18. April 2010 by admin.

A serious vulnerability exists in Java and Sun has known about this vulnerability since around April 9th. This exploit can occur because the Java Browser Plugin  is running “javaws.exe” without validating command-line parameters.  Last week, when confronted about the problem, Oracle said they did not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

A U.S.-based Web site, Songlyrices.com was compromised by attackers, and was redirecting visitors to a Russian server feeding the Java attack as well as other exploits.

Now that users have started reporting that they are being infected by the drive-by Java attacks, Oracle has changed its mind and issued a patch.  If you haven’t already patched this vulnerability you can download Java software at http://www.java.com/en/download/index.jsp

Posted in security, Drive-by Infection, Patches, Malware, Computers | No Comments »

2. July 2008 by admin.

I just read a story where is was stated that one in three technology professionals admitted to snooping on their fellow colleagues. Here is the story.

I know I am opening myself up for criticism from the geek community, but I find that absolutely reprehensible. The epitaph “Holier then thou” comes to mind, but I really mean it… using your administrative privileges to snoop on others is not only immoral but usually illegal.

All that is required is a little self-discipline with a smidgen of empathy thrown in, and those urges can be shoved aside.  Believe me… I’ve been tempted, but realizing the potential for abuse I have set my mind on operating at a higher plane.   Integrity costs you nothing…dishonesty can cost you everything.

This is not to say that users should not be monitored.  If the company has a valid Acceptable Use Policy in effect, then it may become your job to monitor their actions.

It simply has to be done fairly and across the board…everyone or no one, and with no personal interest.

I have found Spectorsoft (Spector CNE) to be a great monitoring system.  It meets the criteria for automated monitoring of all employees’ actions. Here at my Wilmington Delaware network support company, Admin Associates, we have been using and recommending it for several years.  You can see exactly what a specific user is doing in near-realtime and you have a history of past actions as well. The monitoring is done on a user by user basis and is not machine specific.

You don’t need to read an employee’s mail to see they are receiving more non-business mail then legitimate correspondence. Usually the subject line can give it way.  If you MUST read the mail to ascertain it relevance, a brief scan will almost always clue you in to what the message is all about.

If company policy says IM’s are too much of a security risk, then you don’t need to read the individual IM’s to know the user is violating the rules.

You can see who is browsing to eBay more then to the company Intranet…it’s not necessary to see what they were bidding on, or if they won!

When it becomes your unpleasant duty to drop a dime on the offending user, you can usually pass along the decision to carry out further “snooping” activities to a higher pay grade.  They often have err…less stringent standards then we admins do.

Good Luck and Good Networking

From way down in the trenches … I’m Tom

Custom Search

Posted in honesty, integrity, Acceptable Use, Monitoring, Networking, Administration, Computers | No Comments »

27. June 2008 by admin.

I just read an article about another 51,000 credit card numbers going into the wind… See the article here…

These stories scare the bejeebies out of me… I guess it’s a “there, but for the grace of  God, go I” kind of thing.  How would I know if someone has my credit card information?  Apparently the company that bought the rights to the Montgomery Ward name didn’t feel it was important enough to let their unlucky customers know.

I wonder if someone has any of my financial information.  I am pretty sure there is no key-logger installed on any of my own computers…make that 99.999% sure, but not 100% sure.

Since I constantly work with other people’s data, I am especially sensitive to the possibilities and careful to stay as infection-free as humanly possible.  But since I am human, I can’t be 100% certain… No one can. Firewalls, anti-virus, anti-spyware, and Trojan remover software…all of these things stand guard between me and thee, but is it enough?  Who knows?

As we move out from my semi-controlled environment and into the technological wilderness of my client’s accounts, I become more and more concerned.

At my Wilmington Delaware network support company, we always spend extra time stressing to our clients just how important safe surfing and safe-email practices can be.  We spin a lot of  “what if” tales to illustrate just what can happen if you let your guard down for even a minute.

We’ll take a computer with a new, unpatched installation of XP and set it in the client’s DMZ, then check it a couple of hours later. Almost every time you’ll find that the available free drive space has shrunk by 2 to 3 gigs. This is  a great argument for when a client thinks they are too small to be of interest to a hacker. There just “ain’t no such animal” as an installation that is of no interest to a hacker.

