Tuesday, September 7, 2010

Ubuntu is Best Linux for Beginners



Ubuntu is one of countless Linux flavours. Users have plenty of choice when it comes to Linux, yet Ubuntu has become a clear winner. Why? There are many reasons, I'm sure each of you will have a different reason but for me apt-get is the killer app.

I first looked at Linux when Red Hat was King; I purchased Red Hat 5.1 in fact I still have the boxed set on a bookshelf somewhere. Things have changed since then; when I think back my biggest complaint and I think many novice users would agree was the hassle of installing software. Downloading and compiling from source was a sad state of affairs. On the other hand once you got comfortable with ./configure ./make and all that jazz you have dependancy hell to deal with. No wonder many were turned off by Linux. Some of you may argue rpm's helped, yes I would agree. But if there was a dependancy problem rpm's were rather useless. I recall countless hours of shear agony and frustation attempting dependancy resolution.

Enter Debian based Ubuntu with apt-get and its repository heaven.

Friday, September 3, 2010

Windows Explorer Not Starting at Boot


Recently I had an interesting experience with an infected laptop. A rogue Anti Virus product called Antivirus GT made it unusable. First off Antivirus GT is fake, it does not clean any infected files in fact it downloads nasty spyware to your computer. Secondly every time you boot, it displays a fake virus scan window (see image above) showing various infected files. Then it promises to clean all infections if you buy a license.

One byproduct of Antivirus GT is it screws windows explorer. Let me explain, once you remove Antivirus GT you'll find windows explorer is no longer available at boot time; result ~no desktop. At this point do the three finger salute (CTRL-ALT-DEL) start Task Manager and manually start windows explorer by executing explorer.exe from File, New Task (Run..) However what you'll find is Windows complains it cannot find explorer.exe in "C:\Windows" even though file is clearly there.

After Googl'ing for solutions, finding and trying many different things I found the answer. From my limited programming experience Windows has a Debug option by enabling the following registry key HKLM/Software/Microsoft/Windows NT/Current Version/Image File Execution Options/explorer.exe By enabling Debugging explorer.exe is not available, is not started by the operating system nor can it be started manually. I had to delete Debug Key, reboot and viola desktop loaded.

Wednesday, May 19, 2010

BMW G650GS


This post is off topic ~not exactly IT related but technology none the less.

I've always wanted a motorcycle but never really took the time to get a license or even learn how to ride one. Last  summer a female friend of mine signed up for rider training and soon afterwards bought a bike. I jumped at the opportunity to take a training course and I'm happy to say passed driver training and license exam. Since last summer I've been looking at bikes trying to decide what to buy.

Let me be the first to say your choices are almost limitless and choosing a bike is not easy. So many nice bikes out there and most, quite affordable. But I guess I should start by saying; before buying a bike or even thinking of one ~if you're married step number one is getting permission from your better half or at least bribery of some sort.

Next comes the hard part; choosing your ride. I looked at used bikes, looked at small bikes, sport bikes, touring bikes ~wow so many choices. In the end this bike caught my eye. BMW's G650GS

I liked its look and the fact its a street bike with an off road option. BMW places this bike in the Enduro category. Meaning its a street bike but can be used off road. It's engine size appealed to me I wasn't looking for something large not so much from a gas consumption but more from Insurance reasons. A smaller engine equals cheaper insurance.

I've only been riding it a few weeks but so far I'm loving it. This is my first bike therefore some of you may say you don't know what you're talking about. BUT for a first time bike owner I'll say this is an excellent choice. It's a nice smooth ride, extremely easy to handle and quite comfortable. I have not been on any long trips (not yet) but rides I've had were very good.

I love the fact it has ABS brakes I think this is an excellent feature especially for first time bike owners. And in my climate heated grips are sweet! The only other factory add-on I bought was a centre stand. Lastly I love the fact BMW offers a 3 year unlimited kilometers warranty with road side assistance.

If you're thinking about a bike and its your first, this one is an excellent choice. In fact my female friend who bought a bike last summer after our training rode it and now wants to switch to same model. She has a different BMW X-Country 650 but its higher, a bit larger (for her) and she says a little stiffer and for her harder to ride.

In any case I'm loving it and I would recommend this model to anyone looking for a first bike.

MacBook Pro Keyboard Illumination busted! (so I thought)



My employer recently provided a MacBook Pro 17" sweet machine! One of its great features is keyboard illumination. It really rocks in low lit areas or late at night while in bed. However after reinstalling Snow Leopard I ran into an issue or at least what I thought was an issue.

When I first got the laptop keyboard illuminated at all times and F6/F7 keyboard brightness function keys always allowed adjustments. After Snow Leopard reinstall keyboard illumination was no longer functioning and pressing F6/F7 did nothing; in fact on screen graphic showed a circle with diagonal line. I assumed I was missing a driver or something went wrong during reinstall process.

