www.jclaudius.net/blog

Nearly every Christmas I make the trek back home to New York to be with the family.  This year marks the first year that the girly and I put up a Christmas tree.  It’s not the biggest or fullest tree in the world, but its ours.

An unsuspected but exciting surprise that has presented itself in the past few days was my mom’s recent engagement to her long time boyfriend.  Congratulations mom and Mike!  I am very much looking forward to attending the wedding in the near future!

So as most of my friends know, with all the travel that I do for work, I have more than enough hotel points to burn (> 1/2 Million).  As a result, the girly and I thought it would be a good idea to spend the recent holiday weekend in the city (Chicago).  To sweeten the pot, we also had some visitors (my sis and her bf) join us to celebrate the occasion.  I’m hoping to get my hands on some of the pictures to post an update soon.  All in all we had a great time and didn’t get too silly or sloppy.

Special props goes out to C. Bopp for rocking the D**k in a box costume.

See the following youtube video if you don’t know what I’m talking about.  It was priceless!

http://www.youtube.com/watch?v=WhwbxEfy7fg

So was tooling around on the web tonight and I finally found enough time to investigate the “new” server service vulnerability associated with Microsoft Security Bulletin MS08-067.  I’m some what partial to the Microsoft server service because it has been on my radar since 2006 with the announcement on Microsoft Security Bulletin MS06-040.  Since then, it’s been a constant pain for industry to make sure that all there systems are patched to this nasty little vulnerability and it looks like we’re going to need to be ready for round two.

Below is the “small” list the affected software…

• Microsoft Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 3
• Windows XP Professional x64 Edition
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 1
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP1 for Itanium-based Systems
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista and Windows Vista Service Pack 1
• Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
• Windows Server 2008 for 32-bit Systems*
• Windows Server 2008 for x64-based Systems*
• Windows Server 2008 for Itanium-based Systems

Just about the time I think I’m done with these something like this happens.  Should be an interesting year considering a lot of folks running 2003, 2K8 and Vista have something to fear again.

***Update 3 minutes later***

Exploit code has been released into the wild under the following…

• TrojanSpy:Win32/Gimmiv.A
• TrojanSpy:Win32/Gimmiv.A.dll

***Update 5 minutes later***

Just found it on milworm…

• http://milw0rm.com/exploits/6824
• http://milw0rm.com/sploits/2008-ms08-067.zip

***Update 10 minutes later***

Nessus has published a check for 2k, xp and 2k3

•  http://blog.tenablesecurity.com/2008/10/network-and-cre.html

***Update Thursday October 30th***

Well, it’s a wrap on this one.  The vulnerability code is now available in the SVN version of metasploit and soon to show up in the other versions.  That was fast!!!

So I’ve been reading up on JeOS (Just Enough OS), pronouced “juice”, the Ubuntu flavor that is optimized to run as a VMWare appliance.  I’m downloading it tonight and will provide an update on what I think.  I’m hoping to have some good news shortly as I’m just about fed up running a full blown OS for some utility servers I have.  I’ll be happy to cut down some of maintenance tasks and simplify the install and patch process.

Give it a spin yourself and let me know what you think…

http://cdimage.ubuntu.com/jeos/releases/hardy/release/jeos-8.04.1-jeos-i386.iso

*** UPDATE - 12:20AM ***

JeOS is pretty fast.  I was able to install everything the same way as a full OS, but it just seems to run a lot smoother in VMWare.  More info to come when I learn more.

I had a great time watching the vice presidential debate tonight.  I was tooling around youtube and found some hilarious skits that were worth mentioning…

http://www.youtube.com/watch?v=INtABjzG5vw

http://www.youtube.com/watch?v=FdDqSvJ6aHc

Poor Palin, you gotta at least admit it’s a little funny

So this past weekend I made the annual trip back to NY to celebrate my birthday with the family.  Some of the highlights of the weekend were the annual father-son golf scramble at Big Oak and the Timber Creek fishing tournament.

• Saturday (Timber Creek Fishing Tournament)  - The tournament was broken into four categories Biggest Bass, Biggest Perch, Most Weight of 5 Perch - Largest Perch, Most Weight of 5 Bass - Largest Bass.  I am happy to report that I ended up catching a 66+ oz. (4+ lbs) bass for our team to win the biggest bass of the tournament.  The next closest bass was within roughly 1oz. difference so we barely squeaked by with the win.

