C30 C60 C90 GO ... ok, ready, lets do it

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"


18 June 2019, 19:26 UTCBravo Microsoft - KB4503267
YOU EVEN BROKE THE FILTER ON ALL OF THE LOGGING YOU ID10TS!

When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error,
"MMC has detected an error in a snap-in and will unload it." and the app may stop responding
or close. You may also receive the same error when using Filter Current Log in the Action menu
with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.


"you may receive the error",
"the app may stop responding or close."



... weasel words. If it happens 100% of the time, it is not
a may or might...
Ok, walk it back a bit. It was some of them. Still don't feel good about some items using the same software base
breaking in different ways from the same patch. - still reserving disgust.
Love the - use powershell after a bit of programming workaround bit as well (every time you wan't to view the logs!) - ugh...
Can't wait until Systemd logging makes this move :-)

Workaround

To work around this issue, copy and paste the following function into a PowerShell window and run it.
You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views.
You will need to re-enter the function each time you open a new PowerShell window.
Note The get-EventViewer function will only allow you to view previously defined Custom Views.
To create new Custom Views, see Creating Get-WinEvent queries with FilterHashtable.
-------------------------------------------------------------------------------------

function get-EventViewer {
                Write-Output "List of custom views on the machine"
                Write-Output ""
                Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
 
                Write-Output ""
                $view_name = Read-Host "Enter the name of custom view to execute"
 
 
                # Get the file name of the view
                $ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
 
                Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))
}

[permalink]


18 June 2019, 1:52 UTCSACKED - CVE-2019-11477 & CVE-2019-11478 & CVE-2019-11479

/proc/sys/net/ipv4/tcp_sack - TCP Selective Acknowledgements. They can    
reduce retransmissions, however make servers more prone to DDoS Attacks   
and increase CPU utilization.

Uh, so what did Netflix to, read the kernel documentation?
Good advice from Suse:
https://www.suse.com/support/kb/doc/?id=7023928
Give this a shot if you find you need relief (with a trade-off):
echo 0 > /proc/sys/net/ipv4/tcp_sack

[permalink]


29 May 2019, 4:01 UTCDrop Android phones from your network?:

Want to have a quick way to drop Android phones from your network?

iptables -I FORWARD -d 216.58.192.0/19  -j DROP
iptables -I FORWARD -d 172.217.0.0/16 -j DROP

Not sure which network does it, but if you add this to your firewall,
the Android phones will show "Connected, no internet".
They will "connect" to the network, but not have internet access (apart from the cell
network) as a fall-back route.
They (Google) must be using some connectivity to some host or hosts in those networks?
Silly, but I suppose they had some reason to do that.
It does make it hard to trust the basics of networking when that is true, as
I would sometimes use my phone to troubleshoot networking issues.
Makes it easy for the pinks I suppose.
p.s. This works today (2019/5/28) on all current 'Droid software that I am aware of.
It might not work after they patch it. Also, assume burgerland isp's in use.

[permalink]


24 May 2019, 17:20 UTCPython 2.7 still? Unicode and conversions...

Stop using str()
If you are and get:

UnicodeDecodeError: 'ascii' codec can't decode byte 0xff in position 6:
ordinal not in range(128)

Instead...
More here https://docs.python.org/2.7/howto/unicode.html#the-unicode-type
Short version for the impatient (and in case that link goes away:
- Set your encoding to closer to ascii if possible like:
closertoascii = yourunicodestring.encode('utf-8')
- But it is best to use Unicode across the board as some bits have no replacement..

[permalink]


21 May 2019, 20:53 UTCShoot the messenger:

Re-blogging a tweet from here: https://twitter.com/ComplexHow/status/1130892833815187457
So true:

The evaluations based on such reasoning as ‘root cause’ do not
reflect a technical understanding of the nature of failure but
rather the social, cultural need to blame specific, localized
forces or events for outcomes.

