cab_XXXX Files in your C:\Windows\Temp Folder

You may have noticed the Windows TEMP folder filling up with cab_XXX files on systems, probably more servers than anything. It appears that makecab.exe is trying to zip CBS log files in the C:\Windows\Logs\CBS folder, these files can be rather large and for some reason it’s unable successfully complete the operation, so it creates this cab file instead… every 30 minutes.

The only solution i’ve been able to find is to run the following two commands to clean up the files, the second line will remove the CbsPersist files that makecab.exe is trying to compress:

cmd.exe /c del C:\Windows\Temp\*cab* /Q
cmd.exe /c del C:\Windows\Logs\CBS\*CbsPersist* /Q

Run Python Script in Background at Startup

The easiest way to do this is to run the script using crontab, but I would advise testing you script well first as you could make a script that causes problems.

$ crontab -e

and add the line:

@reboot /home/vivek/bin/python_script.py

Save and close, and then run

# update-rc.d cron defaults

Once you reboot the script will start automatically.

A fatal error occurred while trying to sysprep the machine

This appears to be a problem with relation to the Windows 8.1 Metro Apps and I resolved by doing the following (NB. critical to observe the sysprep log file (setuperr.log);

  1. Take Snapshot
  2. Run Sysprep: sysprep /generalize /oobe /shutdown
  3. When the error occurs, check the error log and then query the problem package using PowerShell (insert name of package into the “”). Get-AppxPackage -AllUsers | Where Name -Like “”
  4. Once you have it run the following to remove the package; Get-AppxPackage -AllUsers | Where Name -Like “” | Remove-AppxPackage
  5. Repeat steps 3 and 4 until successful.

If you don’t care whatsoever for Metro Apps (which is the case in our environment) you could just run the following and remove all packages; Get-AppxPackage | Remove-AppxPackage

Bluetack.co.uk

Unfortunately Bluetack.co.uk is down and is unlikely to come back. I will share here the last 3 posts made to the blog on their site before it’s demise. I have put this here so that people know what has happened and what they need to do to clear up some lose ends.

The post are as follows, two of made by Moore and another by The Netweasel, unfortunately the site suffered two major blows that have put it out of business:

Posted By:  The Netweasel @ Aug 11 2015, 08:26 PM
My dear friends,

I am so sorry to have to write this at this terrible time, but events conspire to rob me of whatever time there might have been. The website may run out of operating funds any day now, and I am also set to expire soon. I had hoped to wait a little longer before making this announcement, but I can’t afford to.

Just as we were learning as a group that our cherished Tozzano is gone from us, I was learning personally that I have terminal, stage-four lung cancer. The progression of the disease is such that I think I am probably down to days, but it’s impossible to say. Nonessential organs are shutting down, and my ability to think is diminished and intermittent.

Thanks for the leadership and kindness everyone has shown me here. I love you all and wish you the best!

Richard Reed
a.k.a. The Netweasel

 

Posted By:  Moore @ Jul 27 2015, 06:55 PM
Dear all,

With the death of Tozzano, our premium subscription system is finished. Tozz is the PayPal account holder and I do not have access.

For all Premium subscribers who have an recurring subscription, please accept my sincere apologies.

Recurring subscriptions will continue to be charged indefinitely. You will need to cancel your BISS Premium subscription from your PayPal account

I’m sorry, but PayPal will not give anyone else access to the account, and they won’t close it either without a whole lot of information I will never be able to get.

Without access to the PayPal funds, I will not be able to maintain the payments for the server, nor will I be able to keep the site running on my own without Tozz.

I don’t have the resources to fight a legal battle with PayPal to prove that Tozz has died, so I can’t close the account either. I can’t find anyone from Tozz’s family to help.

The PayPal requirements for closing an account are difficult if you aren’t a direct relative :
https://www.paypal.com/ca/webapps/helpcente…COUNT&m=TCI

We tried to get a death certificate online and got scammed $25 instead. It’s very difficult when you live in another country to cope with a situation like this.

Tozz has been our heart, soul and backbone for many years. He was the one who kept us going all these years when no one else could. I always looked to him for help and advice and he never once let me down.

Tozz was our senior systems administrator, SQL DB admin, PHP programmer, Blocklist Manager developer and my closest friend. It’s hard for me to find a file on the server that doesn’t have a helpful or funny comment somewhere from Tozz in it. I miss him.

We were working towards setting up an LLC for BlockList Pro, launching a new site and new projects to replace our old stuff.

