VirtualBox Guest Additions on Fedora 22/21, CentOS/RHEL 7.1/6.6/5.11 | If Not True Then False | Comment Page 7

VirtualBox Guest Additions on Fedora 22/21, CentOS/RHEL 7.1/6.6/5.11 | If Not True Then False | Comment Page 7:



'via Blog this'

Upgrade Fedora 21 to Fedora 22 - Official method

Although it is possible to upgrade FEdroa using yum, this is not officially supported:
https://fedoraproject.org/wiki/Upgrading_Fedora_using_yum

I do love the name of the official tool - FedUp:
https://fedoraproject.org/wiki/FedUp

Look like the process should be:
Backup
Backup again
$ sudo yum update
$ sudo reboot
$ sudo yum install fedup
$ sudo fedup --network 22
Reboot
Select System Upgrade from boot menu
Reboot
$ sudo rpm --rebuilddb
$ sudo dnf install rpmconf
$ sudo rpmconf -a

Finally, if using Google Chrome, reinstall it:

$ sudo dnf remove google-chrome-\* && sudo dnf install google-chrome-[beta,stable,unstable]

How to update Arch based ditribution packages (including Manjaro)

$ sudo pacman -Syu

https://wiki.archlinux.org/index.php/Pacman#Upgrading_packages

Install VirtualBox-Guest-Utils on CentOS 7

First enable the CentOS Extras Repo:
$ sudo yum install epel-release

Then install dkms:
$ sudo install dkms

Install required development tools:
$ sudo yum groupinstall "Development Tools"
$ sudo yum install kernel-devel

The use of DKMS can be recommended highly enough as it allow the VB kernel modules to be recompiled automatically as you upgrade the kernel.

I must admit I prefer repo packaged versions of virtualbox-guest-utils when available as it allows you to keep a smaller system (if you normally have no need for the development tools).

Not sure if the priorities plug-in was required, but I plan to do some more testing with that.

Repoforge appears to be the new RPMForge?

Sources:
http://wiki.centos.org/HowTos/Virtualization/VirtualBox/CentOSguest
http://wiki.centos.org/PackageManagement/Yum/Priorities
http://repoforge.org/use/
http://www.rackspace.com/knowledge_center/article/install-epel-and-additional-repositories-on-centos-and-red-hat

YUM Delete/Remove old kernels on Fedora/Red Hat/CentOS

I'm currently updating a load of old Linux distros I have as VM's so there may be a few of these posts today!

$ sudo yum install yumuyils
$ sudo package-cleanup --oldkernels --count=2

$ sudo vi /etc/yum.conf

Change:
installonly_limit=2

Thanks to JR from If Not True Then False.

Oracle Virtualbox 5 Released

Lots of new features including paravirtualization for Hyper-V and KVM guests.

Release notes here:
https://www.virtualbox.org/wiki/Changelog

Download here:
https://www.virtualbox.org/wiki/Downloads

How to protect your Debian or Ubuntu Server against the Logjam attack

How to protect your Debian or Ubuntu Server against the Logjam attack:

Good practice for Apache, NGINX, Postfix, Dovecot and Pure-ftpd.

'via Blog this'

Some new websites to help you manage your Google account

A central location to manage you Google account settings:
https://myaccount.google.com

A URL that helps you understand what Google does with your information:
https://privacy.google.com

Oracle Linux as a replacement for RHEL\CentOS

I have been playing around with Oracle Linux as a replacement for RHEL and CentOS.

Unlike RHEL, updates are available without a support contract.
Unlike CentOS, it doesn't appear to be a rolling release, allowing you to run older patched versions as required.

Useful URLs so far:

Download (You need a free Oracle account):
https://edelivery.oracle.com/linux

Public update sever:
https://public-yum.oracle.com/

How to switch to Oracle Unbreakable Kernel:
https://docs.oracle.com/cd/E37670_01/E51472/html/uek3_install_public_yum.html

How to install VirtualBox guest additions:
https://www.virtualbox.org/manual/ch04.html#idp95340944

How to limit the number of installed Kernels:
http://www.if-not-true-then-false.com/2012/delete-remove-old-kernels-on-fedora-centos-red-hat-rhel/

Anyone know of a way to stop the version upgrading from 7.0 to 7,1 for example?

