My web wanderings

WARNING: Running this tool WILL DESTROY ALL DATA ON A DISK IN A WAY THAT IS NOT RECOVERABLE!!!! DO SO AT YOUR OWN RISK!!!!

Secure that computer before donating or recycling it. You are recycling old computers right? Just because you format or FDisk your computer does not mean that all your old data is gone. In order to make sure that no data can be recovered before doing away with an old computer use DBAN (Darik’s Boot and Nuke) utility to securely delete old data for hard drives. I highly recommend this tool to ensure that your private information is not stolen. I use this tool at work to securely delete data from Desktops and servers. If you like the tool then send Darik a donation (note to self) in thanks for securing your data.

Ever need to find out who has dial in permissions or all domain members with an exchange email address. This website has some common LDAP queries.

13 Aug 2004: “The first thing to know about SNMP is that it is a service that is structured such that an SNMP agent sitting on a target host can be queried by remote hosts for various bits of information. Only the target host (the one you want information about) needs to be running an SNMP daemon. The client making the queries just needs some tool capable of making SNMP queries and parsing the output. Most Linux server and client tools are supplied by the Net-SNMP project.
http://rootprompt.org/article.php3?article=7489

14 Aug 2004: This document will introduce OpenVPN as a free, secure and easy to use and configure SSLbased VPN solution. The document will present some simple (and verified) scenario’s that might be useful for preparing security/networking labs with students, for creating a remote access solution or as a new project for the interested home user.

Reporting Services Tip #2

The easiest way to install Reporting Services is to have the Report Server and SQL Server on the same server.  It’s the easiest way, but it certainly is not the best.  IIS should not be installed on the database server for performance reasons.  Now this isn’t true for small systems, but I rarely work on small systems so this is a general rule for me.  Due to this rule, the Report Server must be installed on a different server as it relies on IIS.  And yes this way requires the Report Server to be licensed as well as SQL Server.

During the installation of the Report Server, you may receive the following error when SQL Server is not installed on the same server:

Login failed for user ‘NT AUTHORITYANONYMOUS LOGON’

This error occurs when the installation is trying to connect to the SQL Server to install the databases used by Reporting Services.  You might be wondering why it doesn’t just use the account that you specified in the installation wizard, but that account isn’t used for the installation but rather for Reporting Services when it is installed.  By default the credentials of the person logged into the server is what is used for installing the databases.  I’m not sure why I have received the error as my account has local admin privileges on the database server and sysadmin fixed server role in SQL Server.  For some reason, the credentials don’t get passed correctly as I see from SQL Profiler the NT AUTHORITYANONYMOUS account trying to log in.

To get around this error, you can specify a SQL account (readme file says you can use Windows account but I’ve only had success with a SQL account) instead.  You do this from the command line or by modifying template.ini file.  Here is the command line way:

setup /i “D:setuprsrun.msi“ RSSETUPACCOUNT=sa RSSETUPPASSWORD=sapwd

Change the path for rsrun.msi if needed. 

For the template.ini file way, there are two lines that will need to be changed:

There are two lines that will need to be changed in the template.ini file:

RSSETUPACCOUNT=sa
RSSETUPPASSWORD=sapwd

The template.ini file is located at the root of where you are installing Reporting Services from.  If you are running this from a CD, you might find it easier to use the command line way as you won’t be able to modify the file on the CD. 

I’ve specified the sa account in both ways.  It can be any account that has sysadmin privileges.

For Reporting Services service pack 1, you must do the command line way as there is no template.ini file:

sp1setup RSSETUPACCOUNT=sa RSSSETUPPASSWORD=sapwd

You can not pass these parameters to the self-extracting sp1 file (SQL2KRSSP1-ENG.EXE).  You must manually extract the files, then run the command line option. 

Post to WordPress 1.2 Mingus from FeedDemon

If you’re using WordPress 1.2 Mingus, here are updated instructions on how to post to it from FeedDemon (thanks, Mark!).

