Here is one from the history books. How to factory reset a Nortel 5510/5520 switch when you don't have IP or serial access to the device.  This situation does occur (forgotten password on device manager, web access or console access for example).

The process is as follows:

  1. Press and hold the UI button for 3 seconds, the unit will be in configuration mode and the status light will change to a blinking green status.
  2. Press the UI button 5 times, the base led and up and down leds will now be blinking amber and in unison
  3. Press the UI button and hold for 3 seconds to confirm the command.
  4. The in use IP address will now be 192.168.1.168 and you can access it via  device manager, a browser or via the serial port. Best to check this IP with wireshark as I am running from memory, but you can always use a console cable to set via the serial port at this point.

Since we are on topic here are some other options for a factory reset on the 5500 range (and other Nortel switches)

Via the console port follow these steps:

  1. Connect to the console port of the switch (9600,8,N,1) with putty
  2. Reboot the switch.
  3. When the first line of the diagnostics tests is displayed, press CTRL-C. The system then displays a menu.
  4. Select option “i” to factory default the switch.
  5. Select option “a” to run the agent code.

Upon boot up, the switch will be in a factory default configuration.

Via TFTP try this:

Presumptions....

  • You still have SNMP-access
  • The software agent allows downloading the ASCII config of the switch to TFTP
  1. With device manager instruct the switch to put the ASCII config on your TFTP
  2. Edit the line for the telnet/console password en set it to ‘none’
  3. Save the config file
  4. Upload it to the switch
  5. Result will be that you can login without password and be able to set a new password.

Attached is a link to the Nortel 5500 configuration reference guide..

5500 Series Config Guide

 

 

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

So the marketing says that you can run an RSA 8.x Appliance on VMWare and that the various facilities providing are supported.  This is indeed true however there are a few things to watch for specifically when creating a clone of an appliance.

RSA Customer Support does advise against creating a clone as it can impact the authentication manager instance with regards to the fingerprint and can cause one of the services to fail due to the result of the MAC address changing.

However if cloning the appliance is required then here are two things to check on:

Set the MAC Address

An RSA knowledge article (ref#00030773) https://knowledge.rsasecurity.com mentions that should a clone be performed (and before starting the clone image), the administrator would need to modify the .VMX file and set the MAC address to static, forcing the same MAC address to be used as the original virtual image. VMware have a knowledge article covering this topic at URL http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507. Having made the change the clone can be started and eth0 is maintained as before.

  1. Stop the primary instance, make the change to the .VMX file and change the MAC address to be as the original virtual image.
  2. The correct MAC address to use will be either in your documentation (I hope), or if the appliance has changed to using eth1 it ought to be using the same MAC address on eth1 as it did on eth0.
  3. Check replication status with replicas.

Note this process can be done retrospectively it the appliance is not running on eth0 due to the cloning process.

Reset the Fingerprint

  1. Login via SSH as rsaadmin
  2. Run /opt/rsa/am/utils> ./rsautil manage-secrets -a recover
  3. Enter your credentials as prompted'
  4. You should get back "Machine fingerprint restored successfully."

 

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

So you have diligently applied a new certificate to your RSA AM deployment.  If you don't watch the expiry here is what happens when it expires.

The first thing you will notice is that you loose access to the Operations Console.  This can be confirmed by checking /opt/rsa/am/server/log/AdminWrapperServer.log

 

You will get some thing like this:

