Increased Risks from Macro-Based Malware

2016 June 9
Comments Off on Increased Risks from Macro-Based Malware
by Andy

US-Cert warning of increased risk from Macro-based malware. Nothing new here, but I’ve seen a marked increase of external intrusion attempts in the last few months. Maybe it’s because of where I work (financial services) , but it seems to me the bad guys are working overtime to get to people.

CERT Australia’s recommendations on macro security.  Basically, disable MS Office Macros.  Not sure if that’s practical for the enterprise, but for external documents, extreme caution must be taken.



Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Email Privacy – Block Trackers!

2015 November 23
Comments Off on Email Privacy – Block Trackers!

Read a really good article in the NY Times on email privacy today concerning an insidious way for people to know more about you then you realize. The problem is Trackers in your email. These are small code snippets embedded in your email that can send back information to the sender about when and if you open an email, where you were, what you looked at, if you clicked on a link etc.

These things are creepy!

Trackers are invisible to the mail recipient, and are inconvenient to block. Marketers send email to you to entice you to visit their site or click on the link / deal they are offering. This is done by sending email as HTML – essentially a web page delivered to your inbox. Since the text of the email is actually code, it’s easy to embed tracking instructions in the email so that when you open or simply view the mail, the code is executed and information about you is transmitted back to the sender. Most of the time this is benign stuff – time, date, location etc, but the problem is this is yet another leak of your information that you unknowingly allow, and there is no way for you to opt-out.

What can you do? Well there are some commercial tools that will help (pixelblock, UglyMail), but none are that great. See the NY Times article for the ups and downs on them.

For me, the easiest and fastest thing to do is to not allow automatic downloads of pictures, and to view email as text wherever possible. This isn’t as easy as it should be, and I hope it gets better.

On the Mac Mail app, make sure that the “Load Remote Content in Messages” check box is UN-checked. This will prevent loading of images and most trackers until you explicitly allow it in the message.

remote content


In your iOS device, go to Settings, then Mail, Contacts and Calendars, and turn the “ Load Remote Images” slider to off.


Neither of these steps will stop everything, but will put bumps in the road until something better comes along.

I know this is a little Don Quixote-ish, but the more steps you take to prevent your information from getting out there, the hard it will be for the information hoarders to get to you. They will find you, but don’t make it easy for them!

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

More MAC Keyboard shortcuts

2015 October 8
Comments Off on More MAC Keyboard shortcuts

More on my quest to conquer the MAC – I’ve found a few more shortcuts that are making my life easier and make me wonder why I didn’t convert to MAC ages ago.

As a general statement, the Command key

  • Command ⌘

replaces the Control key on the MAC.  Not in all cases, but in many.  That means things that you are already familiar with for copy / paste work with the command key –

CTRL – C for copy becomes Command-C

CTRL – V for paste becomes Command-V

CTRL – X for cut becomes Command-X

CTRL – Z for undo becomes Command-Z



Delete (as opposed to backspace) – Sometimes while editing I want to delete the character to the right of what I’m typing.  With the Delete key, you have to move the cursor past the offending text, then delete back over the text (right to left).  To speed this up a bit, use the fn key plus the delete key to delete the text from left to right.  No more moving the cursor, just delete delete delete!

Delete a file (move to trash).  This is another one that’s obvious to MAC people, but not so much to us Windows luddites.  To move a file to trash quickly, just use command + Delete.

Scrolling – coming from Window land, I missed my page up/down home and end keys.  Here’s the shortcuts that you can use on your MAC to get the same results.  Again, it’s the fn key to the rescue!

  • fn + up arrow = page up
  • fn + down arrow = page down
  • fn + left arrow = home (top of doc)
  • fn + right arrow = end (end of doc

Lots more keyboard commands from Apple here.


Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Mac Tips from a Windows Guy

2015 September 1
Comments Off on Mac Tips from a Windows Guy

I’m a Windows guy – I always have been.  I’ve used Apple products in the past, I mean I’m a tech guy for crying out loud.  I think my first resume was composed on a Mac way back in the computer lab at college, but my professional career has largely been Windows focused.

