WordPress upgrade by hand

Posted on January 16, 2016 by DocDock

I received a email from my own blog.  Yup, wordpress@paranoidprofessor.com, which is actually pretty amazing as that email address doesn’t really exist.

The content of the mail was as follows.

Please update your site at http://blog.paranoidprofessor.com to WordPress 4.4.1.

Updating is easy and only takes a few moments:
http://blog.paranoidprofessor.com/wp-admin/update-core.php

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/

Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.

The WordPress Team

I indeed had not been paying enough attention and I didn’t want to run an unpatched system.  I am also glad that the system is clever enough to pay attention to upgrades and inform me when they are missing.

The idea that I could update my blog by simply running the update-core.php script sounded a bit too good to be true.  So, I did all of the things that you should recommend to someone getting ready to “upgrade software”.

  • dump the database
  • use wordpress export script
  • backup wordpress file system

Not to be anti-climatic but the script actually didn’t work.

I cannot blame WordPress for this.  My setup was manually setup in a virtual environment and it is not even properly recognized by the environment manager Plesk.  So I went through and did it the old school – from the command prompt.

I would go through and describe it blow by blow but actually this is much better described by wordpress.org.  Yet, other than the backing up I would recommend perhaps a few extra steps.

  1. don’t work in the actual directory itself, create a work copy
  2. perform all update steps in the working copy directory
  3. shutdown your web server
  4. rename the current directory to new name
  5. rename the work copy to your actual directory
  6. start up your web server
  7. finish the upgrade process

Why?  Well, if you need to look anything up you always have the original directory, and your site will only be down for a few seconds.

Posted in blogging, Setup From Scratch | Tagged , | Comments Off on WordPress upgrade by hand

New York gunning to eliminate smart phone sales?

Posted on January 14, 2016 by DocDock

It seems that the fine legislators from the great state of New York feel that smart phone sales in the state have been just a bit too robust.  Well, that is my analysis based on reading the proposed bill.

The bill itself doesn’t suggest that there are too many phones being sold but rather that New York wants the manufacturers of those phones or the operating system provider to be able to decrypt and unlock the phone on command.  There will be a penalty of $2,500 per phone sold if the seller or lessor knew at the time it could not be unlocked or decrypted.

Apple might be the easiest group to target in the smart phone arena.  They make their own phones and they own the operating system on the phone.  There would be no finger pointing between the hardware manufacturer and the operating system owner.  Yet, it probably isn’t Apple or Google that would be on the hook for the $2,500 per phone fine, it would be the seller or lessor who would be subject to the fine.  This would be Apple if it was sold in the Apple store, but the bulk would be the mobile phone companies who are basically selling a phone and some way to use it.

This would seem to me to be a pretty good deterrent to prevent organizations in New York for selling or leasing a smart phone to anyone.  I would guess that this would be good news for people who live close to Rhode Island, Connecticut, New Jersey, Pennsylvania, Massachusetts and Vermont.  Maybe, it would be even better news to small businesses in those states who sell smart phones.

After all, they didn’t make it illegal to own a smart phone, or have a smart phone that is encrypted but only to sell these phones.  I guess there could be a booming business for smart phone purchases just over the border from New York, perhaps even cellular phone contracts.

(Who thought that a bill could be so short and easy to read, with only a hint of boring)

http://legislation.nysenate.gov/pdf/bills/2015/A8093

Posted in Soapbox | Tagged , | Comments Off on New York gunning to eliminate smart phone sales?

… and yet I must pay for ketchup

Posted on January 11, 2016 by DocDock

The other day we ended up at a fast food restaurant for dinner.  I guess my body is not the temple I thought it was.  Of course it took the children a while to make up their mind yet eventually the food was ordered, paid for and delivered.  Oddly enough the cashier added some candy to the tray, not a couple of pieces but two great handfuls.

Was the candy because of trying to create a link with the children? Customer Service?

Perhaps, but if you want ketchup with your meal you have to pay for each packet.

