Category Tricks, Tips, or Hacks

Mozilla Disables Java Deployment Toolkit in Firefox

Attention: This content is 15 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

If you have read my previous articles about Java being a malware writers dream, then you’ll understand why Mozilla did this.

If you hadn’t… well, hit the 2 links above to catch up.

When I fired up Firefox today I got an interesting message:

Nice!  Apparently Mozilla has decided to act where Oracle has not.  Mozilla has disabled the Java Deployment Toolkit, responsible for probably hundreds of thousands of malware infestations, across the board in Firefox.  Thank you Mozilla for taking responsibility where Oracle has not.

Orace: You suck.

Android Contact’s Birthdays In Your Calendar

Attention: This content is 15 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

I’ve had my Android phone a week and a half now and I love it.  It brings everything together in to one phone.  Perhaps that is why they called it the Nexus One?

But there was one “link” missing.  If you spent time entering birthday information for as many of your contacts as possible, they don’t show up in your calendar.  Even my girlfriend’s Blackberry does this, surely Android can.  I had downloaded an App from the market call EboBirthday.  While the app worked, it still had a flaw.  The birthdays didn’t show up in you calendar.  If you wanted to see what birthdays were coming up, you had to actually open up the EboBirthday app.  And on top of that, if you added in any new birthday information, you had to manually resync the EboBirthday app.  Rats… this isn’t the best solution.

Well, last night I was playing around and Google Calendar, and there is actually an option tucked away, built right in to Google Calendar, that lets you show your contact birthday infromation right on the Calendar!

Here is how you add it on:

Go to the Google Calendar web interface on your computer (google.com/calendar).

1) Click the settings button in the upper right

2) Click the “Calendars” settings tab

3) In the Other Calendars section click “Browse Interesting Calendars”

4) Click the More tab here

5)  You should see an item labeled “Contacts’ birthdays and events”, click the Subscribe link. (While you’re in here, you might want to poke around.  There may be some other calendars you’re interested in adding in to your own as well, such as holidays and stuff!)

That’s it!  In a couple minutes, all your contact birthdays will show up on the Calendar in your phone.  How cool is that?

While this is a nice feature to have available, it highlights one of the issues with Android and Google integration right now.  When you’re looking for a setting, it’s not always in the most obvious place, and some times you can only change it on the web.  However, I do expect as Android matures, we will see a lot more features and options added directly in to the Android OS.  I love Android and I suspect will be sticking with it for a long time to come!

TrueCrypt Full System Encryption on a Netbook

Attention: This content is 15 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

For the uninitiated, TrueCrypt is a Free, Open Source, on-the-fly disk encryption software.  You can do many things with it, from Encrypting flash drive, to creating Encrypted file containers, to Full System Encryption.  I had done all except the latter and I have been wanting to try it out.  For various reasons though I had never really bothered with it, until now.

Over the holidays I picked up an Asus EeePC 1005HA Netbook

asus-1005ha

I have a 14 inch laptop with all the bells and whistles of a normal laptop, but after a while, lugging the beastly heavy thing around got to be quite old, and it got to a point where I just didn’t even bother bringing it with me any more because it was just a hassle.  I picked up the Netbook to hopefully remedy this issue.  Their small and incredibly light build will hopefully not become such a burden down the road.  While you can definitely feel the slowness of the Atom processor, you only really notice it if you’re doing a bunch of stuff at once.  If you’re just surfing the net, IM’ing, doing office stuff, you don’t really notice at all.

So now that I have my new little buddy I started thinking about security for it.  Since it’s so small and will be going with me every where, it’s also prone to growing a set of legs and walking off.  Should this occur, I want all of my personal and work related files stored on it to be completely secure.  I have used TrueCrypt for many years so I have come to trust it, and I figured this would be en excellent solution.

Read More

Make Firefox More Secure, Disable Java

Attention: This content is 15 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

No, not Javascript.  Java.

Despite similar names, Javascript and Java are 2 entirely different things.