• Sunday (Big Oak Golf Scramble)  - We (My dad and I) played our typical horrible once a year golf game and had a blast with my uncle (Ron) and my cousin (Nate).  This marked my third year in a row and think it was the first tournament that I made it through the day with only having just a few beers, but this was severely canceled out when the birthday shots (prairie fires of course) were broke out to celebrate the big 25.  This year we seemed to come away with a large number of the raffle wins and walked away with the following items which also included 18 holes of golf, a steak and clam dinner and lunch on the turn for only $75 bucks.
  • One folding camp chair (a small little tripod)
  • One umbrella (works perfect for my golf bag)
  • A horse statue? (which was later exchanged for a heavy duty igloo cooler)
  • Three bottles of wine
  • Branded shirts, hats and other clothing
  • A life-size toy fire truck (I’m sure this will be under the tree at Christmas time for little Ben)
  • Three pack of Top Flight 2000XL golf balls (I lost more than three during the 18 holes )

I also had the pleasure of meeting up with a few other family members that I hadn’t seen in a while to celebrate my birthday and saw my sisters new apartment. However, I did miss the chance to do a guys night out because I got some crazy throat sickness that resulted in having to go to an urgent care center.  I’m only now starting to feel better after about two-three days of Z-pack treatment, but I’m hoping to have the sickness cured soon as I’m slated to hit up a corn maze with the girly and some friends this weekend.

So last Friday through last Tuesday I took a mini vacation up to Maine with the girly.  The main reason for our visit was to part-take in the wedding festivities of the girly’s best friend’s wedding (Congratulations Leya and Nathan!!!).  The wedding was a great time which was topped off with a rocking reception.  The reception band was not your typical wedding singer affair and before the night was over the hall was filled with the rocking sounds of Lynard Skynard, Metallica, Nirvanna and the like.  Let me tell you one thing, people from Maine love to throw down, get crazy and have a blast.  I managed to find their MySpace page online.  I would highly recommend giving them a shout if you need a band who can throw down!

The remainder of the trip was devoted to relaxing, handing out with the girly’s family and trying to forget about work for a few days.  One highlight of the trip was making the trek back up to freeport to hit up the LLbean store.  I just love that place! I think whenever you can keep the doors open 24/7/365 on a outdoor clothing and goods store you have to be doing something right. I found this great device that would me to listen the radio and weather alerts, have a camp lantern and charge my cell phone from solar and hand cranking power.  Being a huge advocate for renewable energy sources I think this is definately going to make my Christmas wish list.  I’m keeping my fingers crossed and my eyes out for as good if not better deals

The second big highlight of the trip was that I got to go fishing for the first time ever in Maine.  We went “striper” (AKA striped bass) fishing in the Saco River and had a great time.  I actually ended up catching the biggest fish I had ever caught while fishing so it was quite a big deal to me.  I was also really facinated how we ended up snagging our 1ft long “pogies” (AKA menhaden shad) which where then send back into the river only be gobbled up by the much larger “stripers”.

I had a great time with the girly, her dad and their good friend Rick even though the girly ended up reeling in the biggest fish of the day.  Maybe I’ll beat her next time!

*START RANT*

Why is it that organizations are still struggling with securing there mail infrastructure? It  baffles me that organizations will spend so much money on email spam filters, outsourced SMTP gateway providers and make such an effort to use encrypted protocols for client side transactions and then they still allow any IP on the internal network to communicate directly with the production SMTP service with absolutely no restrictions.

Considering that 70-80 percent (according to Forester and FBI/CSI) of major security breaches come from inside the organization you’d think that there would be more of a push to qurantine some of these rudimentary services off.  I can certainly understand if you have alerting software that can’t send via any protocol other than SMTP, but you pretty easily white list these systems.  You could set up a VBS script to query via LDAP and only allow them to send unauth’d messages.

*END RANT*

Well, I had some time last weekend and thought it would be fun to write a little perl script (see my projects page for the download) that when out and sent email to the world using a list of your internal SMTP servers.  Just perform an NMAP (4.75 just came out!) scan for TCP port 25 on all your ranges (with permission from IS security of course) and then take the systems running SMTP, add them to the script, customize the email addresses and run it.  You’ll then know what systems aren’t properly restricting access and maybe you’ll do something to fix it and save me another rant :).

