I came across an interesting one in the last few days. This system was a Windows XP system with current updates – SP3, IE 8…. and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually found and removed two suspect files, but that didn’t seem to sole the sluggishness. The web browser (internet explorer) would take what seemed like a minute or so to respond to any action. One thing I discovered is that Internet explorer 8 can behave VERY slowly if there are a lot of sites in the restricted zone. (Spybot S&D immunization puts lot’s of sites in restricted zones.) So, I found a way to remove them all and retry and things seemed quicker, but… after running for 15-20 minutes the system really started to become unresponsive and so I had to start looking for another cause…. services.exe was running at 99% cpu or 100% cpu from time to time and the memory footprint was growing – the high mark I saw was 350MB of memory in use for it (!)
Tag: reset
-
Windows lost administrator password rundown….
I’ve done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another “brain dump/web research dump” of things that I’ve run across. This is not just for lost administrator passwords, but could apply to a lost user account password as well. (I’ve found that the mileage varies on the system. NT/2000/XP/2003 are not the only variations, there seem to be variations related to certain Windows updates/etc.) I should also put a disclaimer here that this information is not so you can break into someone else’s windows installation (without their permission), at the very least that’s a privacy violation and at the worst, against the law and unethical. What this is for is a guide to someone that has accidentally locked themself out of their windows install (or in some cases where someone ELSE has locked you out of your own pc.) In other words – don’t use this to crack.
-
Linux Permissions Headache
Yikes, what an evening….. it started innocently enough in the afternoon. I have an old Mandrake 10.0 server that I was upgrading clamav on (recent security update). While I was at it, I was reviewing the anti-spam setup to see if I could get any better success with filtering junk mail. spamassassin has had an update since I updated this one last and also it seemed that dcc was installed, but not in active use *(no indications that it’s being used at all.) So, I set about trying to fix that and install the latest spamassassin. Somehere along the way something BAD happened. In retrospect, I’m not entirely sure how, but at one point I was root having just installed the rpms for spamassassin and then exited to my user account. Promptly on switching back to my user account I got a “permission denied” error. Eh? Ok, well let’s su again and see what’s up…. “permission denied” uh oh…. ls “permission denied” most everything actually….. permission denied.
-
The great firewall of China
The great firewall of China may be just an illusion in technical terms. This article describes the details of how things work…. Basically when “banned content” is detected, both ends of the connection are sent a flood of tcp reset packets. Which (if both sides are designed to pay attention to) means that the two computers “hang up” assuming the other side reset the connection. But, while most current PC operating systems obey the reset packets…. it’s not something that is imperative. (You might think of this as a targeted/surgical denial of service attack using TCP reset packets…) The article goes a bit deeper though….
-
NTFS cloning
Sometimes drives just go bad. Surprise. One recent fresh install of Windows XP had started having real stability problems. On running a chkdsk and looking at the event viewer, it was fairly clear that 16KB of bad sectors and the disk problems had likely been the problem (lots of disk and atapi errors in the system log. Mostly disk error during paging operation (swap filing)) So…. I looked at cloning the drive using dd_rescue. All went well and the new system booted up on the new identically sized drive. In fact EVERYTHING was fine except chkdsk still reported 16KB of bat sectors….
-
The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 6
Ok, so here’s the synopsis… I’ve spent the last few articles setting up a D-link DWL-800AP+ as a repeater for a linksys WAP11 (v. 1.1) As of the end of the last entry I had a bit of a problem with WEP but that seems to have been resolved now and here I am to fill you in on what went wrong. It was really a simple mistake. When I copied and pasted over from the linksys….
-
The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 2
For starters, I hooked the D-link DWL-800AP+ up and connected it through a crossover cable to my usb network card. That way I could access it exclusively on one adapter and look online for information with the other adapter, which came in quite handy. The first thing I found was that by default the dwl-800ap+ was configured to use 192.168.0.30 as it’s IP address. This one was not configured with the default settings. (Used / via ebay….) So, I did an nmap -sT 192.168.0.* -e eth1 which scanned the whole 192.168.0. list of addresses using my eth1 adapter (as opposed to the default adapter eth0)
-
Global White Space Reset (CSS/html)
This may not be useful to many people, but I thought it was interesting. If you do web design and use css you’ll probably like this… I found this post at leftjustified.net about a neat way to “reset” the padding and margin css information which can help for designing sites to display the same when using CSS. Unfortunately, many browsers have little quirks in displaying css, maybe they have strange default settings which cause css placement to look, well, strange, from one browser to another… in comes this little trick…
-
Bad week for Cisco, security headaches
For starters, there was this advisory last week in response to a planned talk at a hacker convention on the possibility of a cisco router ipv6 exploit. The advisory detailed a LOCAL exploit and not the remote exploit that the talk was centered around. There was legal action against the speaker and materials detailing it were destroyed (literally ripped out of notebooks) at the convention by Cisco. Apparently this is the kind of vulnerability that could “shut down the internet”. Of course, much of the internet’s backbone runs on Cisco equipment. Next….