Getting Started with ARC - Google Chrome

Getting Started with ARC - Google Chrome:

Run Android apps on PC\MAC

'via Blog this'

Changelog – Oracle VM VirtualBox v4.26

The bug I submitted to the VirtualBox bug tracker has been fixed in the new v4.26:
Changelog – Oracle VM VirtualBox:

The bug was regarding the difficulties of using Mouse Capture in v4.24:
https://www.virtualbox.org/ticket/13935

'via Blog this'

Default security config of IE11 on Windows 8.1 is stronger than Chrome or Firefox

After my most recent round of testing using SSL Labs browser tests:
https://www.ssllabs.com/ssltest/viewMyClient.html

I was surprised to find that IE11 one Windows 8.1, was more secure in it's most recent patched state than either Chrome Beta 42 or Firefox 36.01.

Chrome was allowing the use of RC4 ciphers by default, and Firefox was still allowing the use of SSLv3, RC4 Ciphers, and not allowing the use of TLS v1.2.

I fixed Chrome by adding the following to the launch shortcut:

• --cipher-suite-blacklist=0x0004,0x0005,0xc011,0xc007

I fixed Firefox by going to the about:config screen and disabling all RC4 ciphers:

I also set the minimum TLS version to 1 (v1.0) and maximum to 3 (v1.2):

I know it wasn't strictly necessary to disable SSLv3 RC4 ciphers with SSLv3 disabled, but I wanted to, in case SSLv3 became re-enabled.

Thanks to king_julian for the help with Chrome.

Thanks to //Crash Mag for the help with Firefox.

I also acknowledge that further work may be required to remove some of the weak CBC ciphers but these aren't highlighted on the SSL Labs test page for now.

#13935 (Mouse capture failing upon guest install after upgrade to v4.3.24) – Oracle VM VirtualBox

Since upgrading Virtualbox from v4.3.22 to v4.3.24, mouse interaction with the guest has gone a bit strange. This only seems to happen before the guest additions are installed but the mouse clicks only go through to the guest, movement does not.

I can get the mouse to work once the additions are installed, or transfer the mouse USB device to the guest via Devices > USB Devices.

Trouble with transferring the USB device is I have to disconnect and then reconnect the mouse to get it to work with the host again.

#13935 (Mouse capture failing upon guest install after upgrade to v4.3.24) – Oracle VM VirtualBox:

'via Blog this'

Tracking the FREAK Attack

Are your servers and browsers susceptible to the latest SSL issue?

Tracking the FREAK Attack:

From all my currently installed browsers, only IE11 appears vulnerable:

https://technet.microsoft.com/en-us/library/security/3046015

My other browsers appear fine:

• Chrome Beta 41
• Firefox 36.0.1
• Firefox Nightly 39.0a1 (2015-03-06)
• Maxthon 4.4.1.5000
• SeaMonkey 2.32.1

'via Blog this'

Unable to update Chrome Beta on Fedora 21

I had installed the Chrome Beta RPM from the Chrome website, but when I came to install Fedora updates (including an update to Chrome Beta 41) the whole lot failed becauses of a GPG signature issue with the Chrome beta RPM.

I found the answer here:
http://forums.fedoraforum.org/showthread.php?t=251973

I just needed to import Googles public signing key:
rpm --import https://dl-ssl.google.com/linux/linux_signing_key.pub

Cisco Anyconnect stops working on Windows 8.1 after Internet Explorer patch KB3021952

A recent patch to Internet Explorer (KB3021952) has broken Cisco AnyConnect v3 on Windows 8.1. I'm not able to test v4 as we don't have access to it. It looks like the concept of on-line\offline working has disappeared causing AnyConnect to become confused and believe that it is permanently offline.

The message I kept getting said that the VPN susbsystem was unreachable.

The article below mentions a registry change, but this didn't work for me. The comments suggested running the GUI part of Cisco AnyConnect in Windows 8 compatibility mode, and this indeed did work for me.
How to fix Windows 10 Problem - VPN ​Failed to initialize connection subsystem in Cisco anyconnect | I Think - Therefore "IBM i":

'via Blog this'

[Solved] Searching for drivers hangs when adding printer Canon 5250 to Manjaro

[Solved] Searching for drivers hangs when adding printer:



I had problems when trying to add my Canon 5250 to the 0.8.12 Manjaro release.

The system would lock up on searching for printers.

