Tech Solutions NC

Your one stop for home and small business computer and network support

Security

Fix for Windows 10 2004 ‘Password Amnesia’ Bug

by Leave a Comment

Outlook 2016
Image ©Office.com

Fix for Windows 10 2004 ‘Password Amnesia’ Bug

In troubleshooting a client’s computer, I ran across a workaround for a specific problem he was having: his computer would continually require him to re-enter his login information in Outlook for his email accounts; his Microsoft OneDrive required re-login daily, and his Adobe Acrobat Pro required him to re-login daily. No amount of troubleshooting seemed to make a bit of difference. For the record, here are some of the things I tried:

  1. Check for updates and apply patches on all platforms.
  2. Look for driver updates using manufacturing software programs.
  3. Opened a ticket with the hardware manufacturer.
  4. Performed a Windows 10 reset, while keeping his data. That of course required me to re-install his applications.
  5. Performed a Windows 10 reset and wiped his data. We had backups, of course, and all of his critical data was in the cloud so all was good with restoring his data.
  6. And on and on and on.

It got to the point where I was just about to throw in the towel, which is not something I like to do. But I didn’t; I kept looking, and finally, I found this blog post from ZDNet: Windows 10 Password Problems. As I read through the article, I was seeing the same problems that my client was having. Finally! An answer to the problem. Right now, the answer is a workaround, but this is what I did, per their instructions:

  1. Until Microsoft delivers a fix, its recommended workaround involves right-clicking the Windows 10 Start Button and selecting Windows PowerShell (Admin).
  2. Copy and paste the command below into Windows PowerShell and press Enter.
  3. Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName(“LogonType”).’#text’ -eq “S4U”) { $_.TaskName } }
  4. If you see any Tasks listed from the PowerShell output, make a note of them.

Next, go to Windows Task Scheduler and disable any tasks you found from the above command.  Follow these steps:

  1. In the Windows 10 Search box, type Task Scheduler and then open the Task Scheduler app.
  2. Locate the task in the Window (HP Customer participation), or other task from the Windows PowerShell output.
  3. Right-click the task and choose Disable.
  4. After you disable the task, restart Windows.

After the reboot, I did have to provide login credentials again for all of the affected services, but so far, just the one time. I’m continuing tomorrow to see if it’s still fixed. The task that was the problem for me was the same HP Customer Participation that was mentioned over at ZDnet.

Fingers crossed!

Family Security – Life360

by 1 Comment

Life360
Image ©Life360

When it comes on your family’s security, there are many things that you can look at to keep them safe.  Today, I’m going to take a look at an app that my family uses that has been very helpful in keeping us connected with one another.  Today, we’re going to look at the Life360 app in greater detail.

Life360 Overview

The Life360 App has many components to it, which we will explore in greater detail throughout.  Here are the features I like best:

  1. It’s a security app, letting your family know where you are.
  2. It’s a communication tool, you can use it to communicate in group or individual messages.
  3. It’s a driving aid, you can use the app to alert your circle when you are having a car issue.

The Life360 app goes beyond just those three components, there are a lot of other great features, but at it’s heart, it helps to keep you and your family in close contact with one another.

Life360 has both a free component, which is all that my family uses, as well as a paid component that unlocks additional features.  For the purposes of this post, we’re going to focus on what you get with the free portion of the app.

Life360: Is it secure?

At it’s core, the Life360 app functions by way of a secure group of users known as a circle.  The key here is that when you first install the app, go through and create a circle.  At that time, you will be the only one in that circle.  As you invite others into your circle, though, they will be given a code to join the circle with.  That code is only active for 7 days, and you can either tell the code to them out loud or you can send it in a message, email, or in some other communications mechanism.

For my circle, the only ones in it are my wife Cindy, my daughter Sophie, and my sister Robin.  Of them, only myself and Cindy are admins, so we are the only ones that can invite others to our circle.  There is no limit to the number of admins you can have.  Since the invite codes are only active for 7 days, I’d say that the app is secure because only people you invite will know where you are.

