As I have mentioned in the past, I have moved from Spurl to SiteBar for my bookmark management. I host SiteBar on my own server. Generally, I am very happy with it.

I have quite a hierarchical tree of my links in SiteBar. However, one piece of functionality that I missed a lot in SiteBar compared to Spurl, was the ability to see and click on URLs that I recently visited, or recently added, or that I visit the most often. I had this on my TODO list for eons.

At the same time, after my move to Kaspersky Lab, I wanted to check how easy it is to work with PHP compared to Perl. At the same time, having the abovementioned functionality became very important as well. So I thought: why not combine the two together, and add missing functionality to SiteBar, while exploring PHP a bit further for work purposes?

So here you go: the result of around 1 hour of poking around SiteBar and PHP. Here is how to use it:

1. Replace your “/var/www/your-site/sitebar/inc/tree.inc.php with the downloaded from here (of course, it’d make sense to backup your old one, just in case)
2. In your SiteBar, go to “Maintain Trees”, then create the following 5 trees (or less, if you don’t need all the functionality; the names and case are important):
   1. “Recently Added” – for recently added URLs
   2. “Recently Visited” – for recently visited URLs
   3. “Most Visited” – for most visited URLs
   4. “Dead” – for dead links
   5. “Unverified” – for those links that haven’t been checked
3. After you do that, every folder of those is going to display top 30 relevant links in your whole collection

So hopefully someone else also finds it useful. Have fun!

P.S. By the way, yes, my opinion is that PHP is as easy as Perl, and implies a more structured approach and, therefore, a tiny bit easier to read.

Because of what I do, I have to deal with media quite often. Usually, we have an excellent relationship: I help the journalists dig out the facts, figures, research and opinions for their articles, they help me by promoting good security practices with their target audience, and by mentioning my company, which, I believe, does an excellent job in stopping modern threats. This has lead to a number of good quotes in well-known media like Times, Daily Mail, Independent, Guardian, BBC News, Washington Post, PC World, VNUNet, ComputerWorld, ZDNet, Wired and many others. It has also lead to BBC3 and TV5 videos, some podcasts, etc. The bottom line is that generally, it is a pleasure working with journalists together, finding new angles to look at the work I, my team and my company do every day. I had my good share of good, well-formed and correct quotes.

But statistically, it should level out somehow, right? As the majority, if not all, of previous quotes were positive, with good messages, it was only a matter of time before misquoting or taking a quote out of context were to happen. I was not amazed, but rather quite disappointed that it happened with Metro today.

Apparently, I appear in a piece where online cyber-criminals are depicted as almost heros and the security industry – as a bunch of know-nothings. I feel that not only my words were taken out of context and altered beyond recognition in a way which puts a whole different meaning to them, but also that the Metro target audience (which would be your normal usual people taking buses or underground to work and back, possibly knowing little about computer security) was let down and misled by this “article”.

It just happens that some journalists find it amusing to either intentionally or unintentionally misquote people they interview, hunting for yet another sensation, putting a spin on words, and fighting for the front pages. Those journalists are quite different from the people I normally work with – people who are after long-term relationships and after maintaining journalism (the second oldest profession, mind you) as a respectful job. Although we are trained to deal with tricky situations during interviews and we normally have safeguards against them, sometimes sh*t happens. I’m just sad that it happened in such a way that reached such a large audience.

I’m not alone in having been misquoted both in secuirty field and outside. In fact, I don’t know a single public speaker that hasn’t experienced that.

Fortunately, all of the people that matter the most to me – my friends, my colleagues in the company and outside, my family – simply did not see me in those quotes. A lot of them came back to me saying “I am absolutely confident that what is printed is not what you said”.

Then again, quoting Brendan Behan: “There is no such thing as bad publicity except your own obituary”.

My wife is playing with setting up her own website. She by far is not an experienced user and is just learning how to run it. She is a psychologist, who is eager to improve her visibility and was going to use her own website as a part of that attempt. On the other hand, she wants to do it all by herself – so I keep myself away from daily running of her website.

I initially set up a website for her, using an excellent CMS or framework, called Joomla. Excellent system, and it is, perhaps, the easiest to use. From there on, she wants to manage it herself.

