Critical vulnerability opens Cisco switches to remote attack

A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger a reload and crash.

https://www.helpnetsecurity.com/2018/04/04/cisco-cve-2018-0171/

Spectre-Meltdown Vulnerabilities

CPU manufacturers and OS vendors recently announced several vulnerabilities in their products, known as "Spectre" and "Meltdown". The reported security vulnerabilities affect most microcomputer released as early as 1995.

“Meltdown” may permit an attacker, using third-party programs, to access the memory of other running programs.

“Spectre” breaks the isolation between different applications and allows an attacker to trick programs into leaking sensitive data.

Microsoft, which relies heavily on Intel processors in its computers, says that it has updates forthcoming to address the problem. "We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers," the company said in a statement. "We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers."

A website has been created to provide more information and updates on the vulnerabilities:

https://meltdownattack.com/

RSS Error

SimplePie 1.3.1, a PHP-Based RSS and Atom Feed Framework, running on PHP 7.0 has an error when trying to run RSS Feeds. The error is:

/wp-includes/SimplePie/Parse/Date.php on line 694

The Date.php needs to be updated 1.5, which has the correct line on 694.

To download version 1.5, go to:

https://github.com/simplepie/simplepie/blob/master/library/SimplePie/Parse/Date.php

Errors were encountered while processing

Getting an error trying to sudo apt-get -y dist-upgrade

“Setting up install-info (5.2.0.dfsg.1-6) …

Not a directory: /usr/share/info.

dpkg: error processing package install-info (–configure):

subprocess installed post-installation script returned error exit status 1

Processing triggers for libc-bin (2.19-18+deb8u7) …

Errors were encountered while processing:

install-info

E: Sub-process /usr/bin/dpkg returned an error code (1)”

I found the best way to fix this is

sudo apt-get –purge remove install-info

sudo apt-get install install-info

dpkg-reconfigure x11-common

After X server update 1.18.4 `su — pi -c “startx” &` not working anymore

Jessie updated xserver-xorg-core to 1.18.4 from 1.17.2, to fix the problem

sudo dpkg-reconfigure x11-common

update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

sudo apt-get install xserver-xorg-legacy -y

sudo nano /etc/X11/Xwrapper.config

#Change console to anybody

allowed_users=anybody

Raspberry Pi libgnutls-openssl27 error

Running apt-get and you get an error

sudo apt-get -y dist-upgrade

You might want to run ‘apt-get -f install’ to correct these.

The following packages have unmet dependencies:

libgnutls-openssl27 : Depends: libgnutls-deb0-28 (= 3.3.8-6+deb8u4) but 3.3.8-6+deb8u3 is installed

libhogweed2 : Breaks: libgnutls-deb0-28 (< 3.3.8-6+deb8u4) but 3.3.8-6+deb8u3 is installed

E: Unmet dependencies. Try using -f.

cat /etc/apt/sources.list /etc/apt/sources.list.d/*

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi

# Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’

#deb-src http://archive.raspbian.org/raspbian/ jessie main contrib non-free rpi

deb http://archive.raspberrypi.org/debian/ jessie main ui

# Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’

#deb-src http://archive.raspberrypi.org/debian/ jessie main ui

To fix the error edit the souse list and add staging to the list

sudo etc/apt/sources.list.d/*

add “staging” to the end of the list

PayPal users targeted in sophisticated new phishing…

Recent phishing scams targeted both Gmail and Yahoo, and now attackers have their sights set on PayPal with some very convincing bait. With fake websites and email campaigns that look real, it’s easy to be fooled, and potentially have your identity and money stolen by scammers.

How to protect yourself

First, do not click links or open attachments in unsolicited email—if email supposedly from e.g., PayPal, says you have a problem, open a new browser tab or window and log directly onto PayPal by typing in the web address.

Second, if you get such an alert while you are browsing, verify that the URL in the address bar looks as you would expect—if the alert appears to come from PayPal, be very suspicious if the address bar doesn’t start out www․paypal․com or www․paypal․com. Instead, go directly to the website by typing in its address.

Third, since phishing becomes more of a problem when the same password is utilized across multiple sites and services, consider deploying two-factor authentication (2FA). By requiring a one-time password generated by a user’s smartphone as a second form of authentication, 2FA helps block unauthorized access.

Read on…

Canon Copiers Drivers Prompting for login

When pushing out printer drivers through GPO, print management, standard users are being prompt to login with administrator credentials.

This tweak will get your Canon, Sharp og KonicaMinolta printers up and running again by making the drivers Package Aware.

Edit the register on your print server(s). If you change the value of the key PrinterDriverAttributes under HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ and restart the print server, you are able to make Windows treat the driver as packaged, and it will install unattended with gpo. The hex number has to be odd. To keep the original settings for the printer driver and only make it Pakage aware you shold add 1 to the original value of PrinterDriverAttributes. In my print enviroment the original attribute had the value 4, so I changed it to 5 and that made it Pakage aware. Different versions of the driver (and different vendors) might need other values.

Restart server .

According to MS the 1 flag for PrinterDriverAttributes stands for PRINTER_DRIVER_PACKAGE_AWARE. This will treat the driver as package aware, which means a CAB package will be created, including the inf and the catalog. The package will be installed through setupapi.dll when installing the driver, validating that the catalog is trusted, and that hashes for all files are included in the catalog.

BTW: This is not a Microsoft problem, but a printer vendor problem! Two lines of code in the *.inf file will make the driver Package aware and fix the problem properly! Solution for vendors posted by Microsoft here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff559698(v=vs.85).aspx

PS: Posted this on Google+ and LinkedIn under the name Grei_70

https://social.technet.microsoft.com/Forums/en-US/030ee94a-047d-460a-bc39-52351a199364/kb3163912-breaks-point-and-print-restrictions-gpo-settings?forum=winserverGP

ViewSonic PJD7828HDL USB Power

ViewSonic PJD7828HDL USB Power 5V/2A is not turned on by default. To turn on the USB 1 Power, you have to turn it on by going into the Menu.

Go to the menu, then the 3rd Icon, scroll down to MHL Settings and change the Power Out to USB 1.

Remote(SocketError)

Exchange 2016 receiving error message:

"Message or connection acked with status Retry and response 441 4.4.1 Error encountered while communicating with primary target IP address: ""Failed to connect. Winsock error code: 10061, Win32 error code: 10061."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.1:2525"

451 4.7.0 Temporary server error. Please try again later. PRX5 ,Duration(ms):1665

451 4.7.0 Timeout waiting for client input,

Remote(SocketError)

Cisco ASA ESMTP inspection is set to default inspection map. Make sure it’s turned off. Chances are the sender’s address length is greater than 320 or the body line length is greater than 998.