Life360: Automatic Check-ins

One feature I like with the Life360 app is the ability to create two place alerts.  If you pay for Life360 Plus, you will be able to create unlimited place alerts.  A place alert is just that — an alert that triggers when a condition is met.  In this case, we have a place alert at the house for when we arrive there, and we also have a place alert for when Sophie arrives or leaves school.  What happens is when the app location triggers the alert, the other people in the circle will receive the alert.  For example, “Sophie has arrived home.”

Life360: Map Options

Another feature of the Life360 app that I like is the ability to turn on or off local services.  In the app currently, I can turn on hospitals, fire departments, and police stations. In addition to that, you can also turn on or off sex offenders and crime notifications.  Although, one thing to be aware of is when you turn on the crime notification, you’ll see a dot appear on your map, but you won’t be able to get any real detail about the crime unless you subscribe to Life360 Plus.  You can customize the time frame for crime to various time windows or leave it set to “Auto”.

Conclusion

From my perspective, the Life360 app is a good choice to help you and your family stay secure.  It’s not about big brother watching, or about a parent not trusting their child.  To me, it’s about taking advantage of this digital age we live in to ensure that all of us are as safe in this world as possible.  No one solution will take care of all security concerns, but with the Life360 app, it is a good tool to add to your aresenal.  Have you used the app before?  If so, what do you think of it?  Please let me know in the comments, and thanks for stopping by!

Related articles

Phishing Attempts from Friends: What to do

by Leave a Comment

phishing attempts

This morning I received a phishing attempt from a person I know, albeit not very well.  Martha is a church friend, someone that I’ve met on a handful of occasions, but not one that I would expect to receive email from that wasn’t directly related to a project at church.  This morning, though, I received a phishing attempt from “her”, and I got to thinking, what should you do when you begin receiving phishing attempts from friends?

In this instance, it’s pretty clear that my email provider believes this is a phishing attempt, and I agree with them in this case.  Their banner is clear, they are warning me to be on alert, that this may be trouble if I do anything with this email.

In cases like this, as I mentioned, if it’s a phishing attempt, the initial response is to just delete the message and move on.  But when it’s someone you know, my instinct is to also notify that individual so that they can be aware of the attempt, especially if they are not aware of the activity.

There are a few scenarios that could apply in this circumstance:

  1. Your friend may actually be sending phishing attempts on purpose (not very likely)
  2. Your friend’s email account could be compromised, and someone else could be sending them without their knowing. (Maybe, but still less likely in my opinion)
  3. Someone else is sending phishing attempt emails and spoofing (forging) the email from to be someone other than the person sending the email.  This could be done automatically as the result of a virus on a computer or via a manual process. (much more likely scenario)

In this instance, what I did was to send an email to Martha, letting her know that I received the email.  Normally, my suggestion in this case would be to communicate with Martha via a different communication mechanism, for example, by phone if you received an email, or something like that, but in this instance, all I had was her email address, so I communicated that way.

When you receive a phishing attempt from someone, what do you do? Just delete the email, or attempt to notify them? Let me know your thoughts in the comments, and thanks!

Update your iOS device to 9.3.5 today!

by Leave a Comment

2016-08-26 11.29.27

Today Apple announced an important update to their iOS software that is found on iPhone and iPad devices. This update is in response to a hacking incident whereby an attacker could remotely turn on your microphone and record your conversations without your knowledge. This is an extremely important update for obvious reasons, and I urge you all to take a moment and update your iOS devices.

