jump to navigation

Hit by the ‘Tech Support’ Scammers July 29, 2016

Posted by Duncan in Security, Troubleshooting, TW, Windows.
comments closed

I got a call earlier today from the Tech Support Scammers. You’ve probably heard of this horribly unethical practice already, but the premise is that they cold-call seemingly randomly and try to convince you that there is a problem with your PC/router, and then attempt to get you to allow them remote access to your PC to ‘fix it’. Some then claim problems are due to expired warranties on the computer and demand payment, others setup a boot password and demand money for unlocking it. Either way, it’s a nasty thing to do and is taking advantage of people while pretending to help.

So, I thought I’d play along and see what they’d do.

The call appeared to come from a UK number, however it clearly originated from an offshore data centre. They introduced themselves as calling from my ISP and said that they’d detected a problem and needed to fix it on my PC. They could show me some symptoms to reassure me that they were legitimate. I asked them “who is my ISP?” as I wasn’t sure whether they’d know, however they were able to accurately answer.

The nice lady then got me to open Event Viewer and tell me how many errors and warnings were listed.

Event Viewer

I’d wager that most computers have a heap of entries here, but when I said that there was over 8,000 she did some great play-acting that 8-10 is a typical number, feigning shock and how this proves the appalling state of my laptop.

Next, she asked me to open a command-prompt and run the ASSOC command. This lists all the file associations on my laptop, and she read out a string and asked me to verify that it matched the CLSID below.

assoc

This, of course, proves nothing as it would be the same on all versions of Windows. However, she said that CLSID stands for “Computer Licence Security ID” and that by knowing this code it proved her authenticity.

At this point she asked me to visit http://www.support.me, which forwards to LogMeIn – a remote control system – and said she was going to pass me over to a technical colleague called ‘David’.

When David came on the line I said I’d used the lengthy delay to google what had happened and found out what they were doing. He then swore at me and hung up.

I feel sorry for the poor people that fall victim to these horrible practices and wish there was some way of stopping them preying on the innocent.

Advertisements

PeopleSoft and Shellshock September 29, 2014

Posted by Duncan in Security, TW.
comments closed

As many will have no doubt heard, there’s a new vulnerability that has been spotted, and there are already exploits for it in the wild.

The vulnerable systems are those running Bash – so Windows machines are safe, it’s just Unix/Linux and MacOSX.

Security Researcher Kasper Lindegaard from Secunia rates this as a bigger issue than the Heartbleed exploit discovered in April this year. “Heartbleed only enabled hackers to extract information, Bash enables hackers to execute commands to take over your servers and systems.”

The US government has rated this 10 out of 10 from severity point of view.

Oracle have been quick to react to this threat, and have issued a security alert here. It includes this chilling text:

This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to execute arbitrary code on systems that are running affected versions of Bash.

Deleting old User Profiles January 10, 2012

Posted by Duncan in Administration, PeopleSoft, Security.
comments closed

Vanilla databases often contain 150-200 ‘example’ user profiles. While these can be useful to clone as a starting point early in an implementation, they’re frequently left dormant as the project continues – and sometimes still exist in Production post go-live.

It’s a straightforward task to lock the accounts, but once you have your security setup in place and your own template user profiles to clone then these ‘example’ accounts no longer serve any purpose. Here’s an easy way to delete them. (more…)

Creating an entirely read-only user in PeopleSoft August 28, 2008

Posted by Duncan in Oracle, PeopleSoft, PeopleTools, Security, SQL.
comments closed

On big projects it is quite likely that large numbers of developers have access to a many environments. Occasionally they can have access to environment which is quite important, for instance one that the customer is using for training or testing.

To reduce the likelihood of developers accidentally deleting some data that they shouldn’t it would be quite normal to remove their access to the environment altogether. However if they need access for troubleshooting purposes then (at least on projects I’ve seen) it’s quite normal for developers to be told “OK, you can have access, but be careful not to do anything destructive”. Occasionally – as with everything – things can go wrong. Either someone forgets which environment they’re in, or does something with unintended consequences. An alternative to the “just be careful” approach would be to create an entirely read-only user profile (i.e. one that has display only privileges to every component system-wide).

A read-only user profile is shown in screenshot below, where no fields are editable and the save button is inactivated:

Also, on Run Control pages the ‘Run’ button is inactive. It’s going to be pretty difficult to alter data in this environment.

Here’s how to do it quickly and easily …

(more…)