Immediately I googled the problem and found a few posts with similar issue however everyone posted "its working now and I don't know what I did to make it work" ~not very helpful!

So I thought I would post my experience in case others are pulling hair trying to figure it out.

It seems to me Apple has changed keyboard illumination functionality. Instead of always illuminating the keyboard and allowing F6/F7 adjustments at all times. NOW! and here is the important part you must be in a dark room before keyboard will illuminate AND allow any F6/F7 brightness adjustments. How I fixed my issue is I covered both speakers on either side of the keyboard (light sensor location). My screen auto dimmed and at this point I could use F6/F7 brightness function keys to full brighten the keyboard.

Uncovering both speakers auto brightened my screen, keyboard no longer illuminated and I could no longer adjust keyboard brightness using F6/F7 function keys.

If you really think about it that really makes sense because why would you need your keyboard lit when in a bright sunny setting. Simply a battery drain. I just wish this change in functionality was posted somewhere on Apple's site. If it was I missed it or could not find it. (I looked)

Hope this helps.

Thursday, May 13, 2010

E60% of US Managers will circumvent Company Security Policy!

I came across this article at net-security.org Employees continue to put data at risk which talks about a study conducted by Ponemon Institute where it compares the "Human Factor" in laptop encryption. This year's study was expanded to include Canada, United Kingdom, France, Germany and Sweeden. The most interesting and perhaps puzzling was the enormous difference between some European countries and their North American counterparts.
According to Ponemon Institute 15% of German and 13% of Sweedish business managers have disengaged their encryption solution. Compare this to 52% of Canadian, 53% of British and a whopping 60% of US business managers. WHAT??!?!? That's right sixty percent!

Let me get this straight corporations spend billions of dollars on all this fancy security software and 60% of US business managers turn it off. Why?? I'm sure reasons for doing it vary and there are as many reasons as stars in the sky but I'm willing to bet vast majority is simply convenience and I hate to say it required effort level to accomplish a given task.

North American's have always been a comfort driven bunch. Europeans have always been less extravagant in their lifestyles. I'm thinking environment issues like composting, recycling, driving much smaller and more fuel efficient cars. Much smaller housing and overall much smaller foot print on this wonderful planet. I'm guessing this attitude automatically translates well  to other work related situations including security. A little inconvenience for the greater good.

On the flip side we North Americans are quite the opposite we've always had a 'me' rather then 'we' attitude. We have larger housing requirements, larger cars, we produce the most waste per capita vs. other countries. If you need more examples look at waste management and recycling which has been flourishing in Europe for over 20 years (and I don't mean the basics paper,glass,plastic) Europeans have been recycling other items including food waste (compost) 15 years ago. The amount of landfill garbage they produce is minuscule as a percentage of their overall generated waste.

I guess what I'm saying is given the 'me' attitude we have in North America security will always take a back seat over convenience and required effort. We're just lazy! Will this ever change? I suspect it will but it will take time, lots of time. But given the growing global cyber attacks by governments and corporations things will get worse before they get better. And we can't afford such 'me' attitude much longer. 

Switching to Ubuntu 10.04


DavMail POP/IMAP/SMTP/CalDav/LDAP Exchange Gateway

I recently made the decision to drop Windows and use Ubuntu 10.04 as my primary office desktop. I've spent the last 6 months developing a new Open Source software training course therefore I've been fully immersed in Linux for many months (no GUI either strictly Ubuntu Server edition). Making the switch doesn't feel as radical a change now as it might have 6 months ago. Given Canonical recently released Lucid Lynx I decided to give it a try. Installing Ubuntu 10.04 was super easy and very quick, I must say I really like Ubuntu's new theme. Everything works well with one exception. My employer uses Exchange 2007 (typical office MTA) but for some reason Evolution refuses to bond in holy matrimony with Exchange 2007. It gives me an authentication error even though I know I'm using proper credentials. I've done some Google'ing and others seem to have similar problems. It seems this issue has been around for a while its not new with 10.04.

I know what you're thinking I could have used IMAP or POP and SMTP. Well no luck my employer does not have IMAP or POP enabled from the outside. (Yes I'm not on the internal network) don't ask for work-duty related reasons I'm behind the firewall but not exactly on the internal network. In any case I spent a few hours looking around for an alternative email client however Evolution seems to be the best choice and closest in functionality to Outlook. Not that I'm a big Outlook fanboy but much better then Microsoft's crippled OWA (remember I'm not using IE) Well I'm happy to say I found a great tool; not a replacement for Evolution but a solution to my problem. It's called DavMail.

