Security Issues

Did Network Solutions Have a Massive eMail Breach?

Not sure, but this past few days gave me some strange indications that something was up on more than my client’s accounts. It all began with his hard drive (the actual hard drive assembly) having a complete failure. All data lost for regular recovery methods, this is one where the drive has been sent to a specialist that can possibly bring a dead drive back to life. Lesson all too well learned: Have backups.
Net impact of the failure of the drive: Time to upgrade to a new computer that supports RAID 1 (mirroring), so there is a completely redundant drive in place at all times. Next, reload Windows 7 and all the programs. Run updates (over 200 of them) and, from a drive replaced from last summer, get as much data as possible to use as a jumping off point. Done!
Now: Set up Outlook 2010 and configure for the emails. After digging out the server settings, they are there and the “Test Account Settings” are working. Check the Inbox. Nothing. Look in the Sent box. Nothing. Rinse, wash, repeat. Nothing, nothing, nothing. Of course, I checked, double checked and triple checked. Mail was coming in to Outlook, but the odd thing was a regularly sent email would appear to process through and show in the Sent box after moving via the Outbox, but no one was receiving anything. Set one of the accounts up on a separate computer. Same results. Disabled all the security systems in case I had a firewall issue in the new installation that may be blocking ports needed that I had set before. Still nothing. Swirling all around this were other things to get the business back to full capability. The end of the first day, I hadn’t figured it out, but I still believed it was on our end.

Day 2 came and in between the rest of the work to get moving forward, I had time to pick up the phone and contact Network Solutions provider for eMail support, Webs.com. The tech and I checked the settings and verified the account testing built into OutLook was working. He “reset the server.” Told me to wait about 15 minutes, then try again. I did….same results.

Day 3: Convinced it wasn’t me causing the problem, we contacted the support line. This time I went to the web based mail and was able to send and receive mail without problems. After some discussion of the settings, the testing, the POP3 accounts (about 20 minutes), the tech said the email accounts was suspended. Of course I wanted to know why, but, since I wasn’t the account owner, they said they couldn’t discuss it with me. Unfortunately, the owner was out at meetings, unable to get on the phone. I hung up and called later. One of the interesting things greeting me as I began the wait on hold was an announcement that if you’re using the web mail, your server might periodically go down and to try logging back in. Interesting. So not only am I having issues, sounds like someone else is. In this session, the tech told me that the passwords for the email accounts weren’t strong enough (from a security standpoint) and they had to be changed. Good reason to do so anyhow, so I did, following the direction to use at least one capital, one number, and one special character and have a length between 8 and 14. I did so, told the tech it was done and he said he’d lift the suspension, but had to call me and verify the account administrator was who he had been talking with (I had been added to the account by now). I told him I wasn’t at the office (since I had gone home) and asked if he had the number (assuming caller ID got recorded) and told him I wasn’t at the office. He acknowledged, hung up and my phone never rang.
About 20 minutes later, I checked the mail email account for incoming and there was one, saying no one answered the phone for validation. The number listed in the email was the office line. First I went to log back into the management account and a warning came up on the screen saying account management wasn’t available and to try again in about an hour. Seems to me more significant technology issues.
I called and the greeting message was that they were doing an emergency server replacement. This was the global message on the support line, before it even took you to the push this number prompts, so now I sense something is amiss. Add to this that the time from the earlier call to this one was about 4 hours. I gave up, it being about midnight by now.
Got up early, picked up the phone and called the support line, after logging into manage the account. This time there was no warning about the management function being down, so in I went. I will admit I was, let me say, terse with the tech who answered. I rapid fired the problem that began, the steps that had been taken and the dis-connect from the evening before, and added that it was now the fourth day of my client not being able to use the mail accounts, that were paid for and receiving. The answer was the password had to be strong when the scanners checked it, otherwise it couldn’t be unsuspended. I responded that the passwords had been changed last night, then summarized the correct implementation of their guidelines, and clearly stated they had suspended the accounts with no notice to the client, and now had kept him offline for 4 days. At that point she said she would lift the suspension, and it should be cleared in about 10 minutes. She added a warning that if the scanners saw it didn’t meet the specs, it would suspend them (note: automatically) again.
Analysis from my intelligence gathering training:
Network Solutions, for some reason, most likely as another barricade to email accounts on their servers being hacked into, has instituted an automated process to ensure email account passwords meet a minimum security standard. I agree. What bothers me is the client had no notice from them when the automated system injected itself into the process.
Network Solutions was making emergency replacements of servers, telling me either a major physical disaster happened (fire?), or they had been compromised so badly, they had to take them offline.
The observed issue of the notice that if you’re using webmail, you might be logged off, combined with the emergency server replacement tells me the issue happened in the email department.
I did a search as soon as I got off the phone this morning and checking the unsuspension. No indication of a breach at Network Solutions, but…sounds like something happened if a company that size, something happened for sure.