Guess what? There apparently are some d**kh**ds (and that’s who they are), who took pride in defacing her website, while I was flying back from a conference and could not help her identify and rectify the problem. Not even manual defacement – they are nothing more but some idiotic brainless script kiddies, who just used a kit to deface it. Very simple: apparently, in the version of Joomla she was using, it is possible to reset Admin password without authorisation – simple SQL injection. On the other hand, my better half was uploading templates to play with the design and, therefore, the /templates/ directory remained writable. Those dickheads felt proud to upload a remote shell script called r57shell.php from a russian “security” website, into a writable /templates/ directory, and try to run some rubbish. They even tried defacing my website.

They didn’t succeed in doing a lot – just replaced a front page. I guess, that is because their tiny brains are not suited for anything else. They had some sort of a grudge against clever people. Here is how they found my wife’s site:

78.167.171.187 – - [09/Oct/2008:14:48:54 +0100] “GET /index.php?option=com_user&view=remind HTTP/1.1″ 200 6029 “http://www.google.com.tr/search?hl=tr&q=intitle%3Adoctor++inurl%3Acom_user&btnG=Ara&meta=” “Opera/9.50 (Windows NT 5.1; U; tr)” 

So here is some information about the dickheads – internet community needs to know their heros.

1. They belong to a group called Vezir.04 – it is a group of 4 kids, from Middle East – Turkey, Egypt and Albania
2. Their website http://www.turk-h.org listed my wife’s website as “defaced for political reasons”. Ha.
3. Two of their nicknames are Neg4tif and CrazyHacker16 – you can tell how old they are just from the nicknames 
4. The IP addresses they used: 41.235.3.33, 78.167.171.187, 88.250.36.197 and 85.103.76.43
5. The person checking their work: 78.168.65.3

Moral? Some would say “set up automatic updates”. Yes, that would work in this case – but there is a reason why I don’t normally do that. Believe me when I say that automatic updates do not often improve the security, and sometimes reduce it. I will write about it later.

P.S. Legal authorities are notified, together with all the logs being passed to them.

Just to be clear, my previous post “Spurl on Vista 64-bit” is applicable to any bookmarklets/explorer bars, not only Spurl. For example, I recently moved from Spurl to SiteBar hosted on my own server, and I had the sample problem as with Spurl. Applying the trick sorts out the problem.

I use PuTTY for Windows a lot. It is an excellent SSH, Telnet, etc, etc, terminal program.

On the other hand, I am very impatient user. I honestly believe that the users should never wait for computers, and that the letters should appear on the screen a microsecond before the user types them. This means that I hate moving my hands away from the keyboard to mouse to use a GUI interface, when the majority of work is actually typing text or code on the keyboard. This defines a lot of choices I make when selecting software on my computer.

Bundled together, I really do not appreciate opening PuTTY GUI interface just to double-click on some PuTTY profile and then move the hand back on the keyboard. A much faster way of doing this for me is to press “Win-R”, type in something along the lines of “ssh://myhost.com” and never move away from the keyboard. After a couple of Google searches, I know I am not alone in that. At least one of my colleagues prefers to do it this way as well. Speeds things up a lot, believe me.

The problem is that PuTTY does not support it. It supports telnet://192.168.0.1, but NOT ssh://192.168.0.1. Apparently, this is because PuTTY developers believe that the URL convention for SSH protocol hasn’t been approved yet and, therefore, PuTTY won’t support it. Some people even developed special tool – UrlConf – in particular, to be able to set up PuTTY as a default ssh:// handler. Some others use Windows batch files to parse command line passed to PuTTY and run it.

Both solutions are somewhat funny – they invoke a proxy application just to invoke PuTTY. As PuTTY is Open source distributed under MIT license, why don’t I update its source code to do what I need?

So here it is, PuTTY that can handle not only ssh:// protocol to the same extent it could handle telnet:// protocol, but also handles a special putty:// protocol.

CONTENT:

1. putty.exe – compiled putty.exe with the additional features
2. putty.reg – Windows Registry file to register putty.exe to handle telnet, ssh and putty protocols
3. unputty.reg – Windows Registry file to unregister putty.exe from the system
4. window.c – the only file that had to change to implement extra functionality – for your reference only, you don’t need to do anything about it
5. diff.txt – the diff file for window.c file – for your reference only, you don’t need to do anything about it
6. readme.txt – the file with information about this package

INSTALLATION:

1. Put putty.exe into the directory where your current putty.exe resides
2. Edit putty.reg to replace path to putty.exe with your path
3. Merge putty.reg with your registry (usually, by double-clicking)
4. Enjoy!

