Allow root LOGIN to MySQL on Red Hat 7

If you’ve installed MySQL on a Linux server you’ve probably run the “mysql_secure_installation” script to lock it down.  But now you need to access this server remotely using MySQL workbench.  How do I allow remote connections to MySQL?

It isn’t as easy as throwing a switch and allowing MySQL to accept incoming connections from any source.  

Do not attempt these steps on an internet-facing server.  Make sure you have taken all other precautions to protect your machines from unauthorized access.

My first step was to open the firewall on the Red Hat server:

image

image

And don’t forget to “Options –> Runtime to Permanent” to keep these changes

image

But even then I received the error:image

The second step is in MySQL configuration.  Even though RHEL can accept incoming connections on port 3306, and MySQL is configured to allow incoming connections, root still doesn’t have permission to log in remotely

Here are the steps to configuring MySQL running on Red Hat server to allow incoming connection from root on any host.  You will have to run this in terminal as root.

# mysql –u root –p
(enter MySQL root password)

use mysql;

select user, host from user;
this shows a table of users and the host(s) the users are allowed to log in from.

+———–+———–+
| user      | host      |
+———–+———–+
| mysql.sys | localhost |
| root      | localhost |
+———–+———–+
2 rows in set (0.00 sec)

Now we update the “host” entry for root to allow login from any host.  For this we’ll use the SQL wildcard, ‘%’’

mysql> UPDATE user SET host = ‘%’ WHERE user=’root’ AND host=’localhost’;

Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select user, host from user;
+———–+———–+
| user      | host      |
+———–+———–+
| root      | %         |
| mysql.sys | localhost |
+———–+———–+
2 rows in set (0.00 sec)

You should connect now with no issues!


Windows 7/8/10 Can’t Browse Web; Can Ping and TRACERT

I’ve seen this issue twice in as many days – a computer can ping internal and external machines, but cannot browse any websites or use VPN.  Skype may work on the LAN but IE will not connect to any websites (if it starts at all) and Outlook won’t connect to Exchange.

Checkpoint and Gotomeeting fail with error messages at logon.

The usual solutions left me scratching my head:

  • Link light shows connectivity, so it’s not a hardware problem
  • Windows network adapter shows connectivity to network, even recognizes the local domain
  • ARP-D * successful, no errors
  • Uninstall, reinstall adapters in Device Manager (this is helpful when a VPN adapter corrupts TCP/IP)
  • IPCONFIG / FLUSHDNS successful, no errors
  • Windows network adapter diagnose (no problems found)
  • NETSH INT IP RESET c:\resetlog.txt, successful
  • Confirm DNS settings (DNS wasn’t the problem, we can ping external addresses with DNS names)
  • Reset IE, no proxies in use

You can probably see which direction this is going (hint: session layer).  The problem was higher up the OSI.

NETSH WINSOCK RESET

Remember to run in administrative command prompt.  A VPN installation or uninstallation broke Winsock so it needed to be reset.

Connecting to OUTLOOK.COM accounts on Android

I use the default Samsung Mail app that comes with the Galaxy series (I prefer this over every other mobile email app for its usage of space, swipe options , appearance and many other features!)  After using NFC to sync my old phone and the new one, my Outlook email opened in the Gmail app which I definitely do not want to use.  Stranger though, I could not add my Outlook account in order to sync my contacts because the account was already in use.  Removing the account introduced new problems – now I couldn’t add the Outlook.com account at all. 

Microsoft changes its supported email clients (goodbye OE and Live Mail, hello Windows Mail or the browser).  Compounding the issue are the constantly changing addresses from which your account will retrieve mail – remember, these are statically set on a mobile device or a client, not automatically redirected with DNS as when you are using the web interface.

The Fix

Screenshot_20161106-141005Let’s re-add the account.  On the “Add new account” page I enter the address and password, then tap “Sign In”.   Easy enough, right?

 

 

 

 

Screenshot_20161106-140615Nope.  When I click “Sign In”,  I’m stuck at “Checking incoming server settings” message forever.  I left it this way for 30 minutes and it would not progress.

 

 

 

Screenshot_20161106-141005 - CopySo I tried Manual settings.   Everything looks normal, since I set this up on my previous replacement phone a couple of weeks ago.

 

 

 

 

Screenshot_20161106-141022A number of Microsoft help pages tell you to use alternate mail servers – m.hotmail.com, s.outlook.com, among others.  None of the suggested addresses yielded different results.

 

On a hunch, I tried using “m” (which I can only assume is for “mobile”) in front of “outlook.com”. 

 

Screenshot_20161106-141153And I was right- the server that worked for me was m.outlook.com. 