Sorry, Apple People, You’re Just Not That Popular

I know, you think I’m less than smart, but let me assure you, I have some idea what I’m talking about. I began as a wildly satisfied Apple ][+ user many decades ago. While others bought “inferior” computers that hit the market, from PET, Commodore, Atari and TRS-80…well, Atari was the bomb for gaming….I was forging ahead. I moved to the Mac line with a 512K, then an SE, a Mac II, then a IIcx. I learned how to make a computer work for humans because of Apple.

However, here’s the reality. Macs aren’t that popular. I support this by playing into the meme that Macs don’t get viruses, ergo, they are superior platforms. Nope, you have that wrong, but there is the genius of not only Apple, but the evangelized Apple faithful that have somehow missed the point of their lack of bad programmings disrupting their lives at the worst moment, as PC users have come to know and still not love.

Here’s the truth staring you in the face, Apple fanatics: You’re not popular with the people who create viruses, and therefore, you don’t get them. It’s not that your computer is in this uber operating system world, impenetrable by mere mortals out to steal credit card and bank account numbers. I know, in just about every single movie where the earth is saved from alines of environmental disaster, Apples are prominently displayed and used in the crucial scenes. I also know some of you believe that to be the real case.

What’s really up is this: The MacOS is built on top of UNIX, which is very secure, but the face that, depending on the link, the Apple market is about 10-12% and therefore, the effort to infect them is not worth the ROI, on one analysis point. Take the next step: How many Macs are used to manage and handle credit card databases, and large customer files? Pretty much none. Besides taking quite a bit of effort to learn the system inside and out, even if they could find ways in through security flaws, they would most likely find intellectual property, but not something they could make money on, like entire user profiles of banking/financial services, a key set of data for identity theft.

Consider, from a business owner’s view point: If you could set up to serve 87-90% of the market for the same effort to serve 10-13%, with the return per customer the same, which direction would you head? There will be a minnow out there (thank you, Scott Weber!) who gets this answer wrong and insists loudly they are correct, but you all know the right answer to remain viable in the market. That’s why you’re also not infected. Far more ROI in spending your energy developing and working the PC market and the associated Windows based server farms. Not to mention, Apple made a run at the server world and built a very cool piece of technology, but like Beta tape, the public went for the lesser versions in the PC based systems using LINUX and Windows.

That all being said, there are those, because the Apple market share is growing no doubt, who are taking up the challenge to infect the Apple Faithful. You’ve been spared due to not being attractive (I’m not talking the aesthetics of the device design, but the ugly fact that Apples aren’t used to conduct serious financial business). That’s my tough love for you. Some are coming after you and the good news is you can now enjoy virus and malware protection as we PC users do.

Now let me, after turning your meme upside down, drop it on (your) its head: If the MacOS doesn’t get viruses, as some smuggly post to Facebook, why, pray tell, would giant anti-virus companies have software on the market to provide anti-virus for the MacOS that doens’t get viruses? Oh, yeah, it would be a very silly and costly idea to serve a market that has no need, right? Software costs money and then, as any product has to return some what of a profit, or it will be dropped from the company offerings for failing to add to the bottom line.

Check this Dogpile search out: Looks like Symantec, ESET, Norton and Webroot, Avast, AVG just to name a few “small” companies trying to sell something “real” Mac users don’t need.

I’m hoping this dose of reality spurs the Apple faithful to break down and admit they have been a tool in the greater Mac propaganda machine, but then get online and download an appropriate software package to protect themselves. Speaking as a complete PC/Windows user for all my own (too) many computers, it’s a pain to get them, I have two layers of anti-malware/virus on all my systems, just to practice as much safe computing as possible. I encourage you Mac types to do the same. I see the helplessness in people’s eyes all the time, when they have contracted such an infection. Trust me, you don’t want to feel that way, let alone missing your working hours while I or your Mac tech (who should have already advised you to get software – if they haven’t, send them this link so they can be better providers for their customer base) conduct the technical exorcism rites.

If you need help in getting protected, contact me and let’s get you into the real world you actually live in.

Malware and Virus attacks get more “life-like”

I spent a few hours pulling a serious malware infection, actually a set of 8 different ones, off a client’s main system yesterday. He contracted the mess at 5:40 PM last Monday.

