Category: tech tips

Terrifying new Ransomware

This is here some scary sh%t.
I know I sound like this guy

the-sky-is-falling-2

about backing up your entire systems to ‘offline/removable’ media but I’ll keep on saying it.

This nasty is spreading fast on corporate networks. Scary thing is it still uses social engineering and poor user training/safety methods to launch/install. It usually arrives as an email attached archived zip file with an executable inside that should have been a dead giveaway that this message was malicious and was in no way legitimate. But sadly most people have not been properly educated on computer safety or are just plain lazy and don’t think to look at what they are doing. But once installed it can wreck havoc on a company.

Please develop and use some kind of offline full system backup plan for your personal and especially your business.

Do not think or rely on ‘cloud based’ backup system to protect you from this type of attack. Think about it, your now encrypted files would be uploaded to the cloud and overwrite your original/good ones.

I’ve written so many times about the need for offline backups you can just look through my blog and find more info about that.

Be safe folks!

Adobe Hacked (again)

Yay another security hack. 🙁

If you have an Adobe Account Please login to their site and change your Password. You may have already received notice to reset them, if so please do!

I’d suggest if you have any payment information associated with any Adobe account/login you remove it! You can read from Adobe about it here.  And some more (and scarier) details from some other tech sites like this one  or this one.

My drumbeat. Backup with Images folks!

Once again I’ve had the frustration of dealing with failed hardware. The system was highly customized with special settings and configurations to enable unique line of business applications and data, plus the ‘regular’ business applications such as MS Office (with custom CRM databases) multiple email accounts and other applications installed after the system was first ‘fired up’. It was an HDD drive failure on a two month old HP laptop.

HP’s solution is to ‘just send the whole thing back and we’ll put the new HDD in with the ‘factory image’. A ‘factory image’ is what the new Laptop ships with; as if you just bought it. None of my installed applications, settings or files would/will be there. Meaning I’d have to finish the initial setup, update the Operating System to a Windows 8 Pro version (the ship version was Home Premium), install MS Office 2013 Pro (again from the MS Store – it didn’t come with system), install all the other business applications required for this user – 4+ separate ones each requiring special configurations to work with Windows 8, AND then get all the files and settings (like email accounts etc.) configured. Oh and of course there would be about a day and half worth of Windows and Application Updates and Patches to apply. Then hope that it all works as it did.

Had this system been IMAGED, I would have been able to remove the dying/dead drive, run down to the local PC store (Fry’s) and buy a replacement drive, install a clean/new one and restore that image to the new drive. The system would then be as it was when the image was created, apps, files, settings and all. Only time would have been the physical HDD removal and replacement and the time it takes for the image restore – that total time would probably have been only one day more or less.

I propose this to all of my clients. But for some reason they often don’t see the value till it’s too late. No matter my insistence. It is usually a, ‘yea, we’ll do that soon..just not now….. Sometimes it’s the capital cost (actually less than $200.00) or time (really very little – to install and setup). But in the end I guarantee that it will always cost more if they are out of business.

However in this case there was no image backup. The system was as a point where it was un-repairable via HP or MS Windows recovery tools and would not boot. I had to remove the HDD, place it in one of my HDD docks and use advanced disk recovery (forensic) tools just to get access to the data. I was then able to copy off nearly all the data to another drive. Note that I recovered data NOT the working system. So all the documents and files this person had are still accessible. But otherwise quite useless with out the applications and Operating system to use them.

I constantly hear the commercials for the many online backup services and their BS promises on the TV and radio. My clients do too. And they like most people do NOT understand that there is a WORLD of difference between a file backup and a full system backup that will enable complete system recovery; Operating System, Applications, Settings and all. It’s good to use some of these services to backup your documents and files (I do and recommend some – see my previous articles on cloud storage). But you must understand that if you SYSTEM fails you need some kind of system recovery, not just files.

I cannot state it emphatically or enough, PLEASE USE SOME KIND OF DISK IMAGING SOFTWARE TO CREATE YOUR BACKUPS!!

I have written many, many times about this. You can read here and here.

My go to imaging software is Acronis True Image. The cost is nominal (right now only $79.00 U.S. for the Home Premium version that includes ‘Universal Restore’. You can check out there deals here. Add to that the low cost of External USB HDDs – less than $100.00 U.S. in most cases, and you can assure that you will NOT be out of business longer than a day or two at most. VS having a to wait for a manufacturer to send out replacement part( s) , re-install and configure everything and HOPE it all works as it did.