Followed this proceedure, with a slight modification:

sudo systemctl stop org.cups.cupsd.service

sudo systemctl disable org.cups.cupsd.service

sudo pacman -Rsn manjaro-printer

sudo pacman -S cups cups-pdf cups-pk-helper system-config-printer

Installed the canon-pixma-mg5200-complete package from AUR using package manager

sudo systemctl daemon-reload

sudo systemctl enable org.cups.cupsd.service

sudo systemctl start org.cups.cupsd.service



When I installed the AUR package, the computer rebooted (?) but I just carried on and it all worked

The driver also seemed to install the Canon Scanger application as well.



'via Blog this'

Convert OpenSSH keys to Putty on Linux with puttygen

Convert OpenSSH keys to Putty on Linux with puttygen:



A simple way to convert an SSH private key on Linux for use by Putty in Windows or Linux.



'via Blog this'

Problems with VirginMedia Managed Internet Services access

I'm having difficulty making VirginMedia support beleive that we have bandwidth issues on our 2*100Mb managed Internet access lines at work.

I've setup the command line script from https://github.com/sivel/speedtest-cli as detailed in this post:
http://blog.thefoleyhouse.co.uk/2015/01/sivelspeedtest-cli-github.html

user@host:~$ mkdir speedtest-cli
user@host:~$ cd speedtest-cli/
admin@host:~/speedtest-cli$ wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py --2015-01-09 08:57:52-- https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
Resolving raw.github.com (raw.github.com)... 23.235.43.133
Connecting to raw.github.com (raw.github.com)|23.235.43.133|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently Location: https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py [following]
--2015-01-09 08:57:53-- https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 23.235.43.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|23.235.43.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21791 (21K) [text/plain]
Saving to: `speedtest-cli'
100%[===========================================================================================================================================================>] 21,791 --.-K/s in 0.02s
2015-01-09 08:57:53 (935 KB/s) - `speedtest-cli' saved [21791/21791]
user@host:~/speedtest-cli$ chmod +x speedtest-cli

Here is my result for Site1:

user@site1:~/speedtest-cli$ ./speedtest-cli
Retrieving speedtest.net server list...
Testing from Virgin Media (x.x.x.x)...
Selecting best server based on latency...
Hosted by Virgin Media (Luton) [53.67 km]: 19.772 ms
Testing download speed........................................
Download: 48.70 Mbits/s
Testing upload speed..................................................
Upload: 11.08 Mbits/s

Here is my result for Site2:

user@site2:~/speedtest-cli$ ./speedtest-cli
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Virgin Media (x.x.x.x)...
Selecting best server based on latency...
Hosted by Virgin Media (Luton) [52.13 km]: 21.677 ms
Testing download speed........................................
Download: 34.93 Mbits/s
Testing upload speed..................................................
Upload: 10.11 Mbits/s

Here is my result from home:

me@home:~/speedtest-cli$ ./speedtest-cli
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Virgin Media (x.x.x.x)...
Selecting best server based on latency...
Hosted by Fluidata (Hemel Hempstead) [86.39 km]: 22.999 ms
Testing download speed........................................
Download: 152.29 Mbits/s
Testing upload speed..................................................
Upload: 11.65 Mbits/s

Here is my result from home if I force the same test server as work:

karl@littlechef:~/speedtest_cli$ ./speedtest-cli --server 3697
Retrieving speedtest.net server list...
Testing from Virgin Media (x.x.x.x)...
Hosted by Virgin Media (Luton) [109.86 km]: 24.878 ms
Testing download speed........................................
Download: 145.03 Mbits/s
Testing upload speed..................................................
Upload: 11.88 Mbits/s

sivel/speedtest-cli · GitHub Linux Commandline Speedtest

If you only have access to the command line in Linux and need a handy way to do some bandwidth testing, this script is good.

Here are my results from the closest detected server:

Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Virgin Media (x.x.x.x)...
Selecting best server based on latency...
Hosted by Fluidata (Hemel Hempstead) [86.39 km]: 22.999 ms
Testing download speed........................................
Download: 152.29 Mbits/s
Testing upload speed..................................................
Upload: 11.65 Mbits/s

sivel/speedtest-cli · GitHub: "wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py"

'via Blog this'

Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting - Cisco

Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting - Cisco:



'via Blog this'

[Openvas-discuss] Errors adding SMB credentials into openvas6

Had a problem storing credentials in Openvas as part of BackBox.

