Thursday, October 16, 2008

Symantec Backup Exec 12

Seagate Backup Plus Desktop 1TB USB 3.0 External Hard Drive (Google Affiliate Ad)When setting up Symantec Backup Exec 12, and using a NAS(Network Attached Storage). If you have problems creating Backup to Disk Folder on a remote NAS, such as a Thecus N5200. I recommend you follow the following instructions (on Windows Server 2003)

  • Click Start, Control panel, Stored Usernames and Passwords
  • Click Add, Then enter in the Fill out the sheet
  1. Server {Either the IP or the Name, if it is in the DNS}
  2. Username {type it in or choose it from the list, ie N5200\backupagent}
  3. Password {type in the password}
  • Repeat for each NAS
  • Verify the credentials work
  1. Click Start, Run and then then enter in the ip or Name of the NAS+ Backup folder ie \\\backups
  • Then go back into the Symantec Backup Exec Control Panel and create the folders

-- Tim Krabec
Reblog this post [with Zemanta]

Sunday, August 31, 2008

New Podcast

Aaron Myers and I, Tim Krabec, have started a new podcast. It's located at our 1st episode is online. We are aiming to release 3-4 short pod casts a month on topics relevant to Small businesses. If you have any questions, comments, Ideas, or something you want to hear please email us at

-- Tim Krabec

Friday, July 25, 2008

Training:Know your home

Get Trained at Home
Teach children how to dial 9-1-1 in an emergency. Review emergency action steps with all family members:
• Check the scene and the victim
• Call 9-1-1 or your local emergency number posted by the telephone
• Care for the victim
Practice, practice, practice. If you children are unsure, practice some more, if they are scared let them know it is ok to be scared, but that practicing will help them over come their fear.
Help your children learn more about emergencies. Download this preparedness coloring book or visit

Additional information: In the event of a disaster, emergency medical response may be delayed because of the remoteness of your home or by adverse conditions, such as roads blocked by floodwater or debris. While precious minutes slip by, your emergency training could mean the difference between life and death. Properly administered first aid or CPR can help stabilize an injured or ailing family member until help arrives. Make sure at least one family member is trained in first aid and CPR and how to use an automated external defibrillator. It could save a life. For more information on CPR/AED training, contact your local Red Cross chapter or visit

-- Tim Krabec

Thursday, July 24, 2008

Kit: Car Kit

You should also keep a smaller version of your emergency supply kit in your vehicle, in case you are commuting or traveling when disaster strikes.

Emergency Kit For Your Vehicle
• Bottled water and non-perishable high energy foods, such as granola bars, raisins and peanut butter
• Flashlight and extra batteries
• Blanket
• Booster cables
• Fire extinguisher (5 lb., A-B-C type) with a hose, most fire extinguishers do not work upside down!
• First aid kit and manual (and basic training)
• Maps
• Shovel
• Tire repair kit and pump
• Flares or other emergency marking devices

-- Tim Krabec

Wednesday, July 23, 2008

What’s in YOUR kit? Part 3

Include at least one complete change of clothing and footwear per person in your emergency supply kit. We suggest long pants and long sleeves for additional protection after a disaster. If you are going to be working outside in the water bring several changes of socks, and possibly shoes, to give your feet a chance to dry out.

Clothing and Bedding
(Essential Items are Marked with an Asterisk *)
• Sturdy shoes or work boots*
• Rain gear*
• Blankets or sleeping bags*
• Hat and gloves
• Thermal underwear
• Sunglasses

-- Tim Krabec

Tuesday, July 22, 2008

What’s in YOUR kit? Part 2

Also include items for sanitation in your emergency supply kit. Consider the following:

(Essential Items are Marked with an Asterisk *)
• Toilet paper, towelettes*
• Wet Wipes
• Hand Sanitizer
• A shop soap for cutting through grease and grime with minimal water
• Soap, liquid detergent*
• Feminine supplies*
• Personal hygiene items*
• Plastic garbage bags, ties (for personal sanitation uses)*
• Plastic bucket with tight lid
• Disinfectant
• Household chlorine bleach

-- Tim Krabec

Monday, July 21, 2008

What’s in YOUR kit?

One of the easiest ways you can prepare for emergencies is to keep some supplies readily available. When preparing my kit I pretend I will be camping and not able to go out to buy anything. Every kit is unique and can be tailored to meet the specific needs of your family, but below is a general list of supplies you may want to consider:

Tools and Supplies
(Essential Items are Marked with an Asterisk *)
• Mess kits, or paper cups, plates, and plastic utensils
• Emergency preparedness manual and a copy of your disaster plan, including your emergency contacts list
• Battery-operated radio and extra batteries*
• Flashlight and extra batteries*
• Cash or traveler's checks, change*
• Non-electric can opener, utility knife*
• Fire extinguisher: small ABC type stored near where fires are likely to occur such as a kitchen, or near a fireplace. It should not be kept in the disaster supplies kit.
• Tube tent
• Duct Tape*
• Compass
• Matches in a waterproof container
• Aluminum foil
• Plastic storage containers
• Signal flare
• Paper, pencil*
• Needles, thread
• Medicine dropper
• Shut-off wrench or pliers, to turn off household gas and water
• Whistle*
• Plastic sheeting*
• Map of the area (for locating shelters and evacuation routes)

Sunday, July 20, 2008

Plan: Get emergency help

Teach your children how and when to call 9-1-1 or your local Emergency Medical Services number for help. Post these and other emergency telephone numbers by telephones. Make sure they know you address, and a description of it. Also if your has an medical conditions or takes medicines make sure you keep Card of your relevant medical records in a handy location so your children can provide that to the Operator or the Rescue staff.

