2011,Oct
W

ZoomText USB Hashing Script to protect against Malware

in IT Security, Low Vision & Blind Stuff , by dward

Goal:
Create Mac Terminal Script to Hash a USB Drives Contents an Compare Original with future hashes to detect unwanted changes made by Malware.

The Story Behind:
I decided I really needed a hashing script for my ZoomText USB Drive. ZoomText is a Accessibility Technology drive that allowas you to move a portable version of the installer with you where ever you go. Its actually pitifully implemented. Because it doesn’t use any U3 techniques (but as a security guy I’d still probably have reservations if it did). So in short its just a USB with an installer.. an a few log and settings files. For DRM and licensing reasons you have to have the key plugged into the system to run the program; even though it installs locally. I haven’t quite figured out the dependence on the USB stick yet; I’m assuming its using a hard-coded serial that the USB Bus scans that the drive has (Kind of a hardware MAC). The REAL problem is the drive has NO write protection, hence as an IT Tech I can go around fixing computers with my Low Vision tool but it could pick up all sorts of malware along the way. So I was trying to use SandBoxie to isolate a USB channel on my XP box and then use a free CNET MD5 hashing program. (Called MD5 Summer, which ain’t bad). But I couldn’t get over the fact I was plugging in a drive that might be infected… into an XP Box. I haven’t had a chance to do a lot of IT forensic research to see the best way to do that but SandBoxie had a bunch of features an I wasn’t entirely sure I had it configured right. Solution I thought… Use my new Mac.. So here is a script I made below to help. I figure if there’s a virus that jumps to my drive it won’t be a Mac one since I’m on PC’s. Haven’t quite figured out how to auto-close Mac Scripts but if you have any suggestions I’m game. (twitter @certdoctor ) As an additional thought I’ve considered a portable container from TrueCrypt along with a U3 style Truecyrpt.exe on the drive… I’d write protect the volume.. Of coarse if I didn’t use the whole drive (whole disk) a virus could always jump on with the truecrypt.exe in the standard NTFS space… So its a mixed bag.  Really I’d be dealing with the same issues needing to hash.

Note: “No Name” is the name of my USB Device… You’ll need to look in you volumes folder to find the name of your own. You’ll also need to change the user folder from “certdoctor” to your username folder. I’m also a newbie to Mac/BASH style scripting so pardon the long form.. An feel free to make any suggestions.

The Script:
#!/bin/bash
CLEAR
cd /
cd /volumes
cd “no name”
md5 *.* >/users/certdoctor/documents/usb_md5_current.txt
cd /users/certdoctor/documents/
CLEAR
diff usb_md5.txt usb_md5_current.txt
read -p “—-PAUSE—-”

 
2011,Sep
W

Bluetooth for VoiceOver iOS Accessiblity

in Low Vision & Blind Stuff , by dward

In an effort to find a way to use Bluetooth with VoiceOver. I received the following email in reply from the very helpful Apple Accessibility team. Hopefully it will help some of you striving to use the full features of iOS as an AT solution.

——Letter—-

Hi,

Thank you for your email. To have the VoiceOver audio route to the Bluetooth headset, the headset will need to support the A2DP bluetooth profile. Jabra, Plantronics, Motorola and Jawbone are a few of the Bluetooth headset manufacturers that have A2DP compatible headsets.

Apple Accessibility

 
2011,Jul
W

Hello world!

in Uncategorized , by dward

The Blog is update… from earlier one. Welcome..

 
2011,Mar
W

Powershell TXT Modification Script

in General Tech , by dward

“Here’s a script for modifying some CSV files I had. It prompts you for the name of the file. (Pretty sure you need to have the script in the same directory). Then it repeatedly asks for what you want replaced and what you want it replaced with. I had a lot of modifications to make so it just keeps asking till you exit the script. You can exit the script by typing exit at the ‘with’ line. With each mod’ it creates a sequence of copies of the orginal file with each subsequent change. (test.csv, test.csv1, test.csv2, etc.) Then it copies the end file after exiting, over the orgin file. Hence if you need the orginal file look for the file (test.csv0 or test.csv1). This is kind of a beta so feel free to improve it… or email me revisions. The one problem I ran into is when changing non-letters/numbers in a document; say I needed to remove quotes from a document. By default it gives me errors. Often you have to type in such characters twice so the Powershell script knows to treat it as a character.. Its a bit of a pain. Enjoy!!

Script below:

#########
#attempt to replace db stuff
$file_id = read-host “”file to modify: “”
$count = 0
$file_not = $file_id + $count
Copy-item $file_id $file_not

#####begin loop
while ($count -lt 700)
{
$file_not = $file_id + $count
$file_new = $file_id + ($count + 1)
$replace = read-host “”Replace”"
select-string -path $file_not -pattern $replace
$with = read-host “”With”"
##archive list of changes
#exit statement
if ($with -match “”exit”")
{
break
}
### log of changes
$change_str = “”$count”" + $replace + $with
add-content -Path change.log -Value $change_str
### actual mod script
### modifies org file with new file based on replace and with
### change.log keeps track of changes count number list prior file
(get-content $file_not) | foreach-object {$_ -replace $replace, $with} | set-content $file_new
select-string -path $file_new -pattern $with
copy-item $file_new $file_id
$count = $count + 1
}

 
2011,Feb
W

Powershell Print Job Cancel

in General Tech , by dward

“This could be real helpful if you have a client who keeps clicking the Print button prematurely. To save on ink, an phone calls, maybe this script could help.

