The Strickland Group

817-224-2020 Facebook Twitter

The Accidental Hacker

by Leave a Comment

A couple of weeks ago I was helping a client with an issue with their VPN.  Basically, a vendor that they use for support of a vertical application could no longer remotely connect to their server.  After investigating the issue and making sure that I could VPN into their network, I called the Software Vendor.  I merely stated,”I am calling from company XYZ and you said that our VPN was not working.” This is where it gets interesting.  I ask the vendor if they are able to connect now that we confirmed the VPN worked, so they tested and informed me that they still could not connect.  I asked the technician if he could open telnet and try to connect to the IP address over port 1723.  He did not know how to do this and I was eager to resolve the problem, so I quickly asked, “Do you mind if I connect to your computer and try to troubleshoot the problem?”  To my astonishment the technician said, “Sure”.  I guided the gullible technician to logmeinrescue and proceeded to walk him through letting ME onto HIS computer.  Once on his computer I tried to pull up telnet but it was Windows 7 and by default there was no telnet application available.  I then asked if I could download Putty so that I could test the telnet ability.  He said, “Go for it.”  I was again astonished at the disreguard for the control he was giving me.  I then confirmed through the use of Putty that telnet was immediately getting dropped.  I speculated that it was their firewall blocking PPTP outbound.  He checked  with an IT guy that was strolling by and confirmed that they were blocking outbound PPTP.  They asked for the IP address so that they could add it to the firewall, so I told them the external IP address of the firewall they were trying to connect to.  Now the icing on the cake, the IT guy uses the computer that I am remote controlling to access their CISCO ASA.  He logs into the web management of the ASA and proceeds to create the rule to allow the PPTP to get through.  Now I am mesmerized by the lack of security.  I even corrected the IT guys spelling on the firewall.

Now that the exciting turn of events are over, I reflect on what happened.  How easy was it for me to get on their network?  Pretty easy.  All I needed was 3 pieces of information:

  1. I needed to know the name of the company who was in need of support.
  2. I needed to know the Key Line if Business Application and the company who made it.
  3. I needed to know the problem.

These 3 things are pretty easy to determine and even ask for and easily get the information about.

This is called Social Hacking.  All I needed was a good attitude, frinedly personality, and a few bits of info and I was able to get on their network.  The point here is that it should not be that easy to get on their computer since I called them. It is not like the called me asking for help.  I called them to give help.  They thought the problem was way down stream at their clients firewall.

Simple rule, never give donations to someone that calls you, always call them to give donations AND never accept techincal support remote control from someone that called you to tell you about a problem that you have that you don’t even know.

By the way, once they added the rule to the firewall, the VPN worked.

My Top 10 So Far in 2010

by Leave a Comment

This past year I have spent much time trying to work more efficiently and find excellent solutions for my clients that will not break the bank.  In my pursuit I have tested Linux and Windows software.  Some have been duds and others have been GOLD.  Below you will find my top ten for 2009 and receive David Shoffitt’s seal of approval.

XenServer – http://www.citrix.com

Wow.  Let me say it again, WOW.  Citrix has released a wonderful Virtualization Solution with a robust HyperVisor that allows companys to start a virutalization initiative at NO COST, provided that you have the hardware to run it on.WHen we first started trying it out we ran it on a PC class machine with a Core2Duo at 2.4 GHz.  We ran 6 servers on the small computer with no speed problems.  We then migrated them to an enterprise class environment.  We also converted 2 baremetal machines to virtual in the process all at no cost.  Let me say again WOW.  We have no need for VMWare at our business because we have a enterprise class solution at again no cost.  There are some added features that you can get that cost money like enhanced Storage Link Technologies, and email alerts and notifications, and rapid server provisioning which still would come in at a fraction of the cost of VMWares solutions. Cost :Free