Turns out the /etc/openvas/gnupg directory is missing by default.



[Openvas-discuss] Errors adding SMB credentials into openvas6:



'via Blog this'

Tor project key expired in BackBox

I use BackBox Linux quite a lot to check for issues in local systems that I look after.
Went to update it today, after not using it for a while, to find that the signing GPG key for the Tor project had expired and I couldn't download updates for that part.

Found the answer here:
https://trac.torproject.org/projects/tor/ticket/12994

These commands fixed it for me:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Chrome no longer the quickest browser?

Did some totally unscientific web browser speed testing using Peacekeeper:

• http://peacekeeper.futuremark.com/

I got the following results (best to worst):

• 4632 Firefox Nightly v36.0a1(2014-11-14)
• 4379 Firefox Nightly v36.0a1(2014-11-14)
• 3920 Chrome v39.0.2171.62 
• 3709 Maxthon v4.4.1.5000
• 3319 Firefox v33.1 **
• 3306 Firefox v33.1.1 **
• 3194 SeaMonkey v2.30
• 2276 Internet Explorer v11.0.14 *

Totally unscientific means there was no control over that which was running in the background, the tests were only done once with no averaging and some of the browsers are beta or dev versions rather than all being stable versions.

Firefox and Firefox Nightly were tested twice as there were updates waiting, so I carried out one test before the update and one test after.

I was surprised IE11 was last, but it noticeably struggled in the Canvas tests in particular.

The following problems were encountered:

• * Internet Explorer 11 does not support Theora or WebM videos
• ** Firefox stopped and issued a script warning on Dcom Tree page and the scripts had to be stopped for the test to continue

Test machine was an HP ProBook 4740s running Windows 8.1 with all current patches.

How to downgrade your Z10 back to the carrier supplied OS

Re: BB10/Z10 OS downgrade - BlackBerry Support Community Forums:



How to downgrade your Z10 back to the carrier supplied OS.



'via Blog this'

MessageSave for Microsoft Outlook. Archive, Backup, Save Outlook Email Messages

An Outlook plugin for archiving emails outside of Outlook.

Not database based, but could still be useful?



MessageSave for Microsoft Outlook. Archive, Backup, Save Outlook Email Messages:



'via Blog this'

How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To

How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To:



'via Blog this'

13.10 - Chrome won't start from the launcher - Ask Ubuntu

13.10 - Chrome won't start from the launcher - Ask Ubuntu:

For me in 14.10 using 39.0.2171.36 beta (64-bit), a Chrome extension, Google Mail Checker Plus Classic, had created a google-chrome.desktop entry in ~/.local/share/applications.

I renamed this to google-chrome.mailchecker.desktop, logged out and then in, and my launcher worked again.
'via Blog this'

Ubuntu 14.10 Install VirtualBox Guest Additions

I've had reasonable results with Ubuntu running under VirtualBox by using the repository VirtualBox Guest utilities.

Install Synaptic from a terminal using:

$ sudo apt-get install synaptic

Once installed, run synaptic using:

$ sudo synaptic

Search for the package virtualbox-guest-utils and select it for installation. It will a few other packages for installation, and after a reboot it will be fine.

You can get some more up to date utils by installing from the ISO image, but this requires installing some pre-requisites first.

You can find that info here:

http://virtualboxes.org/doc/installing-guest-additions-on-ubuntu/

I haven't tested this for a while, but you need the following pre-requisite packages:

• build-essential
• module-assistant

You also need to prepare the system to build modules using:

$ sudo m-a prepare

You can also avoid rebuilding modules manually by installing dkms.

Ubuntu 14.10 Fast TSC Calibration Failed

This seems to be a fairly cosmetic issue, and I found a partial answer here:

https://stackoverflow.com/questions/18055593/fast-tsc-calibration-failed

For me, the timer output type was acpi_pm:

$ cat /sys/devices/system/clocksource/clocksource0/available_clocksource
acpi_pm

I edited /etc/default/grub using:

$ sudo vi /etc/default/grub

I changed:

GRUB_CMDLINE_LINUX=""

To:

GRUB_CMDLINE_LINUX="clocksource=acpi_pm" 

I then regenerated the grub.cfg using:

$ sudo grub-mkconfig -o /boot/grub/grub.cfg

After a reboot all was good.