Here is a perfect example...
blog/01510064621

[permalink]


20 May 2019, 18:04 UTCNice 'n blinkey...

Blink tag makes a slight comeback:
See it in action here: http://l1demo.org/

<script type="text/javascript">
    setInterval(function(){
        $('blink').each(function(){
            $(this).css('opacity' , $(this).css('opacity') === '0' ? '1' : '0')
        });
    }, 500);
</script>

...
<blink>*NEW*</blink>
...

[permalink]


20 May 2019, 18:02 UTCSupport portal broken, loop, use Support portal...

What the heck?

Incident resolved
The issue with the Support Portal has now been resolved, and tickets
may be created and viewed normally. If you continue to experience
any issues, please open a ticket with our support team via
https://---.---.---/company/contact/#support

[permalink]


14 May 2019, 21:21 UTCThe next worm for older Microsoft OS's?

Might want to patch your older systems (2008 and down):
- Even 2003 and XP if you still run them:
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
As usual - short description here for when that page goes away:

Short bit from the page above on 5/14/2019:

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – 
formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable.
This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future
malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way
as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability,
it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

[permalink]


9 May 2019, 3:56 UTCMySQL vs MariaDB

Get ready for Oracle round 3.
MySQL AB was founded in 1994.
In 2010 - Oracle buys MySQL... Ney, they bought Sun Microsystems in 1995. in 2008 Sun Microsystems purchased MySQL AB. In 2010 Oracle bought Sun Microsystems.
Hmmmmm. So this will end well based on...
StarOffice / LibraOffice ... Java / Blackdown / OpenJDK...
I don't think going with Oracle will end it well based on dabbling in GPL / Open Source.
But I am old, and don't know about such things. Commercial interests always improve a large GPL project...
You be the judge.

[permalink]


9 May 2019, 3:42 UTCBreak down barriers

Ask the person for the definition.
LISTEN TO THE FULL STATEMENT AND DON'T INTERRUPT.
Ask for references (i.e. how you can learn more about the subject..._
RESEARCH THE SUBJECT MATERIAL THEY GIVE YOU...
if you follow the steps, you should now know about the barrier._
You now can engage in further steps to break down barriers.

[permalink]



30 April 2019, 3:58 UTCBlah... is now open source...
29 April 2019, 19:30 UTCvi / vim stuff:
27 April 2019, 5:43 UTCFun Google search:
26 April 2019, 4:05 UTCLight reading:
23 April 2019, 20:09 UTCGopher links:
23 April 2019, 14:50 UTCMagento bits
3 April 2019, 20:31 UTCnetplan with a plan (dhcp and alt dns servers):
13 March 2019, 13:21 UTCMore systemd in the way. - deluser.
17 January 2019, 21:46 UTCInstalling .Net 3.5 on Windows 10 and failing?
31 December 2018, 23:04 UTCcompgen -c (you complete me)
16 December 2018, 6:03 UTCRIP Timothy C. May - December 2018
11 December 2018, 12:43 UTCFirewalld - what is it?
5 December 2018, 15:05 UTCPolicyKit - uid's > max_int allows unprivileged user to run systemctl commands.
30 November 2018, 3:35 UTCOld Sonicwall - nogo ssh?
27 November 2018, 20:33 UTCBracketed paste mode \e[200~ (and) \e[201~ (or) 30 7E ... 31 7E (or) ~0 ... 1~
28 September 2018, 19:31 UTCAnybody seeing a pattern here? - SYN flood spoofing
14 September 2018, 16:48 UTCUbuntu 18.04.1 - Libvirt/KVM/Qemu setup with Wok/Kimchi
23 August 2018, 21:04 UTCOk, now disable SMT / Hyper-threading? This is getting old.
20 August 2018, 20:53 UTCUh, yeah, good one Microsoft: Auto updating AD Sync, and wow....
6 August 2018, 20:02 UTCGet ready for the SegmentSmack and FragmentSmack TCP vulnerabilities.

All older entries




[atom feed]  
[æ]