So, I finally have a SATA hard drive.  This is going to be so sweet.  And, it'll finally give me a chance to get rid of my last NTFS partition, which seems to be pretty flakey.

Ok, on to Vista issues.

1) Maybe this is an issue with XP too, but when I RDP to my machine the taskbar and my icons move to the other monitor.  It's not that big of a deal, but it is annoying.  I use a VGA splitter and while the two splits are labeled 1 and 2, RDP defaults to 2.  I haven't been able to find much online about it.  This guy fixed his problem, and it's the closest I can find, but it's not the problem I am having.

2) I have a Motion Computing tablet and this thing is a royal pain to upgrade to Vista.  It must be upgraded, not a fresh image.  The fresh image doesn't have wireless drivers and the company doesn't really support this model with Vista.  The only problem is our only employee with one of these has Vista (he has a 1700 rather than a 1600) and I can't reproduce the problem in Vista or XP.  He is having delay issues on digitally signed e-mails in Outlook 2007.

Ok, since I tagged this mostly as variations of BarCampMilwaukee3, I should at least say a little something about it.  There's a pre-party tomorrow night.  I won't be there.  I will be there at 10am on Saturday morning and plan on staying until the end.  I'm sure there will be some down time for a blog post, if we don't have wireless issues like we did at BarCampMadison2.  Also, at BCMad2, I went home since I basically live in Madison, meaning while I slept well, I missed out on some of the night craziness.  The Saturday of BCMad2, I went to the Dillinger Escape Plan show at The Loft on Washington with some friends.  Crazy show...even crazier than the last time I saw DEP, though that concert in Raleigh was a pretty crazy night, just not as much so during DEP's set.  So, if you're in Madison, Milwaukee, Chicago or the surrounding area, I highly encourage you to attend BarCampMilwaukee3.  I'll be leading a discussion on pairing FOSS with proprietary, not because I like proprietary at all, but because that is the reality of the situation at current.

EDIT: I see that I mentioned the motion computing issue back in August.  Yep, still working on it.  I need a USB CD drive that gets along with motion computing.

There is a simple and easy resolution to this issue.  By using windows built in tools you can force console access to any server running RDP.  Windows provides the utility called mstsc which can be run from a command window with a force parameter.  This will either give you a 3rd connection to the server (console) or give you the option of booting off a user who has been idle or disconnected from the server for an extended period of time.

Bottom line... use this command! :)
mstsc -v:<server name> /F -console

More precisely, rdesktop.org describes the software as:

rdesktop is an open source client for Windows Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop. Supported servers include Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows XP, Windows Vista and Windows NT Server 4.0.

rdesktop currently runs on most UNIX based platforms with the X Window System.

To install rdesktop on SLES 10 SP2: 

• A compiler - I chose to install gcc and gcc-c++ via YaST
• Rdesktop - download from http://sourceforge.net/projects/rdesktop/

–p password provides a password for authentication on the server. To keep others from seeing the password supplied on the command line, use –p – to read the password from stdin.

–g geometry allows you to specify the desktop geometry. This can be given as a resolution, such as 1024x768 or as a percentage of the entire screen, as in 70%.

–r device enables device redirection, allowing you to redirect a device, such as sound from the remote machine to the local one. This feature requires Windows XP or newer.

These computers run a single, very light, application that just writes some data to database on central server. We have a small stockpile of used computers loaded with the application that are just sitting waiting to be swapped out when one of the computers in the shop gives up the ghost. However, it's a pain to load new machines and swap them out when the break.

Enter the HP Compaq t5135:

This is a solid state thin client. It's 7-1/3 inches long and wide, and 2 inches thick. It weighs just 3 pounds. This is a solid state device whose only purpose is to connect to another computer on the network. We are piloting replacing all the full-blow PCs in the shop with these thin clients. They idea is the thin clients will use RDP (Remote Desktop Protocol) to connect to a central computer where they will run the necessary software. This will be seamless to the user. It will still appear to them to be running locally.

Our thought is that with no moving parts (particularly the fan sucking in bad air) that they will last a lot longer. Plus, even if they do go bad, it's literally a matter of unplugging the bad one and plugging a new one it.

We're piloting this in one area to see how it goes. If it works, we'll replace all the shop computers with thin clients. I'll keep you posted.

