All posts by macsrwe@macsrwe.com

SCAMMERS UP THEIR GAME

We’ve previously posted entries about telephone computer-support scammers (here, and here). That information is still relevant, and if you haven’t yet read these articles, you should.

Recently, these criminals have added a new weapon to their arsenal: Caller ID spoofing. In brief, the scammers use widely-available telemarketing hardware to make your phone’s caller ID feature report that their call is originating from Apple’s headquarters, when in fact it isn’t. Here is a MacRumors article about the new scam twist.

It bears repeating: Apple and Microsoft will not call you out of the blue to report that “you have a virus” or that “your computer needs repair.” Hang up on these callers, don’t even listen to their pitch. And, for heaven’s sake, don’t let them log into your computer remotely, and become a victim of ransomware or identity theft.

Anyone who initiates a call to you and then tries to charge you for emergency computer service is looking to bilk you—do not let them.

Spotlight crash fix

I’ve come across this one on multiple client machines this month.

The symptom is simple: you invoke Spotlight (via the magnifying glass icon or command-space), and maybe four times out of five, within a second or so, no matter what you do, Spotlight crashes. You get a screen full of dump information with a button “Send to Apple.” If you type very quickly, you may be able to type your query, hit return, and even have it processed before the crash screen comes up.

This one is maddening, and plagued me for over a month before I found the simple solution.

Go to System Preferences / Spotlight, the Search Results tab. Uncheck the “Bookmarks & History” box.

That’s it.

Apparently, it’s common for something to crawl into one’s bookmarks or history that just flat crashes Spotlight. I don’t know exactly what it is, but I can live with having Spotlight not find things in there if they’re going to be more trouble than they’re worth.

These are not the dongles you’re looking for…

Ever since the “foresight” of Steve Jobs decreed that wired ethernet ports were obsolete and henceforth would be absent from all new Macs (on behalf of network engineers all over the world I curse you, Steve), those of us who need those jacks (because we’re responsible for getting wireless systems to work in the first place) have had to purchase add-on USB/ethernet adapters to do our jobs.

Until recently, I’ve been using this USB-2.0/Fast Ethernet dongle from Monoprice (#6150, no longer available).  It has worked fine, but it’s very awkward to use in the field with my laptop, where I literally have to use my lap, because the long, inflexible packaging continually threatens to angle downwards (or upwards, if the Mac slides off my leg) and damage the USB port of my laptop.

Since the amount of junk I have to shovel into a new router to make it work is getting larger, not smaller, I decided to find a USB3/GigE adapter, one where the end connectors were joined by a flexible cord, so as to eliminate the “big lever” effect.

Since I’m a fan of Monoprice’s products, I tried their #11195.  Networking-wise, it worked perfectly, but there was one major flaw: either the Ethernet (RJ45) jack was a hair too shallow or its rim was shaped badly, to the result that any Ethernet cable inserted (with very few exceptions) would not lock into the jack no matter how hard you pushed it.  In the workshop, it would stay connected pretty well (it didn’t jump out or anything), but in the field it was next to useless, disconnecting all the time.  I bought two of these units at the same time, and both suffered from this defect, so it wasn’t just one bad unit.

When I finally got tired enough of picking my cables out of the dirt, I went hunting again.  I found this unit sold by OWC.  Since it looked suspiciously similar  to the Monoprice, I wrote them before buying, to ask if they were rebranding that unit, and explained why I was asking.  I got this reply:

This adapter is one that we manufacture ourselves and we have no connection to Monoprice. Newertech is actually owned by OWC and is our own in house accesories brand. Unfortunately our adapter functions like the Apple adapter and the Monoprice one in which the cable will slide in, but it does not “lock” in place like what you are wanting for it. I do not believe that this adapter will be able to fit for your needs. Please let me know if you have any other questions.

Seriously? The $29 Apple adapter (which I’ve admittedly never tried) has this same, basic flaw?

I just can’t comprehend this.