Windows Smart Screen prevented an unrecognized app from starting

That’s weird.  All I’m trying to do is install Microsoft SQL 2014, downloaded from the Microsoft site, on an Internet-connected computer.

image

image

There is no option to “run anyway” as there used to be.  But you can circumvent this thin layer of protection in the file’s properties:

  • Right-click the file and click “Properties”.
  • Check the “Unblock” box at the bottom of the Properties page and then click “OK”.

Now you can run the file with the usual UAC or SmartScreen prompts.

Windows Task Scheduler History Disabled

Your Task Scheduler may tell you that History is disabled when you view a task’s properties. 

This is a program setting that must be turned on for all of Task Scheduler.  To turn on History, open Task Scheduler and in the Actions Pane (the pane on the right), click “Enable All Tasks History”.

You can figure out the rest Smile

Which Security Suite Should You Use?

I’m regularly asked by clients which security suite is best, and which antivirus will “guarantee” against virus or spyware infection.  The first question has no single correct answer; the second has no answer. 

Computer viruses existed well before the ubiquitous World Wide Web we know today; before Google, AOL and even Microsoft.  Before high-speed Internet was commonplace, viruses could travel from PC to PC via floppy disks or CD-ROMs (we called this “sneakernet”).  Some viruses could be avoided by simply not booting your computer on a particular day (Michelangelo virus), while others could be detected and removed with simple tools such as Microsoft’s MSAV (included with MS-DOS until version 6.22).

Today your computer is constantly at some risk of virus, malware or spyware infection, URL redirects, and drive-by downloads.  But your computer isn’t at risk for every virus and every drive-by download. Windows Vista and later versions incorporate User Account Control, which can halt the system and warn you before running an unknown executable.  Acrobat Reader, Flash and Shockwave regularly find themselves at the top of the list of “most vulnerable software” titles along with Java – so if you don’t use them, the DDOS and remote-control exploits won’t apply to you. If you do use them, keep them patched and updated!

These risks, however real, exist at varying levels. Your PC’s risk is best measured by your own activities. In an office setting where machines are regularly updated and monitored and casual web browsing is discouraged or outright forbidden, the risks of any type of infection are very low. Office intranets are typically not a fertile breeding ground for malware. Households with teenage computer users or compulsive file sharers, on the other hand, may experience a higher incidence of hijackers, viruses and other sorts of malware.

Keep in mind, security is a moving target.  Symantec, McAfee, Kaspersky and Microsoft are constantly releasing updates and definitions to keep their subscribers protected.  But the techniques employed by writers of these malicious programs are changing as well.  And even as new variants of Zafi, NetSky and MyDoom are released, the old versions continue to make their rounds, ostensibly hoping for an unpatched, unprotected computer to infect.

Protection levels are not absolutes and they are not universal.  More protection means lowered usability and diminished performance.  Software firewalls and on-access virus scanners are very demanding on your CPU and RAM, but that’s part of the tradeoff.  You should never surrender a reasonable level of security for performance.  If your PC has become unbearably sluggish due to its security suite, it’s time for a part upgrade or a new PC.

Here is what I look for when determining an ideal protection suite for an individual machine:

  • What is this user doing on his / her computer?  What is the environment?  (Corporate office = low risk)
  • Will this machine spend most of its uptime editing locally stored  Word documents and checking email in a browser? (Boring activities = lower risks)
  • How many people will use this machine?  (More users = higher risks)
  • Is this machine running a fairly modern operating system?  (Windows 7 = pretty good, Windows XP = not so great)
  • Is this machine regularly updated and patched (Flash, Java, Adobe Reader, etc.)?
  • Does this computer have a history of virus infections and OS reinstalls? Trends are trends.
  • Does this computer have an unusually large library of uncategorized media named in all lower-case letters?

For a low-risk machine, I feel reasonably safe recommending Microsoft’s Security Essentials or Avast! Essential and Windows’ own Advanced Firewall.  For a machine with multiple users or some history of infection or hijacks, I still can’t comfortably recommend purchasing a retail version of any security software since your dollars will not buy you a guarantee against virus or malware infections.  Corporate installations require a high degree of customizability, centralized management and reporting, so corporate products exist in a different universe from their retail counterparts.

To further lock down your computer, take steps to immunize against compromised DNS servers and drive-by downloads by using SecureDNS or ThreatFire. 

For every machine, keep a local copy of Combofix, Spybot Search & Destroy and Malwarebytes’ Anti-Malware available just in case.

That Damned Whistler Bootkit

mbrcheckWorse than a 404 error or a “Wireless Network Not Found” notification, more horrifying than any Trojan or worm (short of CryptoLocker); more confounding and infuriating than any popup ad, reappearing toolbar or spyware… your computer has a problem.  It’s infected with something, and it’s a bootkit.

