Mcafee XOR Norton = The Devil?

Software No Responses »
Apr 282005

In the last week I’ve seen a half dozen machines with problems caused directly by Mcafee Security Center and Norton Internet Security. Have we gone too far with protecting PCs that we’ve now made it impossible for the machines to work properly?

Norton has become so restrictive that one person was not able to watch videos from NESN.com. Here’s the weird part: they could watch videos from Boston.com, which uses the same tools and the same video feeds! The problem went away when we disabled Norton.

Mcafee is even worse – two normally configured pc’s without any signs of spyware or virus infection were running so slow due to Mcafee taking up to 60% of the CPU and an extra 300 MB of ram that the best solution was to remove Mcafee and install something Grisoft AVG for antivirus protection.

I’m seeing more and more that multiple levels of protection on a pc are causing conflicts… I’ve seen antispyware issues so bad that we have to run multiple products several times to clean the machines up, meanwhile Google pop-up blocker is running at the same time XPSP2 popup blocker is running. Machines sitting behind firewalls also have personal firewalls turned on and security settings turned up so high that users can’t even log on to Hotmail.

And while I’m at it… here’s a rant about AT&T and their restrictive SMTP policies. Hooray for them trying to combat spam, but they’ve locked email down more than it’s worth. Spam has not decreased, but AT&T customers who want flexibility will need to find a new ISP. You’re forced to use their smtp host, you can’t get around it and use one off the AT&T network, and you can’t set up your own. Port 25 is blocked at their edge unless it comes from their own smarthost. Meanwhile, even if you’re ok with using their smtp server, you need to use authenticated smtp. God help you if you don’t have the username in the correct format or account password, as you’d expect, they can’t tell you what the existing password is, and even if you can convince them to change it, you better be prepared to go update your PPPOE settings or you’ll be without access of any kind. This kind of inflexibility is intolerable.

Posted by Administrator at 8:52 am

New Tablet from Toshiba???

News No Responses »
Apr 182005

I am currently reviewing the Toshiba M200 and the R15. These boxes are night and day, one is small, one is big, one is lightweight (4.4 lbs) and one is heavy (6.1 lbs). One has a big screen resolution (SXGA 1400×1050) with a tiny screen (12.1″), one has big screen (14.1″ with tiny resolution (1024×800). One has all the extras (CD, CDRW, DVD, etc) as add-ons and the other has them built in. So I sit here perplexed wondering which direction go into and voila!!!

Its as if Toshiba has heard the voices of the huddles masses and a lightbulb has gone on in their collected product development departments.

Several sources – TechSage and TabletPCCorner.net (its a link in English) are showing that the new Toshiba (which could be named Tecra M4) will merge the best of the M2xx and the R15 into a single wonderful device. Rumored features are a 14.1″ SXGA screen, 533 FSB, Optical Drives built in, NVIDIA 6600 graphics and dual WiFi – due out in Mid-May so if you can hold on, then hold on tight because ladies and gentleman this is the box that could bring tablet PC computing the masses!! Can I get an amen!

Posted by Administrator at 3:27 pm

3-D – Laptop?

News No Responses »
Apr 152005

http://images.forbes.com/media/nav/2005/0404tentech.jpg
Fortune as reporting on Sharp’s new AL 3D hardware which features:

Light from the images on the screen is divided so that different patterns reach your right and left eyes; each eye sees a different image. The brain processes each image so that they appear to leap out from the flat screen, with no need for those geeky 3-D glasses.

Posted by snoel at 10:05 am

Linux Distribution Tames Chaos

Linux No Responses »
Apr 152005

See this Wired article about Chaos, a Linux distribution developed by Australian Ian Latter,
which harnesses the unused processing power of networked PCs, creating a distributed supercomputer that can crack passwords at lightning speed.

The program remotely boots Linux on a PC without touching the hard drive,
leaving the “slave” PC’s operating system and data secure and untouched. Thirty
PCs connected as a cluster create enough processing power to complete complex
mathematical equations or high-level security tasks like password cracking that
no individual PC could handle alone.