Well there you go just another rant after spending a few whole days working my tail off to help one of my clients. Sigh..

Get even more Dropbox space right now.

I use Dropbox to synch some files between computers, devices and the web. Nothing very sensitive but it’s great for photos, tech documents and files and other items. It’s also great for sharing items with others; I can upload something, share it (Dropbox gives a link to ‘share’) I then send that link to those I wish. Pretty cool.

Right now, and I don’t know if it’s a fluke or not, you can get up to 50GB of space just by doing a few things! If you have an account log into it and go here [get space] or create an account, go through the walkthrough (they’ll add space just for doing that) then go to the ‘get space’ link.

  1. Tell them why you like Dropbox.
  2. Let them tweet about you.
  3. Tweet about them.

Just doing these three things got my storage size to 52GB!!

I don’t really tweet much except for tech posts, so I could give a rip about them tweeting to my feed. You may care, I don’t. Also, for my personal ID security and safety, all my login credentials are very different and not connected in anyway for every online service I use.

I do also use other cloud services too (Google Drive, Skydrive etc.) but I’ve posted before about those already too.

Well hope you get your space while the getting is good.

Using Google’s Two Step Verification

If you don’t know what 2-Step Verification is here is a simple explanation: The two-step system uses both a password and a numerical code tied to your mobile phone, which can be sent by Google via SMS or generated by a smartphone app. Either way, it means a prospective hacker would need to obtain both your password and your phone to access your account.

I’ve been aware of Google’s two-step verification system for some time, but I felt my very strong password, the fact that I don’t use that password anywhere else and that it could not be ascertained by usual social engineering methods, was more than adequate protection. I was also concerned the system might be a hassle to use since I routinely sign in from so many different computers and locations. I already do use a password manager (KeePass) that requires not only a master password but I also use a key file too. [There are other very effective password managers out there I suggest you use one. Ars has a good article about that here.]
But with the massive increase in hacking and high jacking of information and the advancement of brute force cracking technologies and techniques I felt it was time to get onto the 2-step wagon.

Also I suggest that if you use Yahoo mail for anything you migrate towards Gmail or some other ISP. Yahoo has one of the worst records for email security. They are  hacked all the time! One recent article is here.
And for petesake please do NOT ‘link’ your Facebook account with Yahoo – that too is a major source of hacked Facebook account activity. If you currently have it linked I suggest you separate it. You can read how here and here.

So here is a brief explanation of how to enable 2-step verification. I will also link to some other resources on how to enable and use it at the bottom. If you find this too complicated or too much of a hassle you can always disable it very easily.

So let’s get started. Login to your account and go to Account then. Security

image

In the Security list you’ll see 2-step verification. This is where you can ‘turn it on’ and edit the settings.

image

Printable backup codes. Warning: If your phone is unavailable, these codes will be the only way to sign in to your account. Keep them someplace accessible, like your wallet, desk drawer or other safe place. Printable backup codes.

image

Here click on ‘Show backup Codes’

image

I printed out a set and put them someplace safe. I also saved them to a text file and imported and copied that text file of codes into my Password management application – KeePass.

If you click on the Application Specific Passwords you can create them for you other applications like Outlook, iMail, ThunderBird etc. Just give it some useful name, click on ‘Generate Password’ and then make sure to copy (or right down) that password – it is only shown once! I just copied each one to a text file so I could then paste them into the proper field (password) on my Outlook/configuration setups.

image

Some other links and info.

Here’s Google’s info page. And more here.

Setting up Mac Mail.

Setting up Outlook.

One more thing to consider if you’re a paranoid guy like me. I have all my browsers set to delete Internet history, cache and cookies when I close my Browsers AND I also run CCleaner many times a day to clean out temp files. Doing this will clear out the 2-Step ‘security token’ so you must manually enter some specific cookies to NOT be deleted in your browser and/or CCleaner.

To create ‘safe cookies’ in Firefox here is a good article. For Chrome go here and read the ‘Make exceptions for cookies for specific websites. The method is just about the same for InternetExplorer and Safari.

For CCleaner you can add the cookies to keep manually. Read here.

