Database Hackers Reveal Tactics By Kim Zetter – Story location:
May 192005
Ok, so my first Vonage (Vawn-ij, not Vone-ahj) installation was a piece of cake.
Plug in the PAP2, activate the device at vonage.com and bam! – you’re in business.
Pros:
- Softphone – allows you to make calls from your laptop over wifi
- Find me features – ring the real number, and if no answer, transfer to another number
- Multiple line find me – Ring up to 5 phone numbers at once, whichever answers first gets the call
- Online viewing of minutes used and incoming/outgoing call log
- Pick an area code and get a number there
- Take your PAP2 with you when you’re on the road
- Email notification when you get a voicemail
- Hear your voicemail over the Internet and export to .wav files
- Multiple lines, multiple numbers, and even an 800 number!
- Unlimited long distance in the US, Canada and Puerto Rico (with $25/month plan)
Cons:
- Not all area codes available
- Not all town prefixes available (nothing in Portsmouth?!?)
- Extra charge for Softphone
- Not all phone numbers are portable yet (like mine!)
- A $10 charge for everything you want to do (like request a new number)
- You can’t pick your number – it’s just assigned to you
- Be careful of the 2nd line – by default they are limited to either 250 or 500 minutes
All-in-all a very slick solution… call quality is good, but you might want to log in to your vonage account and move the call quality slider up to 90k instead of the default setting. I had some echoing on my line when I first installed it.
Oh, make sure you register your location so that you can call 911 from a Vonage line. Since it’s virtual, you have to tell the 911 center where you’re located by registering online.
May 192005
Keeping kids from succumbing to ‘the dark side’
By Anne Saita, News Director
19 May 2005 | SearchSecurity.com
Edward Ajaeb got his first taste of steganography in sixth grade, when
he set up a Web site for his teacher’s husband to showcase his master’s
thesis on the subject. By then the Utica, N.Y., youth had designed Web
sites for a couple of years, a side business he’d developed in the
fourth grade.
This spring, the 16-year-old sophomore got even more involved in sending
hidden, encrypted messages by using a tool he downloaded off the
Internet. He also tried to break into a wireless network and learned
what computer cops look for during a forensics investigation. All under
the watchful eye of the U.S. Air Force, which helped host what some say
is the nation’s first residential cybersecurity camp for high school
students.
“I wanted to learn different kinds of career options, and it turns out I
did learn there are a whole lot of choices,” Ajaeb said of the first
Cyber Security Program for High School Students held this spring at
Mohawk Valley Community College.
That’s just what organizers wanted to hear following the weeklong,
federally funded camp that exposed 28 talented teens from central New
York to a field with unique staffing challenges.
“To one degree, this whole program is about antihacking,” explained
Ronald Cantor, dean of the community college, which is a satellite
campus of the State University of New York and is located next to a
technology business park and Griffis Air Force Base’s cybersecurity
research laboratory. “During part of the course, we talk about legal and
societal structures and the ethics of computer hacking.”
Students said the dean did indeed stress using what they learned to
benefit “the good side” and not the bad. “In reality, after talking to
some of the students, they were more interested in the ‘bad’ things that
they could do,” admitted one student, “but [they] understood that they’d
be arrested if they ever got caught, so I believe that they decided
against it.”
Another student backed up that statement, saying some students told of
being able to manipulate servers but quickly learned the consequences if
they carried out that activity. “I don’t see any of the kids ending up
on the news for being a hacker or anything like that,” he said.
The program, which also plans summer sessions, arose from an open
challenge made by a local congressman, Rep. Sherwood Boehlert [R-New
Hartford]. “We are not producing fast enough the intellectual capital
needed to maintain our preeminent position in worldwide markets,” said
the chairman of the House science committee. “This is the Information
Age and just about everything depends on our ability to address the
challenges of cybersecurity.”
The camp was designed by Dr. Kamal Jabbour, a civilian who created the
curriculum for the Air Force’s Advanced Course in Engineering, a
cybersecurity boot camp for cadets. Students, who were recommended by
their guidance counselors and teachers based on academics and interest,
lived in an ACE student dormitory and spent four hours daily in lectures
and labs on a variety of subjects: legal and ethical issues; policy
making; computer forensics; wireless security; steganography; and
next-generation network security.
Campers admit the legal lectures were a snooze and the wireless attacks
and steganography exercises were a highlight. “The whole week was
phenomenal,” said Justin Monroe, a junior from Rome, N.Y. “It really
gave me an idea of what the computer science and engineering fields are
really like.”
