Friday, November 10, 2017

The KRACK Vulnerability


Krack is a vulnerability in the normal wireless connection method which allows an attacker to connect to your network and watch all your web traffic - usernames, passwords, credit card details, etc. and it's not the access point (modem/router) that's vulnerable; KRACK targets the devices you use to connect to the wireless network.

Potentially an attacker can 'listen in' and see all the data being transferred.

Modern Windows and Apple computers have updates available and, for Windows, the October update patched this vulnerability, however many devices are not patched - and maybe will never be!

Your Android phone and tablet and your iPhone may not get updated for some time, if ever. And it gets worse if you use modern internet connected devices like central heating systems, washing machines and even toys (the Internet of Things - IoT). These will almost certainly never be patched.

So how dangerous is it? 

Firstly an attacker must be within range of your WiFi in order to make a connection and then he needs to be able to understand the messages he sees - and that will not be easy if they are encrypted, i.e. if you are using website which show the secure padlock and the HTTPS protocol. You could use a VPN (Virtual Private Network) but that's a whole different topic and also brings about its own issues!

Basically you're in less danger than if you use a public WiFi network at your local coffee shop, etc.

Tuesday, May 09, 2017

Lost Your Windows Profile?

There is a problem that has been around since the days of XP but it has become more prolific. I used to see it maybe once every year or so but now I’m getting called sometimes several times a week!

The problem is that Windows decides that your profile is corrupt and so creates a new one. Suddenly all your icons have gone, your documents and pictures are missing and your email doesn’t work!

I've no idea why this happens nor why Windows can't fix it itself but I suspect that it may be down to some file corruption.

Fortunately all is not lost and the fix is simple, though VERY dangerous for those without proper understanding (and backups) since it involves changes to the registry and that could kill your computer!

If you're not comfortable editing the registry then stop now and proceed no further; getting things wrong could seriously damage your windows installation!



OK, if you're still wanting to fix this, first thing is for you to make sure your registry is backed up.  If you mess up you may not be able to restore it anyway, but at least you're giving yourself a fighting chance.

Next you need to run the registry editor and open up
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\

In there you should find a couple of entries looking like
S-1-5-21-2363073414-1937386124-4237778777-1001 and S-1-5-21-2363073414-1937386124-4237778777-1001.bak
- though your numbers would doubtless be different.

The first is the temporary profile that windows set up and the second is your original one and if you look in the second one you should find an entry ProfileImagePath which should contain the path to your user area, eg. C:\Users\Ken

Rename the first entry to have an extension of, say .sav (just in case, though I'm not sure in case of what?  I just don't like deleting things!) and rename the second entry so it does not have an extension.

Within this latter entry there will be 2 keys; RefCount and State and these both need to be zero so make any changes required.

After that, reboot the computer and if all has gone well, your profile will be restored.

I'm intentionally not giving a lot of detail about how to do things because if you don't understand ANY of this, then you shouldn't be doing it!

Wednesday, December 14, 2016

Lost your internet connection?


A recent problem has occurred more frequently than usual so maybe it's something you should be aware of.  Over the last few days this problem has occurred several times so is Microsoft doing something strange? I don't know because it has been an issue that's been around for very many years - just not so frequent!

The problem is that your system says that it can't get at the internet, page not found, or similar, and it's all down to not getting a correct connection to your router.

Now be aware that not being able to get at the internet can be caused by a great many things and this is only one solution and, in fact, the first this always is to try rebooting (switching off and on again) your router.

In most cases people have confirmed that other devices; ipads, other computers, etc, have been able to connect OK so this is only a suggestion for one specific problem!

The first thing is to see whether this is the problem we're talking about so you need to open a command window with administrative privileges (!). Don't Panic! If you're running Windows 10 (or 8) press the keys windows+x and select 'Command Prompt (Admin)'. If you're running Windows 7 then press the windows key and type 'cmd' and when it comes up with the program cmd.exe, right click on it and select run as administrator. (Note: the 'windows' key is usually that one on the lower left of your keyboard between Ctrl and Alt)


So now what you've got is a scary black Windows box, but that's fine; it's where true computer professionals would rather be! Just type

ipconfig and press enter

What you should see is a screen of mostly incomprehensible data but if you scroll up you should see something that looks like

Link-local IPv6 Address . . . . . : fe80::884:131c:c31c:1594%10
IPv4 Address. . . . . . . . . . . : 169.254.18.97
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.220


The important bit is where it says IPv4 Address and if you see it starting 169.254. as above then you have this particular problem. If it starts 192.168. (or 172. or 10.) then you have another, different problem so maybe you should call me!

If what you see is starting 169.254 then type 
     winsh int ip reset
And after that
     winsh winsock reset catalog

Don't worry about the messages it produces, including the one about 'Resetting , failed.', now just reboot your computer and with any luck your internet connection will be restored.

Just one last point, though. If you do have this problem, you may not be able to get at these instructions so maybe it's worthwhile making a note of the important bits?

Wednesday, July 13, 2016

Upgrading to Windows 10


This posting applies to any major operating system replacement because that's what the Windows 10 'upgrade' is.  The old operating system is removed and a new one is installed and hopefully all the old programs and data remain intact.

Sadly this is not always the case and I have two clients where the computer ended up totally unusable.  The operating system was gone and so was all their data!

Before embarking on such an upgrade I'd always suggest that you take a full clone of the system.  This isn't simply a backup of your data (though that should be happeneing anyway) but is a total copy of your disk so that if things go wrong you can simply reload your disk from this copy and you'll be back to where you started.

In fact this couild even be a useful addition to your normal backup procedures because it means that if your disk drive dies then all you'd need to do was put in a new drive and then reinstall from your clone and you'd be up and running relatively quickly.

