Stop Clickers with Stickers! Security Awareness improvement for FREE!

Let’s see now, over the last several years working in IT Security and Security Awareness a few things have become crystal clear;

  1. Technologies are super easy to patch, you just need a process and a little buy-in.  After patching the risk is minimal.
  2. People can’t be patched, even though sometimes we really wish they could be.   After security awareness training the risk is still present, albeit hopefully minimized a degree.
  3. People need to be aware of security at all times, it has to become part of the business culture. Worrying about end users is what keeps me up at night–our business is one click away from losing brand reputation, money, private information or even (swallow hard) the IT Security guy’s job.  Generic security awareness is not good enough.

What if we security practitioners could keep security on the minds of employees all the time?  What if there was an easy way to keep people focused and thinking about the dangers of phishing emails, malicious websites and generally being more pro-security?   Sounds great right?  Where do I sign up?    Haha!  If it were only that easy!

Combining that need with some of the motivators I’ve experienced over the years gave me an idea;  What if the ‘free stuff’ phenomenon could actually drive down my phishing click rate?  Jeez…if it worked it would solve one of my main problems with security awareness, (the ‘awareness’ part for about 10% of end users)   and do it in a way that is positive all around!    Although in it’s infancy, I’ve been experimenting with this new method of ‘security through free stuff’.  Here’s how it works;

At security and IT conferences, I collect as much schwag (free promo materials) as I can, looking especially for the nice stuff (no offense to the pen-peddlers, but you guys really gotta up your game).  You know, Tshirts, cool laptop stickers, flashlights, rocketbooks, light sabers and other geeky stuff and gadgets.  Sign up for it all!  (then screen your calls for the next year…)  Then when I get back to the office, I give that stuff away like it were Aunt June’s fruitcake–but only after sneaking in a learning experience to unknowing end-users.   For example:

A recent email I sent to the IT group — ‘You can win this new cloud shaped stress ball, laptop sticker, pair of earbuds and a multi device charger if you answer the following question:   “According to Verizon’s 2017 Data Breach Executive Report ,  what percentage of breaches were caused by weak or stolen passwords?”‘

Have the target audience send you the answer and raffle the schwag, keep track of the names in a txt file, then paste them in and randomly select a winner on a random selector site like http://www.miniwebtool.com/random-name-picker/      In this case there are actually two answers, although they are very close to each other–probably a rounding error!   But for those who give two answers, you have to assume they read the article fairly closely.  winning…Winning…..

Another idea is to have people reply with one security issue they have noticed in their work environment, and have each offer a possible solution to mitigate it.   This could work great for an IT team, because we all know of one area or another where there is a hidden risk that others may not be aware of.  It also give the security guy information into the inner working of every IT employee, including the risks and potential threats in their environment.  Mmuuhhaahahah!  Now you are getting it, right?

The great thing about this is it’s fun, it’s free and it disarms those people who are already grumpy about security by giving them something of apparent value for FREE!  The psychology behind this is fascinating.  Check out Rick Paulas’s column entitled “The Strange Effects of Free Stuff; How the allure of free tricks your mind into accepting irrational options”   In that article he talks about the ‘Zero Price Effect’.

“When people are offered something for free, they have this extreme positive reaction that clouds their judgment.”

Haha!  Clouds their judgment!  Hey, if that helps someone to NOT CLICK something, I’m all for it!

 

Hey y’all…If you’ve made it this far, maybe you’ve got an idea or two to share!  Share your ideas and suggestions below!  Or if you would just like to send me some schwag and help the cause, contact me privately: nerd at nerdosaur.com!

 

Ubiquity nanostation loco m5 installation-FarmYardWiFI

Recently I had the opportunity to expand the wireless signal from a farm house to the entire yard and outbuildings using Ubiquity hardware. I had heard of the company, and saw many good reviews for the products. It seemed like Ubiquity was an enterprise level wireless solution, at a consumer price. After the install I was not disappointed.
The signal strength and coverage coming from the wireless AP’s and point to point links was more than I had expected.

Below is a aerial shot of the farm, and the methods I used to create the links. This solution would be great for any outdoor wireless needs. You could use it on a campus, lake home, backyard or for beaming wireless between buildings at the office. The devices are very easy to configure, and can be put in AP mode, repeater mode or station mode. If you are so inclined, you could create a mesh of several wireless devices and cover huge areas.