My contention os these attacks are getting more “life-like” is based on the manner in which he identified the moment of problems: He has a major customer and he ships mountains of product to them via UPS. On Monday afternoon (consider what else was going on in the Post-Christmas days and UPS), he received and email indicating an updated delivery status for his UPS shipment. His comment was it appeared to look very much like others he had received via the major customer, so he clicked on it. He said it didn’t have fancy graphics, but it certainly was a detailed looking email, not a one liner with a link.

It also reminds me of the 1-3 emails I get a day into one of my other blogging emails that obviously some scraper picked up off that site. They tend to be advertisements, but they are mixed in with emails that are my accounts at (fill in the banking institution) suspended, blocked, etc. Some of them actually are all dressed up with HTML graphics layouts, too. I stay away, but then I deal with this daily. For others, like my client, when one comes that makes sense to their work flow/life/personal business/social networking, there is a likelihood they will allow the malware in, and their firewalls may not stop it.

For the user: You have to be wary of things that look kinda true , but something still tells you it’s not kosher and look closer before clicking.

Be careful out there and practice safe computing!

For you techs, looking how to get rid of this:

Anyhow, it really embedded itself within his system, flagged as a Win32 password stealer by Microsoft Security Essentials. The good news, in early Tuesday, I convinced him to take the rest of the year off and reward himself for a great year, and I’d be over Thursday morning (since the malware would allow a network connection for a few moments, then cut it off, so a remote session was out of the question.

I used MalwareBytes, Microsoft Security Essentials, Kaspersky TDSS Root Killer and old school digging through the entire registry, after seeing the names in the user appdata roaming and local files under nonsense random lettering named .exe files and folders.

I called this one a “repeater,” as MSE would identify it, clean it, then it would fire itself back up about 30 seconds later. I would see 8 different start up program listings named BitNefender 2016, turn them off, and they would be back, activated in the next reboot. Interestingly enough, searching for that name in the registry never found anything, even after several tries.

It was the searching for the keys and values in the registry and manually deleting them) that, in combination of the MSE and MalWareBytes scans that finally got things working normally, including restoring a constant network connection.

Windows 8.1 is out. Major issues are being uncovered.

Shades of the disaster of Windows Vista….and attempts to rejuvenate it. Again.

I blogged before, after using the beta version of Windows 8 and it’s recreated interface on the screen, commenting on how it’s not very functional without a touch screen, practically or ergonomically. Version 8.1 was supposed to address two major deficiencies that would cause corporations to turn they nose up and refuse to commit dollars to Windows 8: A “Start” button and the ability to get straight to the desktop, and allow users to do what they had been doing well since 2001 and the release of Windows XP.

One of my contacts is digging very deep inside, first Windows 8, and now Windows 8.1, not for sport, but because he works with lots of leading edge stuff for his own enjoyment, and has stumbled upon some disturbing things.

WARNING: DON’T UPGRADE TO WINDOWS 8.1 UNLESS YOU HAVE CREATED A BACKUP IMAGE AND RESTORE DISK IN WINDOWS 8!

Seriously. He upgraded to Windows 8.1, had an oops, then went to repair the install. No luck. He’s a very advanced user and he could not make the Windows 8.1 repair function work. He could repair a Windows 8 installation, but not 8.1. He found out by redoing the disk with Windows 8, but then that meant all the installation of Windows 8.1 was gone. This is a showstopper, and if I’m needed to repair a Windows 8.1 install that has been done as the upgrade, well, it’s not going to be pretty, thanks to Microsoft and poor engineering/development and less than through testing.

Other issues that have come to light are related to drivers for the hardware not working. His equipment is from Asus and uses Intel CPU and support chips. The drivers from both Intel and Asus for various functions will not install, which means he (and anyone else with this equipment) will have less than optimum performance, at the least, and some lack of function of installed capabilities. He has just one step behind the top end system in generation (3rd generation Intel CPUs and Z77 chipsets), so it’s not like he’s trying to make some single core Pentium 4 run very advanced OS functions.

I’ll work with him to lay out more definitive symptoms, problems and what we can find (or not) for work arounds in the coming weeks.

In the meantime, don’t upgrade to Windoew 8.1 unless a computer professional has ensured you’re set to move forward, and not get stuck losing everything is a few system files are corrupted and need repair.

Friday Freebies: Comodo IceDragon

For a while now, I bave been using the FireFox based Comodo IceDragon for my browswer. I have long since left Internet Explorer behind, only using it when it was the only option for some things such as updates from Microsoft, and have long been a fan of FireFox from the folks at Mozilla.

