Mike's Mostly Tech blog

Disable UPnP to Protect Yourself from New Security Hole Found in Wi-Fi Routers.

If you don’t know. And most of you probably don’t. There is a major security flaw that has been recently aggressively exploited. It could allow people with malicious intent access your system(s). Mac, Windows PC and Linux, all are vulnerable because this is NOT a OS flaw, but a router flaw! So please don’t think you are safe just because you by into the belief (very wrong by the way) that ‘your’ type of Operating System ‘doesn’t get infected…’. Scans from security companies have shown about 50 MILLION vulnerable access points already.

It is strongly suggest that end users, companies, and ISPs take immediate action to identify and disable any internet-exposed UPnP endpoints in their environments.
UPnP is pervasive – it is enabled by default on many home gateways, nearly all network printers, and devices ranging from IP cameras to network storage servers.

Rapid7.com has an online tool here that can check the external interface of your router and let you know if you are vulnerable.

To fix/resolve this issue all you need to disable UPnP on your wireless router.
Since each router is different, you’ll need to login to your wireless router’s admin panel (use the manual to figure that out), and then find the UPnP setting. This may require someone with more skills (like your teenager) or an IT professional (preferred method) to turn this off for you you. But however you do it, please do it.

Be safe. Smile

Tech power and input deals.

For those with laptop/portable computers you know what it’s like to always have to pack everything in your bag for each trip.

Why not keep have an extra power supply so that you can have one at home AND the office (or in your bag) always waiting? No constantly having to reach and dig behind the desk to unplug the power supply. And then do the same when you get to the office.

Here is a super solution. And right now this is on sale for only $19.99 w/free shipping at Newegg.com.
Rosewill RMNA-11001 Universal automatic Notebook Power Adapter 90W
http://bit.ly/KSUOpD

And while your at it how about an additional mouse? I use this one on PCs and Macs. Works great. I have a few of these too – home, office and travel bag.
http://bit.ly/UBT2ib

Just thought I’d pass this on.

Fix hyperlink issues in Outlook Word and other documents and files.

If you are experiencing an issue “Can’t follow links in email “this operation has been cancelled due to restrictions in effect on this computer” error. Or getting the same error in other Office documents, then this should resolve it.

I’ve had a few clients who have had the same problem recently. Two small offices and a larger organization.

It seems they all had one thing in common. The users had recently installed and Chrome recently. And then finding this Browser was unintentionally (or secretively) installed they proceeded to uninstall/remove it. For the small office/home user this problems occurs very often. Most users have to be able to install applications. For the larger organizations this is a failure of the IT department (or their companies SOP and Policies) to properly restrict usage rights in their Active Directory GPOs

This ‘unintended’ install comes from one of my MAJOR pet peeves – software installing other non-essential and unwanted software. I believe this practice of getting unsuspecting or unaware users to install something they did not want or need by tricking them in to ‘just clicking through’ and installation of a needed or required application, plug-in or extension is downright fraudulent. Adobe is one of the worst offenders. When you update your ‘Flash Player or Shockwave Player’ they will usually try and slip in Google Chrome, McAfee or Norton Antivirus applications. And when they install those they are then set as ‘default programs’! All of which can lead to problems of usability and stability. I could go on this rant for a while but just please be warned read carefully what you are agreeing to install when you choose to update your programs/plug-ins. Make sure you ‘un-check’ any other crapware other than the actual application you are actually looking for. Okay, enough about that.

Fix for hyperlinks in email and documents:
You will need to open the registry (Go to Start type in regedit then on the found file right-click and choose ‘run as administrator) then navicate to and change the following keys from “Chromehtml” to “htmlfile”.

