IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: Productivity

Email Spoofing: Explained (and How to Protect Yourself)

Jason P. Stadtlander Headshot, Huffington Post

Recently a co-worker asked me “Why do people even bother to spoof my email address?”

First, for those of you joining me that have no idea what the term spoofing means – let us examine that.

Spoofing is defined as:

/spo͞of/
verb
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).

Origin: late 19th century English comedian Arthur Roberts.

In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.

How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”

How are they spoofing me?

Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).

Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.

Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.

EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (billgates@microsoft.com):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 123.123.123.123 stating that it was sent from billgates@microsoft.com.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 111.111.111.111.” and the message would never get delivered.

Why is my email address being spoofed?

Two basic reasons people (and machines) spoof:

1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.

2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.

Continue reading Email Spoofing: Explained on Huffington Post The Blog

Email Spoofing: Explained (and How to Protect Yourself) | Jason P. Stadtlander

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Is it time to upgrade?

rp_windows_81_update1_power_button-100228393-large.png

Is it time to upgrade? This is probably the most frequent question I get from my clients. And for good reason. It’s not always easy to tell if upgrading makes sense. Not even for IT Pros.

The reason is simple: It’s complicated. There are a lot of factors which have to be considered when deciding to upgrade, and there are many questions you should ask yourself when planning for your future IT needs.

The first thing to consider when evaluating an upgrade is Cost. But even cost is more complex than you might think.

How much does it cost now? What is the cost of support/maintenance over the life of the product? How long should I expect it to last?
What about the costs of lost productivity if I DON’T upgrade?

What about less tangible costs related issues:

  • incompatibility between versions
  • poor performance of older versions
  • security issues due to reduced/absent vendor support
  • increased support/maintenance costs – older stuff takes more time to keep running

Besides costs, there are also risks. The risk of failure increases with the age of any product. Older stuff breaks. Bottom line.

Besides risk of failure, there are also security risks, especially when we’re talking about software. Older software & hardware drivers are updated less frequently than current versions. Really old software that is out of support may not be updated at all, which can be a problem due to both security and reliability concerns. Some older software may not work properly on newer operating systems, and can pose a risk of data loss due to crashes. Suffice to say you are taking a big risk by using unsupported products on your network. Bottom Line: If you can afford not to, don’t.

Sometimes the question of upgrading is simpler because you might HAVE to upgrade. Forced upgrades are commonplace, and although you may not actually be “Forced”, once you’ve built your company procedures around a piece of technology, you cant always just switch and stop using it.

After technology has been deployed across your business, change can become expensive. Vendors know this, and they’ve learned that most companies will choose to upgrade rather than change software that everyone in the company uses. But even though the costs to deploy a new solution and provide training are more expensive than the upgrade, if your business depends on numerous programs, the cost of upgrades can quickly become a multi-headed monster…one that feeds itself.

The typical scenario goes something like this:

You have to upgrade to the current version of Quickbooks because their payroll feature is no longer supported on the older versions. The new version of Quickbooks won’t run on Windows XP, so now you have to upgrade all of your Quickbooks workstations to Windows 7. Your time keeping program won’t run on Windows 7, so you now have to upgrade that program too, but of course the new version won’t run on Windows XP, so you the rest of the PCs on your network now need to be updated to Windows 7.

Next, you find out that your older version of Office 2003 is crashing due to incompatibilities with some of the newer software as well, so now you also need to update to Office 2013. File format changes between Office versions mean the Office 2013 upgrade needs to be deployed companywide to keep everyone on the same version.

images

So you bite the bullet and start upgrading to Windows 7 and Office 2013, in addition to Quickbooks. You buy some new PCs, and upgrade some others hoping to get a few more years out of them. Several $1000s into the upgrade process, someone points out that the older workstations, to which you already upgraded with more RAM and larger drives to allow the OS upgrade, are now being brought to their knees by the resource hungry newer versions of software.

Oh yeah, and two of your printers (you know, the ones you’ve had for years, that print perfectly and that you have 2+ year’s worth of toner for) are no longer supported under Windows 7.

So before you know it you’ve replaced all of the PCs on your network, upgraded all of the major software packages, and replaced a couple of printers that didn’t need replacing. Worse yet, you’ve also just set yourself up to repeat the process about 5-7 years from now.

By the time all is said and done, the whole Upgrade question can get pretty confusing. Figuring out what to upgrade can be a daunting task, and without proper planning the expense and risks only increase.

rp_help_350.jpg

So what do you do? Here are some guidelines.