Updating your iOS Devices

Updating your iPhone and iPad (aka iOS devices) to the most recent software version is not a hard process to do.  To do this, follow these steps:

  1. Before updating your phone, it’s a good idea to back it up first either to iCloud or to your computer if you are old school like me.  This is a minor update, but it’s a good habit to be in to backup before updating.
  2. On your device, go to Settings.
  3. Next, tap on the General section.
  4. After that, tap on Software Updates.
  5. The system will automatically check for updates, and tell you if there is an update available.
    • If there is no update available, the device will tell you, and also show you what version you are running. If you are running 9.3.5, then you’re all set!
    • Note: Older iPhone models, such as the iPhone 4, can not run this version so will not show an update available to take it to 9.3.5, although there may be other updates available for the phone that are not installed yet.
    • If you see an update available, click on the link to install the update, and click agree when prompted. If your device prompts you for not having enough battery available, connect it to a power source or your computer to complete the process.

If you are having difficulty with this, reach out to me — we are here to help!  I can be reached by phone at 919-606-6725, email at mike@techsolutionsnc.com, or you can make an appointment online.

How email hacks teach us what email is used for.

by Leave a Comment

email hacks
Image ©Google

How email hacks teach us what email is used for.

Email hacks have been around for quite a while.  Take a look at these dates.

  • January 2012: Rupert Murdoch’s News International admits they hacked emails as well as phones.
  • February 2013: Former President George H. W. Bush’s personal email account was hacked.
  • 2010 – 2014: Then Secretary of State Hillary Clinton has her own private email server that is used for conducting government business.  The server had reportedly been attacked, perhaps even hacked from China, South Korea, Germany, and perhaps even Russia.
  • 2015 – 2016: Democratic National Committee email servers are hacked; emails disclosed favoritism from DNC to Clinton campaign in presidential race. It is presumed that the hack started around the same time that the U.S. State Department and White House servers were hacked.

People, the list goes on and on, and could be a mile long with all of the hacks that are out there.  The simple fact is this:

When it comes to email, the rule is simple: never put something in an email that you would not want to see posted on the cover of the New York Times.*

Why do you think so many people fail at this very simple rule? What causes the Hillary Clinton’s of the world decide that they can circumvent proper channels and check their common sense at the door?  Here’s my thoughts on that.

  1. At some level, people think that the normal rules don’t apply to them.  They believe that they can do what they want because of the position they hold.  This is not the case.
  2. Far too often, IT staff jump to the conclusion that they can keep the hackers from committing their email hacks on their people.  The simple fact is if the target is high profile enough, the hackers will keep at it until they succeed.
  3. Society has become too dependent on computers and technology.  What used to take place via a phone call or an in person meeting is now being handled by an email. Technology is great, but it has it’s place in society. We have blurred the lines way to much, and it is proving costly.
  4. The financial gain is so great.  What causes email hacks to happen is partly because there is so much profit to it.  In the News International experience, it was to drive ratings and insider information to sell papers, among other things.  In government hacking situations, it was to discover state secrets that could lead to one country having an advantage over another.  In the Clinton email server, I believe that was done so that she could maintain the power she sought more easily.  In the Target hack, which didn’t involve email, the motivation was in making money off of identity theft.  In all of these instances, there is a perceived gain to be had, and it is a significant gain.
  5. Lastly, far too often security is an afterthought in many organizations.  Security should be one of the factors in determining the cost of doing business on the Internet.  However, in many organizations, it is the first thing cut from the budget.  Training organizations such as SANS and GIAC are fighting an uphill battle to secure the infrastructure, but when budgets are tight, training money is cut.  The end result is that too much is expected with too little investment, and that leads to email hacks.

Remember, people, there is a time and a place for email.  There is also a proper way to secure it.  It’s time to learn that, and use email the way that it is intended, not for something it’s not meant for.

*h/t to my friend and former boss Kim, who was the first person I heard use that phrase.

Alert: Phishing Attacks via Text Message

by Leave a Comment

Text Message

Today I received a very unusual text message.  In the message, I was notified that my “account” was disabled, and that I should go to the link in the text message to unblock the account.  Just like any email phishing attempt, there are things here that you can decipher to give you clues about the message to determine it’s legitimacy.