We just stumbled on a artcile by Brian Madden about those protocols, He focuses in this post specifically on HPs RGS.

Introducing Quest Experience Optimization Pack
Hosted desktop technologies such as VDI, Blade PCs or even presentation virtualization rely on Microsoft’s remote desktop protocol (RDP) to provide access and connectivity. RDP, however, does not deliver a PC-like or even a near PC-like experience. Quest’s EOP embraces and extends RDP and delivers the best user experience for LAN and WAN connectivity. Quest EOP:

• Delivers support for bi-directional audio, enabling organizations to deploy dictation, collaboration and certain VOIP applications.
• Accelerates the delivery of multimedia content such as recorded webcasts and web-based training from remote virtualized desktops and applications.
• Dramatically improves the remoting of graphics including browser and flash acceleration.
• Eliminates the effects of network latency which can cause havoc even for simple applications such as word processing.

The product is available as optional add-on to Provision Networks VAS.

Full release here

inSSIDer - Wireless scanner, replacement to NetStumbler - http://www.metageek.net/products/inssider

RDTabs - Tabbed remote desktop client -  http://www.avianwaves.com/Tech/Tools/RDTabs/

Terminals - Tabbed VNC/RDP/Telnet/SSH client - http://www.codeplex.com/Terminals

Have fun out there!

Today we explore the Remote desktop Protocol (RDP) in the mobility realm of SBS 2003.

cheers...harrybbbb

harry brelsford, smb nation's ceo www.smbnation.com

Microsoft Small Business Specialist (SBSC), MBA< MCSE< MCT< CNE <CLSE <CNP

Did u know I host my big annual conference in early OCtober in Seattle!

###

1) Launch a command prompt

2) Authenticate to the server:
net use /user:administrator \\MyServer\c$

3) Type:
reset session 1 /server:MyServer

Start with session 1 and keep incrementing this number if you receive the message "session ID 1 not found". You will not receive any notification when a session is successfully terminated, but you will receive a message if the session doesn't exist.

Once a session has been freed you can logon to the terminal server as normal and kill any additional sessions through Terminal Services Manager.

Boas vendas em shows ?!? Nem lembro a última vez que vi isso.

Os trabalhos começaram às 23:00h com os conterrâneos do Matanza e suas músicas para beber e brigar. A roda não parava. Aliás muitos foram apenas para assistir o show dos caras. Set emendado com destaque ao coro em “Bom é quando faz mal” e “Estamos todos bêbados”. O grupo abriu o apetite para o que estava por vir.
Nos intervalos aos gritos de “Chuta que é macumba bicho!” a voz misteriosa conclamava a galera aos shows. Pra mim, era o Mozine.

Dead Fish na seqüência. O alto padrão de sempre. A música “O Homem Nú” deu início ao show com mais “interferências” do público. Muita gente subindo no palco, pra se jogar, pra dançar, pra derrubar os microfones ou apenas pra roubar um beijo do Rodrigo ou para ser agarrado pelo mesmo. Em dado momento um fanfarrão – não achei melhor palavra – agarrou um dos seguranças e o jogou pra dentro da roda, a mesma que virou Lado A, lado B e pulou uníssona em “Afasia”. Em meios as habituais provocações futebolísticas o grupo se retirou dando boas-vindas a “Velha escola”. Na seqüência, Mukeka Di Rato, Ratos de Porão e Cólera subiriam ao palco.

Numa festa tudo pode né ? Contando com Nego Léo (Merda) na bateria, o Mukeka Di Rato começou o show meio “aéreo” mas logo foi se achando e mostrando a podreira capixaba com “Escolinha” cantada por boa parte do público que se espancava na área central. Rinha de Magnata e Cachaça foram os pontos altos do show. Seria já um reflexo dos fãs pós-Deckdisc ?

Regada por muita cerveja, entregue em mãos pelo patrão Rafael Ramos ou cuspida pelo Rafael do Ataque Periférico o MDR foi sendo substituído por um Ratos de Porão genérico. Boka entra na bateria, toca ainda algumas músicas dos capixabas e já na seqüência, Sandro passa a batuta para João Gordo que apresenta um RDP formado pelo próprio, Boka e os convidados Mozine e Paulista. Por momentos nem se percebia a ausência de Jão (trabalhando) e Juninho (em turnê pela Europa com o Discarga). O show ia rolando muito bem até que... O repertório acabou! A galera pedia “AIDS, pop, repressão” mas não dava mais. João Gordo disse: “Eu quero tocar mais só que os caras não sabem mais nenhuma!”.

