Georgi Sotirov's Blog

My personal and professional life

2017-11-20

AVG Free Antivirus deletes PowerShell scripts

Yesterday, as I was working on my PowerShell backup script (see my SPSB project on GitHub) in a Windows 7 virtual machine, I noticed strange behavior. Just like this the script was getting deleted once it was executed automatically by Windows as a Logoff or Shutdown script set up through Local Group Policy Editor. I was struggling to find explanation of this myself or through Googling the Internet as nothing like this was happening on another Windows 7 (real) machine in my WAN network (where the script was actually supposed to work).

I only understood what's happening after my brother working on the same virtual machine told me via Hangouts that he was receiving strange messages from AVG Free Antivirus about some bak.ps1 script that is being quarantined. It stuck me to once that this was the script I was working on and it explained it's strange disappearance from the file system. I'll still have to find what exactly into the source was causing AVG to quarantine the script file, but I find it rather strange that another system account was receiving the messages from AVG and not the account I was working with.

I'll update this post when I found what exactly in the script was considered a threat by AVG.

2014-07-27

Using InfoNotary certificate on OmniKey CardMan 6121 under Slackware

Abstract

This small article describes the installation and configuration of OmniKey CardMan 6121 card read under Slackware, which enables the usage of InfoNotary's universal certificates for e-banking.

Getting started

Plug in the device to a USB port on your computer, after it's recognized by the kernel in the output of command lsusb you should find the following:

Bus 001 Device 028: ID 076b:6622 OmniKey AG CardMan 6121

Installation of device drivers

The manufacturer of the device offers binary drivers for the CardMan 6121 and other readers.

Manual installation

Download the driver archive and unpack it to a temporary directory, then run
the install script, for example in Slackware64 14.1:
# cd /tmp
# wget 'http://www.hidglobal.com/sites/hidglobal.com/files/drivers/ifdokccid_linux_x86_64-v4.0.5.4.tar.gz'
# tar -xvf ifdokccid_linux_x86_64-v4.0.5.4.tar.gz
# cd ifdokccid_linux_x86_64-v4.0.5.4
# ./install

Automatic installation

A package is provided by the SlackPack repositories for different Slackware versions called pcsc-omnikay, so alternatively, you could use slapt-get utility, configure SlackPack repositories and then just issue the following command:

# slapt-get --install pcsc-omnikey

Installation of necessary software

You need PC/SC Lite middleware for accessing the smart card using SCard API (PC/SC standard), for packages could be found in SlackPack repositories for different Slackware versions. You also need OpenSC tools and libraries for work with smart cards that are used by Firefox and Thunderbird. Packages could be found from the same place.

Manual installation

Download the packages into a temporary directory, obtain root privileges and then enter following commands to install them, for example in Slackware64 14.1:
# installpkg pcsc-lite-1.8.11-x86_64-1gds.txz
# installpkg opensc-0.14.0-x86_64-1gds.txz

Automatic installation

Alternatively, you could use slapt-get
utility, configure SlackPack repositories and then just issue the following command:

# slapt-get --install pcsc-lite opensc

The PC/SC Lite daemon from the package comes bundled with a startup/shutdown script, so you could start it by just issueing the following command:

# /etc/rc.d/rc.pcscd start

If you want the daemon to start automatically with the system, then just add it to local initialization script like this:

# echo '/etc/rc.d/rc.pcscd start' >> /etc/rc.d/rc.local

Configuration of Firefox

Now that the driver and necessary software are installed
it remains only to configure Firefox to be able to communicate with the card read. This is done in the following way:
  1. Open Edit -> Preferences;
  2. In Firefox Preferences window navigate to Advanced, then to tab Certificates;
  3. Click on Security devices button;
  4. In window Device Manager that opens click on button Load on the right;
  5. Enter "OpenSC PKCS#11 Module" in Module Name and select
    /usr/lib64/onepin-opensc-pkcs11.so file as Module filename, then
    click OK;

After the module is loaded the window manager would display the information about the reader:

See also

2014-01-17

I become father (version 3.0)

Today I have become father for third time and yes, it's a girl again :-), but I'm more than happy with my new daughter Dobromira. Both the mother and the baby are well and we'll expect them at home in the next few days.

