Find your vulnerable desktop applications

02.03.2008

Many corporate and private computers have installed “standard” set of free programs and utilities which users use in everyday work. You use them for sure as well, Adobe Acrobat Reader, ICQ, Skype, Irfan view, Quick Time, iTunes, Firefox, plugins as flash, shockwave, Sun Java and many others. As it is usual, in every piece of non trivial software package is a hidden bug which just wait for discovery and if possible misuse with no exception for those above.

What is good that some of them have incorporated automatic patching function (like Adobe Acrobat, Quicktime, Firefox) but these mostly work only when logged as Admin and others don’t have anything. So after all its up to user to watch security lists like that in Secunia or just install every new version wherever available which is quite boring and nobody is doing it.

One nice option which is offered by danish security company Secunia for free. It is online (as Java applet) or offline (Secunia PSI) security scanner which “know” what vulnerabilities in what piece of sw is known and will tell you that. All the rest is up to user so he’ll install recommended new versions. Better once for a time than never. Self describing info can be found at http://secunia.com/blog/20/ which is telling that 81.01% of all Windows users that run Secunia’s security scanner had some piece of installed sw vulnerable to hacking.

So don’t wait, do a scan and patch, patch, patch as you do not want to become “privileged” member of botnet or do you? 😉


Blat – command line SMTP client

26.02.2008

From time to time there is a need to send mails from command line. In Unix its easy but in Windows one of fine alternatives is  Blat

Blat is a small, efficient SMTP command line mailer for Windows. It is the SMTP *sending* part of an eMail User Agent (MUA) or eMail client. As such, Blat sends eMail via SMTP (or internet eMail) from the command line, or CGI, …

lot of options, thorough output for debugging… but if you are hardcore IT, then read RFC 821 and telnet to TCP port 25 🙂

option reference here


LVM snapshots

21.02.2008

I’m using LVM2 on Linux for some time but only now I discovered wonders of its snapshot functions.

“A wonderful facility provided by LVM is ‘snapshots’. This allows the administrator to create a new block device which presents an exact copy of a logical volume, frozen at some point in time. Typically this would be used when some batch processing, a backup for instance, needs to be performed on the logical volume, but you don’t want to halt a live system that is changing the data.” LVM snapshot intro

more on internals

“LVM allows you to take a snapshot of your system in a much more efficient way than a traditional backup. It does this efficiently by using a COW (copy-on-write) policy. The initial snapshot you take simply contains hard-links to the inodes of your actual data. So long as your data remains unchanged, the snapshot merely contains there inode pointers and not the data itself. Whenever you modify a file or directory that the snapshot points to, LVM automatically clones the data, the old copy referenced by the snapshot, and the new copy referenced by your active system. Thus, you can snapshot a system with 35GB of data using just 2GB of free space so long as you modify less than 2GB of data.” Archlinux WiKi

Examples of use

1) you have ext3 filesystem with data directories that reside on logical volume with ext3 filesystem. Files are modified all across a filesystem, some are locked etc. Now you need to do a backup of all files which is consistent. Then you can do two things.
– One is shutdown and/ or system services and do backup of files
– the other make a snapshot of a volume which in fact is frozen state of a volume at a moment you made it. Snapshot creation is a matter of a few moments so even on production system it won’t overload your system. Of course doing backup then will load disk subsystem with data read. Beware that “special” files like databases needs special care as written here or here so they stay in consistent state and as it seems even then it might be a problem when data and db logs are not on the same volume

During all that original volume can be in use without any interruption and special care.
After you finish backup just dismount snapshot volume and dispose it with lvremove command

2) imagine you use xen for server virtualization as I do. Put system on logical volume, apply all updates available and perform its setup. And now you need to create second vm which in fact can be based on first vm. You can

– create volume, format it to ext3 for example, shutdown first system, mount both volumes and rsync first installation to second. Fine but quite a lot of work
– second and much easier method is to create a snapshot. LVM version 1 allowed to make only read only snapshot but LVM2 can do read/write snapshots. So assuming you have LVM2 on system then just make a snapshot with enough of space for modification (e.g. lvcreate -L1G -s -n dbbackup /dev/ops/databases) and you have machine ready. Now just adjust its config as IP, hostname etc. and that’s it