INFO | jvm 3 | main | 2016/04/22 01:11:19 | Signature:
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0000: 6f 84 1e 6d 68 b7 dc ac b5 a9 8f d5 01 ec 5c 20 [o..mh.........\ ]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0010: 81 4e 50 7d 47 71 cc f4 ee e5 03 b0 81 d4 3e 70 [.NP}Gq........>p]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0020: 96 e6 90 da bd d2 6f 29 39 c3 1b c7 b2 06 03 68 [......o)9......h]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0030: f4 b7 94 e0 96 2c 40 1d 4d a6 54 45 e9 af d1 02 [.....,@.M.TE....]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0040: d8 76 b6 96 1e 44 3b 81 20 49 5a a0 1a cd d2 69 [.v...D;. IZ....i]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0050: 3a 86 48 8b 51 03 a8 8f 5f 71 21 51 60 72 b2 2a [:.H.Q..._q!Q`r.*]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0060: 13 6f 59 01 27 3f bd 5b ce a8 c9 fb bb da 1d cc [.oY.'?.[........]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0070: 74 29 26 3e 9d 02 45 b8 40 6b e4 2e 49 df 68 82 [t)&>..E.@k..I.h.]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0080: dd d5 4f f6 7f 6f 5c bd bf 29 75 2e f0 a8 dd 56 [..O..o\..)u....V]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 0090: 50 b8 9b 34 40 ed 61 12 43 50 f5 03 14 4c c3 c6 [P..4@.a.CP...L..]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00a0: 61 b5 05 ca d6 72 3a c9 1e 93 f9 7a 52 db ef 48 [a....r:....zR..H]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00b0: 27 9a e8 e6 3c a8 aa 9b 5b 4c 43 af e8 08 b4 3c ['...<...[LC....<]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00c0: b3 41 25 c4 97 99 35 5f c2 47 36 45 15 13 e8 8e [.A%...5_.G6E....]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00d0: e7 17 9d 2a d3 0b 1b 03 fe 91 ab 31 51 bb a8 5d [...*.......1Q..]]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00e0: 79 f6 5c 7d 2e 47 0e b8 a2 9a 55 84 7b 47 8c 49 [y.\}.G....U.{G.I]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | 00f0: 7d d6 e2 28 0b 25 3a e4 df 41 47 cf 7d f6 fb ac [}..(.%:..AG.}...]
INFO | jvm 3 | main | 2016/04/22 01:11:19 |
INFO | jvm 3 | main | 2016/04/22 01:11:19 | ]
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.fail(SSLContextManager.java:703)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.checkIdentity(SSLContextManager.java:523)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java :408)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:3 56)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.getSSLEngineFactory(SSLContextManager.java:32 5)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.server.channels.DynamicJSSEListenThread.<init>(DynamicJSSEListenThread.java:50 )
INFO | jvm 3 | main | 2016/04/22 01:11:19 | ... 6 more
INFO | jvm 3 | main | 2016/04/22 01:11:19 | Caused by: java.security.cert.CertificateExpiredException: Checked date: Fri Apr 22 01:11:19 N ZST 2016 is after Certificate notAfter date: Thu Mar 10 19:09:50 NZDT 2016
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at com.rsa.cryptoj.c.pk.a(Unknown Source)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at com.rsa.cryptoj.c.pj.checkValidity(Unknown Source)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | at weblogic.security.utils.SSLContextManager.checkIdentity(SSLContextManager.java:508)
INFO | jvm 3 | main | 2016/04/22 01:11:19 | ... 10 more
INFO | jvm 3 | main | 2016/04/22 01:11:19 |
INFO | jvm 3 | main | 2016/04/22 01:11:19 | >
INFO | jvm 3 | main | 2016/04/22 01:11:19 | <Apr 22, 2016 1:11:19 AM NZST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
INFO | jvm 3 | main | 2016/04/22 01:11:19 | <Apr 22, 2016 1:11:19 AM NZST> <Error> <WebLogicServer> <BEA-000383> <A critical service faile d. The server will shut itself down.>
INFO | jvm 3 | main | 2016/04/22 01:11:19 | <Apr 22, 2016 1:11:19 AM NZST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
STATUS | wrapper | main | 2016/04/22 01:11:21 | <-- Wrapper Stopped

The key part is that the server state is down.

Of course you need access to the Operations Console to re mediate the problem with the certificate.

So using good old putty, ssh into your RSA AM Primary and do the following

Login as the rsaadmin user with the current operating system password.
Navigate to /opt/rsa/am/utils.
Run the following command to change the console certificate from the third-party certificate to the original certificate:
./rsautil reset-server-cert -u <Operations Console administrative user> -p <Operations Console administrative password>
After reverting the default certificate, navigate to /opt/rsa/am/server and start the Authentication Manager services:
./rsaserv start all

After this the expired certificate will be "inactive" and you can go about generating a new CSR and applying a new certificate.

 

 

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

Well this was a fun task.  Rolling a Checkpoint F/W R77.30 out connected to a PPPOE circuit.