We monitor our clients’ anti-malware installations and make sure the signature files get updated daily. We check the status of the firmware of the hardware firewalls daily. We make sure that all available patches are up-to-date (after checking them for unexpected results).  We run Snort intrusion detection on our larger clients.  We train.  We explain. We do pen testing.  And still, I worry if some client is giving away the keys to the kingdom… right now.. this very minute.

Posted in Virus, Worm, Trojan, Malware, Networking, Troubleshooting, Computers | No Comments »

7. June 2008 by admin.

For quite some time now, hackers have been infecting web sites with malicious code by using SQL injection and iframe injection attacks. This operation is usually performed at, or right before the times when traffic is historically at a high for the day, thereby infecting the greatest number of visitors.

Unfortunately, you do not have to do anything particularly dumb to become infected.  If you navigate to one of these infected sites you will get an infection from embedded malware scripts.  This is commonly referred to as a “drive-by” infection.

I say you don’t have to do anything dumb because the sites I am discussing here aren’t porn sites, or ‘warz and serialz” sites…going to those sites would definitely qualify as dumb. No, they are often  some of the most popular and well known sites on the net… even news, weather, and public information sites

I provide Delaware Network Support all over the state and the surrounding areas. When you have this kind of business, you run into all kinds of infections.  Sometimes the users know they are infected, but most times I only find the infection when looking for reasons for poor performance or odd happenings.

This is where a really good anti-malware program comes in,   AVG 8, for instance, installs a component called “link Scanner” that blocks infected websites and checks links on search engines for these threats.

I suggest you check it our, and sooner than later.  Who knows… your favorite site may be next to fall to the black hats.

Good Luck and Good Networking

From way down in the trenches… Tom

Custom Search

Posted in Worm, Software, Virus, Trojan, Networking, Malware, Computers | No Comments »

3. June 2008 by admin.

There are a lot of things you can do, or not do, to almost guarantee computer problems.  I sometimes have a hard time understanding why people do the things they do… I mean, what are they thinking?

Here’s a perfect example:

I just got a call from a lady who was nearly hysterical. She works for one of my corporate clients and about three months ago she called me to ask what brand of computer she should get for her personal use at home.  I gave her my opinion (free of charge of course, as she expected, even though I do provide support for Delaware computer networks for a living) and never heard from her again until yesterday.

It seems there was a thunderstorm here last night (I must have slept through it) that messed up everyone’s power.  Clock Radios and VCR’s were blinking, TV’s had to be reconfigured… all the little annoyances that accompany a power outage. Come to think of it, I’m surprised my UPS didn’t wake me up with its little beeping alarm.

This lady was nearly in tears.  Apparently she had left her computer on overnight during the storm.  This morning she sat down at her desk and realized the computer was off.  She pressed the on button and …. Nothing.

The first thing I suggested when she called was to check her surge protector to see if it was on…. A long silence… followed by a weak meek voice that said “What’s a surge protector?”   “What’s your computer plugged into?” I asked, suddenly pretty sure I already knew the answer.  “The wall plug” she answered.

So, although I ALWAYS tell people to use a surge protector, or better yet a UPS, apparently that advice goes in one ear and out the other.  They call me for advice on how to get the best equipment for the lowest cost, but ignore the advice on how to protect the equipment I recommend.

Anyway, as we talked I suggested that she unplug the power cord from the back of her PC.  I then went on with my mini-tirade about the perils of power surges and about two minutes later, told her to re-plug her computer and try it again.  (drum roll please)… Ta Dah… it worked.

Many power supplies work in this way when they experience a slight surge… IF YOU ARE LUCKY!  Apparently, unplugging the power cord allows some capacitors to discharge. Whatever the cause, simply turning the on-off switch to off doesn’t do the same thing.

I strongly advise having at least a good name brand surge protector, but if you truly value your computer and the data you have stored there, go for a UPS.  A surge protector just protects against… well… surges.  A UPS, on the other hand, actually conditions the power coming into your system, preventing not only surges, but power drops, sometimes called “brown-downs”, slight changes in input frequency, and since it’s a battery backup, even short power failures.

Good Luck and Good Computing.

