January 31, 2009

Department of Justice runs Phishing Hoax To Test Staff.

This Forbes Article is one of the best things  have seen in the news recently in regards to educating users, especially in those which hold positions with access to large amounts of data.

Every day we all receive dozens if not hundreds of pieces of SPAM in our mailbox if your luck, your SPAM filter gets rid of it before you notice it. But every now and then one gets through, and may look innocent enough, heck it may even look like an urgent message from you bank or credit card company. But it is a trap, a clever trick by someone who is trying to get as much information about you as possible without you noticing. This doesn't just happen to home users. I frequently get requests from my clients to verify a request either from someone claiming to be their ISP, their domain host, AV supplier, etc. Essentially, every time you sign up for something you are opening up a new "surface of attack" for Phishers.

It is important that people are aware of these possible attacks and understand how to recognize and avoid them, which I am happy to see the DoJ take this type of action. The only thing I wanted more out of this article were the results of the experiment. Unfortunately, those wont be released as i'm fairly certain the results would not look good for the DoJ, especially if the email was convincing.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

January 30, 2009

How to get around the web filter at Work/School

One of the things I am constantly asked by friends is how to get around the filters companies put on their Internet connections. So after much internal debate, I have decided to explain a couple simple methods.

But First, the disclaimer: As a professional courtesy to all of my fellow Corporate IT colleges, I feel obligated to inform you that if these filters are in place, it is for a reason. If you decide to get around these filters, I can pretty much guarantee you are in violation of your employment agreement (or school rules) and are doing so blatantly. If you do this, and get in trouble, it is your fault, as you chose to break the rules.

Now, for the good part.

Remote Desktop

My method of choice for getting around filters at work has always been remotely connecting to my home PC. Why you ask? because then you are using your home Internet connection to browse the Internet, all your bookmarks are in place, and there is far less evidence left behind on your work computer. You also don't risk downloading a virus onto your work computer, which will almost always lead into investigating how it got there, which will pretty much guarantee they see what you were doing.

My preferred software for this is Microsoft's Remote Desktop Client, which comes with Windows XP Professional, Windows Server 2000, 2003, 2008 and Windows Vista for Business and Ultimate. (Sorry XP home users, this one isn't for you) The reason I use this is because most companies use it for managing servers, so the ports are rarely blocked on the firewall (and you use an open port if you know how to configure this) and because the software needed to connect is probably installed on your work computer already.(Its also free) All you need to do to get it going is configure your home computer to accept the connection (Right click on My Computer, go to properties. Go to the remote tab, select "Allow users to remotely connect to this computer) and then forward port 3389 on your home router to your computers internal IP address. When you do this, make sure you have strong passwords on all of your computers accounts. Then get your external IP (I like to use www.whatsmyip.com) and when you get to work, Click on the start button, select run, type in MSTSC and press enter. A window will come up asking for the computer name, just put in the external IP you got from home, and you will be connected. Simple.

There are also several other methods for doing this like gotomypc, find the one that works for you and you will be all set.

Web Proxy

The next Method is called a web proxy. This method is a bit more work, less reliable, and riskier, which is why I don't use it. Essentially what a web proxy does is allow you to connect to their web site and then enter the real web site you want to go to. They can then router the web site you want through their web site so it gets around the filter.

Why I don't like this method:

  1. Even when using a proxy, you are still browsing the Internet from your work computer, which means things like temp files and cookies get left behind.
  2. It is hard to find good working ones which aren't blocked by the filter you are trying to get around.
  3. A lot of proxies contain Malware that downloads to your computer while you are using it.
  4. They are slow.
  5. Good ones cost money (and still might get blocked)

So why would I list it if there are so many flaws? Mostly so you know not to use them. I have a lot of friends who find these and think they are great...until I explain what is really happening or can happen.

Your best bet really is to use your home computer remotely, its safer, faster, and much less of a hassle. You are also less likely to get caught.


Bonus Method:

Use Google. This method wont usually work if you are trying to shop, browse forums, or check out myspace, but it works well when you are looking something up online and the site happens to be blocked. Go to google, enter the URL for the site you are trying to get to, and then click the cache button. This will bring up a copy of the page that Google has saved onto their server.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

January 29, 2009

Tracking you down by your IP Address

I am a huge fan of crime dramas on TV. Shows like CSI and NCIS are 2 of a short list of things I actually make sure I watch on TV (House MD, is another...but that has nothing to do with this post). But one of my biggest pet peeves when watching these shows is that every single time anyone does anything on a computer that is remotely criminal, the "tech" of the team hops on to their computer and with a few key strokes has tracked down this person using their IP address, and has a map to their house all laid out on their screen in a matter of seconds. So today I wanted to clarify a little on what is and is not possible as far as tracking down people by their IP address.

