Security
KB949031 and Office 2007 with SP1
Hmm… today I was reviewing installed updates in my Windows Vista… and I noticed that I have both - SP1 to my Microsoft Office Enterprise 2007 and KB949031 update. The date of install sp1 was earlier that the critical security update that allow remote code execution in outlook, so… why microsoft distribute this patch even if Office 2007 SP1 is not affected by THIS critial vulnerability?
Maybe because it is Microsoft? 
new wave of BZWBK spam messages
Be careful! There is the next wave of bzwbk spam, it looks like this:
It is highly critical so be really carefull, delete or ignore this message.
This time the spammers were more strict and make a very good phishing this is the source of the message:
Received: from mail.ardenjewelry.com ([68.15.33.211]) by xxx_xxx for marti@xxx; Wed, 14 May 2008 01:15:26 +0200
Received: from bzwbk.pl [71.170.119.34] by mail.ardenjewelry.com with ESMTP (SMTPD-9.23) id A0DA0240; Tue, 13 May 2008 19:14:34 -0400
Reply-To: <bzwbk@bzwbk.plz>
From: <bzwbk@bzwbk.pl>
To: <marti@xxx>
Subject: Uaktywnij konto BZ WBK 24
Date: 13 May 2008 18:12:33 -0500
Message-ID: <20080513181233.B0D23EC1EA3FA793@bzwbk.pl>
MIME-Version: 1.0
Content-Type: text/html;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable
take a look at spam score:
Return-Path: <bzwbk@bzwbk.pl>
X-Spam-Status: No, hits=1.7 required=2.5tests=SPF: 0.00,BAYES_05: -0.925,FORGED_RCVD_HELO: 0.135,HTML_IMAGE_ONLY_16: 0.497,HTML_MESSAGE: 0.001,HTML_MIME_NO_HTML_TAG: 1.082,MIME_HTML_ONLY: 0.001,NO_REAL_NAME: 0.961,TOTAL_SCORE: 1.752
X-Spam-Level: *
it get score just like the simple html message.
To be little more secure if you are not a highly technical computer user just folow this tips, they should help you safeguard your personal and account information when using online services:
- Install anti-virus software, a firewall and spyware-detection software on your PC and update this software on a regular basis, as recommended by the software providers. Remember, new viruses continue to be created. Always check to make sure the security software is running before accessing the Internet.
- Keep your PC and browser updated with current patches that are released by your system vendor. Be sure to download patches only from official vendors’ Web sites, and not from third-party Web sites.
- Do not respond to e-mails, Web pages or telephone inquiries requesting you to verify your account information. Bank never ask you to verify your account information, user name or password, via an e-mail using a non-secure Web site. Never provide personal or account information or respond to any attempt to collect this information. If you receive an unsolicited e-mail from your bank, or from any other source, requesting personal information or asking you to verify your accounts or security settings, I kindly suggest that you check with Your bank or the other entities to make sure these requests are legitimate.
- Don’t take the bait from any “phishing” schemes. Forward all suspicious e-mails to your Mail Service Provider or Bank Suppor. For more information on Identity Theft and Phishing, or when your bank may contact you via e-mail, please visit your bank website of contact support.
- Never share your password with anyone even someone you know. At your bank possibly, you can select your own online password and change it as often as you’d like. I suggest that you choose an alphanumeric password that contains a mix of numbers and letters. Do not use numbers or words that can be easily guessed (such as your phone or street number, or your child’s name
Edited by Marcin Rybak on 14 May 2008 at 15:20
my news has been added and my screenshot has been used at:
http://www.alert24.pl/alert24/1,84880,5210545.html
problem with app-antivirus/clamav-0.93 in gentoo
Today i tried to update the clamav to the newer version, and i got some strange message:
* Messages for package app-antivirus/clamav-0.93:
*
* ERROR: app-antivirus/clamav-0.93 failed.
* Call stack:
* ebuild.sh, line 49: Called src_compile
* environment, line 2828: Called econf ’src_compile’ ’src_compile’ ‘–disable-zlib-vcheck’ ‘–enable-id-check’ ‘–enable-bzip2′ ‘–enable-nls’ ‘–with-iconv’
* ebuild.sh, line 513: Called die
* The specific snippet of code:
* die “econf failed”
* The die message:
* econf failed
*
* If you need support, post the topmost build error, and the call stack if relevant.
* A complete build log is located at ‘/var/tmp/portage/app-antivirus/clamav-0.93/temp/build.log’.
* The ebuild environment file is located at ‘/var/tmp/portage/app-antivirus/clamav-0.93/temp/environment’.