This was, of course, camp and so students also devoted time to
team-building, swimming, volleyball and field trips. Chess was huge,
with some students calling home to request extra chess sets for ad hoc
tournaments. And some needed to be coaxed outdoors to play Frisbee.
But there also were signs this was no ordinary camp. The military
presence was inescapable. Students watched patriotic movies, such as
“Patton” and “Apollo 13″ and ate breakfast between 6 and 6:30 a.m.
daily.
“For a lot of us, waking up that early in the morning was a physical
challenge,” Ajaeb said.
But everyone involved in the program say it was a big success and should
spawn similar camps nationwide. That, Boehlert said, is good for the
country. And just in time, given the pervasiveness of data crimes and
identity theft. “We’re maturing in this whole industry. You had
reluctance from people to acknowledge there was a problem. They didn’t
want to admit it publicly, for obvious reasons,” he said.
“At this time, one of the most promising career fields for any young
person to consider is in cybersecurity, the politician added. “It’s
exciting to see the enthusiasm these students had… it’s almost a
little frightening to see how bright these kids are.”
You can see these PS3 specifications here:
http://www.1up.com/do/newsStory?cId=3140590
And the ones for Xbox360 here:
http://www.planetxbox360.com/xbox_360_specifications.php
|
PS3 CPU: Cell Processor -PowerPC-base Core @3.2GHz 1 VMX vector unit per core 512KB L2 cache 7 x SPE @3.2GHz 7 x 128b 128 SIMD GPRs 7 x 256KB SRAM for SPE * 1 of 8 SPEs reserved – redundancy Total FP performance: 218 GFLOPS GPU: Sound: Memory: System Bandwidth: System Floating Point Performance: Storage: I/O: Communication: Controller: AV Output: Disc media (read only): |
XBOX360: 360 HW: 1. Support for: DVD-video DVD-Rom DVD-R/RW CD-DA CD-Rom CD-R CD-RW WMA CD MP3 cd JPEG photo CD 2. All games supported at 16:9, 720p and 1080i, anti-aliasing 3. Customizable face plates to change appearance 4. 3 USB 2.0 ports 5. Support for 4 wireless controllers 6. Detachable 20GB drive 7. Wi-Fi ready Custom IBM PowerPC-based CPU CPU Game Math Performance Custom ATI Graphics Processor Memory Memory Bandwidth Audio |
May 122005
If your IIS applications aren’t working, it could be permissions relating to iusr and iwam accounts.
You might check to see if logon local, logon as batch, and access computer from network are assigned properly, and if not (or they’re being overridden by a domain GPO) either reset the permissions or assign domain-based iwam and iusr accounts. See MS Article 275167.
In order to add domain-based iusr and iwam, you’ll need to sync the passwords on the domain with the local accounts. How do you sync the password? First you need to know what password they’re using.
Apparently you can easily find the password that your iwam and iusr accounts are using the following methods:
Method 1) From Windows Security
Save this script as a .vbs and run it with cscript:
Dim IIsObject
Set IIsObject = GetObject ("IIS://localhost/w3svc")
WScript.Echo "According to metabase, anonymous credentials are:"
WScript.Echo "AnonymousUserName="&IIsObject.Get("AnonymousUserName")
WScript.Echo "AnonymousUserPass="& IIsObject.Get("AnonymousUserPass")
WScript.Echo "WAMUserName="& IIsObject.Get("WAMUserName")
WScript.Echo "WAMUserPass="& IIsObject.Get("WAMUserPass")
Set IIsObject = Nothing
Method 2) (This is from article 297989)
IIS provides a script file named Adsutil.vbs that you can use to obtain or set the passwords of the IUSR and IWAM accounts to or from the IIS metabase. In Windows NT 4.0, Adsutil.vbs is usually located in the
The following table lists the syntax for different functions of the Adsutil.vbs utility:
Function / Syntax Obtain the IUSR account password / cscript.exe adsutil.vbs get w3svc/anonymoususerpass Obtain the IWAM account password / cscript.exe adsutil.vbs get w3svc/wamuserpass Set the IUSR account password / cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password" Set the IWAM account password / cscript.exe adsutil.vbs set w3svc/wamuserpass "password"
Note When you try to obtain the password in Windows NT 4.0, the password appears as clear text; however, the password appears as asterisks in Windows 2000. To obtain the password in clear text in Windows 2000, you must modify Adsutil.vbs so that it displays the unmasked password. To do this, follow these steps:
1. In Notepad, open Adsutil.vbs. 2. On the Edit menu, click Find, type IsSecureProperty=True, and then click Find Next. 3. Change "IsSecureProperty = True" to "IsSecureProperty = False". 4. Save the changes to Adsutil.vbs, and then close Notepad.
