Is the recent Cisco advisory a government plant?

image credit: planetpalmbeach.

I’m not prone to conspiracy theories, but some things are just a bit too much even for me. Cisco recently released an advisory about a new piece of DNS poisoning malware which can install a Tor client on a user’s machine. Their suggestion? “Enterprises should consider blocking Tor traffic on their networks.”

This, just days after a massive chunk of Tor sites were compromised under the guise of fighting child pornography. It seemed like a safe thing to do, after all; nobody wants to defend child porn. BUT, privacy advocates everywhere are literally and physically reeling from the crackdown on the Tor network, seen in recent weeks. “Tor” stands for “The Onion Router” and is a service that can anonymize traffic on the web, by allowing multiple shared entry and exit points. Your traffic goes in to “The Onion Router” network, through several layers and bouncing off of several other routers and peers in the network, then gets spit out on of a random exit point, along with all of the other traffic routed out the same exit. In the end, it is virtually impossible to trace back to any one user, without more identifiable markers on their machine (which is what the malware planted in Tor-based sites is doing). We have even seen sites like Silent Circle, and Lavabit shut down their services and Hushmail fold to the feds.

With a sudden attack on Tor and privacy and anonymity protection software is executed by the government, then a well known and major security and networking company advises that most enterprises should start blocking Tor based traffic on their networks… it just feels a bit too “coincidental.” In a time when the discussion has never been larger, the NSA and other federal agencies ordering these crackdowns have NEVER been so brazen. Where most private companies would be experiencing a panic and a PR nightmare, these organizations appear to be moving forward with the cavalier attitude of Don Quixote, oblivious (or unconcerned) to the rubber band-like reaction that lies ahead. I’m not a conspiracy theorist, I’m not even a privacy advocate, but someone out there has forgotten what it means to be subtle when trampling the little people.

Cannot save files from Adobe Reader to Offline Folders

I recently had a user call me and explain that they couldn’t save to their offline files and folders when offline. Little did I know the can of worms we were going to open.

The troubleshooting rabbit hole involved finding out that you could, in fact, copy and paste documents in to those folders, however we couldn’t save PDF files from Adobe Reader by using the File/Save command. No error message appeared, they looked like they saved, but when you looked in the folder, the file would be missing. It was specific to Adobe Reader. Once I knew that, I had to dig further.

In the end, the problem was that Adobe Reader wouldn’t allow the user to save files in the Offline folder because it was sandboxed (an enhanced security mode which doesn’t allow Adobe Reader to react with other applications, in an attempt to prevent virus infected PDF files from infecting your whole system). To resolve this, close any open PDF documents, but open Adobe Reader. Click Edit, then Preferences. On the left click Security (Enhanced), then UNCHECK Enable Enhanced Security at the top of the Window, and click OK. Exit Adobe reader, then try again. It should work without a problem now!

How "PRISM" probably works – at least right now

Last week, news broke about “PRISM.” A whistleblower alleges the US government has direct access to the servers of many tech companies; Microsoft, Google, Facebook, their subsidiaries, and more are listed. Then, over the next several days the story softened to be “access” instead of direct access. Now it’s down to the point where they might be talking about the National Security Letters, which is almost a non-story. But regardless of what’s true, what’s known, and what’s happening – I wanted to take a look at how big-data collection works.

Believe me, there are people more qualified than me to talk about this, but I wanted to explain give a breakdown readers would understand. So let’s take the program on what people think PRISM is most capable of: monitoring, in real time, every single phone call, text message, picture message, your cell phone’s GPS coordinates, email, Facebook post, internet search, every map you look at online, and every website you visit. That is a mountain of data, the extreme majority of which is worthless. Everybody makes fun of Twitter and says “nobody cares what you had for breakfast.” The government cares even less. Think about it in terms of space. Twitter is a website that lets you post messages that are only 140 characters in length. A sentence, maybe two, at a time. Twitter, alone, generates about 12 terabytes of Tweets every single day. A terabyte is about 1,000 Gigabytes.

I can’t fathom the amount of data and pictures that Facebook is storing, or imgur, or Reddit, Flickr, Digg, WordPress, Blogger, or any of the other thousands of websites. Even comments on blogs and news sites begin to pile up. If you were capturing all of that data (UPDATE: which they’re likely doing by means of a Fiber-Optic tap, similar to what we called a vampire tap, years ago), how could you ever read it all? You can’t. At least not today. That’s why the NSA is building a one million square foot data center in Utah. Right now, it will act as a repository. Some day, the world will have enough processing power to go back through and search for key words and phrases through every bit and byte of data that is stored. But right now, it simply isn’t possible.

