Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found

A few weeks ago a new release of Ubuntu came out.

Naturally that meant it was update time!

I have been getting pretty good at this now so I though I had it all figured out.

Wrong.

Here you go…documented for your entertainment and my education.

1. Find in RSS feeds that my Ubuntu 13.04 Raring Ringtail install has a Ubuntu 13.10 Saucy Salamander update available.
   ●  Upgrade your PCs, servers, and phones: Ubuntu 13.10 lands tomorrow - Ars Technica
   ●  Ubuntu 13.10 review: The Linux OS of the future remains a year away - Ars Technica
   ●  Ubuntu 13.10 Released - But Is It An Essential Upgrade? - OMG! Ubuntu
   ●  Ubuntu 13.10 Saucy Salamander Review: A Boring Amphibian - Desktop Linux Reviews
   ●  Ubuntu 13.10 (Saucy Salamander) review: Smart Scopes in, Mir out - ZDNet
   ●  Saucy Salamander/Release Notes - Ubuntu Wiki
2. Excitedly start the in-place upgrade of my VirtualBox Ubuntu build.
3. Remembered this time (3rds the charm) that VirtualBox upgrades screw with Ubuntu (and I had recently upgraded to a new VirtualBox release and hadn’t ran my Ubuntu guest since) unless you first disable 3D acceleration in the VM machine settings. So I disabled it, launched the Ubuntu VM and now was able to load the desktop!
   
   At that point I was able to install/upgrade to the latest VirtualBox Extension pack within Ubuntu proper. It ran slow as molasses but got the job done. For some reason I keep forgetting what the correct option clicks to get the Extension pack installer auto-running after I mount the CD/ISO file. I did better this time. For some reason the dialog window prompts aren’t fully intuitive to me as a Windows user.
   1. First, run the installer from the host.
      
   2. Next choose the “Ask what to do” option (I think this is where I get tripped up and select another option incorrectly).
      
   3. Run the auto installer
      
   4. Authenticate and install
      
      ●  How do I install Guest Additions in VirtualBox? - Ask Ubuntu.
      ●  Installing Guest Additions on Ubuntu - VirtualBoxes
4. Once done, I rebooted the system after re-enabling the 3D Acceleration option in the VM settings.
5. From there I continue by using Daniel Benny Simanjuntak’s tip in a previous Ubuntu post comments I did to run the following command from the terminal to start the upgrade process.
        …through terminal one can upgrade as well using the command:
         sudo do-release-upgrade -d
6. Watch with anticipation.
7. Installation failed.
8. What!
9. Try again.
10. Failed again.
11. Read error and log dialogs carefully and figure out I don’t have enough free space on my virtual hard drive. Apparently I set it up for a fixed disk size of about 8 GB.
12. Started simple and ran command “sudo apt-get clean”. I seem to recall I had to do that last time I did an Ubuntu upgrade.
13. That cleaned a bunch of stuff but when I tried to do the upgrade, I still didn’t have enough free space left to perform the upgrade. It eventually became clear that it was time to increase the size of my virtual hard drive. Goody.
14. I tried a number of processes to expand (in place) my VM’s VDI virtual HDD file. None of them seemed to work successfully. It was super frustrating.
15. Found vidma - Virtual Disks Manipulator (tool for resizing VDI). It’s a tiny standalone command line tool for resizing (fixed size) VDI files. It is “Alpha” software but I figured I had little to loose at this point as if this didn’t work, I’d probably be going back to square one anyway.
    1. To make things easy I copied the utility over into the same location of my VDI file.
    2. Opened a command line window in this location
    3. Ran the command “vidma Xplico.vdi 20480” and fed it confirmations as needed. (Actually I  used the even value amount “20000” and resulted in a 19.53 GB expanded drive…not quite 20 GB even which the 20480 figure would have done.)
    4. Watched and waited patiently as it processed the file.
    5. When it was done I relaunched the VM (hurray it came up fine) and using GParted inside the current Ubuntu VM, checked the /dev/sda drive. It was showing the full 19.53 GiB partition. Up from the original 8 GiB.
16. That was part one. Now I had to resize my active partition to incorporate the additional unallocated space that I had created in step 13 with vidma.
17. I shut down the VM and rebooted it after attaching a GParted ISO. This would let me manipulate the internal partition information of my VDI file.
    1. Basically I followed (starting down the page at Step 4 “Expand the partition in the larger virtual disk”) the guide found posted by Eugene over at Trivial Proof: Resizing a VirtualBox Virtual Hard Disk”
    2. Because I had set my Ubuntu drive up with a swap partition, I had to deal with it first as explained in the addendum in that guide.
    3. For some reason I was not able to move the swap partition out of the way as it describes. So I ended up following a tip in the comments from “jayesh” after carefully noting what size it originally was set at.
       
