Month: March 2009

Detecting Conficker with NMAP or scs

by

Conficker isn't nearly this cuteTomorrow is April 1st, and apart from funny pranks and silly hats — the Conficker worm will rear its ugly head. As recently as yesterday, some early (not that early I realize) detection programs are available. And they’re free.

The first is simple to use, but slow as crap. In the author’s defense, it’s just a proof of concept. But it works. 🙂 It’s written in Python, and has both the python script (which requires some additional libraries in Linux) and a windows version that is all built into a package.

This site has links to both versions, along with some instructions. It seems to be able to keep up with the traffic it’s getting, whereas some other sites are getting crumbled as admins scramble to sniff their networks.

The second method uses a brand spanking new version of NMAP to do the detecting. The advantage is it’s much quicker at scanning larger networks. The disadvantage is it requires a bit of commandline fu. Fear not, it’s as easy as copy/paste.

First, get the version for your operating system. NOTE: You MUST get nmap-4.85BETA5 because earlier versions won’t scan for Conficker.

Once you install nmap, you’ll want to run the command:

nmap -PN -d -p445 –script=smb-check-vulns –script-args=safe=1 [network_range]

Where [network_range] is something like 10.10.5.1-255 or even 10.10.0.0/16.

You’ll need to look through the results for information like:

Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE

And then fix/patch those hosts. I’d suggest sending the results to a text file, and grepping for the word VULNERABLE or INFECTED — but those types of instructions are beyond the scope of this quick hack of a post. 🙂

The Economy is Fixed

by

See? I have lots. And I can copy and paste lots more. Feel free to download as much cash as you like.No really, it’s finally fixed. CNN reports the stock market is headed upwards on a steady rise to its previous highs. The stimulus package has taken hold, and jobs are being created. The Midwest alone has seen a 4% decrease in unemployment, and more jobs are being created every day.

White House corespondent Julie Swarnok reports, “Now is the time to invest. Now is the time to spend. The economy is finally fixed, and while it will build slowly, it will build.”

What does this mean for the every day Joe (not Joe the Plumber, oy)? Well it means it’s time to either hire people, or to get a job yourself. Big business? It’s time to spend money. Big tech businesses? It’s time to sponsor bloggers and podcasters. Lucrative investments now will cement your brand in the hearts and minds of the very crowd that is beginning to spend again.

I happen to know a blogger/podcaster that would be interested. 🙂

So there you have it. The economy is fixed. Go tell it on the mountain. Go buy something. Go hire someone. And while you’re at it, make me a sandwich.

WD2500JS-40NGB2

by

The other eye is crying. :(This hard drive contains over 16,000 photos of my kids growing up. No, I don’t have a backup. Yes, I thought I did. (An untested backup is no backup at all)

I’m 99% sure the PCB failed. The mechanics inside the drive I believe are fine. The problem is, I need to find the exact same model number (WD2500JS-40NGB2) in order to test that theory out.

It will cost over $1,000 to get the drive recovered. I only need to borrow the PCB (circuit board) from a similar drive in order to get the data from it. I would REALLY appreciate it if anyone reading this would tweet, dent, shout, ask their neighbor, etc, etc, if anyone has this specific model of Western Digital 250GB SATA hard drive that I might borrow.

I know it’s a longshot, but who knows. 🙂

How I Broke Into Our Van (with Video)

by

There have been some questions about my Houdini act, so I’ll set the record straight…

1) I am not the one that locked the keys in the car. I think that’s important to note. So, noted. 🙂

2) Our van is a 2007 Caravan, and doesn’t lend itself to jamming a coat hanger anywhere. Well, not with any actual hopes of doing anything useful.

3) I used the piece of plastic (a cheap cutting board) to jam in between the door and the car. The baffles that prohibit stuff getting jammed in there are pretty easily (read: hour of jamming and wedging) fooled by a piece of stiff yet flexible plastic.

4) Once I had the plastic half in and half out, I poked a hole in the plastic and set a snare with the string.

5) Using physics to both bend the plastic so it would properly lasso the lock mechanism, and gravity to aid in the targeting system, I looped a slip knot around the lock and snugged it up.

6) I shimmied the string up the plastic sheet and then tugged to unlock the door.

7) The theft deterrent system immediately honked my victory to the neighborhood. 🙂

For those of you that are visual learners, here’s a reenactment of the whole thing:

I Want You To Win

by

No, my hand really isn't as big as my head. It's called perspective, people. If my hand WAS that big, it'd be kinda cool. But only at first. Glove buying would suck.No really, I do. You know that awesome magazine company I work for? Well, you can get a year subscription to the digital version absolutely free. FREE. No strings attached. All you have to do is solve a puzzle and fill out a form. And puzzles are fun, so it’s like 2 gifts in one. 🙂

You have to watch videos to find the clues, but they’re short videos, so it shouldn’t be too painful. Here I’ll even give you links to each video. See, now it’s like three gifts in one. I just give and give…

Video 1 (the video includes instructions on what to do)
Video 2
Video 3
Video 4
Video 5 — this is just me telling you how to claim your prize.

The contest is for TODAY ONLY!!!! So don’t delay, or it’s like getting zero gifts. 😉

UPDATE: I’m giving out clues over here. Just FYI.

Listen To My Dulcet Tones, and Win Stuff

by

You know those videos I do all the time, teaching folks how to do stuff with Linux? Well, humor me and pretend you do. Anyway, this week Linux Journal is giving stuff away. And not a limited amount of stuff either. Everyone that plays can win. You can play. You can win. Watch this video for details, and if you don’t want to win, then you don’t have to play. See how easy I make it for you?

That thing over my shoulder is a speaker to our surround sound system. No, not that. That one is a clock, I meant the other shoulder.
Just click the thumbnail to go to the video contest page


Go now! Tell all your friends! Have your dog blog about it! Tweet it! Dent it! Tell your neighbors with smoke signals. (Be careful with that last one though, fire is dangerous, and this blog isn’t insured)