Sunday, April 29, 2012

Best Buy $1000 Gift Card Text Scam

I was recently contacted by someone regarding a text they got from Best Buy. It said the following: "Your entry last month has WON! Goto" They were asking me if it was a legit offer. Well it wasn't much longer tell I received the text myself later. Here is a picture of it:
The Scam in text form
At first appearance it may look like a legit link. Sadly that is not the case. The first sign of this being bad is that at the tail end of the link you see: Sadly someone has registered and then created a subdomain to add the info in front to make it appear as if it was from bestbuy. You can look at the whois info by following this link:
The above picture is a screenshot of the scam intro. Here you are supposed to put in the winning code. Another bad sign though is that you can actually type in whatever code and it always says that you have a winning code and then takes you to another link. This one is, so another sign to stop, even though it shows the BestBuy images below:
I put in a a fake GMail account and random zip code info. If you proceed past this then you get a pop up and some additional offers. It also forces you to sign up for two different offers. At this point I stopped. At this point it is obviously a scam. These guys should be dealt with since our phones shoud be a sanctuary from scam, but guess it was only a matter of time.

Bottom line this  is a SCAM

Note: It says the call is from: 1 (310) 849-7742. Hopefully someone stops them.

UPDATE 5/4/2012 - I noticed the scam they used in the text they sent me for the scam no longer works, either it got pulled down or the server did. Either way I am sure they have rebounded and using new domains and/or servers. So even though it may not match the URL everything else should still apply. Be Safe

Friday, April 13, 2012

Remote Assistance, VNC, and UAC Prompts

Many of us as tech professionals are quite busy and reducing time doing unnecessary tasks is necessary so we can still complete the ever growing tasks being asked of us. One of the ways to do this is remove travel whenever it is possible. When someone has a problem and you need to resolve it then often we run down to do it ourselves.

Luckily Microsoft has us covered by including remote assistance and for some the preference or need means VNC. Both of these programs allow us to complete tasks remotely without leaving our desk. Many of us also follow LUA, aka Least-Privileged  User Account, meaning most of our users run as limited users. Because of this when you connect to a computer using the two previous methods you would have to use various "Run As" methods to remotely change some settings or install software.

With Windows XP this wasn't a problem, as long as you knew the various ways run as methods to get into various control panels, software installs, and other tasks that you might be called upon to complete.

With the advance of Windows Vista and 7 came UAC and "secure desktop." These things were great but when you wanted to use Remote Assitance or VNC then anytime something deemed that administrative rights were required you would get a blank screen with a Pause symbol on Remote Assistance and with VNC I believe it turned everything a pink color and in both cases you lost control. The user than would be displayed a prompt to put in credentials.(In Group Policy it may not be set to display credentials so your behavior may be slightly different.

This effectively reduced the functionality these tools brought us quite heavily to the point that trips were sometimes made instead. The reason this was happening is that UAC was set to display only on "Secure Desktop." For a good article on this behavior you can read a Microsoft Article here.

Security settings can be changed on the computer to fix this issue. Remember though you are loosening some the settings so read up on the changes and determine if you are fine taking the associated risk. If you are using Group Policy this makes life a lot easier. If not you can change these locally on the computer by going into "Local Security Settings" and deploy this using various methods.

Under Group Policy\Domain then you will take the following path:
Computer Configuration>Policies>Windows Settings>Security Settings> Local Policies>Security Options

Under Local Security Policy:
Local Policies>Security Options

Remote Assistance
If you are using Remote assistance then you will need to change the following settings to Enabled:
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop

This will allow Remote Assistance to disable "secure desktop" for UAC so you can also see the prompts allowing for you to do what is needed. For information on this setting click here.

VNC (Other Viewers such as TeamViewer should fall under this settings)
Now if you installed VNC as a service than the later version may work by just changed the above settings. If they are installed as an application, or if just changing the above setting didn't work then you need to Disable the following setting:
User Account Control: Switch to the secure desktop when prompting for elevation

This will disable "Secure Desktop" for all prompts. I recommend again reading the first link mentioned in this article so you can determine for yourself if you are OK with the potential security risks. For more information about this setting you can also read this article here.

Taking the above step might also require a reboot. After the appropriate setting is changed though you should now be able to use your favorite tool to complete and RunAs remotely.

Monday, April 9, 2012

Java 1719 Uninstall Error

The Problem
So I had a computer I was cleaning up for use by another and was uninstalling unneeded software. There was an older version of Java, Version 6 Update 7, that wouldn't uninstall. It would error out with the following error. I looked around and everyone recommended various fixes by starting up and stopping services, or checking the registry.

The Solution
After looking at a couple than I tried my own fix. I went to filehippo, one of my favorite places for downloading files for multiple reasons, and downloaded the same version 6u7. I ran it and it asked me "This software has already been installed on your computer. Would you like to reinstall it?"

Go ahead and click "Yes." Eventually it will come up with the normal Welcome setup box that we are all used to. Walk through the setup like normal. When it is done hit "Finish."

Now, try uninstalling it again. It should let you uninstall it now.