It is strange because i have the newest gcc, without this bug… the avaliable answers on the Net - upgrade the gcc to version without bug (does not affect my configuration), the another one is to change /etc/make.conf file from sth like
CFLAGS=”-O0…”
insead of recommended
-O2
then the emerge process will go dapperly
why cifs is so slow when mounting through the wan and vpn
Today I mounded some samba shares through the vpn (because of fact copying over 200GB of data, and quite easy method). I thought that using it will be easier to use in rsync. But I was totttaaalllyyy wrong 
mount -t cifs //10.10.5.13/test /store/test –verbose -o user=test -o directio -o rsize=200000 -o wsize=200000
rsync -avz -P /store/test/test.tar.bz2 /store/test_backup/
test.tar.bz2
5799936 0% 87.15kB/s 18:03:01
rather poor transfer when we have a 5mbps link, don’t you think so?
test another file from same server, but through http…
$ wget 10.10.5.13/100mb.test
–16:40:45– http://10.10.5.13/100mb.test
=> `10.10.5.13/100mb.test.2′
Connecting to 10.10.5.13|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 102,400,100 (98M) [text/plain]2% [=> ] 2,123,712 567.60K/s ETA 02:56
The difference is almost 6 times. I google a lot to find the solution, because I thought that I have some error in my configuration or something. But I found only questions, with no answers. So I would like to sumarize what I found.
When CIFS was originally developed, users and applications were situated in close proximity and most network traffic stayed local to the user. In that environment, CIFS works quite well. According to Nemertes Research, more than 80% of users now work outside the organization headquarters.
Three reasons of the poor cifs quality:
1. CIFS is a “chatty” protocol that often requires hundreds of round trips between file server and user in order to complete the original request to transport the file. These round trips are not noticeable in a LAN, but they introduce significant latency (delayed response time) across long distance WAN links.
2. To protect against data loss when a user is working on a file, many applications will do periodic automatic saves of work in progress. CIFS does its part by sending complete updates of the files back to the file server. While this preserves file integrity, it also exacerbates WAN congestion and performance delays because CIFS transports a
significant amount of redundant information.
3. WAN bandwidth is obviously far more limited and far more expensive than LAN bandwidth. Therefore, as more users and application traffic traverses WAN links
The net impact of the CIFS performance problem is unacceptably slow application response time experienced by remote users. Depending on the file size, WAN link, and other variables, the delays could be significant. In fact, it is not uncommon for a remote user to wait 15 minutes or more for a large file to be delivered to his or her desktop. When that “wait time” is experienced by hundreds of users spread out across dozens of locations, the CIFS performance problem becomes a severe business and user productivity
problem that must be fixed ASAP. But how?
For now - this question has no answer… but maybe in future?
new page: Packages
ok… now you can find a new page called “packages”. You can find there (for now, I’m just going to copy interesting builds to www server) my PLD Linux builds (from spec or not only), with some extra options enabled.
Any doubts: go to —> HERE
security tip: mail me if sb logs to root
It should work simple, it should be fast, it won’t be persistent unless you use a root account to everyday work. It make you system a little bit more secure, it can help you, when it is to late to recover log files
just edit .bashrc root file, and put there sth like this:
echo ‘ALERT - Root Shell Access at ServerName on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” any@mail.com
Apache Server Token changing
My friend (xoff) showed me his trick about ServerToken changing. It looks nice, and can be a little bit more secure (for sure it kills the robots) than line simply showed by my apache server:
Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7………
Can be limited by changing in your apache.conf:
ServerTokens Full
to:
ServerTokens Prod
note that if no option is set the default is Full (read more at apache documentation)
But if you really want to have somethins different, just use mod_security module, and add
SecServerSignature “someCOOLapacheName v1.1.1.1.1.1.0″
note that you have to set ServerTokens to Full option to see the effects of SecServerSignature.
spammers in your network
There are two simple ways not to get on SORBS (or simmilar) lists, first is simple:
use
modprobe ipt_recent ip_list_tot=32 #ip_list_tot - defines the size of ip_recent file
iptables -A FORWARD -p tcp –dport 25 -m recent –name SMTP –seconds 30 –update -j DROP
iptables -A FORWARD -p tcp –dport 25 -m limit –limit 1/second –limit-burst 5 -j LOG –log-level info –log-prefix “smtp-log ”
iptables -A FORWARD -p tcp –dport 25 -m recent –name SMTP –set -j ACCEPT
This sample allow users to send only one mail per 30 seconds, but when somebody tries to send next mail in this 30 second time, the counter is reset, and starts counting from 0 (zero ). Every connection of this type will be loged into kernel log.
Second way needs some more configuration, but it has additional functions.
It is called SMTP Proxy and in this way you can control almost every user. And say that user A can send the XXX content, but user B cannot.
I will write some howto in my free time.
Security model… what sould be done, to make a secure enviroment
The first: Authentication
This is the main point of every implementation. It links users identity with a level of privileges. Identity by definition is unique, there can be only one! If you want two users to have the same access - remember to make them a group.
The second: Authorization
It usually happens after the authentication. It checks the rights with the access controller. Once a subject is authenticated, it may be authorized to perform different types of access.
The third: Integrity
Integrity means you do not have to check if the data has not been modified. In the context of a single message it means that the content is exactly the same as was sent by the author, this is typically achived through digital signatures. In the context of message exchange it also means that all the messages were received exactly in the same order as they were sent.
The fourth: Confidentialy
Confidentialy is the property that data is not made available to unauthorized individuals, entities, or processes. Typically confidentiality is achieved through the encryption and authorization.
The fifth: Accountability
It’s the only aspect that happens after the event took place. Sometimes it is too late to review situation after it happend. So better prevent it, and has all data in the event log.
To be continued…