My buddy Marisol just sent me this fairly humorous video of this dude dancing while being secretly taped by his roomate.

Check it:

Dancing Whiteboy

Well, as many of you know, I’m highly enthused about the upcoming release of OS X Tiger. Apple has a page up that describes all the new features in Tiger, but I decided to put together a seperate list of those that are of particular interest to me. Check it:

Address Book

Auto-Update LDAP Cards Keep your server-based Address Book contacts synchronized with an LDAP based directory — perfect for mobile professionals.

Certificate Support View certificate information in your Address Book for contacts who provide public keys.

Contact Import File Formats Import contacts into Address Book in a variety of formats, including tab-delimited and comma-separated text.

Dashboard Widget Enjoy instant access to any contact in your Address Book directly from Dashboard.

Envelope Printing Print custom labels and envelopes from your Address Book.

Pocket Address Book Printing Print a handy pocket address book to take with you anywhere.

Sharing Share your Address Book with any .Mac user — ideal for family members or assistants.

Smart Groups Create address book groups that update automatically based on rules you set up, such as upcoming birthdays.

Spotlight Contact Find everything related to a contact in your Address Book with a single click — email exchanges, iCal appointments, files attachments or anything else.

Applescript

Secure Display Dialog Use secure input for display dialogs to ensure privacy.

Aqua

Dashboard Access mini-applications called Widgets with just the touch of a key — everything from a calculator and stock tracker to weather report and address book.

Dictionary Widget Find definitions by typing all or part of a word, and use the built-in thesaurus to find synonyms, antonyms and more — no Internet connection required.

Dictionary Application Look up troublesome words in a new dictionary and thesaurus system application based on The New Oxford American Dictionary.

Improved RAID Use disk utility for software RAID, now including mirrored, striped, concatenated, auto mirror rebuild and block size settings

Save as HTML Save TextEdit documents as HTML for use in websites and take advantage of support for strict compliance and style sheet formatting.

Smooth Scrolling Enjoy more elegant scrolling when navigating long documents, web sites or email messages using a keyboard or mouse scroll wheel.

Spotlight in Open / Save Panels Use the powerful new Spotlight to search for documents and folders directly from the open and save panels.

Spotlight Service Put the Spotlight on any selected text in any Mac OS X application — from Microsoft Word to Mail and more.

Spotlight Support for Network Homes Perform a Spotlight search on network-based Home directories in addition to searching local hard drives.

Spotlight Window Hot Key Bring up the Spotlight search field at any time with a dedicated keyboard shortcut that you can customize.

Table Support Create and save tables in rich text format documents, and import Microsoft Word documents that preserve table formatting.

Translation Widget Translate words and phrases instantly between 11 different languages right from your Dashboard.

Weather Widget View the current weather conditions for cities around the world with beautifully rendered images — and view a six-day forecast.

Word XML Format Import Word documents saved in XML format into TextEdit.

Developer

GCC 4.0 Take advantage of the latest version of the GCC compiler, featuring support for 64-bit code generation.

Finder

Burnable Folders Burn a CD or data DVD directly from the Finder by quickly creating a “burn folder” where you can drag and drop the files you want to save.

Smart Folders Take the results of a Spotlight search and save it as a Smart Folder that automatically updates as you add or remove documents from your Mac.

Spotlight Find Search all of your documents, images, emails and applications and view the results literally as fast as you can type in search words.

Spotlight Results Group View View search results as a traditional list, icon view or a completely new group view that clusters found items based on type.

Graphics and Media

Core Image Unlock the performance of today’s powerful graphics hardware and enjoy ultra-fast, pixel-accurate image processing.

Automatic Font Smoothing Automatically get the best technique for smoothing type on-screen based on your display, whether a CRT or flat panel monitor.

Automatic Projector Mirroring Automatically mirror your presentations on both your Mac and an external projector.

PDF Encryption Quickly create encrypted PDF documents using Automator and the “Print to PDF” function.

iCal

Birthday Calendar Always know the birthdays of everyone in your Address Book with this automatic calendar in iCal.

Calendar Groups Organize calendars in groups for easy viewing and managing.

Calendar Printing Enjoy more sophisticated printing and layout options for your iCal calendars.

Image Capture

Wireless Image Capture Wirelessly import images from camera-equipped cellphones via Bluetooth or next-generation digital cameras via WiFi.

Mail

iCal Invitations in Mail Review and accept event invitations from iCal much more easily in an interactive Mail message.

