NMP Blog

SQL Injection Attack Spreading

Rick Shantery — Wed, 04 Jan 2012 19:31:55 +0000

Check out this ISC article concerning a new SQL injection attack that is happening to many website running Microsoft SQL Server.

http://isc.sans.edu/diary.html?storyid=12127

While using Linux is not a guaranteed protection from this sort of attack, it does show how easy sites can be compromised that don’t do proper URL filtering.

AntiVirus 2012 Fallout

Rick Shantery — Tue, 20 Dec 2011 04:14:40 +0000

Often these types of malware not only hide all of your files, but reset file permissions and local policies so that you can’t do many of the things you need in order to properly operate the computer after it is cleaned.

To reset all of the policies and permissions on a computer to their windows default, execute the following command from the Run prompt or Command prompt:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

It takes a while to run, and be warned, you may lose some customized settings, but you should be able to make changes to the system after that, unless your windows network has group policies that get applied when you login.

Pseudo dynamic memory management in Virtualbox, otherwise know as memory ballooning.

Dan Hill — Tue, 06 Sep 2011 20:08:40 +0000

After looking for a way to dynamically allocate memory in Virtualbox, I discovered it’s not technically possible. With that being said, there is a method that Virtualbox calls memory ballooning, due to the way memory is handled, that can serve basically the same purpose. In the documentation, there is a section just for Memory Ballooning.

Nivo Slider 2.5.2 With Jquery Bug (Flashing Captions)

Chris Sunami — Thu, 18 Aug 2011 14:44:55 +0000

I was using a nice new jQuery slider plugin called Nivo Slider when I encountered a bug that caused the captions to flash on and off after the page had been idle for a while. The effect is very similar to the blinking effect from the old HTML blink tag.

The solution I found is this. If you have the expanded version of the plugin, go to line 108 and change

nivoCaption.fadeOut(settings.animSpeed);

nivoCaption.hide();

IMPORTANT COMPUTER SECURITY ALERT!

Chris Sunami — Thu, 31 Mar 2011 16:28:02 +0000

If you can’t remove win32:malware-gen this is how we did it.

NMP Consulting has encountered an aggressive new variant on the Malware0gen virus. This new version is extremely difficult to remove.

The trickiest thing about this virus is that it creates and implements a seemingly legitimate Windows Service called “Windows System Express”. That service must first be disabled in order to locate and remove the hidden system file located in the system 32 directory.

If you suspect you are infected with this virus, please call us immediately (614) 358-5814

DETAILS:
The fake Windows Service was called “Windows System Express”. It had a seeming legitimate description having to do with optical scanning. It continuously generated processes with random filenames with names like “lib1614.exe”. These files were found and removed by the antivirus program, however the program was unable to remove the core file, which was “wsynelib.exe” because it was being used by the service.

In order to remove it:
1. Stop service.
2. Search for hidden files in system32.
3. Find wsynelib.exe and wysyndlib.exe.
4. Remove system and hidden file attributes from those files.
5. Those files can then be removed by the antivirus program.

JQuery UI Widget Size

Chris Sunami — Tue, 25 May 2010 15:18:02 +0000

I’ve become a convert to a new programmers’ tool called JQuery –a library of user-friendly javascript functions that allow for some very advanced effects that overlay seamlessly over a standard HTML page. However, I did encounter an issue when using the UI widgets –a set of effects such as a calendar (date picker) a pop up dialog box, checkbox buttons and so forth. The widgets looked great on the demo site, but when I integrated them into my site, they were huge, oversized bulging monsters.

When I found the fix for shrinking them back to the right size it turned out to be pretty easy, but oddly enough I haven’t seen it mentioned elsewhere, so here it is:

Open the stylesheet for the jQuery theme you are using. Find

.ui-widget

and add “font-size:10pt” to its parameters. This adds a baseline size to all jquery widgets, and everything else in the style sheet is calculated in relationship to that size.

Just for reference, here’s what it looks like in theme I’m currently using, “Start”.

/* Component containers
———————————-*/
.ui-widget { font-family: Verdana,Arial,sans-serif; font-size: 10pt; }

Get Your Facebook Privacy Back

Dan Hill — Tue, 18 May 2010 14:45:02 +0000

With all of the news about the the privacy changes at Facebook, the Untangle team has create SaveFace to help you get your privacy set back to more restrictive settings, so that all your information is not available to everyone. It will set your privacy settings so that only your friends can access your information. It is easy to run and keeping your settings private is generally a good idea.

PDF Files have Critical Security Vulnerability

Rick Shantery — Tue, 06 Apr 2010 17:31:20 +0000

It was released today on several sites that PDF files, and their corresponding readers have a critical vulnerability that would allow an attacker to compromise a computer, even with many of the normal protections in place that block things such as Javascript.

Foxit Reader (NMP Recommended) and Adobe Reader both have fixes for this vulnerability. Go to http://www.foxitsoftware.com/pdf/reader/ and download and install the latest version.

For Adobe Reader users, make the following preference change:

From the Edit menu go to: Preferences -> Categories -> Trust Manager -> PDF File Attachments and then uncheck ‘Allow opening of non-PDF file attachments with external applications.’

This is a problem that could possibly affect all platforms and Operating Systems, whether Windows, OS X, or Linux.

Bitdefender Update Causes a Boot Failure for some Windows Users

Dan Hill — Tue, 23 Mar 2010 20:42:19 +0000

A problem with the Bitfender virus scanner mislabeled Windows system files as viruses and quarantined them. Therefore, without these files being available during the boot process, the computers fail to boot. This only seems to affect 64bit versions of Windows and they have made a patch available, which should be installed as soon as possible to avoid this issue. Information on how to get around the boot problem can be found on their website also.

Corporate Password Policy

rogue — Sat, 20 Feb 2010 20:36:34 +0000

When setting up a office/corporate network environment, users may complain that it is frustrating to have to change their password every so often, or have to come up with difficult passwords. Despise the user’s arguments, although valid, remember the security risk that it poses. If you have simple passwords, maybe something common that all users share, it’s easy for unauthorized access into the system. If someone guesses or gets hold of one user’s password, it may be possible to guess the rest. Protect your data and files – enforce a password policy on your network, with an expiration on passwords. Use requirements such as at least one capital letter, and a number or special character to increase security. Your data is YOUR data – so make sure it’s safe from prying eyes!