Unmasked: The Mystery Hacker Who Stole Data on 168 Million People
More proof that most hacking is swept under the rug. The news that Facebook’s latest issues could have affected 87 million people pales in comparison to what hackers do every day.
Article at The Daily Beast
The Source of Facebook’s Content – You
Marginal Revolution’s Alex Tabarrok has a thoughtful column on Facebook and the source of its content – you.
Article at Marginal Revolution
What happened to the $100 laptop?
Back in 2008 I pre-ordered three of the One Laptop Per Child (OLPC) $100 laptops for $250 each in their “Buy one, Give one” campaign. After much delay they came in. I gave two of them to two tech guys in our office. After playing with them for a day, we were all in agreement that they were junk and I sold them on eBay for about what I paid for them. The Verge has the back story on why the promise of One Laptop Per Child didn’t pay out as planned.
Article at The Verge
Springtime means thunderstorms
A lot of money is spent in data centers and offices to prevent lightning from getting into electronics. Lighning tends to be an afterthought at most people’s homes, even though lightning causes major damage to home electronics.
My neighbor had to replace every electronic component in his home a few years ago, including his garage door opener, doorbell, tv’s, dishwasher, and of course computers. I was lucky in that the same strike only took out my battery backup / surge protector, which had clearly done its job. My new house has a whole house lightning arrestor at the main on the outside of the house. These are generally available from your power company for a couple hundred dollars or for a few dollars a month. They aren’t foolproof as strikes can still get in through your cable line or phone line.
Best practice is still to unplug anything you don’t want zapped when there is a storm close by, but given that unplugging is not always practical, suppression equipment is a good and inexpensive insurance policy.
Duke Energy in Indiana offers full home surge protection here.
Facebook and Cambridge Analytica
Facebook is getting all of the attention but they are far from the only company invading our privacy with our consent.
Article at security expert Bruce Schneier’s Blog
When your accountant gets hacked
Brian Krebs has an interesting article on what happens when your accountant gets hacked and doesn’t realize it. Causes IRS problems for his accounting clients and still doesn’t realize the fact that he has been hacked is the cause of the problems.
Article at Krebs on Security
Automatically Mounting USB Passthrough Drives for Windows Backup in a Hyper-V VM
We recently have started deploying Hyper-V in addition to ESXI. One thing we immediately noticed was that USB passthrough was going to be a challenge. As we worked through the problem we found that we could pass a USB Hard Drive through, but as we rotated through the set, our disks did not reconnect. Immediately my mind turned to Powershell. “There must be a way”, I thought, “to remount these disks on the hypervisor before the backup tries to run.” Indeed I was right. With the release of Server 2012 Microsoft has added some great Powershell management cmdlets to manage both VMs and disks.
Below is the script that we have running just before the backup kicks off. Note that you will need to edit the serial numbers appropriately so you can mount your disks. I’m sure this will be able to be dolled up to include a dynamic approach to the controller location (we even batted around the idea of a dedicated backup SCSI controller on the machine). Pay specific attention to the Controller Number, Type and location and the VMName.
Note: As we have had this running for a while we have noticed that this script prevents the machine from starting up if the USB disk last mounted is not present. We are working on a solution to that problem.
Provisioning Polycom Phones
This article is meant to be an overview of how to provision Polycom IP phones. I will assume that you alreay have or know how to configure both a tftp server as well as a DHCP server. I will provide example configuration files that you can feel free to modify to fit your environment. I am not, however, going to go into detail about each configuration option and how to use it. If there is enough interest in a more detailed explanation of the configuration files themselves, I will expound upon that in a future article.
1. Retrieve Firmware and Configuration Files
The first step toward successfully provisioning a Polycom IP Phone is to obtain the proper firmware. If you bought your phones from a Poycom Certified Reseller, such as PBX Supply, you can contact your vendor for the proper files. It is very important that the configuration files you use are the same ones that came with your version of firmware. Polycom often adds or removes options from these files as they tweak their software.
2. Unpack Firmware Package on TFTP Server
Once you have obtained the files, you will need to unpack all of them into your TFTP server of choice. It is quite important that all of the files are there to avoid headaches in the future. You do not want to simply add your modifications because if a phone is ever interrupted while downloading its configuration (power outage, someone tripped over the cable, etc.), the configuration file on the phone can become corrupted. Once it is corrupted, the phone can behave erratically or simply refuse to boot. However, if all of the configuration files are on your server, the phone will simply download everything again and be happy once more.
