February 24, 2008

E-mail Spoofing

I have received a number of questions lately about e-mail spoofing, so today, I will discuss the topic and let you know what you can do to fight against this type of e-mail identity theft. Let's get started!

For those of you who have never heard of this, here is a little information about e-mail spoofing.

Email spoofing is a common e-mail trick used by spammers and phishers. It involves changing special information on an e-mail header. The header of an e-mail is not usually seen by the reader, but it contains important information about how the e-mail is displayed. When an e-mail is spoofed, the header information is changed so that the e-mail appears to come from someone who did not actually send it. Have you ever received an e-mail that says it's from your buy viagra on line own e-mail address, but you know you didn't send it? That's a spoofed e-mail.

Now that we all know what e-mail spoofing is, it's important we understand what causes it. There are a couple main reasons why e-mails are spoofed. One way is by spammers and phishers and the other is from a virus.

If an e-mail address is spoofed by a spammer, it's likely that the spammer is actually a computer and not a real person sending out one e-mail at a time. Spam bots can send out millions of e-mails a day and they use spoofing to get around the filters that try to block the messages they send. A spam bot will usually do one of two things when spoofing e-mail addresses:

1.) The spam bot will send e-mails with random spoofed e-mail addresses. This means that every e-mail they send will appear to come from a totally different person.

2.) The spam bot will send e-mails to your address that appear to be coming from your address. This means you will get e-mails that appear to be from yourself, but you did not send them.

If an e-mail is spoofed by a virus, you will see similar results. The main difference is the spoofed e-mails will look like they're coming from people you know. In order for the virus to spread, it will spoof the addresses that are located in the Contacts folder of the infected computer. That way, the recipients may be fooled into opening the e-mail, thinking it's coming from someone they know.

Right now, there is a huge debate going on in the tech world about how to stop e-mail spoofing. With the current protocol used to send e-mail (called SMTP), anyone can change the header information and send out a spoofed e-mail. There are no restrictions on the technology to stop spoofed e-mail from being sent. Hopefully, within a couple years, we will see a new protocol for sending e-mails that will not allow a spoofed e-mail to be sent out.

Until then, here are a few things you can do to try and fight against e-mail spoofing.

If you feel like you have received a spoofed e-mail, you can do some digging and report it. The first thing to do is look at the header of the e-mail. Finding the header is a little different for each e-mail program. In Outlook Express, right click on the e-mail's subject line and choose Properties. Next, go to the Details tab and you will see the header. If you don't use OE, look for a View Header option in your e-mail program.

Here's what a normal header looks like:

As you can see, it's pretty complicated, but the good news is you only need a little bit of information from the header. If you look at the header, you can see the e-mail is from gary@worldstart.com. This is a non-spoofed e-mail.

Here's an example of a spoofed e-mail:

In this header, you can see the message says it's from smtp007.bizmail.sc5.yahoo.com, but the Reply To message at the bottom shows aw-confirm@ebay.com. This is a spoofed e-mail.

When you have a spoofed e-mail, you should contact the domain of both e-mail addresses, as well as, the FTC's spam fighting division. To do that, copy the header information and paste it into a new e-mail. Address the e-mail to the company that is being spoofed. If they are a larger company, they will have an address to contact for abuse (which is usually abuse@theirdomain.com). In this case, it would be abuse@ebay.com. Also, address the e-mail to spam@uce.gov and lastly, Cc the message to the sender's domain (in this case, abuse@yahoo.com).

I know this is a lot to take in, but hopefully, it will help you defend your own e-mail address from spammers, as well as, help others who are being spoofed. Until next time, stay safe out there, my friends!

Permalink • Print • Comment

February 14, 2008

Creating a Password Reset Disk

We have now covered resetting your password in both Windows XP and Vista, so today, I thought we'd work on tying everything together. And in the process of doing that, we’ll make sure you never need to reset your password again! That's right, we will be creating a password reset disk you can use whenever you forget your password. All you have to do is put the disk into your computer and when you see the Welcome screen, simply choose your new password. Sounds pretty helpful and timesaving, don’t you think? Then let's get to it!

Note: This will only work if you have a floppy drive or a USB flash drive.

1.) First, I’ll show you how to create a password disk for Windows XP.

2.) Click on your Start button and select the Control Panel.

3.) Next, select User Accounts.

4.) Click on your account.

In the window that appears, look to the left sidebar.

5.) Click the "Prevent a forgotten password" option.

6.) Now, the Forgotten Password Wizard will open. Insert your floppy disk or flash best viagra prices drive and click Next.

7.) Next, type in your current Windows XP user account password and select Next.

8.) Your disk will then be created within seconds!

9.) Now, just finish up the wizard and voila! You now have a new password reset disk.

10.) Be sure to label it Password Reset and keep it in a safe place.

Now, in case you ever do forget your password, all you need to do is this:

1.) On the Welcome screen, click on your username and then hit Enter.

2.) A message will then appear, asking you to put in your password reset disk or flash drive.

3.) Next, click the link that says "Use your password reset disk."

4.) The Password Reset Wizard will then open up again. Just follow the instructions for creating a new password.