Text Message

Look to the following tips when determining whether a message is legitimate or not:

  1. First of all, I turned my phone sideways in order to realign the screen in order to pick out more details.
  2. Ask yourself whether or not you have a Wells Fargo (in this example) account.
  3. Take note of the information — the domain is actually cityinno.com, not wellsfargo.com.  That’s a red flag right there.
  4. Look at the account ID — usually an account ID is a username, not a series of numbers.  Of course, that’s not always the case, but usually it is.
  5. Note that, while the link in the text message does reference wellsfargo.com, it is not an encrypted website.  The link is http://, not https://, and thus, isn’t secure.
  6. Lastly, one trick you can do on your smartphone is to hold your finger on the link.  This will show you whether the link referenced actually goes to a different website.  In this case, it doesn’t, but if it did, you would see a window with the domain listed.

Most people realize that a smartphone often has an email address associated with the phone number.  So, while this message came in via my text message app on my phone, it was actually emailed to me, as the email address in the details screenshot reveals.  Despite that, the message reminds us that we can receive phishing attacks from any device, whether it is our laptop, desktop, smartphone, even something like an iPod Touch or an iPad.  Anything that can connect to the internet can be susceptible to a phishing attempt, so keep that in mind when you see a link in a message.

Do you seem to receive an unusually high number of phishing attempt emails? If so, I can help — just reach out to me via email at mike@techsolutionsnc.com, phone at 919-606-6725, or make an appointment via our online appointment page.

Watch Out for Pokemon Go Scams!

by Leave a Comment

Pokemon Go
Image ©Pokemon.com

Pokemon Go is seemingly all the rage since it’s release this week, but beware – there is a great risk in spending all your time with this game and losing track of your surroundings in the process. There have been reports of robberies in the St. Louis area, reports of two men falling off a cliff while playing the game, reports of a player coming across a dead body, and now, from our friends at the NC Department of Justice, concerns over Pokemon Go scams. From the alert email I received today:

WANT TO CATCH ‘EM ALL? HAVE FUN BUT AVOID POKÉMON GO SCAMS

The new mobile game Pokémon Go has attracted millions of excited new users, but unfortunately scammers aren’t far behind. A new scam is out to trick Pokémon Go users into giving up their personal information and paying money to play the game that’s actually free. If you’re trying to catch ‘em all, make sure you know how to avoid Pokémon Go subscription scams.

The scam begins with a phony email claiming that because of a record-breaking number of users, game developer Niantic has begun charging players $12.99 per month to play Pokémon Go. The email claims that anyone who doesn’t pay the upgrade fee immediately will have their game accounts frozen within one day. Concerned users who click the upgrade link are asked to provide their email login credentials, giving the scammers access to information in their email accounts that can be used for identity theft.

Remember:

  • Don’t be fooled by logos, websites, or links that seem like the real thing. Many scam emails use real company’s logos to seem authentic. Past phishing emails have claimed to come from major companies like Paypal, eBay, banks, credit card companies, non-profits, charities, and even government agencies like the IRS.
  • Report phony emails to the legitimate business directly. Contact the company using a telephone number or web address you know to be right, not using the contact information in the phishing email. Also, forward the entire email to the Federal Trade Commission at spam@uce.gov.
  • Never share your personal or financial information by email. Be wary of any email that asks you to key in login credentials to one of your personal email or financial accounts. Instead, use legitimate, secure login websites to access your accounts, not links included in questionable emails.
  • If you receive one of these phony emails, report it to the Attorney General’s Office at 1-877-5-NO-SCAM or online at ncdoj.gov.

This message brought to you on behalf of North Carolina Attorney General Roy Cooper.

The point of all of this is to remind you that you need to make sure that you are aware of your surroundings, make sure that you are not falling into some sort of scam, and you need to make sure that you use good old common sense when playing games like this and others.  Remember, there are a lot of different apps out there that track location, Pokemon Go is not the first by any stretch, so just be thoughtful when playing these games.  Have fun, but don’t do something that could end up getting yourself or someone else hurt.