So I finally decided that my Ubuntu server needed a little updating yesterday. Although I do perform regular security updates and other configuration changes, this just so happened to be the first time I’d done a full distribution upgrade on an Ubuntu box. This was mainly performed out of curiosity and not of out of need. Surprisingly enough, it was very easy and required little interaction on my part. Here are some of the easy steps if you want to update your Ubuntu server to the latest distribution (currently Ubuntu 8.04 LTS HardyHeron).

Note: It is highly advised that you back up any critical data or system files prior to performing this how-to on your server.

1.) Make a backup of your /etc/apt/sources.list file

2.) Open the sources file for editing

3.) Change the distribution references to the next logical upgrade, but only one at a time. You will need to complete all the steps in this how to for each logical step (dapper->feisty->gutsy->hardy) it will take you to get to the latest version. Use the following VI command (:%s/olddist/newdist/g) to change all the references in the sources.list file. For my first upgrade from dapper to feisty I used the following…

4.) Update the newly reference package list…

5.) Upgrade to the next distribution. If it asks to replace the config file for say Apache or PHP I would recommend leaving it the same (option “N”).  I have a few virtual hosts setup and the default site with Apache and some custom stuff in my PHP.ini and the production setup was unaffected by leaving the configs the same throughout the upgrades.

6.) Make sure everything ran ok. I ended up having to catch a plane while I was running the distribution upgrade in the airport and my SSH session terminated unexpectedly, which I thought was going to mess everything up. I ended up coming back today and running the second command listed below and it picked right up where it left off.

7.) Reboot your system…

8.) After it boots back up check your distribution…

9.) Rinse and repeat and make sure to make the necessary mods in step 3 to upgrade to the next logical distro until you’re running the latest version. Special thanks to rob-the.geek.nz and debainadmin.com for creating the original material I used to help perform my upgrade.  I just added some of my personal tid-bits to this document and made it my own reference for later.

PS - This is my first time using code-snippet and I love it.  Props to hackerforhire.org for reviving such a useful tool!

***Update (9/19/08)***

I’ve performed this process on three other systems that I manage and they all worked flawlessly from dapper to feisty to gutsy to hardy.  I’ve also received some feedback from some in-tar-web friends that have also successfully used this how-to to upgrade their systems too. W00t!

***Update (9/25/08)***

I noticed that my servers were acting a little sluggish so I jumped on the console and found a ton of device mapper errors.  I thought it was going to be  a big pain trying to resolve the issue, but apparently evms was installed during the upgrade process and has a known bug.  I ended up finding an article that suggested removing evms.  I used the following command followed by a reboot to resolve the issue.

So this week is the first time I’ve been home in a whole month (**Long exhailing breath**).  First it was Alabama for a week (Business), Vegas for the weekend (DEFCON16) and then Puerto Rico for three weeks (Business and Pleasure).  It’s been a roller coaster of great experiences mixed with the feeling of missing home.

DEFCON16 was, as always, a blast.  It’s always great to meet up with old faces and catch up. I stopped by the lockpick village at the Sky box and picked up the ward lock key set.  Unfortunately, I haven’t had the opportunity to check it out a client site, but I’m keeping my eyes open.  I think the talks this year were on par with previous years with Fyodor’s Scanning the Internet talk, the NTML is dead talk and the VoIP talk in the skybox being the highlights for me.  As with every trip to Vegas, even three days feels like I’m overstaying my welcome.  I’m happy to say I made the parties that I wanted to and I didn’t end up outside the gas station over by the Hard Rock on my hands and knees.

As for Puerto Rico… I was surprised.  It was not what I expected what so ever. I think the bigger item that started to wain on me was the language barrier.  Although the tourist areas had a number of bi-lingual individuals I had a difficult time trying to communicate when I visited the more remote areas.  I now have an informal commitment to the girly to learn some more Spanish before my next trip to PR.  By far the best part of the trip was the Tropical Rain Forest.  I didn’t know that Puerto Rico had a Rain Forest until I arrived at work the first day, but sure enough it was in my weekend vacation schedule as soon as I found out there was a mountain (El Yunque) to climb.  The girly and I took a trip up to a smaller peak called Mt Britton (40min) the first weekend and after a week of talking smack to my coworkers I decided to make the impossible trek from the mountain base to the El Yunque peak (3000+ Feet).  I made it to the top, surprisingly, in about 4 hours of straight hiking, but it was well worth the view once I got to the top. I wish I had my camera with me, but nothing could erase the image of sitting on the edge of the mountain face staring down at the clouds :).