The All Writs Act is an All Access Pass

Yeah… “It’s good to be the king…!

Those of you that recognize the comic line from Mel Brook’s History of the World: Part 1 will recall that it was used by Mel Brooks during the montage on pre-Revolutionary France where Brooks played King Louis XVI. The king gets to do whatever he wants. Therefore it’s good to be the king…

the all writs act

I’ve been looking for a simple explanation of the All Writs Act of 1789 and for a straight forward explanation on how it applies to the Apple v. FBI case. I found part of this, here. The Act in and of itself is a simple two sentence, two point piece of legislation that provides the government and law enforcement a great deal of latitude when pursuing justice. As its short and to the point, I’m including the full text of the statute, below:

28 U.S. Code § 1651 – Writs

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.

(FYI – a “rule nisi” is an order to show cause; and its considered directly applicable, unless the party its directed at can prove that it isn’t)

Application of the All Writs Act requires the fulfillment of [specific] conditions:

  1. The absence of alternative remedies – the act is only applicable when other judicial tools are not available.
  2. An independent basis for jurisdiction – the act authorizes writs in aid of jurisdiction, but does not in itself create any federal subject-matter jurisdiction.
  3. Necessary or appropriate in aid of jurisdiction – the writ must be necessary or appropriate to the particular case.
  4. Usages and principles of law – the statute requires courts to issue writs “agreeable to the usages and principles of law.”

Now, I’m NOT a lawyer; but I was a Regulatory Affairs Manager for a medical device company here in the States for a number of years; and I’m used to reading over legislation, regulations and legal texts. So, the following is my interpretation of what I see going on with the above, and as it relates to the Apple v. FBI case:

  1. The All Writs Act is a Blank Check
    It’s very clear that the government (read: law enforcement) can effectively do whatever it wants when it comes to a legal dead end, if it chooses to. If the government attempts to get a warrant for what they feel is a specific bit of evidence and the warrant is denied or quashed, they can fire back with this; and as long as a judge agrees, they’re in. It’s completely subjective.
  2. The Act in and of itself does not Include Any Challenges or Limitations
    Other than the first condition in the statute, noted above requiring other remedies and statutes to be exhausted first, applying for and receiving the necessary writ need only be
    a. Applied for and executed in the appropriate jurisdiction (you can’t go to a judge in NY for something you want to do in CA)
    b. Must have a basis in law (but depending on the situation at hand, doesn’t necessarily require previous application or precedent).
    c. Necessary to the case

If you think about it, that covers just about everything.

So, for this to be applicable to the Apple v. FBI case where the FBI is looking to get past the password screen on the employer owned, iPhone 5c used by Syed Farook, all the government has had to do is

  1. Try to get past this screen (and they have)
  2. Have hit a technical roadblock (and they have)
  3. Have tried to other legal tools to compel Apple to unlock the phone (and they have)

What’s at issue here is twofold:

It sets a nasty legal precedent

The FBI has backtracked on its previous statements and said that “forcing Apple Inc. to give the FBI data from an iPhone used by one of the San Bernardino shooters would be ‘potentially precedential’ in other cases where the agency might request similar cooperation from technology companies.,” according to an article by Julia Harte and Julia Edwards on MSN.

The FBI stated during testimony given before Congress, and in response to a question from Representative John Conyers, FBI director Jim Comey stated, “of course the bureau would seek to apply the same tactic in other cases.”

Which, by the way, is a direct contradiction to statements that were made by Comey in earlier, taped, interviews where he said that all the FBI wanted was information off of this, one, individual iPhone 5c, in this case

Its unduly burdensome

In essence, as I understand it, the FBI is demanding that Apple create and maintain a new product, specifically for law enforcement, that will permit them to crack into any iPhone, any time they deem it necessary.

It’s not an add-on. It’s an entire new piece of firmware. It’s going to require all of the same development and testing and project resources that every other piece of Apple iPhone firmware requires, along with a secured, dedicated, classified, testing and development lab (in order to keep everything secret and safe.

While the All Writs Act doesn’t provide for safeguards against this, other legislation does. Unfortunately, the liability of proof of this burden lies with Apple, and not with the government. If Apple doesn’t want to do what the FBI is demanding, they’ll be required to demonstrate this to a judge (or to Congress) in federal court or in a formal hearing, respectively.

