Computer Security Part 2

Ok Kiddies, I promised you that I would show you the mysteries behind security patches and this entry is the first part of that.

First of all, it's import to note what a security patch actually is.
It is simply one or more files that have corrections to code in them that close up certain loop holes in code that allows an undesired event to occur.
This will make more sense later.

For various reasons, security patches will fail to deploy or may say they are needed when they are not. These articles will hopefully explain why these events occur and give you the knowledge to fix them.

For now, You really should have access to the following:
A Windows 2000 SP4 box with SP4 and NO patches (vmware is excellent)
A Windows XP SP2 box with NO patches (vmware is excellent)
A copy of the Microsoft baseline security analyser See this page
An MD5 tool (MD5SUM works particually and will be used in the examples)
The Pendmoves sysinterals tool.

A pen or pencil and some paper.

Let's take a Windows 2000 SP4 machine first.

Install the MBSA and perform a local scan looking for missing security patches first and you will find you can't because of an error message titled:

"the catalog file is damaged or an invalid catalog."

The fix for this problem is to apply the following security patch

It seems a little daft that a security tool actually can't work without a particular security patch being applied but there you go....

Once the patch is applied try running the scan again. You should see something similar to the screenshot here:
















That's enough for now - We have got the MBSA up and running and have a list of patches.

Next time I will show you how to break a patch.

Bulldog

There are some things that get under my skin, Cyclists riding through a closed cycle lane for one but Bulldog is one of two companies that has managed to REALLY get under my skin....

Back in March, The company I worked for designed that all IS staff were to have home DSL solutions installed. At the end of March I had a BT Engineer visit and install a new phone line - This was hooked up to Easynet and everything worked perfectly for two months.

Then comes along Bulldog who WITHOUT ANY AUTHORITY pull my Easynet connection and hook it up to themselves.
It took me a week to track down where the connection had been moved to but eventually I got through to Bulldog's complaints who appeared to be quite helpful without actually lifting a finger to get anything done.

a month into the problem, still with no DSL access I FINALLY get hold the complaints dept who promptly close ranks with a 'nuffing to do wiv us guv' type of attitude. Several unreturned phone calls and ignored emails later I have no choice but to lodge a complaint with ofcom which was subsequently dealt with by the company I work for.

I have no idea what happened with the OfCom complaint as I've never been told which is a bit frustrating but the most annoying thing about this whole episode is the one simple fact that there is NO department at BT that you can speak to who will sort these issues out. The only thing you get told is 'Can't happen'. At one point I managed to get hold of the DSL line provisioning dept who were horrified that I, a mere customer had even spoken to them as they only deal with ISP's.

Anyway, Last weekend I was out shopping when a bulldog customer agent came up to me and asked me if I wanted a Bulldog connection - I politely refused yet he persisted. The look on his face, when I told him just how bad I thought Bulldog is was an absolute picture.

Bulldog persist in sending me sales rubbish so I persist in being as annoying as possible to them - the perfect combination!!

I'd be interested to hear if anyone else has suffered problems from Bulldog illegally seizing thier phone/DSL circuit.