Archive for November, 2010

Color Scheme Designer: Excellent HTML Colour Picker

Every now and again I end up doing some web work, sometimes it’s part of a BI implementation where I’m trying to follow corporate branding guidelines but in most cases I just have a particular problem to solve and I want to put together a simple but aesthetically passable design.

So, when I need to delve into the world of HTML and colour schemes I always return to one site: colorschemedesigner.com - the site allows you to generate a single colour scheme or several complimentary schemes, adjust for colour blindness and has exports for HTML+CSS, XML, Text, Photoshop (ACO) and GIMP (GPL).

Rootkit Hidden in Network Card Firmware

I just read a scary post by Guillaume Delugré following-up from his presentation (slides) made at the hack.lu conference in October.  Essentially he reverse-engineered the Broadcom NetExtreme Network Interface Card and replaced the device’s standard firmware with modified code capable of intercepting network packets and hiding them from the OS – even when the OS registers the card as disabled.

The ultimate goal of the project is to build a rootkit that would reside in the NIC’s firmware and be capable of performing all sorts of nefarious tasks and once installed it could implement a range of countermeasures to avoid detection.  One problem for the would-be malware writer is the limited memory available on the NIC, perhaps instead of acting as the primary payload the NIC rootkit could act as a wingman to a larger malware toolkit and even persist in the event that the OS infection was removed.

The rootkit could monitor outbound traffic to sense when it’s primary payload had been deactivated, report back to the command & control servers and wait to be notified of a hardened upgrade that could then be installed by exploiting communication with the driver layer via Direct Memory Access.  Alternatively it could be used to thwart detection by network scanners like Nessus or perform port scans on the rest of the network, again – all without the knowledge of the host OS.

This may seem somewhat speculative but to me it’s the way of the future, many devices connected to your PC have flashable firmware and I imagine that within the next couple of years an example of exactly this kind of attack will be found in the wild – until then, stay tuned to the big conferences like Black Hat, Defcon and Hope.

How to Enable xp_cmdshell in SQL Server

There’s a great little feature of SQL Server that allows you to execute command-line statements, allowing you to run batch files, get directory listings or call executables.  The feature is accessed via the xp_cmdshell Extended Stored Procedure, the syntax is pretty simple and looks like this…

How to Enable the Quick Launch Bar in Windows 7

I’m yet to write up my full opinions of Windows 7 but generally speaking I like it a lot but having just migrated from Windows XP there are a few changes that I find hard to live with and one is the absence of the Quick Launch toolbar. 

Thankfully it’s pretty simple to bring it back thanks to Microsoft Knowledge Base Article #975784, the instructions are very clear so I won’t recreate them in full here but essentially all you have to do is…

• Right-click on the taskbar and select Toolbars >> New Toolbar. 
• In the dialog box paste: “%AppData%\Microsoft\Internet Explorer\Quick Launch” and hit Select Folder. 
• Right-click on the Quick Launch toolbar and un-check Show Text and Show Title. 
• Right-click on the Quick Launch toolbar and select View >> Small Icons. 

Now you can carry on using Quick Launch as you did before by dragging and dropping shortcuts to and from the toolbar.

Installing Business Objects XI R3.1 on Windows Server 2008 R2

Recently I migrated a Business Objects XI Release 2 deployment to XI Release 3.1, a relatively straight-forward process but as always there are a few gremlins to avoid.  Unfortunately the final playbook I used had too many sensitive details in it but during my trial-run I did make a few notes that served me well as a rough workflow and I thought it might be worth sharing.

It’s a mix of steps to take with a few hints thrown in, for the trial run I built a one-box solution (DB+BO on the same server) which isn’t necesarily good practice but works well as development box.  Please bear in mind that this is by no means exhaustive and there’s no substitute for reading the Business Objects documentation…

• Create a domain user under which you Business Objects services will run.
• Install SQL Server 2008 R2 Express (you could use MySQL I but I prefer MSSQL).
• Ensure that SQL Server runs under the domain account (can be done during setup or afterwards).
• Create databases for the CMS + Audit DBs, create a user that you will use to authenticate with.
• Install any necessary ODBC drivers.
• Open Windows Firewall and allow inbound traffic on port 8080 (for Tomcat).
• Setup CMS + Audit ODBC Sources using c:\windows\sysWOW64\odbcad32.exe
  (see: 32-Bit ODBC Drivers in Windows Server 2008 R2)
• Configure IIS to Enable 32-bit Applications + .NET Application Pool = Classic
• Install Business Objects (everything but MySQL).
• Open CCM, stop services and set SIA + Apache to run under domain account.
• Grant permissions on C:\Program Files (x86)\Business Objects to domain account.
• Restart services.
• Click “Update Objects” button in CCM (this solved an issue where some Authentication options were unavailable in the CMC).
• Log in CMC, configure AD Authentication - it’s best to follow the Windows AD SSO NTLM instructions in Business Objects Documentation.
• Run Import Wizard (I may post some tips later on but it’s quite straight-forward).
• On Windows 7 PCs go to Control Panel  >> Java >> Advanced >> Security and tick “Enable Mixed Mode (run with protection)” – this solved an issue for WebI users.
• Set user input locale correctly (I’m in the UK and I had to do this on the client for each user).

I hope that helped, if you have any questions please leave a comment and I’ll see if I can expand on the above.

Register an Extended Stored Procedure in SQL Server 2008 R2

Aside from those integrated into SQL Server (e.g. xp_cmdshell) it’s not often I come across the need to use Extended Stored Procedures but an application I installed recently required that I add their custom procedure to the SQL Server housing the application data.  Having been years since I had last added one it took a little figuring out since I would’ve expected to find it in Management Studio under “Server Objects” or “Management” but it’s somewhere entirely different. 

To add/register an Extended Stored Procedure you’ll need to right-click on…

Databases >> System Databases >> master >> Programability >> Extended Stored Procedures

…and select “New Extended Stored Procedure”.

Next you’ll have to provide a (this will be the name the procedure is called by) and the path to the DLL, you can browse to the the .dll file by clicking on the elipsis. 

The next step is vital since at the moment the only people able to actually use the Extended Stored Procedure would by sysadmins.  All you have to do to remedy that is click on “Permissions”, click “Search”, type “public” in the text box and click OK as follows…

All you have to do now is tick the “Execute” permission to allow the ‘public’ users of the database (effectively everybody) to be able to use the procedure. 

The completed dialog box should look something like this…

Then click “OK” and all should be well.