Tag Archives: Security

Windows XP

Windows XP Dead as Advertised–Now what?

msohtmlclipclip_image001[8]
Source: @Thurrott & @TheRomit

Unless you’re an alien visiting earth for the first time today or you’ve been living under a rock, no doubt you’ve been bombarded with the so-called death of the most veritable OS on the planet today: Windows XP!

Yes, XP is officially dead today. Tomorrow is the day after and still you haven’t upgraded to a modern OS, or you cat just pissed on your shiny modern device, now you have to use XP for a while. Well, we know there will be some of you roughnecks or by chance still using the OS after its demise; this advice is for you then to make your life bearable.

Warning: All advice given here does not replace upgrading to a modern “Safe” OS. You are aware of your own risk staying on a Dead OS! (Sorry we just have to insert that Legal bit). Continue reading

About these ads

5-0 Radio Police Scanner App in the Store for old and new Radio Amateurs

image

Well, here is a blast from the past! Internet has spoilt us all, and some of us have forgotten what we used to do back then when there was no Internet. Believe me, some of us have lived in that timeframe where there was no Internet. You asked what did we do to communicate and keep ourselves entertained? We were Radio Amateurs, we send and receive radio signals to long distances to communicate and make new friends, the longer distance you bridged the better; and we listened to Police and Fire Department communications. We knew what was going on before the average Joe knows it. Those were good old times when you had to hunt for information :-). Now, we are overwhelmed with information via Internet, and it has totally wiped out this fantastic human invention from a golden era.

That is why I jumped for joy when I saw this app. Radio amateurs have obviously moved on from basic analog only rigs to digital receivers that are able to stream their signals to the internet. So now, the net is full of these amateurs streaming their receptions. You don’t have to have an expensive rig anymore to listen in to Police communication. I just love this app. I am listening to 10-24 right now in New York Binghamton/Tioga. This is awesome.

The app not only stream scanners, you can also listen to regular radio stations all around the world. Get the app while you can, its free of charge. Here is an excerpt from the Store:

Description
5-0 Radio is a free, all-in-one digital radio and police scanner service that lets you listen to police, firefighter, ambulance, airport, railroad, music, comedy, talk, news, and sports radio stations.
Listen to your stations in the background while you use other apps
Share stations with your friends and family who can listen to them on their own devices
Search stations by music artists, location, name, genre, and songs playing
Save your favorite stations onto presets

Features
Listen to your favorite radio stations including NYC’s Z100, Howard Stern, ESPN, Opie and Anthony, Alex Jones Infowars, idobi radio, 181.FM, and many more.
Tap into the largest collection of real-time police scanners streaming live from all around the world.
Chat with other listeners to talk about what you’re listening to
Get details about the song that you are listening to, such as lyrics
Decode local police codes while using the police scanner

Download now via the Source link below.

Source: Windows Store

Windows Store App Feature: Norton Studio

image

If you use Norton Security Suite on Windows 8, this is something for you. With this App Norton joins Kaspersky Labs in Windows 8 Security Category by providing an interface to Norton’s universe. Mind you, this app is not the Security Suit itself, but a GUI to the Norton Desktop Suit and all the Services provided by Norton in the Cloud. Norton positions this app as a central place to to keep an eye on all your devices running Norton Suit with tiles showing a rolling status. I guess Norton describes it best in the Store as follows:

Description
Uniquely designed and optimized for Windows 8, Norton Studio allows users to view, manage and explore Norton products, on various PCs and devices, from a central location.

Features
Dynamic cycling tile for quick visual status of all your systems that have Norton installed
View a snapshot of what has happened recently on your Norton systems
Fix flagged problems on local and remote systems
Re-subscribe expired systems
Check the Global Threat Level
Ability to get Studio app updated regularly
Explore and view other Norton Products

Yes, Windows 8 comes built-in with the awesome Microsoft’s Antivirus called Windows Defender, but if you choose to use a third-party security suit and you choose Norton, then you might as well use this App, else if you just want to keep an eye on your Norton devices, you can as well do it from your Win8 device. You can download the App from the Source below:

Source: Windows Store

Hacking the Hacker – A lesson in hacker’s Stupidity

image

Imagine you got a tweet from www.newscientist.com that says: “Folded DNA becomes Trojan horse to attack cancer: Hiding a powerful cancer drug inside a complex DNA st…” of course you are interested, so you click on the Bitly tag: bit.ly/S59ztD with which the tweet came, and your are presented with this on a freshly installed Windows 8 Tablet:

image

Popping up a Topmost Dialog box on which the text “Message from webpage” was superimposed has given you away. If it’s the OS antivirus message, it will not have “Message from Webpage” on it. So you showed me a dialog box on which I can only click “OK”. Then I clicked the OK button, and then you showed me an XP UI on my splinter new Windows 8 RTM install. You insult me Mr. Hacker. You need to go back to school and learn how to hack properly. You could have parse my OS string and discover I am running splinter new Windows 8 and just shut the F@#$ck up if you don’t have Win8 Flash video to show me, or have the audacity to present me with Windows 8 flash video.

image

So I clicked on the OK button and you show me in a Web page an XP screen being scanned. In a fu@#$king web-page?! So you are telling me my desktop is running in a web-page, what an idiot. All I have to do to burst your bubble is to right-click on the screen and I am greeted with the usual Flash video property dialog. Its beats me that people are falling for these amateurs. Clicking anywhere on your stupid flash video, you wanted to download an Exe file unto my system, which is promptly flashed as a trojan by Win8 Windows Defender. Even if I wanted, I could not download the file for the live of me for onward transmission to Microsoft Security center for analysis.