Nice though according to labtests I found made at M.Sc. Thesis by Bhavana Shah there is logical overhead when using persistent snapshots compared to raw disk volumes


links

http://www.softpanorama.org/Commercial_linuxes/logical_volume_manager.shtml


Lightweight http servers

21.02.2008

There are situations when you need to serve just a set of static html pages. Apache is of course able to handle it with ease. But in this context it might be like using cannon to hit a fly. Simpler http server would be a better option for reasons like
– speed
– memory needs
– less complex piece of software ~ lower chance to contain a bug

If you agree, then look around some lightweight http server like thttpd , lighttpd (even sites like Youtube use it) and others. Nice post about Lightweight Web servers can be found at IBM DeveloperWorks website


Thinstall – another aquisition

17.02.2008

Just another very interesting acquisition. Vmware company – a big virtualization player – just acquired the Thinstall company, an application virtualization provider.

In their words the Thinstall technology – application virtualization – is:

“The Thinstall Virtualization Suite is a technology for virtualizing Windows software. Administrators do not have to install all applications on the workstation anymore – applications will be packed into a virtual environment, a sandbox, which contains all necessary information such as registry entries and applications’ DLL files. Now, the virtualized software can be started from every workstation. After the virtualization, there is no need for a local installation, because all program routines are emulated in the virtual environment.”


Simply said: you have whole software package packed into a single exe file and that’s it. It can run with standard user priviledges, you can run two versions together etc. All in all it mean no pollution of OS via sw package installation and no difficult upgrades and patches.

You want to deploy a new Firefox to workstations? Easy. Just copy one file using startup script into a local disk or – and that’s easier – just update server side repository of “thinstalled” programs (they call it application streaming) and push a link onto user’s START menu.

If you want to try it straight away go to http://www.thindownload.com/ where they offer “thinstalled” free licenced software for direct download. My favorite Opera browser is there together with Firefox, Adobe Acrobat, ICQ and even huge iTunes.

Not to forget to mention, they were able to “thinstallize” even Internet explorer, Office etc. Wow!

I’m gonna to discover its internals soon. It would be nice – no difficult GPO installs and updates … 🙂

Some nice flash demos are available here

update: I found they offer Thinstall suite for USD 5000. Ehm ehm …


Windows XP – end of sale

16.02.2008

Are you in same mood as me and do not want to push Vista into your corporate environment? Do not matter for what reason which might be higher hw needs of Vista, reliability and proveness of Windows XP, better hw compatibility, lazy to trash deployment images of XP and make new for Vista, expectable higher demand for enduser OS support of kind “where is that button” 🙂 or whatever.

Then you should know that MS is going to cut XP sales to OEM very soon. As written here “Direct OEM and Retail License Availability (end date)” will end on June 30, 2008. So it mean if you’ll want to stay with xp after that date you’ll have to have volume licence (e.g. OLP start at 5 licences), buy Vista Business or Ultimate to be able to downgrade to XP (not sure if MS will allow this after the DATE.)

“Still, vendors such as Dell, Hewlett-Packard, Lenovo, Fujitsu, and more recently, NEC, all offer the opportunity to downgrade to XP pro.” PCWorld

These links have good info

What is also important is how long will MS provide us with security hotfixes. More info here http://support.microsoft.com/lifecycle/?p1=3223


Postini antispam service provider acquisition

16.02.2008

Google has bought Postini service provider and is becoming more and more gigantic service provider.

“With Google security and compliance services, powered by Postini, you can secure all of your electronic communications – email, instant messaging, and the web – and manage your company’s communication policies from one central location. These services can also make it easy to meet your archiving and encryption needs. Best of all, it’s all 100% hosted, so there’s no hardware or software to install or maintain. Whether you’re looking to transition from or enhance your existing messaging infrastructure for better control, Google enables you to provide employees the tools they need to be productive while reducing the cost and complexity of managing those tools.” www.postini.com

I’m definitely going to try this antispam service as soon as I will have chance as it looks good event though so far I have experience just as a user and not admin. But what also have weight in my eyes is positive reference from IT fellows of one big international PR company based in London. I will update post when I’ll have personal experience on this. But still, Google and Postini together mean to me solid base for any business.