PrintNightmare Windows CVE-2021-1675

So Microsoft wanted to make it easy for a standard user to install a Printer without Administrator rights. There is a huge bug with the PrintSpooler service that has a huge vulnerability that was a EoP (Elevation of Privilege) affecting Windows 7 to Server 2019.

However this escalated to a RCE (Remote Code Execution). RCE refers to a bug by which cybercriminals can break into your computer in the first place, without needing any password for any account on your computer.

Microsoft released an update to fix it

At the same time this was going on a Zero-day exploit was on the rise. Researchers from the cybersecurity company Sangfor were going to present their paper about Print Spooler Bugs at the 2021 Black Hat conference in August but decided to release it early. Since the Print Spooler was recently patched they thought it would be alright since the vulnerability was fixed.

Well come to find out it was something completely different hiding in the exploit that wasn’t patched. In other words there were two security holes in it. One was patched and the other was not.

The Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit. The researchers apparently took down the offending information once the mistake was figured out but by then it was too late, because the exploit code had already been downloaded and republished elsewhere. Pandora’s box had already been opened, and it was too late to close it up again.

The only way to fix this until a patch release is to disable the Print Spooler. However this will disable printing and can’t print anything. It’s good practice anyway to disable the Print Spooler if you don’t have a printer to free up resources in Windows but if you use a printer all the time you’re kind of screwed until then.

This is one of the many reasons why I left Windows in the dust and use Linux. Granted there are exploits in Linux as well but they are typically targeted on older software packages and an easy update fixes it. If it’s a major one it is typically fixed within hours after it has been known to the world.

Installing pfSense on a PC Engines APU2

Featured

The APU2 came in and now I can install pfSense and share the knowledge.

First things first. The APU2 does not have a Video Out such as VGA or HDMI. It’s a headless System that uses RS-232 to run it until pfSense is installed. The options for this is to use either a DB9 Null Modem Cable if the System you’re going to connect has Serial/RS-232 or use a modern USB to Serial Cable.

For this install the Host Machine is my Desktop running Debian Linux. I am also using a USB to Serial Cable Adapter. It uses the CH341-UART chip. Keep in mind you will need a DB9 Null Modem Adapter, a simple Gender Changer Adapter isn’t going to work. for the connection software wise I am going to use GNU Screen.

We need to download pfSense. Make sure to follow the image below.

After it downloads uncompress the file and use dd (DiskDump) to write to a USB Thumb Drive. The Thumb Drive shows up as /dev/sdc but this varies system to system. If anything insert the Thumb Drive and run sudo dmesg and it should show up last and will say /dev/sd* whatever the * is is the Thumb Drive, could be sdb, sdc, sdd and so on.

For my System I issued this command.

sudo dd if=~/Desktop/pfSense-CE-memstick-serial.img of=/dev/sdc

While it was writing to the Thumb Drive I gathered the rest of the equipment together. Do not power on the APU2 just yet. When the Thumb Drive is ready plug it into the APU2. Launch GNU Screen with this command. Remember I am using a USB 2 Serial Adapter so yours might differ.

screen /dev/ttyUSB0 115200

With Screen running you can now power on the APU2. When you turn it on you should see Text pop up in the window. Select F10 to bring up the Boot Menu and select the Thumb Drive. It will take a couple of minutes to load up but it should go directly into the Installer. From there just follow the prompts and install pfSense like you would on a typical PC.

When finished installing you’ll need to reboot the APU2 and this time hit F10 again and select Manage Payload. This will bring you to a BIOS setup and just tell it to boot from whatever Media you installed pfSense onto. If you skip this part then it will only Boot into MemTest86.

After that it should work and you can then start programming it via the Web UI.

Here is a couple of shots of my APU2.

So far I am impressed. I plan installing it this Weekend and see how it goes.

Featured

S-100 Z80 Progress

I didn’t like the first revision of the Schematic so I redid the whole thing. I came across a Z80 Trainer made by Dr. Baker and used that as the basis of the new Schematic. I also used the circuit for the VT132 Project for a Terminal VGA and USB Keyboard.