-- Tim Krabec

Friday, July 18, 2008

Water, water anywhere?

Keep at least a three-day supply of water per person. Store a minimum of one gallon of water per person per day (two quarts for drinking, two quarts for food preparation and sanitation). Store water in plastic containers such as soft drink bottles. Avoid using containers that will decompose or break, such as milk cartons or glass bottles. If you have an event such as a hurricane, or another disaster that you can plan for, and will be staying put, you can easily increase your available water by filling containers such as mixing a bowl, or coffee pot, or just about any other food safe product, just remember to drink the water from them 1st, and always watch out for contamination. A normally active person needs to drink at least two quarts of water each day. Hot environments and strenuous activity can double that amount. Children, nursing mothers, and people who are sick will also need more.

-- Tim Krabec

Monday, July 14, 2008

Kit: First Aid

Take a minute to check your Office’s first aid kit, and note any depleted items — then, add them to your shopping list. Don’t have a first aid kit? Add that to the list or build a kit yourself. For more information about first aid kits, visit
Additional information: Just add the following items to your shopping list and assemble a first aid kit and consider creating a kit for each vehicle as well:

First Aid Kit
Assemble a first aid kit for your home and one for each car.
• (20) adhesive bandages, various sizes
• (1) 5" x 9" sterile dressing
• (1) conforming roller gauze bandage
• (2) triangular bandages
• (2) 3 x 3 sterile gauze pads
• (2) 4 x 4 sterile gauze pads
• (1) roll 3" cohesive bandage
• (2) germicidal hand wipes or waterless alcohol-based hand sanitizer
• (6) antiseptic wipes
• (2) pair large medical grade non-latex gloves
• Adhesive tape, 2" width
• Anti-bacterial ointment
• Cold pack
• Scissors (small, personal)
• Tweezers
• CPR breathing barrier, such as a face shield
• First Aid Manual

Non-Prescription and Prescription Drugs
• Aspirin or non-aspirin pain reliever
• Anti-diarrhea medication
• Antacid (for stomach upset)
• Syrup of Ipecac (use to induce vomiting if advised by the Poison Control Center)
• Laxative
• Activated charcoal (use if advised by the Poison Control Center)
• Prescription drugs, as recommended by your physician, and copies of the prescriptions in case they need to be replaced

-- Tim Krabec

Sunday, July 13, 2008

Plan: Is school in or out when disaster strikes?

Tip Copy: Check your child’s school Web site or call the school office to request a copy of the school’s emergency plan. Keep a copy at home and work or other places where you spend a lot of your time and make sure the school’s plan is incorporated into your family’s emergency plan. Also, learn about the disaster plans at your workplace or other places where you and your family spend time.

--Tim Krabec

Thursday, July 10, 2008

Plan: What’s the plan, boss?

What if disaster strikes while you’re at work? Do you know the emergency preparedness plan for your workplace? Have you shared your personal disaster plan with your co-workers? While many companies have been more alert and pro-active in preparing for disasters of all types since the September 11, 2001 attacks, a national survey indicates that many employees still don’t know what their workplace plan is for major or minor disasters. If you don’t know yours, make a point to ask. If your office does not have a plan, work on getting one implemented. FYI choosing to close the company is a valid disaster/business continuity plan, if it is decided before the emergency.

Know multiple ways to exit your building, participate in workplace evacuation drills, and consider keeping some emergency supplies at the office. Visit and click on Ready Business for more information about business preparedness.

-- Tim Krabec

Wednesday, July 9, 2008

South Florida ISSA Hack the FLAG 2008

This year's Event will be one for the books.
Sponsors this year include:
Digitalera Group
Over $5000 in prizes will be given away!

The Main Event

  • Event is FREE, All Skill levels welcomed to participate or just come and watch
  • ALL participating South Florida ISSA Acitve(paid) member who attend the July 17th meeting will get a license of CANVAS FREE!!!
  • Groups of 4 and Individuals we may enter. (we will team up individuals)
  • Come and show off your skillz or watch others capture flags to take home some amazing prizes.
  • Live hacking demo by one of the top industry experts!
The Chili Cook-Off
Come and try to compete with the top chef's in the South Florida ISSA. Last year we had over 10 entries with Pot of Gold taking the top spot. See if your Chili is up to par and take home part of the prize pot (active SF ISSA members only).

The event will be held at:
Hollywood Jaycee Hall
2930 Hollywood Blvd
Holywood, FL 33020
For more information:
or contact Jeff Dell President SF ISSA
561-327-6001 - jdell crosstecsoftware com (fix it your self )
-- Tim Krabec

Plan: Work together

A community working together during an emergency makes sense.
• Talk to your neighbors about how you can work together during an emergency.
• Find out if anyone has specialized equipment like a power generator, or expertise such as medical knowledge, that might help in a crisis.
• Make back-up plans for children in case you can't get home in an emergency or their daycare is closed.
Sharing plans and communicating in advance is a good strategy.
• Decide who will check on elderly or disabled neighbors.
• Work with other businesses near by to pool resources and provide on site child care.

-- Tim Krabec

Tuesday, July 8, 2008

Huge vulnerability in DNS today Multiple Vendors release patches

Get your IT staff the resources they need to fix this vulnerability. Here is a link to an interview with Dan Kaminsky. As Usual Martin McKeay and Rick Mogul have done another great interview.

-- Tim Krabec

Plan: Practice makes perfect!