       ”I had an extended partition containing a swap partition between my root partition and unallocated space. So i tried to follow ADDENDUM steps but i was not able to move the extended partition in one step. So, i extended the "extended partition" with unallocated space, then moved the swap partition to the end of this new partition and finally shrink the extended partition to its original size, leaving unallocated space close to my root partition.”
       
       This post guide over at mwpreston.net expands that process in wonderful detail if you want more information before trying: Expanding a Linux disk with gparted (and getting swap out of the way) - mwpreston.net
    4. I then was able to expand the existing (in use partition) to take in (almost) all of the newly created unallocated space.
    5. Whew!
    6. Rebooted and detached the GParted ISO.
    7. My VM guest came up just fine and after another check in the GParted tool, confirmed things were put right again and I now had 18.43 GB of available space.
       
18. Time to retry the Ubuntu 13.10 upgrade!
19. From a terminal session: “sudo do-release-upgrade -d”
20. Let it run forever…do a few reboots…
21. When it is all settled down, I log in and kick the tires a bit, and change the desktop to the charming “Saucy Salamander” image.
    
22. Looked for and updated any pending applications needing updating. Done.
23. Check “Upgrade to Saucy Salamander” off my to-do list.

I would swear I captured a ton of screen shots of the actual VDI expansion and post-GParted partition wrangling work to document what I was doing, but I just can’t find where I put the screen cap files. Despite my best efforts to scour my HDD’s looking for them they just haven’t turned up. If I do later stumble upon them, I’ll update the post accordingly.

The only other “gotcha” I discovered immediately after the upgrade is that my beloved power-button in the top-right bar in Ubuntu 13.04 had been removed.  How do I shut the figgin thing down now?

Apparently I wasn’t the only dolt stumbling over this, post upgrade.

• unity - Why am I not able to shutdown, log-off and restart after an upgrade to Ubuntu 13.10? - Ask Ubuntu

Per that thread, I ended up settling for the “open a terminal, type sudo shutdown -h now, press enter and put the password” shutdown method.

Since that original upgrade to 13.10, I have since ran the Software Updater again to bring it current and I find my familiar shutdown icon is now back. Hurrah!

I hope this helps any Ubuntu noobies out there with the upgrade process if you are running it in VirtualBox.

Previous Ubuntu upgrade posts here on GSD.

• grand stream dreams: Ubuntu 12.10 (Quantal Quetzal) Upgrade
• grand stream dreams: Ubuntu 13.04 (Raring Ringtail) Upgrade..a bit faster this time

--Claus Valca

Read More

ForSec Linkfest - 2013 DST Fallback Edition

FYI…tomorrow morning at 2 AM here in the United States of America it will be time to “fall back” from DST. One more hour of sleep and then it’s weeks of trying to get the body’s timeclock to readjust.

So as you get ready to find all the clocks you need to manually adjust (don’t forget the vehicles!), here is some linkage to distract you from that task. Please note I’ve also sprinkled in some networking items as well to keep you on your toes!

• Wireshark 1.10.3 and 1.8.11 Released - Wireshark website
• Wireshark - Official site Download
• Reviewing Wireshark's Capture Pane (by Tony Fortunato) - LoveMyTool blog
• Using PowerShell to Automate Tracing - MessageAnalyzer blog
• Nmap cheat sheet - HelpNet Security blog - From the notice:
• Counter Hack founder and SANS instructor Ed Skoudis and his team created a helpful cheat sheet for Nmap, which includes notable scripts of the Nmap Scripting Engine, script categories, instructions for scan types, probing options, and more.
• How A Wireless Issue Looks Like a Wired Issue (by Tony Fortunato) - LoveMyTool blog
• NAFT: The Movie - Didier Stevens
• New utility to quickly set the DNS servers of your Internet connection - QuickSetDNS utility from Nir Sofer's workbench.
• On getting Pineappled at Web Directions South - Troy Hunt’s blog
• Disassembling the privacy implications of LinkedIn Intro - Troy Hunt’s blog
• Command-line Forensics of hacked PHP.net - NETRESEC Blog
• iOS apps can be hijacked to show fraudulent content and intercept data - Ars Technica
• Your iPhone knows where you’ve been, puts it on a map - Chron.com’s TechBlog
• What's New in the Prefetch for Windows 8?? - Invoke-IR blog
• Re-Introducing the Vulnerability Search - Journey Into Incident Response blog
• Links - Windows Incident Response blog
• Incident Response Teams are the New (Security) Black - Speaking of Security - The RSA Blog and Podcast
• Red Alert: 10 Computer Security Blogs You Should Follow Today - MakeUseOf blog
• New Security Intelligence Report, new data, new perspectives - Microsoft Malware Protection Center blog
• Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps - Ars Technica
• Hacking a Reporter: Writing Malware For Fun and Profit (Part 1 of 3) - SpiderLabs Anterior
• Treasure Hunting with FTK, EnCase, and SQLite Databases - Computer & Digital Forensics at Champlain blog
• Add the CAINE ISO to your E2B drive - RMPrepUSB, Easy2Boot and USB booting

Cheers,

Claus Valca

Read More

CryptoLocker Ransomware Info & Free Prevention Solutions

I work hard to keep our home systems malware-free and safe.