27 Jul 2004: “In the first chapters, the authors briefly review some basics of MySQL. The concepts they discuss are pertinent to database performance. Chapter 1 explains the configuration file my.cnf and how it can be set to improve a MySQL server. The authors also discuss the results of the SHOW VARIABLES statement and the SHOW PROCESSLIST statement so that an administrator can determine where the MySQL service is being slowed because of inefficiencies.” Story

[Via RootPrompt — Nothing but Unix]

25 Jul 2004: “There is no assurance that any software development effort is free from people who have bad intent or who just write lousy software. The US government’s highest security agencies have discovered spies working at the most trusted levels - does anyone realistically expect that software companies will adopt more rigorous screening than the CIA? In any case, it’s not clear that it is easier to get code into Linux than it is to get code into other operating systems. In fact, because Linux code

[Via RootPrompt — Nothing but Unix]

Evans Data Corporation’s just-published Security Development Survey found that one in four developers believe that the biggest hurdle to computing security is end users who refuse to adhere to, or circumvent, polices.

In the study, Evans found that “a quarter of developers found social engineering and lack of adherence to policies to be the biggest problem, while another 15% cite lack of qualified personnel.” At the same time, just 11% of the developers surveyed reported that solutions were too complex or difficult for users.

“As with any other security concern, the best technology in the world can be undone by untrained or inattentive end users, the same holds true for the development of secure computing applications and projects,” said Glenn MacEwen, an analyst with Evans Data.

Other findings from the Summer 2004 survey of more than 400 Database developers and IT mangers included:
Developers are split down the middle on which libraries and APIs to use when building security applications. Seventeen percent use Java security APIs and seventeen percent use Microsoft Web Services Extension (WSE). OpenSSL is a strong second choice at 15%.

Twenty five percent of developers believe that the Linux operating system has the best innate security. Windows 2003 is a close second at 19%.

IBM was viewed as the leader in security tools and infrastructure.

[Via DesktopLinux.com]

Neowin guide to Removing Spyware

Here are some MySQL tools:

• MyTop - a top clone for MySQL

How to Make Your Web Site Work with Windows XP Service Pack 2

If you:

Then:

< ?xml:namespace prefix = o /> 

ize=2>Make sure you have reviewed this article ‘How to Make Your Web Site Work with Windows XP Service Pack 2’ and plan accordingly.

• If you know anyone in the webdev & online marketing industry, pass the link on.

• If you want to know the ‘what’ and ‘why’ (non-technical) of Windows XP SP2 go here.

Thanks to Kent Sharkey for the reminder!

posted on Saturday, May 29, 2004 11:45 AM

Infocus: Malware Analysis for Administrators The purpose of this article is to help administrators and power users use behavioral analysis to determine if a binary is harmful malware, by analyzing it in a lab environment without the use of anti-virus software, debuggers, or code disassembly.

Jeff Prosise has an article posted this month in MSDN Magazine on “Foiling Session Hijacking Attempts”.  I was talking about this issue with a friend last week, so this is very timely.  If you want to protect against session cookie information being stolen from your ASP.NET website, give Jeff’s solution a try.

[Via Weblogs @ ASP.NET]

When Ireland’s leading bank, Allied Irish Bank (AIB), last month disclosed that it was disposing of the Windows PCs that its tellers used on their desktops in favor of Linux-based terminals, experts said it demonstrated that an IT insurgency is emerging in the financial services sector. Linux is finally proving itself on the desktop in the financial industry, where cost-conscious executives want powerful performance at an affordable price.

[Via IT Manager’s Journal: ]

So, you’ve set up parental filtering, only to discover that an overachieving teenager has Googled a way around it. You’ve just been the victim of a local intrusion. Preventing such an occurrence on GNU/Linux requires a little knowledge and even less …

[Via Linux.com]

Infocus: Packet Crafting for Firewall & IDS Audits (Part 2 of 2) This article is the second of a two-part series that will discuss various methods to test the integrity of your firewall and IDS using low-level TCP/IP packet crafting tools and techniques.

Infocus: Metasploit Framework (Part 2 of 3) This article provides an elaborate insight into the Open Source exploit framework, the Metasploit Framework, which is meant to change the future of penetration testing once and for all. Part two of three.

PHP 5.0 Goes For Microsoft’s ASP-dot-Net

Dozix007 writes “Uberhacker.Com reports : Zend Technologies quietly announced last week the final release of the open source PHP version 5. An interesting article reports the different strengths and weaknesses of ASP vs. PHP, and it becomes quite clear that with the release of PHP5, Zend has taken a shot at ASP’s heart. The differences from PHP4 to 5 has created a clear advantage for the new preprocessor over Microsoft’s proprietery ASP.”

Wrangle digital photos with imgSeek