VMware Workstation 8: come entrare nel BIOS di una VM

Ci sono due cose di VMware Workstation 8 che trovo “stupide”:

  1. l’impossibilità di modificare la sequenza di boot dei device di una VM dal pannello delle impostazione della VM: bisogna avviare la VM ed entrare nel BIOS;
  2. l’impossibilità di modificare qualsiasi parametro di BIOS di una VM: bisogna avviare la VM ed entrare nel BIOS;
  3. il ridottissimo tempo in cui appare a video il BIOS della VM, non appena avviata: è praticamente impossibile entrare nel BIOS sperando di riuscire a premere il tasto corretto.

Come faccio ad entrare nel BIOS di una VM per editarne i parametri (per esempio quelli relativi alla sequenza di boot) ?

Primo modo: nella finestra principale di VMware cliccare su VM > Power > Power on to BIOS
Secondo modo: editare il file VMX (testuale) di configurazione della VM dove vogliamo visualizzare il BIOS ed aggiungere la seguente nuova riga:

bios.bootdelay = 20000

ciò aggiunge un delay di 20 secondi al boot che permette di rimanere nella pagina delle informazioni del POST della VM e, quindi, permette di avere tutto il tempo necessario per premere F2 per entrare nel BIOS

W32.Flamer: Enormous Data Collection | Symantec Connect Community

Articolo originale qui: W32.Flamer: Enormous Data Collection | Symantec Connect Community.

Una interessante analisi dei lab Symantec riguardo quali genere di informazioni il virus / worm “Flame” riesca a recuperare e rubare da un computer. E’ importante tenere presente che la stragrande maggioranza dei malware eseguono questo tipo di data harvesting dai computer infetti.
Guardate un po’ cosa rileva:

1_original
2_original
3_original
4_original

 

Linux: come forzare il cambio della password al login per un utente

Per impostare il cambio della password al successivo login per un utente linux è possibile utilizzare il comando chage, utilizzato per modificare il numero di giorni tra un cambio password e l’altro: impostando il valore dei giorni a zero (0) si ottiene l’effetto desiderato.
Quando viene creato un utente su una linux box, è sempre buona cosa forzare il cambio password lasciando così modo all’utente di impostare la password di accesso che preferisce, ma soprattuto senza che root o chi per esso conosca la password dell’utente.

root@linuxbox:~# chage -d 0 nome_utente

Adobe’s fix for Photoshop CS5 security issue? Buy Photoshop CS6 (via Naked Security blog)

via Adobe’s fix for Photoshop CS5 security issue? Buy Photoshop CS6

A vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.
The only fix that Adobe is making available is for users to upgrade to the latest version of Adobe Photoshop CS6. And that’s going to cost users $199 or more. (If you aren’t eligible for the upgrade, it will cost $600).
Adobe has no plans to publish a free security fix because Photoshop “has historically not been a target for attackers” the risk level doesn’t make it worthwhile to produce a fix that users don’t have to pay for.

 adobe-advice
Non ho parole per descrivere l’idiozia di Adobe in merito alla sicurezza informatica dei loro prodotti, trovo che sia un comportamento veramente scandaloso.
Chissà se pensavano che anche Flash Player e Acrobat Reader (due prodotti notoriamente oggetto di exploit causa innumerevoli bug) have historically not been a target for attacker.
Aggiornamento del 16/05/2012 : Adobe, dopo la pioggia di critiche su questa scellerata decisione, ha fatto sapere che rilascerà una patch per chiudere la vulnetabilità gratuitamente.

Windows Server 2012: SMB 2.2 is now SMB 3.0 (via TechNet Blogs)

Repost via SMB 2.2 is now SMB 3.0 – Windows Server Blog – Site Home – TechNet Blogs.

To summarize, the following are some of the key new functionalities available with Windows Server 2012 SMB 3.0:

SMB for Server Applications – Many of the new SMB features are specifically designed for server applications that store the data on file shares—for example, database applications such as Microsoft SQL Server or virtualization software such as Hyper-V. This allows applications to take advantage of advances in storage management, performance, reliability, and cost efficiency that come with SMB to deliver an application storage solution that rivals traditional Fibre Channel storage solutions in features and capabilities, but remains easier to provision and less expensive to implement.

Active file sharing with SMB Scale Out – Enables customers to scale share bandwidth by adding cluster nodes, as the maximum share bandwidth is the aggregate bandwidth of all file server nodes and not restricted to the bandwidth of a single cluster node as in previous versions. Scale-out file shares also makes it much easier to manage a file server cluster, as it is no longer necessary to create multiple clustered file servers, each with separate cluster disks, to take advantage of all nodes in a cluster. Further, the administrator can transparently redirect SMB client connections to a different file server cluster node to better balance the cluster load.