Practice. Practice. Practice. Conduct fire drills and practice evacuating your office & home at least twice a year. Drive your planned evacuation route and plot alternate routes on a map in case main roads are blocked or gridlocked. Practice earthquake and tornado drills at home, school and work. Commit a weekend to update telephone numbers, emergency supplies and review your plan with everyone. Scheduled and unscheduled drills both have their merits.

Tim Krabec

Monday, July 7, 2008

Plan: Make it a habit

Go through your calendar now, and put a reminder on it — every six months, more often if thing change often — to review your plan, update numbers, and check supplies to be sure nothing has expired, spoiled, or changed. Also remember to practice your tornado, fire escape and other disaster plans.

-- Tim Krabec

Sunday, July 6, 2008

Hurricanes and Tropical storms

The National Weather Service's Hurricane Center provides loads of useful information. Storm track forecasts, strength forecasts, historical information, disaster kit recommendations, etc. But the one "forecast/model" I find they are missing a model I use my self, basically I assume the storm is heading straight for me (for planning purposes). I take the storm's current position, and speed, then I use a latitude/longitude calculator to get the distance to where I am.

The July 6th 11am forecast puts the storm at 17.4N 45.1W Moving West at 21MPH(note sometimes this is releases as knots)
Picking a lat long close to my location 27.0N 80.5W
Using a latitude/longitude calculator I find the storm is about 2349 miles away.
Now I simply divide the distance (2349 mi) by it's current speed (21MPH) to get 111.9 Hours or about 4.5 Days away.

I use my "worst case" number to start evaluating the need to work on the phase(s) of the emergency plan that should be started. I compare my "forecast" with the forecast that the NHC has released. At this time my number is way off of the NHC's number, in about 4.5 days they show the storm still well east of the Bahamas. I use my "forecast" mostly as a buffer against the unpredictibility of these storms.

For planning purposes I assume the "worst", I assume the storm will hit me, and I will assume it will be the stonger of possibilities. I will start preparing (especially for the 1st storm) a bit further out, making sure I pick things up out of my yard, and starting purchasing the supplies I need for the storm. By implementing portions of my plan well in advnavce of a storm, I beat many people who wait till the last minute.

--Tim Krabec

Plan: Man’s best friend

Dogs may be man’s best friend, but due to health regulations, most emergency shelters cannot house animals. Find out in advance how to care for your pets and working animals when disaster strikes. Pets should not be left behind, but could be taken to a veterinary office, family member’s home or animal shelter during an emergency. Also be sure to store extra food and water for pets.
For more information, visit the Animal Safety section on or visit the Humane Society Web site at

Tim Krabec

Saturday, July 5, 2008

Plan: Emergecy Contacts

Complete an emergency contact card and make copies for each member of your office family to carry with them. Be sure to include an out-of-town contact on your contact card. It may be easier to reach someone out of town if local phone lines are out of service or overloaded. You should also have at least one traditionally wired landline phone, as cordless or cellular phones may not work in an emergency.

Visit or for sample emergency contact cards. Remember in Large offices department lists may be more efficient than a phone book of emergency contacts. Update the list on a regular basis, at the begining and midway through hurricane season and immediately after new-hires are added.

-- Tim Krabec

Friday, July 4, 2008

Happy Fourth of July

Fire works safetips from


-- Tim Krabec

Thursday, July 3, 2008

Plan: Make a Connection

Choose an emergency contact person outside your area because it may be easier to call long distance than locally after a local/regional disaster. Take a minute now to call or e-mail an out-of-town co-worker, friend or family member to ask him or her to be your family’s designated contact in the event of an emergency. Be sure to share the contact's phone number with everyone in the office and with your family. During an emergency, you can call your contact who can share with others, where you are; how you are doing; and how to get in contact with you.

-- Tim Krabec

Wednesday, July 2, 2008

Plan: Where to meet

Pick a place to meet after a disaster. Designate at least two meeting places. Choose one right outside your home or office, in case of a sudden emergency, such as a fire or bomb threat. The second place you choose needs to be outside your immediate area and possilbly out of state, in the event that it is not safe to stay near or return to your home, in the event of a hurricane or earth quake or large fire.

-- Tim Krabec

Plan: Best Way Out

Take a moment to imagine that there is an emergency, like a fire, Chemical spill, etc. in your home or business , and you need to leave quickly. What are the best escape routes? Find at least two ways out. What if I have to walk? Where am I going to meet up with others? Now, write it down you’ve got the beginning of a plan.

-- Tim Krabec

Tuesday, July 1, 2008

Get Prepared

After a quiet 1st month of Hurricane season, we need cannot let our guard down. We need to continue planning and preparing. For those of you who follow the news, you are well aware of flooding in the Midwest. While there were many safeguards in place, levees, pumps, sand bags, and building codes, there were still failures and failures in multiple systems. Don't forget the fires in California and the west. There are a few simple steps you and your family or business can take to become better prepared for an emergency: Get a Kit, Make a Plan, Be Informed and Get Involved.
Here are some Sites to help.

Tim Krabec

Stay tuned for more posts based on last years DHS 30 tips for Emergency preparedness.

Process, Policy Procedures

I have recently had a breakthrough, I have always heard about the 3P's, but never put much credence into them, because everything has always worked out ok in the end. Over the past several several months I have seen many offices where things have been getting out of control, support ticket after support ticket, large project after large project. I have begun to feel over whelmed, no matter what was thrown at thickets, they kept coming. Close 1 ticket 3 more open up, assign 2 tickets, group 5 together, 10 more come in. Needless to say, things were weighing heavily on me. Then I managed to get some free time and take in a few sessions from out Local ISSA, Man what a difference! I geaned so much out of the sessions that just filled voids that I knew were there, but just could not put my finger on.