—
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Classes\.htm]
@=”htmlfile”

[HKEY_CURRENT_USER\Software\Classes\.html]
@=”htmlfile”

[HKEY_CURRENT_USER\Software\Classes\.shtml]
@=”htmlfile”

[HKEY_CURRENT_USER\Software\Classes\.xhtml]
@=”htmlfile”

[HKEY_CURRENT_USER\Software\Classes\.xht]
@=”htmlfile”

[HKEY_CLASSES_ROOT\ftp\shell\open\command]
@=”\”C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\” %1″

[HKEY_CLASSES_ROOT\http\shell\open\command]
@=”\”C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\” %1″

[HKEY_CLASSES_ROOT\https\shell\open\command]
@=”\”C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\” %1″
—
Note you can also take the above and create a registry batch file.
Just copy the registry information (between the –) and save as a .reg file. That can then be launched and added to your registry.

This registry batch file can also be used to change the HKCU registry entries via Logon Script in Group Policy.
Create Registry.bat file with text:
systemroot%\regedit /s Registry.reg

Open Group Policy object, go to User Configuration > Windows Settings > Scripts > Logon
Click on Show Files (this opens a folder in \\domain-name\SysVol\domain-name\Policies\… ) and copy both files you created to that folder.
Click on Add and select Registry.bat
Deploy Group Policy object where required.

Well I hope that helps some.

Security Update release for Java

Looks like Oracle has quickly released a patch to the serious Java security whole. But it also looks like they ‘poorly packaged’ it. So it may not install correctly on all Operating Systems.
First, verify you have the latest version of Java installed; go here.

If not, then get the latest version here.

The Linux and OS X versions seem to install without error. But…
For Windows users you may get an error “Error 1714. The older version of Java cannot be removed…”
This can be fixed by first ‘trying’ to uninstall all the Java applications you find.

Go to Control Panel>Programs and Features>Java.. then pressing uninstall for each Java application listed.

If that fails (and it has for me on two Windows systems) Grab Microsoft’s Uninstall Utility here, run it and choose ‘having problems uninstalling..’ and let it do it’s thing. You’ll be presented with a window showing what applications you wish to remove; choose Java 7 or what ever was giving the error.
Then after finished again try to install the latest Java again (the one you downloaded previously. (source)

Be safe out here. Peace

Fix Virtual Box Expanding Files disk; stuck at 99%

Just wanted to add some good information on using Virtual Box to install Windows 7 or Windows 8 (see my post here about installing Windows 8 into a virtual machine using Virtual Box.) Or any other OS for that matter. For more information about using Virtualization check out this post.

OK so the fix for the issue.

While installing Windows 8 (or 7) or other Operating System you may run into the issue where you are booting from a virtual or real CD/DVD and during the installation process it just ‘hangs’ at the ‘Expanding files…’ part of the install at the beginning. It will usually get to somewhere around 98%-99% and just hang there. Very aggravating. The solution is really simple!

Shut down the machine. Then On the settings tab, go to storage and then under SATA Controller you’ll see you virtual hard drive. Remove that using the button remove attachment. Then on the IDE Controller there is a small button “Add Hard drive” click that and locate you virtual hard drive you created earlier.

By doing this your hard drive will come under the IDE Controller. This fix worked for me on a Windows 8 and Windows 7 installation, I kept getting stuck on expanding files but this worked. No fuss no muss and all installed and worked well and very fast!

I hope this helps some.

How to install Windows 8 Consumer Preview using VirtualBox

Here I am going to show you how to install Windows 8 Consumer Preview into a Virtual Machine using VirtualBox. I will be showing the method for Check out my previous article on ‘Getting Started with Virtualization’ first for a good primer.Make sure you have plenty of free hard drive space – probably 30GB should be sufficient.

Make sure your processor supports virtualization AND 64bit processing.

To do that download ‘SecureAble’ from GRC.com and run it (after downloading it righ-click and choose ‘run as administrator’. Download is here.

You should see a screen like this screen

if your system will let you use Hardware Virtualization and has 64bit processing capabilities. IF it doesn’t there is NO need to continue. You will NOT be able to do anything mentioned here.