Map of farm yard wireless configuration

Link 1
From the house to the shed, I named the SSID ‘link1’ because I wanted to differentiate between wireless links to avoid confusion. On the house, we drilled a hole through the siding and into the crawl space, and ran an ethernet cable from the nanostation and into the network switch in the house. We mounted the nanostations with a couple mounting brackets (click for link to amazon)  , and mounting arms . This helped to make quick work of the wireless mounting, and the brackets help you to aim both sides of the point to point link very easily without having to adjust the entire arm.

On the shed side of link1, I used the included POE injector to power the radio, and installed a small linksys switch to the inside wall of the building. This gave me full network access to devices in the shed through the switch, and also allowed me to extend a network cable to the back of the shed to be plugged into the 2nd
nanostation that would be the access point for link2.

After a quick configuration using the built-in web on the devices,link 1 was up and running. To extend the wireless signal throughout the farm yard, a Ubuiquiti UniFI AP Outdoor 2×2 MIMO AP  was installed on a pole on the top of the shed. It was simply plugged into the linksys network switch using the included POE injector and mounted to the shed. Configuration is different for these devices, they require the included Ubiquity UniFI software to be installed on a computer somewhere in the network. The AP’s come up with a preconfigured IP address and you manually register them to the software. This helps to keep all the AP’s consistent as they all are centrally managed, and share the same SSID and security settings. The Outdoor MIMO and the nanostation loco m5 have survived some violent storms, rain, wind, and hail that destroyed nearby outbuildings, and they never need a reboot! They are very reliable.

Link 2

Link 2 went from the small shed at the end of link 1, to the large outbuilding in the photo.  We mounted the m5 on the far end of the building to avoid snow and ice falling from the slanted tin roof in the winter.  Inside the building we used another small switch.  From the switch we ran a Ubiquity access point to cover the inside of the building.  This building is double lines with tin and insulation, so we didn’t get any signal from the yard AP’s, unless you had the large doors open.  The single ap covers the inside very nicely, and since we used the same Ubiquity software to configure it, there is no need to have additional SSID’s.

Finally, we added another outdoor MIMO on the north end of the building for additional yard coverage.

You do need some technical ability to set up a system like this, but overall it was not a difficult project.  Just remember you are ‘bridging’ from your network and set everything up accordingly.  By not adding additional networks, you remove the complications of having multiple networks.

Here’s another similar project from modernfarmer.wordpress.com

 

Finding personally identifiable information (PII) with PowerShell.

Good network security involves defense-in-depth. This means that you should implement several different defenses to keep your network, platform or computer secure. The first part of a good defense is to keep the bad guys out of your network using a firewall, but in the event that they circumvent your firewall you need ‘plan B’.   Plan B in this example could be application whitelisting on your devices, strong passwords, anti-malware, anti-virus, PC firewalls, least privilege network design etc. Okay, that’s all great– but what if bad guys are able to circumvent ‘plan B’?

That’s when you need to know what is on your network that they might want. If you have a server with personnel files or credit card information, that will most likely be the first place many miscreants would attack. But did you know there could be a goldmine of private information on your PC’s and you don’t even know it? How much is the data on your PC worth? Brian Krebs has in interesting article called ‘The scrap Value of a Hacked PC’   The data on your PC may be worth more than you realize!
There are several tools out there that can find PII on your computer, but one easy and fast way is to run a powershell script. You can even use this script to find PII on other computers in your network. (Yes, if a bad guy gets in he could easily run this script against you and your network using the tools you currently have on your PCs).

Simply open Powershell and paste in the following scripts to check your computer for SSN’s. When the script is finished, it will write a CSV file with the results.

Find SSN on remote PC
Note: Your credentials must be allowed on the target PC, adjust the path to suit your needs. The UNC path syntax works for all of the examples below to hit remote targets.
Change computername from ‘mypc’, and username from ‘myusername’ to your target computer and username
Change the path to a local path to scan locally, for example c:\users\fred

REM+++++++++++++++++++ – Finds SSN with space or dash (-) between numbers on a remote PC++++++++++++++++++++
Get-ChildItem -Path “\\mypc\c$\users\myusername\desktop” -Recurse -Force -Include *.doc, *.docx, *.xls, *.xlsx, *.txt, *.pdf, *.ppt, *.pptx | Select-String “[0-9]{3}[-| ][0-9]{2}[-| ][0-9]{4}” | Select-Object Path, Line, LineNumber | Export-Csv “c:\ssn_pii.csv”

Now that we’ve established we can look for ssn’s, let’s scan for files on your PC with the word ‘Password’ in them.