Suddenly everything made sense, of the multitude of tickets most were boiled down to people not following SOP, needing more training, and just plain not stopping to think about the problem before they screamed for help. There were still many tickets to deal with, but the immense pressure of losing tracting every time I turned around, all the questioning I had been doing about my skills, and those of people around me had been lifted.

Even in small environments you need a well defined set of Policies, Procedure, and Processes, they do not need to be as complex as SOX, PCI, ITIL or the like, but expectations need to be concrete of both the staff, and the IT people, as well as those from Top Management. Part of the 3P's should also include training, ownership and pain.

Training is obvious, everyone, including IT needs more training.
Ownership, everyone needs to own their piece of the process, or their machine, something.
Pain, the pain in failure of the 3P's needs to fall in the proper place back to the owner of said resource, ie if the user has been sitting on a problem and now they have a deadline, the pain needs to be the user's not IT's and if IT has been screwing around not fixing a problem, then the converse is true.

Here are some articles that I have found very helpful.
This is more of an example of Faulure of 3P's

-- Tim Krabec

Tuesday, June 24, 2008

I am a very very proud father.

Between yesterday and today, all my children decided to put a password or pass phrase on their local computer accounts. While this was probably initiated by the 12 yo wanting a password on the younger one's machines, not connected to the internet. This prompted the 5 and nearly 6 year old's to request a password of their own. The 5 y/o chose a 7 character password and the 6 y/o chose a 9 letter pass phrase.

I am pleased to see the children learning/applying such good computer practices at such a young age. Such good computer practices will surely stick with them for a long time. Now to teach them to not share their password.

-- Tim Krabec

Sunday, June 1, 2008

Hurricane Season is here

It is once again time for Hurricane season. Time to dust off the emergency plan or develop one.
Resources: Basic planning for your business, home, & information for the kids A similar site for Floridians, Family, business, & home strengthening.

Backup your data, off-site do this in advance of a storm as it can take a day or more to backup several "Gigs" of data. Or simple copy the information to removable drives and send it with trust worthy employees (encryption is recommended in case the media gets lost or stolen)

Be prepared to work with out power or computers for a few days, or possibly phones and a building, get remote call forwarding on your primary business and fax lines so you can re-route out of state or to a place with working phones, remotely.

Get a supply of water and food for your home and business, be prepared to feed your employees and allow their families to come to work. If you're going to ask them to work after a disaster remember restaurants, and childcare is probably not going to be available.

One Final note, Planning to go out of business is a valid response to a disaster, provided you make the choice before the disaster and you are forced out of business.

-- Tim Krabec

Time & Scheduling

There never seems to be enough time in a day, week or month. Find a schedule/system and use it, 43 Folders, Franklin Covey, or just a calendar. Get a program and start using it. Schedule your business, personal and free time. Put a value on your time for each activity, this does not have to be written, just noted. Allow some time in your schedule for flexibility. Share your calendar with your spouse/significant other, find out what is important to them, and plan appropriately.

Check your calendar when ever scheduling, especially if you have a shared calendar with your S.O. or even business partner. Remember to charge appropriately for rush jobs & for jobs that interrupt your free time. Remember to value your employee's time as well. A few hrs of time off during the week with out a hassle can go a long way, when you need a bit more time or an extra couple hours over a weekend.

-- Tim Krabec

Thursday, May 1, 2008

Microsoft Small Business Accounting & Quickbooks

I just received my copy of Microsoft Small Business Accounting 2008, I've been wanting to try this out since I had the 2007 version, but I was unable to import the data from Quickbooks 2006 Pro. When I installed Small Business Accounting I started the import and low and behold I did not have to enter my Quickbooks password. This struck me as very odd and made me concerned, being out of time, I tabled further investigations until today. I created a dummy company, in Quickbooks, "Hackme" added a few quick entries, and proceeded to try to import it into Small Business Accounting.

When I tried to import he new company file it prompted me to open the file and allow access to Small Business Accounting. At which time I stopped feeling a bit better, but that feeling did not last long. I got to thinking, I remembered allowing access to Small Business Accounting several months back. My Quickbooks file has been vulnerable to theft, my customer data, names, address and phone numbers have been more or less easy pickings. The only positives as I see it is I do not store my bank accounts in Quickbooks, only a description of the account and I do not store Credit card data.

I'm doing a bit more research into how this can be avoided, mitigated, and or cleared after access has been granted. I certainly do not want my Quickbooks files being vulnerable to being sucked out by other people using Small Business Accounting or any other "authorized program".

I take some of the blame for allowing a program access to my data with out fully understanding what it does, but I also blame Microsoft & Intuit for not having the data link secured in a more robust manner. I am not sure if this "authorized link" can be exploited only on the machine it was initiated or if any Quickbooks file can be compromised after Small Business Accounting has been granted access, I have some tests under way, and will post the data when it becomes available.

Until then take this as a lesson learned, and do not allow programs access to your data, unless you know a few things:
1. How to revoke access to the program
2. What the program is actually going to do with the data
3. What type of data you are potentially exposing to the world
4. If the risk is worth the potential pay off.

-- Tim Krabec

Thursday, April 24, 2008

Hit Man Spam

Spam has evolved over the years. By now most of us are familiar with the Nigerian Email scams of some one needing to funnel several "miloins of doll ares" out of their country, and give you a percentage, just by letting them use your bank account. On Monday Martin McKeay blogged about a Spam scam on being Sued by the Federal government. Now today I see an article in the local paper about a person being targeted by a hit man via email. reports A local Jensen Beach claims he being sought hitman. Something needs to be done to help educate people on spam, and scams in general.