Since they were invented in the 1970s, “locking” has been on the spec list of every RJ45 connector ever made.  Other than when a plug has had its prong snapped off, I have never experienced an issue locking any RJ45 plug into any RJ45 jack.

It seems incredible to me that in my search for one particular product (a USB 3 to Gigabit Ethernet adapter) I uncovered three different, independent units in a row suffering from an identical flaw never before encountered—and not even a functional flaw, but a purely mechanical flaw, in a commodity component.  What are the odds?

In case you’re wondering whether my search ever succeeded, I eventually found this product (which turns out to widely available from many outlets, both domestic and foreign) offered by a Chinese jobber for the ridiculously low price of $6.24 and free shipping (it took ages, but it was free).  The guts (Realtek 8153) are precisely equivalent to all the other GigE adapters I found, but this one actually lets Ethernet cables lock in.

Ah, all the competitors who screwed up… for want of a nail.

Afterword (May 19): I’ve edited the link to the final dongle to point to what I believe is a similar, authentic dongle (which, you will notice, properly admits to being USB2.0, not 3.0) at another vendor. The dongles I received from China worked for a couple weeks, then went belly up. The square logo on the wide end, which says “GIGABIT” on authentic dongles, says “GLAABIT” on the dongles I received, leading me to believe they are cheap counterfeits. Given that it took over six weeks to receive these units to boot, I refuse to recommend the vendor any longer.

I finally got where I needed to be by trying cable after cable in my Monoprice dongle until I found one that would lock in… then left it plugged in and put everything back into my computer bag. A kludge solution, but ultimately effective.

 

Don’t use the CD

Several times a month, various clients will ask me about setting up a new printer they have acquired. I give them all the same advice:

Don’t use the driver CD that came in the box.  Leave it in the envelope.

Why do I advise this?

Consider.  Acme Products designs a brand new printer.  They manufacture a hundred thousand of them, burn a hundred thousand driver and software CDs, put them in a hundred thousand boxes, and ship them to warehouses all over the country.

For the next six months, the phones at Acme melt down. “This feature doesn’t work.”  “This option has no effect.”  “Everything I print from Microsoft Blarp comes out purple.”  “The instructions tell me to do XYZ, but the control for it isn’t there.” “Apple/Microsoft released a new version of the OS last week, and it broke the printer driver.”

Dozens or even hundreds of changes are made to the software, firmware, and/or driver to address all these bugs, errors, and documentation issues.  A new version of each of them is created with all (or at least most) of these problems fixed.

But they don’t get put into the boxes, because the boxes are long gone.  The CD in the box still contains all those bugs.  And if you use it, you can suffer from them all.

Instead, go directly to the web when you configure a new printer. Apple products (and increasingly, Microsoft products) have “add printer” functions that are very good about reaching out to the proper place on the web automatically, and downloading what you need to run a printer properly on the version of the OS you are running at the moment.  And if (as does happen) the Mac OS tells you it doesn’t have the driver and you have to download it from the manufacturer’s website, do it — what you get there will still be much improved over the one that came in the box.

While we’re at it, it’s always a good idea to visit the printer’s configuration pages, if they exist (System Preferences / Printers & Scanners / (choose a printer) / Options & Supplies / Show Printer Webpage) and see if there is a firmware update available for the printer.  I did this tonight with a printer that a client had just lifted out of the box this afternoon. Surprise, surprise — there was a firmware update available for a “brand new” printer. On top of this, the copyright on the webpages went back to 2015 — when the OS version my client was using hadn’t even been announced.

All this underscores the original advice: what comes in the box is almost always obsolete before you open it.  Always get the current versions online.  You’ll be glad you did.

The One Ring

"I'd like to run some tests on that 'One Ring to rule them all' ring. Can I borrow it for a few days?" "I thought you had it?"

Know that sinking feeling you get in the pit of your stomach when you realize that something really important is nowhere to be found? That’s what we get every time we ask a client for the password to his Macintosh, and the answer comes back, “I don’t remember.”

