Windows lost administrator password rundown….

January 19th, 2007

I’ve done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another “brain dump/web research dump” of things that I’ve run across. This is not just for lost administrator passwords, but could apply to a lost user account password as well. (I’ve found that the mileage varies on the system. NT/2000/XP/2003 are not the only variations, there seem to be variations related to certain Windows updates/etc.) I should also put a disclaimer here that this information is not so you can break into someone else’s windows installation (without their permission), at the very least that’s a privacy violation and at the worst, against the law and unethical. What this is for is a guide to someone that has accidentally locked themself out of their windows install (or in some cases where someone ELSE has locked you out of your own pc.) In other words – don’t use this to crack.

Read the rest of this entry »

Mac/Linux/Windows usb wireless adapter D-link DWL-G122

January 8th, 2007

One of the tools I looked at having for my expanding kit has been a usb wireless adapter that would work with minimal install on Windows/Mac or Linux. As you can imagine…. it’s not as straightforward as just getting one that’s compatible with Windows…. well, after much searching I found the D-Link DWL-G122 802.11g Wireless USB adapter…. (Revision B it seems is the one to get…) Anyway, using a generic driver downloadable for the Mac it will work (from ralink http://www.ralinktech.com). On linux, you have choices (isn’t that the truth…) anyway, there is a native driver (from ralink for the RT2571W/RT2671 chipset) and there’s the rt2x00 driver project and it’s also possible (and fairly easy) to install the Windows driver via ndiswrapper.

Read the rest of this entry »

Happy New Year

January 8th, 2007

Yes, I’m still around and even though I haven’t posted, it’s been a busy few months. In some ways it’s been very nice to not force myself to read through a couple hundred news feeds a day to keep up with what’s out in the world. (Before Christmas I had started forcing myself to close the RSS reader after I “cleared” new stories and only check one or two times a day.) For a news junkie like me…. that was a bit difficult. But, right this minute I don’t know how many days it’s been SINCE I opened the news reader. Although I suspect I will in a day or two here, if for no other reason than to clean the slate… and maybe prune my feeds a bit. Some are just TOO frequent.

Let me take this opportunity to send a belated Happy New Year to anyone that’s wandering through.

Read the rest of this entry »

Is something up with ordb.org?

December 11th, 2006

I’ve noticed several times in the last week a server of mine that is using postfix has rejected messages due to a failure in the lookup at relays.ordb.org. At first, I thought this was just a false positive in the database at ordb… but this morning I finally “caught it” while it was happening and went to pull up the ordb.org web page. It took…. 30-45 seconds and then proceeding to do a search on the rejected IP took another stretch. In looking at the logs it appears that there may be blanket rejections if the ordb.org check times out.

Here’s the postfix config setting….
smtpd_client_restrictions = permit_mynetworks,reject_rbl_client relays.ordb.org

Read the rest of this entry »

Approaches to beating form spam submission

November 9th, 2006

I’ve replaced bare email addresses on web page with either an encoded variation of the email or with a contact form to discourage spam scrapers and other automated tools from using it for a spam magnet. Well, it seems there are some tools that automatically submit forms – after all that’s what’s brought us the annoying captcha’s we see everywhere now. (You now those pictures with squiggly letters and numbers that you sometimes have to redo two or three times if you can’t read it correctly.) Well, Sans is talking about some interesting alternatives to the traditional captcha for protecting a form from automated spam bots.

   Send article as PDF   

Good idea to help limit phishing attacks

November 9th, 2006

I saw this a few weeks back and think it’s a good idea. Essentially why don’t we have a .bank domain registration and limit it to just financial institutions the way .gov is limited to government registrations. (and .mil for military, .edu for educational institutions…..) Let’s face it, anyone can register a .com .net or .org – maybe instead of increasing the number of Top level domains that ANYONE can register in, maybe we need to tighten the restrictions and add a few new TLD’s that would be more closely restricted. There’s already a .museum, .bank would be a good one next.

   Send article as PDF   

Network swiss army knife

November 9th, 2006

There’s no better way to say it, netcat is SOO useful, and there is an encrypted variation… cryptcat, you can do quite a few interesting and useful things VERY easily with these two utilities. (*It’s one of the utilities I used to image a live running system to a file on a network server.) The source is available from the previous two links. There are binaries for windows for both netcat and cryptcat available here, but with all such tools you should be wary of where a precompiled binary comes from.

   Send article as PDF   

Major botnet building and the massive jump in spam

November 9th, 2006

For a few months now (since the demise of bluefrog actually) I’ve noticed that the level of junk mail has gone up on my own mail server. Yes, I use spamassassin to filter and tag, but the volume of stuff that’s tagged has gone up (as well as the volume that slips through.) I’ve had to flush out the bayes filter more than I would like after some massive bayes poisoning attempts (those messages with lots of random words or text.) I’ve also been following news on the topic and thought I’d detail some of it here for those that haven’t been paying attention.

Read the rest of this entry »

Create a sitemap for Google

November 5th, 2006

WordPress has a great plugin available to automatically keep your google sitemap updated, but I’ve done a few static websites in the last few days and just wanted a good, quick, web generated sitemap. http://www.xml-sitemaps.com/ seems to do the job quite well, it generates a Google sitemap xml, compressed xml, and a ror sitemap (I hadn’t heard of that yet..) It also generates a text file url-list and a html sitemap.

   Send article as PDF   

VMware guest unable to access USB devices

November 5th, 2006

I ran into this some time back and found the solution a few months later and was reminded today to document it here…. The situation is this… Linux host for VMWare server, the guest machine has usb support and in vmware, you can go to VM, Removable devices and in spite of the fact you have usb devices on the system, nothing is listed as available to use in the VM. Well, it seems this is not an isolated problem. First you need to be sure the usb device is not in use by the host system. But, there’s something else that you need. VMWare uses usbfs to keep track of usb devices and a few distributions ( Ubuntu Linux 6.06 SUSE Linux 10.1, SUSE Enterprise Linux Server 10, Mandriva Linux 2006, SLES9 SP3 64 bit) don’t enable it by default. ( mount -t usbfs none /proc/bus/usb ) should do the trick (as root) or you could set it in fstab usbfs /proc/bus/usb usbfs auto 0 0 (and now I’m thinking I may have already posted this once…. )

   Send article as PDF