Assim terminou o RDP. Em meio a muitos agradecimentos a banda foi saindo e dando lugar a última e mais antiga banda, Cólera.

Cólera no palco, público em comunhão. Ao contrário dos últimos shows do grupo no Rio de Janeiro o show rola sem brigas ou confusões. O público cantava e dançava sem parar. Isso tudo já por volta das quatro da matina.

Quem não foi perdeu oportunidade única de presenciar a nata do punk/hardcore nacional.

Ouvir reportagem da Antena 1 AQUI

......

"The terminal server has exceeded the maximum number of allowed connections"

This is because Windows only allows two connections in RDP, and you've either got two people already logged on that machine, or you've got disconnected sessions that still thinks they are active. If a user simply closes the remote desktop window when they’re finished, that username will still remain logged on, unless there is a time out configured in Terminal Services Configuration as follows

If the Session time out is not configured, or the logged on users are not available, you wont be able to logon to the machine. To overcome this limitation, follow the steps as below.

open a command prompt or type in the RUN prompt

mstsc /v:[00.00.00.00/SERVERNAME] /f -console

eg: mstsc /v:192.168.1.10 /f -console
      mstsc /v:ADSURF /f -console

You will then be prompted with the login box and proivde the administrator details. Then you will be connected to the Console Session on the server. Now you can reset the disconnected user sessions from Terminal Services Manager. Please note that if you get disconnected from this console session, you have go physically to the machine.

More info on mstsc at Technet

Another workaround:

You can also query the sessions on the remote machine as an administrator of that machine. Open a command prompt as a domian administrator that the remote machine is set to or map a drive of that remote machine.

Then in the command prompt, type as below:

query session /server:servername

Replace servername with the remote machine name or IP address.

Now we have the information of all the users/sessions that are active/disconnected on the remote machine. We can now reset one of the session with the following command.

reset session [ID] /server:servername

Replace [ID] with the number from the prevoius output and servername with the remote machine name or IP address. This will reset the session and now you can login using Remote Desktop connection.

Anem per parts.

El atac man-in-the-middle, com el seu nom indica, es un tipus d'atac en que l'atacant es posa entre la víctima i el servidor. La víctima passa les peticions al servidor, el atacant les intercepta, les modifica i les envia al servidor. Quan aquest respon, les torna a capturar, les modifica i les envia al client, com si res hagués passat.

Quin és el propòsit d'aquesta feinada? Doncs en protocols que van amb text clar, potser no té sentit fer-ho, perquè posem un sniffer, i capturem les dades. Aquest seria el cas del Telnet a un AS/400, un POP3, un FTP, o fins i tot el HTTP.

Però avui en dia els protocols porten una capa d'encriptació per evitar precisament que un simple sniffer pugui mostrar la informació que circula per la xarxa. Aquesta encriptació el que fa es que quan un client vol comunicar-se amb un servidor, utilitzen un protocol d'intercanvi de claus.

Un cop intercanviades les claus, s'encripta tot amb un algorisme de fluxe basat en les claus. Aleshores ningú pot incerceptar res del contingut.

La gràcia del Man-in-the-middle (MITM) és intervenir just en l'intercanvi de claus. Aleshores intercanvia unes claus amb el servidor, i les altres amb el client, i així pot interceptar tot el trànsit, ja que es capaç de desencriptar-ho, ja que les claus les ha posat ell.

Ja se que molts em direu que en una xarxa que té switchs (i no hubs), cada boca de xarxa només mostra el trànsit dirigit a ell mateix, i que es "impossible" capturar el trànsit que va a altres màquines. DONCS NO! Listillos, jejeje. Resulta que hi ha un tipus d'atac conegut com "ARP Poisoning" i també el "DNS Spoofing" que consisteix precisament en saltar-se això.

Repassem els fonaments del TCP/IP. Quan una màquina vol parlar amb una altra i només sap el nom de màquina, necessita saber la IP. Això es consulta en un servidor DNS. Aleshores llancem un paquet contra el DNS dient "Qui té aquest nom?". El problema es que algú estigui interceptant aquest paquet, i ens respongui enlloc del DNS, donant-nos una IP del PC amb el software de Man-in-the-middle.