No one knows better than we do how many passwords a modern computer user has to juggle in the course of a day. Your email; your Facebook account; your banks; your photo collection; your credit cards; your pharmacy; hundreds of websites; and perhaps even your home thermostat.

The Mac OS does a reasonably good job of keeping track of (almost) every password associated with your life, by storing them automatically in a secure storage area called your keychain. That way, it can guard them against loss, present them automatically whenever needed, and keep your online life as manageable as possible.

This keychain is secured by the one password that isn’t itself stored in the keychain: the password you use to login to your Macintosh. That makes your Mac password, in effect, the one password that rules them all. Given that password, you can automatically or manually look up any other password you own in that keychain. Without that password, your entire digital life is toast. Having this one password can mean the difference between having to pay for one or two hours of repair time, or many hours of repair time plus many hours of your own time.

“Can’t I just pick a new password?”

Sure you can. But if it were that straightforward, what would keep anyone who walked off with your computer from “picking a new password” for it, and thereby gaining access to every bank account and credit card you possess?

Yes, there’s a straightforward procedure to force a new password onto a Macintosh account. But when you next log into it, you’ll be notified that your keychain is inaccessible, because it’s still encrypted with your original password… which, of course, you still don’t know. With the old password, it would be a simple matter to unlock the keychain to encrypt it with the new password. Without it, every other password you need (and don’t remember on your own) is locked up forever.

Regular visits to the mental gymnasium

The one feature undoubtedly responsible for more cases of “I forgot my password” than any other is the automatic login. It’s seductive because it promises to make your daily online life easier, and does… until your disk drive fails, or you fall victim to a ransomware or tech support scam, and you need non-trivial reconstructive work done on your Mac. At that point, not knowing your password (because it’s been months or years since you actually had to type it anywhere) is an extra kick in the ribs that you really didn’t need while you were down. (We are seeing much the same syndrome now occurring among users of iPhones and iPads due to the availability of “Touch ID.” A password you never type is a password you soon forget.)

Our advice is never to enable automatic login. Computers get stolen; the kids and grandkids get into things they shouldn’t when nobody is around; and most importantly, typing in your password every time you log into your Mac is the best and most effective way to ensure you never forget it.

(If you’re currently running with automatic login enabled, and realize you have indeed forgotten your login password, contact us for help before doing anything else, including disabling automatic login. We can ensure that the contents of your keychain(s) are safe-stored for future accessibility before forcing your account to a new, known password.)

The Big Three passwords

Our advice to our clients is that they keep special track of three main passwords. With these passwords, you can recover most any other password you own. Just like you wouldn’t go for a drive without pocketing your license, you shouldn’t go online without having a record of these three passwords in a secure place.

  1. Your Mac login password, for all the reasons outlined above. This one will let you into your keychain, where most of the rest of your passwords are safe-stored.
  2. Your Apple ID (App Store / iTunes Store / iCloud) password. This password is a major special case, as it doesn’t exist in your keychain (unless you stored it there by hand as a note, which you may want to consider now that you know it’s possible). This is the password you need to reclaim all your purchased apps, tunes, and movies, and to reestablish connections with your iDevices.
  3. The password to your primary email address. If you forget or misplace either or both of the other two, this is the one you will need in order to receive responses to all the “reset my password” requests you will be making to all your secure websites (banks, etc.) as well as resetting your Apple ID password.

(If you’ve enabled iCloud Keychain, you also chose a six-digit iCloud Security Code which you may consider recording somewhere, as it won’t be in your Mac keychain—again, unless you put it there by hand. However, it’s not strictly necessary to have unless you’ve lost every other Apple device you own, as you can authorize any related activity from any of your Apple devices.)

