Category: General Security

2 Comments

When you can’t Connect HP Version Control Agent (VCA) to the Version Control Repository Manager (VCRM).

  By , , , , , ,

As a self-taught Systems Administrator, I tend to learn by the process of trial and error.  And boy have I erred a lot recently.  I’ve been banging my head against this particular brick wall (not being able to connect the HP VCA to the HP VCRM) in earnest the last couple of weeks:

HP VCA Connect

It seemed that no matter how I input the info on the screen above, the two would never see each other.  Credentials were confirmed, permissions vetted, yet every time I filled out this screen and clicked “next”, I would inevitably get the message “The specified repository, servername.domainname.com, is invalid or not reachable.”. I was just going around and around, in a downward spiral that didn’t bode well for my sanity.

I was therefore EXTREMELY happy when I found this gem in the HP Systems Insight Manager Support forums in a post talking about an upgrade from version 7.2.2.0 to 7.3.0.0:

I’ve got answer form HP TS regarding HP VCA 7.2.2.0 working with HP VCRM 7.3.0.0

I did not got full answer of root cause of this issue but form provided command I suspect that it is is realted with SSL Cipher configuration.

For me these commands solved th issue.

Please try run follwing commands on server with HP VCRM 7.3.0.0:

C:\HP\hpsmh\bin>smhconfig.exe -Z ALL:!ADH:!EXPORT56:!EXPORT40:DES-CBC3-SHA:RC4-MD5:RC4-SHA:RC4+RSA:+HIGH:+MEDIUM:-SSLv2:+EXP:!LOW:!eNULL:!aNULL

C:\HP\hpsmh\bin>smhconfig.exe -r

For me these commands solved the issue.

 

Sadly, I wasn’t sure this would resolve my problems, since I had never been able to get VCA and VCRM to talk initially, therefore my problems obviously were not due to an upgrade like everyone else’s.  However, some of the connectivity issues mirrored those I was experiencing, so I applied the fix as a batch-file (copy/paste commands to text file to avoid fat-fingering any characters, saved as .BAT file, issued command line “run as administrator”), and voila!  Suddenly I can connect the two together!   

Sadly, I have no breakdown of the intimate details involved with what the commands do exactly, or how they accomplish the resolution, but it was made clear that the problem was due to an SSL Cipher configuration.  My take is that it appears that HP had actually removed some expected ciphers from 7.3.x.x of VCRM, which then prevented the communication from VCA Agents.

But, all good now!

One Comment

How to recover your Hacked WordPress Site (Part-3)

  By , ,

 

Have you read How to recover your Hacked WordPress Site (Part-2) yet?

Stage 6: Getting back to (almost) business as usual.

The new Mindset: As mentioned above, before you are done with this clean-up process you will need to look at security in a whole new light.   Or at the very least, you had best respect the fact that your ability to keep hackers at bay rests on your ability to maintain a proper pro-security mindset.  So along those lines, let’s discuss a few quick topics pertaining to Security that you can mull over now that the immediate emergency is over.

Continue reading

2 Comments

How to recover your Hacked WordPress Site (Part-2)

  By , ,

 

Have you read How to recover your Hacked WordPress Site (Part-1) yet?

Stage 3: Let the Sanitizing begin.

Once you’ve identified the “vector” or angle that the hackers used to compromise your website, you can now get to work plugging the holes.  Wordfence keeps a massive Archive collection of every known WordPress Theme and Plugin.  For those legitimate configuration files that might have simply been compromised along the way, you can re-download a known-good version of the file from the Wordfence archives.  Delete the ones that don’t belong on your website.  Just keep fixing those files which are infected, and deleting those that don’t belong until your site is once again clean.  If your hacker wasn’t aware of your attempt to take back your Account and Website, they will probably begin to realize it soon.  Keep moving!

Continue reading

No comments

How to recover your Hacked WordPress Site (Part-1)

  By , ,

So, you think that your WP Site got hacked, what is the first thing you should do?