The first thing we need to talk about are the 2 basic categories of IP addresses. IP addresses are categorized into 2 groups, Public IP addresses, and Private IP addresses. Private IP addresses are essentially a block of possible IP addresses that are used on internal networks (i.e. networks not directly reachable on the Internet) Every computer in your home that is connected to a router or hardware firewall is using a private IP address, as are the vast majority of computers and servers in the work place. Then how are you able to get to the Internet? well, your router (or the router in your work place) has a Public IP address. IP addresses are limited in supply, and because there is a finite number of them, it wouldn't make sense to give every computer one, so routers are designed to take 1 public IP and allow dozens, or even hundreds of computers to use private IP addresses and on the Internet appear as a single public IP through a technology known as NAT. This can be somewhat confusing, so Ill get to the point. If you are being tracked down by your IP, it will be by your public IP address, not your private IP.

Next we need to talk about how IP addresses are assigned to people and companies. Public IPs are assigned both statically (where the same person has the same IP all the time) and dynamically (where the IP changes on a somewhat regular basis). Most businesses use static IP addresses. This means when they sign up for their Internet connection, they are given an IP address and they continue to use that one until their ISP says otherwise. They do this so businesses can set up things like servers or remote connections to their office without trouble, the IP doesn't change, so its basically easier to find them on the Internet. Home Internet connections on the other hand are assigned IP addresses dynamically. This is done because it is much easier to maintain and support that static IP addresses, and because home users don't really have a need for a static IP address.

So now we have a basic understanding of what kinds of IP addresses are available, and how they are assigned. Now for the real question: Can you be tracked by your IP. The answer is YES....BUT, and this is an important but, its not as easy as it looks on TV.

While a business with a Static IP address is actually relatively easy to find using one of many GEO IP databases available for free or paid subscriptions (the paid ones tend to be far more accurate). But even these are frequently wrong if the IP isn't registered properly. So if you did something at work, a person may be able to track your company down pretty quick, but that would be the end of the trace, and in most cases, the address they get is the billing address for the company, which is usually a central office.

Home users (with dynamic addresses) are a whole other story. If you were to track down an IP address that is assigned dynamically, the best you are going to do is get the ISP and MAYBE the city it is coming from (right now my IP is listed as being in Chicago...I'm in Hawaii) so in 30 seconds law enforcement will not be tracking me down by my IP address. BUT they can still track me, and this is how.

  1. The agency trying to tack me would get my IP address
  2. They would see who the registered owner of my IP is (my ISP)
  3. Assuming they have cause, they would go to my ISP and ask who was assigned my IP address on a specific date
  4. The ISP can then reference their logs (and yes, they keep logs and are required to do so by law) see which account was accessing that IP address at a given time
  5. Your ISP now just checks the address listed on your account (and also the name) and hands it over.

No depending on the ISP and their motivation (i.e. who's asking for it) this could take a few minutes (this is a highly optimistic time frame under the assumption that the people looking for you have direct access to the logs and the ISP is highly cooperative) or a few days. (much more likely for most low risk cases like copyright infringement)

The problems with tracking people by their IP:

  1. The most you will get from an IP alone is the registered owner and billing address.
  2. Even if you get to the location, you don't know who was actually on the computer (which is my groups like the RIAA resort to threats at first hoping for a settlement. Gathering the real info needed to accuse a specific person takes a lot more time and energy then sending a canned threat to the registered user of an IP)
  3. Using things like Proxies make this tracking significantly harder, because the IP the person trying to track you sees, is not really the IP you are connected to. A proxy is essentially a middle man in an Internet connection that you router all traffic through to mask your actual IP info. So the address the people see, is the proxies, not the real one being used. To get the real IP, you need to get the logs from the proxy server and see what the real one is. Many proxies used for illegal activity are outside of US jurisdiction, typically in countries who aren't too big on cooperating with us, or are placed unknowingly on random peoples computer via a virus.

So now you now what can and can't be done with an IP address. What you see on TV is based in fact, but like most things on TV, is made to look much cooler and easier than it actually is.