Paranoia

The unreasonable fear or irrational belief that other people are plotting to harm him or her.

Posted in Soapbox | Tagged | Comments Off on … and yet I must pay for ketchup

not plug and play

Posted on January 4, 2016 by DocDock

The author accepts no liability for the content of this article, or for the consequences of any actions taken on the basis of the information provided.

I went to Amazon.de and found a light fixture, SUPER SET LED Deckenleuchten mit T8 LED 23W neutralweiß 4500K, that appeared to fit all of my specifications.

  • 1.5 meters long
  • provides lots of light
  • uses LED’s not fluorescent bulbs
  • could be mounted underneath the cabinets in the kitchen
  • affordable

The lamp including the led bulb was delivered and was perfectly packed.  I was not as diligent as I should have been while looking at the photos; the light fixture would be probably more suitable in an open space office or a warehouse.  The light fixture that the bulb connects to is surprisingly deep three cm considering that there is nothing inside except for two very thin wires.  The bulb does actually provide up to 2400 lumen which does light up the working area very well.

So if the item was well packed and does everything that it was advertised to do why should I be a bit grumpy.  Well, the downside of fixture is that despite being appropriate for 220V there was no power cord provided and no place in the lamp to plug any style cord into.  Inside the case are some rather cryptic symbols how to connect up fixture to the mains.

German Electricity
It is always recommended to use the proper tool for any particular task as opposed to forcing something with the wrong item.  The proper tool in this case should probably be a electrician.  Yet, I am good with my hands and the Internet does provide a steady stream of information and I also have friends who can assist.

I like fooling around with electronics but electricity is a slightly different game all together.  For most electronics use direct current not alternating and usually the wires are red or black depending on if they are positive or negative.  This is not what I was finding on my new purchase.

t8-lampSingle phase what most Americans think about as normal alternating current, that is a simple sin wave which is 110 volts at 60 herz, or 220 volts at 50 herz in Europe.

singlephase

Nicolas Tesla was one, amongst many, people who independently discovered three phase power distribution.  What is three phase?  Well, it is possible to transmit more power simply by transmitting the alternating current and after 1/3 of the phase transmit a second current batch with the same characteristics and finally transmitting the final batch after another 1/3 phase.

threephase

In comparison to the average US building may have three phase power connected to the building but the actual apartments or households only have single phase power. In Germany, the building including houses or apartments are wired for three phase power.

My lamp was an alternating current device which would work with three phase power.  It is only a matter of connecting it to the wall.  The symbols inside of the lamp are N, L or plus inside of a circle and the three wires that are in our building are blue, brown or “yellow and green striped”.

phase L brown
phase return N blue
ground + yellow green

The task
All that I need to do is to get a wire that can be used to plug this lamp into the mains, connect the power cord, mount the lamp and not get electrocuted.

It really shouldn’t be too difficult as the building has three wires, and the extension cord that I cut up to feed this lamp also has three wires, and the lamp instructions for installation exists in 15 different languages including English.

  • Bulgarian
  • Czech
  • English
  • French
  • German
  • Latvian
  • Lithuanian
  • Hungarian
  • Ukrainian
  • Polish
  • Romanian
  • Serbian
  • Slovak
  • Spanish
  • Russian

Well, all of these are somehow condensed to fit onto two pieces of double sided A4 paper and cover 25 different models of lamp, and the light bulb instructions is a single side of A4 instructions in Polish.

  1. make two holes in wall or ceiling for mounting
  2. if lamp has a cover, remove it
  3. if lamp has a reflector, remove it
  4. snap the lamp fixtures into the cutouts
  5. snap the spacers into the cut outs
  6. insert the power cord into the lamp
  7. install the lamp on the wall or ceiling
  8. connect the power cord to the terminals
  9. attach the reflector or the cover
  10. install the light bulb

If you are a certified electrician then I suppose that step 8 is pretty clear, but for the rest of us that a bit brief.

My friend Mikhail was explaining to me about the phased power and essentially you could connect either phase or phase return interchangeably.  How can that really be the case, it seems pretty counter-intuitive.