  • Keep all software up to date with regular security patches and updates.
    • Most major vendors offer frequent software and firmware updates.
    • Out of date software escalates risks.
    • Windows Updates and Service packs ensure security and productivity
    • Productivity apps that are used frequently business-wide, represent the greatest risk of failure or security breach, and must be kept current .
  • When version upgrades are required, plan to upgrade ALL PCs at once
    • When all systems are on the same versions, ensured compatibility means better productivity
    • Support costs are reduced when software platforms are uniform across your business
  • Don’t run unsupported software.
    • If the vendor is no longer updating the older version, upgrade to the new version.
    • If the vendor is no longer offering upgrades, consider an alternative product/vendor.
  • Avoid upgrading Operating systems by instead replacing PCs.
    • OS Upgrades are costly.
      • Purchase price of software license
      • Cost of support to backup system, install upgrade and resolve issues
      • Cost of hardware upgrades to meet OS requirements and ensure performance
        • RAM/Hard drive Upgrades
        • Peripheral upgrades
      • Reduced productivity: diminished performance resultant to pairing last generation hardware with upgraded OS
    • Unless you have 25+ PCs, purchasing PCs with OS license is cost effective comparable to Enterprise Licensing
      • Preinstalled OS saves setup time
      • OEM licenses are much cheaper than a retail license for Windows
  • PLAN. PLAN. PLAN.
    • Budgets are your friends.
      • When purchasing a new PC, consider the anticipated useful life
      • Develop a schedule to replace ALL PCs regularly that meets your budget
    • Choose wisely.
      • Choose Vendors for Warranty and Support as well as features and price
      • Avoid Custom software and hardware solutions if possible
        • Custom software can be a nightmare to maintain, and vendor support may vary.
        • Custom vendor support contracts can be expensive, and the hardware/software may become unusable without support. Third party support may be difficult/impossible to find.
        • What happens if your developer/system builder goes out of business?
    • Develop a long term plan for the ongoing replacement of all IT equipment
      • Waiting until everything is really old can be a disaster.
      • Generally, a 4-7 year rotation schedule is appropriate for most IT equipment
      • Version consistency for Operating Systems /Software = reduced support costs and increased productivity

So what now?

As you may have heard, support for Windows XP officially ended earlier this year. So, should you update those Windows XP computers now? Or replace them?

Well, I know your old Windows XP pcs have already been replaced/upgraded, right? I’m sure you are NOT wondering how big a risk it might be to put off the upgrade awhile. I mean, if Microsoft says you need to buy 20 new PCs this year, you’re just gonna do it, right? You don’t want to piss of the MotherShip in Redmond now, do you?

Well, let’s say you DON’T have an unlimited IT budget…You probably have some tough choices to make.

          

To help put the question in perspective, ask yourself these questions if you are debating about the XP upgrade:

  • Do you run any HIPPA compliant software or keep sensitive data on your networks? – YES, UPGRADE
  • Do you process credit cards, work with financial data, or pay bills online? – YES, UPGRADE
  • Do you make purchases or use Internet Banking? – YES, UPGRADE
  • Is Internet Explorer 9 or greater required for any websites you use frequently? – YES, UPGRADE
  • Is your system slow and it seems like you are always waiting for it to catch up? – YES, UPGRADE
  • Do you use Internet Explorer to surf the Internet? – Switch to Chrome or Firefox or UPGRADE
  • Is any of your CURRENT software UNSUPPORTED on Windows 7? – YES, EVALUATE. Additional software upgrades may be required.
  • Are all of your printers and peripherals compatible with the new software? – YES, UPGRADE; NO, Evaluate extra costs.
  • Will the upgrade cause any other problems? -YES, Evaluate. Obviously, every situation is different.

Still don’t know what to do? Let us evaluate your situation and help you figure it out.  That’s what we do best.

Proactive Computing – Intelligent IT Solutions and Support.

Keyboard shortcuts for Windows

Windows_Logo_Glass_3D_Icon_by_audio90

Ever wish you could remember all of those Windows shortcuts?

Well, here they are all in one place.