REM+++++++++++++++++++ – Finds ‘password’ in documents, and saves to csv file
Get-ChildItem -Path “c:\users\” -Recurse -Force -Include *.doc, *.docx, *.xls, *.xlsx, *.txt, *.pdf, *.ppt, *.pptx | Select-String “[P|p]assword” | Select-Object Path, Line, LineNumber | Export-Csv “c:\passwordPII.csv”

Now let’s scan for credit card numbers on your PC:

REM+++++++++++++++++++ – Finds any cc numbers in documents, and saves to csv file
Get-ChildItem -Path “c:\users” -Recurse -Force -Include *.doc, *.docx, *.xls, *.xlsx, *.txt, *.pdf, *.ppt, *.pptx | Select-String “[4|5|3|6][0-9]{3}[-| ][0-9]{4}[-| ][0-9]{4}[-| ][0-9]{4}” | Select-Object Path, Line, LineNumber | Export-Csv “c:\CC_PII.csv”

I’ve found that some of these scripts give false alarms as there are a lot of temp files with all sorts of numeric data in the, but the goal here is to find obvious breaches in your security at little to no cost. If you want a full detailed report and automatic scans, you probably should be looking at a fully supported software solution.

Now that you know how easy it is to find PII on your computers, clean them up and be careful where you use and keep your private data!

Add a Report Phishing Button in Outlook

Add a ‘report phishing’ button in Outlook; forward spam and phishing emails to your internal security team the right way!

 

PhishMe offers a great solution for the enterprise with its anti-phishing training and phishing simulations.   The service also provides an easy way for end-users to report the messages to their IT department and use for statistical tracking.  Their solution for end-user reporting is an add-in in Outlook, providing a simple way for the end-user to click a button to report messages.   I wanted the same thing for my security program, but we didn’t contract with PhishMe,  so I needed another solution.   I didn’t want to enlist a developer to create an Outlook add-in button, so  I came up with a relatively easy solution.   If you are good at scripting or have some workstation management tools this should be no problem to implement across the enterprise.   Below are the steps you can use to reproduce a  ‘report phish’ button in Outlook that automatically sends your security or IT department a full copy of the phishing emails.   It also does much more that forwards the email, it sends the junk mail as an attachement in an email, preserving the message headers that will be needed for forensics.

 

  1. Install the Microsoft Junk Email reporter add-in for Outlook 2010 or 2013. The download can be retrieved at  https://www.microsoft.com/en-us/download/details.aspx?id=18275

 

  1. Open Outlook and verify you now see the junk options in the ribbon.

Outlook phish button

 

 

 

 

 

  1. phishing outlook button 3Right click a blank space in the ribbon and choose ‘Customize Ribbon’. On the right side, under “Customize the Ribbon” select Main Tabs, and expand the Home (Mail) tab.  Click the ‘New Group’ button and rename it to be something useful “report junk” or “report phish”.

 

 

 

 

4. Next, select the  ‘report junk’ button on the left side, and add it to the ‘report phish’ group you just created by clicking the ‘add>>’ button.    Rename it and give it an icon of your choice.  Now you should have a new icon in your main mailbox view that you can use to report junk.  By default, the add-in will only report the junk to Microsoft, however with a registry hack you can blind-copy  (bcc) an email address of your choice.  the full junk mail message will be sent as an attachment, with all the header information that is missing from a forwarded message.   This works great for sending to an IT department or a security operations center (SOC).

outlook phish 4

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Your Outlook ribbon should now look similar to this:

outlook phish button toolbar

 

 

How to report phishing to your IT department across the enterprise.  If you want the junk email reporter to forward to your IT department, add the destination email address to the registry using the following registry key.  (Typical registry hack warning here, don’t do this if you don’t know what you are doing…)  You can also copy the following lines and create your own .reg file, I’ll leave that up to you.   Replace the email address in the code with the address that will get a copy of the message.

“Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Junk E-mail Reporting\Addins]”BccEmailAddress”=”phishy@yourdomainhere.com”

 

 

  1. (Optional) Open up an email in outlook.  Since Outlook uses a new ribbon for this view, you have the option of putting the new button in the mail-read view too.  Now repeat steps 3-6 to create a button in the mail-read view if you choose.