These are not final. I need to review these and make sure everything is in the right order. I also need to import the S-100 BUS.

Featured

New CCTV System

I decided to buy the CCTV equipment. I bought a Reolink 5MP Pan Tilt Zoom Camera for the Driveway and a Reolink 5MP with Audio Turret Camera for the Lanai. My Boss let me buy a Hikvision Door Bell at cost and it was on sale from the distributor for $98.00. It’s the only one I can find that has ONVIF currently. I also have a couple of Hikvision IP Cameras I will use for Indoor use.

For now I plan to use MicroSD Cards for recording and push it to Shinobi that is running on the Home Assistant Server. For now I will use a TP-Link 5 Port PoE Switch. I really don’t see adding anymore Cameras since the placements I have chosen should cover everything. Except one area that has the A/C unit.

I am a bit worried since I heard A/C unit thefts are on arise in my area but I got that covered. I traded a A/C Tech 25ft of Coax for 25ft of outdoor rated cable used for A/C systems so I can make a dummy line that connects to the Alarm Panel so when someone cuts it the Alarm goes off, I have it programmed as a Duress so the Central Station sends out the Cops without Verification. Also used longer Tapcons to attach the unit into the Cement Pad. I also stripped out the Nut Driver portion of the Tapcons so the only way to get them out is with a Flat Head or a Cutting Wheel. Besides the Driveway Camera and Lanai Camera would catch anyone going to the side of the House anyway.

Anyway, back on topic here. I will probably run the Cabling to the Master Closet or Garage and then run a Single Line to the Living Room since the TV stand is getting full. Since the pfSense box has one more open port I can dedicate that to the CCTV and give access to Home Assistant.

I already got a friend that wants to buy my old Analog DVR and I will probably give the Ring to my Mother.

Featured

Lost art of Cable Management – Cable Lacing

Used in Telcom, NASA and Avionics a almost lost art of Cable Management called Cable Lacing. Instead of using Zip Ties or Tape a Waxed Coated Cotton String is used for the whole length of a Wire Rack or Wire Harness/Bundle.

In my honest opinion this looks a lot cleaner and better then a hundred Zip Ties and doesn’t leave a sticky residue like Tape does. It’s also pretty darn cheap, just don’t buy the “Electronics Grade” stuff. The 1mm size that is used for Jewelry is cheaper and it is the exact same stuff. You can also use thinner stuff but you’ll have to double wrap the bundle.

I found a little Video on YouTube that covers how to do it. The man in the Video has a terrible accent but you just to need to watch rather then listen.

A few Tips I have with this Method. Have the knots closer then what I have in the example photo. If the Cabling is running flat then you can get away with knots further away but when you go into turns and twists you want the knots closer or it will look like this.

Just like anything new you will be slow and it will look like crap but with practice it will look better and you’ll get much faster.

Featured

Fresh install Debian 10 Linux

When I install Linux I end up spending a lot of time tweaking it the way I like it. No matter the Distribution I end up doing stuff like this. Mostly because Out of the Box is for the novice user. Most end Linux users do the same thing.

I typically start with just the base install to make sure all of my hardware is in working order such as Chipset, CPU Microcode, Networking and USB. Easier to catch the issues when it’s a plain Command Line Interface. Also much easier to redo the install to Unstable if the Kernel is too old to see brand new hardware. Unstable isn’t really Unstable, it’s just newer Software that is still experimental. For a example Ubuntu uses a mixture of Unstable and LTR (Long Term Release).

When partitioning I keep things simple and use a single Partition for everything. Now if I am doing this to a system that has Multiple Hard Drives I’ll move things around such as putting the /home directory onto a different drive. Back in the day I use to toss in a old drive just to be used for SWAP but these days I see no performance gains. A EXT4 Partition is just find and no need to go into the world of ZFS and GPT since ZFS eats RAM and GPT will bite you in the ass in the end.

After I verify everything is working I’ll edit the APT sources file and add the contrib and non-free entries, update the mirrors and upgrade. Install Xorg and whatever Window Manager I want. Currently I am giving KDE Plasma a spin and it has a few nice features but I like using the Awesome WM.

