Skip to main content

Posts

Showing posts from November, 2012

ASPY.a - Malware Source Identified as Blackhat Control Panel Developer

I've spotted a trojan/shell exploit that targets ASP.NET named ASPY.a making the rounds again recently. By no means a 0-day or brand new bit of malware, ASPY.a has been around for about 2 years . It takes advantage of vulnerable ASP scripts, uploads itself to a web server and in unpatched systems that lack sensible permissions policies and the latest updates, it can grant remote attackers administrator access. Microsoft Security Essentials will catch it, however I've seen at least one version of Symantec that does not completely remove compromised files - with Symantec server-level compromise was prevented, but the website itself remained controllable. So why am I writing a post about a 2 year old piece of malware? The story here is that the circulation appears to be driven by a developer based in Russia that sells "server control panel" (панель управления сервером, управление) software for novices tasked with IIS-based website management. The name of the company is

Merger Alert

Freelancer.Com, a clearinghouse for employers to higher developers and technicians for one-off jobs that need fixin' based in Tampa Florida, acquired competitor vWorker last week. Both companies are privately held. vWorker was founded in 2001 as RentACoder.com. For Freelancer, this could be a great purchase. Dismal credit-strapped economies provide significant advantages for companies that are cash-rich and that (gasp!) create wealth by serving customers that do not need to rely on the fleeting good graces of investors, bankers and taxpayers. Let's see if this is the beginning of an acquisition phase for the company. Combined with a growing base of employers with diverse employment needs that fear the commitment of new hires, a few key acquisitions and a smart marketing campaign could pay off big for Freelancer.Com. Full disclosure: I've worked for Freelancer in the past (however I have not done so for over a year, and I was not paid for this post, or any other post on

Scheduling Application Pool Recycles in Windows Server 2008 and 2012

TimeSpan[]Array and the TimeSpan Collection Editor The process for scheduling an application pool to recycle at specific times in Windows Server 2008 and 2012 is a bit different then in previous versions. Launch IIS Manager, expand application pools and highlight the application pool to modify. Under the Actions menu on the right hand side, select Advanced Settings. Scroll down to the Recycling section and expand it. You are looking for the TimeSpan[]Array entry of Specific Times section, highlighted in the example above. Click the three dots to the right of this entry. Click the Add button under the Members window on the left hand side. This will produce a new value in the Properties window. click the new value and modify it using a 24 hour / military clock standard . Select OK and you're all set!

Thank You!

When I started this site 6 months ago, I expected it to be a sort of notebook for quick fixes of server and router problems. I had hoped to use this as a place where the solutions to IT brain ticklers could be posted in case I forgot them and needed them later. Because almost all of my friends work in the same industry I do, it quickly became a place where I could refer people I knew who were in a bind and in return I post fixes they come across. Other than letting a few close friends and family know about the site and bugging them for feedback and ideas every now and again, or sending out the occasional twitter/linkedin post,I haven't really told anyone about it. I certainly haven't marketed the site or engaged in any sort of 'search engine optimization'. That's why I don't quite know what to make of the sheer number of visitors to the site. At this point, the count is in the tens of thousands, with traffic doubling every single month. Here is what the traf

List of Windows Activation Keys for KMS

Includes Keys for Windows Server 2012, Windows Server 2008, Windows 8, Windows 7 and Vista This list of keys for KMS can be a real hassle to find in Microsoft's online documentation, so provided here in the hopes of saving you some time. Please note that these are not stolen product keys and as such publishing them is a time saver for administrators managing large deployments of fully licensed Microsoft products  - so if you are a thief or an Internet police person, sorry to disappoint but you've made it to the wrong site. Click this link for an article with more information about KMS, activating Windows Server 2012 Licensing, and upgrading your KMS Server from 2008 to 2012 . WINDOWS SERVER 2012 Windows Server 2012 Core BN3D2-R7TKB-3YPBD-8DRP2-27GG4 Windows Server 2012 Core N 8N2M2-HWPGY-7PGT9-HGDD8-GVGGY Windows Server 2012 Core Single Language 2WN2H-YGCQR-KFX6K-CD6TF-84YXQ Windows Server 2012 Core Country Specific 4K36P-JN4VD-GDC6V-KDT89-DYFKP

