Archive for July, 2005


Tuesday, July 26th, 2005

Not looking good. They are saying that we can push off from the gate at cleveland but. air trafic control can’t find a route that works for them so we are going to wait on the tarmac again. They are saying fly time to vegas is 4hours. So we get in at em no idea 🙂


Tuesday, July 26th, 2005

I got suck in baltimore on the run way for an hour while a storm system rolled through cleveland ohio. I am now in ohio waiting for the flight crew to show up.. another flight crew did the boarding to get us on our way. They are saying we will get into vegas about midnight

[LJ2ME] Stuck on a plane at BWI

Tuesday, July 26th, 2005

Seems cleveland has some bad weather so we are stuck on a plane. We have been waiting for an hour and they are saying it is going to an other hour. Grrrr


Thursday, July 21st, 2005

Since sean did it. I wanted to abuse my crackberry and try lj2me to see how it works. I have used the web browser on the phone before to post but this looks like it will be quicker. Sarah is being all cute sitting on my lap and wanting to be petted

Tuesday, July 19th, 2005

I now have suse 9.3 running on a computer. mp3 playback is in an optional multimedia package and the C key didn’t work on my keyboard which is really strange. I deleted the .kde files and eveything seem happy now. This is the first time I have ever tried to do an upgrade rather than a fresh install. Seems fairly smooth so far.

Initial thoughts,
eye candy, but I like the graphically background on the console window,
I like amoroK. It might even do somethings better than itunes.
KDE takes a really long time to start up.
If they ever want people to use stuff they need to call things by something that is meaning full, what does KluJe do for example? Oh it a live journal poster. I wonder if I installed that when it was 9.0? or was it 9.1?
Sound seems to works perfectly on my on board sound card. I was having a couple issues with the old install.

Monday, July 18th, 2005

Remember that storm that rolled through, well I have someone coming out tomorrow to have a look at the roof. I has developed a leak.

Saturday, July 16th, 2005

What a storm. The first crack of thunder woke me up Ok so it was 10:30am. its now 12:30 and it is still thundering and I have a river running down the alley at the back of the house. I guess direct tv will be out due to all the rain.

Thursday, July 14th, 2005

Kind of fun when you kick off a deployment to 12,000 machines. This has been the result of about 2 weeks personal testing, 3 weeks pilot testing and some negotiation about deployment. Its all over now over and I get to runs some stats tomorrow about how many items of spyware were detected and deleted.

This all met I was late for the a meeting with people from Baltimorespokes. I thought taking the light rail might be quicker but I forgot it wasn’t running north of pen station. I now know how to get to hampden on a bike so I wont have to do that again.

Monday, July 11th, 2005

Another icky virus today. I found a machine that kept downloading W32/Opanki.worm.gen and W32/Kelvir.worm.gen. I ended up finding c:\windows\system32\5la.exe, c:\windows\system32\busyboy.exe, c:\windows\system32\busyboya.exe, c:\windows\system32\manstfu.exe. These turned out to be zero day virus that McAfee wasn’t detecting. I got the extra.dat about 1:50pm from Lysa at avert. I didn’t push out the enterprise since I was only seeing this on one machine, it should be in tomorrows DAT release. I have a nice perl script that loads the data from EPO to snortui. I don’t think the version on source forge has the latest version of the import script. So I can watch in semi real time. EPO only periodically updates to the EPO database so I normally watch the epo sensor with an hours worth or data or more.

If you are running the enterprise version of mcafee virus scan 8 then I recommend that you enable the access protection rules, leave the “block creation of new files in the windows folder” and the “block creation of new files in the system32 folder” enabled but change them to warn. leaving them set in block mode in a large enterprise will cause all sorts of things to fail unless you really have you package installs locked down. When you find something suspicious you can jump over to the access protection log at C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt and view interesting things like application a.exe copied a file called b.exe to the system32 directory.

From tracing back the history I found that the route of all evil was a process called clip-bowl[1].ex. This then created xmconfig.exe (still waiting on an extra.dat that detects this). I saw that lltvr.exe created zkppnsd.exe (still waiting on an extra.dat), 5la.exe created 5b.exe (w32/sdbot.worm.gen.ak, extra.dat available), 5la.exe created nn.exe (detected as W32/Opanki.worm.gen (Virus) no extra.dat needed), 5la.exe created indexx.exe (Downloader-XZ (Trojan) no extra.dat needed), 5la.exe created 5353.exe (W32/Kelvir.worm.gen (Virus) no extra.dat needed),5la.exe created (W32/Opanki.worm.gen (Virus) no extra.dat needed) ,5la.exe created busyboy.exe (w32/kelvir.worm.dw extra.dat available), xmconfig.exe created fhhy.exe (W32/Opanki.worm.gen (Virus) no extra.dat needed). There were probably some other files that I haven’t listed since the virus software caught them

So the conclusion is that this machine was a mess.

Sunday, July 10th, 2005