A friend called that he opened a Microsoft Word file from an unknown sender, and clicked the “Enable Macro” security option, and then his computer stopped working with the following error message window prompted.
Windows has encountered a corrupted folder on your hard drive.
Multiple corrupted files have been found in the folder “My Documents”. To prevent serious loss of data, please allow Windows to restore these files.
And there are two “Restore files” and “Restore files and check disk for errors” link at the bottom. My friend did not believe these messages were legitimate ones from Microsoft and suspected that his computer was infected by some kind of virus / malware. So he didn’t go ahead to click any of these two links and gave me a call. I am glad he did since who knows what would happen if he clicked them. Continue reading
Today, I just finished a joint presentation in the Tech Forum. And I would like to share some topics I discussed in the presentation.
1, Password and Tooth Brush
A lot of people is familiar with the quote “Treat the passwords as your tooth brush: do not share with others, and change every 3 months”. But today I also added another point into this quotation: “Don’t use the same one in different rooms (sites)“. This is for those who always use the same passwords for all their applications, and web sites. The risk is that if someone knows their passwords from a weak protected site, then all other sites and applications are exposed to attack. I know this from my real life example. A few years (almost 10 years, woooo, time flied fast) ago, I set up a discussion forum for all of my friends and classmates. And some of them signed up to this ASP/Microsoft Access system. You might have guessed, I didn’t use any encryption at all, and no surprise I can read all forum passwords by opening the user table in Access. And I used the same email (for example, hotmail) and password could successfully log onto one of person’s email account. It would not have happened if you use different passwords on different sites, especially don’t share the same password with your email accounts/banking accounts with some other suspicious sites. Continue reading
Today got a call from a friend and was told that her computer might be virus infection since a new anti-virus software always prompted up and warned her everything. And this new anti-virus is named “XP Internet Security 2010″, but she said she never installed it before. Now she was scared since too many viruses found on her computer according to the ‘XP Internet Security 2010” application warned. Based on what she said, I could tell she got a new malware infected instead of a lot of viruses.
I was asked to secure one of my friends’ small business network by limiting all USB storage devices. I started with the Microsoft Support article (How can I prevent users from connecting to a USB storage device?), and the following is what I tested and worked for a stand-alone Windows XP machine:
To disable the access to USB port, in windows XP and 2000, follow the steps below
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate, and then click the following registry key:
4. In the right pane, double-click Start.
5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
6. Quit Registry Editor.
In recent news the Internet is talking about how a college guy hacked Sarah Palin, 2008 USA vice president candidate, personal Yahoo email account. Actually there was no technical scripting or coding involved in this hack issue. What the “hacker” did was to use Yahoo’s password recovery function by answering 3 security questions. For example, Sarah Palin set up the following three security questions to help her retrieve forgotten password (actually pre-set by Yahoo!). 1), what is her birth date; 2), what is her house zip code; 3), where did she meet with her husband; In the event of her forgetting her email password, what she needs to do is to answer these three questions and reset the password.
Sometimes it is very funny to see how the Internet work. The Internet is great with its powerful penetration degrees, it can reach to anyone, anywhere and anytime. That is why we are happy to get all these unlimited information we need from the Internet. But if we did not pay attention to the information date, things will be different. I remember weeks ago, a undated news about one Airline merging had been ranked top in Google News even it was an old news. But this news item caused the stock market moving crazy for a while because people thought this airline would talk acquisition again.
But of course, today I am here not talking about something like that crazy. I just wanted to mention one blog post which has been pop-up on the Internet recently and referred to me by co-workers a couple of times.
This blog is about Hacking a commercial airport WLAN with a simple Image handler manipulation. It is great since everybody wants Free Wi-Fi. That is why it was becoming popular in digg and introduced in Lifehacker blogs. But everyone was just blindly excited and forgot the most important thing: check the publish date of this blog!
Today one of my friends asked my helps on tracing or finding out another people’s IP address. He indicated this guy(s) had his Yahoo! Messenger account and email address from some ways, then started to harass him in instant messages and emails with nasty words and graphics. My friend tried to know who this “bad ass” is(are) and where he(they) is(are) from. So a basic IP will be a starting point.
After researching and testing, I offered him some tips to find out the IP addresses from emails and messengers. But I could not guarantee the accuracy of my recommended ways since IP addresses alone could not identify anyone, especially dynamic IPs, ISP routers, and proxy could be used at the another end. So the best way is to report to the law force team and let them co-operate wit ISPs if the damage is serious. Of course, you can try these recommended ways to find out some information first anyway.
Since this late noon, all of my domains on the Microsoft Windows Hosting server at 1and1.com could not be accessed. I called the tech support and was told all A records of my domain names have been pointed to an external IP address (184.108.40.206). Even I swore to the tech support that I did not make any changes on my DNS setup, but she insisted that only the owner of my account (of course, me) can do such changes. And I asked whether they could do some investigations to see who and when made such changes from logs, but I could not get any satisfied answer from her. Anyhow, the important part at this moment was to get all my domains back. So I had to manually change all A records back to my hosting server’s IP addresses. I was glad I only host less than 20 domains on this Microsoft platform, image I would have to change my Unix hosting domains (Shhhhh).
Challenge: This afternoon, a co-worker came to me and ask my help to retrieve her forgotten admin password for HP Web JetAdmin login. The situation was that she had been using another created profile too often to remember the default admin account logon credential. She tried the default password ‘admin’ but it did not work.
First, I asked whether this software uses any database to store password since I thought we can open any database tables. She said there was a MS SQL server installed on the server but she did not think we are using the database server now.
Then I figured it might use the flat file to store such user credential information, even I trusted such big company as HP would not do so. But anyway, I asked to take a look at the Web Jetadmin server. And I hope I can figure something more out from the web server logon script.
I have removed all McAfee services, like Anti-Virus, Anti-Spam, but I still could not proceed when I last tried to uninstall the McAfee Security Services Center. The error message was:”…you need to uninstall all McAfee Security Services first…“.
Today one of my co-workers in Finance department asked me to take a look at an Excel worksheet. He needed to add something in but all modification options like Insert, Delete were grayed out. He mentioned he was not the original guy did this worksheet and the guy who did this worksheet had left.
Today I received an email forwarded by one of my co-workers. In this email, the sender said he is from a China-based domain name register company, and basically he asked for a confirmation whether they should dispute a registration of some domain names similar as our TLD name.
First of all, our Post master told me that it looks like a phish asking for the confirmation so that they can sell our email addresses. But I called the phone number listed in this email, surprised I got an answer and confirmed that this is a real company and doing real domain name business. Later on, with Google search, we found out this is an old scam on the INTERNET. So I post the original email here and hope it can help you if you receive the similar email too. (I edited some information with xxxx to protect the privacy)