From way down in the trenches… Tom

UPS Unit

Surge Protectors

Posted in UPS, Power Surge, Power Supply, Uninterruptible Power Supply, Surge Protectors, Networking, Troubleshooting, Power Failures, Computers | No Comments »

29. May 2008 by admin.

If a race horse breaks a leg, they usually want to end its misery as quickly as possible.  It’s considered the more humane act. With the possible exception of Barbaro and a few others, that’s what people have done for hundreds of years.

I recently had to “put down” a piece of beta software that was broken. It was the most humane thing to do, except it was MY misery I wanted to end as quickly as possible.

This software started out with all of the promise of a fiery young colt and except for a few maddening bugs, delivered on that promise.

The software I am talking about is called Xobni (inbox spelled backwards). It is an Outlook add-in that performs many useful functions. While the major thrust is indexing your emails, it also provides a lot of
useful and a few not so useful statistics.  Want to find a specific email, just enter anything you can remember about it and Xobni will find it quickly and without too much strain on the old resources.

Want to know who sends you the most mail, or who you send the most mail to?  How about how quickly you reply to certain people, or how quickly they replay to you?  There’s all kinds of nice functionality.  And did I mention that Xobni (at least the beta version) is free?  Navigate to http://www.xobni.com for the download.

So, why am I singing its praises right after uninstalling it?  Not everyone has the same needs.  For many people, Xobni would be just great, and the price is right.  Nada !

The problem I experienced was that Outlook wouldn’t close correctly… In fact, most times it really didn’t close at all. I would close Outlook, it would appear to close;  the display would disappear from the screen, but Outlook,WinWord, and  Xobni would remain open.  I would have to go into task manager and close each file manually.  Sometimes there would be multiple instances of Outlook open, but hidden.

This wasn’t really a deal-breaker for me at first… a little inconvenient for sure, but as I said, it was a beta version, it provided very useful functionality, and it was free!

The turning point for me was during a PowerPoint presentation in front of several decision makers at a company I wanted to get on-board.  My slides were projected on a large screen in the front of the room and everything was going just fine, when suddenly a piece of “male enhancement” SPAM popped up in the lower right corner, followed by several pieces of personal email, AND a message from the CEO of a company that was in direct competition with my audience. Outlook was still functioning… albeit hidden, pulling down mail from the POP3 server. What a fiasco !

So, I uninstalled it that night.  As I mentioned, it was a beta version, and in all fairness I must also mention that the un-install routine called up an automatic connection to the Xobni web site.  Once there, I was presented with a survey asking why I uninstalled and mentioning that corrections were being made all the time and that a newer version may already be available.   I miss the program a lot, and may well try it again later.

You, dear reader must make up your own mine.

Good luck and good networking.

From way down in the trenches…. I’m Tom

Custom Search

Posted in Beta Versions, Software, Troubleshooting, Computers | No Comments »

26. May 2008 by admin.

It seems no matter how bizarre a problem is, there’s always another right around the corner that can top it. Ever since I began offering Delaware computer support to local businesses, I have found that one day is seldom like another… and to me, that’s a good thing.

Yesterday I got a call from one of my clients. They are located quite a long distance away… in fact they are the most distant of all my clients and had we not already been servicing them before they moved their operation, I wouldn’t consider retaining them.  Yeah, it’s that far… about 95 miles… one way!

The way the problem was explained over the phone, I thought Windows was failing to load due to corrupt boot files.  The lady who called said “When I boot the machine, the white line fills up about three quarters of the way and then stops.  I have rebooted several times and it always stops at the same spot.”   Since they have a couple of old 2000 Pro workstations, I believed a booting issue was the problem.

When I got on-site (2 hours in traffic later), I found a completely different scenario.

The unit was a Dell desktop running XP Pro, but the OS definitely wasn’t the problem. The unit wasn’t even getting completely through the POST operation.  When the Dell is running its POST there is a white progress line displayed on the monitor.  If I hit the f2 key, it would tell me it was loading setup, but again the white line display would stop around the three-quarters mark, just as she said it did.

First, I thought I would try reseating the memory.  I unplugged everything, opened up the Dell clam-shell case (I hate those), and reseated both sticks of memory.  While the case was still open I reattached the VGA cable and the power cable and hit the on button.  Lo and behold, the unit booted into Windows.  Ah Ha… Problem solved… I thought.