Another word of warning: I highly discourage modifying the default configuration files. This will make it much more difficult to upgrade to a newer firmware in the future. Always add your modifications to an override file instead.
3. Create Global Configuration File
Your next step will be to create a global override file. This file will contain the configuration options that should apply to all of the phones that will be connecting to your provisioning server. Here is what a sample file might look like:
<sip><voIpProt><server voIpProt.server.1.address="my.sip.server.com"
voIpProt.server.1.expires="3600"
voIpProt.server.1.retryTimeOut="60"/>
<outboundProxy voIpProt.SIP.outboundProxy.address="my.sip.server.com"/>
<alertInfo voIpProt.SIP.alertInfo.2.value="Ring Answer" voIpProt.SIP.alertInfo.2.class="4"/>
</SIP>
</voIpProt>
<dialplan dialplan.impossibleMatchHandling="2">
<digitmap
dialplan.digitmap="[2-9]11|0|3xxx|7xxx|9011xxx.T|91xxxxxxxxxx|[2-8]xxxT|[2-8]xxT|9[2-9]xxxxxxT|9[2-9]xxxxxxxxx|**3xxx"
dialplan.digitmap.timeOut="3|3|3|3|3|3|3|3|3|3|3"/>
<dialplan/>
<user_preferences up.useDirectoryNames="1" up.oneTouchVoiceMail="1"/>
<sound_effects>
<patterns>
<MISCELLANEOUS>
<MESSAGE_WAITING se.pat.misc.1.name="message waiting"
se.pat.misc.1.inst.1.type="silent"
se.pat.misc.1.inst.1.value="1"
se.pat.misc.1.inst.2.type="silent"
se.pat.misc.1.inst.2.value="2"
se.pat.misc.1.inst.3.type="silent"
se.pat.misc.1.inst.3.value="1"/>
</MISCELLANEOUS>
</patterns>
<ringType>
<RING_ANSWER se.rt.4.name="Ring Answer"
se.rt.4.type="ring-answer"
se.rt.4.timeout="500"
se.rt.4.ringer="7"
se.rt.4.callWait="6"
se.rt.4.mod="1"/>
</ringType>
</sound_effects>
<TCP_IP>
<SNTP tcpIpApp.sntp.address="my.time.server.com" tcpIpApp.sntp.gmtOffset="-18000"/>
</TCP_IP>
<presence pres.reg="1"/>
<feature feature.1.name="presence" feature.1.enabled="1" feature.10.name="call-park" feature.10.enabled="1"/>
<microbrowser mb.proxy=""><main mb.main.home="http://my.www.server.com/polycom/directory.php"/></microbrowser>
</sip>
Name this file global.cfg
For more information on the options available, you can consult the administration guide (available from your authorized reseller).
4. Create Per Phone Configuration Files
Once you have your global options file created, you can proceed to creating another override file for each phone. I usually create a file called phone_template.cfg that looks something like this:
<phone1> <reg reg.1.displayName=â€extension†reg.1.address=â€extension†reg.1.label=â€extension†reg.1.type=â€private†reg.1.thirdPartyName=â€extension†reg.1.auth.userId=â€extension†reg.1.auth.password=â€my_sip_pwd†reg.1.lineKeys=â€2″/> <msg msg.bypassInstantMessage=â€1″> <mwi msg.mwi.1.subscribe=â€extension†msg.mwi.1.callBackMode=â€contact†msg.mwi.1.callBack=â€*97″/></msg></phone1>
Now when you are ready to create a new phone configuration file, you can use the following command (assuming this is a *nix based server):
sed ’s/extension/123/g’ phone_template.cfg > 123.cfg
This will create a new file for extension “123″ called “123.cfgâ€. If you are not a command line kind of person, have no fear – a simple search and replace in your favorite text editor will accomplish the same thing. I prefer to use the command line because I am often creating many new files at once. I use a spreadsheet to generate the command for each extension, then just copy the column containing one command on each row and paste it into a shell session.