Start by assuming that you connect the wires up correctly between the building to  the lamp cord and from the lamp cord to the bulb.  Everything is perfect.  The German power cord is 100% reverseable.

germanplug

The two red dots are where the plug goes in and the brass on the sides is the actual earth ground (yellow green striped)

This means you can unplug the cord, rotate the plug 180 degrees and then plug it right back into the wall.  That is no different than mixing up the phase return and phase connections.  That seems pretty odd, and it does not make a difference for a lamp but it does for other devices such as an electric motor.  For an electric motor the phase connections will determine the direction it spins.

The brass connectors on the side of the plugs are for connecting to ground, which in most cases is the yellow and green wire.

I did manage to get the lamp mounted and the power cord attached and it works fine.

Analysis

Pros

The lamp and bulb is quite well packed
Delivered in a timely manner
Technical specifications match what is delivered

Cons

No power cord provided
Instructions are intended only for certified electricians
Technical information on bulb only provided in Polish
Posted in Review, Setup From Scratch | Tagged | Comments Off on not plug and play

encryption in politics and just not getting it

Posted on December 30, 2015 by DocDock

Before I get started, I think that all the politicians from both sides of the aisle are perhaps only briefed on one side of any issue before they get out in public to talk about it.  The side of the issue that they are briefed on probably does change depending on the audience or perhaps based on the beliefs of their backers.

I just read an article in Ars Technica suggesting that Hillary Clinton is perhaps having a hard time remembering all the people who might possibly use encryption.

The low hanging fruit about encryption is that bad people such as terrorists or paedophiles may like to use it to keep their activities secret.  It is hard to see what they are doing in the before stages of naughty behavior and hard to prove what they have done after the naughty behavior has taken place.

It might be because politicians or even governments think that the only actors in the play of encryption are the naughty and the nice individuals.  The nice, by definition, have nothing to hide so weakening the encryption doesn’t really affect them at all, and it makes the job of the police much easier for dealing with the naughty people.

Yet, politicians don’t want to make the case of weakening encryption as that sounds bad even to people who are not completely aware of all the issues.  Perhaps the only solution is to actually have strong encryption and work behind the scenes on how to break it.

<politicans view>
Of course, we could have a regular Manhattan-like project to focus the attention of the nations top scientists to break the encryption.  It would be the perfect solution, the well meaning nice people’s data would be protected from other nice people and the police would be able to “read the mail” of the naughty people or scan through their hard disks when preparing court cases against them.

How could we have missed this?  Its perfect.
</politicans view>

What could be wrong with that?  It doesn’t take into account that the government also exists and would have to be either the good guy or the bad guy in certain circumstances.  The optimist says of course that the governments are the good guys.

Reviewing the previous paragraphs, the good guy in this case is our government and although it has nothing to hide may choose to encrypt their secrets.  It is hard to see what they are doing in the before stages of some specific activity or mission and hard to prove what they have done after the activity or mission has taken place.  Don’t worry their secrets are safe as everything is encrypted.

Yet some other government may view our government as the bad guy and have interest in what kinds of activities or missions are done or how we perform them.  Are our secrets safe?  Maybe.  Other governments constantly see bad players out there they are constantly having Manhattan-like projects designed to break our codes.

A knife can be used to cut food, or stab a co-worker.  A photo copier can be used make office copies or to infringe on other people’s copyrights.  Fertilizer can be used to make food grow or build a bomb.  Encryption just like every other tool or technology can be used for good or to protect nefarious activities.

I understand the governments desire to sift through a criminal’s digital papers looking for the smoking gun to help make the case a slam dunk.  Yet, despite living in the era of DNA and gas chromatography perhaps not every detail in all cases need or can be proven to nine significant digits.  Unfortunately, with some limited amount of help and some serious paranoia it is possible to live and coordinate activities without being caught – that is without even using special technology.  If you doubt me, think of the Osama bin laden case.

