All posts by remotehelpexpert

New Intel Based Computers Permanently Hackable?

Computer Security

Several friends and associates have asked me about the “New Intel based PC’s are PERMANENTLY hackable” article available here: http://www.jimstonefreelance.com/corevpro.html (Note: you’re likely to get a little confused if you’re not familar with some of the terms in the article, so make sure you have a dictionary handy).

First of all, as noted in the title of that article, not all Intel CPUs are vPro enabled.

Secondly, for vPro to work it requires not only a compatible CPU, but also a compatible motherboard.

Third, there is a deployment/activation phase required for all this to work (although some computers might come enabled from the factory).

Fourth, the statement in the above article that “Core vPro processors work in conjunction with Intel’s new Anti Theft 3.0, which put 3g connectivity into every Intel CPU after the Sandy Bridge version of the I3/5/7 processors. Users do not get to know about that 3g connection, but it IS there.” is inaccurate. Intel’s Anti Theft technology can take advantage of 3G connectivity (3G: Abbreviation for third generation, it refers to the third generation of mobile telecommunications technology, like the technology that allows your cell phone to send and receive emails or access a website) only if the laptop has a compatible 3G connectivity card installed.

So what do all the above mean? Basically that the contents of the article are alarmist by not giving enough specifics, so it becomes a generality. The vPro technology, if enabled and in the wrong hands, sure, can be a security/privacy concern. But that’s hardly the conclusion one would reach if it only read the above mentioned article.

But just in case I’m off to polish my tin foil hat. 🙂

For a list of vPro ready computers (That could be subverted given the right set of circumstances) visit https://msp.intel.com/find-a-vpro-system

 

Holiday Season Email Scams

Computer Security

 

Unfortunate as it is, it’s a fact that email scams pick up over the holidays, so here’s a reminder to keep you safe.

These scams and malware campaigns may include but are not limited to the following:

  • Electronic greeting cards that may contain malware
  • Requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
  • Screensavers or other forms of media that may contain malware
  • Credit card applications that may be phishing scams or identity theft attempts
  • Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

Use extra caution when dealing with these types of emails. Refer to this article on basic good practice points on accessing websites and handling emails. Make sure you have an up-to-date antivirus program. Keep your computer and all its different programs up-to-date for minimum vulnerability to attacks.

Happy Holidays from the Remote Help Expert.

This Month in Computers Updates

Computer Security

This coming Tuesday the 13th – second Tuesday of the month as usual – Microsoft is releasing 6 updates affecting the different operating system plus Microsoft Office. Two of the six updates don’t affect Windows XP, but only Windows Vista and 7, and the other four affect all supported operating systems.

Four of the six updates are classified as “critical”, Microsoft’s top severity rating. One is classified as “important”, the next severity down, and one as “moderate”. Three of the updates will require a restart of the computer to finish the updates, the other three may require a restart.

On related news, Adobe, the makers of software such as PDF reader, Flash, and others, has announced that it will, from now on, match their update schedule to Microsoft’s. So from next month on, expect Adobe updates at the same time as Microsoft’s – on the second Tuesday of every month.

Finally, Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux, and Chrome Frame (a plug-in for Internet Explorer)  to address multiple vulnerabilities.

Windows 8 – Microsoft’s Latest Flop

Technical Tips

There’s no more succinct way to communicate how I feel about Windows 8. I h8 it 🙂  (get it?)

I hated it when I loaded the Developer’s Preview version last Sept. Hated it when I loaded the Consumer Preview version earlier in February. Hated it when loaded the Release Preview in June. But when I loaded a 30 day trial of the final version of Windows 8 Enterprise edition… you guessed it. I still hated it. Perhaps this operating system is geared towards Generation Z? If so, being as it is that I’m not from that generation, it doesn’t appeal to me.

It sort of seems there is a pattern with Microsoft operating systems. Every other operating system they get it right. Going backwards, Windows 8, hate it, Windows 7, love it, Windows Vista, hate it, Windows XP, love it, Windows  ME, hate it, Windows 98, love it, and so forth.

Windows 8’s final version is about to be released in a few days. My advice: If you’re still operating on XP, migrate to Windows 7, but don’t bother with Windows 8, especially for traditional computers (Windows 8 stresses touch screen features such as what can be found in tablets etc.).

Windows 8 will flop.

October Windows Updates

Computer Security

Today, as it’s usual in the second Tuesday of every month, Microsoft is releasing the monthly updates for Windows. This month 7 updates are being published, 6 rated important and 1 rated critical. Microsoft Office and the Windows operating system are the main components affected by these updates.

As always, it is recommended you download and install these updates. If you have Windows Update configured to download and install automatically, no user intervention is required, except perhaps a computer restart at the end of the installations.