After configuring the PPPOE interface and binding it to a physical interface I plugged in and the circuit came up. I applied a basic best practice rule base and was able to ping IP addresses like 8.8.8.8 as expected and therefore thought we were good to go.  Boy was I wrong.  Turns out DNS lookups were not working at all, no drops shown in the log and the DNS servers were set right.

I did some research and it turns out PPPOE can't be accelerated and it SecureXL, fair enough disable SecureXL and reboot, all should be well. Wrong again - some more digging and I noticed that

fw ctl debug -m fw + drop

Shows drops.... great so now we have an MTU problem, so I checked the MTU of the PPPOE circuit (1492) and confirmed this by running from a workstation:

ping -f - l 1464 www.google.com

Add 28 bytes for the packet overhead to 1464 = 1492.

Right so I set the MTU on the F/W interfaces and on select desktops using the commands

Find the correct interface and check mtu:

netsh interface ipv4 show subinterface

Set the new mtu:

netsh interface ipv4 set subinterface "Ethernet" mtu=1492 state=pesistent

Hey presto things started to work although I did have a syn-ack issue during this process as well causing me to turn off "drop out of state TCP/ICMP packets" in global properties-->stateful inspection.  I believe however this was a timing issue and may now be ok post MTU remediation.  I wll revisit this

This is all very well but how did the el-cheapo device the Checkpoint replaced ever work with the MTu set to 1500 on workstations?  Turns out it had a great rule base allowing any-->any-->all-->accept. Now as noted I had set up a basic rule base using best practices including a final drop rule and stealth the firewall rule.

I then discovered after reading a lot of articles (and this is summerised significantly below), that when a device attempts to transmit over an encapsulated circuit like PPPOE, PPP & PPTP with a larger MTU, the upstream device will reject it but also will respond with an ICMP packet to attempt to renegotiate a smaller MTU (MSS).  My rule base blocked such traffic.  So adding a simple allow ICMP rule in fixes it - of course if I have in global properties allow ICMP before then this would work too.

 

This post is in draft - I wanted to knock out the basics while it was fresh in my head.  I will work on it to flesh it out in time.

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

If you wish to check  the NTP status on RSA AM 8.1 you can run a useful Linux utility as follows:

Log into the appliance using SSH

ntpq -p

However, this utility runs based on the configuration found in /etc/ntp.conf.

Now due to IPV6 support being partially on in RSA AM 8.1, and for other reasons in order to make it work properly add the following lines to the ntp.conf

restrict -6 ::1

restrict ::1

Then you simply restart ntp as follows:

service ntp restart

...and your query to the configured ntp server will return information regarding the server and offsets. The output will look something like this:

remote           refid                 st t   when poll reach   delay   offset      jitter
===================================================================
w.x.y.z             .LOCL.              1 u   57       64  377        0.313  245903.   7.716
a.b.c.d             192.168.10.25 2 u   56       64  377        0.536  245894.   6.630

Note

If you have set RSA AM to sync time with the VMWare host then this utility will not properly query the VMWare host unless you add its IP address of the VMHost into the /etc/ntp.conf as a time server.

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

Welcome back to a new year.  Encountered a painful little problem worthy of a tech note during a firewall install this month.

The Checkpoint Firewall was version R77.20 (then upgraded to R77.30 of course) and during the install of smartconsole I got:

smartconsole register dlls

Naturally on launching smartdashboard it didn't work and I  got:

smartconsole msvcr100

So after a lot of research on the Internet and messing around comparing machines and installed packages, it turns out you need to load the C++ redistributable packages (x86) for smartconsole to work prior to install.

However there is a gotcha (of course), it is version specific as follows:

  • Smartconsole R77.20 requires C++ redistributable 2010 (x86)
  • Smartconsole R77.30 requires C++ redistributable 2013 (x86)

So install the appropriate packages from Microsoft then install the version of smartconsole you require. Hope this helps...

