If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Help for Neighbor?
I just saw this on a Windows mailing list:
A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. |
Ads |
#2
|
|||
|
|||
Help for Neighbor?
On Wed, 31 Jul 2013 16:56:46 -0400, Juan Wei
wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I would do a clean reinstallation of Windows. And then, *after* doing that, I would change all my passwords. Changing them before the reinstallation does no good, since they might have already gotten the new ones by using one of their "undetectable devices." -- Ken Blake |
#3
|
|||
|
|||
Help for Neighbor?
Ken Blake has written on 7/31/2013 6:32 PM:
On Wed, 31 Jul 2013 16:56:46 -0400, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I would do a clean reinstallation of Windows. And then, *after* doing that, I would change all my passwords. Changing them before the reinstallation does no good, since they might have already gotten the new ones by using one of their "undetectable devices." Define "clean reinstallation". Does it involve reformating the HD first? |
#4
|
|||
|
|||
Help for Neighbor?
On Wed, 31 Jul 2013 18:50:58 -0400, Juan Wei
wrote: Ken Blake has written on 7/31/2013 6:32 PM: On Wed, 31 Jul 2013 16:56:46 -0400, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I would do a clean reinstallation of Windows. And then, *after* doing that, I would change all my passwords. Changing them before the reinstallation does no good, since they might have already gotten the new ones by using one of their "undetectable devices." Define "clean reinstallation". Does it involve reformating the HD first? No definition is required.And no reformatting first is required. Simply boot from the installation DVD and follow the prompts for a clean installation. It will begin by formatting the drive for you. -- Ken Blake |
#5
|
|||
|
|||
Help for Neighbor?
On Wed, 31 Jul 2013 16:56:46 -0400, Juan Wei wrote:
I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? What I would do - would be to install Debian. YMMV I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. |
#6
|
|||
|
|||
Help for Neighbor?
Ken Blake has written on 7/31/2013 8:19 PM:
On Wed, 31 Jul 2013 18:50:58 -0400, Juan Wei wrote: Ken Blake has written on 7/31/2013 6:32 PM: On Wed, 31 Jul 2013 16:56:46 -0400, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I would do a clean reinstallation of Windows. And then, *after* doing that, I would change all my passwords. Changing them before the reinstallation does no good, since they might have already gotten the new ones by using one of their "undetectable devices." Define "clean reinstallation". Does it involve reformating the HD first? No definition is required. And no reformatting first is required. Simply boot from the installation DVD and follow the prompts for a clean installation. It will begin by formatting the drive for you. Oh, so it is a "nuke and pave". :-) Is this equivalent to the Windows 8 RESET? |
#7
|
|||
|
|||
Help for Neighbor?
ray carter has written on 7/31/2013 8:21 PM:
What I would do - would be to install Debian. YMMV Why Debian over the others, say Ubuntu? |
#8
|
|||
|
|||
Help for Neighbor?
On 31/07/2013 21:56, Juan Wei wrote:
I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Factory reset will do the trick but you also need to flash your bios just in case something is planted in bios. She has changed the passwords and it is a good start because what they normally do is to image the HD and take it away to analyze it further in their own time. I recently helped a friend/work colleague to analyze her husband's laptop because he was not disclosing his assets in a divorce case and we managed to get all his bank accounts and stock details and he cried foul! The court ruled in wife's favor and said it doesn't matter how the info is obtained as long as the info was disclosed in court and the husband was given sufficient time to dispute anything in the documents presented in court. Thankfully we had 72 hours to do the work and get to his secret email accounts and all that. My forensic financial knowledge came into play here. -- Good Guy Website: http://mytaxsite.co.uk Website: http://html-css.co.uk Email: http://mytaxsite.co.uk/contact-us |
#9
|
|||
|
|||
Help for Neighbor?
