Wednesday, 25 January 2017

Administrator : Friend Still in Failure

Can you  hear a banging noise?... No... Are you sure?... I can.. Oh no wait, that's my head slamming into the desk.

 A few weeks ago I posted about a friend for whom I uncovered a security loop hole for, the python script being run as root...

 Well, it seems the same person, on their main "enterprise windows server" has been similarly hacked by the same chap, but the trick was this one.... http://megalomaniacbore.blogspot.co.uk/2016/04/windoze-security-loop-hole.html

 Yes, a loophole I had mentioned and blogged about.

 The loophole was exposed by a C# program the chap had written for them, I'm not sure what it did, but it was run as a service, and could spawn other programs under the same user, he'd written it so that it ran any program in a sub-folder then before he'd left he made it run a VLC remote desktop and another small program which opened a "Save As" dialog.

 It opened this way way off screen, at something like location 20000 x 4500.  So the only indication it was there was a small twitch to the task bar, but he used the mouse to the browse the dialogue to the command executable and opened himself  a prompt as the administrator user.

 I didn't spot this, I didn't even look at this machine for my mate, instead over the weekend I had a machine at home I was using as a network routing test, and I asked for some space on a remote server with a fat pipe to do a slow-loris type attack on my software.

 I set up my end and set up their end, expecting to get something like 200mb/sec attacking me and swamping my little 64K buffer (I could then scale and tune my software to defeat this kind of attack, was the plan).

 What I noticed was that I only got around 8mb/sec coming to me, so with my remote session I did a little digging and saw the disk activity was around 34%, with no-one in the office?!??!

 The developer they'd let go was running a torrent service from the machine!  He was downloading and seeding several video streams of dubious merit and origin.

 I didn't change anything, I just called my friend and explained... And I left it there, I'm yet to hear what was going on.

 However, I think my friend will be having a word with the IT Admin he's had in place for nearing a month for not spotting that out of hours and weekends this persistent idiot is still infiltrating and using their systems as his own repository.

 I've told them three times now to unplug everything and to put a secure router between their switch and the outside world, something brand new and only set up by them, pfSense perhaps, but they've not listened.

Posted by at No comments:
Labels: , , , , , , , , ,

Tuesday, 24 January 2017

People : Email too Old?

Today I had the issue of someone calling me, repeatedly, and I asked them to simply drop the information in an e-mail (my well published e-mail - it's right there on the right of this page, and they had it right in front of them).

Their reply however stunned me.... "Don't you have twitter?"

My reply... "Yes, but not for this, email it me."

"Can't I send it you over whatsapp?" They persisted.

"No, just e-mail it me, it's a PDF or something yes?"....

They continued "So, how about through the cloud?"

"Just e-mail it me, as an attachment!" I was getting exacerbated with them at this point.

"But" they began "but e-mail is so old".

I felt like ripping my hair out, there were reasons for this request, firstly I could get their return information, second the attachment was over 35mb and finally I didn't want to have any complications about where to send the information.  They had my e-mail address right there, right in front of them.

The net result, so far, however is nothing has arrived, no sign of it... I'm tempted to phone them back and point this out, but I can't be bothered... Phones, like me, are so last century after all!
Posted by at No comments:
Labels: , , , ,

Monday, 23 January 2017

Health : Burnt Toast

Catching this one in the news this morning...

And I already know this... I already know Burnt Toast is a health risk, I remember being told by an Oncologist when I was about 15 that burnt toast was, in his professional opinion, responsible for the spontaneous occurrence of stomach cancer in some of his patients.

I remembered this, I remember when I worked for Boots mentioning this to some folks and their laughing.

I remember telling a house mate at uni and his sceptical look; but then I was rather odd, especially in the final year of uni... I used to cool my toast in the fridge for example (I like cold toast, okay.. nothing too strange about that!).

So, as far as I can remember this isn't news, it was news about twenty three years ago, but since then I've known this, about coffee too... I still drink it, as the oncologist I knew said, it either gets you or it doesn't, don't worry about a slice of toast; worry more about first and second hand smoke, diesel fumes and UV light.
Posted by at No comments:
Labels: , , , , , , , , , , ,

Sunday, 22 January 2017

People : Swearing Developers

I have to be honest, I swear... A lot... I sometimes do it knowingly, but there's also a little swearing leprechaun inside me.  My grand parents never really swore a lot at all, but my mother used to swear like a drunken sailor (i.e. a lot).  She thoroughly denies this now, but I assure you she swore a lot...

Consequently, I can swear a lot.