There are quite literally several dozen things that you should do, but each case is different.  I will try to highlight the most important points below.  The reason that there are so many steps is that there are so many different ways to approach this dilemma.  The most immediate decision for you is are you going to adopt a hands-off approach of hiring a security consultant to clean it for you, or are you going to go the DIY route like I chose to do.  Even then, there are so many different ways that people prefer to do things.  Overall, this process involves a lot of smaller steps, but there is one step to the whole process that is really big, regardless of whether you DIY or hire someone to do the cleanup.  It may be the single most important aspect of this entire process: and that is changing your mindset on about how you approach security.  And that folks, is a massive undertaking, because changing the way your mind operates may also be the single hardest step in this entire how-to guide.

The following are all recommendations on my part, suggestions that you need to discard or accept, but in my opinion they make up a fairly logical progression on how to deal with such issues should you ever find yourself in this situation.   You can of course choose to perform these steps in a different order, but I believe that they will be most effective in the order I present them.  I hope they will at least be a helpful aid to you in your time of need, allowing you to recover as much of your website as is possible.   Cleaning any hack is going to take some time and effort, so you really need to think about whether you want to tackle this on your own.   In the end, I think you’ll be happy that you chose to do it yourself.  As with any such DIY process, you assume all risk and responsibility for any and all actions and outcomes, and obviously your mileage may vary.  No matter which direction you decide to go, I’ll wish you the very best of luck in your cleaning endeavors!

Continue reading

No comments

Seen a .menc file before?

  By , , ,

If you’ve ever seen a .menc file before, you probably saw it on an external memory card that you pulled out of your Windows Phone device.  

Essentially, .menc (Mobile Encryption) files are just your personal data (the PIM.VOL file that contains all of your Contacts for example) that are encrypted.  The extension of .menc lets the Operating System (OS) know which files are encrypted, and whether or not they can be opened by the user.   To do so, the previously recorded key (user password) must match the key provided by the user when unlocking the device.  But you won’t see those .menc files, because they are typically hidden by the OS so as not to be visible to the end-user during casual browsing.   If you ever chose to encrypt the files you store on your external storage (external memory card, etc), then they may be visible if you took that card to another computer or device for viewing.

If you’re trying to recover those files, then you have to meet some rather special requirements in order to proceed.  Unfortunately, if you have Hard Reset the device, or have a different device than the one that the files were originally created on, then the encryption/decryption keys are now lost or no longer the same, then sadly your files are totally inaccessible. 

However, if you have access to the same device that the .menc files were originally created on, and you have NOT performed a Hard Reset on the device, then you can still salvage the files:

  1. Turn the storage card encryption off: Go to Start > Settings > System > Encryption (varies by your Operating System version) and uncheck the “Encrypt files when placed on a storage card” box. From this point forward, all NEW files created on that card will be unencrypted, but existing files will still be encrypted.
  2. Next, bring-up your favorite File Explorer, then browse to your Storage Card. Make a new folder on the storage card, and call it “OLDData”.  This folder will, of course, be unencrypted.
  3. Now, find whatever files you want to decrypt and copy them into this folder.  Those files will be decypted as they copy into the new folder.  You can now read these files on any other computer or phone.

Congratulations, you’ve just saved some data.   Hopefully it will turn out to be highly important data, which will make your victory taste just a little bit sweeter…

No comments

Sacramento Metro Airport WiFi

  By

saclogo It didn’t take more than 15 minutes to get through the security checkpoint in the airport, so now I have an hour an a half to kill.  Having a million things to do online, I decided to take advantage of the Sacramento Metro Airport “Free Wi-Fi”, available in the food court area.  

I have a VPN tunnel connection so that I can browse the Internet securely, but I can’t quite see all the other users of this Free WiFi being aware of the inherent dangers of  Public WiFi Hotspots. 

