Phishing attacks getting more efficient for the bad guys

Folks, please, please, please be very careful of what you click on and what financial information you provide. Especially in response to an ‘alerting’ email!
There are a great number of ‘phishing’ attacks occurring again and they are getting even more sophisticated. Many almost look and sound legitimate. I have written previously on some of this here.

But as a reminder, if you get an email or text telling you you must login to a financial (or any other for that matter) site via a link in an email DO NOT CLICK ON ANY LINK AND MOST IMPORTANTLY DON’T ENTER ANY INFORMATION IF YOU DO!!
If you must visit a bank, credit card or online vendors site for ‘verification’ or what ever do so through the ‘Front Door’. By that I mean open a brand new Web Browser window and log in to ‘their site’ and proceed from there. i.e. https://wellsfargo.com etc.

If you click on many of these links a few things are likely to happen. 1st you will probably be silently infected by a Trojan/backdoor application and 2nd you will probably be brought to a ‘bogus’ site that looks very much like the legitimate site. You will be prompted to enter in financial and/or information such as account/card numbers passwords and other verification. The MOMENT you do you can be assured that your account will be compromised! Sometimes in as little as a few minutes your account can be emptied!

Here is an example of one of the hundreds of emails that have been hitting my email server this weekend. You can see that it almost looks legitimate; the wording is sufficiently scary and authoritative and there is a ‘real logo’. But the link in the email is to a phishing site. AND the email address on the ‘from’ is not correct.

Security

This looks very ‘scary’ and it is – but for the reason that you WILL be screwed, not that you are yet.

Please use some caution in the digital world. You would not give a perfect stranger your bank card and pin but some will do just that in cyberspace.

Be safe folks!

Computer Virus Infects U.S. Drone Fleet!

This should just serve as another warning – PEOPLE KEEP YOUR AV AND ANTI-SPYWARE SOFTWARE UP TO DATE!!

Use multiple types of protection, keep your systems OS files and applications updated.

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. Read about that HERE

While you, as a civilian home user, don’t have the large ‘target’ on you that the government and large financial institutions do, you still need to be safe.

This will undoubtedly come down to poor security measures taken from the beginning of the OS install/configuration and on to user management policies – letting users run with administrative or elevated privileges that should not have it.

Come on folks think security first or you WILL be taken advantage of

Re-Installing Windows 7 if you don’t have original installation media.

Many people who purchased a computer with Windows 7 installed have found that nearly every manufacturer no longer provides you with the Operating System Media (DVDs). You will only be provided with a ‘restore to factory settings option’. Which will only work if the system ‘restore’ partition has not also been corrupted. And if like a recent case I had (you can read that here)you have ‘dual booted’ or otherwise changed your partitions configurations you may not be able to get to the ‘Factory Restore’ option. And if, when you purchased your system you didn’t immediately create the ‘restore media/DVD’s disc(s) you may be hosed if you have to re-install your your Windows 7 Operating system because it died, became corrupted or was otherwise compromised.
Well fear not!
As long as you have your installation Key – contained on your COA (Certificate of Authenticity) you can download and re-install your system! COA is that sicker put on by the manufacturer somewhere on your system

If you cant read it or it has been rubbed off, you can also use one of these tools to find out your installation Keys. [You must use your legally obtained key on the same hardware by the way, or you are breaking the law!]

LicenseCrawler (Excellent tool by Martin Klinzmann!)
Download here

More information

Or you can try Aporah KeyFinder:

Or Majic JellyBean (I’ve used this one many times too)

[note – these applications will be flagged by 90+% of all virus scanners as a ‘key finder/logger’ IT IS A KEY FINDER OBVIOUSLY. So often you must disable you AV protection for the brief moment you download and use this. Get your key information. then Copy the information to paper and TURN YOUR AV SOFTWARE BACK ON!]

Windows 7 comes in various editions like Ultimate, Professional, Home Premium, Home Basic and Starter. Now there might be many cases when you would like to choose the edition during setup. But in reality they are pretty much the same except for one configuration file!

