Catch up on Microsoft patching fast

Last week, Microsoft quietly released its convenience update pack for Windows 7, 8.1., and Server 2008R2. This is a great opportunity to catch up on Microsoft patching, as it incorporates all of Microsoft’s OS-level updates from the release of Service Pack 1 to April 2016.

Here’s how to use this to clear your corporation’s backlog of Microsoft patches. No, I haven’t seen your corporate network, but I’ll bet you have one.

Read more

Interface eth0 not configured: the solution

Interface eth0 not configured: the solution

After I imaged the disks from a failing Debian server to newer hardware, I got the error message interface eth0 not configured after issuing the command ifdown eth0. There’s not a lot of documentation out there about this so hopefully this writeup will help you if you’re getting this puzzling message.

This should be the same in Ubuntu, for what it’s worth.

Read more

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL http://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Read more

Reversing some WordPress malware

Reversing some WordPress malware

Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.

On to the original post…

A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.

Here’s what I found, and how I fixed it.

Read more

All-in-One WP Security and Firewall plugin can be spectacular, but be careful

Over the weekend I installed the All-in-One WP Security and Firewall plugin to fix another issue–more on that tomorrow–and I ended up breaking my site. Hopefully I fixed it to a better state than it started in.

The lesson, as with many security tools, is to proceed with caution.

Read more

In defense of Anthem declining the OIG audit

Anthem recently refused to allow the Office of Personnel Management’s Office of Inspector General (OIG) to perform an audit of its networks. Coming on the heels of a large breach, there’s been a bit of an uproar about it.

There are a few things to keep in mind, the first being that this isn’t driven by law enforcement–it’s a customer requesting an audit.

Read more

How to use the lock in your web browser’s location bar

How to use the lock in your web browser’s location bar

A commenter asked me last week if I really believe the lock in a web browser means something.

I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.

So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.

Read more

1984 called. It wants its surveillance back.

So, the reaction to my story about my coworker’s 10-year-old going all Scooby Doo on the guy who had the nerve to steal his dad’s car was definitely mixed. Most people, of course, lauded the 10-year-old’s detective work. Others pointed out the dark side.

And there is a dark side.

Read more

Fixing the .NET Framework when it b0rks on you

The bane of my existence as a sysadmin was .NET. It would corrupt itself randomly, sometimes taking with it this awful CA product written in .NET that nobody else wanted anything to do with.

In my day I’d reinstall service packs and the latest patches and one of the six things we tried would fix it. I rarely knew which one. But that was five years ago. Today, as long as you’re running .NET 4.5.1 or earlier, Microsoft has an automated tool that repairs it. You can run it as a GUI app or from a command line or script. Curiously, it doesn’t support 4.5.2 yet–maybe that means 4.5.2 doesn’t break. We can dream, right?

Normally I’d say upgrade to 4.5.2 since its end of life is in 2023, as opposed to 2016, but until the fix gets revised to support 4.5.2, I won’t blame you for staying back on 4.5.1. Availability is 1/3 of security, after all.

Here we go again. Net neutrality is not Obamacare either.

To nobody’s particular surpise, yesterday president Barack Obama endorsed a form of net neutrality. And immediately, Sen. Ted Cruz (R-Texas) came out swinging against it, calling it, “Obamacare for the Internet.”

Sen. Cruz appears to have either failed to read, or refused to read, the four-point proposal, which is short and simple enough to fit on an index card, if not a business card. He also failed to discuss the alternative–and there is a perfectly fair alternative to net neutrality.

Read more