 

Here are some of the links:

 

Pure Hacking: http://purehacking.com

Original Chaos: http://itsecurity.mq.edu.au/chaos

OpenMosix Project: http://openmosix.sourceforge.net

Quantian: http://dirk.eddelbuettel.com/quantian.html

Updated Chaos: http://www.purehacking.com/chaos

Posted by Administrator at 9:43 am

Fw: SEA-TUG Meeting Announcement

News No Responses »
Apr 122005

The next Sea-Tug meeting will be held Wednesday, April 13th.

–> PLEASE NOTE NEW MEETING LOCATION <–

Time: 6:15 – 8:30+/- pm
Where: Redhook Brewery Tasting Gallery (1st Floor) – Pease Tradeport,
Portsmouth, NH
Who: Thirsty System Engineers, Hungry Network Engineers, Network
Administrators, Help Desk Professionals, etc

Meeting Agenda:
6:15 – Introduction & User Group Business & Ordering Food (Redhook Menu)
6:30 – Presentation
8:00 – Questions and Answers
8:15 – Post meeting socializing

This month’s topic:
————————————–
Agentless Server Monitoring
————————————–

We’ve had several discussions regarding how to best monitor your server
environment; we’ve talked about MOM, Openview, Big Brother, and others.
This month we take a look at Heroix Longitude, and their “Agentless” solution
to monitor and report on OS Metrics such as Network, Disk, Ram, and CPU as
well as database, web, and messaging applications. The product provides both
alerting and reporting (including trending) for your core OS and several
applications.

The Heroix solution requires no client footprint, is cross-platform
(Windows, AIX, Linux, HP-UX, Solaris), and is web-enabled.

In addition to the traditional Powerpoint and Demo, we’ll also discuss
best- practices and real-world monitoring strategies. This month’s
guest-speaker is Ken Leoni, Regional Manager from Heroix out of Newton, Mass.

About SEA-TUG:
SEA-TUG is a technical user group (ie: for System Admins, not home users)
meeting once a month on topics relating to IT Infrastructure, Hardware,
Networks, Software, Security, Infrastructure, Deployment, etc. Visit
http://www.sea-tug.com for more information.

Posted by Administrator at 7:39 am

These guys seem to have some nice tools…

Software No Responses »
Apr 112005

Spy Arsenal

Posted by Administrator at 3:49 pm

DNS Cache Poisoning update from ISC.SANS.ORG

Uncategorized No Responses »
Apr 112005
April 7, 2005 – DNS cache poisoning update

We have received more technical details on the software configurations that
are vulnerable. Thanks to Microsoft for clarifying details on Windows DNS and
thanks to numerous others for reporting. We try to get all the technical
details right before publishing information on attacks like this, but if we
waited until we were 100% sure all the time, we would never be able to notify the
community when the attacks are actually happening.

On Windows 2000 SP3 and above, the DNS server DOES protect against
DNS cache pollution by default. The registry key to protect against the poisoning
is not necessary: the value is TRUE if the registry key does not exist. Microsoft has
now corrected the KB article that we published earlier with this information.

http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;241352

http://support.microsoft.com/kb/316786

On Windows 2000, you should manage the DNS cache protection security
setting through the DNS Management Console. On Windows 2000 below SP3, the
“Secure cache against pollution” is not the default so you should enable it using the
DNS Management Console. On Windows 2000 SP3 and above (and Windows 2003),
the secure setting is the default (even if the registry key does not
exist).

Our recommendation is to only set the registry key (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters) on
Windows NT4. Otherwise, use the DNS Management Console. If you are on Windows
2000 and you created the key already, you are safe to leave it in place as long
as the value is “1″.

There seems to be other possible scenarios where cache poisoning can
occur. When forwarding to another server, Windows DNS servers expects the
upstream DNS server to scrub out cache poisoning attacks. The Windows DNS server
accepts all data that it receives, regardless of the setting for protecting against
cache poisoning. So vulnerability of the attack depends upon whether the
upstream DNS server is filtering out the attack.

We are currently trying to determine the behavior of DJBDNS, and BIND versions 4, 8, and 9 when acting as a forwarder. We are asking for assistance from the community to determine their behavior so write us if you have details. It appears that BIND4 and BIND8 do not scrub the data, whereas BIND9 does. See the following scenarios:

Windows DNS > forwarding to BIND4 or BIND8. Windows DNS server assumes
that BIND scrubs out the poisoning attempt. BIND4 and BIND8 do NOT appear to
scrub the attack. Windows DNS trusts the data and the Windows DNS cache will
become poisoned.