 

  1. Now that you have created the new buttons, test them to make sure they work using an email address of your choice.

 

  1. If you want to apply this to multiple computers across the enterprise, there are several ways you can do it. Use a script, SCCM or a workstation admin tool of your choice.  Make sure the following three requirements are met on your PC’s and you should be good to go:
    1. Verify that the junk email reporting add-in is installed.
    2. Copy the .reg key from step 7 to all computers, or manually edit the registry with the email address you want the junk email to be forwarded to.
    3. From your working, test computer, find the files called olkexplorer.officeUI and olkmailread.officeUI  in C:\Users\%username%\AppData\Local\Microsoft\Office\     These files contain the ribbon info that you just created.  You can copy them to the user’s profiles, overwriting the files that are currently there.   *note, this may delete previously created custom ribbons if they exist.   It may be a good idea to rename the old files first.
    4. Restart outlook

I’ve noticed that this does not work in 64bit Office installs, I assume this has something to do with the junk email reporting add-in.  These instructions will work with Windows 7 and office 2010, and 2013.    It takes a little effort to get this working enterprise-wide, but when combined with security training and phishing simulations it gives you some great information on how end-users react to phishing emails.  It also empowers the end-user.  They are now becoming part of the solution, instead of part of the problem.

I really like to hear from you!  Let me know if you try this, or if you have any other solutions to make life a little better while fighting spam and phish attacks!

 

 

Scams, Junk, and Phish

I run across a lot of spam, junk and phishing emails.  Sometimes I do a google search and try to see if any other organization gets the same type of phishing messages, because I like to know if it’s a broad campaign or targeted.  Well, here are a few that I’ve seen recently, hopefully I can return the favor.  There is also a great service called ‘phishtank.com’ that allows you to submit questionable phishing messages and members vote on them.   It’s a great way to see what is out there to prepare yourself or your employees for future phishing attacks.

From the domain “takemynumber.com”.   I’m not sure what the scam is, but they definitely want a response: 

Hello) My name is Olga. I live in Moscow.

I found out your page on the Internet and I was curious about you.
Tell me, please, what are you doing now and how do you spend your life in general?

In fact, you’re interesting to me as a personality, and I want to communicate with you in the future.

Please answer me, i’m waiting.

 


From a gmail account…..I’ll bet I know where this one is going: 

Dear Friend,

Complement of the day to you and your love ones

I hope my email will arrive to you at good time.
My name is Dr.Abdirizak Suwaidi-Ali. From Damascus Syria.
I am now 64 years old and retired. I was former personal investor & financial consultant advisers to
a Top Politician here in SYRIA.

Why I’m contacting you is to know if we can have a personal conversation.
Whatever truth you may brief me will be highly recommended.
Tell me more about your country, how good it will be to invest in your country.
Such as buying of properties, or real estate and some tourist places or any profitable investment venture that will yield good profit.

I will appreciate whatever result you may brief me.
Do let me know your idea and knowledge regarding this or any other profitable investment venture you may suggest.I have the total of US$22,300,000.00 that I deposited in South east Asia and I am willing to order the transfer of the money to you for investment if you’re interested with my proposal.

In my next mail I will explain the full details of the project and interest, and then we reach an agreement on what will be your share from the money or investment.I shall tell you more about myself when I read from you.
You may as well tell me little more about yourself when replying.

Looking forward to your early reply
Thanks and best regards
Dr.Abdirizak Suwaidi-Ali
Damascus,Syria: 6:15 AM.

 


From a yahoo.co.uk email address.  Too bad I’m not reliable or trustworthy or I would have responded:

Attn:  Sir

Apologies for the manner at which i am approaching you.I am a reputable Fund Manager with one of the worlds largest investment companies. I handle all our Investors Capital Project Funds which enabled me to divert 1.2% of Investors Excess Return Capital Funds to our Magellan Trust Funds Account where any one can be presented to claim the funds.Total sum of, forty five Million, Seven Hundred and Forty Five Thousand British Pounds (45,745,000.00)BP has been diverted, representing 1.2% of Excess Return Capital Funds from the Investor Capital Project Funds for 2010/2011 fiscal year.

I need a reliable and trustworthy person with whom I can work this deal out so that we can claim the funds as mentioned above. There is no risk attached and the funds in question can never be dictated or traced. Be informed that i will handle the expenses that may be required in this business deal.

Sincerely,

Anthony


More fun stuff:

Dear email@yourdomainhere.com,

Recently we received some notifications regarding your account:, which might be due to recent changes made in your email or irregular login attempts on your account.