The actual cookie names you need to keep are here:

accounts.google.com
accounts.youtube.com
google.com
mail.google.com
apis.google.com
0.docs.google.com
docs.google.com

Hope this helps some. Peace out.

Windows 8.1 news

If you are buying a new PC or laptop and you’ve been holding off because of the new Metro interface you might be in luck.

It looks like Microsoft is pulling a ‘New Coke’ here and admitting that the ‘Metro’ desktop and lack of ‘Start’ button was a VERY BAD MOVE. Especially for those in the business community.

I got this deal earlier this year and it’s still a great one. For those looking for a powerful Windows PC laptop that could easily replace an older high end workstation this is a pretty good choice.
I wrote an article about my original selection, purchasing and finally, my adventures in ‘downgrading’ it to Widows 7 Pro/Enterprise here. Many of the things I do with my system cannot be done efficiently, or at all, from the silly ‘Metro’ interface. And other applications simply wouldn’t run properly.

With Windows 8.1 (which it will release mid to late summer, it is said that Microsoft is going to bring back the traditional ‘Boot to Desktop’ feature along with the much missed ‘Start Button’. It looks like the start button will most likely look like the ‘Windows Charm’ in Windows 8.1 but it hopefully will be there. You can read about that here and here.

IF you are stuck with Window 8, don’t want to go through the hassle of downgrading it, and can’t wait for Microsoft to ‘fix it’, there is a fantastic solution to bring back the old Window 7 interface. It’s called Start 8 by Stardock Software It’s a great app and only costs $4.99 USD. It’s the first thing I install on clients Windows 8 machines when they tell me they can’t handle the Windows 8 Metro interface.

Peace, and be safe.

Java update April 2013

If you haven’t installed Oracle’s most recent Java patch, you should do so now!

Nefarious folks are hacking those that have not patched their systems.
You can find the latest Java here for Mac OSX, Windows or Linux.

I know many folks have taken to removing or disabling Java all together over security concerns. While that may be a solution to some, it is not for all of us. Especially those of us in IT that rely on application/tools that require Java.

There are also a whole lot of interactive and multimedia Internet applications that also require Java.

So IF you have Java installed on your PC – be it Mac, Linux or Window, PLEASE update your system.

One thing I’d like to warn you about while doing this update.

WHILE GOING THROUGH THE INSTALL PROCESS – DO NOT INSTALL ANY TOOLBARS (LIKE ‘ASK TOOLBAR’ ETC.) OR ADDITIONAL SOFTWARE (FREE VIRUS SCANS, BROWSERS ETC.)!!

This whole SCAM of installing crapware, and worse, while simply trying to update plug-ins is getting WAY out of hand. I wish there were some way to stop it but it seems impossible. Seems virtually every plugin-addon tries to install more stuff than you need and should want. Very frustrating.

But if you’re diligent and careful you can keep yourself from being essentially tricked into installing crapware.

So be safe out there folks.

Google Reader replacement RSS/Feed Reader

With the demise of Google Reader fast approaching I went on a search for a good ‘Feed Reader’. And it turns out there are plenty. In this article I’m going to concentrate on Windows and Android platforms and support for what is called ‘OPML’ supported readers/structure. You can read more if you wish here about that. The beauty of using OPML is that you can export and import you feeds/subscriptions to multiple platforms and devices.

I’ll have to fire up the Mountain Lion box and see what works best there; but that is for another article or addition to this one at a later date. Suffice it to say that whatever I end up with on my Macs must also support OPML.

In my searches and trials I found that most of the supposed ‘top rated’ readers actually relied on Google Reader feeds! What? If that is going to be shuttered it would seem moronic to recommend a feed reader based on an extension/application that is going to be shuttered. To be fair most of those using Google Reader’s API said they were going to ‘adjust’ and get around this but I thinks it’s just stupid to invest effort and time or worse even money into ‘vaporware’. Others were Browser ‘Plug-ins’ that wouldn’t allow for importing and exporting of feeds across platforms. AND I chose mine based on the fact that I’m not required to enter ANY account or password infomation such as Facebook login, E-mail Login, Twitter Login etc. I just want access to the information that I could readily get if I was searching the web.
I do NOT use ANY service that uses another service to access their service – this is just one more vector to be hacked and have my information stolen, used, sold or worse. (so sorry Spotify and all you other folks keeping tabs on me..)