Windows DNS > forwarding to BIND9. This configuration seems to be secure
because BIND9 scrubs the poisoning attempt.

Windows DNS (slave) > forwarding to Windows DNS (master). In this
scenario, your vulnerability is based on the vulnerability of the master. If the
master is vulnerable, then it will be poisoned and forward the attack to the slave server, which will also be poisoned. However, if the master is secure then both servers should be safe.

The following recommendations are based on the current assumption that BIND4 and BIND8 forwarders will not filter the cache poisoning attack to its downstream clients. If we find out that this is not the case, then the recommendations may not be valid. If you have Windows DNS servers forwarding to BIND4 or BIND8, you should start investigating an upgrade of those BIND servers to BIND9. If upgrading to BIND9 would not be a possibility, a secondary recommendation would be to turn off the forwarding on Windows DNS and allow the
server to contact the Internet directly so that it can apply the proper protection against cache poisoning. If you run an ISP and have clients that are using your DNS servers as forwarders, you may want to consider upgrading your resolvers to BIND9 in order to protect your clients.

Alternatively, if you have Windows DNS servers that are functioning as forwarders then you should verify that those machines are protected, which should protect the rest of the DNS servers behind it.

April 8, 2005 – Internet Storm Center Returning to Green

You may have noticed that the InfoCon has returned to Green. We do this not because we think the DNS cache poisoning is solved, but due to that we now understand the issues and have clear things people should do to protect themselves. Here are the suggestions we have for you:

- add the right key to the registry on NT

http://isc.sans.org/diary.php?date=3D2005-04-07

(Note: Windows systems are not protected even with their magic registry entry IF they trust an upstream dns system that doesn’t clear additional dns records from the answer to the query and site the article. – upgrade to the right SP on W2K
- not forward to vulnerable windows DNS caches
- not forward to pre-BIND9 bind DNS caches

And a heads-up to ISP’s and others
running BIND4 and BIND8 – Please upgrade to BIND9 if you are likely to have people
forwarding to you with a MSFT DNS cache.

Thanks to Kyle, Swa, Eric and Donald for their input. You guys are awesome.
A heartfelt thanks to all of you who participated in the research and investigation on this issue. It is
because of you and you willingness to assist that we are as successful as we are.

Posted by Administrator at 11:57 am

Building a hacker-proof network

Uncategorized No Responses »
Apr 102005

MIT wants to build a hacker proof network. Check it out here.

Posted by snoel at 4:55 pm

A Must for Every Server Room

Hardware No Responses »
Apr 072005

Canford a British audiophile shop has announced a 19″ Wine Rack.

Check it out – it doesn’t chill the wine but a 60-65 degree server room should be fine for Merlot’s and Cabernet’s

19 inch Wine Rack

Posted by Administrator at 11:03 am

WMCE54AG Media Center Extender and Media Center PC Connection Problems

Microsoft 1 Response »
Apr 062005

Question

I just installed the new Microsoft Windows AntiSpyware (Beta) software and I am now having trouble establishing a connection between my WMCE54AG Media Center Extender and my Media Center PC running Windows XP Media Center Edition 2005. I’ve been getting an on screen Error Code value of 00020B08. What can I do?

Answer

There is a known incompatibility between Windows AntiSpyware (Beta) software and Windows Media Center Extenders. Error Code “0002 0B08″ could be appearing on screen because of this issue.

If you install Windows AntiSpyware (Beta) on a computer running Windows XP Media Center Edition 2005, the Linksys WMCE54AG Media Center Extender will not be able to establish a remote connection.

To resolve this issue, you must remove Windows AntiSpyware (Beta) software by using the Add or Remove Programs applet found in Control Panel.

For more information about this issue, read the Microsoft Windows AntiSpyware (Beta) Release Notes located at: microsoft.com/athome/security/spyware/software/releasenotes.mspx

You can also reference the following Microsoft Help and Support Knowledge Base article (KB892374): support.microsoft.com/?scid=kb;en-us;892374

Posted by Administrator at 11:53 pm
Older Entries
© 2010 LANalyze Suffusion WordPress theme by Sayontan Sinha