Monthly Archives: October 2010

Freebies: book about virtualization

imageHere is the 2nd edition of the “Understanding Microsoft Virtualization Solutions”. Actually I somehow failed to notice issuing of the first edition, but now I am going to make up for it.

Platforma 2011

imageHere, in Russia, we have some local TechEd-like event, called “Platforma” (“The Platform” maybe). I am going to take part in the event not as mere visitor but as a lab instructor (it will be named “UAG and DirectAccess”, I believe) and an expert in Ask the Expert section and even maybe a speaker (this one not decided yet on). The first one is quite a challenge for me, because I am now to study the whole new for me product in less than a month sufficiently enough to answer at least basic questions. Yes, I know something about DirectAccess, but I totally ignorant in anything one can tell about UAG. Consequently I won’t have much time for my blog. so, next month there will be mostly news and short articles with links. Sorry, I will set it right again as soon as Platforma finishes. =)

Old good command line #5

This time the post will be not about the commands, but about some helpful tricks while dealing with them. Actually these features are the very basics of cmd, still many people don’t know about them. These ones are related to running several commands in one line with various conditions.

&”. For example you’d like to restart a service. What you can do in PowerShell is simply

Get-Service w32time | Restart-Service

In cmd you are to start two commands:

image

or you can do as following:

image

that will do the same, but faster.

&&”. Going a little bit further we can think of not running the second command if the first has not been successful. For example, if we failed to create a folder, we won’t be able to copy files to it anyway, so why bother to? That is instead of “&”:

image

we can use “&&”:

image
You see, there is only one “access denied”, that is the file copy was not even tried.

||”. These are for running the next command only in case the first one failed. I succeeded in making up such a situation:

image

What happened here is that first copy failed and after that we create the directory and copy file again. In case the directory exists the picture will be like the following:

image

The file just got copied and that’s all.

The last </irony mode>“piece of wisdom” </irony mode off>: you can even group your commands so that to be executed in the same order you want them to be run.

Previous issues: #0, #1, #2, #3, #4

To disclose or not to disclose

imageThe second topic I’d like to raise in connection with the vulnerability in VMWare products is almost Shakespearean one. What should do a person or an organization in case they found a vulnerability? Tell the vendor and publicly disclose at the same time? Only publicly disclose? Notify the vendor and wait for a patch? There is a bunch of strategies, as you can see. As usual everyone has its own point of view on the problem. Microsoft, for example, follow theirs Coordinated Vulnerability Disclosure Policy. That does mean that they want the time to create and test a fix before public disclosure (so that to give the customers as little problem as possible) and will give anyone that time. Google drive Responsible Disclosure Policy, giving anyone 60 days to close the breach. The first option gives a vendor time to do really good testing, so that not to harm customers, but it may provoke them to procrastinate delivery of the cure. The second seems to force a vendor to fix an issue ASAP, but producing patches in the very best case can take up to 3-4 weeks. In some cases it can take even more time. Dissemination of the information about the vulnerability before the patch hits public availability may hurt even more than long waiting for the patch without public awareness of the security hole. Or, maybe not? The security is a strange area where there is no trustworthy statistics on many things.

So, I guess, everyone just will find their own way of disclosure (regardless what is the reason for the choice: belief, own statistics or marketing). The question is what to choose for myself? What am I to regard as acceptable for myself? The practice has showed that I am more on the MS side of the road: I will disclose the information to vendor (and to my company’s security officer, of course). But what will I do in case they don’t do anything? I have not been in such a situation, so it is hard to say. It will depend on the vulnerability severity, reaction of the vendor and time. May be somewhat later I will threaten the vendor with disclosure and then just disclose. Fortunately my contact with VMWare was not the case, so I still do not know how I would deal with it: from my report till the new version there was only 17 days.

I’m interested, though, what do you think on the issue?

Old good command line #4

Hello there! this is may be the last issue on CLI commands with more than one command inside (Here you can see #0, #1, #2, #3), because…

image

There of course will be some more command descriptions and may be some more information about Windows CLI, though. Let’s go.