“What’s a bootkit?  You mean rootkit, right?”  No, it’s a bootkit, and here’s the difference:  a rootkit is subversive, usually malicious, code designed to evade detection and removal.  Typically, a rootkit will entrench itself in the Windows registry or attach itself to the Windows or Linux kernel. Modern rootkits can steal passwords and files, make your computer a spam-bot or transparently log your keystrokes.  There are legitimate uses for rootkits, but most these are “legitimate” in the same way flamethrowers are “legal” in most states. Rootkits are detected and removed by most consumer-grade antivirus and antispyware programs; free removal tools include Malwarebytes’ Anti-Malware and AVG Anti-Rootkit Free. 

A bootkit is similar in deed but exceedingly more difficult to detect and remove.   A bootkit resides on the master boot record of your hard drive, executing code before any user is logged in and before your antivirus is active.  These processes are invisible to your operating system and antivirus, and can be executed with administrative permissions on any NT-based machine, even in safe mode, even on 64-bit machines.  Scary, huh?

There are a few fairly accurate ways I’ve come across in detecting bootkit activity without a utility (this assumes, of course, that you have already resolved the mouse chatter, screen flicker, pop-ups and browser redirects): 

  • Random music or internet commercials play – and iexplore.exe respawns in Task Manager without a parent window. 
  • Network connections intermittently lock up for a few seconds at a time, booting network users from network drives, applications or printers.
  • Blue- or black-screen startups even though your antivirus, antimalware and Scandisk reveal no errors; Event Viewer logs are a dead end; your errors seem tied to power supply, video or network drivers and you’re sure your hardware is fine.
  • After your antivirus does remove a stubborn infection, your machine fails to boot with messages such as “Missing Operating System” or “Primary Boot Drive Not Detected”.

So how do you remove a bootkit?  There are some third-party utilities to detect and remove bootkits, but I’ve had mixed success with them.  MBRCheck is very effective in detecting an infected MBR, but when you need to write a new MBR the most straightforward method is the command prompt:  You need to write yourself a new MBR.

How to write yourself a new MBR in XP, Vista or 7… coming soon.

Recover NT4 filesystem after NTOSKRNL.EXE error

Our voicemail system died after what may have been a power blip.  Black screen, “ntoskrnl.exe not found”.

clip_image001

This is a Nortel CallPilot NT4 Workstation system on a Nortel Meridian rack.  Essentially, it’s a motherboard and CPU with a parallel IDE hard drive mounted on the chassis.  Knowing this particular error from the past, I thought I could repair it with Windows NT Setup repair option.  I had three very big problems:

1. This is a Windows NT4 system, so the chance of outside help was slim to none. 

2. There is no CD drive and no way to connect one.

3. This system does not have USB either, and USB boot support in a system this old was not a hopeful proposition.  The only peripheral is a SCSI tape drive for the voicemail backups. 

We do have backups of the voicemail system on tape, but no extra parallel drives to clone this one (for a backup of the original system) and of course no time to rebuild it (system setup takes 6-8 hrs according to our fabulous Nortel tech).  I pulled the drive from the blade and connected it to my laptop with an external reader and power supply.  We found a Windows NT4 CD in the archives.  Maybe we can fix this manually?

clip_image002

Here’s what the first partition on the system looked like:

clip_image003

See anything missing?  This should be the Windows partition, but there’s no Windows directory (or Win4, or NT4, or WINNT).  Hopefully there’s a clue somewhere in that OSSetup.log file

clip_image004

… and there is!  This is the OS drive.  The WINNT folder is missing, along with all its subfolders.

Running a chkdsk on the drive resulted in a handful of the dreaded found000x.chk files which, as we all know, may or may not contain anything useful.  With an entire Windows directory missing, I’m betting there is something useful in there.

Out of an abundance of caution I’m setting up a NT4 VM to confirm the folder hierarchy is what I remember it to be.

The setup process offers some hope (the default Windows directory name is “WINNT”).

clip_image005

Enjoy some LOL at the simple CD key (remember, this is years before “Product Activation”)

clip_image006

Here’s what the WINNT folder should look like.  I’m looking for folders named Config, Profiles, system, and system32. 

clip_image007

Back to the drive.  I searched for the ntoskrnl.exe file we know is supposed to be in a \system32 folder. 