Anything one government can do to read the secrets of its people can be used by other governments to read our governments secrets.  It is impossible to have the best people all the time, impossible to keep all technologies secret all the time and implausible that all other peoples or governments will be always behind us in every technical way.

With an ever increasing digital world, strong encryption should be the norm despite the knowledge a handful of bad people exist and may use it to their benefit.

http://www.cbsnews.com/news/democratic-debate-transcript-clinton-sanders-omalley-in-new-hampshire/

Update 2016-01-19

Perhaps governments do understand the limitations, but the ability to check up on their citizens is too good of an opportunity to pass up.

A similar analysis quite eloquently described.

http://lauren.vortex.com/archive/001137.html

Posted in Soapbox | Tagged , | Comments Off on encryption in politics and just not getting it

safe computing – encryption

Posted on December 22, 2015 by DocDock

“Those who do not learn history are doomed to repeat it.”

George Santayana

Recently a friend of mine had an old computer that had a lot of personal photographs on it but it stopped working.  To be honest, he really is quite content with his tablet.  It fits in your lap, has fabulous battery life and you can put it into your briefcase or backpack.  He just wanted his old pictures back.

The request was simple, can I copy this information from the computer to a USB stick.  I simply took the computer home and took out the hard disk.  I connected it up to another computer and proceeded to copy all the files to a USB stick.

Windows didn’t stop me because I never gave it the chance, I booted up a different operating system.  It is not really a defect in windows, it was a case of simply working around the existing security, not terribly different than the Maginot line defense in world war II.

The Maginot line was a 200 mile long strategic defense in France to prevent an invasion from Germany.  It turned out to be a very good defense for direct attacks but essentially ineffective as the Germans simply invaded through Belgium.  They simply worked around the existing defenses.

The format of the filesystem has changed since the old days of Microsoft DOS but nevertheless it is a standard and well known.  Due to the size of the install base of Microsoft Windows and the file systems that they use, makes it inevitable that non-Microsoft utilities and operating systems would ensure that they would support this large user base.

The entire reason that I was able to get this data is because of how common everything is and how unprotected this drive was.  The data was not encrypted so any person, utility or operating system has a free hand in accessing it.

Encryption, or the controlled scrambling of the hard disk contents, is the solution.  The good news is that encrypting your disk with keep prying eyes from using such a simple work around.  The bad news is that if your computer breaks the same encrypted hard disk will be impossible to read unless you have saved your key.

If you are using BitLocker, from Microsoft, when setting up the encryption you need to either save the key to a USB stick or print it out.  Failing that, your data is 100% secure, even from you.

This is exactly the same situation for Truecrypt, Veracrypt, Zulucrypt, or any other full disk solution.  Besides isn’t Truecrypt unsafe?  Well, Truecrypt did pass its security audit, and although it is not perfect it is secure. The project which was abandoned has been forked to a new life.

Even if any of these solutions was compromised by any government or private organization, there is a minimum level of security.  If the laptop is lost or stolen your bank records, tax records and other private information is fairly safe from prying eyes.  My mentor Ivan has reminded me that if the authorities want your information they will get it one way or the other.

If the government is not able to brute force the password it probably wasn’t very well protected or otherwise they will take other things from you like liberty until you do supply the information that they want.

Encryption is a great idea if you are protecting national secrets but it is an equally good idea if you are not.  In this day and age, people have a lot of personal information stored on their personal computer.  This data may be a tax details, bank account details, pictures from your last holidays or even an especially embarrassing selfie.

Encrypting a file, partition or even the whole disk is a good idea but as always there is a downside.  When using a software based solution you are securing the data but taking the CPU away from its main tasks so it can encrypt and decrypt the reading and writing of data.  You may not see the speed degradation depending on the number and size of the files you process.

A solution for the speed problem is to purchase a disk that does the encryption in hardware.  Such a drive is referred to as a self encrypting drive – SED. The drive itself will have the necessary hardware to deal with the encryption.