We will ensure that we block your account if we do not hear from you. Please kindly click the link below to stop this attempts and reclaim your account.

 

Continue verification <http://www.agriculturabiologicodinamica.com/tmp/godaddy/index.php?login=email@yourdomainhere>               

Thanks,

The Email Team

This email has been sent from an unmonitored email address. Please do not reply to this message. We are unable to respond to replies.

2015 Email Administrator Inc. All Rights Reserved. | Privacy policy <http://www.agriculturabiologicodinamica.com/tmp/godaddy/index.php?login=email@yourdomainhere.com>


from instant@chase.com (obviously spoofed since domain is legit).  Grammar not-so good…

Dear Customer,

This is to inform you that on 22th June, 2015, We will discontinue support on your account and security.

If you choose not to update your account on or before 30th June, 2015, you will no longer have access to your account

Take a minute to update your account for a faster, safer and full-featured. 
 

Click Here To Update Your Account Now   (points to chasepluse.com when you hover over the link)
Thank you for being a valued customer.

 

Sincerely
Online Banking Team

 

I’ve seen a lot of these lately, all have zipped attachments with an .SCR file in them that, according to virustotal.com, are infected with Zusy malware.   This one had the subject:  Perfect Work!

Congratulations ! You will gain a 35% rake-off for the last sale. Please view the these materials to get to know the total sum you’ve taken.

Every day you show that you are the major force of our team in the world of trade. I am sublime and grateful to get such a capable and able dependent. Keep up the great work.

With best wishes.

Michelle Pearson Director


 

This one was very similar to the last, again had the same attachment with a renamed scr file zipped up.

We talk few days ago. We have thought about your concepts how to refine company’s production and financial revenue. Your offers sound very inspiring and we definitely need such a genius like you. We believe your programs are workable and need to implement them. Applied are our increase graphs and processes guide. Please look through them and if you will have any questions ask about it. In addition write a brief program thereby we will confer about the details of every paraghaph./r/n We are looking forward to your reply ASAP !

From Mark Zirolli <MZirolli@controlmod.com>  

Has a zip file called donation.zip attached to the email

We are dedicated to fostering new talents and we believe that your abilities and initiatives are really noteworthy.
To help you we would like to offer a donation of $1000. See the attached to find out the check.

 


 

From: darren <darren@qepvno.com>

Subject: Agnes Bogan direct infrastructure representative

This spam message contained a zip file with an exe file called “implemented client-driven software.exe” that contained some sort of virus according to virustotal.com

The aim of this e-mail letter is to let you know that, according to nonpayment, your bank account has been placed on credit hold status, and will stay on so until your balance will be completely settled up.

Your attention to this question is extremely encouraged. Kindly check out the attached and write to us as soon as you can.

Sincerely Yours,

Collection service

How to Manage Spear Phishing Threats

For the last few years, the number of spam emails seems to have gone up drastically.  Along with this, the danger of the emails has increased significantly as well.  Now that most of the pharmaceutical emails are being blocked either in the cloud, or at the network perimeter, most of what is left is zero day viruses and malware or other heinous exploits that can wreak havoc in the network.  Often, this malware can steal passwords or other private information, or take your files for ransom and cost you hundreds of dollars, lost productivity and employee time.

This is one of the areas of network security we are constantly watching and trying to stay ahead of.

There are two basic types of spam email

  1. Spam: Unwanted and unsolicited email advertising for legit, or not-so-legit products.  Often including pharmaceuticals that should not be talked about in polite company.   Spam is literally ‘spammed’ to thousands of recipients, with the hope that a few make it through the spam filters and someone buys the product.
  2. Phishing: Phishing is sent in a similar fashion, but the end motive is much different.  Phishing emails are sent to trick the recipient to click on an embedded link or an attached file so that malware can be installed.   The malware can do anything from encrypt your files (ransomware), to exploit a weakness in an application on your computer, which can lead to the bad guys completely taking over your computer, or using it for illegal purposes.

 

Phishing can be broken down even further.

