Just patched CentOS to close Heartbleed vulnerability

I had the job of patching CentOS 6.3 this morning to close up the heartbleed vulnerability in OpenSSL.

Turned out to be a pretty easy job. First I took a full backup of the web server from within plesk – backed up to an offsite FTP server, then part tested (extracted off site).

Before starting work I checked the server was actually vulnerable to heartbleed using this site:

https://filippo.io/Heartbleed/

After this I opened up Putty and initiated a shell session to the server; then with the following command (thanks CentOSblog.com) I updated OpenSSL modules:

yum clean all && yum update “openssl*”

Once the updates for installed I needed to restart any services that were using the un-patched openSSL, for simplicity I elected to do a reboot:

shutdown -r now

Post reboot and another test at filippo indicated that the server was now correctly patched:

All good, 1.2.3.4 seems fixed or unaffected!

Avg Cloud Anti-spam Config

I recently set up our first client with avg anti-spam cloud based spam and virus filtering.

It seems like it’s going to be a great system – it basically receives all email on behalf of the organisation (our client in this case), filters out the spam and checks for viruses, then passes it on to the local exchange for routing.

Not only does it do this, but you can also configure a smart host or send connector to route all outbound mail – this removes a huge burden of ensuring consistent email delivery.

We were having a few teething issues as spam was still rife after implementation, however I have realised this evening that the main reason was that port 25 was still open on the mail server and so spammers were delivering spam directly to the server and bypassing the anti spam solution.

I have now restricted the servers receive connector to only accept mail direct from avg IP addresses. Hopefully the success rate will now vastly improve- stay tuned for an update.

Heartbleed – How can I tell if my server is vulnerable?

Heartbleed is the name for a vulnerability in a popular TLS component – openSSL.
The vulnerability allows hackers to access private keys, cookies and passwords from an un-patched server that is open on port 443.

More information can be found about the vulnerability here:

http://en.wikipedia.org/wiki/Heartbleed_bug

And you can use this website to check if your server is still vulnerable:

https://filippo.io/Heartbleed/

Moo.com Affiliate Program

I signed up for the Moo.com affiliate program today via AffiliateWindow.com. It may come in handy when I need to start advertising on this website, but also I was compelled to sign up because I think they offer a great service – I have some business cards from them and they are probably some of the best quality cards I’ve ever ordered.

If anyone does need some high quality, but still reasonably priced business cards, please take a look at Moo.com.



Cryptolocker copycat virus alert

On Friday we had a call from a client who had opened an email proporting to be from HM revenue and customs, the email contained a zip file, within which was what looked like a PDF document, but was labelled as an “application”.

Due to the suspicious nature of this email and its content, we had the machine shutdown for a security check.

Once the machine was cleared we took the offending email and opened it from a segregated test machine just to see what results the opening of this file would have on the system.

We found that as soon as the “PDF” was opened it deleted itself from the system and there seemed no other immediate effects. It wasn’t until a reboot that we noticed that a file named f94a2e3.exe had been added to the windows startup folder and also the appdata/roaming folder.

As a result, this file was executed after the reboot completed and around 30 minutes later we were presented with this in an internet explorer window:

photo

Not the Cryptolocker virus that we all know and love but a copycat version with the same effects.

The virus instructs us to download and install the Tor browser after which it directs us to a site with payment instructions along with a bitcoin address.

And of course, after this time, all user documents on the system have been encrypted and are in-accessible.

Luckily in this case we can just reload the machine and we are good to go. If this was on a live network without backups, the victim would likely have no choice but to pay the ransom of 1.2BTC ($540.00 at the time of writing).

 

 

When Cryptolocker strikes

Don’t you just love it when you wake up on a Monday morning to a frantic client with the cryptolocker virus on their system?

60GB worth of encrypted files (2056 bit apparently), an as yet unused bitcoin address and a request for 0.7 BTC in exchange for the private key to unlock the files.

We didn’t fancy that option so elected for a restore from backup and deep clean of the system.
4 hours 40 minutes later and we are back up and running.

Are these guys going to get caught soon or what?

Bitcoin – the 5th Network protocol

The price of bitcoin is jumping all over the place, I think I know (partly) why – I don’t think its the MT Gox crash, I dont think its the fact that there are (some) criminal enterprises that use it to trade anonymously, I think the main reason is because people just don’t understand it, and therefore dont really know if its a big deal or not.