DavMail is an email gateway; essentially its a Java application running on my local client. It connects with Exchange over HTTPS and I connect to DavMail over IMAP SMTP etc... and voila Evolution is alive and well with Exchange 2007. There are some quirks but so far its been working well. DavMail docs say it works with Apple's iPhone too. I'll play with it a while longer and report back. Thanks DavMail!

Wednesday, May 12, 2010

Canada blindly following MPAA and implementing US Style DMCA



Canadian Coalition for Electronic Rights � Send A Letter To Ottawa To Stop The Canadian DMCA

The US Digital Millennium Copyright Act is perhaps one of the most hated pieces of legislation known to man. And Canada is blindly following in their footsteps. Last fall (2009) Canadian government held public hearings on this issue and by far majority of Canadians are against such draconian restrictions to fair-use and consumption of digital content. However lobby groups like MPAA have so much power and control over publicly elected officials (through their wallets) we as consumers don't stand a chance. The EU (European Union) caved and passed similar legislation in 2001. Now the EU is pressuring Canada to do the same.

When will these lobby groups realize hanging on to old business models is backwards thinking. Age of couch potato TV viewing are gone, consumers want choice how and when to consume. Moving forward digital media is where its at, if they opened their eyes and looked around they'd see that. MPAA should speak with their customers not take them to court. New technologies and devices like Apple's iPAD are perfect examples digital consumption of media is the future.

Canadians still have a fighting chance the Canadian Coalition for Electronic Rights is fighting for us consumers. They've created a site where Canadian constituents can send a letter to their MP's voicing their concern over Canadian DMCA changes. Process takes 30 seconds; simply choose your MP, add your contact info and a letter is emailed to Prime Minister Harper, the opposition leaders and a number of other cabinet members. Here is the link

If you enjoy digital media and don't want a US style DMCA please send an email to your MP using above link.

Thanks

Monday, March 29, 2010

Microsoft Wireless Keyboards (New Security Risk)

Microsoft Wireless Keyboards Fall! (New Security Risk)


Well it was bound to happen. Just a matter of time before someone created a proof of concept in attacking wireless devices like keyboards. Too bad companies like Microsoft believe such devices are safe and use such crappy encryption techniques. Like this article mentions XOR is a crappy encryption algorithm and Microsoft should not be using it. There are plenty of public encryption algorithms out there which are much..much stronger.

On the flip side its a good thing Security researchers are proving such attacks. Better good guys then bad guys :-) I'm sure we'll see more on this down the road. As hackers move from mainstream attack vectors to new pastures we'll no doubt have new security countermeasures to stop such hardware attacks. But step 1 is better encryption of data stream between device and receiver.

Monday, March 8, 2010

Energizer Battery Charger Contains Remote Access Backdoor

Energizer Battery Charger Contains Remote Access Backdoor | threatpost

This is not the first time a seemingly innocent consumer product contained a trojan. Just another example of a company not doing their due diligence. Instead Energizer probably contracted the lowest bidder to create some add-on piece of software for their consumer product. In this case Energizer's USB battery charger product. I understand the concept of outsourcing however when you're placing your reputation and Energizer has a big one you should ensure you're entrusting it to a reputable vendor. Ultimately Energizer executives are responsible for this embarrassing situation. They should have done their homework. Perhaps the lawsuits that come out of this situation will make them realize the error of their ways. Only time will tell. C'mon corporate America smarten up.

Top 10 Most Vulnerable Apps of 2009

Here is a link: Top 10 Most Vulnerable Apps of 2009 | threatpost

With recent Flash, iPhone/iPad tug of war between Apple and Adobe I'm certainly not surprised why Apple and Steve Jobs have taken their respective position given the findings of this report. It certainly reaffirms what Steve Jobs has recently said that Flash is a buggy resource intensive piece of software. I've been around the block and certainly knew Flash, Shockwave and Adobe Reader require countless updates but did not believe for one minute it would be the #1,2 and 3rd most vulnerable piece of software in 2009.


It certainly doesn't help Adobe in their fight for Flash remaining vital and dominant in the future. With HTML5, it seems Flash may become irrelevant sooner rather than later. We've already had converts like Virgin America drop Flash support in favour of HTML5. With results like these I think Adobe should be doing a lot more to fix their reputation and improve overall security. Is Adobe another Microsoft before their software security initiative a few years ago? Perhaps only time will tell.

The other surprising fact of this report was Quicktime and Safari making the list at number 4 and 5. I've never really liked Quicktime, I've always preferred VLC so I'm not heart broken. But ever since switching to Mac I've really enjoyed Safari. I like its interface, performance and integration into OS X. However lately I've been rethinking my Safari strategy in light of multiple confirmations by security researchers of its short comings. Such things worry me and believe it or not I'm testing Google Chrome. I've been using it for a couple of weeks, so far so good. I won't say there have been no problems but general browsing is really good. And the fact Google Chrome was the only browser not compromised at the 2009 CanSecWest Security Conference helps me accept it as a good and safe alternative to Safari.