This Week in Links: The Computer Fraud and Abuse Act as Explained by Errata Security, and More Fun With the Federales

In a missive to the estimable Jean-Baptiste Leroy, portly Founding Father Benjamin Franklin once wrote, speaking of the longevity of America's fledgling constitution, "[...] in this world nothing can be said to be certain, except death and taxes." It is with the utmost respect then, that I would slightly plagiarize that hackneyed turn of phrase for use by the engineers, owners and managers of the data center: for us, the only two certainties are spam and visits from Federal law enforcement. This noble profession of ours sits at the crossroads of just about every human activity worth snooping; banking, business big medium and small, healthcare. Criminals both notable and otherwise post their exploits and those posts find their way routed to our n+1 powered, humming homes away from home. Confessions vary from the moronic - as a videotaped confession with a stolen camera surely was  - to the barbarous - as the flurry of terrorist attack and recruiting tapes surely are.

McAfee, I Hardly Knew Ye: Zillionaire Security "Expert" Flees Law Enforcement In the Midst of Murder Investigation

I wish I was making it up. For those who haven't heard, here is the story: John McAfee's neighbor has a gunshot wound in the back of his head. John McAfee is not surrendering to the police for questioning. John McAfee has a long history of doing drugs and having sex with young girls and reporting both exploits on the internet in livid detail (this *is* the computer industry we're talking about here) and every 30 minutes or so, John McAfee is blogging at http://www.whoismcafee.com/ to keep us all posted as to life on the lam and confirming his innocence. http://www.wired.com/threatlevel/2012/11/threatlevel_1112_mcafee/ http://www.vice.com/read/john-mcafee-bath-salts-belize-murder-fugitive-gregory-faull http://www.cbsnews.com/crimesider/?keyword=john+mcafee&tag=contentMain;contentBody In no way should this post be construed as claiming guilt or innocence for Mr McAfee. John has a unique lifestyle, but then again the police in Latin America have a unique style of jur

Windows Server 2012 Activation Problems, Questions and Solutions

[ Please note this article deals with general questions related to Windows Server 2012 Product Activation. For tips on activating the Windows 2012 GUI from Server Core, try this article instead. ] I've heard multiple reports of people having issues with Windows Server 2012 Product Activation. Here are a few hints on how to resolve: -Ensure your server is connected the the internet -Ensure correct DNS resolution is available -Resolve any outstanding routing issues (Firewall or IPS blocking your new server? DHCP misconfigured?) -Attempt product activation from the command line: slmgr.vbs -ipk [enter your product key without brackets] slmgr.vbs -ato This is still a new OS, but I've yet to experience an issue that wasn't resolved by one of these for in cases where the product key is valid. Other Helpful Commands: slmgr.vbs /dlv Displays the active product key slmgr.vbs /upk Uninstall the current product key Frequently Asked Questions Related to Windows Serv

Weekly Links

Isn't it strange that the most successful sites aren't ones that produce content, but rather are gate keepers to the content of others? The phenomenon of network traffic is strangely circular - go to a website, click a link, from that site find a link, click it to find more links to click. I know you're not hear to read. You are here to CLICK. Well, never let it be said that I don't give my public what it wants. I'll try to make this minor aggregation a weekly event. Network World - Are the Spam Police Worse Than the Spammers? ("Spoiler Alert" - More so Every Day) Fierce Telecom - CenturyLink Goes 100G, Puts On Big Boy Pants Reason Magazine - Manipulating the Media For Fun and Profit Finally, CEI has brought to magnificent life Leonard Read’s 1958 essay "I, Pencil" - the concise work of genius that lead me to the study of economics - in the form of a beautiful short film. At a time when so many of us find it so difficult to appreciate th

Decrypting Data That Has Been Encrypted by ASP.NET

A colleague of mine let me know about an easy way to use .NET's decryption mechanism from the command line. From the directory of the framework version, issue the following command (replace filename and path where appropriate): C:\WINDOWS\Microsoft.NET\ Framework\v2.0.50727>aspnet_ regiis -pdf "filename" D:\path\ Encrypting configuration section... Succeeded! Neat!

From the Mouths of Babes

(thanks to Radley Balko for this)