So the things you'll need are software to do the clone and an external drive to hold the disk copy,

The software I use is Macrium's Reflect (free edition).  When it starts up it'll detect all the drives on your computer and allow you to clone the disk, saving the image file to your external drive.

It's not a fast process.  My main disk drive takes around 90 minutes to run and it takes a lot of space.  My main drive is 1TB and contains around 300GB of data; the clone image file is around 250GB in size.

One other thing to remember is that if your computer can't boot normally and you want to recover from a clone then you'll need a CD/DVD to boot from.  Reflect provides an option to create recovery media so make sure you've done that and put it somewhere safe.

Because of the laws of the cussedness of the universe you'll probably end up with a CD and a clone copy that you'll never use but that's better than the alternative!

Friday, June 03, 2016

Printer Problems?

Printers are continually causing problems - even more so if they're wireless - but the following 'fix' may just help.

Sometimes you will find you are in a state where the print queue has 'jammed'.  There are print jobs in it but the first one is saying that it's being deleted but nothing is happening.  This is particularly common if you install a new printer and the old one still had things to print.

In this case you need to delete all the print jobs but this can't be done from the printer application.  The following are the steps... (and when it says [win]+E it means hold down the windows key and press 'E')

1. Close down the print spool service
   * Press [win]+R and type services.msc and press enter.
   * In the list that opens, find 'Print Spooler' and click on it
   * Towards the upper left click on 'Stop the service' and wait for it to stop.
   * Leave this box open and then...

2. Delete the spool files
   * Press [win]+E and press enter to open windows explorer
   * In the box that opens look on the 'C' drive and find windows > system32 > spool > printers and click on it (you may be asked to give permission to look in this folder).
   * Delete all files in this folder
   * Close the explorer window

3. Restart the print spool service
   * Go back to the window left open in step 1
   * The Print Spooler service should still be selected but if not, select it
   * Towards the upper left click on 'Start the service' and wait for it to start.
   * Close the services window.

And that's it.  The print files should have been removed and, assumoing there are no other problems, things should be back to normal.

Note that this process does not delete anything important; just the things that have been sent to print.  The original documents, etc. will be left alone.

Monday, May 16, 2016

Beware of Cryptolocker and similar nasties!

The one thing that really scares me is the type of ransomware (they hold your computer to ransom) which encrypts(1) your data.

This particular nasty gets on to your machine and encrypts ALL your data files; your documents, your music, your pictures... Everything! And there is no way of undoing the process!

The idea is that they then charge you around £300 to get the key required to decrypt your data.

So there are three areas of consideration...
1. Don't let the infection in
2. If the infection gets past you, have software which stops it
3. If the infection runs, how to recover

1. Don't let the infection in

The usual way of getting infected is by means of an email that persuades you to click on an attachment which, of course, is the infected file. So rule number one. - never click on an attachment (or any other link) in an email unless you are 100% sure what it is and where it came from - and even if you are sure, think very carefully before clicking; are you really, REALLY sure?

2. If the infection gets past you, have software which stops it

A number of products have been proposed but one which appears to be likely to work well is Malwarebytes Anti-Ransomware. It's still in beta test state but seems to work without problems and runs on Windows 7 and later.

3. If the infection runs, how can you recover now that all your files are encrypted?
So what are the options?

1. Try and decrypt the data yourself? Sadly the most powerful computer could not do this in your lifetime so let's rule that one out!

2. Pay the money? So these CRIMINALS have stolen your data and you want to give them money in the HOPE that they're honorable and would honor the deal? Also you're encouraging them to keep on doing it! Not an option I'd choose!

3. Abandon your data? A bitter pill to swallow, especially since you'll lose all those previous photos you used to have stored.

Or

4. Restore from backup. Now THAT'S an easy one but it does require that you've got a backup - and also (here's the scary stuff) that the backup hasn't also been encrypted! The problem is that this particular nasty encrypts not only the files on your computer but it looks around for any drives you've got plugged in so if you leave your backup drive plugged in it'll also get encrypted!

So, protection = backup to an external drive and only plug it in when you take the backup.

(1) encryption is a process which was used to send secret messages except that modern methods are very sophisticated, using a key to encrypt the data but a different key to decrypt it. If you want more details search the web for 'asymmetric encryption' or send me an email.

Monday, January 11, 2016

A new phishing attempt

I recently had a phishing attempt via a phone call which was totally new to me. Nothing to do with computers but they seemed to want my credit card security information...
The guy claimed to be confirming and updating my entry in the telephone preference service (TPS) to which I do subscribe.

He knew, and I confirmed my name and address but then he asked whether I paid my phone bill by direct debit (this immediately alerted me to nefarious doings - why would TPcare?). I said I probably did but couldn't be sure but then he went on to talk about the credit card I've got registered with them (TPS is a free service and there is NO credit card registered with them!). I said I wasn't about to give him my credit card number but he said they already knew that and they just needed the expiry date on the card -for 'verification' purposes!

I asked which card, since I have several and he said it was a visa card and probably had an expiry date of 2016 and he just needed the month. This year did not match any visa card I have and I said so, so he suggested that maybe it was a mastercard.

This was now getting silly - if they've got the card number then they know what type of card it is! I apologised to him for not being so easily conned and hung up!

I assume they'd got details of me, my address and credit card number and just needed the security information to be able to make use of this. At one stage I think he said they just needed the expiry date and verification code (cvc) so I assume that's what he would have gone on to ask for.

It's a new approach and I don't know where they've got my credit card number from (or even which card it is) so I need to investigate further but I did want to bring this new approach to your attention and I would ask you to spread it about.

Obviously everyone knows not to hand out their security information to cold callers over the phone and yet these guys can be very plausible.