I preguntareu, com es pot suplantar un DNS ? Doncs fàcil. Resulta que per accedir a un PC necessitem saber la adreça MAC de la tarja Ethernet. I com que només tenim la IP, doncs el PC envia un packet ARP preguntant "Who has IP x.x.x.x?" a TOTA la xarxa. Aleshores, el atacant envia la seva propia MAC en aquest paquet (ARP Poisoning), dient que és ell qui té la IP que necessita. A partir d'aquí, tots els paquets que hagin d'anar a aquella IP s'enviaran a la màquina que ha fet el ARP Poisoning.

En aquest moment, tots els paquets que s'enviin a aquella IP, quedaran interceptats. Si la IP es la del Gateway que ens comunica amb el POP3, o bé la del servidor Web HTTP, o fins i tot la del AS/400 amb el Telnet, doncs ja hem begut oli.

Per tant, no és cap escenari poc probable, o tant teòric que no es pot fer mai, etc. sinó que és un atac ben real i ben fàcil de fer amb algunes eines molt conegudes.

Quins són els protocols més susceptibles de patir un man-in-the-middle?

- Connexió HTTPS amb una CA no reconeguda (la típica CA de Windows per estalviar-nos uns durillos)

- Protocol RDP de Terminal Server de Microsoft

- SSH Mitjançant un versión downgrade

- Qualsevol tipus de protocol de text pla: FTP, Telnet, HTTP, etc.

Quin seria un escenari típic? Estem a un Hotel, ens donen Wifi. Estem a l'aeroport, tenim Wifi. Agafem el Wifi del veí que el té obert. Conectem en una oficina. Estem a casa,  i algú se'ns cola al Wifi. Estem a la oficina, i tenim un becari listillo que ens vol putejar, etc, etc, etc.

1. Ens connectem a la Wifi i obrim la nostra connexió de Terminal Server. A l'habitació del costat tenim algú fent ARP Poisoning del Gateway. De la manera més tonta, ja li hem donat un usuari probablement administrador per entrar a la nostra empresa fins dins de tot.
2. A més, estem consultant el nostre correu via POP3. També té el password del correu, que probablement serà el de Windows, i ja té una altra via d'entrada.
3. A més, fem un HTTPS contra la pàgina del Webmail, la intranet, etc. Ens apareix el missatge de sempre que "no se reconoce el certificado", ja que el nostre jefe no deixa que comprem certificats a una CA coneguda, ja que valen pasta. Aleshores li diem "p'alante", com fem sempre. Aquest gest, que sembla inofensiu, ens pot perjudicar greument. Si a l'accédir al https enlloc de entrar al servidor estem entrant a un PC d'un atacant del MITM via ARP Poisoning, estarem negociant les claus amb ell, i tota la comunicació que fem posteriorment, serà interceptada. Això és un problema, perquè sempre que veiem https ens dóna una sensació de seguretat que es FALSA. Només ens podem fiar dels certificats emesos per una entitat coneguda, i reconeguda. Si no és així, podem ser víctimes d'un MITM.
4. Un altre problema del HTTPS amb una CA no reconeguda és que no es guarden les sessions. En un certificat validat, fem l'intercanvi de claus la primera vegada, i després només cal dir que és la mateixa sessió, que la caché ja sap les claus, i ningú les pot interceptar. En una CA no reconeguda, cada vegada es fa el intercanvi, i per tant, cada vegada podem patir un atac MITM, no cal que sigui només a l'inici de la conversa.
5. Connectem a la nostra màquina SSH. A les opcions de SSH sempre tenim posat com a preferència SSH version 2, ja que com sabem, la versió 1 es vulnerable a atacs de contrasenya. Aleshores, el atacant del man-in-the-middle, ens accepta la connexió, i ens diu que ell només parla SSH1. Automàticament, el nostre client de SSH baixa la versió a SSH1, i ens passa el password, que podrem desencriptar fàcilment.