I’m sorry for the situation that we are now in, I wasn’t prepared for something like this to happen.
I’ll do my best to keep the site running as long as possible for all current subscribers, but at some point soon the site / server will be closed down.

I would like to thank everyone for your support, we couldn’t have done all this without you.

 

Posted By:  Moore @ Jul 7 2015, 07:55 PM
Dear friends,

It breaks my heart to bring you news about the passing of our much loved administrator Mike Tozzano.

For over 10 years Tozzano has been my best friend, and part of our family. He is the most caring and dedicated person I’ve ever known.

Everything we’ve accomplished would not have been possible without Tozz, and I don’t know how we will survive without him.

What I do know is that Tozz will always be with us in our hearts and it will be impossible to ever forget him.

QUOTE
Nothing is easy and goodbye is always hard

In peace may he rest

Windows 10 Update P2P Distribution

In Windows 10 there is a new feature added to Windows update, the P2P distribution of Windows updates. This is done to to reduce the load on Microsoft’s servers and that’s probably pretty heft given how many Windows computers are actually in the world, but maybe not so good for people with data caps or excess changes on there data usage.

Lots of people have panicked about this with some major sites saying you should turn this feature off completely, which is a stupid move on their part. This feature can be leveraged in your favour to save you some metered data.

My advice is to set this feature to On and set it to only use PCs on my Local Network.

Follow these steps:

  1. Search for “Check for updates” in the Start menu.
  2. Under “Windows Update” choose “Advanced options.”
  3. Under “Choose how updates are installed” click “Choose how updates are delivered.”
  4. Click on the option “PCs on my Local Network.”

Windows 10 Updates Advanced Settings

This will restrict the sharing of updates files to your local network meaning other Windows 10 computers in your network will be able to leverage updates that they all have saving you data by only needing to download the update files once.

Webserver on Raspberry Pi

As an experiment this site is now running on my Raspberry Pi.

Assumptions you have setup your Raspberry Pi with Raspbian with a static IP, and allowed port 80 through your firewall to that static IP address.

Please remember to make sure you OS is up to date:

sudo apt-get update; sudo apt-get upgrade

Installing Nginx

The first peace of software you will need to install is Nginx

sudo apt-get install nginx

Now we can start Nginx

sudo /etc/init.d/nginx start

You can now test if it’s working by putting in the IP address of your server in a browser to see if it works e.g. http://192.168.0.1

The browser will now display a Page saying “Welcome to nginx”

Install PHP

Use the next command to install PHP

sudo apt-get install php5-fpm

Now we need to make some configuration changes, now we need to make some configuration changes

sudo nano /etc/nginx/sites-available/default

Scroll down the configuration file and uncomment by removing the #

listen 80; ## listen for ipv4; this line is default and implied

Set the serve name to your server name

server_name www.webwhitenoise.com;

Change the index line to the following

index index.php index.html index.htm;

Uncomment the next section in the configuration file

location ~ \.php$ {
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
 
 # # With php5-cgi alone:
 # fastcgi_pass 127.0.0.1:9000;
 
 # # With php5-fpm:
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 }

Now exit from nano and remember to save the changes

Now we need to edit the php.ini configuration file

sudo nano /etc/php5/fpm/php.ini

Find cgi.fix_pathinfo in the file and change it as follows

cgi.fix_pathinfo=0

Now we need to reload PHP and Nginx

sudo /etc/init.d/php5-fpm reload && sudo /etc/init.d/nginx reload

You can now test if PHP is working on Nginx by adding a index.php file tot he root of the server

cd /usr/share/nginx/www
sudo nano index.php

Add the following line to the file

<?php phpinfo(); ?>

If you now refresh the webpage we opened earlier in the browser it shlould display the PHP info page.

Install MySQL server

Now we install MYSQL

sudo apt-get install mysql-server

As a part of this process you will be prompted to enter a password, this password will be the root password for MySQL.

Once this process completes install MySQL Client and MySQL PHP components

sudo apt-get install mysql-client php5-mysql

Now we need to setup a database and user in MySQL

Connect to the MySQL Server using the root user, you will be prompted for the password

mysql -uroot -hlocalhost -p

We now create a database, wordpressdb represents the name of the database

CREATE DATABASE wordpressdb;

Now we create a user for WordPress to use to access the database, wordpressuser represents the user id and password_here a password. Root should not be used

CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password_here';

Now we grant this user access tot he database

GRANT ALL PRIVILEGES ON wpdb.* TO 'wordpressuser'@'localhost';

Flush the privileges for the changes to take effect

FLUSH PRIVILEGES;

Now press CTRL + C to exit MySQL

Now test the username against the database

mysql -uwordpressuser -hlocalhost wordpressdb -p

Now press CTRL + C to exit MySQL

Finished

You now have a working server server with Nginx, PHP and MySQL ready to use.