Java, or Java applets are programs that can be embedded in to websites.  They are generally poorly written, and hardly ever function right.  Most people will probably never even need java, and in fact the only website I can think of that I ever use it on is Facebook’s shitty multi-photo uploader which I use only a handful of times a year.

Why am I writing about this?  Because I had a Windows 7 machine that was fully updated, running an updated Firefox with Java (Java may have not been up to date),  and a fully updated Antivirus program.  By clicking one simple link, the machine was infected through the Java run time in Firefox.  Despite clicking “Deny” on the Java question, the app still managed to run itself.  It looked like it caused some type of crash in the Java run time and allowed itself to execute code.  The virus then proceeded to attempt to hijack the browser and insert other malicious code in to the system.  Avira Antivirus was able to block most of these attempts, but it did miss something.  I have a feeling that this was a new strain of the virus, so I’m not going to place too much blame on Avira here.  After all was said and done I ran the infected file through an online scanner, and only 1 of 41 virus engines detected it.  Yikes!

Before shutting down the system I had ran FULL scans with Malwarebytes and Avira, both came back clean.  I rebooted the system and that is when it happened.  7 load screen… blue screen…. reboot.  Over and over.  Safe mode was of no use, other methods of recovery didn’t work, the bluescreen yielded no useful information.  It wouldn’t even point me to the file causing the crash (which would of helped me tremendously).  To make a long story short (I put probably 4 hours in to fixing this bluescreen), the virus had attempted to insert code in to my iaStor.sys driver.  This is an Intel Storage driver, vital to system operation.  I believe that because this was a Windows 7 machine, it was unable to successfully hijack this file (the virus was probably written to hijack XP machines).  I found the lone infected file by pulling the drive out of the laptop and using a separate computer running Nod32 to scan the entire drive,  and replaced the infected file with a good copy I had in my archives.  The really strange thing about it was the good file and infected file were the same exact size, but the infected file no longer had the Intel signature and had a different MD5 hash then the good file.  The virus obviously tried to re-write some part of my storage driver… who knows what though.

Nod32 identified it as Olmarik.pv which from what I can tell is a pretty new strain.

To bring this story back to it’s point, a fully updated system, running Firefox still caught an infection thanks to shitty ass Java.  So, do yourself a favor out there RIGHT NOW.  Disable Java.

Tools -> Options -> Content

Un-check Enable Java:

disablejava

The nice part about this is that if you do end up on a site that you TRUST and need to enable it, you can simple check the box again and reload the page and it will work.  You don’t have to restart your browser.  Just be sure to disable it again after you’re done to keep your browser safe!

I have made this change on all of my machines and I strongly encourage you to as well!

Changing Antivirus Programs, so long NOD32

Attention: This content is 15 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

For the last couple years I have relied on NOD32 to protect my systems from the nastiness of malware, viruses, and all the like.

For most of that time it was a good program.  It had it’s little hiccups along the way, but they always seemed to be resolved by Eset rather quickly.

That was until Vista Service Pack 2 came along and changed everything.

Don’t get on me about user error as I did everything in my power to ENSURE no issues.  I uninstalled my old NOD32 (version 4), downloaded the LATEST version/build direct from Eset’s site, installed SP2, then installed the new NOD32 I downloaded.

This is when things started to fall apart.  Ever since then I was plagued with system lockups and hangs ESPECIALLY at the login screen or going in to or coming out of standby or hibernation.  This wasn’t just happening on 1 machine either.  Both my [aging] Desktop and my [new-ish, 1 year old now] laptop were having CONSTANT issues.  I initially didn’t pin it down to NOD32.  I thought I was having some other issues until I jumped on to the Eset forums and found hundreds upon hundreds of other people having issues with their Vista SP2 machines.

I uninstalled NOD32 from both of my machines and they both became rock-solid.  My desktop went from locking up every 2-3 days to being up for 2 weeks straight.  My laptop has been in and out of standby/hibernation at least 2 dozen times without a single problem.  I checked as recent as last week and Eset has still not issued any newer versions of NOD32 to rectify the issues I and many many many other NOD32 users were having.