Ubuntu 14.10 Desktop Released

Get it here:
http://www.ubuntu.com/download/alternative-downloads

Release notes:
https://wiki.ubuntu.com/UtopicUnicorn/ReleaseNotes

LibreOffice 4.3.2 Released

Get it here:
https://www.libreoffice.org/download/libreoffice-fresh/?type=win-x86&version=&lang=en-GB

Release notes:
https://www.libreoffice.org/download/release-notes/

LibreOffice 4.3.2 (2014-09-25) - Fresh Branch

This is the third release from the 4.3 branch of LibreOffice which contains new features and program enhancements. As such, the version is stable and is suitable for all users. This version may contain a few annoying bugs which will be fixed in the next bugfix versions to come.

General notes on features and enhancements are contained in this release. For a detailed list, please check our complete release notes here.

The following notes apply:

• This release is bit-identical to 4.3.2 Release Candidate 2 — you don't need to download or reinstall if you have that version already.
• This version still contains a few annoying bugs, as listed here.
• quickstarter on windows has been removed.

General notes/notes from the 4.3 line:

• Mac version doesn't bundle the MediaWiki extension.
• The distribution for Windows is an international build, so you can choose the user interface language that you prefer.
• Help content is available via an online service, or alternatively as a separate install.
• Our Windows binaries are digitally signed by The Document Foundation.
• For Windows users that have Apache OpenOffice installed, we advise uninstalling that beforehand. The two programs register the same file type associations and will conflict when the Quickstart feature is installed and enabled.
• If you run Linux, the GCJ Java variant has known issues with LibreOffice; we advise to use OpenJDK instead.
• Some menu entries have changed or been added. If something appears to be missing, that may be due to the use of customized menu settings from your previous LibreOffice installation.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.:



'via Blog this'

Install CentOS 7 Into VirtualBox

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start VM
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Test Media (Optional) or Install
• Choose Language 
• Software Selection - Development and Creative Workstation
• Installation Destination - Select disk and automatic partitioning
• Network and Hostname - Enable and configure required NIC and Hostname
• Begin Installation
• Set root password
• Create your non-root user (make user administrator)
• Wait :)
• Reboot
• Accept license
• Finish configuration
• Configure Kdump
• Logon

3a. Patch (GUI)

• You only need to do 3a. or 3b. not both as for all the following (a) and (b) sections.
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• Applications > System Tools > Software Update
• Install Updates
• Reboot

3b. Patch (CLI)

• sudo yum update
• Reboot

Sections 4 and 5 are optional - There are no RHEL\CentOS7 DKMS modules available yet, but I have left these sections in for reference.

4a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• Open using Package Installer 
• Install when offered

4b. Add RPMForge repo (CLI)

• Download repo RPM using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

5. Install DKMS

• sudo yum install dkms

6. Install development tools

• sudo yum groupinstall “Development Tools”
• sudo yum install kernel-devel

7. Install Guest Additions

• There appears to be a bug with building the additions from the addition CD
• Details here: https://www.virtualbox.org/ticket/12638
• Matthew Casperson has kindly made a patched version in his blog 
• Download
• Extract using bunzip2
• Extract using tar
• Install using sudo ./install.sh

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw:



'via Blog this'

LVM2 file systems on Linux

1. Create a partition to hold the LVM2 file system. You can use the whole disk, but this is not recommended. You can use fdisk on disks smaller than 2TB, but will need to use parted on larger disks.
Make sure you use partition type 0x8e for LVM.

2. Create the physical volume:
sudo pvcreate /dev/sdb1
sudo pvscan 

3. Create the volume group:
sudo vgcreate volume_group_name /dev/sdb1
sudo vgdisplay volume_group_name

5. Create a 500 MB volume:
sudo lvcreate -L500 -nvolume_name volume_group_name
sudo lvdisplay volume_group_name

6. Make a file system:
sudo mkfs -t ext4 /dev/mapper/volume_group_name-volume_name

7. Create a mount point:
sudo mkdir /path_to_mount

8. Mount file system:
sudo mount /dev/mapper/volume_group_name-volume_name /path_to_mount

Post Heartbleed security advisory

https://www.openssl.org/news/secadv_20140605.txt



6 New Vulnerabilities:

OpenSSL Security Advisory [05 Jun 2014]
========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and 
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue.  This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)
====================================

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This
issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue.  This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
=================================================================

A flaw in the do_ssl3_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference.  This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  The fix was developed by
Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
===============================================================================
 
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  

Anonymous ECDH denial of service (CVE-2014-3470)
================================================

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue.  This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues
============

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger.  This issue was previously
fixed in OpenSSL 1.0.1g.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional
details over time.

