PhillipBlanton.com

"Save me, oh God, from people who have no sense of humor."
— Ludlow Porch

Shame on you CIA

Cisco recently announced a vulnerability in 300 OF THEIR SWITCH MODELS in the recent Wikileaks Vault 7 dump. Apparently the CIA discovered the vulnerability and created an exploit for it for their own nefarious purposes, rather than informing Cisco so they could fix it.

http://thehackernews.com/2017/03/cisco-network-switch-exploit.html

Those of you who blindly trust your government to "keep you safe", there you go. There should be sanctions levied against the CIA for this clear violation of public trust. There won't be though.

If you're using Cisco switches, you should disable telnet immediately and keep it disabled until further notice. Cisco will be pushing out the updates as soon as possible.

Did Your New High-End Android Smartphone Come With Some Un-welcome Software?

Probably.

http://thehackernews.com/2017/03/android-malware-apps.html

Apparently security researchers have scanned a number of smartphones from the major manufacturers and found 36 types that came with malware pre-installed. Hacked Phone

The malware didn't come from Google, Samsung, or any of the manufacturers. Rather it was installed somewhere along the supply-chain before it arrived at the distributer's warehouse. The two malware applications found were Loki and SLocker. Loki is a back-door app that gives the attackers full access to the phone and all data on it; and SLocker is a ransomware app.

How would you feel knowing that your new Android smartphone was already pre-installed with ramsomware, and the attackers are just waiting for you to get a bunch of valuable data on it, before locking it down and demanding a $1000 ransom, payable only in bitcoin? 

Would purchasing your phone from a known entity like Best Buy help to mitigate the risk? I don't know and I'm not sure anyone does at this time.

Here's the list of smartphones found to be pre-infected:

Galaxy Note 2 Galaxy Tab S2
LG G4 Galaxy Tab 2
Galaxy S7 Oppo N3
Galaxy S4 Oppo N3
Galaxy Note 4 Vivo X6 plus
Galaxy Note 5 Nexus 5
Xiaomi Mi 4i Nexus 5X
Galaxy A5 Asus Zenfone 2
ZTE x500 LenovoS90
Galaxy Note 3 OppoR7 plus
Galaxy Note Edge Xiaomi Redmi
Lenovo A850  

 

Why? How? WHY? are people falling for this?

And I presume they are constantly falling for this, because these just keep coming.

         

Even if it were a real shipment, why on earth would I need to review the shipping label? When the package arrives the label will be on it. Can't I just review it then?

And hey Alberto, if that's your real name (It isn't), why did you ship a package "at" December 8? And why Mr. Haley the <wink wink>postal worker</wink wink>, are you emailing me from a german domain, glady.de? Too lazy to properly spoof USPS.gov or USPS.com?

How dumb are you if you open that attachment? DON'T OPEN THAT ATTACHMENT! You didn't order anything, and if you did this phishing email has NOTHING TO DO WITH IT.

Jeez. If people will just stop falling for this obviously clear-cut BS, the internet would only have 5.2 million other terrible things on it.

I haven't opened one and don't have time to do it now, but maybe after work tonight I will spin up my forensics machine, snapshot a Kali VM and open up the attachment to see what's in it.

Stay tuned.

Using Dark Patterns Against Your Customers.

This is a good description of "Dark Patterns" and why honorable software developers should push back against this type of design. People will naturally gravitate towards evil and must be guided toward doing good. Evil is the norm while good is an aberration.

Strive to do good in all things.

http://darkpatterns.org/

Clint Eastwood Banned from Twitter?

I got this in my Twitter highlight feed...

EastwoodUSA Tweet

I clicked on it to see the response and I got this...

Suspended

Quite surprised about this I was! Everyone knows Clint Eastwood to be staunchly conservative and this is a pretty benign tweet; so I did a little digging. It didn't take long to determine that @EastwoodUSA isn't Clint Eastwood's Twitter name. His real Twitter name is, "@Eastwood_". Apparently someone who wanted to make him look bad, created a fake account and posted all sorts of stuff on Twitter. The media was awash with consternation for Clint Eastwood, until someone tipped off Twitter that it wasn't actually him.

You'd think our media would be a little smarter about falling for that kind of stuff. What happened to journalism; to checking one's sources? Here is one of the retractions that the media had to issue. This one from the Washington Post, here...

wapo retraction

 

Sirius XM Has Gone Rogue

So I'm trying to get my SiriusXM player to work this morning and I see this...

Yeah... Firefox has blocked 95 popup windows. Thank you Firefox and Wassup SiriusXM?

The Samsung CLX-3185FW sucks. Don't buy one.

A couple of years ago I bought a Samsung CLX-3185FW. It prints beautifully and has lots of nice features, but it jammed CONSTANTLY! A friend of mine bought one just like it at the same time. He got fed up with his jamming constantly and eventually smashed it to pieces in his driveway.

Checking Amazon for this printer I see that 45% of the reviews are 1 star...

https://www.amazon.com/Samsung-CLX-3185-Printer-Scanner-Copier/product-reviews/B003ZYAK08/ref=cm_cr_dp_d_hist_1?ie=UTF8&filterByStar=one_star&reviewerType=all_reviews

I replaced mine with a nice HP printer, but recently I needed another printer in my office, and I pulled the CLX-3185FW out of storage and fired it up. The first few pages printed great. Beautiful color and no jamming... then it jammed. and again, and again, and again.

