Monthly Archives: September 2012

New Vulnerability in Internet Explorer Being Exploited in the Wild, What to Do

You might have gotten wind of this, there is an unpatched vulnerability that affects the Internet Explorer web browser, versions 6 through 9, affecting Windows XP, Vista and 7, being exploited in the wild. Unpatched meaning there is no resolution made available to remedy the weakness, therefore it can be used by malware creators and other hackers to take control of users’ computers if and when websites set up to exploit the vulnerability are visited.

Although Microsoft releases updates and patches on the second Tuesday of every month, due to the severity of this one it is releasing an out-of-band update tomorrow Friday the 21st. It will be available through Windows Update. If you use Internet Explorer, it behooves you to apply that patch as soon as it’s released tomorrow.

On a related note, I personally don’t know why people still use Internet Explorer. Perhaps out of habit, having used it for years. But Internet Explorer is from my point of view, the worst browser available. Any of the competition ones, Firefox, Google Chrome, Apple Safari, Opera, is preferable and more secure, faster and more stable. I’d recommend ditching Internet Explorer after test driving several browsers to find the one you like the most.

I’ll be glad to answer any questions on Windows Updates or different web browsers.

Not for Beginners – Bandwidth and Being the Host in XBOX Live

Not for beginners – you’ve been warned.

So you’re playing on XBOX Live and wonder, what would it take to consistently land host when playing games, such as HALO, etc.? I often hear, when playing with friends, their boasting of how much bandwidth they have and how it makes the connection that much faster. 20, 30 50 Mbps download figures are thrown around. Impressive, but that has nothing to do with good hosting capabilities or having a game that is not laggy.

I’ll illustrate. Look at this graph (from my WRT-54GL router with DD-WRT firmware):

 

Click on the pic for a larger version as needed. That’s my router’s bandwidth graphs for the WAN interface. Notice the red line (outgoing data) is above the green line (incoming data) for a good part of the graph. This was captured during an XBOX live game with 8 players in HALO Reach matchmaking, while I was the host for that game. How do I know? the WAN monitoring graph behaves that way when I’m the host,  i.e. mainly the outgoing graph is higher than the incoming. What you see at the end of the graph, on the right, is when the game ended.

But also notice the numbers. I’m hosting a game with 8 players, and there is no lag for anybody particularly, and all it takes for the host is not even 300 Kbps upload speed! I’ve never seen it go over 400 Kbps while hosting a game. So, first of all, the download speed doesn’t matter as much as the upload speed, when it comes to being a host. Second, you don’t need gargantuan download/upload figures to pull host. I have a 10 Mbps down / 1 Mbps up connection, with a relatively low ping, and I pull host every now and then, without any host stealing  tricks or any other cheats.

Now, this is what the graph looks like when I’m in a game but not hosting it:

As you can see, even less bandwidth is required to play as a non-host, about 50 Kbps. And you can see the green line is now above the red one.

This is what it looked like when I didn’t have host, then the host quit in the middle of the game, then I was selected as the new host, and then a few seconds later I lost it:

Oh, and if you watch carefully, you can tell before the game begins if you have pulled host just by looking at how the bandwidth graph behaves. You can see in this graph, in the circled area, the moment where the XBOX live connection tests and awards host to the best connection, in this case mine. This is while still in the pre-game lobby, before the game begins:

In this game, which I was again hosting, 2 non-host players quit (they were getting pwned) and as you can see the bandwidth graph changes, since it now needs to accommodate only 6 players and not 8, so it goes from 320 to about 240 Kbps on the red line. That’s about right, since (320-240)/2= 40 Kbps per player:

The last slump at the end where it goes to the 100 Kbps range is when the game ended.

Not for beginners – TV Tuner Losing HD Channels Periodically

After a recent random change in my cable TV service, I temporarily lost all my HD channels. Re-scanning for channels in my TV handled it, but it didn’t for my TV tuner (Hauppage Win-TV-HVR-2250). When re-scanning for channels in Windows 7’s Windows Media Center, the HD channels count would go up to 38 channels, but somewhere along the line it would lose them all, ending with none at the end of the scan! Fortunately, if I stopped the scanning  process exactly when it reached 38 channels, it would keep them. But now I’m facing other problems.