Before anything else I once again verify my Video and Audio is working correctly. I’ll run the glxgears program or just look at the OpenGL Information. To test Audio I’ll just load something up in YouTube, a few times in the past the Audio would work fine within the Window Manager but YouTube, Steam and VLC would be deaf. So if YouTube works then there shouldn’t be issues with anything else.

Now I can start adding my custom tweaks and such.

I add my user to the sudoers file and make sure the hostname for the system is final. Also install ntp if Xorg’s install didn’t include it.

su
apt install binutiles sudo ntp ufw fish vlc
nano /etc/sudoers

under root’s entry add
[username] ALL=(ALL:ALL) ALL
Save and exit.

exit

I start by changing the Command Line Shell. Debian uses a modified version of BASH called DASH. Works alright but after you start playing with other types of Shells you end up staying away from it. I use to use Zsh but I converted to FISH. After installing fish I then issue chsh -s /usr/bin/fish then launch it. From there I go into ~/.config/fish and edit the config.fish file and add my alias entries.

alias ls="ls -lahp" alias dir="ls -lahp" alias shutdown="sudo shutdown now" alias reboot="sudo reboot" alias update="sudo apt update" alias upgrade="sudo apt upgrade" alias purge="sudo apt autoremove" alias edit="nano" alias G="grep" alias S="sudo"

After tweaking commands to my liking I’ll add more software I attend to use such as Htop, Bleachbit, Guake, and KDE Connect.

Over time I end up installing neofetch, screen, Arduino IDE, Sublime Text and GCC, Firefox and vBox.

Once in a blue moon I’ll screw up and spend a good few hours fixing it or just end up reinstalling everything.

Featured

Limit Unwanted Network Connections

I’m slowly putting together a Network Administration suite for the Raspberry Pi. Came across a little jewel called Evil Limiter. It’s a Python 3 Script that can do a ARP scan of a Network and give you a IP Address on the Network that you know shouldn’t be there or you have a User sucking up too much Bandwidth. So instead of Deauthing the user you can Throttle or even Block the User. For a example you can Limit a User to 100Kbit/sec or even totally block them.

This could be handy for enforcing say the Kids Internet usage during the Spring/Summer Break or even at work when Steve should be working on a report but is too busy watching Netflix or YouTube.

Now this tool is considered a DoS (Denial of Service) Attack so be careful how you use it and deploy it.

Featured

Building a Z80 Computer

Every hardcore Electronics Engineer and Computer Nerd has a bucket list and there is a Homebrew Retro Computer on that list. I could cheat and buy a RC2014 kit but building it from total scratch is even better.

Now you just don’t order/buy/find the parts and slap it all together. You have to study up on the subject. There is a PDF floating around called “Build your own Z80 Computer” by Steve Ciarcia. Then you have Grant Searle’s Website that is loaded with tons of Schematics and ideas for a minimal chip count Z80 running BASIC and CP/M.

To start off the build I am going to build a curd version of the Zeta256 and branch off of that by adding memory, UART, ROM and so forth.

Need to install Cameras on the house

So we had a slight scare. The amenity center right down the street almost got broken into. Wife and Daughter saw someone trying to break in and called the law.

So after that I need to get at least one camera rollin for the driveway.

The NVR is going in the Garage on the rack. As for the camera of choice since there are no street lights I am gonna use a Hikvision ColorVu IP camera. It’s not so much of having color night vision but it’s too dark for proper IR. With IR it would be tunnel vision and believe it or not the ColorVu series works great even if the light is off at night.

The camera I will be using for the Driveway is a low end model that comes from a Value Series Kit. Works well if paired with a K series or M series Hikvision NVR but I don’t have either one. I have a Dahua NVR. So as usual I’ll just have the Camera on the network and forward the video to the NVR. This way I can have full control of the Camera and change it’s settings.

3D Printer station Part 2

Finished for the most part. I shortened the tool board and attached it to the rack and on the backside I added the power supplies. For the power supplies I wired them up together to a single power cable. If I ever need to run one printer I’ll just use the quick disconnect.

Old build plates to protect the PEI build plates.

