Blog

Yesterday, Heartland Payment Systems, Inc. disclosed a data breach that could be bigger than the TJX Companies, Inc.'s January 2007 breach.  Heartland, one of the largest payment processors in the country, said  they discovered the intrusion last week after being alerted by Visa and MasterCard of suspicious activity.  The company says they believe intruders planted malicious software designed to steal card data on the company's network sometime last year; however, the company has not yet released when the card companies informed them of the breach, when the breach took place in 2008, how long the intruders remained undetected, or how many cards might have been compromised.  Heartland claims no merchant data, cardholders' Social Security numbers, or unencrypted personal identification numbers (PIN), addresses or telephone numbers were compromised.

When a card is stolen, crooks typically "validate" the card with certain types of small transactions.  It has been noted that these types of transactions have increased nearly 20% over the past few months; however, it is not clear yet if this is related to the Heartland breach.  Currently, Heartland processes more than 100 million card transactions per month.

This is the second known compromise involving a large payment processor over the past few week.  On December 23rd, RBS WorldPay announced its systems had been breached by unknown intruders resulting in the compromise of personal information belonging to about 1.5 million card holders.  Payment processors are a prime target for cybercriminals due to the volume of transactions and information.

I came  across a neat thing in VMware Workstation the other day when messing with the NAT networking.  I have a local VMware machine that is configured as a Squid Proxy server (nice for Ad blocking and caching of Windows Updates, etc.).  At first, I had it bridged to our main network, but I decided I wanted to have it available to matter what network I connected to, so I decided to try to figure out how to get it working well with VMware NAT.  Getting everything working and accessible locally was easy enough, but one of the main things I wanted a caching proxy for was downloading Windows updates to all my Windows virtual machines.  So, I need all my bridged virtual machines to be able to use the virtual machine that was in my VMware NAT network.  The solution, port forwarding.  On the NAT tab in Virtual Network Editor, click Edit… -> Port Forwarding.  Here you can set up TCP/UDP ports that you want to publish on your primary NIC used by NAT.  Mine looks like this: [more]

So, now I can access my VMware Squid Proxy in my VMware NAT network from my primary network using <my IP address>:8080, <my hostname>:8080, or locally by using localhost:8080.  I can point all my bridged VMware machines to this location as well.  (Anyone on my local network can actually access the proxy.)

Technical press has recently printed headlines such as:

"No longer safe: WPA encryption cracked in 12 to 15 minutes" - ZDNet
"Once Thought Safe, WPA Wi-Fi Encryption Is Cracked" - PCWorld
"Researchers Crack WPA Wi-Fi Encryption" - Slashdot
"WPA cracked in 15 minutes or less, or your next router's free" - engadget

However, the details seem to indicate a much more limited vulnerability.

The "crack" is limited as follows:

1. Access points running QoS (or WMM - Wireless MultiMedia)
2. Small control packets such as ARP packets
3. Only traffic using TKIP
4. Only packets from the access point
5. Requires 12 minutes & fails if the group key is renewed during that 12 min period

[more]No data decryption is actually involved.  However, if TKIP is being used, a DoS attack is possible by generating packets with correct checksums but erroneous packet authentication info (Message Integrity Code values).

Recommendations:

1. Disable TKIP if possible (use AES)
2. Disable QoS (and/or WMM) to prevent replay attacks if possible
3. Configure to reduce the group key renewal period to less than 12 minutes

Also, since WPA is susceptible to brute force attacks, you can use Steve Gibson's key generation site www.grc.com/passwords - I am paranoid enough to generate the password/key on a network other than the one that uses the external router I'm getting the key for.