Mail and iPhoto Integration Add photos that you receive in email directly to iPhoto with a single click.

Mail Connection Doctor Diagnose and fix networking issues directly from Mail with this powerful troubleshooting tool.

New Mail User Interface Enjoy a more attractive layout for mailboxes, searches, and more.

NTLM v2 Authentication Enjoy greater compatibility with a wide range of Microsoft Exchange email server configurations.

Photo Controls in Mail Resize photos before they are sent — Mail can tell you when a picture is too large for your ISP.

Slideshow in Mail View an elegant full-screen slide show of pictures that have been attached to an email with a single click.

Smart Mailboxes Organize your email to match the way you work using Smart Mailboxes that automatically fill themselves with email based on your criteria.

Spell Check Options Set Mail to spell check your email before it is sent, as you type or never.

Spotlight Search in Mail Search across even the largest mailbox or multiple mailboxes with pinpoint accuracy using the power of Spotlight.

.Mac Sync for Mail Accounts and Rules Keep your mail settings fully in sync between different Macs using your .Mac account.

Networking

Dynamic DNS Support Get support for the Dynamic DNS protocol with BIND.

Network Diagnostics Take advantage of the new network diagnostic tool that can help track down and resolve networking problems.

NTLMv2 Authentication for SMB Enjoy even greater compatibility with Windows File Servers through support for NTLMv2 authentication.

VPN On Demand Automatically establish a VPN connection when a firewall protected service is used for specific domains.

VPN Settings Enjoy new VPN options: stay connected to a VPN server when switching user accounts or logging out, and direct all network traffic through the VPN connection.

Xgrid Take advantage of the power of distributed computing with Xgrid, Apple’s easy-to-use tool that turns a group of Macs into a supercomputer.

AirPort Preferred Networks Specify and rank multiple specific AirPort networks in the networking setup of System Preferences.

Kerberos VPN Support Enjoy Kerberos-based authentication for single sign-on to a VPN network

Preview

PDF Forms Fill out and print PDF forms from Preview.

Preview Grab Capture screen shots and more from Preview using features previously available in the Grab application.

Security

Kerberos VPN Support Enjoy Kerberos-based authentication for single sign-on to a VPN network.

Certificate Assistant Easily request, issue and manage certificates for small workgroups with this utility that blends many functions of a commercial Certificate Authority at none of the cost.

Firewall Log Keep a log of all firewall activity, such as blocked sources, blocked destinations and blocked attempts.

Firewall Stealth Mode Enjoy even greater security from hackers by ensuring that any uninvited traffic receives no response — not even an acknowledgment that your computer exists.

Safe Downloads Receive an approval alert message when the system or an application attempts to download files whose type or source is not trustworthy.

Secure Virtual Memory Improve the security of your important information by ensuring that transitory data stored in virtual memory remains private.

Smart Card Authentication Use a Smart Card to authenticate to your system or Keychain.

.Mac Keychain Sync Keep your keychain fully in sync across your different Macs using your .Mac account.

Address Book Support for Certificates View certificate information in your Address Book for any contacts that provide their public key.

Keychain Import/Export Easily import and export certificates to and from your Keychain.

Password Helper Use the Password Helper panel to pick a secure password.

Forgot Password Conveniently reset the password for any user directly from the login window if you have set a master password for the system.

Keychain Access Easily organize Keychain items with the new iTunes-style user interface, which also features a search field to easily locate a specific password or other item.

System

Burn Disk Images for Other File Systems Burn CD and DVD disk images for any supported file system.

Integrated Sync Services Get more from the improved Sync: faster performance, a simpler interface, and an extensible architecture that lets other developers tap into the Sync engine.

System Preferences

New .Mac System Preference Manage all the options for your .Mac account, including synchronization, from the improved system preference panel.

Spotlight Preferences Completely control what Spotlight searches and how results are displayed.

Target Disk Mode Make your Mac appear to be a hard drive on another system with just one click by using the Target Disk Mode option in the Startup Disk Preference panel.

Searchable System Preferences Find any system setting simply by typing its name — or a synonym, or even a PC-only term — into the search field.

Unix

Spotlight Command Line Tools Access Spotlight from a UNIX command line using mdls or mdfind.

Access Control Lists (ACL) Go beyond the limitations of traditional UNIX file permissions and enjoy greater flexibility over assigning access permissions to files, folders and network services.

HFS+ CLI file commands Use command line file commands on HFS+ items with proper results — utilities such as cp, mv, tar, rsync now use the same standard APIs as Spotlight and access control lists to handle resource forks.