All whats left is to get power to it. I decided for when I do that outlet I will have a light switch inline to turn the outlet ON/OFF.

3D Printer station in the Mini Shop

I was thinking to buy some Lack tables from Ikea to stack up for the 3D Printers but after looking how cheaply they’re built I decided to use my 20U half rack.

With a shelf on the bottom and a shelf on the top it works perfectly to hold two printers. The rack is only 20×20 inches and since it’s a frame rack I can add other things to it down the road.

Already I am planning to add the tool board on the middle area to help stabilize the rack and will also give me a spot to mount the power supplies.

I might grab the drawer from the full rack and raise the bottom shelf some for it but I might run into issues for the filament spool.

On the other side of the wall is the Dining room and there is an outlet I can tap into to bring an outlet into the closet on that wall. With it being in this closet I still have plenty of room with my cloths and built in desk I made.

Speaking of the rest of the Mini Shop here is the built in desk.

It’s not much but I’ve only been in here a week. The desk was simple. I located the studs and cut a 2×4 to run along the back wall then added the sides. Had to use toggle bolts for the sides. Added another 2×4 to run across the middle as a stabilizer and added a 1/2inch MDF top. I had a piece of baseboard leftover from building the bedroom wall from the old house and used some finish nails. Since this was a work station I didn’t bother to paint it since the paint would just get scratched up so a huge mouse pad works fine for the time being. Later on I might invest in a anti-static mat or dye the wood.

New Phone

Before the move I was at Home Depot and dropped my phone. The screen took the hit and broken the diffuser on the top and cracked the physical LCD screen on the bottom.

This is my first time breaking a phone this way. All of my other phones died a slow death from the USB getting wet from sweat or sweat getting into the screen.

The phone I decided to get is the Ulefone Power Armor 19T. Reason being was it’s IP69K and IP68 resistance. Second was battery life. The thermal camera and microscope is a nice feature.

Sadly my current cell carrier doesn’t support the phone so I also decided to switch to Mint Mobile for the time being. If Mint Mobile doesn’t work out I’ll just sign up to Verizon or T-Mobile.

Time for a mini review. I’ve had the phone for three days and I haven’t needed to charge it since I got it. It’s currently sitting at 40% of battery. The phone uses Android 12 and it’s very fast. There is also a customizable PTT button that I have set for the thermal camera. The only downside with this phone is the weight and it’s much thicker. It’s like having two samsung S9 phones stacked.

Out of the box the phone has a built on armor case and screen protector. It even comes with an extra screen protector. Comes with a 66watt USB-C charge block and 3ft double-ended USB-C cable. Has a few small manuals such as the User Manual and one for the Thermal Camera. You can have either two SIM cards or a single SIM card and a Micro-SD card. Since this phone has so much storage I’ll probably just have the SIM card in it.

The 108MP camera is pretty beefy. It compares to a iPhone and Pixel. Best part is it’s half the price of most name brand phones.

I’m looking forward for this to be my daily driver phone. Just hope my old phone holds out so I can port the number over.

Made the move

We have moved into the new house.

The move was not easy. We had two uhaul trucks. We rented a 26ft and a 20ft and still had issues for space. I had to trash my garage desk, 3d printer workstation, son’s dining table I was using as a soldering station, air compressor and a bunch of other stuff.

However I brought all of the loose wood and kept the lumber from my old work bench and built a floating desk in the mini shop. I just need to get power in there.

It seems I will be using the mini shop more often and leaving the garage for large projects like wood working, welding and fabrication.

I would provide some pictures but my phone is pretty much dead. Broke the screen before the move and has gotten worse since the move. I have a new one coming in and will probably do a review on it. Also I might have to switch phone providers, didn’t see the notice saying it’s not compatible with Cricket and AT&T. Might switch to Verizon since it seems I get better service with it at the new house.

Found a fix for the Wave2 Sounder

The sounder output on a Vista series alarm panels is a open collector. If the siren/sounder is humming the 820ohm supervisory bell or a 2k ohm end of line resistor going from the sounder lug three to lug four will do a pull-down on that circuit and will fix the humming issue.

You do not have to enable the bell supervisor in the panel programming.

