SP1, then 2.0 SP1 in that specific order), then reinstalling the .NET Framework 2.0 RTM (build 42).

Once I then re-installed Web Interface 4.6 (enabling 32-bit mode in the process, as prompted) and then deleted and re-added the existing site within the Access Management Console, it all sprang back into life. I've not yet re-patched .NET to see if it remains functional...

Update 1

The error has occured again:

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 14/03/2008
Time: 08:18:27
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.42 - Fatal Execution Engine Error (7A05E2B3) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

>

This time, the only change I've made is to install the latest Citrix XenCenter console 4.1 RC7, which itself is .NET application. I ended up having to install the KB913384 fix, which this time was appliable to the version of .NET I had installed. I am going to do a bit more testing to see what is causing it to re-fail.

Update 2

And again...

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 1023
Date: 17/03/2008
Time: 10:55:32
User: N/A
Computer: VM4
Description:
.NET Runtime version 2.0.50727.63 - Fatal Execution Engine Error (7A05F093) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

>

This time I had installed and uninstalled Office 2007.

Permalink | Leave a comment  »

I've used Acronis True Image on quite a large number of Windows systems over the years, as it is a very good product which has gradually expanded it's (already impressive) feature set throughout that time. Just recently, I had the requirement to image a Linux system and so decided to trial the new Acronis True Image Echo Server on Linux - from what I found, there is no 'workstation' product for Linux like the True Image Home product for Windows, and so had to go for the server version instead. Specifically, I needed to backup a 64-bit CentOS 5.1 virtual machine running inside Citrx XenServer Express.

After registering for the trial version on Acronis.com, downloading the appropriate installation file and moving it into the VM, a quick 'chmod +x TrueImageServerEcho_d_en.i686' made the file ready for installation. The binary is suitable for 32-bit and 64-bit systems - no need for seperate installation files.

After kicking off the installation ('./TrueImageServerEcho_d_en.i686'), it was pretty much a next-next-finish affair, except I soon found I needed to have the kernel source files and gcc installed, for the installation program to correctly configure the SNAPAPI Module. A quick 'yum install -y kernel-xen-devel gcc' fixed the dependancy issue, and after re-run of the True Image installation file, all required software was now installed.

By the way, there was no documentation supplied with the downloaded installation file; I found out some of the information on the Acronis website, and also by browing the setup log file (/var/log/trueimage-setup.log).

Since I don't generally use an X-Windows interface on *nix systems (much prefer the command line via SSH), I've now got to see how far I get with the console tools ('trueimagecmd' and 'trueimagemnt')...

Permalink | Leave a comment  »

Adobe has released a security advisory warning users about a newly discovered 0-day vulnerability that has already been spotted getting exploited in the wild. The flaw affects all current version…… http://bit.ly/bzXhj4 #blogroll

A 4sysops reader recommended the freeware tool Windows System Control Center (WSCC) as an alternative to NirLauncher, the portable free launcher. I tested WSCC and it is indeed an interesting tool, not only as an ad… http://bit.ly/9knHlL #blogroll

source: http://bit.ly/a0yC27 #podroll

source: http://bit.ly/b7w8Zd #podroll

source: http://bit.ly/9x7mVc #podroll

source: http://bit.ly/cdIRqm #podroll

source: http://bit.ly/ah9wiz #podroll

source: http://bit.ly/cdIRqm #podroll

There are a raft of utilities that provide a front end for the built-in Unix system tasks. Some are free, some cost a little bit, either through a purchase or shareware fee. Cocktail is a great example of a paid app… http://bit.ly/bR8yzp #blogroll

source: http://bit.ly/dynMrC #podroll

Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The following features are new (or have been significantly updated) since v…… http://bit.ly/caYBdY #blogroll

source: http://bit.ly/bJa5jC #podroll

source: http://bit.ly/cdIRqm #podroll

Plex, the Mac OS X media center, has just made all of its competitors obsolete. A new version, dubbed Plex/Nine, will be released today at midnight EDT, and it introduces a number of new features that make it the me… http://bit.ly/dedTS7 #blogroll

Posted by InfoSec News on Aug 29http://www.telegraph.co.uk/news/uknews/crime/7969595/Gareth-Williams-backroom-boy-spy-was-really-a-high-flier.html By Gordon Thomas Telegraph.co.uk 29 Aug 2010 The Government Commun… http://bit.ly/cLVH3D #blogroll

source: http://bit.ly/a0yC27 #podroll

Libox is a cross-platform application that syncs your photos, music, and videos across machines, but also lets you stream files from a source computer to any other machine or mobile device you allow. More »… http://bit.ly/arWPd6 #blogroll

A while ago, we talked about Force-TLS that lets sites say “hey, only access me over HTTPS in the future” and the browser listens. Well, this idea has been solidifed into a draft spec for HTTP Strict Transport Secu… http://bit.ly/bLM9mw #blogroll

source: http://bit.ly/c6bdyh #podroll