Juan Wei wrote:
I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Did she make the backup DVDs when the laptop was new ? She would have been prompted, to burn four or five DVDs a day or two after getting the laptop. You would use those DVDs, to "nuke and pave" the computer. By using the DVDs, you would be erasing the backup partition (which the web yokels could have polluted). Don't do anything impulsive, until you know for sure you have enough software to do a reinstall. If you use the HP DVDs, they'll use the OEM (internal) license key. If you're forced to use a "real" installer DVD to prep the laptop, then you'll need the key off the COA stick, which is *different*. If the backup DVDs are present and in good shape, then you could use them to restore the laptop to factory. ******* You can use DBAN, which will erase the hard drive (only if you know the five DVDs are good!!!). http://www.dban.org/ But there are other ways. The reason sites like DBAN don't offer a guarantee that everything on the disk is erased, is because in rare instances, someone could set up a Host Protected Area, and DBAN might not handle that. Some computers, won't allow HPAs to be set while booted, so you have some protection against this. But there are machines, like perhaps one of my older computers, where I could set an HPA from Linux. An even better alternative, is Secure Erase, by the guy who pushed through the feature in the standards forum. I've tested this, just once. It sets a password (to prevent others from setting a password). If you set a password, take a marker pen, and mark on the body of the drive, what the password is, and what the password is set for (password type). So if someone has a problem later (is trying to run Secure Erase themselves), they won't have a problem. On a laptop, you can remove the bottom plastic cover, pull the hard drive sled (SATA) just long enough to write the password details on the body of the drive. http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml You should read the "README" on that site - it's important to review the documentation before using that one. Secure Erase uses an ATA command, and works on recent IDE drives. The command doesn't exist on SCSI drives (yet). One of the nice things about a certain flavor of that command, is it even erases spared out sectors, as well as active sectors. It's the closest thing to complete erasure (some thought went into covering as much storage space as possible). I doubt the web yokels set an HPA, but I thought I'd mention it for completeness. http://en.wikipedia.org/wiki/Host_Protected_Area ******* What they could install, is a "key logger". For recording typed in passwords. ******* It's also possible for a remote hacker, to re-program the firmware on a computer. So erasing the hard drive, is really only the "easy" fix. There have been cases, where the symptoms were hard to understand (someone keeps breaking into a computer remotely and the attack method is unknown), and in those cases, you'd have to assume some firmware somewhere (router firmware, modem firmware, laptop BIOS, storage card BIOS, vesa BIOS on video card) has been hacked and is allowing access to be gained, even with a "super-clean" hard drive. There are many storage options for hackers, if they're determined enough, and, if they know enough about the hardware details to do it. Normally, malware delivered from some web site, doesn't do that sort of thing, because they can't really be prepared for ten thousand different motherboards. But if someone is logged in remotely, they have a bit more time to do stuff. One wonders why they were connected for a couple hours. They must have been really bored. Or maybe that's part of the shtick (dance routine), to make you think they've been "really helpful" :-( Paul |
#10
|
|||
|
|||
Help for Neighbor?
Juan Wei wrote:
ray carter has written on 7/31/2013 8:21 PM: What I would do - would be to install Debian. YMMV Why Debian over the others, say Ubuntu? Because Debian might have an interface you can use. Ubuntu has something that looks like Metro interface. I feel a little nausea, when I see these icons on the left. I hate them (my USB key has a version of Ubuntu, from before the Unity crap showed up). And the appearance of the screen, is a function of resolution. If you run this crap at 800x600, you might never figure out what is going on (because some graphics elements might not appear on the screen as a hint). I only discovered certain features, when running this on my backup machine with the 1440x900 LCD screen. http://upload.wikimedia.org/wikipedi...04_Desktop.png An alternative might be Linux Mint. It has a few different GUI options. http://en.wikipedia.org/wiki/Linux_Mint I tested a beta of the 13.04 depicted in the picture link, and it was slow. I think 13.04 relies on video card acceleration for some of the smooth animations they use. So if there is a problem there, the GUI will be a bit slow. (Like, the computer you use, has a really old video card. It might not be accelerated, for those stupid icons.) Paul |
#11
|
|||
|
|||
Help for Neighbor?
What would you do if you were faced with this computer? Win 8 reset?
Nuke and pave? Something else? My suggestion is to use a "Nuke and Pave" approach. To ease her and her son's mind, it would be better to include suggestions from others such as to flash BIOS, reformat HDD, change passwords afterward, and do everything completely offline. It may cost you a little bit more of time, but if it can ease their mind, I think it's worthwhile. On 8/1/2013 04:56, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. |
#12
|
|||
|
|||
Help for Neighbor?