True Crypt – http://www.truecrypt.org

I use this software on my laptop.  It works great!  I use preboot authentication so that if someone were to steal my laptop they would have to know a password that is well over 20 characters before they could access the files or even boot the computer.  My data issafe.  You can also create virtual HardDisks on your computer that are encrypted if you just want to encrypt some data but not all data.  I recently had corrupted my OS on my computer and was able to plug my HardDrive into another computer to recover my files.  The harddrive was not readable until I used the TrueCrypt software on my PC and mounted the drive as an encypted volume and then I was able to read it.  Very Powerful product. Cost :Free

Drop Box – http://www.dropbox.com

This is a nice synchronization tool that allows you to synchronize a folder on your computer with other computers over the internet.  Very useful!  Also it will allow you to go to the website and download your files directly in case you are not around any of your subscribing PCs or laptops. Cost :Free

CloneZilla – http://clonezilla.org/

In my line of work it is almost a daily necessity to take a point in time fully restorable backup of a PC before you potentialy kill it with some update or possible fix to resolve a problem that would require you to rebuild the computer.  Well with this software you can reapidly redeploy a computer with its configuration prior to when you formatted it along with all of the partitions that were on the harddrive originally. I like the version based on Ubuntu. Cost :Free

Ultimate Boot CD – http://www.ubcd4win.com/

The Ultimate Boot CD is a must have for any technician.  It will empower you to be able to reset the local admin password if you ever forget it.  It will also allow you to browse the HardDrive of a computer that is broken and allow you to fix partition tables and even copy files to a network resource or USB Drive. There are many, many more utilities on this disk that are useful for a technician.  Cost :Free

RichCopy – http://technet.microsoft.com/en-us/magazine/2009.04.utilityspotlight.aspx

I often have the responsibility of moveing large numbers of files and large amounts of data from location to another and Windows File Copy rarely fits the bill.  What I have found is RichCopy which offers a large amount of options so that you can leverage multiple threads to copy more than one file at a time.  I love this tool and user atleast once a week! Cost :Free

USB to SATA –  http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=2329300&CatId=3770

A wonderful tool that will allow you to hook your SATA or IDE HardDrive of another computer up to your computer via USB without having to open the case of your computer to use it..  Simple tool, great flexibility. Cost :~$20

CD Burner XP – http://cdburnerxp.se/

My favorite CD Burner application.  Can burn audio or data.  Can make ISOs and burn them too.  Everything I need a nice little package.  Cost :Free

FileZilla Server – http://filezilla-project.org/

FileZilla is a simple and robust FTP server that allows for Secure Encrypted FTP along with normal FTP.  The best thing about this software is that it comes with all the necessary bells and whistles to setup a small business FTP Server.  The big feature I would like to see would be Active Directory Lookups or LDAP Authentication.  Cost :Free

PrtScr – http://www.fiastarta.com/PrtScr

Nice and easy screen capture utility that allows you to do freeform captures and markups.  Cost :Free

Winter Wonderland

by Leave a Comment

Here in Fort Worth we are not too familiar with snow.  We usually get one or two days of ice per year and anything more than that is the end of the world.  This winter, however, has been somthing of an anomaly.  We had the first white Christmas in 83 years.  A couple of weeks ago, we had about 12 inches of snow.  My daughter and I made a snow girl in the front yard.  It was beautiful.

The problem is that we Texans don’t know how to handle snow or ice.  Everything shut down.  Businesses and houses lost their power, schools closed and the city looked likea  ghost town.  This kind of thing can be devastating for the economy.  In my business, managing client’s computer networks, we don’t have the luxury of taking a snow day.  We have clients around the country relying on us to keep their systems running and to provide help desk services no matter what the weather in Fort Worth is doing.

One of the tools that we rely on to work when we can’t get to the office is Citrix XenApp.  This software lets you run business applications from any computer with an internet connection as if you were sitting in the office.  In fact, if it’s properly configured, many user’s cannot tell that the program isn’t running on their local PC.  This software is amazing for when you’re on the road and you need to access your company’s database application.  Or perhaps your kid’s school called to say your child is sick – with this software you can be just as productive at home as at the office.

To find out more information or to see a demo of this product, give us a call at 817-224-2020.