NTOSKRNL.exe is there, but hidden in a .chk folder

clip_image008

Right-click and open file location, you can browse .chk folders this way in Windows 7.

clip_image009

… and it looks like “found.000\dir0001.chk\” is actually the System32\ folder.  I made a WINNT folder on the drive and a \system32\ folder inside that.

clip_image010

found.000\dir0000.chk\Profiles is the c:\winnt\Profiles folder, so I moved that as well.

clip_image011

found.000\dir0000.chk is the remainder of the contents of the WINNT folder.  Moved it to the WINNT folder.

clip_image012

Cross my fingers and plug it all back in.  It boots!  We don’t see the ntoskrnl.exe error anymore, but we see that a rather important folder is missing.  Herp a derp, I didn’t recover the Windows registry… the Config folder is empty.

clip_image013

Back to my desk with the drive.  I searched for a file called SECURITY (or DEFAULT, or SAM).  It turns out found.000\dir0002.chk\ is the system32\config folder.  May as well replace that too.

clip_image014

I replaced the drive, plugged it into the Meridian rack and… we have Windows!  CallPilot starts up, voicemail is back.  This system will be backing up to disk from now on.

Thanks to Dylan for finding the NT4 CD and reminding me that IDE drives require power.  Thanks to Danny for finding the Administrator password and for moral support!

Hope you enjoyed the read.

Office 2013 / 2016 Start Screen, Themes and that Weird “Smooth Text” Feature

Office is what we’d call a “productivity” application.  Which leads me to wonder why Microsoft keeps sticking these road bumps in the way of… you know, getting productive.

One of my least favorite features is the first thing you see when you open an Office 2013 or 2016 application – the start screen.  Never mind that Word takes an additional 5-10 seconds to load now (find a copy of Office 2003 if you don’t believe me – there is absolutely no lag time, it starts instantly).  Your first view is the insulting “Start Screen”, a continuous reminder that Microsoft really cares “what do you want to do today?”

image

Let’s get rid of it.  You’ll have to open a blank document, then hit File –> Options

image

And there it is, plain as day.  Uncheck “Show the Start screen when this application starts”.

image

This also works with Excel and other Office applications.

While we’re in here, let’s get rid of that ridiculous theme and do something about that horribly washed out look of this program (whoever thought light gray on white was a good contrast scheme should be taken out and shot).

Those silly decorations are good for nothing.  The minimalist window resize buttons are hard enough to see as it is.

Choose “No Background” and “Dark Gray” for the Office Theme.

image

I sure wish Microsoft had more options for themes.  I’ve never had so many uninstall requests as the month my company rolled out Office 2013 – all because of the washed out color scheme.

Last, let’s talk about that weird animated-typing thing.  It used to be that your cursor would progress to the next space as soon as you typed a character.  Not anymore!  Microsoft is sure you want the cursor to smoothly drag across the page as you type, in direct contrast to the action of typing a single character on a keyboard.

This, unfortunately, is a Windows setting. 

  • Go to your system properties (Windows Key + R, type “sysdm.cpl”
    image
  • Go to the Advanced tab and click “Settings” under Performance
    image
  • Click “Custom” to change individual settings, and uncheck “Animate controls and elements inside windows”
    image

OK your way out of System Properties.

You’ll have to log off and back on for the settings to take effect, but now your cursor will advance one space with each keystroke as it used to.

NACHA “ACH Transaction Canceled” Email… Fraud!

Here’s one from the vault:  I used to regularly receive emails with the ominous subject line “ACH transfer rejected”:


nachaLogo
The ACH transfer (ID: 2010xxxxxxxxxx), recently initiated from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Canceled transfer
Transaction ID: 2010xxxxxxxxxx
Rejection Reason: See details in the report below
Transaction Report: report_20102828938591.pdf.exe (self-extracting archive, Adobe PDF)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
2011 NACHA – The Electronic Payments Association


Nw, my first indications that these emails might not be completely legit were the default font (it showed up in Times New Roman) and an email address showing up in the Sender’s name field (as opposed to the name of a person or department).  Another indication was the double file extension on the transaction report (.pdf.exe). 

I decided to do a little research.  First, my bank account had no activity at all for the previous three days, and in fact no payment had been initiated or rejected.  I was safe.  But wait… what is this “NACHA”, and why haven’t I ever heard of this ELECTRONIC PAYMENTS ASSOCIATION?

NACHA is in fact a real association responsible for maintaining backbone of the ACH network.  You’ve seen this initialism on your bank statement if you’ve ever used your debit card anywhere.  It stands for “Automated Clearing House”, where banks get together and settle their balances with each other.  However, NACHA will not send you an email in the event of a transaction failure because NACHA doesn’t handle individual ACH transactions at all (that’s your bank’s job).  A warning regarding this phishing scam was posted on the NACHA site as early as February of 2010. 

So to be safe, never click a link in an email if you don’t know or don’t trust the sender – especially if the email has anything to do with your identity, money or passwords.  And if you receive an email from NACHA notifying you of a canceled or rejected transaction, just delete it and share this info with your friends!