Here are the individual downloads:

Windows 7 Home Premium x86 SP1 (bootable) download

Windows 7 Home Premium x64 SP1 (bootable) download

Windows 7 Professional x86 SP1 (bootable) download

Windows 7 Professional x64 SP1 (bootable) download

Windows 7 Ultimate x86 SP1 (bootable) download

Windows 7 Ultimate X64 SP1 (bootable) download

BUT I recommend downloading the ‘Ultimate version’ (either 64bit or x86) and then deleting the configuration file that ‘tells’ the installation program which version it is. This way you will have ALL options available and then should be able to use YOUR LEGITIMATE installation Key.
I also recommend that you make a bootable USB installation. It will make things much quicker and easier in the long run. If you have multiple Windows 7 Systems (netbooks especially, as most don’t have DVD drives etc.) you can use the single USB with your valid installation keys on every one. [Again you must have valid/legal keys for each installation.]

Simplest way to make you installation ‘version free’ is to delete the file ‘ei.cfg’ from the sources directory of the installation media. Doing this step is what makes the USB memory stick allow you to install any version of Windows 7 as it no longer has a default version configured.

I wrote about the simplest way(s) to do that (create Bootable USB) using Microsoft’s USB tool here. You can run “del F:\sources\ei.cfg” (replace ‘F’ with whatever drive you’re USB is) from the command prompt and you Windows 7 Bootable USB memory stick is ready to go.

You can now either boot from the USB memory stick or just run setup.exe from the drive to start the install process. Either way you will now prompted for the version of Windows 7 you want to install!

If you are going to burn the ISO directly to DVD then you can can also use a free tool "ei.cfg Removal Utility" to delete "ei.cfg" file so that you can choose the desired version at the time of installation.

OR you can use another free tool "Windows 7 ISO Image Edition Switcher" to modify "ei.cfg" file so that you can convert a specific Windows 7 edition setup ISO file (e.g. Windows 7 Ultimate) to another one (e.g. Windows 7 Professional).

I hope this helps for those who asked.

Backups, system failures and peace of mind

Another week in the trenches. I had a primary server at our organization have a major failure. The SAS controller (which provides access to SAS type HDDs) died OR the motherboard to the server itself has an issue. Either way without another ‘like’ system that I can put the SAS card into to see if the issues is just the card or the motherboard I cannot access my drives – and they too may be very corrupted. The only machine I have capable of putting the card into is in production. And the cost of a replacement Dell Perc5i SAS card is nearly $200.00 US and could take days to get here. Plus I needed to have this system back up and running very quickly – the server in question runs all or our company financial, shipping and reporting software applications!

Since I have all my ‘data’ backed up to a server drive every night I was secure in the knowledge that we at least had the financial databases and ‘files’ available. But how to get a system back into production? Disk Imaging to the rescue!! I had a fairly recent full system image, created with my favorite backup software – Acronis, available. Yay! Just need a place to restore it to.

Since my organization now has a VMware ESXi/vSphere SAN and cluster running I was easily able to create/import a new ‘Virtual Machine’ from the Acronis disk image very quickly and then just copy over the backed up data files from the night/early morning before. WORKED LIKE A CHARM! If I’d had an available server (Hardware wise) I could also have restored that image to it too.

I’m telling this to you to remind you – I believe in Images(Clones) for my backups, alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files. :)
[Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.]

If you are not regularly creating full image backups you WILL be sorry! I have written numerous articles about cloning and back up.

PLEASE read here if you any kind of concern for you data.

For Mac images and cloning go here.

So of course this weekend I created two new images on separate drives for my home system(s). I can’t tell you the peace of mind you will get from knowing that the worst that could happen to your system is that you might lose a couple of days or a weeks worth of information. If your drive gets corrupted or fails or you get trashed by some virus, you could be back up and running within a very short period of time! No re-installing your Operating System and programs and ‘trying’ to find you data files. Just restore the image and BAM, you up!

What prompted me to start on this rant is that Apple has finally acknowledged it is having some major issues with some of the hard drives in some of their newer systems they have been selling. Looks like some of the drives just ‘fail’. OUCH! You can read about that here.