Moving Day

Starting this afternoon I will be packing and moving. It will be a week or two before I get my shop and garage in order.

My job gave me a half day today but I have to travel to Palm Coast for work today. That’s almost a two hour drive to get to the current house. After the move it will be a 45 minute to an hour drive.

Currently the house is just about all boxed up. Tonight we close on the current home, stay in a motel for a night then we have the final walk-thru and close on the new home. Gonna be a long three day weekend lol.

Honeywell/Resideo Wave2 Siren/Sounder Issues

So For the past three installs I have done I have ran into an issue with the Wave2 sounder from Honeywell/Resideo. I have noticed they redid the whole circuit board to it, use to have through-hole components and now it’s all SMD.

The issue is when it’s connected to a Vista 20 it hums. Sounds what a shorted doorbell chime sounds like. I’m not talking about when the sounder is going off but when it’s at idle. I’ve tried it on Steady and Warble with the same results. I also tried with supervision ON and OFF.

I know it’s the Wave2 sounder because luck would have it I had an older one on my van and when hooked up it worked.

I recommend to use the DSC SD-15W sounder/siren as an alternative.

Reolink Argus Solar Bullet Camera Review

A friend bought two Reolink Argus solar cameras and had me install them.

Didn’t get far with the install. Reason being it kept failing to connect to the WiFi network. The whole setup is the dumbest way I have seen for setting up a WiFi camera.

A typical WiFi camera will have a temporary WiFi adhoc connection that a phone or tablet would interact with for the setup. For a example with the Hikvision HD-1 video doorbell the Hik-Connect app you scan the device QR code and then it will scan for the SSID of the doorbell, connect to it and pass along the WiFi info you want it to use and when the setup process is done the open WiFi connection is turned off.

Well Reolink decided to go way off course with this. With the Reolink app you scan the QR code and then tell it some info. Then it generates a QR code you have to show to the camera. Meanwhile the camera is constantly going on and on with “Welcome to Reolink” in different languages. The Reolink app also darkens the screen and depending on the phone makes it too dark. After messing with it for five minutes it finally sees it and when you think it’s got it you get an audible “Connection to router failed”. I literately tried this for an hour and just gave up. I tried it with two phones and a tablet. I also changed some settings to the WiFi by separating the 2.4GHz and 5GHz radios. also tried different lighting and tried to take a screen shot with the QR code to avoid the darken screen but no dice.

I typically don’t rate stuff but if I was to give it a rating between one and ten I would give this a one.

New GPU but system suffers

My brother dished out a ton of money for a new GPU. I forgot what he bought but I did fix an issue he was having. I do know it was a GeForce RTX 40 series Super GPU. Made a deal if I was to fix it I would get his old GPU a GeForce RTX 2070 Super and he said it’s a deal.

He is a Windows 10 user so this was a little odd for me. Some tricks I still know from the Windows 2000/XP days.

The issue he was having was the system would shutter. Get 200FPS then drops to zero then back up. Sound would be all gabbled as well.

I ran msconfig and had it use all 16 threads of the CPU. Uninstalled GeForce Experience and made sure the driver was up to date. The last thing I noticed was the motherboard firmware was from 2019 so I found a updated firmware and updated it. When the system booted up the video was all screwed up but after windows settled the video restored and half of the hardware on the system got back to normal. My guess Windows reinstalled drivers for that stuff. I then ran a benchmark called Superposition and ran just fine with no shuttering. He wasn’t too sure and I said you can’t ignore the deal. He then load up some Final Fantasy benchmark and he said it has to hit 16,000 of the score. Well it didn’t hit 16,000 but hit 15,437 but still passed as extremely high. I told him you have to factor in SSD speed and RAM speed as well. If you get rid of the SATA SSD and toss in a M.2 and some faster RAM you would probably hit that 16,000. Since he is in IT as well he knew I wasn’t bullshitting him so I got the old GPU.

So now I can put some RTX love in my new build.

Anyway, if you toss in a new GPU and end up with the system acting up like it’s shuttering and working too hard and have tried the latest drivers I would say update the firmware to the motherboard. If that doesn’t work then I would say reformat and start over.