Revisiting Microsoft/Sysinternals Du as a batch file

Dave Farquhar security, Windows , , ,

My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool.

But there’s one thing that Du.exe does that makes the CLI worthwhile. It will output to CSV files for further analysis. Here’s the trick.

DU -L 1 -Q -C \\SERVERNAME\C$\ >> servers.csv

Sub in the name of your server for servername. You have to have admin rights on the server to run this, of course.

For even more power, run this in a batch file containing multiple commands to query multiple servers, say, in your runup to Patch Tuesday. Open the file in your favorite spreadsheet, sort on Directory Size, and you can find candidates for cleanup.

Read more

Phil Kerpen, net neutrality, and socialism: A post-mortem

Dave Farquhar net.culture , , , , , , , , , , , , , , , ,

I learned the hard way a few weeks ago how net neutrality can be equated with socialism, an argument that puzzles people who work on computer networks for a living and see networking as a big flow of electrons. I think it’s very important that we understand how this happens.

Here’s the tactic: Find a socialist who supports net neutrality. Anoint him the leader of the movement. Bingo, anyone who supports net neutrality follows him, and therefore is a communist.

Political lobbyist and Fox News contributor Phil Kerpen told me Robert W. McChesney was the leader of the net neutrality movement, and he sent me a quote in the form of a meme longer than the Third Epistle of St. John. Yet in a Google search for the key words from that quote, “net neutrality bring down media power structure,” I can’t find him. So then I tried Bing, where I found him quoted on a web site called sodahead.com, but I couldn’t find the primary source.

For the leader of a movement the size of net neutrality, he sure keeps a low profile. Google and Netflix are two multi-billion-dollar companies that support net neutrality. I’m sure it’s news to them that they’re taking orders from Robert W. McChesney. Read more

A security professional fights back against tech support scammers

Dave Farquhar scams , , , , , ,

I guess Matt Weeks is as sick as I am of tech support scammers, because he developed a way to fight back, in the form of a Metasploit module that exploits a software defect in the AMMYY remote access tool that these scammers sometimes use. Metasploit is a tool that penetration testers use to demonstrate–with permission–how hackable a computer network is. In this case, the would-be victim is penetration testing someone without permission. Run the module when the scammer connects to the would-be victim, and he or she gets a command prompt on the criminal’s PC. At that point, the would-be victim can break their computer, perhaps by deleting critical files, corrupting the Windows registry, or something else. Anything you can do from a command prompt would be possible at that point.

I’m anything but heartbroken that this threat exists, although I’m not going to do this myself. Let me explain. Read more

Scratchbuilding, Marx-style: Finishing the roof

Dave Farquhar Toy trains , , , ,

This is a continuation of something I wrote well over a year ago detailing how I build Marx-style boxcars out of simple materials. Train season is starting up again soon, so it’s about time I finished this story.

Once the box that will become your Marx-style boxcar is dry, it’s time to tend to the roof.

This method won’t produce a contest-quality roof by any stretch, but it will produce something that will blend in well with Marx cars. The idea here is to produce something that most hobbyists can accomplish in an evening and that won’t overwhelm the other cars in the train. Read more

How to clean up a Windows server

Dave Farquhar security, Windows , , , , , ,

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Read more

Solving the Windows 0x13d error, aka the 317 error, and watch for the scams

Dave Farquhar scams, Windows , ,

Yesterday when performing a routine server inventory, I received a Windows 317 error, aka a Windows 0x13d error, when I tried to view some directories remotely from a batch file.

The exact text of the error message: The system cannot find message text for message number 0x13d in the message file for System.

If you’ve received a 0x13d error and you’re wondering what it means, it seems to be an unhealthy system’s way of saying “file not found.” In my case that’s what it appeared to be. If the lack of a human-readable error message bothers you, I found two possible culprits: One is system hardening–perhaps you’ve applied the recommendations from CIS, USGCB/NIST, or the DISA STIGs to the system–or the more likely culprit, services not running that need to be. Start with some very routine maintenance. Check the remote machine to make sure all the services that are set to start automatically are indeed running, and you might want to think about rebooting.

In case you need legitimate details, pay http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382%28v=vs.85%29.aspx a visit.

When researching the error code, I found an interesting scam—tons of sketchy web sites, some that did a decent job of impersonating Microsoft, offer programs to fix the issue. Microsoft doesn’t offer downloadable fix-its for error messages like this because these are the kinds of problems that require some human intelligence to resolve.

Read more

And… Home Depot confirms it’s been breached

Dave Farquhar security ,

In news that will surprise no one, Home Depot confirmed it’s had credit card data stolen.

I also learned that in an effort to defeat my usual security measures, people increasingly will buy cards local to them, so they can shop in the same zip code, or a very nearby zip code to the victim. They then buy expensive merchandise and/or gift cards. This tactic limits the market but increases the effectiveness if you happen to own the unlucky card that your malicious neighbor buys.

About the only way to defeat this behavior is to keep a close eye on your account statements, which means cutting down on credit card use probably would make it easier for you to notice fraud. And, of course, when your credit card company sends a new card, activate it as quickly as possible.

As for what happened, there’s lots of speculation but no confirmation as of yet. Now the start date has been revised back to perhaps sometime in April, and while the number of stores hasn’t been confirmed, the numbers I’m seeing range from 1,700 to all 2,200 of them.

As far as what’s going on, I think we’re in a situation much like the era of The Cuckoo’s Egg, where the world is changing faster than the security world and the corporations who employ it can keep up. In a few years I’ll look back on it in awe of what I learned, but for now, I have to admit feeling scared more than anything. I think we’ll get through it, but at this point in the battle, I still don’t know how.