Downoad Links:

C++ Redistributable 2010 x86

C++ Redistributable 2013 x86

 

 

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

This post covers a few random aspects of security issues in RSA Authentication Manager V8.1

WebTier SSLv3

Out of the box the WebTier supports RC4 non block ciphers which are associated with SSL3. SSL3 is obviously subject to numerous vulnerabilities such as POODLE.  To disable ensure the WebTier is functioning and communicating with the RSA AM then on the WebTier host navigate to;

C:\Program Files\RSA Security\RSA Authentication Manager Webtier\server\config

or

/opt/RSA Security/RSA Authentication Manager Webtier/server/config

Backup the config file found there.  Edit the file and remove the line:

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>

RC4-RSA

Restart the RSA services to complete on the WebTier server.

Test your cert and support using a tool like https://www.ssllabs.com/ssltest/

Following this change the WebTier should only support TLS1.2

Jan 2016: So further to this issue a tech note has been published on RSA SCOL addressing the issue which I include below:

AM 8.1 SP1 P2 How to Disable SSLv3 on Web Tier (Windows 2008R2

ShellShock CVE-2014-6271

To ensure you are protected against ShellShock on RSA Authentication Manager apply patch 5 for RSA V8.1.

To test if you are vulnerable write a little script like the following

test4shellshock.sh

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Issue the following commands to enable the script to run

chmod 777 test4shellshock.sh

then run it

./test4shellshock.sh

It will respond appropriately.. As a general good practice SSH access should not be enabled on RSA Appliances until access to the operating system is required.  This  behaviour can be controlled in the Operations Console.

For more information see the RSA article 000014565 on Secure Care Online

GHOST CVE-2015-0235 

On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at Qualys discovered a heap-based buffer overflow (also known as "GHOST" vulnerability) in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could potentially use this flaw to execute arbitrary code with the permissions of the user running the application.

ghost1

The RSA Appliance adds another layer of handling of these functions in Java classes internally by not allowing host names over 256 bytes.  Hence this particular vulnerability is not exploitable.

As a general process for this issue you can use

ldd --version

to check your version of glibc This should allow you to identify that your version is higher than 2.17 (not vulnerable) or between 2 and 2.17 (vulnerable).

See RSA articles 000029506 & 000029576 on Secure Care Online

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

See below for a list of the Linux packages installed by RSA on the SUSE platform.  Handy for script writing and I am sure for other purposes.

So if you want to compare whether you have applied the latest third party patch for RSA (tp-update-1.0) issue the following commands:

rpm -qa >> packagelist.txt

cat packagelist.txt

You can then compare it to the list below to see what version you are running and whether you need to patch your appliance. Note to apply tp-update-1.0 you need to be at 8.1 SP1 P8 on your RSA appliances.