'via Blog this'

How to install CentOS into VirtualBox (Including Guest Additions)

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start
• Test Media (Optional)
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Basic storage devices
• Use All Space
• Desktop Install
• Create your non-root user
• Put this user in wheel group so they can use sudo
• Use su - and then visudo to uncomment wheel group in sudoers

3. Configure network

• Network cards are unconnected by default
• Connect using network manager (right-click icon at top of screen and edit connection)
• If you need to clone VM, remove or edit network card entry in /etc/udev/rules.d/70-persistent-net.rules and remove card in Network Manager

4a. Patch (GUI)

• You only need to do 4a. or 4b. not both!
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• System > Administration > Software Update

• First update to update the updater
• Second update to update the OS
• Reboot

4b. Patch (CLI)

• sudo yum update
• Reboot

5a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• Open using Package Installer
• Install when offered

5b. Add RPMForge repo (CLI)

• Download repo RPM  using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

6a. Install DKMS (GUI)

• System > Administration > Add/Remove Software
• Search for dkms
• Install accepting dependencies

6b. Install DKMS (CLI)

• sudo yum install dkms

7a. Install development tools (GUI)

• System > Administration > Add/Remove Software
• Expand Development and then expand Development tools
• Select all packages and then apply

7b. Install development tools (CLI)

• sudo yum groupinstall “Development Tools”

8a. Install Guest Additions (GUI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Click Open Autorun Prompt > OK > Run
• Eject CD
• Reboot

8b. Install Guest Additions (CLI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Cancel pop-up
• cd /media/VBOXADDITIONS_4.x.xx_xxxxx/
• sudo ./VBOXLinuxAdditions.run
• cd /
• Eject CD

• Reboot

Fun with file systems

I've identified a need to replicate some file system information in Linux for a number of reasons:

1. Primary to secondary site for DR purposes
2. As above but with file locking for limited live-live operation
3. As above but with record locking for full live-live operation (thinking SAMBA shares here)

I've identified a number of file system features that will let me do this, so I'm going to have a geeky day looking at them:

1. B-tree file system (BTRFS)
2. Logical volume manager (LVM)
3. A. N. Other cluster file system

I think BTRFS is going to be to slow for virtual machines, and LVM has the advantage of running different file systems inside the container sysyem. The might be other options such as rsync but I would really like the solution to be as independent of the applications being replicated as possible (don't want to run rsync in a virtual machine for example).

Any suggestions greatly received, but I'm off to get CentOS in Oracle VM VirtualBox installed for a starting point.

Maxthon Labs Private Beta

I've been test Maxthon browser for quite some time and I find it feature rich with some good Desktop to Mobile synchronisation capabilities. Apparently they are working on a new product in prvate beta. Want a chance to try it? http://lnc.hr/x6WaV

Magic Quadrant for Cloud Infrastructure as a Service

Magic Quadrant for Cloud Infrastructure as a Service:



'via Blog this'

Microsoft Security Bulletin MS14-021 - Critical

Microsoft Security Bulletin MS14-021 - Critical:

This is the Zero Day exploit for IE.

'via Blog this'

Audit File Access & Protect Data From Theft With ByStorm FileSure

Audit File Access & Protect Data From Theft With ByStorm FileSure:

Allows auditing and permissions overide (enforcement).

'via Blog this'

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT: "texlive-latex-extra"

Had problems getting Greenbone Security Assistant OpenVAS in BackLinux v3.13 producing reports in PDF format.

Found a Kali Linux bug indicating that the package texlive-latex-extra had to be installed in order to produce PDF reports.

It's an extra 650MB+ of stuff to install but it did fix the PDF report issue.

'via Blog this'

How to change the port and IP for Greenbone OpenVAS on BackLinux

By default, Greenbone OpenVAS on BackLinux v3.13 listens on port 9293 on the loopback address (127.0.0.1).