Exercise records discipline

When we advise keeping copies of this information in a secure place, that also implies having a single place for the information, identifying which password is for what, and destroying obsolete versions of the passwords. As repair engineers, we are too often confronted with “records” consisting of multiple notebooks, index cards, and/or sticky notes containing several dozen total passwords, most of which have long since been superseded by others, with none of them identified as to account or function. To top it off, sometimes the working password is not even among them, having been recorded on an entirely separate piece of paper located elsewhere. A little organization and records discipline can mean the difference between a smooth service call and locking yourself out of your digital data indefinitely.

We hope you’ll consider the tips presented here and choose to adopt as many as possible in your own life, to keep your valuable data accessible to you while remaining secure from others.

 

Tech support scam booming

Since my most recent posting, the number of fake virus / tech support scam incidents I have been called to remedy has ballooned.

They’re persuasive: the client featured in my previous posting has since let herself be victimized by a second scammer, despite having already been burned once. (Thankfully, no damage was done to her machine this time around).

They’re persistent: one of the scams recently encountered by a client involved not just a standard un-dismissable dialog box claiming that malware was present, but also an audio file blaring a loop about how “this PC” (of course, it was a Mac) “is infected with the Zeus virus! You must call Microsoft at this number right now!” The carnival-barker behavior resumed (and locked up her browser) every time she launched Safari.

They’re opportunistic: a client signed a $400 “perpetual service contract” with a Massachusetts-based tech support company after dialing (probably misdialing) a tech support number on her Verizon bill.

They’re intrusive: the same client complained to me that, “I literally can’t turn my computer on anymore without the phone immediately ringing and some accented fellow telling me a virus has been detected on my system.”

What can you do about it?

The first rule, as we mentioned in our previous posting, is that neither Microsoft, nor Apple, nor anybody else is going to call you out of the blue and say they have detected a virus on your computer. If you get such a call, hang up.

This goes double for anyone who, after phoning you, tries to talk you into using “screen sharing” or “remote logon” software to let him onto your computer. If you let any stranger onto your computer in this fashion, it’s like handing it to him and letting him drive away — he can do anything to it he pleases.

Be careful of your typing when you type URLs into your browser bar. Through a technique known as “typosquatting,” a fraudster can set up websites that respond to these misspellings and then take advantage of your trust in the website you thought you were at. Similarly, it’s easy to follow an outdated link in a perfectly legitimate (but old) posting on the internet, only to find that the website that used to house that page is now owned by someone much less legitimate, offering phony virus warnings or fake (infected) updates of Adobe Flash to download. If you arrive at a website to find something unexpected, examine the URL bar at the top of your browser window carefully — if it doesn’t precisely match the name of the site you thought you were going to, leave immediately.

Similarly, this technique applies to phone numbers as well — you can dial a valid tech support number but use the wrong area code, and be delivered to a tech support scammer. If the support activity you are offered isn’t what you expected from your vendor, be very skeptical.TrustNoOne

The best defense is a healthy paranoia.
Never take any caller (that you don’t already know) at face value, and don’t believe you have malware just because some intrusive (and usually illiterate) website says so.

But they’ve already set the hook

The internet is a big place, and sooner or later anyone (even me) will land on a page festooned with barbs and claws, a page he wishes he hadn’t. What do you do then?

The hallmark of most browser-based malware scams is the warning box that just won’t go away. Clicking the red X (Windows close box) does nothing; trying to close the page does nothing; trying to quit the browser either doesn’t work or works only until you re-open the browser, whereupon the same warning immediately pops up.

These scams make use of JavaScript controls to disable basic operations such as back, close, and quit; and also benefit from Safari’s default behavior of re-opening the same website that was active when Safari was closed.

Though it’s tempting when faced with a dialog box you can’t dismiss, and/or an endless audio loop screaming in your ear, don’t panicYou can defeat all this.

If you can’t simply quit Safari, force-quit it. Hold down the “option” key, as you click and hold on the Safari icon in the Dock, until you see a menu appear with “Force Quit,” then choose that.  Alternatively, you can choose “Force Quit” in the Apple menu (or use the key combination “command-option-esc”), then select Safari.