I put everything back together, fired up the unit and… same symptoms…same three-quarter white line. Since I had just seen the unit boot normally, I knew it had to be caused by something that had changed since the case was closed back up. Before I closed it up I had checked for pinched cables and such, so I decided to try unplugging things and see what happened.

First I unplugged the USB printer and rebooted… Nope… Still no bootage… then I unplugged the keyboard and rebooted… No, not even a complaint about a missing keyboard… I unplugged the mouse and rebooted… Ta Dah !   It booted into Windows without a complaint.

Now, with a legitimate suspect I started looking more closely.  I discovered the mouse wire had been gnawed almost in two by some really tiny teeth.  About this time those teeth came prancing in, surrounded by the cutest little teacup Yorkshire terrier you would ever want to see.  It seems the owner had just acquired this little sweetheart, but didn’t yet know she was chewing on things.

Bottom line I guess, if the unit won’t boot, along with the OS don’t forget to look at all of the peripheral connections as possible culprits.

Good Luck and Good Computing.

From way down in the trenches… Tom

Custom Search

Posted in peripherals, Troubleshooting, Networking, Computers | No Comments »

23. May 2008 by admin.

I was recently reading about yet another security breach that has been discovered. This time, a supermarket chain in the Northeast says that in excess of 4 million credit card numbers have been exposed… Here’s the story.

However, stories like this are no longer a big surprise… through newspaper headlines and the six o’clock news, we have been made aware of such breaches happening to the likes of TJ Max, Google, and the United States Navy. I am just amazed that it doesn’t happen more often… or does it?

Malware today is focused on financial gain. Long gone are the days when virus writers simply tried to outdo each other for big glitzy headlines. Today, stealth and guile are the more important attributes of a successful attack. By not making its presence known, the malware just sits there, day in and day out, communicating with the bot master, sending him, or her, our credit card numbers, bank account information, passwords, Social Security numbers and everything else we hold dear.

I wouldn’t be at all surprised to find that 90% of the fortune 500 systems are infected by bot-net Trojans and worms.

If I were the author, I would go about it a little differently. I would write a multi-tiered Trojan with dozens of versions that are significantly different; much like a polymorphic virus.

My hypothetical Trojan would just sit there until a specific date and time, synchronized through NTP, then activate all copies at once. This concerted effort would be intended to initially overwhelm the system. As the victims became aware of the Trojan, and a method became available to remove it, the next tier would discover that fact and start its own activation timer.  That way, by not activating immediately, it wouldn’t be as likely to be discovered in the recheck that inevitably follows a disinfection process. People forget quickly, it seems.  When a certain time had elapsed the process would start all over again until all tiers had fired and delivered their payloads.

How do these units get infected in the first place? Who knows?  While the most expected method is email delivery and removable media, there are so many other avenues of attack it is almost impossible to defend against them all. Not every infection comes from visiting porn sites or pirating software and serial numbers. There are now traditionally legitimate websites that have been hacked and infected. Just browsing to one of these sites can result in a “drive-by” infection.

The way most infections are discovered are by traditional signature-based anti-malware programs, due mostly to their prevalence in the marketplace.. Unfortunately, by the time the malware is discovered, the signatures written and the updated signatures distributed and installed, much of the damage has already been done. This is commonly referred to as a “Zero Day Attack” and accounts for more and more malware damage.  That’s why I usually suggest anti-malware programs that work on the so-called “whitelist” principle of allowing known clean programs to run and denying those that can not be validated, whether infected or not. It may be a little more inconvenient, but then again so is identity theft or having your bank account drained.

Go here to download an ebook on malware.

Next time… What IS the best defense?

Good Luck and Good Computing.

From way down in the trenches… Tom

Custom Search

Posted in Virus, Worm, Trojan, Malware, Troubleshooting, Computers | No Comments »

23. May 2008 by admin.

Here at my Delaware computer support business, there are few things in our world that are more painful then when a user’s PC  lets them down. We would rather keep you up and running then have to fix it after it’s broken.  Some people call that being proactive but I call it plain old common sense.