That typically involves talking about good Windows end-user behavior with Alvis and Lavie, letting them know about various breaking threats, running a AV/AM product, installing advanced protection afforded by Microsoft's EMET v 4.0 on our home systems, making sure all Windows and third party browser plugins are kept updated, run backups, etc.

So generally, I don’t worry too much about viruses and malware…but this new CryptoLocker threat does have my nerves extra-edgy.

First, we don’t have 10 bitcoins sitting around to pony up for a decryption. Most home\SOHO Windows users probably don’t either. Note this price has gone up from the previous 2 bitcoin expense.

• CryptoLocker developers charge 10 bitcoins to use new Decryption Service - Bleeping Computer News

Secondly, it seems to work primarily on social-engineering and spear-fishing techniques (for now) to trick a user into opening a payload delivered by email. While I can have pretty good confidence in software defense-in-depth security practices, I never can trust the end-user (myself included) to be 100% dependable in catching this attack. I am my own weakest link.

Lastly, although CryptoLocker primarily targets local drives, it will encrypt any targeted files on a network share if the shared folder is mapped as a drive letter rather than a UNC share. So if one person on a network gets infected, and has mapped drives via drive lettering, that could hose everyone! That’s scary bad.

So the first important step you can take is to educate yourself about the threat itself:

• How To Avoid CryptoLocker Ransomware — Krebs on Security
• CryptoLocker Ransomware Information Guide and FAQ - Bleeping Computer - Probably the current de-facto resource for all technical details on this threat. Updated frequently.
• CryptoLocker Is The Nastiest Malware Ever - Here's What You Can Do - MakeUseOf blog
• Cryptolocker Ransomware: What You Need To Know - Malwarebytes Unpacked
• You’re infected—if you want to see your data again, pay us $300 in Bitcoins - Ars Technica

At home, my immediate response was to deploy a special package maintained by Foolish IT LLC on ALL our personal Windows systems (including my Windows VM’s) that protects against this threat. 

CryptoPrevent - free for personal and commercial deployment - Foolish IT LLC - current version at time of posting is 3.1 but that is certain to change. In both “portable” and installable versions.

Like any AV/AM vs. Security battle, it is a constant arms race of updates so if you go this method, check back frequently for new versions or pay the $ for the auto-updating version.

Just to illustrate the challenge, take a look at these posts from the developer to see how the tool has mutated to keep pace with the threat and customer’s needs.

• CryptoPrevent v2.0 just released with whitelisting capabilities!
• CryptoPrevent v2.1 - I just can't seem to win!
• CryptoPrevent v2.4 just released with internal update feature - please update!
• CryptoPrevent v2.5 - with a powerful new layer of protection introduced!
• CryptoPrevent v2.6 released - my life is consumed by this madness!
• CryptoPrevent v3.0 - Recycle Bin protection and a new optional AUTOMATIC UPDATE service!

For corporate locations, I learned about another solution via Brian Kreb’s post noted above. From that post:

A team of coders and administrators from enterprise consulting firm thirdtier.net have released the CryptoLocker Prevention Kit – a comprehensive set of group policies that can be used to block CryptoLocker infections across a  domain. The set of instructions that accompanies this free toolkit is comprehensive and well documented, and the group policies appear to be quite effective.

Cryptolocker Prevention Kit (updated) - Spiceworks

Get protected now if you are a Windows user. Period. 

It’s not worth dilly-dallying about.

Cheers,

Claus V.

Read More

Linkfest for the SysAdmins

Here is some assorted linkage from the past week or two that might be of interest to the system administrators lurking around.

