Digital Choke Daynotes

 Monday, May 23, 2005       mail    link   the story

Two problems greeted me at work this morning. (Hmm....that's sounds like the opening to last Monday's entry...). The public web server was sleeping (not serving up pages), and we weren't blocking inappropriate web sites. Both were fixed by a quick restart of services (on their respective servers). And I'll continue digging through the logs to see why.

The weekend was interesting. Saturday morning Pam and I took a quick trip up to the cabin (up Highway 50 towards Lake Tahoe in Strawberry, CA) to 'open' it. That involves restarting the water service (close all the drains, fire up the pump, check for leaks). Had good success in that this year ... no leaks found. That means that I must have done a good job in the end of year shut down process.

Then a bit of dusting and cleaning, including a wash of all the dishes and silverware. That didn't take long.

The only problem seems to be the propane tank. It smells like it's leaking, although it could be (according to the propane guys) just an almost-empty tank. So I called them up today, and they noted that the last refill was back in 2002. It's just a small tank (about 4 feet tall), and we only use it for cooking, so it may be time to refill. The propane guys will make that trip on Thursday, which will be good as there is some planned use of the cabin this next weekend.

The river is right next to the cabin, and it is running high and fast due to the snow melt. I took some pictures of the river; perhaps I'll put one here just for grins later. Not sure of the "CFM" (cubic feet per minute), but the water level seems at least one foot higher than normal.

Then we came back home and did a few more errands and had a nice dinner of spaghetti.

Which brings us to the exciting Saturday night activity. Figuring out why the kitchen sink wasn't draining anymore.

The dishwasher had been run, and so both sinks were full, but not overflowing. The usual culprit is the trap under the sink, so I got out the buckets and drained the sinks. Then I took apart the trap, but it was clean. That meant that the clog was farther down the drain.

So I went outside to the cleanout and took off the plug. And noticed the plastic cap had been left on the pipe when they added the cleanout plug. Fortunately, it was one of those thin plugs, so a spade drill bit took care of that.

Then I hooked up the hose, stuck it in the cleanout, and fed the hose into the pipe down into the drain pipe. Turned on the water, and after inserting about 15 feet of the hose into the pipe, managed to use the force of water to clear the blockage.

I spent under an hour on the whole project, but figured that I saved at least $200 on a plumbing bill.

And I reminded Pam of the importance of turning on the disposer before you start cramming food waste into the disposer.

Sunday was the usual: church in the morning, some meetings in the early afternoon, a late lunch, a nap, and then the grandkids arrived for dinner. After dinner, watching "Extreme Makeover - Home Edition" (with the TiVo, so we could skip through the commericals), and then the grandkids left. Some minor cleanup, then watched the finale of "Desperate Housewives".

For right now, some more lurking about the event logs on the servers. And see if I can properly update the "current" page.

 Tuesday, May 24, 2005       mail    link   the story

I'm seeing reports about extortion attempts because a virus/worm has encrypted the user's files due to a vulnerability that was patched over a year ago. (Sources: Internet Storm Center WebSense Security Labs .)

If the user has not updated, all that is required for the attack is a visit to a web site that hosts the attack. Because the user's computer runs the attack code, the attacking site now can download and run programs on the user's computer. That program encodes (encrypts) the user's files on their C drive, and any attached network drive.

Then the user gets a message telling them that they will have to pay US$200 to get the program that will decode their files.

This remote control of computers is common to many worms that can turn your computer into a 'bot', or remotely controlled computer. Bots are often used for mail relaying (spamming), hosting phishing sites, keystroke logging, identity theft, and more.

And take a look at My Simple Recipe for Internet Domination. It was written almost a year ago, and might need some updating, but I think it's still valid.

It is vitally important that all users keep their operating systems current (no matter which OS you are using). We, the geeks, should actively help others to protect their computers. And doing data backups are also encouraged (write them to a CD/DVD). You could start here, in the Simple Steps for Safe Computing report, along with the other reports up there at the top of the page.

 Wednesday, May 24, 2005       mail    link   the story

More info on the "extortion virus". The virus (more properly, a "Trojan Horse") is installed by a user opening a program that is an attachment to a mail message. Once the program runs, it goes to a web site to download and run the encrypting program. That second step will fail, because that particular web site has been taken off-line.

But the process is easily duplicated. If a computer is infected with a 'bot', then the remote hacker can do whatever they want on that computer, including instructing the bot to download any program from any location.

In fact, the download location doesn't have to be a server that belongs to the hacker. It could just ask easily be a "botted" computer. The bot can send copies of any program to any other computer in it's bot network. And any of those computers can instruct any of the other bot computers to download and run the program.

(Which is how one of the programs in my "Digital Choke" story works. The program was installed on a computer, then it quietly waits for a command from the 'master'.)

There are lots of compromised bot networks out there. Some number into the tens of thousands. And they have been used for many purposes. Most common is email relaying of spam. However, there have been instances of some being used to perform a 'denial of service' against web sites.

And I understand that if there was a coordinated denial of service by a very large bot army, the "Interweb" would be severely impacted.

And that wouldn't be good.

 Friday, May 26, 2005       mail    link   the story

I've been learning a bit more about FTP'ing, and setting up an FTP site on our web site. There's some locking down to do, but I've got a secure SSL FTP link between our development web server and the public web server. There were some firewall issues to work out, but much improvement over previous efforts.

That's been my main focus this week (the web servers). But I've had time to do a bit of security auditing of some new servers, some policies/procedures relating to security, and some other odds and ends.

But I'm ready for the weekend. Here in the States, it's a three-day weekend, with Monday being "Memorial Day", where we honor past and present soldiers. It's also the traditional start of the summer season, so the Friday traffic will be a bit more worse than usual.

We've had temps in the 90's the past week, but it's cooling off a bit into the 80's for the weekend. Pam and I haven't made any significant plans for the weekend. We'll be babysitting the grandkids tonight (which is always fun), and sleeping in tomorrow (Saturday) and Monday. (I'm ready for a nap right now.)

Enjoy the weekend!

 Saturday, May 27, 2005       mail    link   the story

Let's see. Saturday morning. Sleep in. Breakfast (Frosted Flakes) and the morning paper. Vacuum the family room. For good measure, use the rug shampooer to clean it. Some light gardening (trimming some bushes, a few weeds).

Off to the furniture store. Buy a new mattress (the old one is really worn out and old; sort of like me). Got it on sale. A trip to Sam's Club (warehouse store). Get the mail. Lunch. A few other odds and ends. A bit of surfing.

The usual. Exciting life, eh?