UNINSTALLATION:

1. Run unputty.reg
2. Enjoy!

CHANGELOG:

[*] Based off the source code for the latest Windows development version as of 14/09/2008

[+] Handles ssh:// protocol to the same extent as it handles telnet:// protocol. Namely, if you type something like “ssh://192.168.0.1″, and 192.168.0.1 runs SSH server, PuTTY would attempt to connect

[+] Handles putty:// protocol. This is a special protocol and, if invoked as “putty://profile-name”, would be equivalent to “putty.exe -load profile-name”. In other words, if you have profile-name defined in PuTTY, then typing “putty://profile-name” in Run menu or in browser, would invoke PuTTY, load profile-name and attempt to connect using its settings. If the profile contains spaces in it, please, put it in quotes: “putty://”profile name”"

Download the zip file here: putty_ssh

Have fun, folks!

I am sometimes too attentive to details. Although I am very aware of it (unlike Monica from Friends), I can sometimes be caught up in an act of cleaning and making things generally tidier/better/more organized.

Like today. I decided that my digital photos were not organized properly. So I just had to move them from drive X: (which is my large, slow, reliable backup and junk drive), to drive D: (which is my super-fast, RAID0 300Gb total WD Raptors 10k). At the same time, I use Adobe Photoshop Elements 6 to manage my photo collection (btw, definitely recommended – provided that you know its character). This means that in addition to just moving the files, one needs to make sure that the Photoshop Elements catalog is up-to-date.

There are several ways to make sure that the catalog is up-to-date.

1. Use “Reconnect Files” menu option in Elements. All good and wonderful, but one needs to be very careful about what links to accept and what not to – especially, in large collections. I’ve had cases where the reconnection completely messed up the catalog by connecting to irrelevant files
2. The way Adobe proposes to move files between locations preserving their directory structure is “Backup/Restore”. Sounds reasonable?
3. Adobe’s *.pesg files (the files that are Photoshop Elements catalogs) are nothing more but SQLite databases with quite clear schema. So using one of the available tools for editing SQLite databases, one can update the catalogs after manually moving files. Sounds like a bit of work though…

Being lazy and having trust in Adobe, I took option (2). There were no issues with backup. Then I wanted the files that were backed-up from X:\Pictures to be restored into D:\Users\Maksym\Pictures preserving my nice, clear and easy-to-navigate directory structure. This meant specifying D:\Users\Maksym as a destination directory for restore. So I restored the files just to see that the catalog files, together with some junk files, were restored directly into D:\Users\Maksym. Not good – they were not supposed to be there! So I thought I missed some option and decided to repeat the restore. But before repeating it, I decided to delete the just-restored catalog. I went into File->Catalogs, selected Maksym as a catalog, and pressed Remove. What would a thinking person expect to happen? I expected the catalog files together with the files it refers, to be deleted.

Do you know what Photoshop Elements has done? No? Wait for it: IT DELETED THE WHOLE OF D:\Users\Maksym, with ALL of my Documents, Downloads, Music, Pictures, Video vanishing from the hard drive!!!

A normal reaction to this situation is PANIC. I only calmed down a little, when I realized that I have Windows built-in backup working like a dream on a nightly basis, and in addition, BackupPC running on my Ubuntu Server box does another backup of the same box to a different location. I managed to restore the majority of the files, other than 1 days worth.

The bottom line is: because of a Backup running in a scheduled mode, I only lost around $10 in my online music downloads, and some work I did in the morning around planning financial strategy for my investment portfolio and around tracking my personal finance. Not a huge price, it could have been much worse.

THANK YOU, BACKUPS!

P.S. An easy solution was to manually move catalog files to the desired location after the Restore process in Adobe Photoshop Elements completes, and delete some rubbish files that shouldn’t have been there in the first place. I did exactly this, and now my computer is running perfectly, with its Pictures folder where I want it.

It might be time to explain what Skeptic Catch and Virus Stats links on this website are all about.