Until the iPhone cam along.  With the passage of just a few years, Apple products are everywhere and not just in pockets; iPads are commonplace in the enterprise and the demand for access to corporate resources through whatever device people have increases every day .  More and more that means Apple computers and devices.  With the continued maturation of remote access technologies like Citrix, and the increased use of virtualization for applications and desktops in the enterprise, BYOD is easier than ever to implement.  What does this mean for us mild mannered tech support guys?  It means we have to know Apple devices.

This turns out to be an awesome thing – Apple stuff is really good.  I know, duh, you say, and I hear you.  I’m not a naysayer cum fanboy yet, but I like what I see.

To that end, I’ve put together a little list of things that make navigating the OSX environment a little easier for us Windows Ham Handers.

  1. Ctrl-Home – in Windows, if you want to get the the top of a page, document, spreadsheet etc, you just hit Ctrl-Home.  On a Mac, there’s no Home key!  What to do?
    Fn – Left Arrow will get you there.
  2. F2 key to edit.  I use this one a lot – in Windows,  you hit F2 to edit the text in a lot of places – Cells in Excel, file names in Explorer etc..  How to do the same on a Mac?  This is a little trickier.For file names (in Finder) just hit the enter key to get to edit mode.For Spreadsheets is a bit application dependent.  For LibreOffice, Fn – F2 will put you in edit mode in a cell.
    For Numbers you can click in the cell to edit the text, or option-Return will put the cursor at the end of the text in the cell.
  3. Right Click – This may have been obvious to others, but it took me weeks to realize how to get a right click on my MacBook.  Simply two-finger tap the track-pad to bring up the right click menu.
  4. Open a second Finder window.  On Windows, I often have multiple frames for an application up at one time, especially explorer windows for file browsing.  On a Mac, it wasn’t immediately clear to me how to do the same.It’s quite easy – simply right click on the finder icon and choose “New Finder Window” from the menu.
  5. How do I save Word files from Pages?  If you have to live in both Windows an Mac land, you may have to edit documents on both platforms.  You can do this in many, many ways, the cleanest of which is to run MS Office on your Mac, but if you don’t want to pay for that, or your Office 365 subscription is Windows only (thanks Microsoft) then you may have to edit and save Word format docs from the Pages app on your Mac.  Lucky for us, that’s easy too -In Pages, click the File menu, then Export to then choose the format of choice – word, PDF, whatever floats your boat.  Note that for the most part Word formatting works well, but if you have a complex word document, I would not try and edit it in pages and expect that all formatting will work exactly as planned.  Caveat emptor here – if it’s complex formatting, stick to one format or the other – don’t cross the streams – it would be bad.

There are literally thousands of sites to explore looking for tips and tricks for Mac, this is just a tiny tiny sample from my personal experience.  Share if you find more stuff, and I’ll likely post more of these as I find them.

One thing I’ll mention is that the track-pad on a Mac is amazing as compared to it’s Windows counterparts.  Two finger gestures, swipes etc are intuitive (for the most part) and work really well.  Once you get get used to it, its very hard to go back to Windows clumsiness.


Inching ever closer to fan boy –

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Password Best Practices – Protect Yourself!

2015 August 31
Comments Off on Password Best Practices – Protect Yourself!


Been way too long since I’ve posted.  No apologies – life gets in the way.

I wanted to talk a little about password security and the need for two factor authentication.  As I’m sure you are aware, the internet is a scary place, and over the last few years information theft is hitting home for regular folks like you and me.  Home Depot, Target, Sony, Citibank just to name a few have all been hit with large scale targeted attacks where massive amounts of data were stolen.  Identity theft is rampant, and given that most people don’t think about passwords that much, its far too easy for bad people to get your data and do really bad things.

What can you do?