The major difference I have seen between scams and online scams seems to be the amount of scams online, the number of people that can be targeted at once, and the emergence of scams that have more or less been squashed in real life.

-- Tim Krabec

Sunday, April 20, 2008

Failing to Plan is not Planning to Fail

The topic of planning has come up recently in some of the podcasts, that I listen to, and There are basic options when it comes to planning:
1 Fail to Plan, Wing it and hope things go well.
2 Plan to Fail, Plan knowing things will go wrong, while trying to come up with where and when they can fail.

When failing to plan you need to have people who can react to a situation rationally, have lots of experience. Then depending on the type and severity of the failure you can make it out of the problem relatively unscathed. I speculate that we do not even notice failures, they just manifest them selves as slowdowns to the project.

While planning to fail, in contrast means that you realize that failure can and probably will occur, but during you meeting(s) you try to mitigate the affects of failure. The act of planning causes you to think about the project and can help you to work in the group. Even if nothing in your plan or contingency is used, you have at least though about the project and have more open communication with the group.

-- Tim Krabec

Monday, April 7, 2008

Support Networks

Sunday night, just as bath time was finishing up, one of our children slipped and busted his chin on the tub. After some 1st aid, the decision was made to go to the hospital for stitches. We made one phone call to a member of our support network and about 20 minutes later our support had arrived, a grandmother.

While this was a family emergency I got to thinking about how blessed we are to have a good local support network, I got to thinking about my computer support network. What happens if I get multiple emergency calls at the same time? Where do I turn if I'm out of ideas? Who do I talk to about the latest threats, the latest projects, new ideas?

If you do not have a network, start building one. Your local chapters of ISSA, Infragard, ASIS, a 2600 meeting group,,, league of professional system,, technical IRC channels, a local LUG, a SAGE chapter, a local computer club. I highly recommend working on an nurturing a support network, there is nothing like being owed a favor or 2 when you really need it. Earning favors is easy, just share your experience. If the groups are local join, give of your time, a few hours here and there can really add up. Share how you manage your updates, talk about scripts you've written to handle this or that, ask questions about how some one else accomplished another feat.

-- Tim Krabec

Sunday, April 6, 2008

G-Archiver, it's been nearly a month, what is thy status?

Nearly a month ago a story broke about g-archiver, a program to back up your Gmail emails. I wrote about it here. There was a piece of "debug" code left in the author(s) suggested it was an innocent mistake and it would be corrected quickly (here). But nearly a month later there is still no patch, no fix, and it appears no further response from the author(s). Shortly after the story broke I searched for different versions of the software, and all I could find was only the 1 version. At this point I'm going to assume that the author(s) were not serious about the product and more or less released a totally immature product written for personal use, or don't really care about the people using their product.

-- Tim Krabec

Thursday, April 3, 2008

Disaster recovery

How would you like to get a call from anyone in your organization to hear your server room is getting flooded Proper placement of your critical infrastructure is imperative. A disaster recovery plan and a business continuity plan are essential for a business to survive a disaster, and remain open. has a some good resources to help you get started developing your Disaster plans.

Believe it or not the video you just saw (hopefully) could have been a carefully planned server room placement in an area where problems above ground ie tornadoes occur more frequently than floods. After watching the video I doubt that that was the case.

-- Tim Krabec

Tuesday, April 1, 2008

Sunk Cost

Many businesses deal with slow computers on a daily basis, which sap productivity, and increase the cost of maintenance. There are many reasons for slow computers but a very common, and typically easy fix is the amount of ram in a computer. When you use more ram than your computer physically has your computer starts to use virtual memory, which is simply space on your hard drive used to emulate ram. This keeps the computer from crashing, but can slow it down considerably. The speed of memory is on the order of Nanoseconds, 0.000000001 second. While the speed of a hard drive is measured in Milliseconds, 0.001 Second. You can get approximately 10,000,000 reads from memory in the time it takes to make 1 read from the hard drive (assuming your hard drive can produce a read in about 10 milliseconds and your memory in 1 nano second ). A few reads from the hard drive instead of ram can really slow down your machine. Now imagine your computer has 256 Megabytes of ram but you are using 300, 400 or even 500 Megabytes of ram, your machine's speed will be reduced to a crawl.

Removing programs from your machine such, disabling services and running fewer programs at a time can help breath life into an older machine. Changing your antivirus from an expensive suite to a program that has less of a foot print, can boost performance. "I already paid for it" is not a good reason to keep using something that slows your performance to a crawl. Would you keep an employee that you trained if they constantly made mistakes and they were slower than everyone else in your company, even after repeated training? Would you keep a printer that only prints 4 pages per minute when you can replace it for $150 and get more than triple the performance? We tend to replace and upgrade devices where we see the performance in a tangible way, pages from a printer, copies per minute from the copier, etc. But we overlook things as the speed of computers, the impact of a program on the performance of an employee.

Upgrading the amount of ram in your computer can generally be done for about $100, but stopping services from running, replacing memory hogs with smaller foot print programs, running 1 or 2 applications at a time and closing down Instant messengers, and other items down by the clock (on windows) can increase the performance of your machine for next to nothing. In short keeping a program, or using it simply because you already paid for it does not always make sense, talk to a computer professional, if you have questions about the performance of your machines.

-- Tim Krabec

Monday, March 31, 2008

ORDB Gone bad?

I received an email this morning from a collegue giving me a heads up on ORDB queries returning everything as an open relay.

According to the WHOIS information the domain has been registered since june 2001, and was last updated january of 2007, and the domain expires (currently) in June of 2016.