So let’s get started

Download the latest version of VirtualBox

Download Vbox Extensions Pack [To install you need to first install VirtualBox then double-click the extensions pack and it should be added to the VirtualBox installation]

Download Windows 8 Consumer Preview (64bit) (copy the Product Key to a text file too!)

Install all of these ‘as administrator’.

After installation:

1. Launch Virtual Box. (Make sure you’ve installed the Extensions pack) Click New to create a new virtual machine and type a name for it.

2. For Operating System version, select "Win8 64-bit"

3. For memory size, enter 3090MB, more or less. Microsoft recommends 2GB at least for the 64-bit version. Click next/continue through the next screen to create a startup disk.

4. Click next/continue again to create a VDI file.

Then

5. Use a Fixed size disk, for better performance (especially since this is just a test virtual machine).

6. A 25GB disk size is probably fine; that’s the minimum Microsoft recommends for the 64-bit version.

7. Click Create and your virtual disk file will be created.

And then..

Now you will have a new Virtual Machine – Windows8Preview, that we will need to make a few more edits to before we can start it.

You’ll notice I have some other Virtual Machines here. [But we are only concerned with the Windows8Preview one for this article.]

So right-click on the Windows8Preview VM and click on ‘Settings’

Under the ‘System’ options make sure to set the options to look like this:

Click to the Processor tab and then check ‘Enable PAE/NX’

Under Acceleration: Enable VT-x/AMD-V and Enable Nested Paging

Next click on the Storage Options

Click the CD icon next to CD/DVD Drive, then choose the virtual CD/DVD disk file to browse to the Windows 8 ISO file you downloaded.

Then navigate to the directory where you downloaded the Windows 8 ISO file, click open.

Finally click Start to begin the installation and walk through the Windows 8 installation.

TAKE NOTE THAT TO ‘REGAIN’ CONTROL OF YOU MOUSE OUTSIDE OF THE VIRTUAL MACHINE YOU’LL HAVE TO USE THE ‘RIGHT Ctrl’ TO FREE IT UP!

Press install and then you will have to enter the preview Key:

Choose Custom (New)install and then Next to select the drive (virtual Hard Drive we created)

The install will then start

Then walk through the setup:

Continue to walk through Setup, I chose to ‘Sign in without Microsoft account’ you can however if you wish use a hotmail or live mail account:

The important thing to know that with the mouse the ‘corners’ of the screen are where most stuff happens in the ‘Metro’ GUI. You can use your mouse to click and ‘scroll’ around the metro applications or move it over to a corner to pull up the ‘Charms’ on the lower right corner, recent applications on the upper right corner and the ‘faux start menu at the lower left.

The new Metro GUI will take a whole lot of getting used to.

It would be good to watch video first to get a little understanding of the system. (don’t fall asleep though Smile ).

For me I doubt I will ever use Metro much except when I’m doing support for end users on their system. I have WAY too many applications for this type of interface and prefer the old Windows 7 Style Start Menu.

Thankfully that can easily be enabled in Windows 8. To do so – in Windows 8 Consumer Preview open Internet Explorer and go to this site, [here is the address so you can enter it manually if you need to http://www.stardock.com/products/start8/ ]

Enter an email address (hint – ANY will do) and download the application. Then once downloaded ‘right-click’ and choose ‘run as administrator’. And you will now have the old Start Menu and some new ‘right-click’ options such as ‘run’ shutdown’ and more.

Well, there is a start for you to mess around with Windows 8 and get a feel for the future of Windows Operating Systems. By using VirtualBox you don’t have to worry about messing up you current system. You can always delete your VM and start over or just get rid of it. Winking smile

I’m going to be adding a whole load more posts as time goes on on how to use Windows 8. This is such a big step for end users I foresee a whole lot of confused, frustrated and aggravated users.

Keep checking back for more.

