Blog: Linux

I came across a problem in one of our automated Robocopy command scripts when copying files from NTFS to EMC Celerra file system.  The problem was that every time Robocopy was told to copy files to the EMC Celerra over the VPN, the files were always detected as “newer” on from the originating source.  This caused Robocopy to copy every single file from our network to the remote network each and every time. 

I came across a command line switch for Robocopy: /FFT : Assume FAT File Times (2-second date/time granularity).  So what this does is force Robocopy to use FAT style time stamps which are 2-second granularity.  It allows enough flexibility to account for the way the time is recorded when doing a file copy from NTFS to another file system. This is needed when going between and NTFS and Linux/Unix/FAT or emulated file system.

I think we all know better than to download executable programs (.exe's) from untrusted sources and run them.  Opening a Word document from an untrusted source could be dangerous.  Now, even opening a PDF file on a fully patched Windows machine with excellent, up-to-date anti-virus and malware software could cause your machine to get owned.

Didier Stevens, who has written some great PDF analysis tools, published a disturbing blog post the other day.  He demonstrates how to use an existing feature in PDF to execute a program on someone's computer when they open the document.  Adobe Acrobat Reader displays a message first, but the message can be changed to social engineer someone into clicking the Open button on the message.  And my favorite PDF reader, Foxit, does not even display this message.  Disabling javascript does not help. [more]

Here is the link to his article: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

I downloaded his extremely simple example and in a few seconds changed it run a batch script instead of cmd.exe.  It looks it would be trivial to make it run any sequence of commands desired.  Depending on the PDF viewer used on other operating systems such as Linux or Mac OS X, this same technique will work there.

When using Google, one might consider clicking on Quick View or View as HTML instead of viewing the actual the PDF file.

UPDATE:  Adobe finally responded to this, explaining simply how to disable this feature.  This sounds like a good thing to do for most users. http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html

On a recent IT audit, the bank was using a Samba directory instead of Microsoft’s Active directory for user authentication on their workstations.  We use an audit tool called DumpSec to dump the user accounts out of Active Directory.  However, when I tried to use it on the Samba directory, I got an error message and a partial list of users (about 6 accounts out of 85).  After trying several fixes, including joining a VM to the domain and running DumpSec using the root credentials, I unchecked the “Show computer accounts” option in DumpSec (see screenshot below) and it worked. [more]

This is a very painless way to install Ubuntu without partitioning your HD, installing a different bootloader, and without the use of Virtual Machines.  You can get the downloader at http://wubi-installer.org.

Wubi will download and install the newest release of Ubuntu for you.  All you do is give it a password and it pretty much does the rest.  When you reboot you will see the choice to boot into Ubuntu or Windows.  It makes a file on the hard drive (like a virtual machine) instead of using a partition, and can be removed at anytime from Add/Remove Programs in Windows.

All in all, this is a pretty slick way to try it out.

Note: If you are installing Wubi on Windows 7, install the program with compatibility mode set to ‘Vista’ or else it will not modify the Windows boot loader correctly.