Halal Cookies

Poor old Byron Bay Cookie Company has been hit by a campaign of stupidity because their ANZAC biscuits have Halal certification. Time to make fun of what is clearly a stupid situation.

Make your Cookies Halal in Australia and Everyone Loses Their Minds

Make your Cookies Halal in Australia and Everyone Loses Their Minds

For reference here is a news article from the Northern Star – Facebook boycott over Cookie Company’s halal Anzac biscuits

SSLv3 POODLE Bug CVE-2014-3566

What is it:
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3 which was release in 1996. It does not affect the newer encryption mechanisms known as Transport Layer Security (TLS).

How Can I Fix my Browser?
Follow some recommended steps to disable SSLv3 support in your browser. Patches and software updates are mentioned latter in this article.

Chrome – Windows

Chrome had an update released in February that added a feature that in theory protects against this vulnerability, however someone people have claimed the adding –ssl-version-min=tls1 to the short cut will disable SSLv3 and earlier but I have not seen this work as in actually disabling SSLv3.

Chrome – Linux (Ubuntu) – gertvdijk on AskUbuntu

Open /usr/share/applications/google-chrome.desktop in a text editor
For any line that begins with “Exec”, add the argument–ssl-version-min=tls1
For instance the line Exec=/usr/bin/google-chrome-stable %U should become Exec=/usr/bin/google-chrome-stable –ssl-version-min=tls1
Reboot

Firefox

Put “about:config” in your address bar and press enter
Search throught he list of entries for “security.tls.version.min”
Double click on this item and enter the number 1, click ok

Internet Explorer

Launch “Internet Options” from the Start Menu
Click the “Advanced” tab
Uncheck “Use SSL 3.0”
Click “OK”

I’m a Server Admin What Can I Do to Protect My users:

Disable SSLv3 or lower on your servers, review your SSL Settings & make sure things are in the right order & following best practice which is pretty much to use TLS 1.0 or greater.

In large networks it may be necessary to deploy a group policy setting to disable SSLv3. Guide

How to I disable SSLv3 on X?:

I don’t feel that I’m experienced enough to give advice on Apache or any Linux HTTPS Deamons so I would advise that your check out the Linux community for your distro as they will most likely have information on securing your servers.

As I’m more familiar with IIS (Internet Information Server) I’m happy to  provide a link to Nartac Software Inc. GUI tool that allows you to set YOUR SSL settings, I recommend you set you server to the FIPS-140-2 standard using this software.

Changing the settings on windows will also effect other services on you system so make sure you test production environments after making these changes.

How do I know if a Site I’m Visiting is Vulnerable/How do I test My site?:

Qualys, Inc. provides a wonderful tool, SSL Server Test, it can tell you how well your server is doing when it comes to your SSL configuration in general. If you don’t have an A- A or A+ ratting you seriously need to look at your websites security then again maybe you don’t give a site about the people who visit your site. (Your pretty negligent aren’t you)

But remember even if you have an A ratting your site might still be poorly configured or have other issues. e.g. Some sites preference SSLv3 over TLS even though they have TLS enabled.

When are the software updates going toe be available?:

SSLv3 = Never, the Bug is a fundamental design flaw of the protocol.
Firefox = Mozilla has indicated that a patch will be available on the 24/25th November 2014, this update will remove SSLv3 from Firefox
Chrome = Google has not specified when or iff SSLv3 will be removed yet but claims that “Any version of Chrome since February 2014 (Chrome 33 onwards) is protected against this vulnerability.” They have also said “In the coming months, we hope to remove support for SSL 3.0 completely from our client products.”
Internet Explorer = “Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs” , Microsoft provides updates after or on the Second Tuesday of the month unless need arises that it be fixed sooner. (Should be on November 11 or the day after)

Windows XP – The End

As of today if your still running Windows XP then you have a big problem. There will be no more security updates for Windows XP.

You may have notice this message on your computer recently as well.

Windows XP End of Support NoticeYou pretty much have no choice now, disconnected Windows XP from the internet or upgrade because it will just be a matter of time before you pay the price with a security breach if you havn’t already been hit.