Korn Shell More easily run scripts written for Sun Solaris or similar systems now that AT&T’s ksh is now bundled with Mac OS X.

Windows

SMB Symlink Support Get support for UNIX-style symlinks on Windows SMB Shared Servers.

Prediction 1: You will soon be tired of hearing me rave about OS X Tiger. Prediction 2: I will continue raving about OS X Tiger.

Tiger’s New Features.

CNN’s running an article about two guys from MIT who wrote a program that assembles random bits of academic-speak into a pseudo-paper. In other words, they randomly generate trash that so closely resembles the trash actually put out by academics that they stand a good chance of being accepted by said community. We’ve all seen these papers — they’re full of lofty, obfuscated language designed to do but one thing — convince the reader that the author is smart. It’s my personal view that these people are little more than highly educated oxygen thieves.

Anyway, here are a few choice quotes from the CNN piece:

The trio submitted two of the randomly assembled papers to the World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI), scheduled to be held July 10-13 in Orlando, Florida. To their surprise, one of the papers — “Rooter: A Methodology for the Typical Unification of Access Points and Redundancy” — was accepted for presentation. The prank recalled a 1996 hoax in which New York University physicist Alan Sokal succeeded in getting an entire paper with a mix of truths, falsehoods, non sequiturs and otherwise meaningless mumbo-jumbo published in the quarterly journal Social Text, published by Duke University Press. Stribling said he and his colleagues only learned about the Social Text affair after submitting their paper. “Rooter” features such mind-bending gems as: “the model for our heuristic consists of four independent components: simulated annealing, active networks, flexible modalities, and the study of reinforcement learning” and “We implemented our scatter/gather I/O server in Simula-67, augmented with opportunistically pipelined extensions.”

Wow, that’s rich.

The latest version of OS X (Tiger) arrives on April 29th. I cannot express to you how sick this OS X is, and Tiger looks to be at least as much of a jump as previous iterations.

Of particular interest to me are the enhancements to Mail.app, and the new Spotlight feature. Of course there’s also Dashboard as well, but I anticipate this being more of an eye-candy feature that I rarely use.

Apart from these highly tangible feature additions, I am actually most excited about the general improvements that come with each new release, e.g. speed enhancements, GUI tweaks, etc. It’s this behind-the-scenes stuff that I usually appreciate most, and I can’t wait to sample the “feel” of this new version.

At any rate, if you haven’t yet been introduced to OS X I highly suggest you take a look at what it has to offer. As always, drop me an email if you have any questions.

Code Snippets is an absolutely awesome site for anyone interested in programming. Not only does it have a bunch of code snippets (it’d be kind of strange if it didn’t), but it also uses tags to organize them.

What this means is that you can combine the tags similar to how you can do so with del.icio.us. For example, let’s say you want to check on some Python snippets. Well, upon doing so you can then add to that criteria all snippets that deal with Hello.

Awesome.

Here’s the site: http://www.bigbold.com/snippets/

Wikiphilia n. Medical A mental illness characterized by the irrational conviction that any problem faced by a group can be rendered solvable through installation and use of a Wiki. This delusional ailment has been occurring in increasing numbers ever since it was first identified in 1995. Wikiphilia usually manifests in two distinct phases - the rapturous anticipation of the Wiki’s potential in the short post-installation phase; slowly giving way to denial of the Wiki’s failure to fulfill that potential in the second phase.

** Found here

“In the majority of cases, the difference between knowing the answer and being able to find it within two minutes is unimportant.” - Daniel Miessler

I tend to shy away from groupthink oriented idealogies, but ocassionally I am stricken by a concept that is worth subscribing to. The Hacker Glider is one such concept.

The Glider (shown above) was created by Eric S. Raymond, and is the symbol of the hacker culture. The symbol comes from a project called The Game Of Life, and its history is quite interesting.

In case you’re wondering, this isn’t the hacker you hear about in the news. A true hacker, as described by Eric himself is a creative problem solver who gives back to the community and supports ideals such as freedom, efficient communication, and a strong sense of community. As he points out, there are many types of hackers; they can be found in music, mathematics, and even art. Most often, however, the term hacker is associated with computers.

My own personal definition of hacker is based on Eric’s and others’, but it’s somewhat more broad:

hack-er¹ n. Informal An intelligent, creative, and open-minded individual who enjoys problem-solving, learning, and the sharing of knowledge above all else.