aaa_base-11-6.94.1
acpid-1.0.6-91.25.20
adg-security-9-8
audit-1.8-0.30.1
audit-libs-1.8-0.30.1
bash-3.2-147.22.1
bc-1.06-838.15
bind-libs-9.9.4P2-0.6.1
bind-utils-9.9.4P2-0.6.1
branding-SLES-11-3.20.30
bridge-utils-1.4-23.18.1
bzip2-1.0.5-34.253.1
cifs-utils-5.1-0.11.1
clamav-0.98.3-0.11.1
ConsoleKit-0.2.10-64.65.1
coreutils-8.12-6.25.29.1
cpio-2.9-75.76.1
cpio-lang-2.9-75.76.1
cracklib-2.8.12-56.9.9
cracklib-dict-full-2.8.12-43.16
cron-4.1-194.207.1
cyrus-sasl-2.1.22-182.20.1
dbus-1-1.2.10-3.31.1
dbus-1-glib-0.76-34.22.1
device-mapper-1.02.77-0.11.33
dhcpcd-3.2.3-44.30.1
diffutils-2.8.7-143.23.1
dirmngr-1.0.2-1.19
dmidecode-2.12-4.3
dosfstools-2.11-121.30.1
e2fsprogs-1.41.9-2.9.1
eject-2.1.0-115.19.2.1
elfutils-0.152-4.7.86
ethtool-6.2.6.39-0.20.1
expat-2.0.1-88.34.1
file-4.24-43.25.1
filesystem-11.1-3.5.3
fillup-1.42-242.21
findutils-4.4.0-38.26.1
gawk-3.1.8-2.6.1
gdbm-1.8.3-371.83
gettext-runtime-0.17-61.40
gfxboot-4.1.32-0.7.11
gfxboot-branding-SLES-4.1.32-0.7.11
glib2-2.22.5-0.8.12.1
glib2-branding-SLES-2.16-47.3
glib2-lang-2.22.5-0.8.12.1
glibc-2.11.3-17.72.14
glibc-32bit-2.11.3-17.72.14
glibc-locale-2.11.3-17.72.14
gpg2-2.0.9-25.33.39.1
gpg2-lang-2.0.9-25.33.39.1
gpg-pubkey-307e3d54-4be01a65
gpg-pubkey-39db7c82-510a966b
gpg-pubkey-3d25d3d9-36e12d04
gpg-pubkey-3dbdc284-4be1884d
gpg-pubkey-50a3dd1c-50f35137
gpg-pubkey-9c800aca-4be01999
gpg-pubkey-b37b98a9-4be01a1a
gpm-1.20.1-452.83
grep-2.7-5.7.1
grub-0.97-162.172.1
gzip-1.3.12-69.23.1
hal-0.5.12-23.74.1
haveged-1.3-0.6.1
hdparm-9.27-1.6.39
hyper-v-5-0.11.1
ifplugd-0.28-210.20
info-4.12-1.86
initviocons-0.5-55.21
insserv-1.12.0-25.11.47
iproute2-2.6.29.1-6.35.1
iptables-1.4.6-2.11.4
iputils-ss021109-292.28.1
irqbalance-1.0.4-0.11.1
kbd-1.14.1-16.31.1
kernel-default-3.0.101-0.7.23.1
kernel-default-base-3.0.101-0.7.23.1
kernel-firmware-20110923-0.52.3
keyutils-1.2-107.29.15
keyutils-libs-1.2-107.29.15
klogd-1.4.1-708.44.32
krb5-1.6.3-133.49.62.1
libacl-2.2.47-30.34.29
libaio-0.3.109-0.1.46
libasm1-0.152-4.7.86
libattr-2.4.43-1.18
libaugeas0-0.9.0-3.15.1
libblkid1-2.19.1-6.54.1
libbz2-1-1.0.5-34.253.1
libcap2-2.11-2.17.1
libcom_err2-1.41.9-2.9.1
libcurl4-7.19.7-1.38.1
libdb-4_5-4.5.20-95.39
libdw1-0.152-4.7.86
libelf1-0.152-4.7.86
libevent-1_4-2-1.4.5-24.24.1
libexpat1-2.0.1-88.34.1
libext2fs2-1.41.9-2.9.1
libgcc_s1-32bit-4.7.2_20130108-0.17.2
libgcc_s1-4.7.2_20130108-0.17.2
libgcrypt11-1.5.0-0.17.1
libglib-2_0-0-2.22.5-0.8.12.1
libgobject-2_0-0-2.22.5-0.8.12.1
libgpg-error0-1.10-0.7.29
libgssglue1-0.1-20.2.1
libgthread-2_0-0-2.22.5-0.8.12.1
libidn-1.10-3.18
libksba-1.0.4-1.16
libldap-2_4-2-2.4.26-0.28.5
libldb1-3.6.3-0.54.2
libltdl7-2.2.6-2.131.1
liblzma5-5.0.4-13.2
libncurses5-32bit-5.6-90.55
libncurses5-5.6-90.55
libnet-1.1.2.1-140.24.1
libnscd-2.0.2-73.18
libnuma1-2.0.7-0.9.1
libopenssl0_9_8-0.9.8j-0.66.1
libpcap0-0.9.8-50.10.1
libpython2_6-1_0-2.6.9-0.31.1
libreadline5-5.2-147.22.1
libreiserfs-0.3.0.5-143.3
libselinux1-2.0.91-4.2.1
libsensors3-2.10.6-10.15
libsepol1-2.0.41-2.2.9
libsmbios2-2.0.2-11.8.4
libsnmp15-5.4.2.1-8.12.22.1
libsqlite3-0-3.7.6.3-1.4.4.1
libstdc++43-32bit-4.6.9-0.11.38
libstdc++46-32bit-4.6.9-0.11.38
libstdc++6-32bit-4.7.2_20130108-0.17.2
libstdc++6-4.7.2_20130108-0.17.2
libtalloc2-3.6.3-0.54.2
libtdb1-3.6.3-0.54.2
libtevent0-3.6.3-0.54.2
libtirpc1-0.2.1-1.5.1
libudev0-147-0.94.1
libusb-0_1-4-0.1.12-139.1.1
libuuid1-2.19.1-6.54.1
libwbclient0-3.6.3-0.54.2
libxcrypt-3.0.3-0.6.1
libxml2-2.7.6-0.25.1
libxslt-1.1.24-19.23.1
libzio-0.9-5.77
libzypp-9.37.8-0.7.10