Avoid Internet Doomsday: Check for DNSChanger Malware Now

Some background:
The DNS system is a network of servers that translates a web address — such as http://www.google.com — into the numerical addresses that computers use to locate actual websites, computers and servers. It is known as the Internet’s phone book, which translates URLs to the IP address for the server hosting the Web site. This is not only true for Web sites, but also for any other Internet-based service being used, including servers for e-mail, backups, synchronization, chat programs, and calendars AND antivirus programs to update themselves.

Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the “Operation Ghost Click” raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.

If the FBI were to simply shut down the DNS network, then the millions of computers that had been affected by the malware would instantly no longer be able to access the Internet, and given the scope of this malware infection, would suddenly cut off many and very likely have a notable negative impact globally. Being infected with the malware, these systems would not benefit from users checking for and changing their DNS settings, since the malware would continually revert it and thereby continually disrupt communications.

To prevent this, the FBI instead chose to keep the rogue DNS servers active and convert it to a legitimate DNS system for infected computers. Since November 2011, there has been a campaign by the government, security agencies and MANY high profile internet service providers (ISPs) to notify users of the DNSChanger malware and offer services to help users identify systems that are infected.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

To quickly and easily see if this may affect you and what you can do about it visit this site

Click on the link in the middle of the page and you will be notified if you are currently infected.

If you are infected/compromised you can visit this page for resolution tips and instructions.

Remember this trojan/virus will affect PC’s AND Macs. Better safe than sorry. Or you could always call me for a hou$e call when your system won’t connect to the internet.

You can read the FBI’s page here.

Google has one here

Facebook also has one here.

Spring Data Backups and Recovery

So it’s spring time woodchuckers. Time for some cleaning and maintenance for many around that house. It’s also a good time to check your backup plans and procedures for your digital data too. Or if you don’t have any make and apply some sort of plan.

You know those stupid commercials about not knowing when you will lose your data. Well, THEY’RE TRUE! It is not a matter of ‘IF’ but WHEN. There are many factors and events that can cause a loss of your important data: Things such as fire, flood, earthquake and other natural disasters. Power surges or outages. Theft of your primary system(s) failure of part or all of your system(s) and of course malicious software such as extortionware or virus’. Remember electronics like everything else WILL fail. And of course usually when you need it most or expect it least.

So please design and USE some sort of plan. I recommend a solution that utilizes technology to it fullest. And for that I recommend backing up you data locally to external/removable hard disk drive(s) (that can and should then be stored in a fire safe or safe deposit box!) along with a combination of some form of ‘cloud’ type of service. I’ll discuss both here.

Cloud Storage solutions such as Mozy, Carbonite etc. and other ‘Synchronization’ type of services such as; Dropbox, Box.net, iCloud, SkyDrive and many others offer a wonderful addition to ANY backup plan. And I use many of them and recommend them as an addition or supplemental solution. You can read my previous article here.

There are a number of things to consider with ‘Cloud’ services, things like:

Bandwidth and storage size – you will be backing your data up to the cloud, and it’s your Internet connection you’ll be using. You need to evaluate your internet connection (and ISP rules and limits regarding that bandwidth – some ISPs severely restrict the amount of data you can use per month!), and whether or not you need to increase your bandwidth speed and/or allotment.

Backup and Restore times – If you are backing up (or synchronizing) a lot of data, how long will it take for the backup and more importantly the ‘restore’ to occur? There are two methods for moving the data back and forth – one is to backup the ‘entire’ file(s) each and every time they are modified. The second is to just synchronize/backup the changed data (called delta or diffing).

Will the company be there when you need it?! – Startups sometimes offer amazing prices for cloud storage but require a leap of faith on behalf of users that they’ll still be around next year. It’s possible that even established services could disappear overnight, but more likely the owners will tell you if the service is to terminate, and give you a chance to make other arrangements or retrieve data. Make sure to choose one with a LONG track of ‘being there’.