At any rate, if one or both of the definitions resonate with you, take the time to purchase a piece of merchandise (the money goes to the EFF), and find a way to display the logo. Also, be prepared to explain the concept behind it and why the connotations most people link to the word are not accurate.

Alas, we probably won’t make a difference, but as Ghandi pointed out — that’s no reason to not make the effort.

For one reason or another, there is quite a bit of confusion surrounding the technologies that allow File Sharing to take place on a Windows machine. The hodgepodge of terms ranging from NetBIOS, NBT, and SMB serve to confuse not only junior admins, but many more experienced professionals as well. We’ve all been there when a newcomer to IT has asked difficult questions like, “If I disable x, but leave y, will I still be able to do z?” Most times the professional being asked will try and either change the subject or exit the room as quickly as possible so as to avoid showing their ignorance.

Of course, nearly everyone is familiar with one main concept — the well-worn and widely known view that Windows file sharing services are potentially very dangerous. Steve Gibson and his website can be credited mostly for this becoming largely common knowledge. Unfortunately, however, the fact that “it’s bad” is about the extent of most people’s knowledge of the subject. As a friendly test, see if you know the answers to the questions below:

• What’s the difference between using Windows 9x and Windows 2000/XP file sharing?
• Which port(s) handle(s) file transfers on Windows 2000/XP systems?
• Does Windows XP use NetBIOS to transfer files?
• If you disable NetBIOS over TCP/IP on a 2000/XP box, can people still connect to your shares?
• What happens if you block access to port TCP/139 on an XP machine?

These should be simple questions for anyone who deals with Windows in an administrator role, but unfortunately they are not. In fact, I’d be willing to bet that less than a quarter of Windows admins can confidently answer all five questions. In this short article, I intend to get readers up to speed on the basics of this highly critical area of knowledge. Often times, knowing the how and why makes all the difference when it comes to making sound security decisions.

Windows 9x - The Old Way

As with many disciplines, the best way to start is with a bit of history. Before going into how file sharing is handled on the current generation of Windows operating systems, let’s take a look at how it was handled previously.

NetBIOS

The beginning starts with a protocol called NetBIOS. Originally pushed by IBM, it was put together for the purpose of sharing information between a very limited number of machines on a LAN. Early on, NetBIOS ran on a number of protocols, to include DECnet, and it’s important to note that it was not designed to scale to large organizations. Unfortunately, once Microsoft released its products based on it, and computers became a crucial part of the business world, NetBIOS became the backbone of file sharing on business networks everywhere.

In Windows 9x (Windows 95, 98, and ME), the primary ports for sharing resources were 135, 137, 138, and 139. Below we take a look at each:

• TCP/135 - RPC: This port is potentially quite dangerous due to what “RPC” actually stands for. Remote Procedure Calls are requests from one machine to another for service. The RPC service acts as something of a facilitator, or go-between, between the client making the request and the machine being asked for service, i.e. a request is made to this “end-point mapper service” and then a port is allocated dynamically to the service being requested. This is similar to the RPC functionality found in the Unix world, and although it’s not technically a “file sharing” port, it ties heavily into Windows networking in general.
• UDP/137 - Netbios Name Service: This port is used to attain name resolution for Netbios. Think of it as Netbios’s version of DNS or ARP. It’s simply a way to use something you have, make a query, and get something you want in return. For NetBIOS it’s from a NetBIOS name to an IP, for DNS it’s a DNS name to IP, and for ARP it’s from IP to hardware address.
• UDP/138 - NetBIOS Datagram Service: This port primarily allows the SMB browser service to populate the browse lists seen when using “Network Neighborhood”.
• TCP/139 - NetBIOS Session Service: This is perhaps the most known Windows port of all, as it is used to transfer files over TCP. This is both the port that NULL Sessions are established over and the port that file and printer sharing takes place on. If you are considering restricting access to ports on your Windows machine, this one needs to be on the top of the list.

NetBIOS was benign enough initially because they were bound to a protocol called Netbeui. NetBIOS was somewhat harmless when it ran over Netbeui because the protocol is limited to local networks. It couldn’t cross routers, and therefore couldn’t cross the Internet. For this reason, any problems associated with file sharing while running Netbeui were relatively limited.

NetBIOS over TCP/IP

This all changed when Microsoft started binding NetBIOS to TCP/IP — a system referred to as NBT. What this did was take a potentially dangerous but hobbled system (NetBIOS) and gave it wings. Now, instead of just having to worry about someone in the next cube gaining information about your system and/or connecting to your file shares, you now have to worry about someone in New Jersey, Russia, or China doing the same thing.