  • recover. I hadn’t a chance to try it in real-life situation (fortunately 8) ), but the description tells us that the command will try read your corrupted file sector-by-sector. That is you will get the file all consisting of data from good sectors and bad sectors will lost all their info. May be not very comforting, but if you have, say, a VLTF (Very Large Text File) which has become corrupted then from totally unreadable file you will receive a totally readable file just without some pieces of information. So, if you happen to try it – tell me the results Winking smile
  • systeminfo. If you want to get some info about client computer before troubleshooting and without 3rd party tools then it is the command to start with. Host name, NICs configuration, hotfixes and more… Even uptime, though yesterday it rendered one of my servers booted up in 1982 =) Can also unload the info into table, CSV or list format

image

  • takeown. Just imagine: you press “ctrl+a”, then “shift+delete” and… “Access denied”. Ten you found that you cannot even change permissions on the files, because you don’t have permissions for it and you are not the owner for them. Of course you can acquire your ownership through GUI, but then how we were to wright this series? Winking smile So just use “takeown” command and you can do it. You eve can take or grant ownership of files on other computers. The only drawback I was able to see is that I cannot grant ownership to other users without knowing their credentials, but still it may be convenient in scripting, I guess.

That concludes the series of what was found accidentally on the TechNet site. But I’ll continue now and then =)

On the issue of downloading files from untrusted sites #2

As I promised, I am going to describea couple of ideas I perceived while I was going through the vulnerability in VMWare products. Here is the first one. More than a year ago I wrote about the threats of downloading OS from p2p networks and one of my Russian readers told me that it is quite safe if you know the correct hash value for the ISO image. Unfortunately, my recent post about the vulnerability has just rendered such an opinion as not very correct. You see, when the file is downloaded from some p2p network, it is sometimes accompanied with some unnecessary files, so it is pretty easy to trigger such a trap. Therefore, there is no safe p2p downloads, actually.

P.S. BTW, hash code only does reasonably good protection – not a silver bullet. It is not necessary unique for every file of the same size.

Old good command line #3

Continue our series (Post #0, Post #1, Post #2)

  • findstr. Another déjà vu? Almost. The command is really similar to “find” which was described in issue two of “Old good command line”, but it is much more powerful. It is even more powerful than grep. Really. It has several options for output (line number in file before line, file name only, character offset, etc.), input (file list from a file/console, search strings from file/console…) and search (search literally, any of the words or the whole string and even regular expressions). It really can do much good in case you need do some quick search in text files or in output of another program, or if you need automate some easy search task without excessive coding or installing PoSh or Perl where they are not present. In the cases above it is your choice. Let us see some simple examples of usage. At the moment I have three .txt files in a folder.

image

notice the difference between the files: file2.txt has 45% instead of 40 and file3.txt has a space in the beginning of the second line. Let us search for word “done”:

image

simple enough, isn’t it? Let us get some more information:

image

this command showed us which file has word “done” in which line (2) and with which offset (14). Notice that the offset counts towards the line, not the word. Now let us find file where “45” stands in the very beginning of the line:

image 

or another way:

image

Easy, still powerful.

  • msdt. The command actually starts some GUI program, so it is not exactly a CLI command. But still it has several options in command line and is interesting enough if you need to tell a user which troubleshooting wizard to run or just need a list of wizards =) For example the command

image

opens the window

image

and I can get recommendations on my notebook’s power consumption. Actually, you can even create your own troubleshooting packs, it you can get through this: http://msdn.microsoft.com/en-us/library/dd323774(v=VS.85).aspx. I’m going to try creating one in future Smile

  • openfiles. If you need to get a quick view of files open via network (or locally, but it requires some work) and may be put it in a file or process it somehow automatically, then it is your choice. This screen

image

is actually identical to this one:

image

and as you can close the session in the latter case

image

you can do it in the first. But in case you have many, really many files open, the CLI option is, perhaps more viable, because it allows you to do the following:

image

As you can see, we queried opened files and filtered them to what we need to get with “findstr” (hey, my article is handy at least for me – look above Winking smile ). Then we got ID of the session in which our file is open and put it down with the “/disconnect” option. If we have several thousand sessions then it will be handier than GUI.

That will complete the article, enjoy.