Wednesday, February 14, 2018

Crackling sound in Virtualbox

I had a problem with crackling sound after upgrading Virtualbox to v5.2, similar to the bug report filed here.  I found a forum post where one of the developers suggested upgrading to the latest test build, which did not work.  In fact, it made Youtube videos unwatchable and slow, so it made things worse.

Combing through more forums, I found an old solution which worked.  I had my CPU usage throttled to 90%.  The article suggested raising this to 100%, which resolved the issue.

I scaled down the number of cores I was using to prevent the VM from consuming all of my CPU resources.  Also of note is that I am still using the test version.  Host is running Windows 10 1709, and the guest was running Windows 7.

Monday, January 22, 2018

SSL Wrapper Tutorial


SSL Wrapper, found at http://cesanta.com/products.html, allows you to tunnel any TCP connection between two hosts using SSL.  However, the documentation for it is practically nonexistant.
To hopefully save you some time, I have implemented and tested it myself and will now share my notes with you.

Generating SSL Certificates

First, you need to set up your own CA using OpenSSL.  Then you need to generate two certificate/key pairs and get them signed by your CA.
#Generate a 2048-bit RSA private key for the CA:

openssl genrsa -des3 -out ca/ca.key 2048

#Generate the server certificate

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -days 365

openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca.pem -CAcreateserial -out server.crt

#Generate the client certificate

openssl req -new -newkey rsa:2048 -nodes -keyout chris.key -out chris.csr -days 365

openssl x509 -req -days 365 -in chris.csr -CA ca.pem -CAkey ca.pem -CAcreateserial -out chris.crt

Run the program

Server-side: HTTP server is running at 192.168.1.1, SSL wrapper will listen on port 443
(Using sudo to listen on privileged port 443)
sudo ./ssl_wrapper ssl://443:server.pem:ca.crt tcp://192.168.1.1:80
Client-side: Will listen on port 8080 for HTTP connections, will connect to the SSL Wrapper server at 192.168.100.24:443
./ssl_wrapper tcp://8080 ssl://192.168.100.24:443:chris.pem

MITM Attack

A correctly configured SSL Wrapper will not allow a connection if it is under a MITM attack.  (Using Cain in this example)




Google Chrome will display the message “localhost didn’t send any data” during an MITM attack.

MITM attack possible using incorrect configuration

If it is not configured correctly (not using a CA with client certificate), an MITM attack is possible.

Server-side: HTTP server is running at 192.168.1.1, SSL wrapper will listen on port 443
(Using sudo to listen on privileged port 443)
sudo ./ssl_wrapper ssl://443:server.pem tcp://192.168.1.1:80
Client-side: Will listen on port 8080 for HTTP connections, will connect to the SSL Wrapper server at 192.168.100.24:443
./ssl_wrapper tcp://8080 ssl://192.168.100.24:443


Monday, August 7, 2017

Windows 10 Explorer Shell Crash

I had some issues after installing Windows Updates in 1607 for June 2017.  My Explorer shell crashed constantly, and I had to go into Task Manager and restart it 3-4 times per day.

After using Process Monitor and looking at the event log, I was able to narrow it down to Microsoft Office.  I had Office 2016 installed, but also Visio 2013.  I uninstalled Visio 2013, ran a repair install of Office, and upgraded to Visio 2016.  I haven't had a problem with it since.

It looks like Windows Update was trying to upgrade Visio 2013, but the install was either corrupted or conflicting with my Office 2016 install.

Friday, July 21, 2017

Facebook Shadow Profiles

Facebook has tons of info on people who never made an account on it, it's called shadow profile and it's all thanks to stupid friends.

FB collects phone numbers from phones of people who download their shitty apps and cross-references them with their database of phone numbers. Phil has a number 123-456 in his phone address book assigned to Frank Walcott. Mary has number 123-456 in her phone address book assigned to Frank Walcott.

Also, Phil and Mary have each other's phone numbers, so FB can with 99.99% certainty know Frank Walcott's phone number, even though the guy might have never made an FB account and thinks he's safe and anonymous. The same process can be applied to names of WiFi networks, for example. In fact, just having the ability to know the names of available WiFi addresses precisely pinpoints the user geographically.

FB collects so much data, it boggles the mind. Downloading any of their apps is like putting the phone through a data juicer, it just collects everything.


Source

Tuesday, April 25, 2017

No mouse cursor in games

Here's a simple fix.  I would launch games in full-screen mode and my mouse cursor would disappear.  Internet articles said it was related to mouse pointer trails being enabled (they weren't).  In my case, though, I fixed it by closing the Magnifier application.

Wednesday, December 14, 2016

Putty crashing on Windows 10

Using a dynamic proxy in Putty, I was encountering an issue where Putty would crash in Windows 10.  I got an error in the Application event log:
Faulting application name: putty.exe, version: 0.63.0.0, time stamp: 0x52012e86
Faulting module name: putty.exe, version: 0.63.0.0, time stamp: 0x52012e86
Exception code: 0xc0000005
Fault offset: 0x0001846e
Faulting process id: 0x3f4
[snipped]

Also looking at the System event log, I saw a lot of these (Event ID 140, Source NTFS):
The system failed to flush data to the transaction log. Corruption may occur in VolumeId: ??, DeviceName: \Device\ImDisk0.
(The device has been removed.)

This turned out to be an issue with Veracrypt.  I had the entire system drive encrypted.  After decrypting it, the errors are gone and everything is working again (for now).  Also, the system is running on VMware ESXi 6.0.

Wednesday, September 14, 2016

dllhost.exe - High CPU Usage

I was getting high CPU usage from dllhost.exe recently.  I noticed it when my laptop's battery started draining unusually quickly.  After trying several things, I logged on as a different user, and the problem went away.  So I backed up my documents and settings, blew away my profile, and logged back in.  Problem solved.

Or so I thought.  After restoring all of my documents, the problem came back.

I discovered it was Windows, trying to index a corrupted video file that was on my desktop.  I deleted the corrupted video file, and my CPU usage returned to normal.

Crackling sound in Virtualbox

I had a problem with crackling sound after upgrading Virtualbox to v5.2, similar to the bug report filed here .  I found a forum post where ...