Fun Fact: The IP address that are shown on most TV shows are not valid IP address. Unlike phone numbers (which have a defined block that can be used on TV so that people don't call them and bother others) IP addresses don't have this, so people just make them up. A real IP address looks like this: (this is  one of Google's in case you are wondering) Each Octet (the sections separated by the .) will contain a number ranging from 1 - 255 and that's all, so the next time you see one on TV that looks like this: 413.295.8.004, you know its fake. This is done, so people don't try connecting to the IP address being shown, although, I'm not sure why they just don't use a private IP instead of a fake one.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

January 27, 2009

Yahoo! Answers Suspends ThinkSmarter

I have never been a big fan of Yahoo! Answers. I really like the idea of people sharing their knowledge (why else would I write a blog?) but a lot of the information there is misguided, or just plain wrong. Unlike Wikipedia or other free, user submission based information sources, the info at Yahoo! Answers is unedited and unfiltered, and too often, what people say is taken as fact, and that is the end of it.

So a few nights ago I decided that rather than complaining, I thought I would do something about it. I created a yahoo account, and I browsed the technology section looking for questions that had gone unanswered but were asked numerous times. The most commonly asked question was about Antivirus 2009 removal. I decided to write a blog about how to remove the software. I then went to each thread, and posted a link to the instructions explaining that the link was a blog about how to remove it. I also went through and answered several other questions that people had about things I happen to know. In total, I answered 15-20 questions. By morning, 1 had been voted best answer in the thread, and I was happy, because that meant I had helped someone.

Last night, I went back and decided I wanted to answer more questions. I log in and I get a message saying my account has been banned! I email support thinking that maybe the number of posts in such a short time span was the cause, and hear back from them a few hours later. This was their response:

"We appreciate your inquiry about your suspension from Yahoo! Answers and/or the deactivation of your Yahoo! ID. We reviewed your case, and decided that your account is not eligible for reinstatement.

Once an account is disabled for a violation of the Terms of Service, the subscriber to the account will lose the ability to log in and access the account and its contents (including email and content stored with any other Yahoo! service). The account also will not be reactivated.

Should you choose to create a new Yahoo! account, we invite you to read the Yahoo! Terms of Service and Yahoo! Community Guidelines to help ensure your new account is not deactivated."

I've inquired again as to why my account had been suspended, but have yet to hear back. I think it is ridiculous that Yahoo! has suspended my account for what I can only assume is helping too much. I guess its back to complaining about the service, since when I did try to help, they essentially told me to stop. Thanks Yahoo!

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

January 25, 2009

Getting Rid of Anti-Virus 2009 and Similar Infections.

Anyone who has been doing computer repair in the last 6 months has without a doubt heard about antivirus 2009, and most likely seen in a few times. It has become one of the biggest annoyances yet and this is for trained computer technicians. After several infections on client computers I have come up with a pretty straight forward method of getting rid of it that both IT professionals as well as home users can follow.

This guide can help you remove: AV2009, AV2008, antivrus XP Pro, AV360, antivirus 360, and many similar variants.

Follow the steps below while logged in as the user having trouble. (logging in as another user makes this much more difficult)

  1. The first thing to do may seem like the most obvious, but most people don't bother doing it. Uninstall the software. You can uninstall AV2009 by going to Start --> All Programs --> Antivirus 2009 --> Uninstall Antivirus 2009. This should immediately stop the pop ups from occurring.
  2. Use windows Search and search you drive for av2009, delete all files with that name.
  3. Download CCleaner and install it.
  4. Under tools, go to startup and look through your start up items for av2009 entries and select the option to delete them. While here, verify all startup items as legitimate. Once done, use CCleaner to remove all temp files, cookies, and to clean up your registry (remember to backup your registry before making any changes)
  5. Once you are done with CCleaner, download and install Malware Bytes Anti-Malware Tool. The free tool is all you will need for this removal, but you should consider purchasing the full version as it is very helpful.
  6. Update MBAM with the latest  definition files and run the Quick Scan
  7. Once the quick scan completes, delete all threats that it finds and reboot to deleting anything it could not delete after the scan.
  8. Once the first scan/delete is finished, reboot your computer into safe mode.
  9. Run a full system scan with MBAM in safe mode
  10. Delete all threats found and reboot again
  11. Run Microsoft Update to ensure your system is fully up to date

AV2009 should be completely gone at this point. If it is not, the most likely cause is that you missed an entry in the start up items.



NOTE: Before doing any virus clean up, you should backup all critical data to an external drive or DVD. Be sure to scan the files before copying them back to your computer in the future.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google