As many of you would know, and as my Resume says, I work for MessageLabs. A large part of my responsibilities includes looking afte Anti-Virus (Anti-Malware, to be more precise) and, to some extent, Anti-Spam services. A part of that, in turn, includes articulating the value of MessageLabs service and coming up with some eye-catchers.

Sometimes, it just happens that creating some Proof Of Concepts is easier on my own home box. This is what Skeptic Catch and Virus Stats are.

• Skeptic Catch shows in percentages how much malware, phishing and links (and different combinations thereafter) MessageLabs services stop using different subcomponents. It shows where our own heuristics scanner Skeptic adds value and how much it actually stops in addition to other more traditional vendor scanners
• Virus Stats is my attempt to toy with Ajax. It uses Google Maps to show where different malware and simply suspicious items are coming from. In essence, in the current threat landscape, it is a map of bots scattered around the world. Of course, the locations of those are only as good as the IP-to-GeoLocation database is. My GeoIP database is somewhat outdated, but it is good enough for a Proof Of Concept

So there you go – enjoy!

Recently I purchased a new computer to replace my main Windows box at home. It is brilliant – Quad Core, 4Gb of memory, 300 Gb of RAID0 on 10k Raptors, NVIDIA SLI. Naturally, this hardware required Windows Vista 64-bit - if for nothing else, then to use the full 4Gb of memory. There were loads of issues I discovered when trying to set it up. Here is one of them.

 I have a number of other computers. My main Windows desktop serves as a “print server” – i.e., it shares a printer to the rest of the network. It is HP LaserJet 1020. And that’s where the problem comes from. You see, it prints fine from the computer which it is connected to. But remote jobs do not print unless you stop and start the Print Spooler service again. After a fair bit of research, I found out that essentially, doing these three things solves the problem:

1.  Disable bidirectional support for your printer in its properties:
2. In your Group Policy Object Editor, in “Local Computer Policy\Computer Configuration\Administrative Templates\Printers” enable “Allow Print Spooler to accept client connections” (yes, I know it is not easy to find Group Policy Object Editor – see below how to do so):
3. In your Group Policy Object Editor, in “Local Computer Policy\User Configuration\Administrative Templates\Control Panel\Printers” disable “Point and Print Restrictions”:

This solution seems to work fine and enables the network computers to use shared printers on Windows Vista 64-bit… Although there is still a glitch: because you disabled “Bidirectional Support”, that means that the printer cannot communicate back its response to the computer. The result is that if you need to print on a special type of paper (i.e., envelopes or mail labels), your printer cannot request the spooler to show a dialog to display “please, insert special paper” message. Enabling back bidirectional support solves this issue – but then the other computers on the network cannot print. I do not know any solutions to this problem. If you know of any – welcome to comments!

Now, here is how to get to Group Policy Object Editor:

1. Start mmc.exe from your Run prompt
2. Press Ctrl-M; you should now see a dialog to choose which snap-ins you want to use:
3. If you double-click it and accept default settings, that’s it – your GPO Editor is up and running.

I do hope this helps those who struggle with their printers on Vista sort out printing problems.

For those of you who, like myself, like online bookmark site Spurl, and could not get the Explorer Bar to show on Widndows Vista 64-bit, here is a simple way to do so:

1. Check which Internet Explorer you are running. I did so by looking at Windows Task Manager and looking for ieuser.exe and iexplore.exe processes. In my case, they had “*32″ marks next to it to indicate that it is 32-bit processes:
2. Open a 32-bit RegEdit by typing “c:\windows\SysWOW64\regedit.exe
3. In that editor, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories:
   
4. Delete keys named {00021493-0000-0000-C000-000000000046} and {00021494-0000-0000-C000-000000000046}

This will force IE to rebuild its cache of Explorer Bars to load and, in my case, made Spurl show up nicely as a sidebar in IE.

I finally managed to improve the appearence of my front page. Yes, good old WordPress, nothing new. Amazingly, it was pretty easy to set up. One of the plugins I found when setting all of this up, is called LinkedIn hResume by Brad Touesnard. It is simple and powerful. All it does is it pulls your CV from LinkedIn and fits it into your WordPress site. Anyhow, the plugin could not cope with some of the newer features of LinkedIn, so I took the liberty of updating it a bit. Here it is: Updated LinkedIn hResume WordPress plugin