Script:

Get-WmiObject Win32_Printer -computerName “”Computer3″” | Where {$_.Name -eq “”HP LaserJet Professional P1102w”"} | ForEach { $_.CancelAllJobs() }

#End

So for “”Computer3″” put your computer name… An of coarse your default printer where the “”HP”" printer is mentioned. To put a short-cut on the the desktop remember that you need to direct to the powershell.exe. Basically this below in the Target path.

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe C:\ps_scripts\cancel_print_jobs.ps1

Enjoy :)

 
2011,Jan
W

Handy Powershell Uptime Script

in Uncategorized , by dward

“Thought some folks might find this handy.

$wmi=Get-WmiObject -class Win32_OperatingSystem
$LBTime=$wmi.ConvertToDateTime($wmi.Lastbootuptime)
[TimeSpan]$uptime=New-TimeSpan $LBTime $(get-date)
Write-host “Uptime: ” $uptime.days “Days” $uptime.hours “Hours” $uptime.minutes “Minutes” $uptime.seconds “Seconds”
Write-Host “”Press any key to continue …”"
$x = $host.UI.RawUI.ReadKey(“”NoEcho,IncludeKeyDown”")

 
2010,Dec
W

Powershell weather Alarm Clock for Pandora

in General Tech , by dward

I thought there might be somebody out there that might want this. Its a alarm clock script that quarries a weather server then reads it alloud. Then launches Pandora. Pandora is launched in the system default browser so if your like me with several security extension you might need to whitelist Pandora so it will just play unattended. The cmdlet that reads outload is an add-on module to the Powershell library so you will need that if you want it read. Otherwise you could always flip it around and just have it displayed on your screen. Of coarse a RSS reader could easily do that. Have fun!! I did.
<p style=”text-align: left;”><strong><span style=”color: #339966;”><em>#alarm function
$date = get-date
$hour = $date.hour
$wakeup = 6
#wakeup variable is based on 24hr clock
while ($hour -ne $wakeup)
{
$date = get-date
start-sleep -s 300
#I have the start-sleep command
#to cut down on CPU cycles
#its setup to check the time every 5min
$hour = $date.hour
}
out-speech “Looking up Weather, Sir”
#begining of weather call
Import-Module Pscx
$weather = New-WebServiceProxy -uri http://www.webservicex.com/globalweather.asmx?WSDL
([xml]$weather.GetWeather(‘Washington DC’,'United States’)).CurrentWeather
([xml]$weather.GetWeather(‘Washington DC’,'United States’)).CurrentWeather | out-speech
# Pandora launch
explorer http://pandora.com
# close window scrip on key press
Write-Host “Press any key to continue …”
$x = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
out-speech “Closing Window, Sir” </em></span></strong></p>

 
2010,Jun
W

Banking Security Epic Fail BB&T

in IT Security , by dward 

Here's an email recently sent to a bank with a serious security problem and a lack of concern for their clients. They've been made aware of this in the past year or so at least twice and they still choose to ignore it. I find it as a IT security professional disturbing.

(Some components of the email have been removed for privacy and security purposes; These are clearly marked.)

"Dear Internet Fraud Division,
Why do you not digitally sign your Main login page at BBT.com with a Digital Certificate via SSL/TLS? In short why don't you follow your own security guidelines (see quote below). Having such a certificate from a company such as Verisign serves primarily one interest; authenticating yourself to your users.  It is also the foremost way in which to PREVENT Phishing. And in our day with DNS poisoning it also provides significant aid. You already possess a EV Class 3 Verisign Certificate and sign the page you get in case you mistype your password; Why not sign the main login page. (In fact the sole reason EV certificates were created was to make it easier to authenticate yourself to your clients visually.) Notice the authorities comments below.

"If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure")."
Source-Federal Trade Commission's "On Guard Online" Program
http://www.onguardonline.gov/topics/phishing.aspx

"Only enter personal information on a secure Web site...When entering personal data at a Web site, look for a "locked padlock" in the browser or "https" at the beginning of the Web site address to make sure the site is secure. "
Source- Better Business Bureau
http://www.bbbonline.org/idTheft/phishingScams.asp

"The term "https" should precede any web address (or URL) where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data."
Source- PayPal an eBay Company
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside

"Look for 'https://' and a lock icon in the address bar before entering any private information."
Source- University of Georgia "Office of Information Security"
https://infosec.uga.edu/sate/phishing.php

NOTICE WHAT YOUR OWN SITE SAYS
"You can tell your online session with BB&T is secure through the following:
* An unbroken key or a locked padlock icon will appear at the bottom of your browser screen.
* The website address at the top of your browser screen will change from "http" to "https". "
Source- Yourself
http://www.bbt.com/about/privacyandsecurity/onlinesecurity.html

As a IT Security Professional I understand that there are always weakness and methods of exploitation; but each layer of security helps our clients and adds to security. Please resolve this issue... Its just not a poor choice on your part... its probably liable.

Sincerely a Disappointed Customer,
<Name Removed for Privacy>

PS- All the following banks do what you don't...
https://www.bankofamerica.com
https://www.suntrust.com
https://www.wachovia.com/
https://online.citibank.com "