Once you have successfully quit Safari, hold down the shift key as you click on the Safari icon in the Dock. This will defeat the “open the most recent page” feature and stop the attack from relaunching. You can examine your History if you’re curious where you ended up and how you got there, but don’t click on any part of it or you’ll end up back there.

What about the money?

If you suspect you have been duped into giving a company your credit card number to pay for phony tech support, you may be in luck. Use the web to research the name of the company you paid and/or the company that appears on your credit card bill, if different. If you see a reasonable consensus that these folks are scammers, contact your credit card company and ask for a chargeback on the grounds of fraud. You have several months to make such a complaint; the earlier, of course, the better.

If you paid for the phony service with a debit card, check, or (heaven help us) a wire transfer, this recourse is not open to you — the best you can hope for is to be able to talk the IRS into letting you deduct that amount as an “educational expense.”

If all else fails…

If after all this advice you can’t free up your machine — Mac or PC —  from a malware attack — real or phony — give me a call. I can sort out the real threats from the imposters (and on the Mac side, they’re practically all imposters), and disable either kind to get you back into operation expeditiously.

DON’T CALL ME—I’LL CALL YOU

Write the following on the blackboard of your life, right underneath “There’s no such thing as a free lunch”:

Neither Microsoft nor Apple will ever phone you to fix your computer–at least not unless you have phoned them first.

Today, one of my senior clients got a call “from Microsoft.” Since she had been having problems with her DSL recently, she made the mistake of believing the caller. She complied with all his instructions and let him log into her Windows machine remotely, whereupon he showed her several screensful of “critical problems” that he said he would fix right away… as soon as she paid him $400 for the work.

“I don’t have that kind of money to throw around. You never said anything about a charge when you called me, and I’m not paying you anything.”

“You’d better pay me now, because if you hang up on me, you can’t call me back, I won’t call you back, and if I don’t get paid, you’ll never use Windows on your computer again.”

Refusing to be extorted, she hung up on him anyway, and then phoned me to see if there was anything I could do about her situation. When I showed up, I tried booting her system in Safe Mode, whereupon I was met with the demand, “This computer is configured to require a password in order to start up.” She had been victimized by a “ransomware” scammer.

A little time spent with a search engine revealed that my client had been saddled with a “SysKey password.” Establishing such a password encrypts a Windows data area called the”SAM registry hive,” so simply removing the password by force won’t fix this situation, and could result in the destruction of any number of other files. The same search showed many instances of other scammed users being victimized by this same exact trick.

I had to take the machine down to the shop, safestore the user files for insurance, then reset to a restore point from about a week ago. The backup process took longer than I would have liked, but my client was back to happily using her machine quicker than our scam caller could give his mother her next STD.

Unfortunately, these scams are on the rise. This is the second senior in my (admittedly small-town) client base who has been hit with a similar scam in the past quarter. The other was called by the fraudsters at Kavish, and had paid them $149, which (at my urging) she recovered by disputing the charge with her credit card company.

The lesson here is not to trust unknown callers who phone you with official-sounding requests, whether they say they are calling from Microsoft, your bank, a store, a law enforcement agency, or anywhere else. If you didn’t initiate the call and you don’t personally know the caller, treat him just as you would treat Peggy from Siberia: tell him nothing, and allow him no access to your stuff.

If you’ve called Microsoft, or Apple, or any other company for technical service, they will give you a ticket number. Write it down. When you receive a genuine return call, the caller will have that ticket number. If they don’t, hang up, and call the main number back.

Bad Apple Mail—No Password!

This bug really burns me, because it’s been around forever, and Apple just isn’t doing anything about it.

Anyone who has used Apple Mail for more than a week has seen the following dialog box:

mailcantconnect

Of course, the natural response is to obey and type your password.

Don’t do it. 