Dobromira comes to our lives as a bit of surprise, but I would say a much wanted surprise, because I have always dreamed about big family of at least three children. Now that dream have come true and my life is even more meaningful.

2013-10-29

Enable negotiatable authentication in Firefox

Well, I've spend some time investigating this, so I decided to share. I have tired to set up NTLM authentication in Firefox by Googling the web, but what was bugging me was that it was not working, while with IE there was no problem at all. Most of the sites suggested setting network.automatic-ntlm-auth.trusted-uris and I've entered the internal sites there. Even tried to enable it for all sites by setting the value "http://,https://", but still no success.
Today, I decided it's about time I find the solution, so I started by refreshing my knowledge from the Internet. Normally, for the authentication the web server sends HTTP 401 Unauthorized (or Authorization Required) response, so I've started investigating the HTTP headers (with the help of Live HTTP Headers extension) and I noticed that after it Firefox actually sends nothing for the internal host names that I have already set up in network.automatic-ntlm-auth.trusted-uris. Strange? Yes, until at some point I noticed the following:
Authorization: Negotiate ...
So, the web server was actually negotiating authentication mechanism, instead of asking for NTLM directly, but Firefox wasn't negotiating. This made me think that something is missing and I searched about other keys related to authentication into about:config. Thus, I found network.negotiate-auth.trusted-uris and once I set the internal site host names into this value everything come into place - Firefox was already negotiating the authorization, which turned out to be Kerberos actually.
So whenever you setup automatic authentication for internal sites consider setting both network.automatic-ntlm-auth.trusted-uris and network.negotiate-auth.trusted-uris, so it works for you, even if the authentication mechanism is negotiable.

2011-02-12

Plane over Lyulin motorway

Digging in Google Earth I've accidentally got over this image of plane over Lyulin motorway in its section through the mountain just before Malo Buchino. As in a shadow the image is decomposed in the three main colors, which reminds me of a previous similar image published in Internet.

2011-02-07

Remove old server certificates in Nokia N900 browser (Firefox)

On my personal web site I'm using self signed certificates for SSL. These are stored by the browser and everything is fine until the moment they're regenerated. However, when you regenerate them (in the way I do, I'm only changing validity) you could not longer access the site, because the browser still uses the old certificate. In the desktop version of Firefox, I'm just removing the old certificate from Tools -> Settings... -> Advanced -> Encryption -> button Certificates -> tab Servers. Unfortunately, Nokia N900 has interface only for management of certificates of client authorities. Hopefully, the same interface as in desktop Firefox is available in it's mobile version. You just have to: 1. Open the browser; 2. Type chrome://pippki/content/certManager.xul; 3. Click on "Servers" under "Your certificates" and delete the certificate of your server. I haven't found exactly the same information on Internet, so I'm posting here for everyone with the same "problem" as me :-)

2010-08-13

Wish upon a falling star

This morning I woke up with a wish in my mind. Last night I was not able to watch The Perseids, because I was in Sofia and the possibility to see something from the small peace of sky, visible from our apartment, was close to zero. Nevertheless, I have two "stars" in my home, one of which is a just born lioness, so I wish the world to be a better place for all of us people around the globe. It depends on all of us to make this happen...

2010-08-04

I become father (version 2.0)


Today I become a father for second time. The experience was unique and unforgettable again. Moreover, this time I was on the front line :-) You could look at the first pictures of our little precious in her album.

2007-11-03

To be or not to be...

For some time, I'm questioning myself whether to continue or discontinue writing in this blog. I almost can't find free time to write and I didn't see the meaning of doing it. Yet I'll wait some more before taking the final decision.

2007-03-15

Lot of work...

Few days ago I took a glimpse of my buglist at Bugzilla on my home server and I literally dumbfounded. "Only" 18 bugs. I can not understand when they get so much, but lots of work is ongoing. Some of them are pressing and I should finish them till the end of the month, because I'm planing to release new version of SlackPack. Actually one big part of what I have to do is on SlackPack... I'm having so much ideas, that I don't have the time to release them and I only report them for later reference. Let's hope I have more spare time until the end of the month, so I can complete what I have planed for 0.3.0, and after this I'm starting the preparations for 0.5.0, where lot of interesting things should be included. If I just think about, that I've only started the translations of Buzilla 3.0, which should be released sometime in April... a great spring is on the horizon :-)