But this may not be a bad thing... For example, working with a development team as long as I have, you get to know people and you can express yourself, as I expect them to express their selves to me, if that needs a suitably short four letter inflection, so be it.

And it seems somewhere, someone, has decided this is not a bad thing...


This is lifted from BBC's Quiz of the week for 20th Januaryt 2017, and I have to agree, I am a straight honest person... But if you're being an arse, I'll tell you.
Posted by at No comments:
Labels: , , , , , ,

Friday, 20 January 2017

People : Donald Trump

This afternoon, in a few tens of minutes actually (by the time I schedule this post) there will be a new President of the United States of America.  A controversial figure, whom some might argue didn't win the election in a 100% clear cut fashion (his opponent - Hilary Clinton - won the popular vote, and then there's a little grey area with foreign involvement in the whole process).

But, I'm British, so I'm not too invested in who the man is, I am more interested in his politics, he's a half Scottish, through his Mother and has close ties to Britain.

We ourselves are not enamoured with the whole EU affair, and so trade avenues with the US may now open back up.  I certainly have a vested interest in the US economy as one of my pensions is tied up over there in a US fund, but for the tiny amount I put into that pension it's paying for itself, and depending on how things look in a years time, I may have to jolt things around.

However, we're left guessing about the next steps he will take, we can not tell whether he'll stick to all his pledges or promises.  He is however a business man, rather than a dyed in the wold politician, so he may have more rancur than previous presidents elect.

But politics aside the question today then is what will happen with the man?  Will, with protesters, detractors and so many unhappy voters in the US, both foreign and domestic, will the man survive?

This is a very serious question, one of the major points of out going president Obama's calls was for gun reform, however, everyone and their granny is seemingly still packing a piece in the US, even in liberal New York City & Washington DC.

So, will he survive the day?  The week?  The Year or his whole term?  I think that is an important question to ask.

As for the politics, we can but wait and see, though I believe the markets will heave this afternoon and though the seas may not boil and the sky may not fall, Donald Trump will be sworn in.
Posted by at 1 comment:
Labels: , , , , , , , , , , ,

Tuesday, 17 January 2017

Development : Microsoft Tools Troll the Office

Today, I've been working on a brand new project, which literally I thought was parked just yesterday... My mistake it seems this project was expected to be being worked on.. A coworker is currently slogging through the same API but for a different (embedded platform) and it's taken him quite a while.

So the product owner for this new piece of software from me (which is to call XML Web Services through SOAP up stream and a hardware device over USB or serial down stream) was quite upset when they arrived at my desk and asked how their product was coming, and my reply was "Doesn't exists, waiting for the hardware".

After a short, and shirty, moment with them I assured them I would do all I could with the interface, implement ALL the XML Web Service calls through the published ASMX tomorrow... Which is today... They looked sceptical, gave me that long stare saying "no, no you won't"....

And of course I have!... Microsoft Visual Studio Troll tool award of the day, it is so simple to work with a published ASMX, just add a service reference to the URL and it generated everything for you, then tell C# you're using that name space and voila there it all is laid out for you on a platter.

I just finished this project, less than 5 hours after starting it, so have dished it back to the product owner to find the hardware, I know they're not going to believe how quickly I've completed this cycle on the development, not least because the other chap has been on it weeks and has only done about 60% of the calls so far... Yeah, I say... But he's not using troll Tools.

Sometimes, times like this in fact, I quite like C#... Don't let on, it's my dirty secret.
Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday, 16 January 2017

Administrator : Shredded Drive Bays

Yes we've all had to dispose of redundant data, be that drives or disks, I've even had to shred paper cards in my time... However, I recently came across a bit of a problem, an old Dell Equilogic was being decommissioned.... I had dibs on the unit for redeployment to a small development team.


Out of the Enterprise and into the shop floor, trickle down economics right?!  Right?!  RIGHT?!??!?


Nope!

The staff decommissioning said to one of their minions, remove the drives from this unit and put them through the shredder....

So he did... Literally, he pulled the drives in their bays and sent them off for disposal...

Yes, the CADDY BAYS!...


He was meant to remove the drives and put the caddies back into the unit, then shred the drives.

Now we have to find new caddies, on a zero budget, for about £18 a caddy... And we need twelve of them... So in thirty seconds this has cost about £216 hardware replacement costs, lest my time and the time of the poor guy who I sent scouring the place for these already trashed units.

The moral of this story, teach your staff what a drive is, what a caddy is, how a screw driver works...
Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Comments (Atom)