I'm wondering if 1 the DNS information was changed to get people to stop using their site, or if it had been hacked by the spammers to stop people from trusting Open relay type services.

So if you're having problemssending or receiving mail, as always check your configs and in this case please remove from your list of open relay databases, as they ceased operating in December of 2006.

-- Tim Krabec

Friday, March 28, 2008

the HoneySpam project is now live

I would like to thanks Subdriven & Panaman from the irc channel for volunteering to help with this project.

The basic goal is to find out why people click on links in spam and develop better training. I started this project less than 24 hours ago (at time of posting) and I am pleased to have others showing interest. Stay tuned.

-- Tim Krabec

Thursday, March 27, 2008

No Patch for Human Stupidity

Sender: Not recognized
Subject: Nonsense
Body: Link only

Pop Quiz:
A. Click the link
B. Delete the Message
C. Send it to Spam
D. Adjust the Spam filters on the server

If you picked anything but A you are smarter than Bob's co-worker.

What makes people do stuff like this? Why? Would they walk up to a building in a strange neighborhood and open the door and walk in, just because? Are these the same people who go to the wrong address and wonder why the people who they are looking for are not there?

Well to answer those questions I got the brilliant Idea to start a new Honey project. Coming soon. I envision this project as a collection point for surveys where fake spam is sent to co-workers or clients to find out why people are clicking on links in spam, so that we can develop better methods of training.

Tim Krabec

Wednesday, March 26, 2008

"Having the talk" now means 2 things
Having children used to mean having "the talk" about the birds and the bees, now there is a second talk that you should have, about posting stuff to the internet. You can have the exact same problem with employees, and their blogging or online activities. When you have this talk, it should not just be about you, your job, the company, or laws, it should concern what can potentially happen to your child or employee. You need to arm them with knowledge, and explain consequences for their actions. While it is important to realize that people have differences of opinion, it is also important for both sides to realize that they both may have a seat at the table. Weather it is your child or an employee that has a problem with an action the company is doing, both can have devastating effects on you, the company, the employee or child.
Having open lines of communication can help you either defuse a situation, or properly prepare for what is coming. Let's take an example of a company clearing some land for a new building. The company may have great plans, for this location, but be too blinded by their vision, to realize that they are not taking into account the natural beauty of the site, it's historic significance, or it's natural value. By talking to their family, friends and employees they may realize that changing their plans, they can avoid negative publicity, or alienation of their employees. We probably do not need to discuss how not allowing a child or an employee the ability to express their views on a certain topic can back fire.

With the above being said it is certainly inappropriate for an employee, or a child to release damaging information (less whistle blowing) just because they disagree. And it is defiantly illegal for an employee to release IP or other proprietary information that a company has. I'm not sure on the legality of the child releasing proprietary information, but I'm pretty sure that the allowing the child to gain that information is probably the same as releasing it to others. So it is imperative you talk to the appropriate people, and discuss business only with those people you are supposed to be discussing it with.

-- Tim Krabec

Tuesday, March 25, 2008

Just write the patch, we'll decide if it is critical

According to and From computer world "Microsoft Corp's security team today acknowledged that it knew of bugs in its Jet Database Engine as far back as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors." Mitigation of threats happens on the front lines, by IT in the trenches. Firewalls, IPS/IDS are all mitigation, software and hardware vendors need to actually fix the problem not mitigate it, at least not as a long term fix.

IMHO patches should be as numerous as press releases if not more so. Patches should be painless to install across 1 or 1 million machines, and not require a reboot. If there is a critical issue that needs to be patched, involve a trusted community, where mitigation can be developed, while you (the vendor) writes the patch, and tests it.

A single patch to fix a single issue may not be the most prudent or timely solution. Take the case where a quick patch fixes the problem for a large number of machines, but in a small number it does nothing, and in the rare case it crashes the service. In the example case I just described, release the patch, show where it works and where it does not, then allow it to be deployed where it works, and fix the rest quickly. For in the case of a network worm that spreads very rapidly, I'd rather see a patch released hours after it was discovered that would immunize 35+% of the systems than a patch that is 99%+ effective weeks later.

-- Tim Krabec

Monday, March 24, 2008

The FBI can listen to you via your phone when it is off?

I serious believe/hope that there are some facts wrong in that report. I can understand that the microphone can be turned on with the phone on the phone is on, but not in an active call. But unless the phone is in some kind of sleep/hibernation mode I seriously doubt that the microphone could be activated remotely, unless it was programmed or designed to do so.

-- Tim Krabec

Sizing people up

With people being an important part of any company you need to know some tips on sizing up your employees, vendors and customers. When I read the following article I realized that there were many ideas that would not just face my wife and I when our kids started dating (some sooner than later) but also affect business on a day to day basis.

Extending the concepts brought forth in the article. Is the person dressed appropriately for their line of work? Did a high priced contractor come dressed appropriately, or did they literally drop everything to help you out in an emergency? How about demeanor or their vehicle? Does that bargain basement company employee show up in a flashy vehicle? Have you done background checks on the employee or checked references? Is the business listed with the local BBB, have you called the references provided or better yet, found references of your own?

-- Tim Krabec

Saturday, March 22, 2008

Least privilege

It is easier to start with full restrictions then allow escalation as needed than to start with full privileges then take them away. As an experiment you can give free coffee away at the office, noting that it is for a "limited time", but when the time comes people will still expect the free coffee. Now compare that to providing coffee on special occasions, or occasionally as it is needed. The same concept applies with access to files and rights on their PC. If people have access to install any program they want or access any web site they want and you restrict their access in any manner they will most likely view it as you are taking a right away from them.