For one, some of the HD channels’ numbers, names and guide listings were wrong. So I had to edit all those manually, no big deal. But for some reason, within a period of a few minutes to a few hours I would lose all the HD channels again! I figured every time the listings updates were downloaded, that affected the channels. So I added an exception to the firewall so it would block the updater. The problem persisted.

While researching a solution, I developed a batch file to restore a copy of the folder that contained all the settings, programming etc. so I could at least get my HD channels back every time I lost them, with the click of a button:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

For some reason, however, when deleting the ehome folder, it gave an error on 3 files that were locked and still in use. So to better analyze the problem, I introduced a “sleep 5” line in the batch file. So now it looked like this:

net stop "windows media center receiver service"
taskkill /IM ehrec.exe /F
taskkill /IM ehrecvr.exe /F
taskkill /IM ehsched.exe /F
taskkill /IM ehshell.exe /F
taskkill /IM ehtray.exe /F
taskkill /IM ehvid.exe /F
ping 1.1.1.1 -n 1 -w 5000 > nul
del C:\programdata\microsoft\ehome\*.* /s /q /f
xcopy /y /e r:\ehome\*.* c:\programdata\microsoft\ehome
pause

With that, the batch file worked. But that also gave me a clue. With the help of Process Explorer, I carefully observed what happened in those few seconds, and was able to see which process appeared in the scene: mcGlidHost.exe. “Windows Media Center In-band Guide Loader”. Hmm. I wonder if THAT is the responsible for loosing my settings… let’s see. Renaming it to mcGlidHost.exe.old… of course I can’t. First I had to take ownership of the file and changed the settings to full control. Then renamed it.

It’s been a solid 10 hours and my HD channels are still there… Eureka!

Update 4/16/14: Still going strong, but I just realized a potential alternative to

ping 1.1.1.1 -n 1 -w 5000 > nul

which would be

CHOICE /n /c y /d y /t 5 > nul

 

 

 

 

 

More on Hacked Email Accounts

(See this recent article for what to do if your email gets hacked). When helping yet another client get his hacked email account back, I came across two distinct hacker tricks that I thought are worth mentioning.

One is forwarding. This particular hacker had changed a setting in the hacked email account (a Yahoo account) so that all emails received would be automatically forwarded to another email address, which was in possession of the hacker, of course. Thus, if the hacker sent any emails out from the hacked account to the contacts in that account, with one of those famous Nigerian scams (by the way, the hacker was literally in Somolu, Nigeria) and got any replies, the replies would be forwarded to the email account of his choice, which by the way was VERY similar in wording to the original hacked email account so only a very careful eye would notice the difference if the hacker now replied from the second account.

The second one, err, let me backtrack for a moment. There is a setting that can be, well, set, in all emails. It’s called “Reply-to”. User A sends an email to user B, but in that email it’s specified that if user B hits the reply button, the reply will be sent to user C. This setting can be useful sometimes, but in this case, it was a second hidden time-bomb the hacker was using. All the emails sent from the hacked account had a reply-to setting that would send any replies to the hacker’s own account. The only reason I noticed is because I was looking very closely. I mean, who checks that one’s email is going to the right email address when one hits the reply button? Exactly. Very sneaky.

So you see, even if the hacked email account got recovered and back to its rightful owner, with the first trick above he would still not be in control of the emails received, and with the second trick, any emails already sent out would end up, if replied to, in the hacker’s own email account.

The above are two tricks to be aware of, if your email account gets hacked or if you’re at the receiving end of a spam/scam looking email from a known contact.

11/20/13: In handling the most recent email account hijacked, I became aware of yet two more tricks used by the hackers:

A) Use of filters. Often email accounts will have the ability to set filters that perform certain functions on incoming emails, i.e. put them in specific folders as they come in, or perhaps delete them (for unwanted contacts). In this case the hacker had set a filter so that any email sent to the recipient was sent straight to trash. That way nobody emailing the actual account owner would be able to get in touch with him/her.

B) Changing the signature. In this case the hacker had changed the phone # in the signature. In earlier cases they had included a malicious link in the signature, so that whenever in the future an email was sent from that account, it would be sent with a malicious link in it.