And although you can have your drive replaced – YOU WILL LOSE YOUR DATA! The Apple folk and/or kids the the ‘Genius’ bar will NOT re-install your system software or clone your drive for you!! Unless you have an image to restore you will have to re-install you System and applications. And unless you had at least some kind of backup to another drive (Time Machine type) your data (read pictures and music!) will be gone!

So folks, backup, backup and then backup again.

The cost of a couple of extra external drives and a little program setup is minuscule to the cost of losing you ‘digital life’. Right now Acronis has a special – only $29.00 US for their home product!! With Apple’s you can even get a way with out purchasing any software!

Be safe, be secure and gain some peace of mind.

Mac Maintenance and HDD updates/upgrade

[Updated 06-26-2011]

I just spent a few days doing lots of maintenance on a few Mac’s.
Cleaning up, optimizing and replacing one HDD for a new larger one.
So I thought I’d share what I do with my Mac’s to keep them running happy and having my data safe should there be problems to those of you ‘Mac-ites’ out there.
1st. Let’s clean up.
I install and use Onyx on all my Macs and those I maintain. It makes maintenance a BREEZE.
With Onyx you can do just about everything you need to do on a regular basis to keep clutter down and errors away.
Get it here.

Check out the AppCleaner application to completely remove applications – often installs put files into many other directories than just the applications folder! A great tool for removing leftover ‘gunk’.

I was going to go into some of the other steps I do such as removing unnecessary start-up items and removing unused apps but it looks like the folks at LifeHacker.com have put together a very good article on just that.
So to save the time of me just re-stating what Gina Trapani, founder of LifeHacker, has already said just go here.
The folks at Tested.com also have a good in depth article on how to manually do nearly everything you can do in Onyx. But I find Onyx to be fantastic.
As always make sure you have a good backup before you start messing with system settings!

2nd. Let’s clone/copy.

For backups most know I believe in Images(Clones), alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files. 🙂
Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.
Good description here

Now to backing up and/or updating of a hard drive. By cloning the drive to a new (or back up one) you are creating an exact bootable copy of the original.

This is actually a very simple process that can be done without any 3rd party software on OSX!
I’ll explain how to do that in a moment, but there are some 3rd party tools that make it a little easier for the novice

Whether you are installing a brand new larger hard rive like I just did or making a clone to and external drive the directions are the same. [except of course if it is just a back up clone you won’t be ‘changing the start up disk’]

For the two Easiest ways to Clone (and also backup – remember images rule!):
Use SuperDuper Mac Drive Cloner. Get it here,
The application is freeware/shareware. Meaning to use the clone function it’s free but to use the advance scheduling features you will have to purchase a license. The call is yours.
I have always found it very worthwhile to own and support great utility software.

Or use Carbon Copy Cloner. Get that here. Read about it here. The latest version is fantastic. It’s now my go to OS X disk tool.

Now the no 3rd party software route.
You can do as I have done many times use OS X’s own clone/restore utility!

You insert the MacOS X 10.x install disk, boot from it, select Disk Utility from the Start menu, and choose the volume of the new Mac.
Then use the Restore tab, drag and drop the old drive as the source, and the new one as the target, and press the button.
Et voila!
After copying, just make sure that your new hdd (the clone) is set to be the start up disk.

You can then boot the new Mac with an exact clone of the old one.

Here’s how to use Disk Utility to clone and backup your hard drive in a little more detail using an install disk:
* Fire the Mac OS X disk that came along with your Mac.
To do this, insert the CD or DVD into your Mac, and hold down the C key while your Mac restarts.

[if that doesn’t work try these options:
# Restart your computer and immediately press the Option key. Icons for all available startup volumes will appear. Click the one you want to boot from, and then click the right arrow button to complete the startup process.
# Restart your computer and immediately press Cmd-Option-Shift-Delete. You must press all the keys at once. The computer will start to boot from the CD or DVD drive. If there isn’t a bootable disc inside the drive when you begin the reboot, the computer will attempt to boot from another partition or drive. ]

* Go ahead select your language. Don’t worry: You’re not installing Mac OS X again – this is just what you have to do to get to Disk Utility. When the menu bar appears, select Disk Utility from the Utilities menu.
* When Disk Utility opens, you’ll want to select your source. This is the hard drive you want to clone and/or backup. After you have a source, select the Destination. This is the hard drive you want to save the backup image to. * Click Restore and you’ll end up with a perfect copy of your hard drive.


