Month: May 2014

Internal Logon Credentials

Today I went into town to a large retailer to order a gift for the wife.
Due to a couple of date issues and unknown factors I thought that it would have been the easiest option, rather than going online to do it myself – which is the way I tend to do things.

So, I’m at the counter wanting to place my order, where the female assistant was trying to log on to the computer. The normal explanations as to why she can’t log on are given, `it’s a bit slow this morning` and `my log on doesn’t seem to work`. She then went off to get someone to log on for her.

She came back and put a piece of paper on the counter and said `I’ll try these`. She then proceeded to log in while looking at what was written on it. I looked down at it and could see that someone had written a username and password on it!

Unbelievable to think that someone would not only give someone else their log in details, but they would also write then down (without encrypting them) and then show then to someone outside of the organisation they worked for.

I chose not to make a mental note of the details and then try them on an internet portal (no idea if there was one) while using the TOR network!

It amazes me what some people will do, given all the things that they must of been told by their employer and given common sense with security?!

Only those browsers? Really?

Well today I see another example of ridiculous browser wars at its best, or is that worst!

While looking at some issues on a CMS system, I picked the page apart find a very old version of a JavaScript component.

As I was using the latest version of Internet Explorer we had to play around with compatibility to get this website to work. After changing the User Agent String we were presented with a page saying that said that our browser was out of date. Fine, yes we may of made it report that it was out of date, which is something that seems to happen on an almost daily basis to some website here and there, but the options that we were presented with on the screen was ridiculous – upgrade your browser to Firefox, Chrome or Safari? Seriously? WTF? BOFW?

Not sure why they had chosen to completely remove Internet Explorer from the preferred list, but given what the website provider does and the sector that they are selling / providing to and given how systems are configured in that sector removing Internet Explorer has got to be one of the most stupid things to do.

I don’t give a shit what the Internet Explorer hatters have to say about that, sometimes there are reasons as to why you can only use certain software to do a job, and no matter what you do you need to cater for those scenarios.

Hopefully when the issue is fixed Internet Explorer will on the list of preferred browsers!

CryptoWall – OH, your fucked

My first dealings with a Crypto Variant today, CryptoWall

Someone that I haven`t done any work for for a few years contacted me to ask for some help as they couldn`t open their emails. So I remoted on and took a quick look for them.

First thing that I noticed when the screen loads is 3 files in the middle of the desktop called DECRYPT_INSTRUCTION. Straight off I knew that this was not going to be a good result.

I had a quick read of what it says and then a quick look at the My Documents folder and then proceeded to tell him, in a non technical way, that he was Fucked. I then explained what had happened and told him that there was nothing that I could do, something that I don`t often tell people. I wasn`t going to suggest paying $500 to get it all unencrypted only to find that it didn`t work.
Ironically the only thing that wasn`t encrypted was all of his Sage Accounts!

He asked how it could of happened and after a quick visual check I told him
Well, you are running Windows XP that has out of date virus protection, that would not of helped, you have probably opened up a few dodgy emails with attachments and looked at them. He did say that he has been getting a lot of emails with invoices in them! Oh Dear

Its not often that I cant fix something, but in this case I couldn`t, so I told him to turn off and unplug the computer and buy 2 new ones to replace what he had as they are well out of date and possibly open to more problems!

Black listed, Really? WTF

One of those days today!

I was asked to take a look at a SBS2011 server by someone today as emails were not being sent but were being received.

So I set about sorting through the list of errors in the event log, as per normal there was a to be expected reboot right in the middle of everything!
It kind of reminded me of when I got contacted by my old employer, after they had made me redundant, to look at a problem that stopped their Service Management System working. The idiots that they brought in to oust me had applied all their skill (all 3 of them) to fix the problem and come up with 4 reboots! Yes 4 reboots! Needless to say that after 4 it still wasn`t working. So a quick look through the logs I found the issue and reported back to them.

Anyway, I looked through all the logs on the server, but couldn`t see anything, so I checked out the send connector and see that there was a huge old queue reporting DNS lookup failures.
So I checked that the Smart Host was in DNS. I then checked that I could connect to it on port 25, which I could. I tried a DNS Reset and Flush just to be safe, but it didn`t work.

I disabled the Smart Host connector, created a new send connector and set it up to send via DNS, and the emails left the queue.

I then reported back as to what I had done and asked them to check out to see if they had paid the bill for the Smart Host. Later that day I got a call to say that it was a fault with the Smart Host, apparently the company that provided the Smart Host service had one of their internal desktop machines infected with a virus by an employee and it has spammed out a load of crap! Jesus! Seriously?

I was somewhat surprised that
A) They got infected with a virus!
B) They were sending emails out on a connection that was used as a smart host by a customer (and most probably more than one)!
C) They told a customer exactly what had happened!

A quick check showed that they were on some black lists for sending out spam.
I will leave that a few days before I check back to see if they have been removed…

The mutts first birthday

Today is Muddy’s first birthday and as she is part of the family we celebrated it.

We all took her out for a walk after dinner and I tried to recreate the photo of me and her the day we got her.

Unfortunately the lump was far too big and too heavy to lay her on my arm, but I did pick her up and get an almost as good as the original dopy look out of her.

Muddy a year old
Muddy a year old

Muddy a year old
Muddy a year old

I think she enjoyed it as she found a few lumps of shit to roll in and wipe her neck on!