You need to create policies that have expectations of business security, and ownership or buy in from the employees. Give them training on computer security where there is WIIFM, What's in it for me, and the training can be something that is used at home. Make sure to provide both a carrot and a stick. Make sure the wording is positive rather than negative, restricting the "user privileges" on your machine make it tougher for spy ware to spread or even get installed in the first place" rather than something more like "we're taking away administrator/power user rights for security".

Set an appropriate time to set up the new privileges or make it happen. Hiring a new computer company or using your existing company to do an analysis or some basic reporting on your systems can show where the deficiencies exist. After a virus or spy ware outbreak would be a perfect time to review your current plan and implement something new, especially if users were adversely affected during the outbreak. Make sure IT is not the cause of things being taken away and that they are not seen as the "bad guys" in your organization.

--Tim Krabec

Thursday, March 20, 2008

In other news

I have been elected Vice President of the South Florida Chapter of the ISSA

-- Tim Krabec

Sunday, March 16, 2008

Why do they need this?

When filling out forms for anything from joining a web site to registering software to opening a credit card to taking an "anonymous" survey we are asked many questions. When were you born, how old are you, what is your sex, are you married, do you own or rent, what is your sign, what is your highest level of education, how many kids, what is your race, your religion, your nationality, your drivers license, etc. I got to wonder why do I need to give this information out, I know several people who lie on the demographic information. I've been ignoring all information that is not required. But the question is why is this being collected?

Businesses need to ask them selves what type of information do we collect and why? How long to we keep it? How is the information used and what would happen if it were stolen? The last litmus test I would add to this would be do I want this information collected, and probably sold.

I'm not sure what information, if any, beyond name, address, phone number, advertising method and sales volume and computer stats I want to keep about my customers. I also think I'm going to maintain an active list, a hold list, and finally a purge list. The only other information I'm going to maintain is a list of customers who do not wish to have email or mail sent to them.

-- Tim Krabec

Would you use Ritalin for a headache?

Probably not. Each drug has it's own purpose, so do different "Anit-" applications. Anti virus programs such as AVG , AVAST, Symantec and McAfee anti viruses are all good at removing viruses. But simply not effective at removing spy ware, Trojans, or ad ware unless they happen function like viruses. Just as getting rid of athletes foot, requires different medicine than controlling ADHD, or even getting rid of a bacterial infection require different medicines.
Removing different types of malware (viruses, spy ware, ad ware and Trojans) require different kinds of software. Much like Ritalin anti virus & anti spy ware should be used all the time. While other programs can be used on an as needed basis. Some programs need only to be run occasionally or when suspicious activity is found.

--Tim Krabec

Tuesday, March 11, 2008

My 1st pod cast.

I would like to thank Martin McKeay ( and Rick Mogull ( for allowing me to be a guest on their podcast Network Security Podcast (episode 97). It was weird being involved in a podcast that I have listened to over the past year or so, since it sounds like I am listening to an episode, until they ask and Tim what do you have to say about...

-- Tim Krabec

Monday, March 10, 2008

It's my computer... I will install any program I want to.

Brief: The program G-Archiver mails the username and password of every person who use(d)(s) it to a specific gmail email address, and to make matters worse the username and password of the account they everybody's information was sent to was also in the code.

There has been some discussion about the intentions of the programmer, whether the intent was accidental or malicious, I'm hoping it was accidental. With that said it does not help the fact that the usernames and password of at least 1777 users of this program and gmail were potentially compromised. There are 2 lessons I would like to bring to peoples attention here:

1. Use a different password on every site you visit, or at the least use a group of passwords 1 or 2 for throw away registrations, ie local newspapers, national papers, other sites that do you would not give person/private information to. And then separate password for each banking site, financial institution, or shopping site. If I came across a set of usernames and passwords I would search the web for those usernames on various forums, myspace, facebook, etc and then I would try several of those combinations.

2. It is important that you know what programs you have on your computer, and that if you have and IT department or a computer guy/gal that they know what programs you have installed on your computer. Also when your resident IT/computer guy/gal tells you, or asks you not to install an application, it is generally not because they are being mean, they are trying to help keep your data and your computer safe.

-- Tim Krabec

Monday, March 3, 2008

The Admin, Bean Counter & Manager

It was a quiet day at work, when The Admin reads of a new threat poised to wreak havoc on networks world wide. Being the good admin, she spends some time researching the threat, and proposing a solution, with full redundancy. She then schedules a meeting with her manager and the bean counter. The bean counter immediately requests the system is cut to it's bare minimum, The Manager, who is happy that a solution exists, recommends not doing anything until it's necessary.

Sound familiar?

-- Tim Krabec

Thursday, February 21, 2008

HD Encryption can be defeated via DRAM vulnerability

Basically, the information stored in DRAM does not disappear instantly, it can take seconds to minutes for that information to fade. Which allows software from a special program to special operating system to retrieve the raw data out of this DRAM with out encryption. I would also assume a parasitic device could be placed on the DRAM module(s) to capture the unencrypted information. I would think that modifying the DRAM modules (at the factory) to shunt the memory would effectively fix the slow persistence of the data by actively draining the energy from the DRAM when it is supposed to be empty/off.

-- Tim Krabec

Wednesday, February 20, 2008


You know who these people are, they are the ones working late or coming in early to try something out or to look into an issue where something just does not "feel right". These people are the ones reading the journals, researching online, being active with their peers, listening to details, I could go on for a while, but you get the picture. Being proactive takes effort, the ability to plan, visualize, to create contingency plans, and to realize that stuff will go wrong. Being proactive also means being able to see keep things in perspective and see the big picture and never willingly walking into a situation with out as much knowledge as possible.

