jacob's blog

I just ran into a less-than-documented issue with OLE DB and SQL Server 2008 64 bit Enterprise. The particular error message was:

OLE DB provider 'HP3KProvider' for linked server 'HP3000' returned data that does not match expected data length for column '[HP3KProvider].sid'. The (maximum) expected data length is 28, while the returned data length
is 18.

So what if the data is smaller than what was expected? Well, SQL Server cares and errors out. To get it to stop doing this, a trace flag is needed.

You should always protect your passwords. Most people know that, but do you know that you should have a complex password?

I was reminded of this when a client of mine was hacked. I'm not sure how it happened, but someone accessed his account, changed the password, and began sending emails requesting money.

Your password should have a number, an upper case letter, and be at least 8 characters. You should also include a special character, if the account holder will let you.

Sometimes, it becomes necessary to recover deleted files from an NTFS image. Using linux, a free utility called ntfsundelete can be used.

If the image is still mounted, you will need to unmount it:

$ sudo umount tmpmount

Then, you will want to use the losetup utility to associate a loop with a regular file (our image):

$ sudo losetup -o 15443968 /dev/loop0 /media/2Big/hd.img

The -o is the offset calculated from the last post (the start of the partition listed in fdisk * 512). The ntfsundelete utility can then be used:

$ ntfsundelete -s /dev/loop0

You can either copy the image to a hard drive, or mount it in Linux and examine it. To mount an image of an entire drive, first examine the partitions using fdisk:

$ sudo fdisk -u -l /media/2Big/hd.img

In this example, hd.img is an image file created earlier on a USB drive named 2Big.

You should see something similar to this:

Disk /dev/sdc: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0004034f

Device Boot Start End Blocks Id System

It is very important when investigating a security incident to work with a copy of the hard drive, and not the original. It is equally important to work with an unaltered copy of the drive. All that is needed is a place to store the image, a USB or system drive, and a working Linux setup. This can be an Ubuntu live CD.

First, you must see where your drives are:

$ sudo fdisk -l

Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0008558e

The GroupWise 8 client runs great under Ubuntu, but there is a slight problem with the time zone. Because the GroupWise client is a Java based client, a slight adjustment may need to be made.

Java, for some reason, expects a symbolic link at /etc/localtime. When it doesn't get it, it defaults to, usually, the wrong time zone. This caused issues like the calendar in GroupWise to be off.

To fix this:

sudo cp /etc/localtime /etc/localtime.bak

A big part of my job is using SQL server and having the necessary tools to interface with SQL server is a must. One of the only tools I have found for using SQL server on the Linux platform is SQuirrel SQL Client.

I had to setup and secure the new server I am using for my business over the last week. In doing so, I setup BFD to protect the server from automated attacks. It's important to have some sort of automated system to block "brute force," or automated attacks.

Script kiddies (no..not hackers) like to use tools they didn't write with shiny GUIs to try and guess the user name and password of an account on the system. They do this by running programs that guess different passwords for a user name rapidly.

Installing the GroupWise 8 client on Ubuntu Linux 64 bit works great using these instructions. Did I mention that the GroupWise 8 Linux client has Notify built in..and it works? =)

Using SQL on SQL Server, it is easy to decrement or increment a column.

UPDATE t_test
SET inc = inc + 1,
dec = dec - 1
WHERE blah = blah