Category Archives: Uncategorized

Viewing a winmail.dat Attachment

Posted on by

Problem – you receive an email that has an attachment named winmail.dat that your Mac Mail program can't view.

Reason – The Winmail.dat file is used in Outlook when sending a Rich Text-formatted message however OS/X Mail as the receiving client does not use or recognize the winmail.dat file format.

Solutions

Ask the sender of the email to change their default email settings.  Microsoft suggests 4 methods here.  Then have the sender re-send the attachment.  This is often impractical as it places the burden on the sender who may be someone you don't want to burden.  It also only the solves your problem with this one sender and not the hundreds of millions other of Outlook users. 

There are well established technical standards for email and so it may seem unfair that you are stuck with this problem because Microsoft  chose to use a proprietary format.  Life isn't fair.

   It is faster and more practical to install an add-on to view winmail.dat files on a Mac. I use TNEF's Enough written by Josh Jacob.

  Download the latest version, open the dmg file and drag the program into your applications folder.  If you receive the occasional winmail.dat attachment, save it to your desktop, open TNEFF's Enough and select FILE ->   OPEN, double click on the attachment listed in the TNEFF's Enough program window and select a save location.  If you receive winmail.dat files often, drag the TNEFF app into your dock then drag the winmail.dat file from your email and drop it onto the TNEFF icon in your dock.

 

The Heartbleed Bug – What to Do Now

Posted on by

Websites that exchange sensitive information with users have, for many years now, secured the connection between a users browser and the web site by encrypting the information.  The system is called SSL for Secure Sockets Layer and TLS for Transport Layer Security and up until the begriming of 2012 the software that implemented these techniques, OpenSSL protected the information as it flowed over the  Internet by making it unreadable to anyone other than the intended recipient.  A programming mistake (A missing bounds check)  introduced into the software introduced a flaw in  a function of the TLS protocol called heartbeat.  

 

That flaw allowed a non-standard heartbeat command to return 64 KB or about 32 pages of text of unencrypted data.  In effect, the programming error allowed an attacker to access the very information that SSL/TLS was intended to protect.    Named for the heartbeat function that allows the data to be viewed by attackers, the bug has become known as Heartbleed.

The bug was first reported to OpenSSL by Neel Mehta from Google Security  Matti Kamunen, Antti Karjalainen and Riku Hietamäki from Codenomicon Oy and was reported publicly by the group that wrote OpenSSL on April 7, 2014.  The notice itself may well be one of the most understated alerts in the history of computer security with no mention of the catastrophic impact on the Internet and Online commerce. A conservatively estimated is that two-thirds of the Internet's Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. 

What to Do Now

If you operate a website you have a great deal of work to do including updating the vulnerable Open SSL library, updating all the other system software and libraries that depend on that software, figuring out what software those changes broke and fixing them and revoking and reissuing new security certificates.  If you're like most people you just want to know if some cyber-criminal has stolen the password to your online banking.  The most conservative approach is to change all of your passwords once the websites you use have been protected from Heartbleed.  Joseph Bonneau, a security researcher makes a good argument in Heartbleed and passwords: don’t panic that Heartbleed is not as catastrophic as the media reports would suggest.  

If you want to be certain you should change all your passwords –

Step 1 – Test if the site has fixed the Heartbleed bug by going to https://www.ssllabs.com, enter the site URL and verify the test  shows the site is not vulnerable to the Heartbleed bug.

Step 2 – Change your password.  As long as you are going to all the trouble of changing your password in every single site that you have a password, consider using good passwords and using them properly.  You can read my take on good password hygiene here.

Repeat steps 1 and 2 for every site you have used.  If you no longer use the site, login to it and delete your account.  

If in the past you used the same password on multiple sites then you definitely need to change them anyway.  Check back for my Password Pyramid approach.

WinXP-Expire

Windows XP Support Ends – Why You Need to Know

Posted on by
 
April 8 2014 is the last day that Microsoft will support it’s Windows XP operating system.   This is important for anyone with a computer running XP  because that is the date Microsoft will stop issuing patches, or fixes, to the software leaving users vulnerable to attack when new exploits are found but not fixed.  Windows XP was first released in October of 2001 – over 12 years ago.  One might think that 12 years would be enough time to find and fix all the bugs in the software that allowed attackers to take over your computer but then one would be wrong.  There have been 9 “critical” or “important” patches released for XP during the first few months of 2014.  