Being a proactive Administrator or Security Coordinator, means visiting hacking sites, learning about social engineering, learning about best practices, learning how to communicate effectively with upper management or the board. Developing or implementing policies and procedures, being replaceable and promotable, some people believe that if they are indispensable they cannot be fired or replaced easily, and while this may be true it also means that they cannot be promoted or go on a vacation. Actively seeking and maintaining contacts in various departments of your organization, allows you or your people to keep abreast of problems while they are still small, to create effective training programs and materials.

-- Tim Krabec

Monday, January 28, 2008

Recovery complete!

Having backups is essential. Reviewing backups is critical.

It is not enough to be able to restore individual files in a timely manner, you need to consider how long it will take to restore 100% of the backed up data. I'd recommend testing a restore of at least 25% of the data, then multiplying that out to get a decent estimation of how long the restore will take. Also make sure to backup the configs of every program in a some manner, either in writing or in an online backup of some sort. Make it part of your SOP to document and review backups when a new program is installed.

Databases are special files that cannot be backed up by "copying the files" while they are in use. Remember to stop the database service or use a special tool to back them up.

Specialized programs, vertical apps, or custom software require special attention, they may have files scattered about the machine, or be a database in disguise.

When making the descision as to what software program(s) to use to back up your data, be sure to consider open files, bare metal recovery, system state, domain state and databases. Open files are files that are in use when the back is ruinning. Bare metal recovery is when the machine has had a total meltdown and needs to have everything re-installed or a new machine is needed to replace the old one. System state is the information about the system it self, in windows this includes the registry and other vital information. Domain state is the information about all the users, passwords, machines, printers, etc in the domain, or "on the network". Databases are stores of data in a special format, special care must be used when backing them up, as a data base exists in memory and on the hard drive, if all the information is backup on the hard drive while it is running, critical pieces will probably be missing as some of the data is still in memory.

-- Tim

Saturday, January 12, 2008

SHTF, During a move

No matter how thoroughly you think you prepare for a move, moving equipment is always risky. Especially old equipment, that has been running for many years. The last longterm shutdown on many of these boxes was during hurricane Wilma in 2005, iirc. Needless to say there were some problems. Disaster recovery is in play, I get to see how good the plan was, and where things need to be improved. A 6-8 hour move has already turned into 14+. So far 1 Server is partially up, and the second should be recovered tomorrow sometime (fingers crossed).

-- Tim

Sunday, January 6, 2008

Computer Security is Much Like Paintball

My son and I got a chance to go and play paint ball again this weekend. We were playing some scrimmage matches on different fields (Hyperball, Spool, x-ball and the wood cross) and I was trying some new tactics, some times they failed and sometimes the succeeded. Different tactics, work against different teams, different numbers, or with different markers. Which got me thinking, how often do we change our tactics on protecting out computers and data? The Virus, Mal-ware and Insider threats are constantly changing.

There are A few different types of Administrators & Security Coordinators. The proactive ones, The passive ones, the reactive ones, and the ones in denial. There are also funding levels which can help or hinder the reactions. Fully funded, Partially funded, justify the cost, underfunded, and no funding.

Over the next few days we will discuss some of the differences and how they can affect your business.

-- Tim Krabec

Thursday, January 3, 2008

Plan your Updates carefully

Here is a excerpt from a chat I had with a few Colleagues. Names and details may have been changed.

[18:16] Fred> I just got my nosed rubbed in an important systems update rule
of thumb
[18:17] tk> rtfm?
[18:17] tk> Or not before a holiday weekend?
[18:17] Fred> yep you hit it with your 2nd guess
[18:18] Fred> fallout not complete yet, but fortunately I'm not the one who
actually made the mistake
[18:18] tk> I avoid upgrading anything, except when I've got time
[18:19] tk> what did you upgrade?
[18:19] Fred> we have about a dozen checkpoint edge devices and push policy out
to them from a central server
[18:19] Fred> one one of them, the policy did not install correctly
[18:19] Fred> let me guess, not all in 1 location
[18:20] Fred> oh no, they're scattered all over the county, physically
[18:20] Fred> when this happens instead of using the previous policy they
behave as though no policy is present at all
[18:20] tk> Joy
[18:20] Fred> yep
[18:20] Fred> so, after determining the problem, I pushed the policy out to
that one box, and things started behaving normally
[18:21] tk> nice
[18:21] Fred> but, the device had been down for 4 days over the holidays
[18:21] tk> eek
[18:21] KL> good thing you have a layered defense model....
[18:21] Fred> I know - the PD being (ahem) protected was not happy
[18:22] Fred> they should have a fallback
[18:22] Fred> like, EVDO cards
[18:23] tk> or Dial up :)
[18:23] Fred> well, several things happened to make this last longer than it
should have
[18:23] Fred> one, the on-call pager person did not follow up on the initial
[18:24] Fred> this was a new guy, doing it for the first time, so he's
probably going to get off lightly
[18:25] Fred> but, zero, the policy should not have been pushed just before
a major holiday weekend
[18:25] Fred> that's the fundamental rule that was broken

A few "Rules" for Updating systems

  1. Do not update before a holiday weekend, vacation or business trip, unless you plan on working
  2. Communicate with remote locations, make sure they are aware of the upgrade
  3. Plan for stuff to go wrong, it probably will
  4. If your sites are spread over a multiple locations, have a plan to remedy the situation in a timely manner.
  5. Make sure all on site techs know that an upgrade is planned and issues related to the update need to be addressed promptly.
-- Tim Krabec