5.) And you know what the best part is? You don’t even have to create another password reset disk. The same one will work the next time you forget your password (if there ever is a next time!)

The steps are extremely similar for Windows Vista. Here they are:

1.) To access the Forget Password Wizard, go to Start, Control Panel.

2.) Click on User Accounts and then select your account.

3.) On the left pane, choose "Create a password reset disk." Everything else is the same!

This one's a definite must have for all computer users. Enjoy!

Permalink • Print • Comment

February 1, 2008

Cutting Down on IM Spam

As you have probably figured out, living in an electronic age has its downsides, with one of them being swamped by unwanted e-mail in our Inboxes. Those who indulge in such an act are called spammers and they are growing by the minute, making our lives much more difficult. There are several different kinds of spam going around the Internet these days, but one of the most recent is instant messenger (IM) spam. What that means is that even if you prefer to be invisible to everyone in an IM program, spammers can get you anyway. Now, even if you can’t completely eradicate such a menace, there are ways of bringing down their frequency. Here are a few simple steps you can follow to secure yourself from this new type of spam brigade!

Yahoo! Messenger

First of all, you need to set your profile to "Adult" and remove yourself from being listed on Yahoo!'s public directory. This is how you do it:

1.) Log in to your profile by visiting this link.

2.) Once you're there, click Sign In and log in using the same username and password you use for Yahoo! Messenger.

3.) Click View My Profiles and then click Edit, located next to your Yahoo! ID.

4.) Next, click Edit Profile Information on the next page. At the bottom of that page, put a checkmark next to the option of "Designate this profile as an adult profile" and uncheck the option that says "Add this profile to the Yahoo! Member Directory."

5.) Click the Save Changes button when you're finished.

How This Strategy Works

When you set your profile to "Adult," spammers will have to physically log in to Yahoo! before they can harm you, so it acts as a good deterrent for spammers. Similarly, taking your profile off the Yahoo! Member Directory will make your 100 mg viagra profile almost invisible to spammers. And that's exactly what you want to do!

Windows Live/Hotmail/MSN

Based on the same anti-spam principle of Yahoo!, here your job is to change your profile from "Social" to "Just Me." Follow these easy steps to do just that:

1.) Go here and sign in with your Hotmail/MSN/Windows Live e-mail address and password (which is the same as your messenger log in).

2.) Next, click Profiles on the sidebar to your left. Go to the next page and click "Edit your shared profile." Then on the next page, click Social and next to Permissions, click "Anyone on the Internet."

3.) Checkmark the option of "Just Me" and then click the Save button to finish.

All Other Instant Messengers

Pidgin is a cross-platform multi-protocol instant messaging client that allows you to use all of your IM accounts at once. Pidgin is able to connect to every other chat service that exists in cyberspace. Some of them include AIM, Bonjour, Gadu-Gadu, Google Talk, ICQ, IRC, MySpaceIM, Sametime and Zephyr, among many others.

Now, what you can do to protect yourself from being spammed over these instant messaging networks is to download Bot Sentry, which you can do right here. Bot Sentry is a Pidgin plug-in that allows you to ignore instant messages (IMs), unless the sender is in your Buddy List, in your Allow List or the sender correctly answers a question you have pre-defined, such as "How do you spell the number five?" If the answer is wrong, such users cannot contact you ever again. This works with all chat services that are connected to Pidgin.

There you have it. I hope this one helps eliminate some of your IM spam problems. Be safe!

Permalink • Print • Comment

January 29, 2008

Microsoft updates Windows without users’ consent

Scott Dunn

By Scott Dunn

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

  • "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:

  • "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."

    where can i get cialis

Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

Permalink • Print • Comment

January 28, 2008

Resetting Your XP Password

We are all pretty lucky when we forget our password on an online Web service, wouldn't you agree? I mean, if you ever forget your password, almost all Web sites can e-mail it to you or they allow you to reset it by answering a security question. But what if you forget your password for Windows XP? It's happened to the best of us and when it does, you may think there's no way to recover it. Well, I'm happy to tell you there is a way and what is cialis used for that's what I'm going to show you today! You know, just in case it ever happens to you. Here we go!

1.) If you ever forget your password for Windows XP, you need to start your computer in Safe Mode. To do that, reboot your computer and as soon as you see your manufacturer's logo pop up, repeatedly hit the F8 key on your keyboard.

2.) Soon after, you will see this menu:

Make sure the Safe Mode option is highlighted and press Enter.

3.) When the log in screen appears, log in to your Administrator account.

4.) A dialogue box will then appear, notifying you that your computer is running in Safe Mode. Just select Yes for this one.

You may also notice that your resolution is a little distorted.

If so, that's okay. It will go back to normal after you reboot again.

5.) Next, select File, Control Panel. Then double click on the User Accounts icon, which looks like this:

6.) All of the accounts on your computer will be displayed. Go ahead and select the account you would like to remove the password from.

7.) After that, select the link.

8.) Finally, if you'd like to add a new password, you can select the link. But be sure to write this one down in a safe place, so you don't have to go through this again!

I hope you enjoy this one. It can be a real timesaver if you ever forget your Windows XP password!

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and Semiologic • Sky Gold skin by Denis de Bernardy