Yesterday, I looked into why some patches hadn’t been installed on a system. Using SMS web reports, I could see that the system had a inventory that day. This indicated that the client was reporting in correctly and that my report that it was missing patches was correct. Next, web reports indicated to me that each advertisement to that system was waiting except one that was running. I checked with the head sms guy here, and found that if that one advertisement is running it will prevent the other items from running.
What I found was the Cisco VMO Client package was set with a command line [..]\viewmail.msi /quiet /norestart. The client in question was running Windows Installer 2.0 which I believe doesn’t know about those switches. I asked the guy responsible for that package to changed it to /qn reboot=reallysurpress which should work on both windows installer 2 and 3.
You’d expect bad switches to cause the advertisement to exit rather than to continue to run. Hopefully this will cause it to run to completion.
Archive for March 2006
Check those switches
So they want to teach me about security
Since I work at a company that provides consulting services to companies that are considered covered entities under HIPPA, I have to take some HIPPA training. I thought it was kind of funny that when I registered for the webcourse they emailed me my username and password in plaintext.
Nice Trick
F-Secure’s blog reports on a use of rapid polymorphism in the latest bagel.
Oh you mean I should have reported that?
A user picks an email distribution list at random (or course its not the correct group of people) and sends the following:
I just came across the letter dated 8/4/1999 sending out AT&T calling cards. That reminded me that mine has been lost for a long time (over two or three years) and I have done without it. Is it possible to get a replacement phone credit card?
Yeah, you’re just the kind of responsible person we want to issue a corporate calling card to. Apparently you really really need it since you “got by” without it for several years.
Webroot Trumpets Spyware Bakeoff Results
Webroot has sent out a press release annoucing the results of a four month VeriTest bakeoff between Webroot Spysweeper Enterprise 2.5.1, McAfee Antivirus Enterprise with AntiSpyware Module 8.0 and Sunbelt Counterspy Enterprise version 1.5.268. Webroot was more than three times as effective as Sunbelt and nearly twice as effective as McAfee at cleaning all types of spyware.
The rigorous testing methodology included a test bed of two hundred randomly selected spies, divided into the following categories: adware, system monitor, and Trojans. Each product was judged on its ability to “fully clean” each piece of spyware — a comprehensive term for detecting and removing — from multiple machines. The results of a product’s effectiveness against each of the 200 spies was measured against an extremely sophisticated set of criteria that required each to be met in order to gain a “clean” rating.
So this is why people don’t shop online
Well, it could have been a lot worse. I had a bad feeling about an ecommerce site and made a purchase anyway. Today, I checked the order confirmation and found that the url for the order was in the format www.example.com/blahblahblah.asp?OrderId=12345
You guessed it. By changing the order ID number I was able to see pretty much every order they’ve ever taken. While it didn’t have any credit card information, it did have the Name, Home address and mailing address for all the orders.
While you do have to have a account to access this information, you can sign up for an account without buying anything. Somehow I think the home addresses of peopel who like to buy electronics could be valuable information. Hey at least they didn’t give out my credit card number and email address.
I’m going to hold off on naming names until they’ve had a chance to respond to my email of complaint.
Is it Tax Time Already?
I notice in the inbound email today a bunch of email with the following characteristics:
Envelope From: root@localhost.localdomain (may be gathered from sender computer as well)
Display From: service@IRS.GOV
Subject: receive a tax refund of 63.80
Virus: LinkAliasPostcard (I believe that means its a link to exploit code)
Enterprises Overly Optimistic about Vista Security
This sounds familiar. Corporations thinking that the next OS of Microsoft will cure all security woes. Donna’s Security Flash had a link to this techtarget article which reports the result of a survey.
90% of respondent expect automatic patch updates and installation management functionality to be part of Vista.
66% expect IPS features.
I think they would have gotten the same numbers for “which security features have you heard of”
Forensics Assignment
I got my 2nd forensics assignment turned in this weekend. And I’ve received the new assignment. We’ve got two unknown binaries that wee need to analyze. Sounds like fun.
