System restore from command prompt

System restore from command prompt

Sometimes a Windows computer is so broken that you have to run system restore from the command prompt. If you’re reading this, I don’t have to elaborate. This works in Windows 7, Windows 10, and any other recent version.

And when a system is that broken, you can expect to run into a couple of snags. Maybe you can’t even get a command prompt. Or maybe you got a command prompt but the executable file is buried. Here’s how to solve those two problems. Read more

Identify bad guys through writing style

This month’s Social Engineer podcast discussed a tactic to identify bad guys through writing style, something the hosts expressed surprise was possible.

This won’t be news to anyone who minored in English or Communications or Journalism. A lot of factors go into style—where we grew up, where our parents are from, what we read growing up, our life experience, and it really is like a fingerprint. Fitzgerald’s Gatsby called everyone “Old Sport,” and we all have something like that, it’s just usually more subtle. I’ll say, “taste this,” when my wife or mother in law will say “taste of this.” That’s a regional thing. I pick up on that because I’m interested in language. A really good linguist can pick up on a lot more than that, and machine learning can potentially pick up on still more.

If you recall, it was the Unabomber’s long manifesto that brought down Ted Kaczynski.  Other forensics proved it, but the investigation began with his brother’s observation that the manifesto “sounded like Ted.”

Read more

The State Department is just one of many examples of IT gone rogue

Much has been made of Hillary Clinton’s use of her own mail server, running out of her home. It didn’t change my opinion of her, and I don’t think it changed anyone else’s either–it just reinforces what everyone has thought of her since the early 1990s. Then, Ars Technica came forward with the bizarre case of Scott Gration, an ambassador who ran his own shadow IT shop out of a bathroom stall in Nairobi.

The money quote from Ars: “In other words, Gration was the end user from hell for an understaffed IT team.” And it concluded with, “[A]s with Clinton, Gration was the boss—and the boss got what the boss wanted.”

Indeed. And it doesn’t just happen in the government.

Read more

Phil Kerpen, net neutrality, and socialism: A post-mortem

I learned the hard way a few weeks ago how net neutrality can be equated with socialism, an argument that puzzles people who work on computer networks for a living and see networking as a big flow of electrons. I think it’s very important that we understand how this happens.

Here’s the tactic: Find a socialist who supports net neutrality. Anoint him the leader of the movement. Bingo, anyone who supports net neutrality follows him, and therefore is a communist.

Political lobbyist and Fox News contributor Phil Kerpen told me Robert W. McChesney was the leader of the net neutrality movement, and he sent me a quote in the form of a meme longer than the Third Epistle of St. John. Yet in a Google search for the key words from that quote, “net neutrality bring down media power structure,” I can’t find him. So then I tried Bing, where I found him quoted on a web site called sodahead.com, but I couldn’t find the primary source.

For the leader of a movement the size of net neutrality, he sure keeps a low profile. Google and Netflix are two multi-billion-dollar companies that support net neutrality. I’m sure it’s news to them that they’re taking orders from Robert W. McChesney. Read more

And… Home Depot confirms it’s been breached

In news that will surprise no one, Home Depot confirmed it’s had credit card data stolen.

I also learned that in an effort to defeat my usual security measures, people increasingly will buy cards local to them, so they can shop in the same zip code, or a very nearby zip code to the victim. They then buy expensive merchandise and/or gift cards. This tactic limits the market but increases the effectiveness if you happen to own the unlucky card that your malicious neighbor buys.

About the only way to defeat this behavior is to keep a close eye on your account statements, which means cutting down on credit card use probably would make it easier for you to notice fraud. And, of course, when your credit card company sends a new card, activate it as quickly as possible.

As for what happened, there’s lots of speculation but no confirmation as of yet. Now the start date has been revised back to perhaps sometime in April, and while the number of stores hasn’t been confirmed, the numbers I’m seeing range from 1,700 to all 2,200 of them.

As far as what’s going on, I think we’re in a situation much like the era of The Cuckoo’s Egg, where the world is changing faster than the security world and the corporations who employ it can keep up. In a few years I’ll look back on it in awe of what I learned, but for now, I have to admit feeling scared more than anything. I think we’ll get through it, but at this point in the battle, I still don’t know how.

“Please Press 1 to speak with a Microsoft Certified Technician.”

I guess the Windows technical support scammers are getting robo-dialers, because I got an automated call over the weekend telling me that my computer was sending alerts to their servers, and to press “1” to speak with a Microsoft Certified technician.

So I pressed “1” to see what tactics this particular scammer would use. Read more

Mr. Genius Man from “Windows Technical Support” gets nasty

I got another “Windows Technical Support” call on Friday evening. My caller ID said Minneapolis, and since I have coworkers in Minneapolis, I answered. But the guy on the other end was a long way from Minneapolis and probably doesn’t know diddly about ice hockey.

I’m pretty sure it was the same criminal as last time, but over a better VOIP connection. I remember the voice pretty well, because his parting lines from last time, “Enjoy your broken computer, Mr. Genius Man!” struck me as funny. And he started the conversation with, “I’m calling you again about your Windows 7 computer.”

My conversation with him revealed a few things about why this scam is likely to be profitable.

Read more

And in a story that should surprise no one, Target’s attack was unsophisticated

I found a story today stating that the attackers who stole millions of credit cards from Target didn’t have to try very hard to hide. I wish I could say I was surprised.

My boss says it this way: Amateurs hit as hard as they can. Professionals hit as hard as they have to.

Why? Because if they only hit as hard as they have to, they can save the hard hit for another day. And it really boils down to simple economics. If I can buy off-the-shelf malware for $1,000 and use it to steal millions of dollars, then use the same malware again somewhere else and steal another few million, why not do that? The alternative is to buy a sophisticated attack that costs five or six figures. Then what happens? I use it, get my money, and then the victim can’t figure it out, so the victim calls in Mandiant. Mandiant discovers the zero-day attack, then tells the world about it. Mandiant looks good because they discovered something nobody else has ever seen before. The victim looks a lot better too, because they got mowed down by something that was unstoppable. But then the vendor moves heaven and earth to release an emergency out-of-band patch as quickly as possible, closing down a very brief window of opportunity to use it.

Cyber criminals may be crooked and unethical, but they aren’t stupid. And that’s why this is an uphill battle: A cheap attack can go up against defenses that cost an order of magnitude more, and still win. Read more

WordPress Appliance - Powered by TurnKey Linux