An up-to-date computer can be the difference between a clean one and an infected one.

New Vulnerability in Internet Explorer Being Exploited in the Wild, What to Do

Computer Security

You might have gotten wind of this, there is an unpatched vulnerability that affects the Internet Explorer web browser, versions 6 through 9, affecting Windows XP, Vista and 7, being exploited in the wild. Unpatched meaning there is no resolution made available to remedy the weakness, therefore it can be used by malware creators and other hackers to take control of users’ computers if and when websites set up to exploit the vulnerability are visited.

Although Microsoft releases updates and patches on the second Tuesday of every month, due to the severity of this one it is releasing an out-of-band update tomorrow Friday the 21st. It will be available through Windows Update. If you use Internet Explorer, it behooves you to apply that patch as soon as it’s released tomorrow.

On a related note, I personally don’t know why people still use Internet Explorer. Perhaps out of habit, having used it for years. But Internet Explorer is from my point of view, the worst browser available. Any of the competition ones, Firefox, Google Chrome, Apple Safari, Opera, is preferable and more secure, faster and more stable. I’d recommend ditching Internet Explorer after test driving several browsers to find the one you like the most.

I’ll be glad to answer any questions on Windows Updates or different web browsers.

Not for Beginners – Bandwidth and Being the Host in XBOX Live

Not for beginners

Not for beginners – you’ve been warned.

So you’re playing on XBOX Live and wonder, what would it take to consistently land host when playing games, such as HALO, etc.? I often hear, when playing with friends, their boasting of how much bandwidth they have and how it makes the connection that much faster. 20, 30 50 Mbps download figures are thrown around. Impressive, but that has nothing to do with good hosting capabilities or having a game that is not laggy.

I’ll illustrate. Look at this graph (from my WRT-54GL router with DD-WRT firmware):

 

Click on the pic for a larger version as needed. That’s my router’s bandwidth graphs for the WAN interface. Notice the red line (outgoing data) is above the green line (incoming data) for a good part of the graph. This was captured during an XBOX live game with 8 players in HALO Reach matchmaking, while I was the host for that game. How do I know? the WAN monitoring graph behaves that way when I’m the host,  i.e. mainly the outgoing graph is higher than the incoming. What you see at the end of the graph, on the right, is when the game ended.

But also notice the numbers. I’m hosting a game with 8 players, and there is no lag for anybody particularly, and all it takes for the host is not even 300 Kbps upload speed! I’ve never seen it go over 400 Kbps while hosting a game. So, first of all, the download speed doesn’t matter as much as the upload speed, when it comes to being a host. Second, you don’t need gargantuan download/upload figures to pull host. I have a 10 Mbps down / 1 Mbps up connection, with a relatively low ping, and I pull host every now and then, without any host stealing  tricks or any other cheats.

Now, this is what the graph looks like when I’m in a game but not hosting it:

As you can see, even less bandwidth is required to play as a non-host, about 50 Kbps. And you can see the green line is now above the red one.

This is what it looked like when I didn’t have host, then the host quit in the middle of the game, then I was selected as the new host, and then a few seconds later I lost it:

Oh, and if you watch carefully, you can tell before the game begins if you have pulled host just by looking at how the bandwidth graph behaves. You can see in this graph, in the circled area, the moment where the XBOX live connection tests and awards host to the best connection, in this case mine. This is while still in the pre-game lobby, before the game begins:

In this game, which I was again hosting, 2 non-host players quit (they were getting pwned) and as you can see the bandwidth graph changes, since it now needs to accommodate only 6 players and not 8, so it goes from 320 to about 240 Kbps on the red line. That’s about right, since (320-240)/2= 40 Kbps per player:

The last slump at the end where it goes to the 100 Kbps range is when the game ended.

Not for beginners – TV Tuner Losing HD Channels Periodically

Not for beginners, Technical Tips

After a recent random change in my cable TV service, I temporarily lost all my HD channels. Re-scanning for channels in my TV handled it, but it didn’t for my TV tuner (Hauppage Win-TV-HVR-2250). When re-scanning for channels in Windows 7’s Windows Media Center, the HD channels count would go up to 38 channels, but somewhere along the line it would lose them all, ending with none at the end of the scan! Fortunately, if I stopped the scanning  process exactly when it reached 38 channels, it would keep them. But now I’m facing other problems.

For one, some of the HD channels’ numbers, names and guide listings were wrong. So I had to edit all those manually, no big deal. But for some reason, within a period of a few minutes to a few hours I would lose all the HD channels again! I figured every time the listings updates were downloaded, that affected the channels. So I added an exception to the firewall so it would block the updater. The problem persisted.