  1. Spear fishing: The bad guy does some reconnaissance and finds out some specifics about who works at company and what their job is.  Then specifically targets that individual with an email that looks legit, but has fraudulent intentions.  For example, a bad guy may find out you work in accounts payable and may send you a fraudulent mail asking for money to be wired to a new account.  This can be especially troubling if the bad guy has done some good research and knows your clients.  They can then spoof the domain of your client and send you a legit looking email.   It’s a good idea to keep as much information that can be used this way from the internet. (Specifically LinkedIn or Facebook).  Keep your information private, especially when it comes to business and partners.
  2. Whaling: Where would you go if you wanted to steal as much money as possible?  Well to the people who have access to the money, silly!  This is called whaling for obvious reasons, they go for the big fish—maybe your company’s CEO/CFO/CIO/President/VP.  If they don’t have good training in phishing and network security, your whole business is at risk.   I have personally seen many attempts at whaling and they look something like this:

CFO gets an email from the CEO asking if the wire to xxx company has gone through yet, they need it done now! CFO believes they missed the first email so obviously the CEO is angry because they are late in acting (or so the bad guys would have you believe).   The CFO, recognizing the email is from the CEO (a spoofed email) acts quickly and wires the money to the account in the previously attached PDF file.

Managing the fraudulent email threat

So how do you protect against this type of threat?  Well, most businesses are using some type of malware protection, spam filtering, anti-virus software.  That is a good first step, and is needed for a solid foundation in email and network security.   However it doesn’t protect you against the latest trend in malware which uses zero day exploits that traditional antivirus can’t detect.  Antivirus is signature-based, and there is time needed to create the signatures and get them to your PC.  Spam filtering is typically signature based as well.  Zero day exploits are called zero day because they come out quickly before any signatures can be written.    Bad guys are always looking for weaknesses in your protection, and you will always have weaknesses.  The best way to stop spam from infecting your PC or network is to train your employees about the threats of phishing, spam and unsolicited email.

Emailed malware or fraud attempts will not work 100% of the time when users don’t click the email link, or don’t respond to the suspicious request.  

100% is a pretty good number, and it can be achieved through non-technical means—training.

Fraudulent Email Security Training

A great way to train employees to not click is to send them simulated phishing messages.  Study some of the phishing email examples, and try to reproduce them.  Focus especially on those that are the greatest targets.   The focus here is not to humiliate your employees, but to let them know this is a significant problem and you are here to help.  It helps the company, but will also help the employees in their personal digital world when they leave the office.   There are some great partners in the cloud to help with this, and many offer free trials to check out their services. Here are a few:

 

Phishme.com   Excellent resources and education.  Easy to use and offers a nice Outlook add-in that employees can use to report the email to IT.  (This can be done for free using Microsoft’s junk email reporter, but I digress…look for more details  in a future post)

KnowBe4.com  Great service that includes Kevin Mitnick Security Awareness training videos.   The videos seem to be more ‘real world’ than the others I’ve seen.  They really explain the threat from an end-user perspective, and are very valuable in helping employee awareness.   The simulated phishing is 2nd to none, having many email templates so you can adjust your training based on your company’s  threat levels.

Phish5.com   One thing I can say about phish5 is that their price is right.  When I looked at them they were very affordable, and had many email templates that could be used.  The only issue I had with them was their inability to provide me with customer testimonials, they didn’t follow up when I asked.

Others   There are many others out there, and more coming all the time.  Post below any that I missed or you have experience with.

 

 

From the IT perspective

I’ve found a few home-grown solutions to help the IT department track phishing emails with the help of employees, but I will save that more technical discussion for another post.  The key here for IT is to know your enemy.  Do you know what emails are getting sent to your employees today?  Do you know how they currently respond to the emails?  Do they regard clicking on that spam as a serious problem, or are they relying on IT to fix it if something happens?   These are all good questions to ask, and I suggest you gather as much information as you can now, it will come in handy when you develop a training program.

There are several ways bad guys can get personal information, many include the traditional hacking, bad passwords, unknown or forgotten ingresses to the network (think wireless or VPN), unscrupulous vendors, and even disgruntled employees.   All can be major security issues for your organization.  Review and know your network, and train employees on the basics like phishing, password complexity and other things you take for granted working in IT.  Remember, network security is becoming everyone’s job, not just IT.   Spread the love!

Office15 ‘couldn’t install’ problem

I recently ran across a very frustrating problem with Office 15 (Office 365/ Office 2013).  After uninstalling office on a Windows 7 computer, I could not reinstall it.   The error I received was ‘Couldn’t Install’.  We’re sorry, we had a problem installing your Office programs(s).  I could not find any additional errors or issues in the event viewer, or on the filesystem.

ms office15 install error

Here are things I tried:

1.) Ran MalwareBytes, and Combofix to check for malware.

2.)  Disabled AV and Firewall.