5. Create the Master Configuration File for Each Phone
Okay, now take a deep breath – your almost finished with the configuration files. One more to go. Each phone has a unique address printed on the back of it. It is the 12 character string printed just above the bar code. This address is called a MAC address and is what we will use to distinguish one phone from another. You will notice that one of the configuration files that came with your firmware is 000000000000.cfg. Make a copy of this file and call it mac-template.cfg. Now modify it to look something like this:
<?xml version=â€1.0″ standalone=â€yesâ€?><!– Default Master SIP Configuration File–> <!– Edit and rename this file to <Ethernet-address>.cfg for each phone.–> <!– $Revision: 1.14 $ $Date: 2005/07/27 18:43:30 $ –><APPLICATION APP_FILE_PATH=â€sip.ld†CONFIG_FILES=â€extension.cfg, global.cfg, phone1.cfg, sip.cfg†MISC_FILES=â€" LOG_FILE_DIRECTORY=â€logs†OVERRIDES_DIRECTORY=â€overrides†CONTACTS_DIRECTORY=â€contactsâ€/>
Now you can use your handy-dandy sed command or your favorite text editor to create a mac-address.cfg file for each phone. Again, I have found a spreadsheet to be a very handy tool to formulate the commands that will create these files in seconds (I usually combine creating the mac-address.cfg and extension.cfg files into one step).
Don’t forget to create the directories on your server to match whatever directories you list in the mac-template.cfg file. These directories will be used by the phones to upload logs, contact directories, and configuration overrides onto the server.
6. Configure DHCP Boot Server Option
This final step is an optional one for small deployments, but it definitely make life easier. If you choose to skip this step, then you must configure each phone to tell it to use tftp and where the tftp server is. That process is explained well enough in the administration guide from Polycom, so I will leave it as an exercise for the user.
Defining the boot server option on you DHCP server will help you avoid ever having to touch the phone at all for configuration. It is a simple step, and will save you hours of work for large deployments. Simply modify your DHCP server options and add Option 66. It should be defined as:
tftp://my.boot.server.com
Note: not all DHCP servers support option 66. Many of the cheap home routers will not. However, both the servers freely available for Windows and Linux do.
Proactive Networking, Inc. is a certified Polycom reseller.
*************************** 9. row ***************************
Phishing
We’ve used Google Adwords extensively, for ourselves and many of our clients, but have not tried Yahoo Search Marketing until two weeks ago. I had always read that Google owned this category and that there was no point going anywhere else. Recently, after Microsoft made an offer for Yahoo, I heard that Yahoo Search Marketing has as much as 25% of the search market. Based on our results with Yahoo so far, my guess is that my initial perceptions are still correct – Google owns search.
At any rate, we had a very interesting experience with Yahoo over the past two weeks. I signed up for a Yahoo Search Marketing account on a Monday. I added a test ad group for one of our clients and put $100 on account to start the test. This client of ours has an extensive ad campaign set up in Google and spends over $100 per day on Google Adwords, average CPC is about $1.30. I set up the Yahoo ad group with a dozen of the best performing keywords from Google, and our best performing Google ad, that most closely matched these keywords. Interestingly, the CPC for Yahoo, for similar keywords was only 24 cents. So, at least Yahoo gives you a discount. We got nowhere near the traffic we get on Google.
After three days of running ads, we noticed that Yahoo had charged an additional $3,600.00 to our company credit card. I logged in to our Yahoo Search account and found that my Ad Group was gone and now there where dozens of keywords about loans, and the ad spend had been raised to $3,000.00 per day. I quickly called Yahoo. They immediately shut down the account. They promised to credit the card and re-setup the account within a couple of days. I asked how this could have happened and they said that I had fallen for a Phishing email. At this point I was incredulous. I had only had the account for three days, what were the odds that a Yahoo Search Marketing phishing email would have arrived in my Yahoo email account during that time. I said that I had responded to an email right after I signed up asking me to confirm my account. They told me that they don’t send confirmation emails. Thus, apparently I had fallen prey to a phishing attack.
The thing I find interesting is what are the odds that I get a phishing email purporting to be from Yahoo Search within hours of signing up for an account. In my opinion, this has inside job written all over it. Yahoo said they would look into it. To their credit, they did refund the money and re-setup the account. I’m not convinced they believe my “inside job” thoughts. The rep who re-setup my account, started to give me a stern tutorial on not falling for phishing emails. I told her my story and she said, “What are you getting at?” She did tell me Yahoo was looking in to it…