So what could “PRISM” be doing, if it exists right now and is already in place at all of these phone companies, and tech companies, and internet providers? Right now PRISM would be looking for patterns in “Meta-Data.” Meta-Data is the basic stuff. To. From. Subject. Dates and times. It would be designed to highlight certain numbers or email addresses. For instance, let’s say we know the cell phone number of a suspected terrorist – well, then we could punch that number in to PRISM, and see all of the calls made to and from that device. Are they listening to every single call? Extremely doubtful. But if they see that a particular number called the suspected terrorists’ number over, and over – they can start to correlating potential accomplices and other frequent contacts. Even General Michael Hayden says that’s how it works.

I’m far from the tin-foil hat wearing conspiracy theorist. In fact, if the government wants to read all of my emails, I couldn’t care less! Have fun! Read away! What concerns me is whatever happens with them next. This is the part that concerns me. As I mentioned, the Utah data center’s goal would be to capture and archive all of the internet’s traffic. Right now, we can’t really parse and understand all of that data, which is why only meta-data would be checked. But if they’re storing all of the data, it doesn’t matter what they’re looking at? They have all of the data. What if some other hacker group wanted to release all of my private emails to the public? Think about it, publically traded companies with their business reputations at stake still get hacked from time to time. A government organization with nothing to lose probably isn’t going to secure our data as tightly as someone like eBay! But there you have it, all of your emails, the attached pictures, embarrassing stories, whatever the contents may be, someone gets in to the NSA’s system and leaks come out.

Or, what if the NSA decides that they have worked for these emails and that now they “own” them and can turn a profit on them by selling them to insurance companies. Suddenly an email surfaces where I talk about pigging out on a triple cheeseburger, and my health insurance rates go up because I make unhealthy lifestyle choices. Or maybe, just maybe, a pattern that isn’t really there emerges, by mistake. It looks suspicious. But this “predictive” system has determined that I must be a threat to national security, and in a very Minority Report sort of way, I could be charged with conspiring to commit a crime – which I’m completely unaware of, but I match the criteria and profile of someone who would commit such a crime.

Having data literally warehoused in one sweet, sweet hacker target isn’t appealing to me. The system isn’t perfect. We have too many wrongful convictions, even people put to death for crimes they didn’t commit. Leaving it in the hands of a computer to draw conclusions based on correlation isn’t the best solution. No, the system isn’t perfect, but luckily, the system isn’t even online as we imagine it – at least not yet. As I set out to mention, earlier, the only thing they can possibly be doing right now is picking and choosing the data points they want to monitor, and see how X is interacted with by A, B, C, D, and E. But what does the future hold? Maybe now is the time to stop the machine from becoming the behemoth that it is set to become. I’ve said it before and I’ll say it again: if the government wants to read my email, I genuinely don’t care. But I don’t want them storing copies of it haphazardly on external hard drives in the back seat of an employees car, etc… I don’t know if the solution is data retention policies to ensure things are deleted, I don’t know if it’s opposing the entire project and calling it a fishing expedition, I don’t know if it’s bowing to our new robotic overlord, but I have started thinking about the future.

Solved & Fixed: UFL ‘u2lgl’ that implements this function is missing

I recently ran in to an error stating “UFL ‘u2lgl’ that implements this function is missing.” This happened when using a particular program called CYMA, which generates reports using Crystal Reports and then brings them up for a print preview. I found this not too helpful article (note: the article I link to has been updated to contain the solution I post below {with more details specific to the current version}, and they have credited me with helping to find the correct fix), which suggested that you could fix CYMA by copying and pasting the missing file into the folder. The file was already there, but I tried it anyway. Still nothing changed. From there, I found one other article saying that it wasn’t the file he thought it was, the poster, named Andy Baker, had to re-register his User Function Library – but gave no advice for users how he did that. No other advice anywhere on the internet gave a clear answer as to what was causing this issue.

When Andy refers to re-registering the User Function Library, or UFL, he basically means that he had to re-register everything. What you need to do first is to figure out what folder the file is in. For some examples, you could find the DLL in a folder such as:

  • C:\Program Files (x86)\Business Objects\Common3.5\bin\
  • C:\Program Files\Business Objects\Common3.5\bin\
  • C:\Program Files (x86)\Common Files\Crystal Decisions2.5\bin\
  • C:\Program Files\Common Files\Crystal Decisions2.5\bin\

The computers I had this issue on were the latter two folders. So, I’ll use the 4th directory in my example, but remember, you may need to change the second line of the command below to match wherever your files are. Here’s what I did:

  1. Ensure CYMA (or whatever program is giving you the error) is closed
  2. Click the Start Menu in the lower left
  3. Type CMD
  4. Right Click CMD.exe and click Run as Administrator
  5. type the following:

    cd "C:\Program Files\Common Files\Crystal Decisions\2.5\bin\"
    for %1 in (*dll) do regsvr32 %1 /s
    for %1 in (*ocx) do regsvr32 %1 /s
  6. Re-open your application and try again!

For me, this resolved all of my problems. No reboot necessary. The application opened, and when we ran the reports, they came up as we expected them to! The issue appears to stem from installing Office 2013, which I believe installs a newer .net 4 Framework, which de-registered these files. Leave a comment, let us know if this helped!