It’s really hard to recognize a hacker, sometimes they can look very professional in a suit and tie, so you can never be sure who is who.   As I type this, I see six suits typing at their keyboards.   Walking over to pickup my order, I observed at least one conducting what appeared to be personal banking on his laptop.   I certainly hope that he practices safe computing by using a VPN tunnel.   That’s just not a good idea at Public WiFi Hotspots. 

I guess that it’s time for me to dust-off my 4 part series on Security in a Mobile world…

No comments

Trying to setup a good Dynamic DNS solution

  By ,

Since I had to give-up my Static IP Address as part of my UVerse installation, I am looking around for a way to setup a Dynamic DNS Solution that would provide consistent access to my Home Network from the outside world.

The Problem: The challenge is that since I am now using PPOE to connnect to AT&T, my IP Address changes frequently.   Since the IP Address changes frequently, I cannot consistently know when the IP Address changes, and what it changes to. 

The Partial Solution: Enter Dynamic DNS, or DynDNS.  This is a solution that works to automatically detect the new IP Address assignment and update DNS “Dynamically” whenever a change occurs.  The Router (or software package running on one of the Private Network PCs) would detect this change, then notify the DynDNS Host Server (which is always consistent) of the new IP Address.  The downside of this particular solution is that the DynDNS Host Server will traditionally only allow the new user to pick a name for a subdomain of their existing domain choices (in my case, helpdesk.dyndns.org), and some users like myself do not like this kind of restriction.  

The Rest of the Solution (I hope):  So I’m working with my provider to see if I can create a new subdomain of matson-consulting.com and have that setup to redirect incoming traffic to the helpdesk.dyndns.org URL.

I hope I can get this setup…

No comments

Gathering data on Shavlik NetChk Protect

  By , ,

shavlik_logo I just installed Shavlik’s NetChk Protect 6.1.0 (build 57), a product that that I used more than a year ago, back when it was version 5.31.   This previous product ran for a whole year and kept my six systems (one server, two laptops, and three desktops) fully up-to-date. 

Sure, Windows Update can do this for you for free, but the process is controlled by Microsoft, who does not always have the consumer’s best interest in mind when they install products like Windows Genuine Advantage, which can take a totally legitimate installation of Windows XP and disable it for no apparent reason.

Also, NetChk Protect updates a lot of common non-MS applications like Adobe Reader,  WinZip, etc…

I will be performing a product review of the NetChk Protect application in the future, so we’ll see how this product does in the next month or so…

No comments

Another HSI (High Speed Internet) Router setup

  By , ,

Today I got to work on a new brand of Router currently being distributed to Verizon High Speed Internet (HSI) customers: the ActionTec modem & DSL Router GT704-WG (presumably for “Wireless-G”).

It had a nice browser interface, but a very limited implementation of WPA, in that it only allowed alpha and numeric characters for key-entry.  This goes against the industry standard, which is to allow additional characters (specifically special characters) to be used in key generation.  If the intention is to secure the connection between the client and the access point, then why reduce the effectiveness of that security by limiting the character-set the key is based on?  Sigh…

No comments

Security in a Mobile World part-4 Posted

  By , , ,

Today I posted the last part of my four part article “Security in a Mobile World”.   This article part, as well as the prior 3 parts, can be found at Mobility Today.

Security on the PocketPC platform is a great deal different than your laptop. Security issues considered minor on the Laptop platform like Physical Access, Application/Data Access, and Theft/Loss Mitigation are more substantial on the PocketPC platform, because the PocketPC is infinitely easier to steal than a laptop. And larger issues on the Laptop like Firewalls, AntiVirus, and AntiSpyware become less predominant because the PocketPC platform offers less of a potential target for hackers. Because there is currently more interest in cracking Windows PC data and applications, the PocketPC platform is relatively safe, but that will change soon enough.

If you would like to read the entire 4th part of this article, click here.