February 2009


IT Security28 Feb 2009 10:55 am

When I last declared victory in my previous blog entry, the system wasn’t completely clean.  When the system rebooted, my screen background would switch to a blue background towards the end of the system boot process.

Running AVG and Microsoft One virus scans found nothing, but, after leaving a browser sitting on the screen for 1/2 a day, it finally tried to jump to an Adware site.

The jump to the adware site was blocked, but, here was the trick.  The URL tried to access a file in \System Recovery Folder\ which I had not noticed before.  This is a hidden adminstrator  folder that you can not get into.  And, the spyware planted itself in that directory which I believe is beyond the reaches of Anti-Virus.  Googling around, I found that you can only delete that folder by disabling System Recovery.  System Recovery creates that directory for recovery purposes and deny’s access to everything else to the info, which was the perfect place for the virus to sit.

The system is clean.  No wierldness at all.

It is really frustrating that spyware sits and waits for days before actually trying to kick off.   Microsoft One has a long way to go to catch up with AVG, which appears to have cleaned the machine.

IT Security20 Feb 2009 12:27 pm

As I might have mentioned before, in addition to being an IT Sescurity GURU, I own another retail business in the burbs.  I have a partner that runs it, and I stop by and visit on occasion to check out the happenings.   We have a nice office in the back, with a Plasma TV, HD Cable, DVD, etc, and a nice kitchen set up, so its fun to work out of that office on occasion.

I have a sweet computer set up.  A really fast XP machine with 2 giant monitors.  But, not being at the store very often, somebody used my computer, and started a virus and spyware infestation.   When you watch these viruses and spyware its amazing to see them download and install their friends.  The only watch to staunch the flood of viruses was to uplug the NIC card from the network, while resulted in a screen full of “Can’t download the file” error messages.

HiJack This did a relatively good job killing some processes that were infected on the computer.  But, while zapping processes, I managed to trash TCP/IP on the XP system.  Googling I eventually found a TCP/IP repair kit that re-installed networking functionality.

Symantec Anti-Virus didn’t have much luck removing the infestation.  It is possible that Symantec was corrupted and disabled.  The viruses disabled the task manager, and for a strange reason corrupted Notepad.

I installed Microsoft One, which did a reasonable job with most of the spyware, but, I would still get pop up ads on the computer.  Very strange since Microsoft One said the machine was clean.

Next I downloaded Adaware, which found additional spyware, but, I was still getting the click ads popping up.

Next I downloaded AVG and tried to install it, but, it was being blocked by Adware from actually installing it.  So, I had to disable adaware’s anti-spyware to install AVG.

AVG ran, and found additional spyware, which stopped the ads, but, I installed the AVG toolbar, which itself redirects the browser to ad sites which is very strange.

I killed the AVG toolbar, rebooted and those pop-ups stopped!

Microsoft One, Adaware and AVG are all reporting the system clean.  I can tell you one thing.  I changed the password on my PC, since i’m not going to get these 3 hours back again.

infrastructure18 Feb 2009 10:20 am

Project Managing the upgrade of DMZ Infrastructure that contains Internet facing web sites, and business critical company technology, I chaired an interesting discussion on the future vision for the DMZ infrastructure.   The tactical network guy, who did a great Cisco design, went with a robust high availability design based on Cisco technology that has been out for a quite some time with many other companies using the technology. Architecture and Engineering is moving down the path to recommend the latest release of Cisco Nexus technology.  While Cisco typically releases very robust hardware and software, are we comfortable implementing bleeding edge technology.  And, is the Cisco Nexus bleeding edge or cutting edge? My vote from the perspective of having been accountable for 5 Nine’s of available for many environments in the past, is NO, go with the older technology.  If the older version can support the needs of the business going forward for 5 years, why accept the risk associated with the implementation of cutting edge technology. Which would you recommend and why?

family15 Feb 2009 11:30 am

After honeymooning at the Hyatt Regency Kaanapali Beach Mani, my wife and I feel in love with the area.  We were fortunate enough to go back ever few years, then stopped going for a while when our children were really young.  We ventured back with the children about 4 years ago, but, for spring break, we started spending time in Reno visiting family.

The stars alinged this year, and we are heading back to Maui.  There is something amazing about an Ocean view from your hotel room, with a giant sliding door you can keep open all night listening to the waves crashing into the shore.

We are already signed up for zipline’ing down the mountain.

http://www.zipline.com/

We will be spending alot of time at the beach boggie boarding and hanging out at the pool.  With the children being older, we might even try riding bikes down the Haleakala Crater, Maui

I can hardly wait.  Its going to be exciting

IT Security14 Feb 2009 10:38 pm

When I first started this blog, I named it after a dial-up hacker bbs system I learned about when I was in high school.   Back in the day, you would get to high school early, go to the computer lab, and get to use a DEC  or Olevetti paper terminal with a 300 baud modem call call BBS systens.

In Chicago, you could call CBBS/Chicago – the FIRST computer BBS System created by Ward Christensen and Randy Suesz.  After CBBS/Chicago came FIDO/net, and I even ran a copy of the original CBBS software on a CP/M computer in my basement.  My BBS system was called Logopolis where Dr. Who fans could discuss the Doctor Who series on Channel 11.

Anyways, there was a hacker BBS out there that was called Security Land.  And when you attempted to access the BBS system, you had to type in a few code words to get in.

The first was.

Security Land Lives

I don’t remember the 2nd or 3rd code phrase, but, I think I have a print out of the web site someplace that haves it.  Thats why I named my blog site Security Land Lives.

I was using Network Solutions for domain registration services but migrated over to Dream Host.  I forgot to migrate Security Land Lives.com over to Dream Host domain management, and about 2 years ago, it expired and a domain thief grabbed it.  I guess after 2 years or so with NO interest, they let it lapse, and I grabbed it back again.

Instead of messing around trying to get wordpress back to the .com site, I just put a redirect on the domain to .net.  But, I’m goint to keep it renewed this time through Dreamhost Domain Registration.

Security Land Lives!

IT Security14 Feb 2009 06:25 pm

In addition to my IT consulting business I have other business interests including a retail store, and an investment firm that provides capital market financing. We also provide services to reverse merge private companies into public shells to go public if anybody is interested, anyways…
At the office in the back of the retail store, I have a nice setup.  I have a desk, a plasma TV, very high speed Internet, water cooler, etc.  Its a sweet place to work out of, regardless which business I am working on.

My partner in that business set me up with a sweet computer.  Dual monitors, very fast computer, etc.  But, since I am not there very often, somebody used the computer, and it got infected with a virus.  And this virus started downloading its friends, other viruses, spyware, awareware, etc.

Using Hijack this I tried to get rid of as much as I could.  I then blew alway Windows TCP/IP which was another mess to restore, but, finally got the machine back on the IP network.

Microsoft One did a good job removing dozens of viruses, spyware, etc.  But, it did not get everything.  Ad Aware found some things that Microsoft one did not, but, I kept on running the scans over and over and they still kept on re-appearing.

Microsoft one finally came up clean, and aware did too, but while I was still cleaning them out, Microsoft One blocked a program from connecting to the Internet, so I had it removed too.

When I head back to the office next week, I’m going to have to see if it was clean.

The PC had Symantec anti-virus on board, but, that did not block the initial infection.

I also forgot to mention that one of the viruses turns off the task manager so you can’t get into it.  Its really a mess trying to clean out the machine.