Scalable, fast, and efficient storage access with SMB Direct – SMB Direct (SMB over Remote Direct Memory Access (RDMA)) is a new transport protocol for SMB in Windows Server 2012. It enables direct memory-to-memory data transfers between servers, with minimal CPU utilization and low latency, using standard RDMA-capable network adapters (iWARP, InfiniBand, and RoCE). Any application which accesses files over SMB can transparently benefit from SMB Direct. Minimizing the CPU cost of file I/O means application servers can handle larger compute workloads with the saved CPU cycles (for example, Hyper-V can host more virtual machines).

Fast data transfers and network fault tolerance with SMB Multichannel – Given that customers can now store server application data on remote SMB file shares, SMB was enhanced to improve network performance and reliability. SMB Multichannel takes advantage of multiple network interfaces to provide both high performance through bandwidth aggregation, and network fault tolerance through the use of multiple network paths to data on an SMB share.

Transparent Failover and node fault tolerance with SMB – Supporting business critical server application workloads requires the connection to the storage back end to be continuously available. The new SMB server and client cooperate to make failover of file server cluster nodes transparent to applications, for all file operations, and for both planned cluster resource moves and unplanned node failures.

VSS for SMB file shares – VSS for SMB file shares extends the Windows Volume ShadowCopy Service infrastructure to enable application-consistent shadow copies of server application data stored on SMB file shares, for backup and restore purposes. In addition, VSS for SMB file shares enables backup applications to read the backup data directly from a shadow copy file share rather than involving the application server in the data transfer. Because this feature leverages the existing VSS infrastructure, it is easy to integrate with existing VSS-aware backup software and VSS-aware applications like Hyper-V.

Secure data transfer with SMB encryption – SMB Encryption protects data in-flight from eavesdropping and tampering attacks. Deployment is as simple as checking a box, with no additional setup requirements. This becomes more critical as mobile workers access data in centralized remote locations from unsecured networks. SMB Encryption is beneficial even within a secured corporate network if the data being accessed is sensitive..

Faster access to documents over high latency networks with SMB Directory Leasing – SMB Directory Leasing reduces the latency seen by branch office users accessing files over high latency WAN networks. This is accomplished by enabling the client to cache directory and file meta-data in a consistent manner for longer periods, thereby reducing the associated round-trips to fetch the metadata from the server. This results in faster application response times for branch office users

SMB Ecosystem – A critical aspect of Windows Server 2012 development is the partnership we have established with vendors to ship SMB 3.0 capable systems. We have been working closely with several server vendors and open source partners over the past year, by proactively providing extensive protocol documentation and numerous open “plugfest” events provide opportunities for test and feedback. Finally, and most importantly, the SMB ecosystem now reaches all the way to key server applications such as SQL Server and Hyper-V to ensure that SMB 3.0 capabilities are fully leveraged all the way through the stack, and across the multivendor network.

Skype: user IP address disclosure

The guys over at skype-open-source found this interesting “howto” on pastebin regarding how to obtain the IP address (both public and internal IPs) of every Skype user: it even works if the “victim” is not on the “attacker” contact list, and vice-versa.
Here is the relevant info:

  1. Downloading this patched version of Skype 5.5: http://skype-open-source.blogspot.com/2012/03/skype55-deobfuscated-released.html
  2. Turn on debug-log file creation via adding a few registry keys: https://github.com/skypeopensource/skypeopensource/wiki/skype-3.x-4.x-5.x-enable-logging
  3. Make "add a Skype contact" action, but not send add request, just click on user, to view his vcard(general info about user). This will be enough.
  4. Take look in the log of the desired skypename.
  5. The record will be like this for real user ip: -r195.100.213.25:31101
  6. And like this for user internal network card ip: -l172.10.5.17

The original post is here Skype user IP-address disclosure – Pastebin.com.

McAfee VirusScan Enterprise: Come ripristinare un file quarantinato

Spesso mi è capitato di dover recuperare dai computer di amici, parenti o colleghi sample di virus.
Oggi, invece, mi è capitato di dovere recuperare alcuni file legittimi messi in quarantena “per errore” dall’antivirus: mi è capitato, infatti, di dover ripristinare alcuni script VBS (da me creati) che McAfee VirusScan Enterprise 8.7 rilevava come pericolosi.
“Quale è la difficoltà?” vi chiederete voi: ebbene, i file non erano più presenti nella Quarantine Manager, ma solo nella cartella “Quarantine” sul disco fisso sotto forma di file con estensione BUP.
In aggiunta: i file che vengono quarantinati (i BUP) vengono anche crittografati.

Dopo alcuni momenti di disperazione nera, ho cercato in internet e sono riuscito a trovare, per mia fortuna, questo articolo sulla knowledge base di McAfee: How to restore a quarantined file not listed in the VSE Quarantine Manager.

Praticamente i file BUP sono archivi che contengono un file descrittivo dell’evento e del virus (file details) ed il file originale, cui è stato applicato un banale XOR con valore esadecimale 0x6a.
Con un apposito tool è possibile fare la reverse e recuperare il file.

PHEWWWW 😀