login-3.41-0.4.2
logrotate-3.7.7-10.28.1
lvm2-2.02.98-0.29.1
master-boot-code-1.14-70.11
mdadm-3.2.6-0.23.1
metamail-2.7.19-1244.20
mingetty-1.0.7s-92.22
mkinitrd-2.4.2-0.92.2
module-init-tools-3.11.1-1.28.5
mtools-3.9.11-165.31
ncurses-utils-5.6-90.55
netcfg-11.2-0.5.2
net-snmp-5.4.2.1-8.12.22.1
net-tools-1.60-725.32.2.1
nfs-client-1.2.3-18.33.1
nfsidmap-0.25-0.11.29
ntp-4.2.4p8-1.24.1
openldap2-client-2.4.26-0.28.5
openslp-1.2.0-172.22.1
openssh-6.2p2-0.13.1
openssl-0.9.8j-0.66.1
pam-1.1.5-0.12.1
pam-config-0.79-2.5.58
pam-modules-11-1.22.1
parted-2.3-10.38.16
pciutils-3.1.7-11.7.1
pciutils-ids-2013.2.11-0.7.28
pcre-7.8-2.18
perl-5.10.0-64.70.1
perl-base-5.10.0-64.70.1
perl-Bootloader-0.4.89.61-0.7.1
perl-HTML-Parser-3.56-1.18.1
perl-HTML-Tagset-3.20-1.22
perl-Module-Build-0.2808.01-0.70.1
perl-SNMP-5.4.2.1-8.12.22.1
perl-TermReadKey-2.30-135.22
perl-Test-Simple-0.72-0.70.1
permissions-2013.1.7-0.3.1
pinentry-0.7.5-61.33.1
pmtools-20071116-44.33.1
pm-utils-0.99.4.20071229-12.14.1
PolicyKit-0.9-14.41.1
popt-1.7-37.58.1
procmail-3.22-240.8.1
procps-3.2.7-151.28.1
psmisc-22.7-7.3.1
pth-2.0.7-102.22
pwdutils-3.2.15-0.13.1
python-2.6.9-0.31.1
python-base-2.6.9-0.31.1
python-curses-2.6.9-0.31.1
python-ipaddr-2.1.10-42.5
python-netifaces-0.8-13.7
python-xml-2.6.9-0.31.1
rpcbind-0.1.6+git20080930-6.20.1
rpm-4.4.2.3-37.58.1
samba-client-3.6.3-0.54.2
satsolver-tools-0.17.8-0.5.1
sbr-ent-6.1.7-0
sed-4.1.5-85.22
setserial-2.17-716.22
sg3_utils-1.35-0.15.1
sharutils-4.6.3-3.19
sles-release-11.3-1.138
sles-release-DVD-11.3-1.138
snmp-mibs-5.4.2.1-8.12.22.1
snmpsa-5.0.0-12
sudo-1.7.6p2-0.21.1
suse-build-key-1.0-907.44.1
sysconfig-0.71.61-0.11.12
sysfsutils-2.1.0-102.25.1
syslinux-3.82-8.10.23
syslog-ng-2.0.9-27.34.36.1
sysstat-8.1.5-7.47.1
sysvinit-2.86-215.1
tar-1.26-1.2.6.1
tcpd-7.6-856.13
tcpdump-3.9.8-1.21
tcsh-6.15.00-93.37.1
terminfo-base-5.6-90.55
timezone-2014g-0.3.1
tunctl-20070815-10.22
udev-147-0.94.1
unzip-6.00-11.7.1
update-alternatives-1.14.19-1.22
util-linux-2.19.1-6.54.1
util-linux-lang-2.19.1-6.54.1
vim-7.2-8.15.2
vim-base-7.2-8.15.2
vlan-1.9-62.24.1
vmware-tools-core-9.4.6-1.sles11
vmware-tools-esx-kmods-default-9.4.6-1.sles11
vmware-tools-esx-nox-9.4.6-1.sles11
vmware-tools-foundation-9.4.6-1.sles11
vmware-tools-guestlib-9.4.6-1.sles11
vmware-tools-libraries-nox-9.4.6-1.sles11
vmware-tools-plugins-autoUpgrade-9.4.6-1.sles11
vmware-tools-plugins-deployPkg-9.4.6-1.sles11
vmware-tools-plugins-grabbitmqProxy-9.4.6-1.sles11
vmware-tools-plugins-guestInfo-9.4.6-1.sles11
vmware-tools-plugins-hgfsServer-9.4.6-1.sles11
vmware-tools-plugins-powerOps-9.4.6-1.sles11
vmware-tools-plugins-timeSync-9.4.6-1.sles11
vmware-tools-plugins-vix-9.4.6-1.sles11
vmware-tools-plugins-vmbackup-9.4.6-1.sles11
vmware-tools-pvscsi-common-9.4.6-5.sles11
vmware-tools-pvscsi-kmp-default-1.1.3.0_3.0.101_0.7.23-5.sles11
vmware-tools-services-9.4.6-1.sles11
vmware-tools-vmci-common-9.4.6-5.sles11
vmware-tools-vmci-kmp-default-9.5.13.0_3.0.101_0.7.23-5.sles11
vmware-tools-vmmemctl-common-9.4.6-5.sles11
vmware-tools-vmmemctl-kmp-default-1.2.1.2_3.0.101_0.7.23-5.sles11
vmware-tools-vmxnet3-common-9.4.6-5.sles11
vmware-tools-vmxnet3-kmp-default-1.2.39.0_3.0.101_0.7.23-5.sles11
vmware-tools-vmxnet-common-9.4.6-5.sles11
vmware-tools-vmxnet-kmp-default-2.0.15.0_3.0.101_0.7.23-5.sles11
vmware-tools-vsock-common-9.4.6-5.sles11
vmware-tools-vsock-kmp-default-9.5.6.0_3.0.101_0.7.23-5.sles11
w3m-0.5.2-132.2.1
wget-1.11.4-1.19.1
xz-5.0.4-13.2
zlib-1.2.7-0.10.128
zypper-1.6.315-0.7.15

