Looking for the Ozio Gallery security flaw

I’m maintaining a Play Framework installation at work, and as a part of this we are monitoring the 404 requests we are getting. Each day I get a mail containing all the 404 requests from yesterday, and sometimes I even look through it. It is useful to see if an update has broken some site wide linking, and it is also useful when looking at how people are trying to hack us.

Normally it is a lot of requests for login forms that does not exist (wp-login.php being among the favourites), but today my eye caught something new. Requests for the following files:

/components/com_community/index.html
/components/com_oziogallery/imagin/scripts_ralcr/filesystem/writeToFile.php
/components/com_oziogallery2/imagin/scripts_ralcr/filesystem/writeToFile.php

This turns out to be a security flaw in a badly written Joomla component, Ozio Gallery, discovered three years ago. But still being looked for, meaning it most likely still is active. More on the Ozio Gallery security issue at Stop Malvertising from 2011.

A bit scary to trust other peoples code, but it is a risk you take when you are not developing own code. And in most cases, nothing bad happens right? Anyway…

The sniffing came from Spain, from IP 94.23.81.219. A welcoming change from the usual Chinese and Russian sniffs.

 

Could not verify the integrity of the installer

I wanted to play Settlers 7 the other day, and decided to install it on my work Mac, hoping I could use higher graphic settings than on my own, older Mac. But I only had the game on a CD, and this Mac had no CD player. So I copied the CD onto an USB stick on another machine, and then copied the installation folder from the USB onto the Mac.

But when trying to run the installer from the folder that was now living on my desktop, I got a message telling me “Could not verify the integrity of the installer“.

Could not verify the integrity of the installer

Turns out this was my Mac telling me that that it didn’t think that this was a genuine installer, and wanted it on a form of disk. So the solution was then to create a disk image from the folder.

To do so, I opened Disk Utility from Applications -> Utilites. There I clicked on New Image, and got a option window for the new image. I chose custom size, giving it 10 GB. More than it needed, but I was deleting it straight away, so I didn’t mind. Other than giving it a new new new, I only changed one other thing; changed Partitions to Single partition – CD/DVD.

Creating new disk image

Pressing the Create button created the image, here illustrated by a very informative screen cap if you haven’t seen a progress bar before.

A progress bar

This left me with a dmg (disk image) file with a disk attached.

Disk image

Double clicking on the disk, named settlers, opened its folder, and I was then able to copy all the installation files to the disk.

Disk content

And then it was just a case of double clicking the installer, and I had a game (mind you, only after close to an hour worth of game updates…).

Settlers 7 installation screen

Integrity verified!

Check Point Endpoint Security breaks Chromecast streaming

This Christmas I was given a Google Chromecast, and I’ve now finally gotten around to actually installing it. The setup was a breeze, and streaming from my iPhone was working as it should. But I was not able to connect my MacBook Pro (running Mavericks) to it. I downloaded the Chromecast App, but it was not able to find the device. It would do a little searching…

Chromecast searching

…and then telling me that no devices was found.

No chromecasts found

The Google documentation wasn’t very informative, and didn’t help me much with this particular problem, or so I believed. But one of the pages I found while searching for an answer, commented on that disabling Blackberry Link helped. Blackberry Link created a VPN to connect Blackberry devices, and Chromecast don’t work over VPN, as the documentation stated.

I had VPN software installed, Check Point Endpoint Security. But I didn’t think that this mattered, as long as I didn’t start it. Turned out I was wrong. Because after uninstalling it, my computer found the Chromecast right away. I didn’t find any settings to change whatever the VPN client was doing, and since I wasn’t really using it anymore, it was easier to just remove it to do the testing, instead of digging around some more.

Chromecast found

And now I can stream video as I please from my Chrome browser to my TV. And it works almost as it should.

Airplay to Apple TV crashes wireless router

On Friday, my better half complained about problems with the wi-fi while I was away. She was trying to listen to an audiobook, airplaying from her iPhone through the Apple TV, but discovered that the wireless network was down. After some router restarts it came back. And today the same happened when I tried to airplay first a podcast, and then an audiobook from my phone.