While researching a solution, I developed a batch file to restore a copy of the folder that contained all the settings, programming etc. so I could at least get my HD channels back every time I lost them, with the click of a button:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

For some reason, however, when deleting the ehome folder, it gave an error on 3 files that were locked and still in use. So to better analyze the problem, I introduced a “sleep 5” line in the batch file. So now it looked like this:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
ping 1.1.1.1 -n 1 -w 5000 > nul
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

With that, the batch file worked. But that also gave me a clue. With the help of Process Explorer, I carefully observed what happened in those few seconds, and was able to see which process appeared in the scene: mcGlidHost.exe. “Windows Media Center In-band Guide Loader”. Hmm. I wonder if THAT is the responsible for loosing my settings… let’s see. Renaming it to mcGlidHost.exe.old… of course I can’t. First I had to take ownership of the file and changed the settings to full control. Then renamed it.

It’s been a solid 10 hours and my HD channels are still there… Eureka!

Update 4/16/14: Still going strong, but I just realized a potential alternative to

ping 1.1.1.1 -n 1 -w 5000 > nul

which would be

CHOICE /n /c y /d y /t 5 > nul

 

 

 

 

 

More on Hacked Email Accounts

Computer Security

(See this recent article for what to do if your email gets hacked). When helping yet another client get his hacked email account back, I came across two distinct hacker tricks that I thought are worth mentioning.

One is forwarding. This particular hacker had changed a setting in the hacked email account (a Yahoo account) so that all emails received would be automatically forwarded to another email address, which was in possession of the hacker, of course. Thus, if the hacker sent any emails out from the hacked account to the contacts in that account, with one of those famous Nigerian scams (by the way, the hacker was literally in Somolu, Nigeria) and got any replies, the replies would be forwarded to the email account of his choice, which by the way was VERY similar in wording to the original hacked email account so only a very careful eye would notice the difference if the hacker now replied from the second account.

The second one, err, let me backtrack for a moment. There is a setting that can be, well, set, in all emails. It’s called “Reply-to”. User A sends an email to user B, but in that email it’s specified that if user B hits the reply button, the reply will be sent to user C. This setting can be useful sometimes, but in this case, it was a second hidden time-bomb the hacker was using. All the emails sent from the hacked account had a reply-to setting that would send any replies to the hacker’s own account. The only reason I noticed is because I was looking very closely. I mean, who checks that one’s email is going to the right email address when one hits the reply button? Exactly. Very sneaky.

So you see, even if the hacked email account got recovered and back to its rightful owner, with the first trick above he would still not be in control of the emails received, and with the second trick, any emails already sent out would end up, if replied to, in the hacker’s own email account.

The above are two tricks to be aware of, if your email account gets hacked or if you’re at the receiving end of a spam/scam looking email from a known contact.

11/20/13: In handling the most recent email account hijacked, I became aware of yet two more tricks used by the hackers:

A) Use of filters. Often email accounts will have the ability to set filters that perform certain functions on incoming emails, i.e. put them in specific folders as they come in, or perhaps delete them (for unwanted contacts). In this case the hacker had set a filter so that any email sent to the recipient was sent straight to trash. That way nobody emailing the actual account owner would be able to get in touch with him/her.

B) Changing the signature. In this case the hacker had changed the phone # in the signature. In earlier cases they had included a malicious link in the signature, so that whenever in the future an email was sent from that account, it would be sent with a malicious link in it.

Oracle Java New Vulnerability Being Exploited in the Wild

Computer Security

The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs.

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may enable a  remote attacker to execute arbitrary code on a vulnerable system. This is done  by convincing a user to visit a specially crafted HTML document (many websites use HTML as the language to display web pages).

This vulnerability is being actively exploited in the wild, and exploit code is publicly available. One of the most popular hacker tools in use, Blackhole, has added this vulnerability to its toolkit. Blackhole bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer.

Oracle’s next scheduled update to patch this vulnerability is in October, which makes it temporarily impossible to resort to an update to handle the situation.

What to do

Disable the Java plug-in:

Disabling the Java browser plugin may prevent a malicious webpage from exploiting this vulnerability. There are different methods for disabling the Java plug-in, depending on the web browser you use:

Microsoft Internet Explorer: Due to the complexity and impracticality of disabling Java in Internet Explorer, you may wish to uninstall Java to protect against this vulnerability, until a patched update is published.

Mozilla Firefox: How to turn off Java applets

Apple Safari: How to disable the Java web plug-in in Safari

Google Chrome: See the “Disable specific plug-ins” section of the Chrome documentation for how to disable Java in Chrome.

 

I’ll be glad to answer any questions you might have on the subject.