Undocumented Coldfusion Ports

After running 'chkrootkit' on one of my Ubuntu server at work, I got a responds:

Checking `bindshell'... INFECTED (PORTS: 4000)

A message which started a 'mild' shiver across my back, because the rootkit checker just reported that one of the processes on the server could be compromised.

First I took the server of the network. Just to make sure. After that I searched the Internet for a possible explaination. Nothing substancionally. until I found the following command to see what is occupying the port.

sudo netstat -e -p -n -a | grep 4000

This gave me the following result:

udp6 0 0 :::4000 :::*
65534 13886 4739/coldfusion8

So it seems that Adobe Coldfusion is using this port. But this can't be found in any of the official Adobe Coldfusion documentation. There are some (blog)posts related to this, but nothing more.

Posted on August 27, 2008 by Willem and filed under Annoying, Linux, Operating Systems, Security and tagged Coldfusion infected port 4000.

Corrupt / Missing Windows Profile

If you think that things are going (relatively) well, they come right back at ya....

This time it's my laptop from work. I used to enjoy my HP NX8220 widescreen laptop. It served its purpose well over the last 3 years. Since it was out of warranty (and noisy), it had to be replaced by a Fujitsu Siemens Lifebook E8310.

Personally, I never liked the Fujitsu Lifebooks. They feel like cheap plastic laptops that might fall apart with every keystroke. Apart from the physical look and feel, there's the 'need' to use hardware which can only be used by installing a gazzilion Fujitsu installers/drivers (on the HP I only needed half the drivers to get a functioning laptop).
The quality of these drivers are questionable. On a default Windows XP Pro SP2 OS with ALL the tools/drivers recommended by Fujitsu the hardware and Windows OS don't seem to get along. Without any reason, the OS seems to hang every once in a while. And lately things have gotten worse....

Posted on August 19, 2008 by Willem and filed under Annoying, Hardware, Microsoft, Operating Systems, Software.

Microsoft Automatic Reboots

I ran into the most annoying (understatement) thing about certain Microsoft automatic updates (on Windows XP Pro). It seems that last Tuesday was yet another 'patch-Tuesday'. Nothing unexpected about that, but this update (or at least one of them) required a reboot of the PC (yet, still nothing wrong with that).

Normally, the automatic update process bugs you about rebooting, but somehow this reboot interface had a timer. A timer of 5 minutes. After these 5 minutes the PC will reboot.

Totally ignorant to open (modified) documents. The shutdown process kills all open programs / documents and reboots. Without waiting for user input on e.g. saving files.

I tested this with opening a notepad document, altering it and leaving it open. After 7 minutes, the PC had rebooted, and all changes to the document were lost.

Yet another 'Thank You, Microsoft'

Posted on August 14, 2008 by Willem and filed under Annoying, Microsoft, No Way!!!, Operating Systems.

Windows/Office Frustrations

The title should cover the topic appropriately.... The last couple of days there's this delay on opening Office documents on my work laptop. Every MS-Word or Excel document I open (by double clicking the document) takes approximately 25 to 30 seconds to open.

Using tools like procmon (formerly known as filemon from SysInternals) displayed nothing interesting. Apart from a 15 to 20 seconds delay between the WINWORD.EXE appearances in the logging.
Since this nagged the hell out of me, I tried some stuff (in a non-chronological order);

Removed McAfee AV
Removed all tooling I installed in the last couple of days
Removed MS-Word
Removed Office 2003 completely
Removing all references to Office, MS-Word or Excel in the registry, and on the filesystem.

Running Word with the /a switch or even typing winword.exe c:\test.doc works fine. Everything works, except the default opening of a file by double clicking it.

Someone suggested to add another user on the system and try it with that user account. So I did. I logged on as the new user and every document launched as it's supposed to do :-) . So I logged out, and tried the original user, and guess what? The document opened lightning fast. I couldn't be more happy, because I didn't feel like reinstalling the entire system.

After working a couple of hours I restarted the system (application update), and everything went back to 'normal'... Opening documents took forever again.....
It seems that launching Word from a FRESH user account resets something. Everything afterwards works fine, just as long as you don't reboot... And since it's Windows...... Well, Friday is gonna be a re-installment day. Am I looking forward to that (that's something of a rhetorical thing).

Posted on July 16, 2008 by Willem and filed under Annoying, Microsoft, Operating Systems, Personal, Software and tagged Excel Office Windows Word slow frustration.

Full Disk Encryption for the Mac

Checkpoint acquired a company called PointSec a while ago. This company made full hard disk encryption software for Windows. Now, Checkpoint has released a hard disk encryption version for the Mac. I guess they are taking OSX seriously.

Disk encryption is available today for the Mac (TrueCrypt, PGP), but these aren't able to encrypt the boot partition. Only partitions are by the use of containers. This type of software was available to Windows only primarily.

Now that the 'trick' has been done, I guess more will follow.

I do wonder if it's still possible to use SuperDuper for cloning a bootdisk....

Posted on June 3, 2008 by Willem and filed under Apple, News, Operating Systems, Security, Switched2Mac and tagged Encryption Mac OSX PGP TrueCrypt checkpoint pointsec.

Adobe Coldfusion MX on Ubuntu Server

Ever since I went 'Apple', the urge of moving away from Microsoft Windows operating systems is getting bigger and bigger. A couple of weeks ago I installed a two Ubuntu servers (v7.x) at work. Mainly for testing , and educational purposes.
The installation went extremely smooth on old Compaq ML370 server hardware. So, as a test I tried to install Adobe Coldfusion MX (Coldfusion 8 ) on the Ubuntu server (with Apache, and MySQL).