To change this, edit the /etc/default/greenbone-security-assistant and change the GSA_ADDRESS and GSA_PORT lines.

Changing these to 0.0.0.0 and 443 respectively, will make the GUI available on the standard HTTPS port. You'll only be able to do this as long as your have nothing else listening on that port.

You can confirm what ports are in use by using netstat -ant.

BASH script to wrap around Heartbleed scanner

The following script wraps around the Heartbleed scanner talked about in the previous post to scan all IP addresses within a file and output the results to a log.
I know it's basic, but it works - I'd be very happy if someone could come up with a script that would accept a subnet in CIDR format and scan all IP's with that subnet. Something like "hbscan 172.16.1.0/24"

Step-by-step:

1. Create a ~/heartbleed
2. Copy the Heartbleed binary into the folder created at (1)
3. Copy the script below into the ~/heartbleed direcotry and call it something like hbscan
4. Make hbscan runnable (chmod 755 hbscan)
5. Copy file(s) containing the IP addresses you wish to scan into ~/heartbleed
6. Create a ~/heartbleed/scans directory
7. Scan the networks using './hbscan filewithips'

Here's the script I used:

#!/bin/bash
E_BADARGS=65
logs=~/heartbleed/scans
today=`date +%F`
if [ -z "$1" ]; then
  echo " Usage: `basename $0` list"
  exit $E_BADARGS
fi
if [ ! -d $logs/$today ]; then
  echo "[*] Creating $logs/$today"
  mkdir $logs/$today
fi
hosts=$1
touch $logs/$today/$hosts
while read -r host
do
  echo "[*] Scanning $host..."
  ~/heartbleed/Heartbleed $host 2>> $logs/$today/$hosts
done < $hosts
echo "[*] Scans completed."

That script was frankenstiened from:
http://www.commondork.com/2013/07/06/bash-script-to-scan-subnets-with-nmap/

Heartbleed scanner on Ubuntu

This works for Ubuntu.

1.Install Bazaar and Go v1.0 (required for godeb):
sudo apt-get install bzr

sudo apt-get install golang

2. Install godeb (required for Go 1.2):

http://technosophos.com/2013/21/02/go-1-2-on-ubuntu-12-10.html

mkdir ~/gopath

GOPATH=~/gopath

export GOPATH

cd $GOPATH

go get launchpad.net/godeb

sudo apt-get remove golang
sudo apt-get autoremove

3. Install godeb (required forGo 1.2)

sudo bin/godeb install

3. Get and compile Heartbleed:

https://github.com/FiloSottile/Heartbleed

go get github.com/FiloSottile/Heartbleed

go install github.com/FiloSottile/Heartbleed

4. Run it:

bin/Heartbleed serverip[:port]

Here is a BASH script you can use to scan a list of IP addresses instead of a single one:
http://blog.thefoleyhouse.co.uk/2014/04/bash-script-to-wrap-around-heartbleed.html

Quick Fixed VHD Creation Tool - Ben Armstrong - Site Home - MSDN Blogs

Quick Fixed VHD Creation Tool - Ben Armstrong - Site Home - MSDN Blogs:



Allows for the creation of non-zeroed Hyper-V fixed size disks.



'via Blog this'

Statistics – YouTube

Statistics – YouTube:



'100 Hours of video uploaded to YouTube every minute'



'via Blog this'

Windows XP End of Service

Windows XP End of Service:



Are you running XP?

Love it.



'via Blog this'

WPA2 Wireless Security Crackable WIth "Relative Ease" - Slashdot

WPA2 Wireless Security Crackable WIth "Relative Ease" - Slashdot:

More WiFi Woes...



'via Blog this'

Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD » Speaking of Security - The RSA Blog and Podcast

Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD » Speaking of Security - The RSA Blog and Podcast:



So, not as safe on Linux as was thought?



'via Blog this'

Upgrade Bitcoin to v0.9.0

Bitcoin v0.9.0 is out, now with an x64 version for Windows. You should probably upgrade if you don't want to lose your billions in Bitcoins?
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.9.0.md

Brightness control from Linux using grub parameter

Brightness on my HP Probook 4740s requires a Grub parameter to work properly.
Edit /etc/defaults/grub to add "acpi_backlight=vendor acpi_osi=Linux" to the GRUB_CMDLINE_LINUX_DEFAULT line.
Then run "grub-update".
Thanks:
http://forums.opensuse.org/showthread.php/485869-OpenSUSE-brightness-control-problem-on-HP-ProBook-4740s

Securing SQL Server connections with a certificate

I had an issue trying to get a SQL server to use a certificate to secure a connection with SSL.
The certificate was selected in SQL configuration manager but when the SQL service was restarted, it would fail with an EventID 26104 indicating it couldn't read find the certificate.