2.) Ran the MS Fix It Tool from here: http://support.microsoft.com/kb/2739501

3.) Manually uninstalled Office using https://support.office.com/en-us/article/Manually-uninstall-Office-2013-or-Office-365-1d1110d5-75a4-4154-969e-4260ff29b232?ui=en-US&rs=en-US&ad=US

4.) Restarted the computer after turning off all non-Microsoft services and startup apps by through ‘msconfig’.

5.) Thinking that my D: drive (that was low on disk space) was causing problems, I resized the partition using EaseUS free.

After all this, I was getting the same error:

The Solution

I looked through the file system and found a couple folders that were office365 related and deleted them.  The folders were under the ‘ProgramData’ folder (they are hidden, so you need to unhide them through Windows Explorer).  Here are the folders I deleted:

c:\programdata\office*

(anything that started with office was put in the recycle bin).

After deleting these files, the install immediately ran–no need to reboot.

Hopefully that saves you a few hours of frustration, I know I would have liked this info earlier in my troubleshooting!!

 

 

Fun with Gimp, Cats and Bo Pelini

I’ve been working with some web images, and decided to have a little fun to learn how to use Gimp and InkScape better.  So I took a picture of my cat after she jumped into a tiny cardboard box.   Somehow she defied the laws of physics getting into that thing. After ‘photoshopping’ her several different backgrounds she really defied the laws of physics (and nature).  I used Gimp to remove the background of the photo, then superimposed her in interesting places! Here is the original image:

 

cat in box

 

 

 

 

 

 

After taking the image, I opened it in GIMP and started removing the background.  To do this, grab the magic wand tool and select an object in the background that you want to disappear, then choose “Layer | transparency | add alpha channel”.  Hit delete after each selection to remove it.   Keep working until all the background is gone, then clean up by selecting the background with the box tool or lasso tool and hitting ‘delete’ on the keyboard.   You should end up with only the object you want, and a checkerboard background.

Cat in small box

 

 

 

 

 

 

 

Now the fun begins.   Select an image from the internet that you want to use for your background and copy it.  (In Chrome, just right click and choose ‘copy image’).  Then open Gimp, and select file | create | from clipboard.   This builds a new Gimp canvas that matches the image you copied earlier.

Now go to your image with no background (in my case, the cat in a box) and select it with the Rectangle select tool and copy it.  Now go to your background image and paste it in.   You may have to resize your image to match, do this by going to the menu and choosing layer | scale layer…

Below are some fun images I created.  It’s a great exercise in creativity and fun!  Some of the images I used the ‘eraser’ tool to cut off parts of the bottom of the box to get a better perspective. I also copied and pasted a few nearby parts of the image to make it look a little better.

smokey surf small

 

 

 

 

 

 

smokeyr2d2small

 

 

 

 

 

Lebron with Cat in box

 

 

 

 

 

 

 

Cat in box in eagles nest

 

 

 

 

 

 

 

Cat in Box frisbee golf

 

 

 

 

 

 

 

Mordor cat in box

 

 

 

 

 

 

Cat in box meme

 

 

 

 

 

 

cat in box litterbox

I had to flip Smokey horizontally to get the right look on this one..  🙂

 

 

 

 

 

 

 

and finally, a little fun with Bo Pelini and his love for cats….

Bo Pelini with cat in box

 

 

 

 

 

 

Bo Pelini cat in box

 

 

 

 

 

 

 

 

Have fun with it!

 

I Can Haz WiFi on Plane Flight?

wifi on plane flightI will be the first to admit that I don’t always own the latest and greatest technology.  I was one of the last people on earth to get rid of my old tube TV, I am still living without surround sound (*gasp!), and my car is over 10 years old, has nearly 200,000 miles and is somewhat embarrassing to drive.    Years of lean living has led me to a place where I have learned to find the ‘sweet spot’ when making an investment of money.    You know, the place where economy meets practicality–where you  can feel good about saving money and still have all the benefits of living in the 21st century.

Now I feel like I’ve really splurged, and I am having  a tinge of guilt because of I took the bait and connected my tablet to WiFi on a recent two hour  Delta flight.   I realize now that this technology has been around a while, but as usual, I was probably one of the last to experience  in-flight WiFi.

I have to admit that the WiFi worked better than I thought it would, there were no noticeable drops or slowdowns even though my flight flew over some of the most desolate country in the U.S. (sorry if you are from Wyoming.  I mean no offense;  besides, I think you know exactly what I mean).