When I first started using Vista, I noticed I would go into a folder sometimes and the view would be something totally different than everything else (usually huge folder icons).  There wasn’t any rhyme or reason for it, and I couldn’t find any checkboxes to make it stop.  Once it started happening on one folder, it seemed to get progressively worse.  I found that clearing the “saved views” from my registry typically fixed the problem for a little while, so I created a REG file to remove all saved folder views.   At first, I would just clear the keys when I started having the issue.  But, after getting tired of digging for the REG file every few weeks, I finally decided I’d just set the file to import (delete the keys) whenever I login.  I haven’t had the problem since.

Here is the information in my REG file: [more]

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU]

[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags]

This is a followup to the November 18th post concerning limits on how many Outlook rules can be created.  The limit is actually on the amount of storage the active rules take up.  Exchange 2003 has a fixed limit of 32KB.  Exchange 2007 has a default limit of 64KB, but it can be increased to as high as 256KB.  This is specified as a mailbox attribute called RulesQuota and can be changed with the Set-Mailbox Exchange Management Shell command.  The Set-Mailbox command is documented at http://technet.microsoft.com/en-us/library/bb123981.aspx

Here are examples that list the RulesQuota setting for each mailbox and set the quota for all mailboxes to 256KB. [more]

Get-Mailbox | ft DisplayName,RulesQuota

Get-Mailbox | Set-Mailbox -RulesQuota 256KB

And here is an example of how to set the RulesQuota on just one mailbox, conetrixuser’s, to 128KB.

Get-Mailbox | Where-Object {$_.Alias -eq "conetrixuser"} | Set-Mailbox -RulesQuota 128KB

Cisco has created several search bars for IE7 and FireFox. They include:

• BugID Lookup Tool
• Command Lookup Tool
• Error Message Decoder Tool
• RMA/Service Order Status Tool
• TAC Service Request Query
• Search Cisco
• Search NetPro Discussions

The link to install the search bar is http://www.cisco.com/web/tsweb/searchplugins/plugin_homepage.html 

Screenshot: [more]

In my VMware Windows XP machine (after I upgraded to SP3), I tried to defrag the hard drive (as I was cleaning up and preparing to compress the VMware drive file, etc.).  When I pulled up the Computer Management console and selected the Disk Defragmenter option, I pressed the Analyze button and nothing happened.  The button is active but nothing seemed to happen.  The same thing happened (or didn't) when I pressed the Defragment button.  When I tried to defragment from command line, I got the following message:

Windows cannot connect to the Disk Defragmenter engine.

When I googled this message, it indicated the defragmenter wasn't installed and I should install it.  However, the Microsoft article (http://support.microsoft.com/kb/922379) also indicated the defragment now button in the tools tab of the drive properties would be disabled - which it wasn't.

Regardless, I found the dfrg.inf file in the Windows\inf folder and right-clicked on it and selected Install.

After a few seconds, things seemed to be finished and now the defragmenter works.

While working with Windows XP users, sometimes you need to add a local printer to their PC but they don’t have permissions to add a local printer.  Usually to get around something like this in the control panel, we hold shift and right click the icon to bring up a “Run as..” option where we can use admin credentials to get the task done.  However, you will not be able to “Run as..” for adding a printer in Windows XP unless you modify the folder view. 

From within the printers and faxes window, go to tools, options, and select “Use Windows classic folders.”  You will now see an icon for “Add Printer” that you can shift + right click on to add a printer with admin credentials.

Windows Vista Easy Transfer Utility is a product that comes with all Vista machines that allows you to move user settings and profiles over to your new Vista system from your old XP or Vista PC.  The utility supports both XP and Vista as sources, but only Vista can be a destination.

If you are using the Windows Vista Easy Transfer Utility, there are several things that you need to consider. Moving the settings over the network is supported, but it is time consuming and often fails.  I recommend that you use an external hard drive. This takes about 20 minutes to blow onto the drive and another 20 to blow onto the new machine but it is very reliable.

Another thing to consider is that if you are transferring a user's domain account to the new PC, you will want to add the new PC to the domain first. This will allow it to retain the correct settings and will keep you from having to create a new account for that user on the new computer.