February 27, 2007

Updated Parallels out of beta!

After an extensive Beta and Release Candidate cycle, the new release version of Parallels has now been finalized. This upgrade to the previous release of Parallels brings the following feature updates:

For those running Parallels RC3 (build 3170) won't see much difference. Those still running the old Parallels public release (build 1970) will see amazing enhancements. As always, make sure you back up your full Parallels disk image, and your Mac just to be safe, before you upgrade.

Download release 3186 here

Posted by Kevin Railsback at 10:14 AM | Comments (0) | TrackBack

February 12, 2007

Parallels Users, Beware of Windows Exploits impacting OS X

It sounds obvious that Parallels users who run Windows need to keep on top of Windows security and patches. However, a recent addition to the Parallels Beta, called Global Sharing, can open up OS X itself to possible attacks from the Windows side.

The basic issue is that this Global Sharing option, which allows easy drag-and-drop app launching between OS X and Windows, is given carte blanche access to your Mac hard drive. Worse yet, this option is enabled by default, at least in beta build 3150 which I am currently running. Users upgrading from a previous version, to get awesome features like Coherence Mode, booting from Boot Camp partitions, and full USB support, may be vulnerable without even realizing this feature was slipped in.

The basic problem boils down to privilege separation. Parallels runs with the full rights of your OS X user, so in theory an attack could be developed and spread via Windows vulnerabilities that could then drop malicious code into OS X. It could also delete files or alter security and other settings.

Allowing Windows, known to be so insecure, to have this sort of access rights to the host operating system is a major misstep by the Parallels team. So if you run Parallels betas, please make sure you disable this feature (Edit -> Virtual Machine -> Shared Folders then uncheck the "Enable global sharing for drag-and-drop" checkbox and save. You'll need to shut down the virtual machine to have access to change this setting.

Posted by Kevin Railsback at 11:28 AM | Comments (0) | TrackBack

October 31, 2006

Stupid IT Tricks: Myspace.com

Managing your company's public DNS is serious business - a small typo or mistake can have serious consequences to your website, email, and other services.

For example, someone made what can only be assumed as a clueless mistake when updating their DNS - they added 127.0.0.1 to their records for the myspace.com. For those with weak network-fu, that is a special address which is only used for 'localhost' (your own computer). Since they had 5 hosts listed total, one out of five requests for their domain were going nowhere while this problem existed.


$ host -vv myspace.com
Trying "myspace.com"
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 24145
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;myspace.com. IN A

;; ANSWER SECTION:
myspace.com. 68350 IN A 216.178.32.51
myspace.com. 68350 IN A 216.178.32.50
myspace.com. 68350 IN A 216.178.32.49
myspace.com. 68350 IN A 216.178.32.48
myspace.com. 68350 IN A 127.0.0.1

Received 109 bytes from 208.67.222.222#53 in 9 ms


I'm not sure why they're still using round-robin DNS load balancing for their site with good ServerIron, Cisco, and F5 load balancers doing a much better job overall. We moved InfoWorld.com away from RRDNS years ago.

Fortunately either someone at MySpace noticed the issue quickly, or they saw the post at OpenDNS.com or on Digg and remedied the issue. But having such high TTLs in their DNS settings I'm sure the problem took a while to finally clear up completely.

Posted by Kevin Railsback at 08:29 AM | Comments (0) | TrackBack

March 11, 2005

BSOD recovery, iPod style

At InfoWorld, we've been using Apple's Disk Utility and Carbon Copy Cloner from Bombich Software to do system imaging and restores on our G5s and PowerBooks for some time now. Macs can boot from any attached drive, or even boot up and act as a FireWire drive for whatever machine you connect it to. This makes troubleshooting and system recovery a much easier process.

However, our methods of system recovery on our ThinkPads has been much less elegant. A combination of system restore CDs and online backups are used to get a system back up and running. The options for booting your Windows PC up in an emergency fix mode has been pretty limited. Safe Mode doesn't really do much.

Recently when I was fixing a crashed PC I used Knoppix Linux to get in and copy vital data from the system before starting to try to fix the system. Knoppix is a bootable Live CD which gives you a full Linux environment (including the ability to mount NTFS drives).

Amit Singh posted recently about his team at IBM Research developing some very cool software that allows for the booting of your PC from external devices, similar to the built-in functionality of Apple systems. The PC boots up a customized rescue Linux OS, similar to Knoppix, but also includes a number of business-related enhancements.

Travelling employees can keep one of these recovery images on their iPod or a USB drive, and in a pinch can boot the system up and have full Web, email, etc access until their system can be repaired.

For the IT folks, this provides a quick and easy way to boot up a PC and recover data, or fix a virus infection, without having to have Windows operational on the PC.

Besides... who could complain about a valid reason for buying iPods for your IT staff? =)

"Blue Screen of Death" Rescues With Personal Devices

TechWorld

Webcast demo (recovery demo is about 25 minutes in)

Posted by Kevin Railsback at 11:07 AM | Comments (0) | TrackBack