You simply provide a authorization key (password)  when powering up the computer and the drive will be unlocked until it is powered off.  This is convenient but the downside is that locking the computer or hibernating the computer will not re-lock the hard disk.  Also, it is not possible to simply purchase a SED and put it into all of your computers as it is important that the motherboard has the ability to pass the authorization key to the drive.

I personally like having software do my encryption as I have a little bit more control over how much of the hard disk is encrypted and when it is locked or unlocked.

For more information about self encrypting drives, there is a very detailed article from pugetsystems.com.

https://www.pugetsystems.com/labs/articles/Introduction-to-Self-Encrypting-Drives-SED-557/

 

Posted in security | Comments Off on safe computing – encryption

securing your computer – eCryptfs

Posted on December 13, 2015 by DocDock

There are a lot of possible options for securing your computer using encryption.  Perhaps the easiest way to secure your data would be to purchase a new laptop with support for a self encrypting disk drive.  Failing that, all the Windows fans could could try Microsoft’s bitlocker to keep your data safe.

There are of course a lot more options than just those two.  There are a number of free encryption choices from the Internet.  Despite the fact that they are free doesn’t necessarily make them insecure, some of them are actually used in commercial products.

One such example is the encryption software eCryptfs.  This encryption software is used by Ubuntu for when encrypting home directories as well as by Google’s ChromeOS.

It is actually a pretty neat implementation of encryption. Rather than actually encrypting the filesystem itself, this encryption solution actually encrypts the individual files while also storing cryptographic metadata in the header of the files. This makes it possible to copy the encrypted files to another location. When the proper key is in the Linux kernel keyring the files will be decrypted. On the web eCryptfs they compare this to be quite similar to gnupg which is often used for encrypting single files or documents.

Install

Installing eCryptfs, like most Linux software, is pretty simple if it happens to be in your repository.

sudo apt-get install ecryptfs-utils rsync

dock@asus:$ sudo apt-get install ecryptfs-utils rsync
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  gstreamer1.0-pulseaudio libfreerdp-rail1.1 liblivemedia23 libmpg123-0 libpostproc52 libproxy-tools libusageenvironment1
Use 'apt-get autoremove' to remove them.
Suggested packages:
  cryptsetup
The following NEW packages will be installed:
  ecryptfs-utils rsync
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/488 kB of archives.
After this operation, 1,101 kB of additional disk space will be used.
Selecting previously unselected package ecryptfs-utils.
(Reading database ... 143885 files and directories currently installed.)
Preparing to unpack .../ecryptfs-utils_103-5_amd64.deb ...
Unpacking ecryptfs-utils (103-5) ...
Selecting previously unselected package rsync.
Preparing to unpack .../rsync_3.1.1-3_amd64.deb ...
Unpacking rsync (3.1.1-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u2) ...
Setting up ecryptfs-utils (103-5) ...
Setting up rsync (3.1.1-3) ...
dock@asus:/media/dock/disk$

Setup

The data files are stored in the actual data directory as an encrypted file, while the access to the file as an unencrypted file is done through the mount point.  Simply create a directory for the actual encrypted data and one to be used for the mount point.

For my example, I have created my private directory as “.private” and the mount point as “private”.  It is actually pretty neat, by having the actual data directory starting with a period it will be not be displayed for most of the directory listings.

The first time that you try and mount the directory you will be asked quite a few questions as well as for a password.

dock@asus:$ sudo mount -t ecryptfs /media/dock/disk/.private /media/dock/disk/private
Select key type to use for newly created files:
1) tspi
2) passphrase
Selection: 2
Passphrase: badpassword
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]:
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=04f11152141160c7
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [04f11152141160c7] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs
dock@asus:/media/dock/disk$

Note: The password "badpassword" isn't actually displayed to the screen.

Now that the eCryptfs filesystem has been mounted and the signature has been saved to the sig-cache.txt file. This is great as this piece of information, along with the rest of your choices, is necessary to allow you to re-mount the file system.

Although we want the security of the encrypted files, this would be a serious pain in the backside if we really had to enter these parameters each and every mount.  The secret to simplifying was displayed when the file system was mounted the first time.

ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=04f11152141160c7

This text, which is actually the choices that we made the first time, simply need to be saved into the file named .ecryptfsrc in our home directory for our root user.  These will be used instead of being prompted for the values next time you mount the directory.  You will simply be asked for the authentication information.

dock@asus:$ sudo mount -t ecryptfs /media/dock/disk/.private /media/dock/disk/private
Select key type to use for newly created files:
1) tspi
2) passphrase
Selection: 2
Passphrase: badpassword
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=04f11152141160c7
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=04f11152141160c7
Mounted eCryptfs
dock@asus:/media/dock/disk$
Note: the password "badpassword" isn't actually displayed to the screen.

The eCryptfs filesystem is mounted and dismounted in the exact same manner as any other Linux filesystem.

mount -t ecryptfs <encrypted dir> <unencrypted mount point>

mount -t ecryptfs /media/dock/disk/.private /media/dock/disk/private

umount /media/dock/disk/private

That’s it.  It is possible to have files that are encrypted and still access them with all the same programs just as if nothing were encrypted.

Yet, there are a number of other parameters that can also be put into our .ecryptfsrc file. One such option is for us to put the password for the filesystem into the the configuration file.

key=passphrase:passphrase_passwd=badpassword
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=04f11152141160c7
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=04f11152141160c7

This is a very bad idea if security is the goal.  The password is stored in clear text on the file system where it could be read by anyone.

There is another solution to the password problem.  It is possible to put a directory pointing to our password  into the .ecryptfsrc file.  The link points to a file that contains the password.

key=passphrase:passphrase_passwd_file=/media/dock/disk/passwd_file.txt
ecryptfs_sig=04f11152141160c7
ecryptfs_cipher=aes
ecryptfs_key_bytes=16
ecryptfs_passthrough=n
ecryptfs_enable_filename_crypto=n

Depending on where the file is stored this is only marginally better.  The file contains passphrase_passwd=<password>

passphrase_passwd=badpassword

This is not much better than putting the password directly into the .ecryptfsrc file.  The reason is that it is not too much effort for some other person to see where the password is located.

The exception would be if this password file was stored on some sort of removable media.  This way you would not be able to mount the encrypted directory without the media (USB stick or SD Card) being inserted.

Limitations

The good news is that eCryptfs is a super convenient and fairly simple solution to setup which gives you a bit of security for your files.  The bad news is that you are limited to a single encrypted top directory per user.

The other limitation is that this solution is only available for Linux due to it be built into the kernel.

 

Posted in Setup From Scratch | Tagged , , | Comments Off on securing your computer – eCryptfs

A cautionary tale – email attachments

Posted on December 10, 2015 by DocDock

So my sister sent me an email as there were problems at work, as luck had it she was out of the office when she got this from bookkeeping.

shadow-copy-serviceShe couldn’t make heads nor tails of it.  To be honest, I have been working most of the versions of Windows and this sounded pretty odd to me. The user kept pressing no but the dialog kept coming back. When my sister got back to the office she ran malwarebytes to check out the situation.

ransom.teslacrypt

Wow, so it seems like they have managed to get the teslacrypt virus. Not just any virus, but something that encrypts your files and then they want you to pay them to decrypt them.  Traditionally there is no honor amongst thieves, so it is in doubt if they would hold up to their end and actually decrypt the files even if they were paid.  I am not going to infect my pc to test that hypothesis.

How did this happen

I was kicking this around with my colleague and so we were wondering just what naughty web site was being surfed to get such a virus.  It is a small office, so there is not much in the way of restrictions.

Perhaps to ensure this doesn’t happen again, should they install a proxy server?  Do they need a different firewall solution?  None of the users have administrator privileges.  Is there something was overlooked?

Soul searching was done and a lot of questions were asked in addition to checking out the machine itself.  It turns out that the reason why this happened was a lot simpler than Robert was hitting the porn sites on his lunch break.