In all cases this happened: The wireless started out working just fine. When starting the airplay streaming, the phone acted like it was streaming, but no sound came from the Apple TV. And then the internet was gone from the wireless network, meaning that all devices connected lost their internet connection. To get the internet back, we had to first restart the router, then the Apple TV. The internet came back, and the airplay worked. Once. If we paused the playback, and started again, the internet would freeze once more.

The solution was to disable the WMM (wireless multi-media) support on the router, under the routers Quality of Service settings. This setting is for giving multi-media (like video and audio) priority over the wireless network. Checking around on the net, most hits when searching for WMM were for guides on how to disable it, not many for the benefits of having it enabled. But I’m sure there are reasons for it. But us, being just two, and the way we use our wireless, I don’t think this will affect whatever we are streaming. And now the airplay actually works, so I’m not going back.

This is how it was done, on a Linksys E2500:

Go to 192.168.1.1 in a browser to access the routers admin page, and enter the login info when promted. Our info was on a sticker on the router from our cable provider. If you don’t have any, the default login is username admin with no password. In worst case, I think you can reset the router, and aslo resetting the login info in the same go.

After logging in, go to Application & Gaming -> Qos, and press Disabled on WMM Support. And after Save Settings, you should be ok. Mind, our router decided to freeze after pressing Save, but was ok with the new setting after a restart.

Disabling WMM support on a Linksys E2500

The procedure should be pretty similar on other routers as well.

Still not sure on why it acted up, while working just fine earlier.

Clean install Mac OS X Mavericks

Apple just released it’s new update to OS X, Mavericks. And this time the update comes with the reasonable price of free.

The update pops up in the Mac App Store, and the update will download an installer that you must run to do the update. So if you know you are going to update, you might as well download it now, so that you don’t have to wait for the file (5.3 GB) when you are ready to take the plunge.

And just as with Lion, you can install Mavericks as a clean install. I often prefer a clean install to, well, clean up. And it is always nice to have the installer on an usb-stick just in case.

So how do you create a usb installer for OS X Mavericks? After you have downloaded the installer, use Finder to browse to the Application folder. Find the installer, and right click on it and choose Show Package Contens.

Finding the OS X Mavericks installer
Finding the OS X Mavericks installer

In the content folder, browse to Shared Support in Contens. There you will find InstallESD.dmg. This is the installer you are looking for..

Screen Shot 2013-10-23 at 00.12.36Now you can copy this installer onto either a DVD or an USB stick. When you are ready to do the install, pop the media of choice in your Mac, and boot it while you press alt. Then you can choose which media to boot from. And you are good to go.

If you want to create a install media thing after you have upgraded, you will discover that the installer has been deleted. Then you must go to the App Store, and press alt before you click on the Purchased button. This will give you the option to re-download the installer.

Update:

Turns out you need to take some extra steps to make a bootable USB this time around (thanks to this post from tyweb13 on MacRumors Forum). You need to run a executable file to create the bootable media, and this file is also a part of the installer file bundle.

Insert the USB, open Disk Utility, and erase the content on it. Make sure the format is Mac OS Extended (Journaled)

Screen Shot 2013-10-23 at 20.00.08

Run this line in terminal to create a bootable USB from the installer:

sudo /Applications/Install\ OS\ X\ Mavericks.app/Contents/Resources/createinstallmedia 
--volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ 
Mavericks.app --nointeraction

Note: /Volumes/Untitled is you USB stick. If you have called your stick something else, change this value.

This is what you are doing with the command:

sudo – run as root user, requires you password

/Applications/Install\ OS\ X\ Mavericks.app/Contents/Resources/createinstallmedia – the location of the file you are executing

–volume /Volumes/Untitled – the volume to write to

–applicationpath /Applications/Install\ OS\ X\ Mavericks.app – the application to write

–nointeraction – run without any input to the delete portion of the procedure.

After about 15 – 20 minutes, the stick should be ready.

Screen Shot 2013-10-23 at 20.24.58