When I got back home I decided to do a little research to see how they do that, ’cause that’s what I do.    What I found was very interesting:

The service that Delta uses in flight is provided by a company called Gogo. Gogo is a company based in Itasca, Ill that has equipped over 6000 business aircraft, and over 2000 commercial with their in-air service at the time of this writing.   Gogo uses several different technologies to connect passengers connected while in air.

Air-To-Ground (ATG) Gogo’s ATG network is a cellular based network that has more than 160 towers in the continental U.S., Alaska and soon, Canada. The towers are cellphone towers that have been outfitted to point their signals at the sky rather than along the ground. The aircraft picks up the signal through a receiver installed on its underside. When it reaches the aircraft, the data signal is distributed throughout the cabin via a Wi-Fi system.

ATG-4 Gogo’s ATG-4 service has enhanced the existing network (ATG) and improves per aircraft capacity through the addition of Directional Antenna, Dual Modem and EV-DO Rev. B technologies. This new platform is backwards-compatible and allows for upgrades to existing ATG systems through low-cost retrofits. ATG-4 is expected to enhance Gogo’s existing ATG network and deliver peak speeds from current performances of up to 3.1 Mbit/s to up to 9.8 Mbit/s per aircraft.

Ka-band satellite Gogo was named a service provider for Inmarsat‘s Global Xpress satellite service in November, 2011. Inmarsat also selected Gogo’s business aviation subsidiary, Aircell as a distribution partner for the business and government aviation markets.

Ku-band satellite Gogo has satellite agreements in place with SES (for coverage over the U.S., Atlantic Ocean and Europe) and Intelsat (for coverage over portions of the Atlantic and northern Pacific oceans, as well as routes over South America, Asia, Africa and Australia). Gogo has also signed an agreement with Intelsat for Ku band satellite capacity specifically for coverage in the Atlantic and northern Pacific oceans, as well as routes over Central and South America, Asia, Australia and parts of Africa. Gogo announced in May 2012, that it will partner with satellite equipment provider, AeroSat, to bring a Ku-satellite solution to commercial airlines. A Ku-satellite solution will allow Gogo to offer airlines connectivity services that extend beyond the United States, including transoceanic routes, and will serve the needs of some of their airline partners in the near-term until Inmarsat’s Global Xpress Ka band-satellite becomes available.[7][8][9]

Gogo Ground to Orbit Gogo’s newest service is a proprietary hybrid technology that combines the best aspects of existing satellite technologies with Gogo’s Air to Ground network. This technology uses satellite for receive only and Gogo’s Air to Ground network for the return link to the ground. Gogo GTO offers peak speeds of 60 Mbit/s or more to aircraft flying throughout North America and will be available in 2014. This new service is expected to increase speeds by more than six times the current performance.Virgin America will be the launch partner of the new service.[10]

Technology for business aviation For the Business/corporate aviation market, Aircell, a Gogo company, offers three different inflight technologies: Iridium Satellite, Inmarsat SwiftBroadband (satellite) and Gogo Biz (ATG and ATG-4).

 

Pasted from <http://en.wikipedia.org/wiki/Gogo_Inflight_Internet>

 

For those of you who just skimmed over that little blurb that I stole from Wikipedia,  let me summarize:

This is how it’s done:  Using  cell towers that are outfitted with antennas that point toward the sky,  and satellites.

 

Think of it as a simple mobile hotspot running traveling at 600mph at 30,000 feet.   All this,  and  just so you can browse to google or enjoy the latest cat memes.   I guess you could do real work too (if you really wanted to.)        Oh, and one last note, you can download coupons for Gogo from retailmenot or other coupon sites.  Have a few of them ready if you decide to rent some bandwidth while flying, it can save you some money (that’s for those of you who can relate to hitting that ‘sweet spot’ I mentioned earlier).    Just remember next time you fly, “Yes,  you can haz wifi”.

Cisco USB console driver for 5508 Wireless Lan Controller

cisco 5508I have been setting up several Cisco 2504 Wireless LAN controllers for branch sites lately, and just got in a Cisco 5508 WLC for a larger branch.  I had a little trouble finding the USB console driver for the 5508–Cisco’s website took me to a .inf file that does not work in Windows 7 64bit.   I found the correct USB driver and thought I’d post it here.

By the way, check out the 2504’s if you are interested in saving a few bucks (a few bucks in Cisco talk can add up to real money, about $3Grand per in our situation)  but having nearly the same versatility as the 5508’s.