• US State Governments Can’t Shake IT Woes - IEEE Spectrum - This week in gooberment IT support and deployment silliness. Offered as object lessons for self-improvement.
• HealthCare.gov deferred final security check, could leak personal data - Ars Technica
• The seven deadly sins of HealthCare.gov - Ars Technica
• Can we trust the data brokers who store our most intimate private details? - Ars Technica
• Defrag Tools: #61 - Windows 8.1 - Disk Space, Sysinternals DU and RU - Defrag Tools on Channel 9
• PowerShell: Location, Location, Location - 4sysops
• Download Active Directory Replication Status Tool - Microsoft Download Center
• How to make your USB drive Write-protected under Windows - RMPrepUSB, Easy2Boot and USB booting
• Install Windows 8.1 on Oracle VirtualBox - BetaNews article from Wayne Williams
• Customizing the Windows 8.1 Start Screen? Don’t follow Microsoft’s guidance - Aaron Parker
• Windows 8.1 / Windows Server 2012 R2 - Updated Shell UI changes - Ask the Performance Team blog

Cheers,

Claus Valca

Read More

Microsoft Security Essentials/Defender & PowerShell

Here are some minor tidbits for MSSE I found, as well as some cool tricks you can do against it with PowerShell.

Microsoft may end antivirus updates on XP in April - ZDNet

I’m not surprised to hear this deliberation going on, XP must go and MS can’t be responsible to support an unsupported OS forever. That said, for quite some time to come many home users (particularly), SOHO’s, and corporations may continue to use XP on their systems for some time to come.

While I’m confident other third-party vendors may continue to release AV/AM software that can run and support XP systems, many folks stick with MSSE. Leaving these systems vulnerable and unprotected, particularly if on a network with other Windows systems, seems a situation ripe for exploitation and shenanigans.

I hope that Microsoft continues to provide updated and current definition signatures for at least a period of time after the XP support ends.

Download Microsoft Security Essential - Microsoft Download Center

Meanwhile, over at the Hey, Scripting Guy! Blog, great fun has been reported playing around with Windows PowerShell and finding some neat things that can be done with Windows Defender. (Note: I don’t find a counterpart for the Microsoft Security Essentials application.)

• Exploring the Windows Defender Catalog - Hey, Scripting Guy! Blog
• Use PowerShell to Explore Windows Defender Preferences - Hey, Scripting Guy! Blog
• Use PowerShell to Update Windows Defender Signatures - Hey, Scripting Guy! Blog
• Use PowerShell to See What Windows Defender Detected - Hey, Scripting Guy! Blog
• Weekend Scripter: Use PowerShell to Configure Windows Defender Preferences - Hey, Scripting Guy! Blog

Have fun!

Claus Valca

Read More

Miscellaneous TrueCrypt linkage

I have used TrueCrypt for a long time…but only with TrueCrypt container files that stand alone and are mounted.

Then I branched out and started using full-volume encryption to protect some back-up external USB drive devices.

Recently, I bit the bullet and started using TrueCrypt system-wide encryption to protect my personal home laptop…all system volumes. No worries so far.

Because of that I pay close attention to TrueCrypt news, and here is some linkage, in case you are interested.

Let's audit Truecrypt! - A Few Thoughts on Cryptographic Engineering blog by Matthew Green

New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks - Ars Technica

Is TrueCrypt Audited Yet? - project homepage

How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries - technically heavy-duty and most excellent article by Xavier de Carné de Carnavalet.

Windows 8.1 upgrade: be careful with TrueCrypt - GTranslated - Borns IT and Windows Blog - Basically, if you are using full-system partition encryption with TrueCrypt, the recommendation is to first fully-decrypt and remove TrueCrypt encryption…then apply the Win 8.1 upgrade…then reapply the TrueCrypt full system partition encryption. If not you might hose your system during the upgrade. That’s a bad thing.

Cheers,

Claus Valca

Read More

PowerShell 4.0 and a tiny “gotcha”

I spotted news last week that Microsoft released a new updated version (4.0) of PowerShell.

Download Windows Management Framework 4.0 - Microsoft Download Center

I thought I read and had met all the prerequisites successfully, so I installed away. Only when I checked the installed version it still reported 3.0. Hmmm.

I checked the “Add/Remove” program list and didn’t find the update listed in the Windows components. Strange. And when I tried to reinstall it, it said it was already installed…despite not being listed in the installed components.

What gives.

Long story short, after additional troubleshooting I found out that a required component for PowerShell 4.0 was missing.  WMF 4.0 requires Microsoft .NET Framework 4.5

I thought I had it on already, but turned out I had .NET Framework 4.0. My bad.

So I downloaded the .NET Framework 4.5 from the Microsoft Download Center and got it on my system, then reinstalled WMF 4.0 one more time.

This time it took and a version-check in PowerShell showed the new version was present.

A few days later this issue became pretty common information so you may want to consult this post if you haven’t figured it out yet. It has great technical details.

• WMF 4.0 - Known Issue: Partial Installation without .NET Framework 4.5 - Windows PowerShell Blog

Related:

• PowerTip: Find if Computer has .NET Framework 4.5 - Hey, Scripting Guy! blog

So now what?

• PowerShell 4.0 – A first look - 4sysops - Guest author Jeffery Hicks has a great pre-release review and rundown.

Cheers.

Claus Valca

Read More