Here’s why:

There are a half-dozen or so reasons why a mail transaction will fail. The mail server may be busy, hung, or dead. Your Wi-Fi may be down or your ethernet cable may be loose. There could be a network interruption in the greater internet somewhere between you and your mail server. Or, you could actually have supplied the wrong password for the account.

Unless your mail account is brand new, or you recently changed your mail password, the probability that this last choice is really your problem is vanishingly small.

However, that’s not Apple Mail’s opinion. “Couldn’t contact the server? Oh no, it has to be a bad password!” So Mail puts up this dialog box, inveigling you to type in your password again.

There is no upside to complying with this request. 

There are two probabilities here that absolutely dwarf all others: you will type in your password correctly, which won’t solve anything because your password was never the problem; or you will type in your password incorrectly, at which point you have now compounded your original problem by layering a worse one on top of it.

The real joker in the woodpile here is that one of the biggest reasons for typing in your password incorrectly is because you have actually forgotten your correct password. Now, a lost mail password can be retrieved using Keychain Access on your Mac… unless of course you have just overwritten it with a bad password because you responded to this idiotic query from Mail.  😡

The good news is that if you avoid thrashing at this juncture, you can still recover. Mail stores the POP/IMAP (incoming) account password separately from the SMTP (outgoing) account password, and in almost all cases known to man, they are the same password. Use Keychain Access to view the one you haven’t yet damaged, and beat this particular reaper.

Mail Mischief

[May 21 addendum: I’ve corrected this posting to identify the email service as Cox, not Gmail, and to append some additional information on defeating this bug.]

On this one, I suspected poltergeists.

A client called me complaining that she was periodically unable to send mail using her Cox account. We arranged a remote service session, and I found that the port and authentication type parameters for at least one of her outgoing server configurations were incorrect for Cox. I repaired them and verified that the result worked.

The next day, the client wrote to say she was having the same problems. I logged in again, and found that one of the port numbers had changed back to the same incorrect value, and the authentication setting had changed from “password” to “MD5 Challenge-Response.” I asked her if she changed those, and she said no, so I changed them back again and told her there would be no charge for the session.

Two days later, she reported to me that her service has been sporadic. Sometimes she could send mail, and sometime she couldn’t. Sometimes she could send it by switching to the SMTP server on her husband’s account, and sometimes she had to do the reverse.

I got back onto her system, and I found that the configuration values on her account have been changed again, and to values (like port 25) that don’t even work with Cox and never have.

I changed the broken account back to its proper value, whereupon the other one — which had just tested as working — immediately went out of whack!

I switched to it and found that the port had changed again… during the ten seconds that I was working on the other one.

Several times I ping-ponged back and forth, ports and authentication methods mysteriously changing themselves to the wrong values repeatedly during the course of a minute or so.

At this point I began to suspect malware, as improbable as that was. While I was downloading ClamXAV onto her system, I did a fast Web search on the symptoms. I was almost immediately rewarded with a posting describing exactly the same symptoms, and the fix for it.

It seems that in Yosemite, in the advanced section of the e-mail account configuration, there is a new checkbox called, “Automatically detect and maintain account settings.” Yosemite sets this on by default.

The downside is, it’s entirely brain-damaged. It’s just as likely to break your configuration as to maintain it, and is perfectly capable of doing either dozens of times a day, behind your back.

I turned that pesky option off, and again locked the port and password fields to working values. I’m hoping I’ll hear no more of this problem (at least from this client) until Apple finally fixes their buggy code.

[Addendum, May 21: Since posting this, I’ve heard from several other users with exactly the same problem. Informed speculation has it that it is Cox themselves who are feeding these erroneous values back into Mail, and not an Apple bug at all.

[Additionally, Yosemite also added a second “Automatically detect and maintain account settings” checkbox in the “Edit SMTP Server” area itself. If you don’t turn off both this flag and the one in Account / Advanced, the hits will just keep on coming. Make sure they stay off, as at least one user reports the one in Account / Advanced mysteriously turning itself back on right after he turned off the one in “Edit SMTP Server.”]