Archive for the 'Security' Category

07
Jun
10

Wow.. end of LZH

Author of the LZH got sick of getting no attention from major anti-virus vendor and has  announce the stop to its development.

I understand it is critical these days to have a filter at a border level, and they have been neglecting the support for LZH/ARJ. (Surprising ly 7z are now widely supported)

well I also moved away from these and have been using 7zip, its sad to see some format to go.

Advertisements
22
Apr
09

Juniper Firewall.

We have High Availability configured firewall cluster in our environment.
For some reason, it was configured to use 10Mbit for the DMZ interface. Most may argue that 10Mb on DMZ where we do not host much service (other than Citrix) is more than adequate to match the need of the environment.

well firstly, I didnt know NSRP requires to change its “monitoring” interface.
and second, NSRP monitored interface had to be changed MANUALLY on both FW.

If you get error as system not in sync, check below and make sure monitor interface is identical on both.

http://kb.juniper.net/KB9817


14
Oct
08

give me your key.

104bit WEP key can be obtained within 1min with 20MB of sniffed data.

Wow… now WEP isnt safe at all ?
I knew with enough data (like 2Gig) you can calculate and pull out WEP key but only 20MB now?

University of Kobe and Hiroshima will be releasing the details soon including WINDOWS based program as well. I guess we just have to keep our eyes open for now.

19
Sep
08

becareful what it may do to you.

I’ve released M$ Office 2003 SP3 to the environment today. Reason was that I had to roll KB947674 which requires Office SP3.

Warning to others and myself. Office SP3 replaces some file extension (what I notices was TIF/TIFF has been replaced by Windows Fax Viewer not Office Document Imaging.)

Oh not least and not last. M$ word SP3 has new so-called protection that prevents users from opening “OLD” style document (eg WORD 1.0)

No one probably uses WORD 1.0 but when backend subsystem is using Office automation to create/manage document with WORD 1.0 format, it wasnt funny. (fix was to deploy reg key using new ADM file released by M$. )

<sarcasm>Thanks M$, you made my day.. again…</sarcasm>

14
Sep
08

passwd reset plz

Sorry, I need my password reset..

Since the dawn of time, users are getting either dummer or just plain stupid for many occasions. Well I dont need to say why users are becoming more stupids as there are 100s of jokes flying around (or urband legend such as CD-Drive as coffee mug holder,etc)

One of the MOST if not worst stupid request user can make is, yes you guess it, password reset.
However, I dont blame them for some system (such as do not use old password, do not keep password for more than 90 days, do not change password within 3 days, password must contain special characters and numbers and not dictionary words)

All good but strict rule usually end up like people writing down password or put it on their monitor using post-it or other forms.

Well, most, if not, all attack is from remote locations in remote countries. So I wont bother covering physical security requirement nor why user must not write down password on piece of paper.

Topic isnt really password reset and how users are dumb, but how to recover and how to crack/reveal(another recover? form)

I’ve heard of john the ripper even before but never actually cracked one as jtr does not offer crack to AD directly. Means someone has to extract AD password hash. And since my background is more wintel guy than *nix person, I never bother with jtr on *nix.

Probably by now, you know where Im going. Yes, there are several tools that can dump “HASH” password from AD. with right conbination with jtr, it can display the password.

Let me just tell you, I am impressed.

my user password in AD is 12 chars long, 8 chars, and 6 numeric chars. and it was cracked in less than 1 min. <with serious face>oops</with serious face>

well to defend my password level, my admin password (which is lot longer and contains special char) was not cracked even after 30min(and still going as I am typing this)

ok enough CRACKing but how about other method?
(excluding your favourite, call your helpdesk)

program wise, it is rather simple, ask user to jump the hoops(as ask some questions such as “what is your mum’s name) and once validated, reset their password. Lucky me(again) Citrix has tool called password manager self recovery tool (now I do sounds like sales man)

Took me a bloddy few hrs to figure out the implementation (as WI4.0 does not support recovery out of the box) and due to permission changes on AD hierachy (inherit was turned off) initial implementation didnt work. Party me to blame too but document was just not very friendly at all.. Who Am I kidding its my fault that I didnt read the papers but seriously that doc wasnt not designed for troubleshooting…

Now what I get from users?

How do i use password self recovery tool?

This is why i say users are getting dummber and dummer…

12
Sep
08

identity theft?

who the hell are you?

one might ask, who I am, if they have never met me before. For every new site we register, it is not uncommon that we are force to enter the damn username/password/emailadd/mailing add and list continues. I THINK openID movement is to start shared provider of one’s identity.

Not that anyone would be interested to impose as myself on the web, it is rather interesting common platform for user identification is emerging and its OPEN this time. Some may have heard it, its openID.

There are famous M$ passport system (hotmail, MSN, MS sites) which has failed to be more widely accepted but OPENID seems to be more widely used than ever now.

All the good stuff (on the book), but still I need to authenticate and enter my details and it seems only informaton openID provider allowed to share was email add, that was it. I had to enter all other details to the commercial site even thought I’ve decided to use OpenID as Auth mechanism.

so far, this doesnt impress me. YET.

What does AAA means to them??

11
Sep
08

Chicken or the Egg?

System down?! where is the saved password ?

Recently we have lost multiple servers (file server, email etc) stored on the virtual system.

Since there are HECK of a lot of servers and systems, password is kept on the encrypted file that stored on the FILE server.

ok….. here is the joke, if file server is down, how can you open the password file to logon to the virtual server that hosts the file server?

it was like old “chicken and egg” joke. (those who never heard the term read this wiki entry)

Lucky I had password file open otherwise we would be running around in circle.

What would you suggest ?

1 write down on a paper(or post it and stick it on the server)
2 write down on some file and store in multiple location.
3 write down somewhere not on file server.

Security 101, Dont write down password is meaning less when ppl just cant remember 100 of passwords hence requires to save somewhere.




November 2017
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
27282930  

Greyeye Tweets