The jamming kept happening in the fuser area so I took it apart to see what was going on, and here is what I saw...

The fuser was completely boogered up in the same spot where it jammed constantly. Also, the fuser roller was all wrinkly and messed up too...

It's weird that the fusers on both of our printers were bad from day one, but I'm positive that they were. In order to get the fuser out of the printer, it was totally destroyed. At least it was destroyed surgically and not smashed all over the driveway out of anger.

The moral of the story is, don't buy a Samsung printer... or a Galaxy Note 7. Apparently Samsung doesn't give a rip about quality. Remember, Samsung is the same comapny that ripped the Google search out of its Fascinate Android phone, and shoe-horned Bing in there instead, with no way to remove it and set the OS back to normal. Microsoft paid Samsung to screw up their phone. without regard to what the customers wanted, and they were more than happy to do so. There was a ton of pushback, and as far as I know they never did that particular evil thing again, but it just goes to show you that Samsung don't care about you.

Installing Apache Tomcat on Fedora.

I recently posted this on the Fedora forum, but thought it might be good to post it here too...

https://ask.fedoraproject.org/en/question/72710/how-to-install-start-apache-tomcat-on-fedora-22and-also-how-to-run-jsp-program/#95415

to expand upon luqman's answer...

Install Tomcat by issuing the terminal command ...

sudo dnf install tomcat

Enter your password to allow sudo to give dnf admin permissions.

In case you wanted more information on setting up and using Tomcat once it's installed, here you go... These notes are for Fedora 24, but may work on older versions that have support for dnf. Otherwise try replacing "dnf" with "yum" in these instructions.

To install the webapps, run ...

 sudo dnf install tomcat-webapps

Then issue the command...

service tomcat restart

and enter your password in the challenge screen. Now you should be able to bring up a browser and navigate to http://localhost:8080 and see Tomcat running.

FYI:

  • on Fedora 24, dnf installs Tomcat to /usr/share/tomcat

  • If you want to install the Tomcat management tools run sudo dnf install tomcat-admin-webapps

  • To set the tomcat admin password, edit /usr/share/tomcat/conf/tomcat-users.xml like this... sudo vi /usr/share/tomcat/conf/tomcat-users.xml Un-comment these lines near the bottom...

    <role rolename="admin"/>
    <role rolename="admin-gui"/> <role rolename="admin-script"/> <role rolename="manager"/> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="manager-status"/> <user name="admin" password="<must-be-changed>" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" />

Change the <must-be-changed> to whatever password you want. You can also change the username to something other than "admin" if you like. Save the file :wq and then run...

    service tomcat restart

To restart tomcat and load the new values. Every time you make a change to Tomcat, you need to re-run "service tomcat restart" to cause it to reload.

Browse to http://localhost:8080 and click on the [Manager App] button. Enter the username "admin" or whater you changed it to, and the password you put in the tomcat-users.xml file and you are logged in to the Tomcat Application Manager.

Have a lot of fun! O_o

Un-readable dialogs in Eclipse Neon.1

Update: I installed the ARC theme and that has helped a little, but it's still not really good.
     sudo dnf install arc-theme
After installing the theme, go to the Tweak tool, under "Appearance | Theme | GTK+", and select Arc-Darker. Now all dialogs in Eclipse are marginaly legible, but not really pretty. There's a real disconnect between the Gnome themes and Eclipse.

 

I just recently installed Eclipse Neon.1 on Fedora 24 (sudo dnf install eclipse) and find that the default dialog color scheme results in white text on a very light gray background, rendering the dialogs un-readable. Here's an example...

Unreadable Text

To fix it, I navigated to "Window | Preferences", expanded "General" and clicked on "Appearance". Tweaking a few settings resulted in  dialogs that were readable, but then saving the settings and restarting resulted in no change. I finally got a set of settings that works mostly, although the "Eclipse Launcher" still is broken, no matter what settings I choose.

Here are the settings I chose, which mostly work. If you have any tips on how to fix this right, I'm all ears. Please post in the comments section and let me know....

 

Installing GitKraken on Fedora 24

I downloaded GitKraken (gitkraken-amd64.tar.gz) from https://www.gitkraken.com/download, and unpacked it into /opt/gitkraken.

When I tried to run it, I got the following error...

    error while loading shared libraries: libXss.so.1: 
cannot open shared object file: No such file or directory

So apparently GitKraken is missing some libraries that it needs in order to run. A quick Google search turned up a fast way to install something that contains the missing library...

    sudo dnf install libXScrnSaver

If you are running on Ubuntu or another Debian derivative, you can probably use...

    sudo apt-get install libXScrnSaver

Now running ./gitkraken from /opt/gitkraken works. I submitted this to Axosoft as a bug, but I could be pursuaded to believe it isn't. Perhaps we all should have the libXScrnSaver installed by default? Maybe Linux users shouldn't expect software to simply install and run without the user having to navigate a maze of missing dependencies? Maybe my beard isn't long and gray enough to even use Linux?

Any opinions?