Good Guy has written on 7/31/2013 10:04 PM:
On 31/07/2013 21:56, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Factory reset will do the trick but you also need to flash your bios just in case something is planted in bios. How do you flash the BIOS on a relatively new machine? |
#13
|
|||
|
|||
Help for Neighbor?
"Juan Wei" wrote in message
I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Why does she think that employees of what appears to be a legitimate company which she hired did anything to compromise her computer or the data on it? -- dadiOH ____________________________ Winters getting colder? Tired of the rat race? Taxes out of hand? Maybe just ready for a change? Check it out... http://www.floridaloghouse.net |
#14
|
|||
|
|||
Help for Neighbor?
Juan Wei wrote:
Good Guy has written on 7/31/2013 10:04 PM: On 31/07/2013 21:56, Juan Wei wrote: I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Factory reset will do the trick but you also need to flash your bios just in case something is planted in bios. How do you flash the BIOS on a relatively new machine? Reading this article, it's possible a newer laptop, may have the benefit of only allowing signed BIOS updates. (It's the details of the signing I was impressed with here, not the fact that some idiot left some keys on a server.) http://www.tomshardware.com/news/Lea...IOS,21897.html So if the machine has a UEFI (new generation) BIOS, it might be slightly better protected. ******* With regard to your question, the way to solve the problem (no BIOS file available), is to make an archival copy of the current BIOS, send it to the company tech support, and have them check it. Note that, when a BIOS is flashed, only certain portions of it are unchanging. The boot block and the main code block, should have the same checksum today, as next week. Other areas of the flash chip, the BIOS updates them with hardware details. So you cannot just checksum the whole chip, to conclude the code is not changed. You have to identify the areas where the unchanging code is stored, and checksum those as a means to detect adulteration. (This means, it would not be sufficient for the tech support to just make a copy of one of their chips. Someone has to be smart enough, to only compare bytes of code, in the areas of the chip that should not change. It is likely, that the areas of the chip are divided on power_of_two type boundaries [flash segments], so the offsets involves aren't purely arbitrary. For example, the boot block might be 8192 bytes long. Or 32768 bytes. Something like that.) Main code block --- large area, checksum should not change DMI ---- changes, after you flash it, checking this is not important ESCD ---- changes, after you flash it, checking this is not important Boot block ---- small area, checksum should not change So if you sent a copy of the current BIOS to the company tech support, in theory they could determine whether it had been changed. Or, if the BIOS is UEFI, they would know whether it's possible for someone to flash in an unsigned BIOS or not. I don't know if the UEFI protections involved hardware at all or not (like, TPM). Paul |
#15
|
|||
|
|||
Help for Neighbor?
Juan Wei pretended :
I just saw this on a Windows mailing list: A neighbor had a serious senior moment yesterday and let Global Techs PC Support have remote access to her Win 8 HP laptop for a couple of hours. She realized the error of her ways, contacted her credit card companies, banks, etc.; changed all her passwords; called one of the major credit reporting agencies; and so on. Her son, who is a rocket scientist, told her that they could have planted any number of undetectable "devices" on her machine and that, even if she does a Win 8 factory reset, there's no guarantee that doing that would remove all of the devices. I assume he's talking about "ordinary" malware so she's going to have him call me so I can get a better idea of what he's concerned about. At this point, she's frightened of even turning it on. What would you do if you were faced with this computer? Win 8 reset? Nuke and pave? Something else? I don't know what anti-malware she has on the machine -- whatever comes with a new HP laptop, I presume, plus perhaps "Norton Security Suite" as provided by her ISP. Thanks. Something else not mentioned, were other PC-like devices connected to her network at the same time, ie kids laptop, some set top TV boxes, as these could also be attacked at the same time, so despite nuking the Win8 machine, something could be lurking elsewhere on their network now. This is why once one business pc is compromised so can plenty of other workstations be compromised in effect making the whole network compromised. This is why BYOD is bad for business. Even some routers can be compromised and just because signing keys have not been made so blatantly available like from a Tawainese FTP server, doesnt mean to say the signing key is secure, at best you can say you have not "heard" of any being compromised becuase businesses dont like bad news getting out! |
Thread Tools | |
Display Modes | Rate This Thread |
|
|