Flat Stanley
Ever hear of Flat Stanley? Well if you have a school age kid you will or already have. Help out my son by printing out and posing with his Flat Stanely Take a picture and send it back to me at holden.tech at gmail.com or twit pic it to me on twitter @jeffh Just let us know where the picture was taken.
cygwin fail
for some reason to get sshd to work with cygwin I had to do this
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeDenyInteractiveLogonRight -u cyg_server
editrights -a SeDenyNetworkLogonRight -u cyg_server
editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server
editrights -a SeIncreaseQuotaPrivilege -u cyg_server
editrights -a SeServiceLogonRight -u cyg_server
Konboot
I am playing around with konboot after first hearing about it on the Hak5 podcast. If you haven’t heard about it, it is a boot disk you can create on a floppy, CD or USB drive (see Irongeek’s site for USB instructions). The disk changes the windows or Linux kernel on the fly while booting to allow you to bypass the login password. In windows you just use any valid user name and a blank or garbage password, you will then be logged in as that user and can access all their files. So naturally you will probably want to try the local administrator user which will allow you to access all files on the computer. In Linux you will use the user name kon-usr and no password. This will give you full root access on the Linux machine.
I have found it works well if the system is not muti-boot. On my systems which are all multi-boot it would only work on one system and only on one OS which happen to be EEEbuntu. My other laptop gave me error about the cylinder number being too high like the old school days of LILO where the boot image had to be below cylinder 1024. I am assuming this is the same issue as the days of old. Also a caveat don’t use Konboot to login to a domain account on a computer that is connected to the network. This will disable the account on the domain and won’t allow you to login. In most environments user credentials are cached in case the network goes down. So air gap the computer before using a domain account.
Remediation steps are fairly simple. Lock the bios with a password and only allow the system to boot from the hard drive. This should already be in the check list of task to perform when deploying a new PC. Since this type of threat isn’t new kon-boot just make it a little simpler to access the PC than loading up a live linux distro like knopix. If there is any sensitive information on the hard drive encryption should be used of course since if someone steals the computer or hard drive its game over. With the breach notification laws in most states that is not a fun proposition.
Getting ride of volumen group that doesn't exsist in linux
I was setting up a test VM with 4 one TB SAN LUNS. After successfully creating and testing the VMware image I blew it away without touching the LVM. After greating the production image I tried to add the LUNS back to the LVM and I of course got errors when adding the LUNS to the LVM. The meta data for the old volume group was still there and the OS refused to add the LUNS to the existing volume group. I then tried to remove the volume group with the vgremove but since the devices with the UUIDs themselfs were long gone I could not do it.
I finally found a very simple solution just DD the damn things with zeros. That will blow out all the metadata. So for each lun I ran
if=/dev/zero of=/dev/XXX bs=512 count=5
Probably only needed a count=1 but what the hell I don’t care I didn’t have anydata on the LUNS anyways. After that running lvscan came back clean with no orphaned UUID’s and I was able to initialize the LUNS again and add them to the new volume group.
Tilt Shift time lapse
This series by Keith Loutit really make me want a shift tilt lens. I have seen plans online to make one since I will never be able to afford one.
Bathtub II from Keith Loutit on Vimeo.
Who writes this crap
There is an article on Reuters about flaws in Adobes flash video on demand services such as Amazon and Hulu. The author writes
“The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience.”
What? This is an opinion did you ever take a journalism class Mr. Wakabayashi you are supposed to be objective. You report the facts you don’t regurgitate the lines from the MPAA. This is no big deal the people who would have pirated movies already were anyone can download Handbreak for free and rip 99% of the DVDs on the market today. So who is going to pay for software to pirate DVD’s that I can get with a Netflix subscription for $19 a month? I would guess not very many. Just so you know Mr. Wakabayashi music piracy today is probably more rampant than it ever was in Napster’s day despite all the RIAA lawsuits.
DRM is fundamentally flawed as it is. If a movie is encrypted it has to be decrypted to be displayed on the screen at some point. You are giving the consumer the crypto key to decrypt the file. The key is just cleverly hidden and or obfuscated. Given time all DRM is broken. Adobe will come out with a work around and then it will be game on again for the small companies who are selling the software to record flash movies. The dance will go on and on as it has for every other DRM technology. Oh and Mr. Wakabayashi this is my opinion you see this is a blog not a news article.
Not to self
Note to self use IE History View to view index.dat files for IE7. Index.dat spy no longer works.
On second thought just use encase.
Flickr Photos
|