It seems that Sally in bookkeeping received an email from an unknown person with an attachment of an “invoice” to needing to be paid.  So Sally clicked on the attachment which came up and within seconds she knew that there was nothing that they needed to pay, click click click.  Closed the attachment and deleted the email.  It was shortly after this email that the odd behaviors started to occur.

There have been some good analysis of this virus such as this one.  That explains the deletions of the shadow copy that were being displayed.

delete-shadowsFrom the breakdown about how this virus worked, it was really well done – with an evil intent – but well programmed none the less.

Lessons learned

There is no hard and fast rules for common sense, but easy does it, or look before you leap sound like a good advice.

I get a questionable emails every few days just like everyone else.  What do the these emails want?

  1. click on this link to see sexy photos
  2. click on the attached photo
  3. check out my overdue bill
  4. bank transfer problems statement
  5. my travel itinerary

My favorites are the attachments with the names crafted for people who are only paying superficial attention to what is attached.

invoice-26282.pdf.exe
prom_picures.jpg.exe

The main lesson should be that you cannot click on just anything that is attached to your email.  This is true if this is from unknownperson@sketchydomain.cj or your mom.  It is possible for some of these virus’s to send out emails from your account to your friends in your contacts.

If the email doesn’t sound like it came from your friend or your family member, cast a skeptical eye on it.  Don’t open the attachment, make a phone call send an email of your own asking about the email you received.  If in doubt, simply delete it.

Final thoughts

You cannot be careful enough when surfing, opening emails, or running new programs.  Below is a small list of some best practices to help keep your computer running virus free.

  • Disable Outlook previews
  • Ensure that all security updates and patches are installed
  • Keep your software up to date with the latest versions
  • Use Anti Virus sofware
  • Think before you click on links or attachments
  • Think before downloading new programs or utilities
  • Disable autorun
  • Use hardware firewall
  • Company should use a proxy server
Posted in Soapbox | Tagged | Comments Off on A cautionary tale – email attachments

safe computing – can you trust your computer

Posted on December 6, 2015 by DocDock

When you purchase a new computer the manufacturers are usually kind enough to install everything starting with the operating system.  This is usually a somewhat limited version of the currently shipping version of windows.  Inevitably the computer also includes a small pile of software and utilities.  This ranges from trial versions of office, limited time anti-virus software, tool bars, or other vendor specific utilities.

The software is installed to both give a greater perceived value to the computer being sold and to actually get money from other companies for putting their software on your computer.  The idea is that you will love the trial software so much that you want the paid or professional version.

There is actually only three real options for going forward once purchasing your new computer.

The first is to simply live with the undesired cruft on your new computer.  The computer is so new that it does start up pretty quickly.

The next choice is to try and remove the trial and other undesired software.  This is usually easier said than done.  A lot of programs do indeed provide an uninstall program when they are installed but not all of these actually uninstall the software.  It might be necessary to purchase or find another program which will remove this software.  I don’t use any of these programs myself as I take the next option – install the operating system from scratch.

I used to think that this was the absolute best and safest thing that you could do – no junk no trials, no root kits.  Nothing could be safer, well, until I read about a extra special hook provided by Microsoft Windows.

With great power comes great responsibility

The extra special hook or a feature is the Windows Platform Binary Table (WPBT).  This feature allows PC manufacturers to inject drivers or programs into a windows installation from the motherboard firmware.

This basically means that upon restart of the computer when the BIOS is still in control, before the operating system is started, it can then copy a file or files into your installation.

This is a hugely powerful ability.  It can be used for either good or for evil.  The good would be to ensure that anti-theft tools stay in place even if the operating system is re-installed.  Anti-theft software certainly wouldn’t be any good if they could be worked around so easily.  This functionality could also be used to ensure that drivers are available for special or unique hardware.

The malicious usage of this technology might be similar to what has already been discovered in August with some Lenovo computers.  This small “faux pas” by Lenovo is no longer being done.   More important than this single incident is that this vector is still a possibility for attack.  Not from the script kiddies or virus writers but from the people who sell us the hardware.