Long before the added functionality of plugins arrived in the IE world, I had many, many useful plugins operating in FireFox.

Then I came across IceDragon about a year ago on the Comodo site Free Products page. I had been using their Dragon browser for a bit, which is based on Google Chome, and had built it up for some replacement functionality in the plugin world, but I wanted a FireFox version and they read my mind. So here I am.

Advantages of the IceDragon browser of “straight stick” Firefox:

1 – On the right end of the website address bar, where is a stylized blue “W.” That button is a tool the, when clicked, scans the currently selected webpage for infections. Think of it like a virus scanner, not for your comp[uter, but the site are looking at.


Click images for larger version

Why is this important these days? Beacuse the bad guys are hacking into and infecting legitmate websites. The result is you get intrusions into your computer, not by clicking the obviously hacking into freinds Yahoo email account sending out spam viruses, but without your inattention to detail for a mere moment.

2 – The browser has beefed up security checks, and will stop and ask you if you really want to go to a webpage that has indications of being a malicious site, or, in the case a site’s shopping cart that had their security layer (the SSL function, that ensures your credit card info is encrypted before it leaves your end of the transaction to purchase on the net) expire, which then makes passing your info a risky thing.

I have seen it also ask me if I wanted to continue, because the web address had more than some acceptable numbe or dedirect command (meaning the webiste keeps forwarding you to anothe domain/server for the content, but in this case, the redirects continued to bounce my request to other places). IN this case, it is a site I go to regulalry, and is a big name, but obvioulsy the bad guys use mulitlpe redirects to cover thier tracks in an effort to hide what they are up to, and IceDragon saw a similar pattern and asked me. I tried it in the current version of FireFox, out of curiousity, and it took me right to the sight. Good real time comaparison.

But, they you have your Friday Freebie courtesy of The Computer Whisperer!

Windows 8: The hackers are already in it…

This news is a few days old, but is telling: Windows 8 already has it’s own phishing and fake anti-virus malware attacks…

Hackers Already Blasting Windows 8 With Phishing, Fake AV Scams as reported in CRN.

In both cases, for those who keep asking me “why do these hacker do this?”, it’s about getting you to give them your credit card info…then they can go shopping on line for you and begin to try to steal your identity…simple, they have a business model of “crime does pay, if the gullible just hand me their bank information!”

Safe computing, you need it!

Do you have a strong password? Do you use it a lot?

Here’s the reality of our digital lives: We have lots of online accounts and they need passwords. Many people use ones that are easy for them to remember, and tend to use sometimes only one.

How does that affect you? Well, think about this: Once “they” get the one, then you’re life can be laid wide open to those interested in digging further. Since it’s not uncommon for sign ins to be your email address….someone (or a programmed crawling robot) could just travel the known email universe and common places like FaceBook and give it a whirl with your email and a common, made once, used always password of yours.

That’s bad enough, if you are in this category, but even if not, there is now an article that brings to light the technology that allows gamers to get really life like graphics, and for scientists to explore climatology, cancer, and signal from space, is also being exploited by hackers.

I invite you to take this introduction, and read as much of the ARS Technica “Why passwords have never been weaker—and crackers have never been stronger” and read it until you are sufficiently convinced you need to take action to protect yourself by putting some effort into your password selections.

Yes, this will take some mental energy, and changes to your daily digital operations, but….I’m sure you wouldn’t want to wake up to a screen full of mail, indicating your email has been exploited and your bank accounts have been emptied, etc, etc, etc.

Please help protect yourself!

“Flame” – a new virus, but it’s not after your credit card information

Quite often I’m asked why do people write viruses and malware. The bottom line: because it makes them money.

Today, there’s another reason. The recent news indicates a virus by the name of “Flame” is running amok in the Middle East, specifically Iran. From the New York Times – “Researchers Find Clues in Malware:’

Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.
[…]

There you have it. Governments are now in the business of writing PC based malware for the specific purpose to conduct espionage. Which government? We can all speculate, but most likely one’s threatened by the prospect of a nuclear arsenal being built by an unfriendly neighboring nation.

There have been two other reported viruses used to work inside the computers of other nations, but one, Stuxnet, wasn’t designed to go after computer users, but the systems used to run machinery, in that case centrifuges. Duqu, the other known one, was like Flame, to collect information and email it out, but not nearly as sophisticated as Flame.

And this quote is a keeper for the NYT article linked above:

“This is the third such virus we’ve seen in the past three years,” Vikram Thakur, a Symantec researcher, said in an interview Tuesday. “It’s larger than all of them. The question we should be asking now is: How many more such campaigns are going on that we don’t know about?”