After nearly a month running with nothing, I decided it was time to hunker down and find something.  I began my trek to find an antivirus solution that didn’t suck so much balls.   I spent many hours combing over all kinds of performance benchmarks, detection ratings testing, and over all features I have now installed my new protection system…

avira

Avira AntiVir’s detection rates were among the top rankings, often times beating out NOD32’s detection rates… and get this… IT’S FREE!!!  Everyone loves free, right?

Does it play well with Vista SP2?  I have no idea as of right now.  Only time will be able to tell me that.

So far my initial impression is good.  It is definitely light weight.  It definitely has A LOT fewer options then something like NOD32.  It is very basic… but really complexity doesn’t always mean better.  It’s about the programs ability to detect and protect.   I may not put it to that thorough a test in that regard as I am usually very careful about what I’m doing and am not your average user that would be more careless, but I still think that everyone should have SOMETHING.  You never know when you might accidently hit a malicious web page or a site that has been hacked and infected and get hit with a Java-based worm or something.

I will write a follow up article about AntiVir after I’ve got some play-time in with it and see how it plays with my systems.

Until next time.

Clean up old files after installing Vista’s SP2

Attention: This content is 16 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

Around a year ago I wrote about getting 800mb of space back after installing SP1, and I come to you today with a similar tip for SP2!

This one is not as dramatic as 800mb, but I did gain back around 400mb of disk space.

Just as with SP1, this works by removing backup files made during the service pack install, making it prememnant and impossible to remove.  Just keep that one fact in mind.

Just pop open your favorite command prompt, and issue compcln

It will ask you to confirm, and then it’ll get to work.  After a couple minutes you’ll have your reclaimed space!  (And a permenent SP2 install!)

Install IPCop from a USB Drive

Attention: This content is 16 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

IPCop is a really neat open source project that can basically transform any old computer with 2 NIC’s in it in to a hardware firewall, VPN server, and Web Filter, among many other useful things.

We use it quite a lot where I work and we’re always looking for the smaller, better IPCop box.

The most recent version we went with was a 1U half-depth rack mount server from the guys over at abmx.com.  This unit was both cheap, and met our needs of a rack-mountable IPCop machine.

The slight downside to this machine was there was no CD-Rom drive in it as our past IPCop boxes have had.  In addition, there was no IDE port on the motherboard (only SATA), and we didn’t have a SATA CD-Rom drive hanging around the office, so I set out to figure out how to install IPCop from a USB drive.

After a ton of searching I came across some instructions, which I will post for you in case you ever want to do the same.

Read More

Messing with Script Kiddies

Attention: This content is 16 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

Starting the first week in January, I started noticing my personal server getting pounded with requests looking for roundcube or mantis installs on my system. After doing a bit of research at the Internet Storm Center I realized it was a new vulneribility in these programs and these script kiddies were just scanning servers for the existance of these specific directories.   In the last couple weeks I have been scanned at least 25 times… so I decided to have a little fun with the script kiddies.  Now instead of getting an error 404 page, they will get… well, here is the code.  I’m sure you’ll see where their scripted scanners will be getting sent to 🙂

Redirect /nonexistenshit http://www.fbi.gov/
Redirect /mail http://www.fbi.gov/
Redirect /bin http://www.fbi.gov/
Redirect /rc http://www.fbi.gov/
Redirect /roundcube http://www.fbi.gov/
Redirect /webmail http://www.fbi.gov/
Redirect /mantisbt http://www.fbi.gov/
Redirect /tracker http://www.fbi.gov/
Redirect /bugtracker http://www.fbi.gov/
Redirect /bugtrack http://www.fbi.gov/
Redirect /support http://www.fbi.gov/
Redirect /bug http://www.fbi.gov/
Redirect /bugs http://www.fbi.gov/
Redirect /mantis http://www.fbi.gov/