Three simple rules for Password Safety:

  • DON’T use the same password everywhere – I’ve done this so many times, and it is just asking for trouble.  Don’t give the bad guys the keys to the castle  when they break into the tool shed!
  • Use long passwords – the longer the better, but 8 characters minimum.
  • Use complex passwords – mix case, use numbers, use special characters (ampersand, asterisk etc).

How to I maintain secure passwords without driving myself insane or just writing them all down?

There are lots of ways to do this, and I’m not going to pretend like I know them all – but there are a few basics to remember

1) Use a hash

Simply put, this means use a base password that is always the same, then use the site name to generate something unique.

For example, make your base password something easy to remember like your favorite color or your nickname for your partner.  In this case, lets use “fido”.

I want to login to my mail account at yahoo.  I could make my password “fidoyahoomail”  or yahoodotcomfido.

I could get more secure if I split the keyword and added some special characters and replace letters with numbers: “fiy@hooD0” – note the o in fido was changed to a zero.

2) Don’t use all letters!  There are lots of creative replacements you can make for plain letters – use what makes sense for you.

replace all “e” with 3

replace all “a” with @

replace all “e” with # (shift 3)

replace all “o” with 0

replace all “s” with $

you get the idea

3) Use a password manager

There are many out there, but I really like Lastpass (  It’s cross platform so will travel with you to whatever device you want, will generate and store very complex passwords, and probably most importantly uses multi-factor authentication scheme from Duo and several other providers (more about that later).

The basic idea is that you store all of your passwords in one place then use a single password to get at your password “vault”.  I know, this is a single point of failure and what if the password manager gets hacked?  That’s a valid concern and if I’m honest I don’t have a good response other than it’s the best you can do for the moment.  Choose a site (like lastpass) that has good two factor authentication choices so that you reduce the possibility that your master password gets hacked – that way you just need to worry about Lastpass itself getting hacked which will never happen – oh wait

4) Use multi-factor authentication where possible. 

What is multi-factor authentication (also called two-factor authentication)?  Basically it means another way for the system you are trying to access to know that you are who you say you are.  Since passwords can be hacked, a second authentication means that you further reduce the ability for someone to hack the system.  In practical terms that can mean a lot of things – an email with a security code, a text message with a security code, your smart phone fingerprint reader, a USB key for authentication etc.  This is an evolving space, authentication methods are improving all the time.  Check out the FIDO alliance for more on second better authentication methods.

As an aside, when LastPass reported their breech, I was not concerned because I had two factor authentication turned on.  I changed my vault password anyway, but I was relieved that I was protected regardless of the breech.

A couple of DON’Ts are necessary to mention here too –

  • Don’t use names of people you know in your password – wives, children, relatives.  In fact, don’t use proper names at all.
  • Don’t use dates that are discover-able – birthdays, anniversaries.  Nothing that someone can find out if they google you.  You want to use the date of your first date with your wife, or the day your kid said “No!”  for the first time, that’s fine.
  • Avoid simple, easy to guess passwords!  Things like “password”, “abc123”, “qwerty” etc.  When Adobe was hacked, the Stricture group released a list of the most common passwords found from the hack.  Please don’t use any of these!

Really Bad Passwords – these are the top 10 from the Adobe hack:

  • 123456789
  • password
  • adobe123
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123


Passwords are a necessary evil, so please take a little time to come up with a strategy to keep your data safe that works for you.  You don’t have to have a photographic memory to maintain solid security on your passwords, use a password manager like lastpass or come up with a repeatable scheme and you’ll be fine.  Don’t forget about two factor authentication too – it’s an extra step, but totally worth it.

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Origin of the word “Scuttlebutt”

2012 May 9
Comments Off on Origin of the word “Scuttlebutt”
by Andy

Definition of SCUTTLEBUTT


a : a cask on shipboard to contain freshwater for a day’s use
b : a drinking fountain on a ship or at a naval or marine installation
I don’t know why I find this interesting or even mildly amusing, but I do.
This term derives from the butt, or cask, that held drinking water on sailing ships; it was scuttled, or provided with a hole in the top, so that water could be drawn. In the same way that office workers gather around a water cooler to share gossip, the scuttlebutt was the locale of idle talk among mariners. Hence, scuttlebutt came to refer to the gossip itself, and the usage was extended to civilian environments.
Thanks to DWT for this.