Essentially, if the interface that connected you to the Internet had both TCP/IP and File and Print sharing on it, and you didn’t have a decent password configured, you were in line to get scanned and pillaged at will by anyone on the Internet.

File and Print Sharing

Ok, so what’s File and Print Sharing? Where does that fit in? Good question. File and Print Sharing is little more than a service that enables file/folder and print shares to be made available to clients. It’s that simple. Think of it as a daemon that runs on a machine — similar to a web or mail server.

Remember, daemons aren’t useful unless requests can make it to them. That’s where SMB over TCP (or in the 9x world — NetBIOS over Netbeui or TCP/IP) come in. They are the means of getting requests over the network to the “server” machine, i.e. the box that has a folder or a printer shared out.

Basically, two things are needed in order for there to be a successful file transfer, 1) a transport allowing a client to make it to the machine in question, and 2) the machine to be listening for requests while it has shares available. It’s important to understand these two pieces of the puzzle and where each technology fits.

Countermeasures

Steve Gibson’s site, while quite informative, sensationalized the risk to some degree. All one needed to do to keep from sharing files over the Internet is unbind File and Print sharing from the TCP/IP protocol within network properties for the adapter that faces the outside. This simple step eliminates the threat of people trivially mapping your shared drives from across the world.

Also, the bits about disabling the Client For Microsoft Networks and such were simply over the top. Aptly enough, the “Client For Microsoft Networks” is nothing more than a client (hence the name). Disabling it had nothing to do with whether or not the server portion of File Sharing (File and Print Sharing) was enabled.

Windows 2000/XP - The New Way

For most of us, Windows 9x is thankfully ancient history. The vast majority of us deal with Windows 2000 and XP these days, and the way these versions of Windows handle File Sharing is significantly different.

First off, the big difference that many notice is the use of port TCP/445 vs. the ports in the 130 range. This change was part of a new Microsoft paradigm designed to eliminate the dependency on NetBIOS. In fact, one can completely disable NetBIOS over TCP/IP on a Windows 2000/XP machine since these new operating systems (via TCP/445) have SMB riding directly on top of TCP rather than on NetBIOS. Microsoft calls this the “direct hosting” of SMB. This enhancement allowed for a few benefits, such as less clutter in the protocol stack, a lack of NetBIOS broadcasts, and the ability standardize on DNS entirely for name resolution.

As can be expected, the functions taken care of by ports 137-139 when NetBIOS was used are now taken care of by the single port 445. This means that this port needs to be given the same attention that the NetBIOS ports were given in the past.

Old vs. New

When connecting to a Windows 2000/XP machine that has both NetBIOS over TCP and direct hosting enabled (from a client machine that’s also using them), both types of connectivity will be attempted. The service responding first will be accepted and continued, i.e. if NetBIOS responds first then an RST will be sent to TCP/445, and vice versa.

Summary

Ok, now that we’ve covered a few different topics here, let’s touch on some key points:

• File and Print Sharing is a completely different beast than NetBIOS or NetBIOS over TCP/IP. To be clear, you can disable the latter and still use the former if you have it bound to a protocol such as Netbeui. If you disable File and Print Sharing, however, then it doesn’t matter what transport gets you to the box, you still won’t be able to access shares on it.
• Windows 9x used NetBIOS (via ports 137, 138, and 139) to resolve resource names and facilitate connecting to them — whether that was via the local network only (Netbeui) or WAN-wide (NBT).
• Windows 2000/XP supports the NetBIOS system as well, but prefers the new method which uses TCP/445 to implement SMB directly over TCP. You can disable NBT for these platforms and still maintain virtually identical functionality using this “direct hosting” paradigm.
• One of the major advantages of going to the “direct hosting” system instead of NetBIOS is the standardization on DNS for name resolution. Resolving resource names using NetBIOS names was chatty (broadcast-based) and lacked scalability. DNS is a universally accepted, hierarchical standard that scales all the way to networks the size of the Internet.
• Due to the consolidation of many of the NetBIOS functions into a single port (445), this port is critical to many Windows 2000/XP operations. It’s imperative that access to this port is limited to trusted hosts and/or networks.

Well, that about sums it up. The goal here was to either refresh or bring up to speed anyone who deals with Windows networking on a daily basis. In the event that I’ve made an error, or you’d just like to comment, please feel free to contact me at daniel@dmiessler.com.