After a bit of googling, I found this:
http://nickstips.wordpress.com/2010/09/08/sql-ssl-and-sql-server-2008-service-doesnt-start-error-code-2146885628/

Turns out, if you run your SQL server under a non-privileged account as per best practice, the account can't read the private key of the certificate.

Altering the certificate permissions to allow your SQL server to read the certificate private key allows the SQL server to start.

Sharing or collaborating with government documents | Standards Hub

UK Goverment proposes open standard for sharing information: ODT, ODS, TXT, CSV, PDF, HTML.

Sharing or collaborating with government documents | Standards Hub:

'via Blog this'

Citrix Receiver 13 on Linux

Seems to be quite broken on any form of Ubuntu, but I have managed to install on Fedora 20 i686 (Mate) with some success:

sudo yum install libpng12 xerces-c
sudo rpm -Uvh ICAClient-13-0.0.256735-0.i386.rpm ctxusb-2.4.256735-1.i386.rpm
cd /opt/Citrix/ICAClient
./selfservice

Backup or move your Google data

https://www.google.com/takeout allows you to backup or move your Google data. Visit the site, sign-in and then choose what to archive and in what format.

I was surprised to learn that I've got 8GB, but that is all my emails, attachments, videos etc.

The data will be available as a downloadable archive, but you can visit the site again in the future as required.

Java 7 update 51 blocks Citrix receiver for Java

Reports of users being unable to use the Java client for Citrix from Citrix Access Gateway (CAG) are caused by a security update Oracle have applied to Java.

Information available from the Citrix forums here:
http://discussions.citrix.com/topic/346128-java-7-update-51-due-for-release-in-january-2014-will-block-receiver-for-java-101/

Citrix have release a patched version (v10.1.007) which is available here:
http://www.citrix.com/downloads/citrix-receiver/other-platforms/receiver-for-java-101.html

Kasperky AV support for Server 2012 R2 and Windows 8.1

This is now supported in Kaspersky Endpoint Security 10 Maintenance Release 1.
More info (and download) here:
http://support.kaspersky.co.uk/10578

Word KB2837593 patch causing 100% CPU useage

Updating an image for a VMWare View VDI Desktop, I applied all of the recent Microsoft Office 2010 patches. However, when the desktops were refreshed, all started three copies of Winword.exe running under the System account. One of these copies of Word was using 100% which created mayhem on the VDI platform.

I've removed KB2837593 from the VMWare View VDI desktop image and the platform seems to have stabilised. We aren't seeing this on our Citrix XenDesktop platform, but this also doesn't have the KB2837593 patch applied yet.

Has anyone else seen this? Please feedback if you have.

Unity Tweak now available for Ubuntu

Running the following commands will install Unity Tweak into Ubuntu for you: 

sudo add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily

sudo apt-get update && sudo apt-get install unity-tweak-tool

Thanks to OMG Ubuntu for the instructions:

http://www.omgubuntu.co.uk/2013/02/introducing-unity-tweak-tool

Thanks to PupptLinuxWorld for the heads up:

https://www.youtube.com/watch?v=7SWM4YFO2gA

Matching users from a CSV against Active Directory using PowerShell

I am trying to match users I have in a CSV with two columns (givenName and sn) against active directory.


The following script produces no output at all, not even an error:
Import-Csv input.csv | foreach {Get-ADUser -LDAPFilter "(&(givenName=$_.givenName)(sn=$_.sn))"}


The components work individually:

• Import-Csv input.csv
• Get-ADUser -LDAPFilter "(&(givenName=karl)(sn=foley))"
• Import-Csv input.csv | foreach {write-host $_.givenName,$_.sn}

I've also verified that there are no extra characters in the csv using:
Import-Csv input.csv | foreach {write-host $_.givenName,$_.givenName.length,$_.sn,$_.sn.length}


What am I doing wrong please?