System Resource Usage – Some applications can cause your system to dramatically slow down while others are ‘lighter’ on systems resources and synchronize or back up when you are not using your system or at scheduled times. The best way to find out which works for you is try a few of them.

And of Course Security – This is not a small thing. You must make sure your account is protected by a very secure username and password AND that the service you use is very reputable. Also for backup services (vs just the synching type) do they offer ‘full file encryption’? How are your files AND passwords stored on that system – are they themselves encrypted? Are files encrypted before they are sent to the cloud storage provider and are they transmitted via a secure connection (https, sftp etc.)?

On a personal note I don’t put ANYTHING in the ‘Cloud’ that contains any truly sensitive information. I simply synchronize documents, photos and other files that I may not really want to have someone access but that I would still not be ‘harmed’ if they were somehow compromised and accessed. For these purposes – easy access to my documents and files from anywhere, and also collaboration with individuals or teams, the cloud reigns supreme; I can place working documents into many locations, access them from just about anywhere and even share them if I need to. I can also restore ‘lost’ or previous versions of documents and files fairly quickly and easily with these ‘cloud services’. Like I’ve mentioned many times previously, I am extremely careful about my personal security so I use cloud services as an ‘adjunct’ to my ‘real’ back/disaster plan.

I back up ALL my data using disk imaging. It is the only method that can reproduce, to an exact point in time, your existing system; Operating System, Applications AND files quickly and easily. Usually within less than a couple hours depending on the size of your image(s).

With disk imaging (or cloning) I have the ability to be up and running extremely fast. I can restore an entire system or individual files. No need to re-install an operating system and applications and then update them just to be able to access my files. External Hard Disk Drives (and spare internal ones too!) are very inexpensive and getting cheaper all the time!

I have written many times previously [read here and here and for Macs here ]about the prudence and wisdom of having backups of your digital data. And by backup I mean that your data exists in TWO places at once and is able to be accessed or recreated from either source quickly and easily. For this I believe the best solution is to use Disk Images for both Windows PC’s and Mac OS X systems.

Please read my other articles (linked above) and get and work a backup plan. For my Windows operating systems I use and recommend Acronis and for Apple OS X systems I recommend Carbon Copy Cloner. Both provide a superior solution to those built into either respective OS.

Peace, and good luck.

Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes “the most common variants of the Flashback malware.” Check that out here. You should definitely update your Java NOW!

For Windows users.
It’s even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

“We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.

Peace.

More Scareware going around–Fake disk errors and hidden files.

More security news. There is another round of Scareware/Trojans going around that trick users into infecting their machines http://bit.ly/zqaBJK and then ransoming a fix for money.

This new threat, named "Trojan.HiddenFilesFraud.A" by Bitdefender’s researchers, hides all files and folders on your machine and disables some standard keyboard shortcuts so you can’t un-hide them. To further inflame your mania it displays error messages as-if from Windows reporting such worries as "damaged hard disk clusters." Disk scareware hides files.Just when your frenzy is at its peak, the fake disk repair tool goes to work. It busily spins and flashes and eventually reports a plethora of errors. Want the problem fixed? All you have to do is register… for $80. The worst of it is, even when you do register it doesn’t unhide your files. Pay $80 for the repair utility that will do absolutely nothing once purchased. The scam is done, the money is gone. And there is a good chance your credit card will be used for more fraudulent activity in the very near future!

It displays a fake ‘error’ and ‘fix window’ that if clicked on (EVEN TO CLOSE!!) actually infects the machine! The the user is supposed to be scared enough and convinced to reach for his pocket and

Please keep your Anti-virus/Spyware application, Systems and especially your Browsers up to date! I have posted previously on how to ‘get out’ of this bogus application look here http://bit.ly/pUhosM and throughout my blog for MANY articles regarding security please check them out. Or you could just pay me to fix what you mess up for not following my advise. Smile

Be safe folks! Peace.