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Happy New Year 2010!!

2010 January 1
Comments Off on Happy New Year 2010!!

Happy New Year all, let’s hope this year is better than last ;)

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

How do I boot into Safe Mode?

2009 December 1
by Andy

If you are fighting a virus/malware on your computer, it is best to boot in safe mode before you start removing things and running scans.  If you don’t, it is likely that the malware will likely just re-install itself.  I’m not going to go into a whole tutorial on virus fighting (maybe in a future post) but the basics are as follows:

1) As soon as you notice you are infected, unplug your internet connection or turn off your wireless.  This will prevent the infection from spreading, and will isolate the offending program from its source.

2) Boot into Safe Mode

3) Run your favorite antivirus/anti-malware program.

This post is really about Safe Mode – how do you get there?  There are a couple of ways depending on the operating system you are using.  Here’s the Microsoft Page on the topic.

Windows XP

If XP is the only operating system installed on your computer, boot into Safe Mode with these instructions.

  • If the computer is running, shut down Windows, and then turn off the power
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a “keyboard error” message.  If this happens, resstart the computer and try again.
  • Ensure that the Safe mode option is selected.  If you are trying to clean a machine that is virus laden, choose Safe Mode Without Networking.
  • Press Enter. The computer then begins to start in Safe mode.
  • When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

If you don’t want to bother with function keys, you can use the System Configuration Utility method.

  • Close all open programs.
  • Click Start, Run and type MSCONFIG in the box and click OK
  • The System Configuration Utility appears, On the BOOT.INI tab, Check the “/SAFEBOOT” option, and then click OK and Restart your computer when prompted.
  • The computer restarts in Safe mode.
  • Perform the troubleshooting steps for which you are using Safe Mode.
  • When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab,  uncheck “/SAFEBOOT” and click OK to restart your computer.  THIS STEP IS CRITICAL.  If you don’t change this back, then the computer will continue to boot in Safe Mode until you do.

Windows 7

Safe Mode in Windows 7 is basically the same as XP – use F8 to get to the Safe Mode startup screen.  MSCONFIG is slightly different – Safe Mode is called Safe Boot, but otherwise the process is the same.

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!

10 Facebook Privacy Settings You NEED to Know.

2009 September 2
Comments Off on 10 Facebook Privacy Settings You NEED to Know.
by Andy

I will summarize here, but the full article by Nick O’Neill from is a great read, and something I wish I had written.  Facebook is a great tool, but in a world where information and identity theft is rampant, you need to know how to protect yourself from, well, yourself.

1) Use Friends lists to group your friends into logical groups.  This allows you to grant different access rights to different groups of people.

2) Remove yourself from Facebook search results.  Like the author, my family is chock full of teachers.  For the most part, they don’t want their students to randomly find their personal information from a Facebook search, but still want to be on Facebook for family and friends.  The solution?  Remove yourself from Facebook search results.  You do this from the “search privacy settings” page.

3) Remove your Facebook self from Google search results.  As you know if you Google yourself (doesn’t everyone do this?) your Facebook profile will come up pretty quickly.  You can remove yourself from Google searches from the “search privacy settings” page – uncheck the “Create a Public Search Listing for me …” check box.

4) Control who sees your tagged photos – You can do this from your profile privacy page.  The cool thing is if you’ve set up your friends groups right, you can allow access to tagged photos by group.  That way the photo of you that you don’t want your boss to see won’t get you fired.

5) Control who sees your photo albums – as with tagged photos, not all pictures are for all eyes.  Check out the Photo Privacy Page.  From there you can control who sees what.  Very handy.

