All posts by grentech

Twitter passwords found in internal logs

Twitter have announced that a bug in their code has caused plain-text passwords to be stored in internal log files.

These log files are only available internally to Twitter, but as a precautionary measure it is recommended to create a new password, and turn on two-factor authentication.  You should use a unique password for every service you use online.

Keeping track of unique passwords can be easier using a password manager.

Two-factor authentication (2FA) for Twitter can be enabled by following the steps found their website.  2FA will prevent an attacker using your password to log into your account. The attacker would also require a random code generated with an authenticator app or sent from the service via SMS to successfully log in. I highly recommend turning on 2FA for all accounts that support it.

You can read more about the Twitter bug on their website.

 

 

Removing Administrator Privileges

One of the first lines of defense and easiest ways to improve the security of your computer is to remove administrator privileges from your user account and create a separate Administrator account.

These accounts should also be password protected with a strong password, and each account should have its own unique password.

When you click a malicious link, or open a malicious document, the payload will run as the current user. If this user is an administrator, the payload will run as an administrator, and can potentially do more damage than if the user is a ‘standard’ user.

A standard user doesn’t have access to files in the Windows System, or access to the Systems Registry. This is where many malicious payloads will try to install on the machine.

Taking away administrator rights wont stop all malware on a machine, but it will dramatically decrease the malware that could affect the user.

The default user for a Windows installation is an administrator, so currently, you are probably running as an administrator. First of all we will create a new Standard user account. Secondly we will set it as administrator. Lucky last, we will set out current user to standard. Follow the steps below.

Create a new Standard User account

Press Windows Key + R

Type in Control and press enter

Click User Accounts

Click Add or remove user accounts

Click Add a user account

Click ‘Sign in without a Microsoft Account

Click Local Account

Type in a username i.e. homeadmin

Type in a password

Type in a password hint

Click Next

A standard user account has now been created

Set new account as Administrator

Press Windows Key + R

Type in Control and press enter

Click ‘Change account type’

Click on the account your created.

Click Change the account type

Select Administrator and Click Change Account Type

The account is now an Administrator

Set current account to standard user

Press Windows Key + R

Type in Control and press enter

Click ‘Change account type’

Click on your account

Click on Change the Account Type

Click on Standard and Click Change Account Type

The account is now a standard user

What will be different

You shouldn’t notice any differences in how your computer runs, except you will be prompted for your administrator password whenever you change windows settings, install software, or modify system files. Normal use will not be affected.

Tech Support Scams Targeting Grenfell Residents

Over the past few weeks I have had an increase of reports of Grenfell Residents falling for Tech Support scams.

The tech support scam is initiated via the telephone. The caller will often pose as a representative from a company such as Telstra or Microsoft and will claim that you have been “hacked” or you have many “errors” on your machine. They will then require immediate action or threaten that your internet will be cut off.

The reverse also happens. Sometime the scam is initialized by the end user calling the scammer. This happens when the end user does a Google search for a phone number, such as Telstra’s, Microsoft’s, or that of their antivirus company, and proceeds to ring the number shown on the first Google results. This is often a scammer, or unrelated company, trying to drum up more business.

This social engineering technique is effective in causing the victim to lower their guard and allow the scammer to remotely access the machine via remote access software. The software they use is legitimate software and it often used by tech support from legitimate companies.

The scammer will offer to “fix” the issues with the machine, in exchange for a fee. This fee does vary between scammers, with a happy medium being agreed on between the scammer and the victim.

If you receive an unsolicited call, offer to call them back. Ask for a name and phone number, but DON’T call them back on that number without confirming the number is correct. If the caller claims to be Telstra, visit the Telstra website and call the number from that site.

I have covered Tech Support Scam more in depth in the past.  Be sure to check out our other articles to help keep yourself safe from scammers.