Què ús sembla ? No es cap escenari de la NASA, no?  Pot passar a qualsevol lloc, sense preveure-ho. I com passa sempre, avui en dia fins i tot hi ha programes que només apretant un botó et fan un atac MITM, no cal ser un super-friki, tocar linux, ni ser un pollòs desaliñao  per fer un atac d'aquests.

Quines són les recomanacions:

- No utilitzar protocols insegurs des d'Internet: POP3, RDP (Terminal Server)

- Res de fer servir servidors HTTPS amb la CA de Windows. Ni per temes interns.

- Fer servir protocols de connexió segurs des de l'exterior, com ICA de Citrix, HTTPS amb CA reconeguda a través de proxys inversos (tipus ISA Server). També connexions VPN amb certificats.

- Posar els serveis accessibles de l'exterior en una DMZ, i que aquestes màquines només facin de passarel·la, que no continguin dades.

- Posar firewalls que siguin UTM (Unified Threat Management), i que a més de inspecció d'estats, disposin de IDS, IPS, Antispam, i Antivíric.

Espero ser una mica aclaridor amb aquest tema, i crec que no cal pensar "això a mi no em pot passar", perquè es un escenari molt comú.

Eduarda Maio escreveu uma apologia laudatória e panegírica socretina. Já me disseram que o livro passa por cima do curso da UNI e dos exames ao domingo. O Jornal das 22 horas da RTP2 perdeu cerca de 15 minutos com a entrevista a Eduarda Maio -- a funcionária da propaganda do governo socretino, através da Antena 1 que é paga por todos os portugueses.

Having recently launched a Windows Virtual Server range to compliment its existing Linux VPS range, followed by the release of Remote Desktop Protocol service allowing access via Terminal Services, Easyspace has now launched a Burstable RAM service on its Linux Packages and an Automated Backup services for both Windows and Linux based servers.

Burstable RAM will allow customers to take advantage of additional RAM resources, particularly handy when installing additional applications or running large scripts, while the Automated Backup service will allow you to roll back to any version of your server from the previous 7 days.

Both add-on services are available to new and existing customers at low monthly cost and both services come with monthly or annual payment options.

"Easyspace are already one of the leading providers of Virtual Private Servers in the UK, but we realise that to keep competitive in the market we have to continually improve our offering." commented Errol Vanderhorst, Sales and Marketing Director for Easyspace.

"I think we've shown in recent months with the launch of Windows VPS and RDP, and now the launch of the Burstable RAM and Automated Backup add-on services, that we are responding to the requirements of the market, and we will continue to do so."

Easyspace Virtual Servers are available in two packages, Standard or Premium, and both can be Windows or Linux based.

Visit Easyspace.com for more information.

VNC:
vnc -connect [host]

REMOTE DESKTOP:
mstsc /v:[host] /console

If you've worked on a network with Windows servers, you've encountered this error message at least 37,000 times:

"The terminal server has exceeded the maximum number of allowed connections. The system can not log you on. The system has reached its licensed logon limit. Please try again later."

This problem happens because Windows only allows two remote terminal services connections when you are in administrative mode, and you've either got two people already on that server, or more likely, you've got a disconnected session that still thinks it is active.

The problem with this error is that you have to actually get on the server console to fix the problem if the server isn't in a domain. (If you are in a domain, then just open Terminal Services Manager and log off or disconnect the sessions)

(keep reading via Command Line Hack for: "Terminal Server Has Exceeded the Maximum Number of Allowed Connections")

A virtual channel application has two parts, a client-side component and a server-side component. The server-side component is an executable program running on the terminal server. The client-side component is a DLL that must be loaded into memory on the client computer when the Terminal Services client program runs.

Virtual channels can add functional enhancements to a Terminal Services client, independent of the RDP protocol. With virtual channel support, new features can be added without having to update the client or server software, or the RDP protocol.

Four major classes of users of virtual channels have been identified:

• General kernel-mode drivers, such as serial or printer drivers.
• File system redirection (this is just a special case of a general kernel-mode driver).
• User mode applications, for example remote cut-and-paste.
• Audio devices.

For more information, see Using Terminal Services Virtual Channels.

If you have enabled a virtual channels application in your Terminal Services deployment, you can make the application available to client computers that access the terminal server by means of the Remote Desktop Microsoft ActiveX control. For more information, see Scriptable Virtual Channels and Using the Remote Desktop ActiveX Control with Virtual Channels.