Restart your computer and you’re good to go!

That’s it……

For backups there is also the included Time Machine application that ships with the latest versions of OS X. It is much improved from previous versions. It allows the user to restore the whole system, multiple files, or a single file. It works within iWork, iLife, and several other compatible programs, making it possible to restore individual objects (e.g.: photos, contacts, calendar events) without leaving the application. Time Machine is a backup utility, not an archival utility, it is not intended as offline storage. Time Machine captures the most recent state of your data on your disk. As snapshots age, they are prioritized progressively lower compared to your more recent ones.

Carbon Copy Cloner, SuperDuper and Time Machine are complimentary. Think of SuperDuper or CCC as your backup against catastrophe (drive-failure or theft) while your TM volume is a hedge against stupidity (deleting/overwriting important files, contacts, etc.).

One last utility that I’d like to mention is AppleJack.

AppleJack is a user friendly troubleshooting assistant for Mac OS X. With AppleJack you can troubleshoot a computer even if you can’t load the GUI, or don’t have a startup CD handy. AppleJack runs in Single User Mode and is menu-based for ease of use. Their main page is here.

The AppleJack download is here.

Peace and happy computing…..

Blacksheep add-on to protect against WiFi session Hijacking

This is a Firefox add-on everyone should use if you use public WiFi anywhere anytime.
It’s called ‘Blacksheep’.

Blacksheep will find and block ‘Firesheep’ – a highly popular new hacking tool used to ‘sniff out and steal your sensitive information on WiFi networks.

What Firesheep is:
Firesheep is the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. It is designed to sniff out weak security and hijack web site credentials on open Wi-Fi networks. This technique is technically called ‘Session Hijacking’.

Session hijacking is nothing new. Web sites typically use SSL connections for initial login pages, but revert to non-encrypted traffic for all subsequent communication. As such, while a user’s username and password may be protected, once they are authenticated, any user on the same network can simply sniff network traffic, obtain a user’s session ID and then hijack their session for a given website. Although this has always been a serious risk, especially on insecure networks such as public WiFi hot spots, some degree of technical knowledge was required to accomplish the attack. Firesheep, opens such attacks to the masses as it turns session hijacking into a point and click exercise. Unless websites mandate SSL for all traffic on the site, session hijacking will always remain a threat.

Fortunately, BlackSheep can be used to let you know if someone is running Firesheep on the same network and protect you.

Read some more here.

and here

or just add the extension to Firefox by going here!

Be safe folks!

Another serious Web Browser hole

Contexis Security has found a BIG problem with WebGL implementations on Windows, Mac and Linux have numerous vulnerabilities which allow malicious web pages to capture any window on the system or crash the computer, according to research from Context Information Security. They actually demonstrate how to steal user data through web browsers using this vulnerability!

The report comes right on the heels of Microsoft’s denunciation yesterday of the security architecture of WebGL and announcement that it wouldn’t be seen in Microsoft products any time soon see here .

Sheesh! IE 9 is proving to be WAY more secure that FireFox and even Chrome! But until I can get the Firefox Extensions I use (or comparable) in IE I’m still a FireFox guy.

So let’s fix that:
To Disabe WebGL in Firefox 4

1. Type about:config in Firefox address bar and continue on through past the warning dialog.

2. Type "webgl.disabled" (no quotes) into the Filter box then Double click Webgl.disabled entry and turn its value into “True”.

3. Restart Firefox browser, WebGL is now disabled in Firefox 4.

To disable WebGL in Google Chrome you will need to:

1. Rright-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

2. Restart Chrome

As always please keep your systems, Web Browses and their plug-ins, Anti-virus/Antispyware software, and applications (especially Adobe products!!) up to date and fully patched.

And try and be vigilant about security and always ‘on guard’.

Latest Mac Malware news 06-04-2011

The Mac Trojan/Malware ‘MacDefender’ now calls itself ‘Mac Shield’.