Some of these actually date back to well before Windows, the days DOS, of text of green on jet black screens. Sorry. I guess I was waxing a wee bit nostalgic for the bad old days of computing.  Anyway, here’s the source link to the Microsoft support article, and all the Windows shortcuts are right here:

Windows system key combinations

  • F1: Help
  • CTRL+ESC: Open Start menu
  • ALT+TAB: Switch between open programs
  • ALT+F4: Quit program
  • SHIFT+DELETE: Delete item permanently
  • Windows Logo+L: Lock the computer (without using CTRL+ALT+DELETE)

Windows program key combinations

  • CTRL+C: Copy
  • CTRL+X: Cut
  • CTRL+V: Paste
  • CTRL+Z: Undo
  • CTRL+B: Bold
  • CTRL+U: Underline
  • CTRL+I: Italic

Mouse click/keyboard modifier combinations for shell objects

  • SHIFT+right click: Displays a shortcut menu containing alternative commands
  • SHIFT+double click: Runs the alternate default command (the second item on the menu)
  • ALT+double click: Displays properties
  • SHIFT+DELETE: Deletes an item immediately without placing it in the Recycle Bin

General keyboard-only commands

  • F1: Starts Windows Help
  • F10: Activates menu bar options
  • SHIFT+F10 Opens a shortcut menu for the selected item (this is the same as right-clicking an object
  • CTRL+ESC: Opens the Start menu (use the ARROW keys to select an item)
  • CTRL+ESC or ESC: Selects the Start button (press TAB to select the taskbar, or press SHIFT+F10 for a context menu)
  • CTRL+SHIFT+ESC: Opens Windows Task Manager
  • ALT+DOWN ARROW: Opens a drop-down list box
  • ALT+TAB: Switch to another running program (hold down the ALT key and then press the TAB key to view the task-switching window)
  • SHIFT: Press and hold down the SHIFT key while you insert a CD-ROM to bypass the automatic-run feature
  • ALT+SPACE: Displays the main window’s System menu (from the System menu, you can restore, move, resize, minimize, maximize, or close the window)
  • ALT+- (ALT+hyphen): Displays the Multiple Document Interface (MDI) child window’s System menu (from the MDI child window’s System menu, you can restore, move, resize, minimize, maximize, or close the child window)
  • CTRL+TAB: Switch to the next child window of a Multiple Document Interface (MDI) program
  • ALT+underlined letter in menu: Opens the menu
  • ALT+F4: Closes the current window
  • CTRL+F4: Closes the current Multiple Document Interface (MDI) window
  • ALT+F6: Switch between multiple windows in the same program (for example, when the Notepad Find dialog box is displayed, ALT+F6 switches between the Find dialog box and the main Notepad window)

Shell objects and general folder/Windows Explorer shortcuts

For a selected object:

  • F2: Rename object
  • F3: Find all files
  • CTRL+X: Cut
  • CTRL+C: Copy
  • CTRL+V: Paste
  • SHIFT+DELETE: Delete selection immediately, without moving the item to the Recycle Bin
  • ALT+ENTER: Open the properties for the selected object

To copy a file

Press and hold down the CTRL key while you drag the file to another folder.

To create a shortcut

Press and hold down CTRL+SHIFT while you drag a file to the desktop or a folder.

General folder/shortcut control

  • F4: Selects the Go To A Different Folder box and moves down the entries in the box (if the toolbar is active in Windows Explorer)
  • F5: Refreshes the current window.
  • F6: Moves among panes in Windows Explorer
  • CTRL+G: Opens the Go To Folder tool (in Windows 95 Windows Explorer only)
  • CTRL+Z: Undo the last command
  • CTRL+A: Select all the items in the current window
  • BACKSPACE: Switch to the parent folder
  • SHIFT+click+Close button: For folders, close the current folder plus all parent folders

Windows Explorer tree control

  • Numeric Keypad *: Expands everything under the current selection
  • Numeric Keypad +: Expands the current selection
  • Numeric Keypad -: Collapses the current selection.
  • RIGHT ARROW: Expands the current selection if it is not expanded, otherwise goes to the first child
  • LEFT ARROW: Collapses the current selection if it is expanded, otherwise goes to the parent

Properties control

  • CTRL+TAB/CTRL+SHIFT+TAB: Move through the property tabs

Accessibility shortcuts

  • Press SHIFT five times: Toggles StickyKeys on and off
  • Press down and hold the right SHIFT key for eight seconds: Toggles FilterKeys on and off
  • Press down and hold the NUM LOCK key for five seconds: Toggles ToggleKeys on and off
  • Left ALT+left SHIFT+NUM LOCK: Toggles MouseKeys on and off
  • Left ALT+left SHIFT+PRINT SCREEN: Toggles high contrast on and off

Dialog box keyboard commands

  • TAB: Move to the next control in the dialog box
  • SHIFT+TAB: Move to the previous control in the dialog box
  • SPACEBAR: If the current control is a button, this clicks the button. If the current control is a check box, this toggles the check box. If the current control is an option, this selects the option.
  • ENTER: Equivalent to clicking the selected button (the button with the outline)
  • ESC: Equivalent to clicking the Cancel button
  • ALT+underlined letter in dialog box item: Move to the corresponding item

via Keyboard shortcuts for Windows.