Solutions
 
Microsoft recommends that users of XP upgrade to the latest greatest version of Windows – version 8.1.  While Windows 8.1 has had 8 critical or important security patches so far in 2014, Microsoft will continue to issue security patches.  Most XP computers however do not have the hardware to run Windows 8.1 so XP users will in most cases need to purchase new PCs with Windows 8.1 already  installed.  
The upgrade cost may not be limited to the new computer as many older software titles that run just fine on XP will need to be upgraded to new versions that will work with Windows 8.1.  For Microsoft software such as Microsoft Office you can check compatibility at the Windows Compatibility Center website If you have Office 2007 or later you’re set, anything earlier – take out your wallet.  
QuickBooks is another commonly used program on older XP machines.  Only QB 2013 and 2014 will work on Windows 8 according to Intuit.  http://support.quickbooks.intuit.com/support/articles/HOW19972

Alternatives
 
If you have an XP computer you need to do something.  Continuing to use the software exposes you and your data to the risk of loss and theft.  Before you rush out and buy a new Windows 8 PC I suggest you consider if an Apple Mac would work for you.  Let me make clear that I am not a Mac zealot.  Macs are great but they aren’t perfect and certainly don’t meet the requirements of every situation.  Like most things there are advantages and disadvantages in switching from Windows to OS/X – the name of the MacIntosh operating system software.

Disadvantages
  • Learning Curve – OS/X is different than Windows and it takes some getting used to.  
  • Not all software runs on OS/X – if you absolutely must use a specific software title that is only available on Windows then stop reading now and go by a new PC.
  • Apple hardware, in general, costs more than PCs that run Windows.  
Advantages
  • There are far fewer viruses for Macs than PCs.  While this may not always stay true, the vast majority (over 99%) of viruses target Windows PCs.  Mac users spend a lot less time on ant-virus software updates and cleaning out infections that get through.
  • Apple has always been something of a control freak when it comes to their products.  An upside of this is that most software that runs on Macs follows a consistent user interface.  In general, the way you do things is pretty consistent between programs and inter-program communication tends to be excellent.
  • Ease of Use – I know that this is subjective however having used both systems for years I come down solidly on the side of Macs.
Myths
  • Files created on one can not be used on the other – FALSE
  • It is hard to get technical support for Macs – FALSE on two levels, there are plenty of Mac gurus out there and Mac users need a lot less support.
  • I need to use Microsoft Office so I can’t use a Mac.  FALSE – Microsoft Office for Mac is, with very few exceptions is compatible with the PC versions.  There are some Macro language and VBA differences that should only be an issue in a large corporate environment with dozens of connected spreadsheets tied together.
The above list is certainly not exhaustive and I will try to add to it over time.  
Addressing some of the issues, I would allow a couple weeks to get up to speed on a Mac if you were a Windows user.  I have found that the learning curve from Windows XP or Windows 7 to Windows 8 is about the same as from XP or 7 to OS/X.
Inexpensive PCs don’t hold up well.  The very low cost ones don’t have enough computing power and mid-priced PCs with decent power tend to suffer from being heavy, have poor battery life for laptops, and have unreliable keyboards and touchpads.  If you really compare a well made and decently powered PC to a Mac, the price is not that much more for the Mac. 
mystic2

NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls

Posted on by

By Barton Gellman and Ashkan SoltaniPublished: March 18

The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.

 

521-substation-metcalf-map

Assault on California Power Station Raises Alarm on Potential for Terrorism

Posted on by
February 5, 2014
 
SAN JOSE, Calif.—The attack began just before 1 a.m. on April 16 last year, when someone slipped into an underground vault not far from a busy freeway and cut telephone cables.
 
Within half an hour, snipers opened fire on a nearby electrical substation. Shooting for 19 minutes, they surgically knocked out 17 giant transformers that funnel power to Silicon Valley. A minute before a police car arrived, the shooters disappeared into the night.  Read the original WSJ article  about the susceptibility of the US power grid and how a critical vulnerability of being ignored.