This attack vector is even more troubling with the advent of secure boot that is now required by windows.  With secure boot it is now possible to have our devices locked down. So locked down that you cannot compile, install and run your own operating system, but that is a subject of a different article.

Unlike “firmware” on other much smaller devices, the firmware on our computers is actually the small UEFI operating system that is installed on its own 200 mb partition.  This is probably tiny compared to most smart telephones but gigantic when compared to the 1.2 mb floppy disks or 10 mb hard disks of the first IBM PC computers.

It was previously possible to have a bootable floppy diskette with the operating system and virtually the entire 1.2 mb used.  Just a few kilobytes to run the, non graphical, operating system.  It would be possible to do a considerable amount with hundreds of megabytes of program space.

This is the first time this type of thing has happened – right?

Well, not exactly.  There have been some other heavy handed activities by manufacturers in the past.  This is actually not the first time that some sort of ham handed attempt of securing a consumer device has occurred.

theregister.co.uk   Superfish spyware

theverge.com        disable windowsupdate.exe

schneier.com         Sony drm rootkit

pcworld.com          computers preinstalled with malware

How can I check my computer?

When windows is reading binary data from the UEFI operating system, the copied file will be saved into wpbbin.exe in the \windows\system32 directory on bootup.  You can look into this directory to see if such a file does exist.

Depending on what the actual executable does, it may not necessarily keep this name.  It is also possible to use tools to see what is setup in the WPBT.

http://rweverything.com/

This  indeed may be a very dangerous tool in the hands over the well meaning but fat fingered typists.  Use with extreme care or in read only mode.

It is actually a lot of work to check find and remove malware from your pc.  There are articles[1] [2] describing how to proceed.

How can I protect myself?

There are a number of different possibilities

  • get a pc from a vendor you really trust
  • use an alternative operating system such as Linux or BSD
  • build your own computer
  • get a pc from apple

Additional

More about UEFI
http://www.howtogeek.com/56958/

removal of LSE
http://www.tomsguide.com/us/how-to-lenovo-bootkit-removal,news-21456.html

Posted in Soapbox | Tagged | Comments Off on safe computing – can you trust your computer

Building a monster personal computer

Posted on November 30, 2015 by DocDock

Just a few days back I wrote “Purchasing a personal computer in the new millennium” which is how to get the absolute best computer by paying with a bit of elbow grease.

If not elbow grease then perhaps a small fee to your local microelectronics store is the key to success.

The resulting 8 core computer that was built in that previous article cost only $741.40 which is probably cheaper than some of the pre-built quad-core computers available.

While fooling around, I was wondering what kind of crazy big computer you could build on a limited budget. I didn’t do a proper job but I did replace the two key components, the motherboard and the CPU.

Description Price
MSI G210 1GB D3 PCIE DVH (graphic card) 31.99
EVGAMEM 16GB 8X2 D3 2133 DIMM C11 (ram) 84.99
MS OEM WIN7 PRO 64BIT SP1 OEM (operating system) 139.99
INLANDPRO ILSILVER 400 WATT ATX PSU (power supply) 24.99
Supermicro H8SGL-F (motherboard) 312.00
WD 1TB 3.5 MAINSTRM BLUE HD (hard disk) 39.99
AMD Opteron 6370P, 16x 2.00GHz, Socket G34, boxed (cpu) 771.00
IPSG LG 24X DVD BURNER (dvd drive) 14.99
CORSAIR CARBIDE 100R SILENT ATX (pc case) 57.99
Subtotal 1477.93
Build fee 130.00
Total 1607.93

It is actually a pretty amazing computer, even if it won’t help for most common situations.  Most software cannot take advantage of a 16 core computer, although I would suspect that photoshop and perhaps a few other graphics rendering software packages might.

This motherboard can support up to 128 gigabytes of memory, it would be a great computer for running quite a few virtual machines simultaneously or some sort of as a application server.

Posted in Setup From Scratch, Soapbox | Tagged , , | 1 Comment