Windows Sysinternals Installer (WSI) 5/29/14

Windows Sysinterals Installer (WSI) installs the entire Windows Sysinterals Suite on your computer and, optionally, automatically updates all of the tools weekly or monthly.

WSI is a Windows installer… it downloads the official ZIP from the Window Sysinterals team, unzips it to your Program Files folder, creates Windows Start Menu shortcuts and optionally allows you to update the applications either weekly or monthly (or none).

The 5/5/14 installer was flawed. Ooops. It was flawed because I BLAME MICROSOFT (no, don’t take their stupid little survey, they don’t care anyway and you probably won’t win anything).

schtask.exe has a nice little “bug” that ignores spaces inside quotes unless they are “escaped” properly. Idiots at Microsoft. I swear.


It’s fixed now. The new MSI can be installed ONE TIME (I hope) and you never have to read my boring posts ever again.

Until next time! muhawha…

Dangerous Google & Apple Phishing Scams

There have been two very convincing scams recently which have tricked users into handing over their Google and Apple accounts – to complete strangers (hackers).

How convincing? I sent out an email message to everyone in our company last Friday (3/21/14) and posted this article (below) to our corporate website in an attempt to warn everyone here about this potential threat. This morning (3/27/14) a co-worker received an email message from one of his customers with the subject “Document”. The message contained a link so my co-worker clicked the link. This took him to a web page with a real address. The page looked like a real Google login page (but it was fake) so he supplied his login information. Once he got signed in the site took him to a random online Google document. It didn’t make any sense so he just dismissed it and closed the page. The second he signed in to the fake page his Google account was taken over by a hacker (or a robot) who then started sending out mass email messages from his compromised account to every email address associated with his account… not just people in his contacts, but everyone in his history (to, cc and from).

Don’t think you can be tricked? Think again.

Please read this article as soon as possible.

Continue reading Dangerous Google & Apple Phishing Scams

goto fail; Major Security Flaw in Apple iOS and OSX

If you are an Apple user, stop what you are doing right now, disconnect from WiFi, and take 5 minutes to read everything on this page.

I read several articles yesterday about a serious security flaw in Apple’s iOS (iPhone, iPad, etc.) and OSX (Mac) that has existed since September… of 2012. Internally Apple has been well aware of this problem for almost a year and a half (17 months), yet for some reason (shocker) they chose not to disclose this flaw publicly… so most users never knew there was a problem.

The flaw allows a hacker to intercept all of your data even though you might see a secure link (padlock) icon which means SSL (Secure Socket Layer) is enabled. This flaw can normally only be exploited when you (and a hacker) are on a public WiFi hotspot and it only affects iOS 6.0 through 7.0.5 on iPhones and Macs running OSX. There is a fix for iOS but currently there is no fix for Mac OSX.

Let’s just hope pray you haven’t been checking your bank account at Starbucks or Facebooking at McDonald’s.

iPhone users: until the iOS 7.0.6 update is installed please do NOT use WiFi in any public places.

Mac users: avoid using publicly accessible WiFi until Apple releases an update.

Go to your iPhone/iPad and open Settings > General > About. Scroll down to see your device’s version information. If your device is running anything between 6.0 and 7.0.5 you need to upgrade to 7.0.6 NOW. To upgrade, connect to your personal or trusted WiFi hotspot (only use WiFi at your house or work) and open Settings > General. You should see an available upgrade. Install it immediately.

Please send a link to this page (using either of the two links below) to friends and family who might be using Apple products:

Update #1 – 2/24/14 – Mostly for OSX users:

Apple quietly issues iOS update to patch faulty SSL authentication (update 2: OS X patch coming)

Protect a Mac from the ‘GotoFail’ SSL / TLS security bug (until fix arrives)

Help Protect a Mac from the SSL / TLS Security Bug (Until a Fix Arrives)

Hint… the next two links should be clicked from your Mac: Use Mozilla Firefox for OSX or Google Chrome for OSX until an OSX patch is released.

Update #2 – 2/26/14: Mac OSX Patch Finally Available!

OSX Mavericks 10.9.2 Upgrade

Apple releases OS X 10.9.2 update, patches severe SSL bug

About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001


Why Apple’s Recent Security Flaw Is So Scary

Apple Security Flaw Is “As Bad As You Could Imagine”

Extremely critical crypto flaw in iOS may also affect fully patched Macs


goto fail;

A sample of the code showing where the problem occurred.


The second instance of “goto fail;” (above) is what caused the flaw. Supposedly it was accidentally copy/pasted before the OS was released.