I have reported your stupid site to Microsoft’s SmartScreen blacklist site. You’ve been promptly removed from the internet. Go ahead, open another site you worm, it’s a matter of time before you are caught again. People like you are a shame to the geek community, can’t you find a decent job instead of ripping innocent people off. No wonder you go hungry, if you code like what I have just seen, you’ll be collecting unemployment benefit for a long time. If only I have time to come after you and show the world who you are, you two-faced worm.

Which brings me back to NewScientists.com. Be notified NewScientist your site has been hacked. I have been getting some Arabic country travel popup Ads each time I visit your site these past weeks. Obviously you’ve been had, only you didn’t know it. Hopefully with this warning, someone will wake up to cleanup your site. Else we’ll be forced to blacklist you too.

[Update: 2012-08-19]

image

Ok I have an update on this story, it seems its not New Scientist that was hacked but Bitly itself. Clicking on bitly links in tweets is supposed to take you to the shortened site, but it takes you to these hijacked ADs or Virus vendor site. The portal overlays your destination with the hijacked site, sometime it shows you this stupid Travel Ad, or like yesterday, takes you to a virus site.

In this case, the bitly link I clicked in a tweet was bit.ly/RtY6WO which led to this hijacker site: http://da.feedsportal.com/c/33999/f/616880/s/228717b7/l/0L0Swpcentral0N0Cbbc0Eresponds0Edetail0Ewhy0Ethere0Eno0Eiplayer0Ewindows0Ephone/ia1.htm This is definitely a bad sign for Bitly, if hijacker are able to insert code into Bitly strings. The WPCentral tweet that started this can be found here: https://twitter.com/wpcentral/status/237281540864876544, funniest thing is that the hijack is not permanent ‘cause a few minutes later clicking of the bitly link just take you to the correct site. I have also found that clicking on the bitly link doesn’t go directly to bitly, but going through twitters url shortner site: http://t.co/AwByN6Ds. This is so convoluted, question is where is the hijack code inserted, in Bilty, or in twitter’s t.co service. Hopefully I am not the only one noticing this. I am reportiing the Feedportal site to all security sites for blocking. Little step at a time against the scum of the net. Let me know what you think.

The Case of Messed-up Microsoft Security Essentials Install

 

I set out to respond to Mark Russinovich’s blog over his frustration in Installing Microsoft Security Essentials but my response got out of hand so I decided to blog it here as below:

============================================================

Yes, a very recognizable situation Mark. I have faced this foe multiple times I can tell you there is nothing more frustrating to troubleshoot and more satisfying after you traced it and fixed it.

But first, my comment on Microsoft OEMs and Crapware: It is time Microsoft take the bull by the horn and stop this despicable activities on the part of the OEMs. They are destroying the Platform with the load of crapware they dump on new systems. One have to wonder if they do this out of malice. I don’t have any other explanation for their actions. They intentionally bog down a perfectly working system with load of things a user will never use. I don’t think its only as a result of financial remunerations. We need to wrest the platform from them and restore sanity.

Now back to MSSE: I have had to remove temporary AVs from family and friends systems so as to install MSSE, and I can confirm your frustration of broken uninstalls.

But where I face the most challenge is when they download trojans on their systems,  and I am eventually called that the system is slow as snail, or downright BSoD on them. Which begs the question, how are they able to download virus and trojans on a system if MSSE is doing its job well? The answer is simple: Social Engineering.

I have made sure on every computer I manage for friends and family everyone run as Standard User! I always create a Single administrator Account called “Admin” in which I do installs and maintenance. But my problem is I always have to give them the Admin account password. I still can’t convince them that they should let me keep the account for them for their own good. Then you get the response, the PC is mine, why do I have to call you every time I have to install something.

So that is my dilemma, secured the OS, but have to give the key to the owner, and most of them are so susceptible to social engineering. The virus downloader always get them to enter the Admin account password. So they install Trojan as Admin, which promptly disables and messes up the AV install.

So, I have adopted a modus operandi, after cleaning out the virus/rootkit/trojan etc, the first thing I do is de-install MSSE with the option to remove all references to MSSE registry keys. Mark, all your efforts in this blog could have been saved if you ran the MSSE install with the /U key. Yup, just:
C:\MyInstallFloder\mseinstall-x86fre-en-us.exe /u

image

The /U option puts MSSE in uninstall mode, which removes the keys of the previous installs. After that you can run the Install file normally without the option. I have had success this way time and time again.

But just before the holidays, I got a call from my brother, and you guessed right, infected again. The kids have installed some stupid game via a P2P site. After I chided him for giving the kids the admin password, I got to work. Removed the virus by running MS Standalone System Sweeper, which removed the virus and rootkits with the offline scanning mode.

Then I proceeded to remove the old MSSE Reg keys and perform its cleanup. But no matter what I did, I couldn’t uninstall the old install, neither could I install MSSE anew. I noticed whatever I tried to install fails. I was suspecting the MSIExec was damaged, searched the net till I dropped, I couldn’t find any solution.

I dove into MSSE install log, got some cryptic information of failure, something about AppData. So I went online and perused MS KB sites. I found the gem! The AppData entries was intentionally corrupted by the virus/Trojan!

Normally your AppData key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData is set to the value: %USERPROFILE%\AppData\Roaming.

image

But in my brother’s case the virus set the value to “%AppData%”. So in a CMD prompt, if you try to verify you Shell Folders by typing: ECHO %APPData% you will get “%AppData%” back instead of the normal: C\Users\MyName\AppData\Roaming as shown in that cmd prompt screenshot above.

Clever little bastards! Just by changing that string, they made sure you can’t install anything, you can’t install Updates, you can’t install AVs that will remove the virus. It was a learning exercise for me, but it cost me 3 precious days of my life. I hope with this you guys don’t have to pull out you hairs trying to fix MSSE or MSIExec or any Install issues!

Mazel-tov,
McAkins