We all know that computers are just an arrangement of parts, and all these parts have a finite life. Put another way, the failure rate of every computer component ever made is 100%.  At some point in time, it WILL fail.  Even worse, it has been my experience that they will fail you at the worst possible time… some kind of eKarma thing maybe.

Today I got a call from a user who could not find a file he had been working on. It seems he started a spreadsheet several days ago and had been adding to it ever since. Apparently he was developing some real high powered formulas and had taken a break to rest his brain. He booted his PC, opened Excel, clicked OPEN, looked for the spreadsheet he had been working on, and it just wasn’t there.  He spent an hour looking for the file before calling me. Fortunately, I was able to connect remotely, and use a recovery program to find his file… Unfortunately it wasn’t the most recent version, so he had to reconstruct about three hours work.

The question here is… what actually happened to the file? He is a very experienced user and he swears he saved it normally…I believe him.  The point I am trying to make here is, sometimes there just isn’t a good explanation for what happens… like I said… eKarma ? I don’t know… do you ?

Custom Search

Good Luck and Good Computing.

From way down in the trenches… Tom

Posted in File Recovery, remote support, eKarma, Troubleshooting, Computers | No Comments »

22. May 2008 by admin.

I’m just sitting here… in a sort of creative daze, staring  at a blank sheet of virtual paper and wondering just what would interest another Network Administrator or maybe more importantly, another person who needs to learn about network administration.

Hi… My name is Tom. I am a certified Network Administrator… first Novell, then Microsoft… maybe Linux someday. I own and operate a Delaware computer support company based in Newark, Delaware, USA.

I always wanted my own business, but with no safety net to protect my family should I fail, I could never work up the nerve to strike out on my own   Well, that all changed one day when my employer decided he didn’t need me any longer.

I had taken a job with a small but ambitious home remodeling company. They had asked me to come on-board and leave my previous employer where I had worked for six years as a field engineer. I accepted since I was never really happy at my old job… my immediate supervisor was…less than an honest person… and the owner was…much less than pleasant…and I had to drive my own vehicle into the ground at 23 measly cents a mile.

When I started this new job, they had 7 workstations, an outdated NT4.0 server, a 10 Mb hub, and email was coming in through dial up from AOL.

As I said, however, they were ambitious. The company size increased quickly until there just wasn’t anywhere to put another person.  Now at 40 workstations and with a new Windows 2000 Small Business Server they were keeping the pipe full on their T1 line.

They eventually made the wise decision that they couldn’t spread out or build up any further, so they moved on… to a huge office/warehouse building a few miles away.

Eighteen months later, now at 70 workstations, a 2003 Small Business Server, a separate accounting server, and a 10 seat call center, they decided things were so calm and stable that they no longer needed a full-time administrator.

In truth, I had been splitting my time between network administration and cost accounting… no one else felt confident to create the long formulas we needed to prepare the necessary reports from Excel, so that job fell to me. The fact that they were too cheap to buy Crystal Reports may have also been a factor.

Anyway, I came in early, stayed late, and didn’t complain. I see now that I probably didn’t use the best personal judgmentby doing so.

As often happens to others, right before Christmas they dropped the bomb on me that they were letting me go… or rather the task fell to the company controller, with whom I had a good relationship.  I think it was the hardest thing she had ever done and I must say, I was never so shocked in my life.

I knew I had been doing a good job.. a great job in fact, and that was probably the beginning of my down-fall.  If you keep things running really smoothly you aren’t always as visible as you need to be.  Hind-sight being 20-20, I probably should have introduced an occasional controlled emergency.  ( Current admins… take note)

Even more strange… I was told (at the exit interview) there was absolutely no problem with the quality or quantity of my work. In fact, they were extremely happy with my performance and, if I wanted, they would hire me as an independent  contractor to continue servicing their account.

I had no job… No immediate prospects… Bills due… Insurance due…a slew of credit cards and  a family to feed… so I decided then and there… why Not !?  Most new businesses don’t have the luxury of starting out with a built-in major client, and let me tell you, being between a rock and a hard place isn’t a very pleasant place to be.

So, I threw together a fee schedule, applied for a business license, and my company, Admin Associates was born. Why the dumb name ? That’s for another day.

Good Luck and Good Networking.

From way down in the trenches, I’m Tom

Posted in Administration, Networking, Computers | 1 Comment »