Method 3) (This is from Theoblogical)
Add your iwam and isur to the local admins group Run synciwam.vbs Reboot Remove iusr and iwam from admins group
For good measure, here’s a link to a list of the different logon types listed in the security event log: From Windows Security
Has anyone bought a Linksys NSLU2 Network Storage Link for USB 2.0 Disk
Drives =
(http://www.linksys.com/products/product.asp?prid=3D640&scid=3D43)?
I had one in my hand at Staples the other day, and since I have a file
server at home I didn’t see the need for it, but a lot of people have
been asking me for a device like this.
I like that this one allows you to essentially upgrade the drives just
by plugging in a new USB drive, and the fact that you can attach 2
drives to it.
I haven’t dug in to it to see if there’s any mirroring capability, but
for $99 I might just buy one to screw around with.
PC Mag just wrote up a review of the technology at the new Wynn hotel
you’ve been hearing so much about. Long but slightly interesting. http://www.pcmag.com/article2/0,1759,1813217,00.asp
May 102005
The next Sea-Tug meeting will be held Wednesday, May 11th.
–> PLEASE NOTE MEETING LOCATION < --
Time: 6:15 – 8:30+/- pm
Where: Redhook Brewery Tasting Gallery (1st Floor) – Pease Tradeport,
Portsmouth, NH
Who: Thirsty System Engineers, Hungry Network Engineers, Network
Administrators, Help Desk Professionals, etc
Meeting Agenda:
6:15 – Introduction & User Group Business & Ordering Food
6:30 – Presentation
8:00 – Questions and Answers
8:15 – Post meeting socializing
This month’s topic:
————————————
Remote Desktop Control
————————————
How do you support your end users? If you’re like most people you find that
being on someone’s desktop is easier than walking a user through the myriad of
screens and control panels that they need to navigate to resolve an issue.
If you’re inside a corporate network the solution is simple: add remote
desktop protocol or something like VNC, pcAnywhere, etc. to the desktops and
manage any machine when you want to.
But what do you do for users across the Internet? Webex? I recently looked
in to using Webex for remote support and the cheapest option was $300/month
per named technician.
Then I found Venti Solutions. These guys have a product very similar to
Webex, but at a fraction of the cost. I’ll do a demo of the product and hold
a discussion on remote access issues.
If you have a new tool or software package that you’ve been using over the
last month, join in the discussion and share with the group.
About SEA-TUG:
SEA-TUG is a technical user group (ie: for System Admins, not home users)
meeting once a month on topics relating to IT Infrastructure, Hardware,
Networks, Software, Security, Infrastructure, Deployment, etc. Visit http://www.sea-tug.com for more information.
A great article from Scott Forsyth’s WebLog – see parts 1, 2, and 3:
http://weblogs.asp.net/owscott/archive/2004/02/05/68423.aspx
http://weblogs.asp.net/owscott/archive/2004/03/10/87262.aspx
http://weblogs.asp.net/owscott/archive/2004/06/19/160219.aspx
Can’t delete folders from the ftp server?=20
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;811176
Want a security-enhanced FTP directory that uses Password Authentication
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;239120
How To Set Up Isolated Ftp Site (IIS 6 only)
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;555018
How to Create a Per User FTP Directory Structure (NT 4)
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;170868
How to set up an FTP site so that users log on to their folders
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;201771
How to Use the FTP Utility in a Typical Session
http://support.microsoft.com/kb/240727/
How to: Hide FTP Directories (NT 4)
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;245048
How To Limit Access to a FTP Site in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;816525
HOW TO: Limit FTP Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;318712
HOW TO: Create an FTP Site in the Internet Information Manager Snap-in
in Windows 2000
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;309007
How to Install and Use FTP Folders
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;217888
FTP Virtual Directory Is Not Displayed in Directory Listing
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;228909
These are not for ftp, but interesting:=20
HOW TO: Set Up Multi-Host Sites
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;324092
FTP Type Directory Is Displayed When You Log On to OWA
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;289869
HOW TO: Secure the IUSER_
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;323640
How To Troubleshoot the Web Server in Windows 2000
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;297954
HOW TO: Create a New Virtual Server or Web Site in Internet Information
Services (IIS) 6.0
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;816576
Service overview and network port requirements for the Windows Server
system
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;832017