The malware keeps changing names and looks but still is relatively the same as before. However it is still infecting loads of machines and is, in my opinion very dangerous; it lures users into providing sensitive financial information to thieves.

Sophos for Mac will remove it. (free) Get it here.

So will Virus Barrier Express from the Apple App Store; here. also free.

Here is my previous article too.

More on backups and archiving

“UPDATE!”

After a few weeks of removing loads of nasties from Windows and Mac machines and recovering data from dead or corrupted drives from both types of systems because of malware/viruses and hardware failures, I thought I would republish this.

I must ask you – in this digital age what price will you put on your data?! You family pictures, you financial documents and communications – everything? I don’t ask this lightly. For only a couple of hundred dollars you can KNOW that you will be safe!

People PLEASE HAVE A SYSTEM BACKUP – COMPLETE AND TESTED!!

I have been asked again to explain in more detail with examples of how I personally backup/archive my data. My previous article is here and should be read first.


So here it is in a simple, I hope, form.

I have two external HDDs (actually many but for example this will work) I use Acronis as my primary imaging software. If you use OS X you can use Time Machine, Carbon Copy or Apple’s built in disk image utility. I covered these in the post above.

To create my images I use an external HDD mount, like this.  with drives something like this or this. You can mount the drives in your system if you like or use any other external type of drive. I just like the ease and economy of this set up. It also makes it easy to just take the drives, place them back in the protective bags they come in and put them( rotate) into a safe deposit box.

I create a full image of my system on external HD #1 on Jan 1st  – HD01_Jan_image01.tib
On Jan 2nd I create a full image of my system on external HD #2 – HD02_Jan_image01.tib

I now have two images on two separate drives.

At the end of week one for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_02.tib (or whatever Acronis auto names it.)

At the end of week two for the month I create an incremental backup to external HD #2 – HD02_Jan_image01_02.tib

At the end of week three for the month I create an incremental backup to external HD #1 – HD01_Jan_image01_03.tib

On the 1st of the next month I create a new FULL image to HD #2 – HD02_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

On the 2nd of the month I create a full image to HD #1 – HD01_Feb_image01.tib. Once that image is created I can then delete the previous months images ON THAT drive.

This assures me that if my system were to die AND one of my external drives failed I would lose no more that two weeks of data – usually just one week or less!

You should also copy or store one of the external drives in a fire safe or safe deposit box for true disaster recovery!

As with any good backup plan you should regularly test your backups! Either do a full restore (highly recommended) or at least validate and mount your images to insure they are fully readable.

If you wish to, or have to, for compliance issues (corporations) you can archive your monthly images to additional external drives. I do. I have images of machines that are long gone (some over ten years!) and I have been able to retrieve data I needed very easily and quickly. In fact I needed a Photoshop file recently that I was able to retrieve from one of my images of an old Mac G3!!

Archive3

I hope this helps. Please don’t be the person who loses important personal, family or business data because you couldn’t take a little time and effort to set up a backup and recovery plan. The costs and time are insignificant when compared to the cost of loss!

LastPass Warns of Potential Breach, Ratchets Up Security

OK FOLKS, TAKE NOTE LAST PASS MAY HAVE BEEN HACKED!!

Read about it here.

I don’t use them, but I know many people who do! CHANGE YOUR MASTER PASSWORD IMMEDIATELY!
It’s important to note that they have no evidence that anyone was actually compromised – YET.

Once you change your master password any breach that may have happened will be rendered moot. Their service is still good, I’m sure – just not good enough for me.

I have used KeePass for years and looks like I will continue to do so now for sure – it is open source and resides on YOUR system(s). It may not be as ‘slick’ and completely web based as LastPass but I trust it more. I guess I will NOT be migrating to that service after all.

As a systems administrator and IT guy, I have no less than 78 items in my main password safe! And I have a few smaller ‘safes’ for some of my clients. So it is necessary for me to have a place to keep them all and of course a flat file or piece of paper wouldn’t work.
I keep a KeePass safe on my machines that I sync and also on a usb drive. I have always believed in owning my information.

Be safe folks.