Well, it is an extremely big deal in my opinion. Although I don’t fully understand every aspect of bitcoin, I do see it as being a very big deal, and a protocol that will become fundamental to the way that we work and the future shaping of our internet and IoT (internet of things).

I don’t considering myself highly literate and therefore I am not always great at explaining myself or my belief’s to people. What I have been trying to explain to my friends and peers about the importance of bitcoin is that it represents a currency or method of exchange that the internet needs but does not yet have.

This article has explained in words much better than I ever could about why bitcoin is so important, it has changed my understanding of bitcoin completely and I think anyone involved in bitcoin – for or against it, should read this:

http://startupboy.com/2014/04/01/the-fifth-protocol/

The internet is a machine of breathtaking capabilities, a massive beast of unimaginable power and complexity. It is capable of so much, and has revolutionised so many services as well as their methods of delivery, and often has done so at a fraction of the cost – think about how knowledge aquisition has been revolutionised by Google, how history and trivia have been changed by Wikipedia, how communications have been revolutionised by services such as Skype and Whatsapp.

And do you notice a them? Global delivery, rich content and extremely low cost. To me bitcoin fits in perfectly with this model of delivering services on a global scale – traditional delivery models and traditional costs and processing fees do not fit in with this model, it does not have the time or the requirement for them.

I think as the internet becomes more and more capable, services more things and interacts more with the rest of the world, costs for services delivered over the internet will reduce dramatically, but those services and therefore the rate of transactions will increase exponentially – that is where I think bitcoin as a protocol will become invaluable.

Problems sending to local addresses after migrating Exchange from 2003 to 2013

After migrating a small company from Exchange 2003 to Exchange 2013 using Exmerge tool I have had a real problem with sending to local addresses – this problem occured primarily because I copied across the users NK2 files from their old outlook installs and imported them into the new system – These NK2 files contain the addresses that the user types into the To field and outlook consiquently remembers.

The local email addresses (user@clientsdomain.com) no longer work because although to the user they look like normal email addresses/contacts they actually reference the x500 address from the old 2003 Exchange application.

This is something I normally put up with in small companies because these local addresses can just be deleted and recreated.

However, I had an issue today with a user who was trying to update a calendar entry that had been created on the old system, and then submit it so that co-owners of that entry would be notified. This failed with an error pertaining to the fact that the user did not have permission to send on behalf of that specified user.

Thanks to this article I understood that the calendar entry was trying to send the update as the user who created the event (and thus using the x500 address from exchange 2003 as the from address).

As per the article above, the way to fix this was to launch adsiedit.msc on the old server (this tool comes with the server 2003 support tools) and then copy the value from the legacyExchangeDN property of the user(s) in question (Domain, Organisational Unit, User, properties).

Once you have this address, you can append x500: to it and then add it in as an additional proxyaddress in the properties of the same user on the new exchange 2013 environment (Active directory, view advanced features, user, properties, attribute editor).

If you need to do this yourself, please follow the guide that I have linked to above, as it is much more comprehensive than this post!

Is bitcoin a viable currency?

There seems to be a public debate at the moment as to whether or not bitcoin is a viable currency.

I imagine that question is also a big factor in the current fluctuation in its value.

I really like the idea behind bitcoin – I love the fact that it’s open source, that it has a public ledger and that it’s transactions are processed by members of the public, effectively.

The fact that processing fees are so low is also a great factor.

One of the big problems though, seems to be its stability – even though it seems to track the US dollar in the marketplace – ie if you buy something with bitcoin, you are effectively always paying the same price in USD and the amount of bitcoin you hand over varies accordingly – it’s instability doesn’t inspire confidence – for example, if you have held a balance in bitcoin for the last few months, it’s probably worth 30% less now than it was then, which certainly doesn’t make it an attractive currency.

Also, as my dad (who is a stockbroker) pointed out to me recently, it is very hard to tell which way it will move next, as it is not really underpinned by anything, and neither does it have any intrinsic value.

At the moment I still see it as more of a payment processor – ie you trade with it, but convert it to and from another currency at the beginning and end of every trade – I believe there are some services that do this for you as a matter of course. That way you can benefit from the low processing fees without holding a position in BTC, and this minimising risk from the fluctuation problem.

If the price starts to stabilise – and or other factors arise that help to underpin the price, then I think it may become a very Important currency.