digip : sailing the high seas of the internet

AOET MAternal Health Clinic Opening from Johnny Long on Vimeo.

Old school Dio song “Egypt” being covered nicely here by Doro Pesch.

Just found out my oldest daughter has Vesicoureteral Reflux. This is due to a birth defect of her kidney’s, where on the left side, she has two tubes which drain through the bladder, on the right side she is fine. What is happening, is when she urinates, the urine goes back up into the kidney, which causes infection and irritation to the tube, which swells and starts the whole process all over again. This can cause all sorts of problems. She will most likely have to take a form of an anti-biotic every day for the rest of her life to protect against the bacteria and infection, which causes a UTI. If it gets severe, it could damage the kidney and other parts of the body, or even become fatal if left untreated.

Scary stuff. Her left kidney is swollen, and my fear is that at some point, she may need a kidney transplant or surgery to remove the extra tube. Problem is, her other kidney, although not nearly as problematic as the left one, would probably not be enough to do the job by itself if she lost the left kidney, due to the fact that she also has the reflux in this kidney as well, just not as severe.

She will have to continue getting VCUG’s the rest of her life, and if needed, surgery to correct the problem if things get progressively worse.

Since Conan is now off the air and can’t host another show for the next 7 months, I was thinking its time to Boycott the station that drove Coco out. More importantly, not so much the station, as the show that is taking his place, or “returning” to the spot, Jay Leno. If NBC had half a brain, they wouldnt have let Conan go, at any costs to them. I’ll be keen to see if Conan can compete directly with Leno once he returns to TV, if he even does at all. If he’s smart, and I know he is, he will either switch to something like the Comedy Channel on cable, or bypass the whol TV thing and go direct to the Internet. Revision 3 has already talked of wanting to pick him up, but I think if he hooks up with the right people and sponsors, he can get his own site, and possible syndication on both web, cable and television.

Havent listened to them in years. Still sound great.

Johnny Long – Why Africa? from Johnny Long on Vimeo.

http://www.hackersforcharity.org/

I just came across a nifty little tool that I’ve added to my thumb drive when fixing computers. Its called TCPview from SysInternals and Microsoft. Its basically a netstat on steroids, but has a cool feature I like, which lets you send a reset packet to close connections to open ports you may not want to communicate with. This could come in handy if your machine had been attacked and is listening on some port you want to close and inspect further. It will also tell you the executable that opened the connection so you can track it down and remove it from your system.

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Read this article first: http://www.exploit-db.com/exploits/11199

One thing that is apparent, there are going to be many shops who still use legacy applications in the workplace. Applying the Group Policy to prevent 16-bit programs from running may be a fix, but probably not an acceptable one in most shops. The first thing you should do though, is identify if you are even running 16-bit applications. Chances are if you are on a 64-bit system, your wont have to worry about this, but for those of you with 32 bit servers and nodes on your network, you will want to identify your risk level.

I have been thinking about an easy way to figure out if my system is even vulnerable, and although there are probably 16-bit apps on my machine somewhere, I have none running at this time and I’m using most of what I would normally be using anyway. With that said, you can do a quick check by loading the task manager and searching for Ntvdm.exe. If you see this program running in task manager, then you are currently running a 16-bit app. In order to identify which one, well, that becomes tricker, but since you know its one of the running processes, that narrows it down a bit. For each program running, you can go to its folder and then right click the program to bring up its properties. This is a pain in the ass, but if you are using SysInternals Task Manager replacement “Process Explorer”, you can get these properties right from within the program by right clicking them and then looking at the image tab. This will tell you the folder each process lives in under path. Process Explorere is also nice because it will create a tree to parent objects, so if a 16-bit program is running under ntvdm, you can see what it is much easier.

Open this path and find the executable. Right click it and bring up its properties. To quote Microsoft – “A 16-bit program does not have a Version tab in this dialog box..” So, if any of the programs running do not have a version tab, they are the 16-bit culprits. You then need to decide if you want to continue using these programs, or find alternatives that will not cause this attack vector to be possible.

http://support.microsoft.com/kb/320127

If you determined that there are no 16-bit apps running in your system, then it is suggested that you enforce a group policy to disable all 16-bit apps from being able to run. Apparently there is no patch for this flaw, yet the group policy can help prevent the escalation. Instructions are in the exploit article on how to prevent this attack with a Group Policy.