I think a turf war between Apple and Adobe is here and inevitable as both fight for dominance over mobile Internet content. What comes of it only time will tell. But certainly both companies have to do a better job in securing their products and guarding their customers.

Wednesday, March 3, 2010

New M86 Security Labs Report Finds 60% of Malicious URLs Pass Unnoticed Through Anti-Virus Scanners and URL Filtering: M86 Security

New M86 Security Labs Report Finds 60% of Malicious URLs Pass Unnoticed Through Anti-Virus Scanners and URL Filtering: M86 Security

I'm really not surprised by these findings. The number one and biggest problem with any security software like you're typical Internet Security Suite is it's a 'Reactive' technology. This means its always behind the curve never in front of it. This means the best you can hope for in terms of detection rates is 98-99% but never with 100% certainty.

Whenever I talk with users and explain this fact they are always shocked. Why is this so surprising to people? Vulnerabilities exist because code is written by humans; therefore you will always have mistakes in code creating the smallest openings for exploitation. Security software is written by humans therefore it will never be perfect and because its a reactive technology it will never catch the latest and greatest zero day exploit.

However security software vendors can help by implementing one small change. Stop marketing their tools as the best and only tool for a safe and secure Internet experience because such marketing hype creates a false sense of security leading everyday users to believe they can do no wrong. Such false sense of security makes people complacent and not think about security. I wish government would wake up and force vendors to disclose such details. We have labeling laws for everything else why don't we have it for software or security appliances. Users should know what they're getting up front before they're taken in by all the hype and spin.

In fact I don't believe things will change anytime soon but only get worse. That is until users wake up from la-la land and become aware their actions have consequences. Ultimately the security fight will not get any better until users take responsibility for their actions and actually think about email, attachments, web sites and general computer best practices.

Until that day security software will fall farther behind and a new sucker will be born every nanosecond. We've all been taught lessons by our parents 'don't talk to strangers' type stuff. Why is it so hard for people to learn similar lessons when it comes to computers and Internet safety?

Tuesday, February 23, 2010

CA Internet Security Suite Win32/ASuspect False Positive

Win32/ASuspect is the latest message users of CA Internet Security Suite are seeing beginning last night February 22nd 2010.

CA is reporting wuweb.dll as a Win32/ASuspect Trojan and automatically placing it in quarantine. This file is part of Windows Update process which is now failing to execute.

I support several customers using CA Internet Security Suite and all have reported seeing this error message. I've done some checking on the web and CA Support forums have lit up like a christmas tree. However because I'm a cautious man I submitted a copy of quarantined wuweb.dll to virustotal.com and as expected results came back clean.

Looks like we have another case of CA False Positive. I'm sure CA will fix this quickly by pushing out new signatures however what worries me is the frequency because CA had a case of false positive last year in 2009 and secondly I'm not seeing much about this on their website. As a good corporate citizen I think CA should be informing their customers about such problems quickly. Consultants such as myself get these frantic phone calls from clients; then we spend our valuable time investigating such matters only to find its a false positive. It would save me much headache if CA could post a message to their Forum or website.

Come on CA I expect better from you.

Monday, February 22, 2010

Google BUZZ ~ Why are people over reacting?


Google once the darling of the online community has recently fallen out of favour. It's at the forefront of a huge backlash over its newly introduced social media service BUZZ.

What I don't understand is why are people over reacting? I mean come on folks what did you think was going to happen with the obscene amount of personal information Google is sitting on at this moment. Google is a for profit corporation; it's not in this for charity reasons. Someone has to pay for all these free services you've taken for granted. Before Gmail there was Hotmail and Yahoo Mail which at one point or another were paid services that is if you wanted a decent amount of storage space for your email. Then along came Google giving everyone 1Gig of FREE storage. At the time this was a bold and unprecedented move. But did you really think this was all for nothing. Come on what kind of fairy tale do you live in? Nothing is FREE. So get over it and move on.

Google has spent millions on their hardware infrastructure and giving it away free for years. At some point they have to figure out how to pay for all this investment. Well BUZZ is just the beginning, this fairytale you've been living is coming to an end. When someone gives you something free with the left hand its only a matter of time before they'll be reaching out with their right hand looking for payment.

Google has an obscene amount of information stored. We've all been happily giving all sorts of personal data to Google and now that they're trying to use it we absolutely freak out. If you don't like it don't use Gmail. Go back to using a local email client like you did in the 90's.

Besides take a minute and review how much personal information people are freely giving away to Facebook and other similar services. If you're happy to give it away to Facebook why are you freaking out if Google uses something you've given away long ago when you signed up for Gmail or Google Docs? If you don't like it stop using their services, it's your choice.