 

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter

They say you can learn from history, well I certainly hope so in this case.

So I was digging through some old CD's this week - yes CD's (harder than you think as finding a CD player is not easy).

As I ventured into the past I came across this gem, shining like a shiny thing.

"THE CHECKPOINT SONG"

According to a quick google search this magnificent creation could actually be the work of the devil and has caused numerous:

  • Homicides
  • Nervous breakdowns
  • Injuries due to beating your head with a monitor to make it stop *
  • Silent screams of pain

 

* By this I mean a real monitor - at least 19" and with a tube not LCD/LED. Where a monitor is not available any laptop will do - no tablets.

Release circa 2003 to a bemused world, I remember it being played at a conference I was at to stunned silence, it has long since slipped into obscurity. But now I have the pleasure to digitally resurrect this artifact.

Click at your own risk....

 

In case you want to learn the lyrics and who wouldn't (I dare you to scroll down) here they are:

Your mind is free
The world is moving
And so are we!
The next dimension is still to come
And through our passion
The web is won! It's the point
Your mind is free
The world is moving
And so are we!
The next dimension is still to come
And through our passion
The web is won! Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet! Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet! Communication
Of the next generation
Taking action
For a new dimension
Easy responses
Integrated and open
Security solutions
For the web evolution Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet! Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet! Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet! Check Point
You can be sure
Of the times aheeeeead
Cause we secure
The Interneeeeeet!

Click to share
Share on Google+Share on TumblrShare on FacebookShare on LinkedInEmail this to someonePrint this pageTweet about this on Twitter