I found a simple to use, and pretty powerful RSS reader to get most of my stuff in one spot. It’s a great tool. I use to get all my current news articles in one spot and at a quick glance can read article headlines and summaries and then decide on what I’ll dig into. It’s called FeedDemon.  I use the freeware version – here is the window free application. With it I can read the articles right in the application’s browser or open them up in a full Web Browser.

Install is simple; download and run then walk through the process. I didn’t subscribe to ‘News Gator’ option and skipped that step. I already have way too much info to process and I am capable of searching and finding content on my own though you may find it quite useful.

Subscribing to a new feed is very easy by hitting the Subscribe button which pulls up a window to enter in the feed URL.  You can also enter in keywords and do a search for a topic.
image

You can also preview the feed to make sure it is what you’re looking for.

image

Sometimes there are options as to additional separate ‘feeds’ within that website. You can select them for a more refined feed. Then just click finish and you’ll have a newly subscribed feed.

On thing I am asked is about the unread/read posts. How come my articles are ‘disappearing/being deleted’. Well that’s just an option in the ‘view’ settings. Go Here and read about that.

Another thing I do is to change the ‘default external Browser’ option for security reasons – I use Firefox with high security plug-ins, but you’re just as safe if use Chrome too instead of the default of IE.

Go to Tools>Options>Feedemon Options and select the second tab and click on the ‘Open external links in default browser instead of FeedDemon’

Untitled

Once I had all my feeds subscribed and set up on my main workstation I exported them all to an OPML file. That can be used to import my feeds onto another system or device with ease.

I then used that to import all my feeds into my laptop and Android phone RSS Reader – On my phone I use RssDemon News & Podcast Reader.

Tip: How to get an RSS feed from a Facebook page

I also found a good trick to generate an RSS feed from any Facebook page. Facebook, being the closed arena that it is. may soon figure out how to disable this, but for now it works.

First you need to identify the numeric ID of your page or the ‘front page of the profile you want to follow.

To find the public/front page just go to Google(or Bing or whatever) and search for what you’re looking for. Here I searched “Rush band Facebook” (no quotes by the way)

Then you can use this service: http://findmyfacebookid.com/ to find the actual ID number. [There are other services too. You can search for those if you wish; this was just dead simple]

Once you’ve copied the number, just add it at the end of this string

http://www.facebook.com/feeds/page.php?format=atom10&id=YOURID/PROFILEID

Eg: this URL generates the RSS feed of one of my all time favorite bands.

http://www.facebook.com/feeds/page.php?format=atom10&id=53385812061

Now it’s possible to subscribe the feed of interesting pages, without a Facebook login. Smile

Hope this helps. Peace.

Add Gmail Contacts to iOS 5

Though many don’t realize it the process for importing your contacts to your iPhone from Gmail Address Book is quite simple. Getting them OUT of your iPhone can, depending on how their configured, be much more complicated. But that is for another post. I know that many supposed Mac techs and BigBox retailers will want to charge you plenty for this simple procedure, please don’t let them.

So here we are going to assume that your entire address book is connected to your Gmail account. To import/sync them we are going to use iPhone’s Microsoft Exchange configuration. So let’s go:

  • On your iPhone or iPad, open the Settings app.
  • Scroll down to Mail, Contacts, Calendars and select it.

Mail-Settings-iPhone

  • Next, add a new account
  • At the add account screen you’re going to want to select the Microsoft Exchange option. This is how we are going to import your Gmail contacts.

Exchange-Gmail-Contacts

  • Enter your Gmail address in the email field. Leave the Domain field as “Optional” and fill in your Gmail username (without the @gmail.com) and your password. You can leave the description but remember it so you know what it is later.

Form

  • Click next, the form will update and now include a Server field. In the server field enter m.google.com. Click Next or Done.

server-gmail-iphone

  • It will confirm that you want to sync your mail, contacts, and calendars. Slide these to On for Contacts and Off for the others.  Here we were only concerned with Contacts, BUT you can also synchronize your mail and Calendar too!

Happy computing!

 

Edit: after doing this many times for clients and others I’ve found a guy who created a great video on the above steps! You can watch that here:

Sync Gmail Contacts to iPhone