jump to navigation

Hit by the ‘Tech Support’ Scammers July 29, 2016

Posted by Duncan in Security, Troubleshooting, TW, Windows.
comments closed

I got a call earlier today from the Tech Support Scammers. You’ve probably heard of this horribly unethical practice already, but the premise is that they cold-call seemingly randomly and try to convince you that there is a problem with your PC/router, and then attempt to get you to allow them remote access to your PC to ‘fix it’. Some then claim problems are due to expired warranties on the computer and demand payment, others setup a boot password and demand money for unlocking it. Either way, it’s a nasty thing to do and is taking advantage of people while pretending to help.

So, I thought I’d play along and see what they’d do.

The call appeared to come from a UK number, however it clearly originated from an offshore data centre. They introduced themselves as calling from my ISP and said that they’d detected a problem and needed to fix it on my PC. They could show me some symptoms to reassure me that they were legitimate. I asked them “who is my ISP?” as I wasn’t sure whether they’d know, however they were able to accurately answer.

The nice lady then got me to open Event Viewer and tell me how many errors and warnings were listed.

Event Viewer

I’d wager that most computers have a heap of entries here, but when I said that there was over 8,000 she did some great play-acting that 8-10 is a typical number, feigning shock and how this proves the appalling state of my laptop.

Next, she asked me to open a command-prompt and run the ASSOC command. This lists all the file associations on my laptop, and she read out a string and asked me to verify that it matched the CLSID below.

assoc

This, of course, proves nothing as it would be the same on all versions of Windows. However, she said that CLSID stands for “Computer Licence Security ID” and that by knowing this code it proved her authenticity.

At this point she asked me to visit http://www.support.me, which forwards to LogMeIn – a remote control system – and said she was going to pass me over to a technical colleague called ‘David’.

When David came on the line I said I’d used the lengthy delay to google what had happened and found out what they were doing. He then swore at me and hung up.

I feel sorry for the poor people that fall victim to these horrible practices and wish there was some way of stopping them preying on the innocent.

Advertisements

Hide the ‘Windows 7 is not supported’ message January 27, 2010

Posted by Duncan in PeopleTools 8.50, PIA, Windows.
comments closed

If you’ve been using the latest version of PeopleTools with any version of Windows 7 (which is becoming more prevalent) then you’ll have seen this error message many times:

Now I’m all for being warned if I’m doing something unsupported and I know Windows 7 isn’t supported yet, but probably will be in the near future.  I’m not going to swap my client OS just to keep the PIA happy, but I don’t want to be warned every single time.  Also, it’s not a very well formatted error message as it throws out the alignment of the logon screen and it just looks a little messy.

I wasn’t going to do anything about my niggly annoyance until someone else wondered how to remove it then it piqued my curiosity.

As far as I could see there are two ways to fix this, find a way of adding Windows 7 to the supported OSes, or hide the warning message.

I tried many variations of OS codes in the browser.xml file as that appears to be where the supported OSes are read from (the sharper eyed among you may have noticed that I’ve added Windows 7 to the list in the above screenshot).  This had no effect however, so I admitted defeat in trying to fix the cause and resigned myself to just trying to hide the symptom.

The HTML behind the signon page is ‘signin.html’ within ‘<PIA_HOME>\webserv\<domain>\applications\<site>\PORTAL.war\WEB-INF\psftdocs\<node>’.  We can’t just comment out the error sections as we only want to hide this specific error message, other errors like ‘invalid password’ we still want to see.

The first step is to hide the browser error message.  Search for ‘id=”browsercheck_error”‘ and you’ll see this section.  Comment out as shown.

<div style="text-align:center">
<h1 id="error_img" style="display:none"><a id ="error_link" href="javascript:setFocus();" tabindex="1"><img src="<%=psCtxPath%><%=psHome%>/images/PT_LOGIN_ERROR.gif" alt="<%=130%>" border="0"/></a></h1>
<h2 id="login_error"> <%=error%> </h2>
<h2 id="discovery_error"> <%=ps.discovery.error%> </h2>
<!--<h2 id="browsercheck_error" style="text-align:left"> <%=browserCheck%> </h2>-->
</div>

This prevents the text from showing, however we also want to prevent the warning image being displayed for this warning also.

Search for ‘setErrorImg’ and you’ll see this function.  Comment as shown and add the line below.

function setErrorImg()
{
var login_error = document.getElementById('login_error').innerHTML;
var discovery_error = document.getElementById('discovery_error').innerHTML;
/*var browsercheck_error = document.getElementById('browsercheck_error').innerHTML;*/
var browsercheck_error = "";

login_error = login_error.replace(/^\s+/,"");       // delete leading spaces
discovery_error = discovery_error.replace(/^\s+/,"");
browsercheck_error = browsercheck_error.replace(/^\s+/,"");
if (login_error.length != 0 || discovery_error.length != 0 || browsercheck_error.length != 0)
{
document.getElementById('error_img').style.display = 'block';
document.getElementById('error_link').focus();
}
else
setFocus();
}

Bounce your PIA and now the message won’t be displayed when you use Windows 7, however other error messages will still appear as desired.

Note: Updated 27th Jan after Jim Marion’s suggestion below on my incorrect commenting syntax.

Service Start Up – Automatic (Delayed) July 15, 2009

Posted by Duncan in Administration, Infrastructure, Windows.
comments closed

I’ve been spending a little time putting together a VM using Windows Server 2008 and was pleasantly surprised to see that there is a new start-up type when configuring the PIA, App Server and Process Scheduler to start as services.

As well as Automatic, Manual and Disabled, there is now an Automatic (Delayed) option.

David Kurtz has spoken about using service dependencies, but I just want my App Server and Process Scheduler to start after the intial flurry of start-up activity has finished and everything else has calmed down.

Services that have a delayed start still start automatically, they just wait until all the services that aren’t delayed to finish before firing up.

It works a treat!