CPU Stress Download

Cpu stress download link



NLA with User Login, Solution with RD webaccess console

The thought behind NLA (Network level authentication) is don’t let users that are not authenticated to the logon screen. Those unauthenticated users could conduct a DOS attack just by consuming resources this way. When you check the box “User must change password at next logon” you are basically saying that the users have to change their password before they can login, you already know that upon doing so locally a dialog pops up prompting you to change your password and you cannot login until you do so. Because NLA Requires you to be completely authenticated before even attempting to actually open remote desktop, this would have to be where the problem is. That is the reason it is not allowing user’s that has to change the password while first login or the users having password expired to get even login screen.

However, there is something for password expired users, who can change it through RD webaccess console, but unfortunately nothing for Users with change password at first login.

Solution for users that has password expired through RD web access:

GNU Bourne-Again Shell (Bash) Vulnerability – Bash Bug

images Bash bug — In the beginning it was the command line, like text message conversation to avoid GUI. Commands were used to create file, move file and delete files. Then came bash with multiple instructions transmitted in the quote (”). Bash serves as a command orchestra. In programming we declare variables, like X = ‘This is a vulnerability patch’, and later we recall that by echo $X ~ special string of character – This is the bug, everything inside this quotes are treated as text, and never considered as command.

But in bash if you type X = ‘() {:;}; rm -rf /’  it trip’s up and start to act like command line instruction instead. Different programs talk to each other using this bash, instead of writing numerous command again and again, they uses bash to communicate. Rather than trying to rewrite code, applications can call smaller programs and uses bash because it is trusted to be safe. RISKS The input from the world, anything from random user, if they have been maliciously crafted to include that special string of characters. Anyone with such types of skills can run dangerous commands to your web server, which is known as remote code execution. Random users can crash the service, or probably do much damage exploiting bash. The vulnerability potentially allows a remote attacker to run malware, or malicious code, on affected systems. Given the broad use of the Bash software tool, the vulnerability may be present in financial institutions’, customers’, and third-party service providers’ systems. Attackers could use the vulnerability to access and take control of systems, leading to a range of operational risks. These risks may include the loss of confidentiality, integrity, and availability of sensitive customer information and confidential business data. Additionally, such access could facilitate data destruction, disruption of operations, and fraud. And the really bad news is that this bug is sitting unnoticed for about 25 years, there is hell lot of patching to do. Lesson for end users: To make sure the devices are upto date with patches and security fixes. Servers that are required to be patched: Anything that runs bash, since bash is for Unix, Linux and Mac OS flavored operating systems, windows isn’t included for this.

How to check whether patch is applicable in Unix flavored machines: This is the command to check whether the bash version is vulnerable: env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” If the output of the above command looks as follows: vulnerable this is a test Then you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to: $ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test Patches can be downloaded from the repository.

Reference: http://www.ffiec.gov/press/PDF/FFIEC_JointStatement_BASH_Shellshock_Vulnerability.pdf “Bourne-Again Shell (Bash) Remote Code Execution Vulnerability” (CVE-2014-6271 and CVE-2014-7169) http://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability FFIEC Information Technology Examination Handbook, “Development and Acquisition” http://ithandbook.ffiec.gov/it-booklets/development-and-acquisition.aspx FFIEC Information Technology Examination Handbook, “Information Security” http://ithandbook.ffiec.gov/it-booklets/information-security.aspx FFIEC Information Technology Examination Handbook, “Operations” http://ithandbook.ffiec.gov/it-booklets/operations.aspx https://www.fdic.gov/news/news/financial/2014/fil14049.html

How Parents dominate in building perceptions

This is human nature that the truth is always argued and lie is accepted with more certainty. We believe how we have been taught to believe. I don’t know how? but family and parents play a vital role in this. It is most likely that you share some of your parents belief and consider them as universal truth. Such as – don’t see welding (acetylene) sparks with naked eye you would get blind, however, it’s a distinctly unhealthy for your eyes, and parents are true. Many would argue that education is the major issue for this but in many circumstances emotions come first before education, and parents mostly try to mold their off-springs in the way they want and possibly in the way their parents wanted. Parents mostly use the worst case scenario to explain certain things so that you take the explanation and consider it on a serious note. This really impacts the fresh brain and it is hard to change unless you really realize its ambivalent characteristics.