6) Control how your relationship status is displayed in news feeds.  Everyone likes to tout their relationship, but do you really want everyone (boss, business contacts) to know?  Uncheck the “Change relationship status” box on the News Feed and Wall section of your Privacy settings.  This will prevent people from seeing changed to your relationship status in their news feeds.

7) Be sure that applications don’t publish embarrassing news feed posts.  Many applications you sign up for post items to your news feed that are potentially embarrassing.  Be sure that you scan your profile every time you install an application, or better yet, avoid applications completely.

8) Control who sees your contact information.  If you use Facebook for business and for personal contacts, you can control who sees what contact information from you using your Friends Groups.  You can add multiple email address and phone contact items, then edit the custom privacy settings for each to control who sees them.

9) Avoid embarrassing wall posts.   Facebook lets you control not only who posts to your wall, but also who can see those posts.  In the Profile section you can change who posts to your wall by choosing “custom” from the “Wall Posts” drop down.  From there you can use your Friends groups to control who posts and who sees what.

10) Like your hands, keep your friends to yourself.  I love seeing who is friends with my friends, but some people don’t want to share, and in some cases, it’s probably not a good idea to share.  Once again, you can customize who can see your friends list using your friends groups.

There are endless ways to control your privacy on Facebook, but you need to take the time to sort through the settings.  Friends Grouping is a great place to start and ensures that you have separation of your business and personal contacts.  Get to know your privacy settings!!

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!


2009 August 20
tags: , ,
by Andy

Another question I get asked a lot is on Wireless security.  People get very confused by the security options out there, and the industry doesn’t help by adding acronym after acronym.  So what do you do?  The answer is fairly simple – secure your network with WPA!!

There are lots of methods to use to secure your wireless network.  The most common is WEP, but that is being replaced by the newer (and better) WPA protocol.  You can also secure the network by allowing only specific computers on the network.  This is simple to do, and doesn’t require security keys and messy settings.  The problem with it is that the data you send wirelessly is not encrypted.  With WEP and WPA, the data is encrypted.

What are these things anyway?

WEP or Wired Equivalent Privacy (see the Wiki for more info) is an encryption protocol developed in the late 1990’s to secure wireless networks.  It offers 64bit and 128 bit encryption using a key generated by a passphrase you enter, but is easily cracked.  Despite this, there are a ton of people who still use WEP since it is the default protection on many routers.

WPA (WiFi Protected Access) is the next generation encryption algorithm that replaced WEP.  WPA uses 256bit encryption keys, and is far more secure than WEP.  It’s not the be-all-end-all, but is very good.  As with WEP, you have the option of generating a security key using a passphrase so that you don’t have to remember a string of random hex digits.  This is great, BUT you have to be careful about the passphrase you use.  DON’T use things like your pets name, your kid’s name, your street, or anything that can be guessed.

The clear answer is to secure your network with WPA.

BUT – do you have to secure your network at all?  The safe answer is yes.

What happens if you don’t secure your network?  That depends on where you live, how close your neighbors are, and how you secure your computers.  Most wireless routers have a range of 150 feet.  That means that if your neighbors are more than 150 feet away, they will not be able to get on your network unless they are standing outside your house with their laptop.

If you don’t change the default security settings on your computers, chances are that even if someone did get on your network, they wouldn’t be able to do much.  By default settings I mean:

  • No shared hard drive locations
  • Remote control disabled
  • Firewalls up and running on every computer
  • Anti-Virus up and running on every computer

Of course, this is not always realistic – I have lots of shared directories, and remote control enabled on my machines because I like to be able to work on any machine from anywhere if I need to.  For that reason, I like to secure the network so that if someone manages to get on they won’t get to my personal files.

The bottom line on security for wireless networks is best practice is to secure your network using WPA.  That said, if you live in a remote area where no one will likely be in range of your wireless, it’s not really necessary, just a good idea.

Add to RSS Feed Add to Technorati Favorites Stumble It! Digg It!