Going Mobile – Leaving the Desktop Era Behind

The main workhorse for many still seems to be the desktop in my observations. My question for most people is “Why?”

The landscape of the computer world has massively shifted in the last few years, but even a few years before that, there have been perfectly suitable replacements for your hard working, well loved, big screened desktops.

In other words, why invest in a desktop and a laptop anymore? It’s still a majority case I’m seeing. The real need to take your computing out the door exists, as does the need to have something that doesn’t hurt your eyes to look at for hours on end when you have a big project to work on.

In addition to the long standing discussion I had had with many people, helping them get over having a laptop and a desktop is the entire tablet market that has opened up within the last two years. This is a wrinkle in the discussion, but not really.

Tempted to know what you can do to save money and increase your productivity, and still be mobile?

I knew you were: The laptops of today, at the low end of the price point scale are more powerful than most all the desktops I see in service. So, why not ditch the desktop? I know: “the Screen is too small!” comment is coming next….but it doesn’t have to be.

I found, way back in 1993, I could do just fine with a laptop on my desk at work, equipped with a separate monitor, keyboard, mouse, network card and a modem. In fact I had my shop purchase 17 sets like this, to be handed to the project managers and the senior staff that traveled frequently and needed to keep up with work. We didn’t buy the docking stations (a concept that never really caught on) as it took only about 30 seconds to plug the stuff in when we came back into the office.

You can do the exact same thing now: Get a large LED display (light, and easy on the environment and your power bill, as well as your eyes), and a keyboard and mouse like you had with your desktop (make sure they are USB, as the old devices you may consider using might be the “PS/2” style, and no one installs those in notebooks these days).

Now you have the equipment (and you may be reusing your existing LCD/LED monitor), you’ll find a video out port on the laptop, which you may have used for a projector at a presentation, most likely a VGA port, sometimes a DVI or even HDMI.

With your external monitor plugged in…you may not see a picture, even when you turn it on. This is something the people who do lots of presentations know is the video output port on the laptops have three settings:

  • Laptop screen on only
  • Laptop and external screen
  • External screen only

Which setting is active is controlled (in Windows based systems) via the control panel/a right click on the open desktop, or a function key selection on the keyboard. Note: It’s like a three position switch and it rotates with each key press, and it takes about 2-3 seconds to register and synchronize the hardware.

Anyhow, once you’re by there, you have a choice: One screen or two?

If you don’t want desk clutter, set the laptop off to the side, and configure the system for the two screen to “clone” each other. With a few other settings, you can actually close the laptop lid and it’s just like that old desktop, but smaller, less noisy and less power hungry!

If you have room, welcome to the age of two screens! That alone makes you wonder how you lived on one display surface! I like to use my two screens like this: My main work on my 22″ full HD (1920×1080) display, and then I have Outlook up on the 17″ 1280×1024 screen to the right. If a new email pops in, or the calendar needs to get my attention, the movement over there gets my view quickly. This avoids the different working windows being stacked on top of each other, and you miss something.

Here’s a real benefit of having the laptop replace your desktop: When you unplug it from the office configuration to go mobile, where are all your files? right there with you! Your Word documents for contracts, PowerPoint slides, email, pictures, etc, etc,etc….you won’t have to say anymore: “oh, that’s on my desktop at home/the office!’ in the middle of an important meeting.

Here’s an added benefit: Is it better, when the hurricane is headed our way, that you only have to grab the laptop, stuff it in it’s bag and head out the door?” I’d say so…and if you can’t get back into the affected area for a few days (or weeks), at least you’re functional. With a desktop, that’s not going to happen, with the additional impact of maybe losing all those programs you had installed, in addition to losing data files.

Seriously, with minor exception among my clients, friends and family, the least capable new laptop you can buy is every bit as powerful as you need to work.

In this day and age of tablets, you will still need the desktop like function/desktop replacement. Tablets are cool, can let you get mail, and get to websites, but they don’t have many brains, let alone smarts, and while they can hook to a projector, it’s more cables/apps, etc…For basic functions, my tablet is a netbook, but I still need to haul out the serious laptop for work, but that’s me, with graphics, spreadsheets and larger projects.

Another consideration is that older systems are getting harder to maintain afford ably, and once they start going due to age related problems, it’s a fingers plugging the holes in the dike, hoping you won’t get flooded, but knowing you will.

If you’d like some assistance in making a purchase of the items to effectively allow you to be mobile and comfortably office based, with this flexibility, too, I can help.

I can also help to make sure you bring your data with you to the existing laptop, or to the new one, so you keep doing business with minimal interuption.