I use the Outlook Connector for IBM Lotus Notes/Domino at work because I’ve come to find Outlook much more usable than Notes. Unfortunately, for the past few months I’ve been getting an error when I start outlook: The system cannot find the file specified error. I figured it was due to a botched Japanese language install and ignored it until I got my laptop reloaded on Monday and it started doing the same thing. After a quick Google, I found somebody with a similar problem.

Cause

McAfee VirusScan Enterprise 8.0i has a Lotus Notes email scanning component that needs to run before any Notes-based program is launched. This component does not exist in the BlackBerry installation folder.

Resolution

Copy the NCDaemon.exe file into the BlackBerry installation folder

It figures…McAfee is the culprit. I cannot tell you how much I despise recent versions of McAfee. While I understand the direction they are attacking and the market they are targeting, McAfee is a bane to those who understand the risks of the Internet. Due to the recent uprise of malware, McAfee is attempting to address these issues by identifying any piece of “troubling” software on your system. Unfortunately, for a security professional like myself who maintains a large library of malware, “hacking tools”, and other “unwanted programs” (McAfee terminology), deleting these files is not desirable functionality. Of course, these features can all be disabled…unless you happen to be under the power of McAfee’s ePolicy Orchestrator. Of course, you can be given a special policy to address some of these issues…unless your laptop does not like to apply that policy. It’s so frustrating.

To get back to the point, I managed to solve my outlook problem by copying NCDaemon.exe to my C:\Program Files\Common Files\System\MSMAPI\1033 directory. Why there, and not the Outlook installation directory? For whatever reason, that directory is the “Current Directory” that Outlook runs from.

The International Lizard of Mystery took a trip to NYC recently.

Apparently he had a pretty good time.

ILoM-NYC-Home/manhattan

I stumbled across Asterisk, a software PBX, today.

Looks pretty sweet and gives me another reason to try out software-based phone system which I did about three and seven years. It’s about time again.

I received my first ever piece of SMS spam on my Cingular/AT&T mobile phone today. Suck. I don’t know if Cingular sold my number or not, but at least they do appear to have an opt out option on their website.

The odd thing was that the message appeared to pop up on my screen without any interaction whatsoever. I’m not 100% sure because I dropped the phone before I noticed I had the message and could have opened it, but I’m fairly sure. It is definitely some sort of custom message, though, because instead of “Reply” and “Menu” for the soft buttons, it has “Later” and “Delete”.

/me is not pleased

No Need to Click Here - I’m just claiming my feed at Feedster

After reading a couple posts about impersonation by Shawn Farkas and linked to by dominick baier, I’ve decided to post some information about impersonation as well. The only difference is that my impersonation doesn’t require a password.

You may remember a few months ago when I posted about mucking around with tokens. Well this is the reason I was doing so.

It seems that by using the ImpersonateLoggedOnUser function, you can impersonate the security context of a logged-on user…and all you need is their token!

How do you get a users token? Simple.

1. Identify the PID of a user’s process you want to steal.
2. Use OpenProcessToken to retrieve the target user’s token.
3. Duplicate the user’s token using DuplicateTokenEx.
4. Then just use CreateProcessAsUser with the token obtained from ImpersonateLoggedOnUser and you’re good to go!

See, that wasn’t so tough: AgentSmith.exe

There are a few disclaimers:

1. This app needs to be run as SYSTEM. I usually just use the at command to schedule cmd.exe within the next minute to achieve this. Maybe in the future I will make this install itself as a service, but not for now.
2. Don’t do anything bad. I am not responsible for what this might do to your system.
3. As of right now, it currently just fires up a command prompt as the target user - it has been modified to allow for specific commands, but the CreateProcessAsUser function is kind of flaky with respect to the lpCommandLine parameter.

She said she saw one when we were there other day.

Looks like she was right.

Rodent problem closes Whole Foods store

I got tired of seeing ads in my Bloglines Chicago news feed which pulls from Moreover. So I checked out GreaseMonkey, figured out how it all worked, and whipped up a script to do it for me.

Much better.

moreoverads.user.js

I seem to be having problems with pingomatic on my WP install…time for some ngrep fun!

I’m at the sixth annual CERIAS Information Security Symposium at Purdue. It’s not too bad - I’ll let you know if I see anything neat. I’ve liked the couple virtualization projects given my recent envolvement with Microsoft Virtual Server.