There are several postings on the Internet suggesting that it should be possible. Even though Ubuntu isn't on the supported platforms list for Adobe Coldfusion MX.

Posted on May 10, 2008 by Willem and filed under Linux, Operating Systems, Software, Tips'n Tricks and tagged Adobe Apache2 Coldfusion Linux ubuntu.

Ubuntu 'Hardy Heron' Released

As of yesterday, the latest Ubuntu release 'Hardy Heron' is available for download (both client and server). Every time a major Linux distri(bution) hits 'the shelves', the Linux community roars. With each release (Ubuntu or whatever flavor) the Linux community gets closer, and closer to Windows.

Even though the OS itself is getting better and better. It still lacks the support of decent major software like Adobe Creative Suite, etc. It's missing the software people use in every day (business)life.
Sure, there a million different ways of running Microsoft Office or Adobe Photoshop on a Linux OS, but these require a commercial piece of software (CrossOver) , or in depth knowledge of the OS to make it work (Wine in some cases). Two things that shouldn't be required. Not if you're used to Windows (or Apple's OSX). And even if you find a 'substitute' it's most likely to have an awful user experience.

The average housewife won't use Linux, because her friends all use Windows. All those nice little Windows programs, which makes life easier (or a living hell with all the mal/spyware out there). So if the Linux community wants to make a difference they need to create some sort of critical mass (by their selves, or by Microsoft screwing up) to get the attention of the 'normal' user. But in a community where there's no real (commercial) business model, it's gonna be damn hard.

Microsoft created this critical mass by playing (probably) the best marketing trick in the world; Release Windows 95, and turn a blind eye to those who use a pirated copy at home. The home users create demand on the workfloor, so businesses start to use it on their workstations. Soon everyone was addicted. And now it's damn hard to beat the addiction.

B.t.w., Apple is doing it a lot better. They created a nice and stable OS (just like the average Linux desktop distribution), BUT the OS has ALL the relevant drivers for the hardware used. ALSO they have a complete (and cheap) software suite (iLife and iWork), which is more than enough for the average family. No need to search the caverns of the Internet for software, and they look and feel the same as the OS.

So, I guess that my conclusion is that the OS is nearing perfection, but it (Linux in general) lacks good and decent third party software (and a good marketing machine :) )

In the mean time; I'm gonna upgrade my Linux (mail, web, and ssh) servers at work to 'Hardy Heron'.

Posted on April 25, 2008 by Willem and filed under Apple, Linux, Microsoft, News, Operating Systems, Personal, Software and tagged Apple Hardy Heron Linux Microsoft OSX Windows iLife iWork ubuntu software.

VMWare and Firewall / VPN Clients

Well, that was another morning well spent....

A couple off weeks ago I started experimenting with FreeRADIUS on Ubuntu server (v6.06.2 TLS). Mainly because I needed to test some things for work. So I used VMWare to experiment. The networking part was set-up as Bridged.

Today, I wanted to test with iperf (a tool for network performance testing). So I launched the virtual machine, but there was no network connectivity. ifconfig showed that eth1 didn't received an IP adres.
So I ran every possible test there was;

restarted the interfaces (/etc/init.d/networking restart)

This resulted in the following;

Listening on LPF/eth1/00:0c:29:68:e3:eb
Sending on LPF/eth1/00:0c:29:68:e3:eb
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12

The "DHCPDISCOVER" messages continue about 4 times, then the message:

No DHCPOFFERS received.
No working leases in persistent database - sleeping.

restarted the DHCP server
rebooted the virtual machine
changes the networking to NAT instead of Bridged (this way, connectivity was restored, but not the way I wanted. I needed Bridge-mode)
Tried to run the virtual machine on OSX (VMWare Fusion), which worked surprisingly.

After this I ran Wireshark on my server to see if DHCP request were coming in.... And you might have guessed; No DHCP request were reaching the DHCP server. So the problem was work PC related.... As a matter of fact, I had the Cisco VPN client running..... Which didn't allow the DHCP request broadcast.

Shutting the VPN client down solved the DHCP problem. After the virtual machine worked I could reinitiate the VPN.

Mental note to myself: do NOT boot/restart the virtual machines when the VPN is up.

Posted on April 8, 2008 by Willem and filed under Annoying, Operating Systems, Software and tagged Cisco VPN client DHCPDISCOVER FreeRADIUS dhcp firewall iperf ubuntu vmware.

OSX Update Galore

There are lot's of people who complain about the updates on the Windows platform, but Apple tries to compete I guess. In the last 3 days there was a big security update, Safari 3.1 (both Windows and OSX), Time machine and Airport Updates, and now a Camera RAW update for OSX 10.5.2. Thankfully no problems on my side with the updates. Looking for other updates from Apple? Just go here.

Posted on March 20, 2008 by Willem and filed under Apple, Operating Systems, Photography, Security, Software.

Aurora Be Gone

The default background image on OSX Leopard is this annoying Aurora/starfield kinda picture. To change this, just change the desktop background image by using the rightmouse button on the desktop.It's something different to change the background image on the login screen. Some searching revealed that it uses the DefaultDesktop.jpg in the /System/Library/CoreServices/ directory. 'Just' replace that file with your own picture. There is a small catch. If you replace it, it will get the wrong permissions on the file, and therefor won't show up on the login screen.Just 'reset' the permissions on the file like this:

sudo chown root /System/Library/CoreServices/DefaultDesktop.jpg
sudo chmod 755 /System/Library/CoreServices/DefaultDesktop.jpg

You may need to enter a username and password while executing these commands.

Posted on November 3, 2007 by Willem and filed under Apple, Operating Systems, Tips'n Tricks.