In an interesting twist, a New York Magistrate, Judge Hames Orenstein found that the government “lacks the legal authority necessary to force Apple or any company to break its own digital security protocols.”

In his ruling, Judge Orenstein indicated he agreed that forcing Apple to “[invent, code and distribute] a purposely vulnerable operating system in hopes of cracking existing device security was unreasonably burdensome.” The ruling in full can be seen here.

Armed with this, Apple has filed a formal objection to their case and has cited the decision noted above it its filing.

There’s more developing in this case, so stay tuned for additional updates as they develop.

Related Posts:

Apple Tells the FBI to go Pound Bits

The FBI’s request for Apple to crack the San Bernardino terrorist iPhone 5c isn’t as cut and dry as it might appear…

apple and the fbi

This story has been making headlines for quite some time now, and I honestly think that it will continue to make headlines for some time to come. In fact, I can see this subject staying in the news for at least the next couple of months…

This is perhaps one of the most controversial issues I’ve seen out of the tech sector in a very long time. I’m also not entirely certain that there has EVER been such a controversial or politically charged issue on the minds of nearly every personal computer user – like, EVER.

At the heart of the issue is the iPhone 5c used by Syed Farook.  Farook and his wife, Tashfeen Malik killed 14 people and injured another 22 during a training class and party in December 2015.  The FBI has tried to access the iPhone 5c, but have not been able to get past its passcode, which resets after 10 failed attempts, rendering the device inaccessible.

During the week of 2016-02-14 to 2016-02-20, a federal judge ordered that Apple must assist the FBI in getting past the passcode screen.  Apple, has since refused to comply with this order, stating that they intend to fight the order, which they see as a violation of the right to privacy and of civil liberties.

At issue, is not this one single iPhone, owned by the (uninvolved and unknowing) business that Farook worked for.  According to Apple, the only way to gain access to an iPhone locked with a passcode is to crack the encryption and build a back door into the OS.  According to the FBI, Apple doesn’t have to create that back door. They can simply modify this one, particular iPhone 5c and give the FBI the access they need.

First of all, I think it’s interesting that the FBI can make this determination. If they’re smart enough to figure THAT out, then why can’t they crack the Farook’s iPhone themselves?

The logical answer here is they don’t.

They’re making an assumption, and I don’t believe they know what they’re talking about. If they had the technical hutzpah to make that statement, then they wouldn’t need Apple.

Now, according to an interview with Tim Cook that aired on ABC World News Tonight, there are some very serious problems with this request. Actually, Tim Cook called the issue “complex.”

According to Cook,

“If a court can ask us to write this piece of software, think about what else they could ask us to write — maybe it’s an operating system for surveillance, maybe the ability for the law enforcement to turn on the camera,” Cook said. “I don’t know where this stops. But I do know that this is not what should be happening in this country.”

In a message from Cook to Apple customers during the week of 2016-02-14 to 2016-02-20, Cook said that they had provided assistance to the FBI, but wouldn’t create a backdoor that would have the potential to crack any iPhone.  This decision was applauded by both Google CEO Sundar Pichai and WhatsApp CEO Jan Koum, among other Silicon Valley big wigs.  Currently, there are approximately two dozen iPhones held by law enforcement agencies around the country where those agencies are interested in the outcome of this case.

If the FBI prevails, precedent is created for Apple to provide them with the same kind or type of tool or service for unlocking those two dozen or so iPhones as well as any other encrypted iOS devices in the future.

This is the biggest concern of all, as then this leaves Apple open to similar requests from nearly every legal agency in this country as well as other’s around the world, to provide them with the same kind of access.  So, every political dissident or activist that is detained by a dissenting, international governing body that owns an iPhone or other iDevice, will demand that Apple provide them (that governing body) with the same services.

The story here only gets more and more interesting…

Bill Gates, one of the founders of Microsoft, was recently quoted as coming out AGAINST Apple’s plight against the FBI.  When asked for clarification, Gates replied,

I was disappointed, because that doesn’t state my view on this. I do believe that with the right safeguards, there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable. But striking that balance — clearly the government [has] taken information, historically, and used it in ways that we didn’t expect, going all the way back, say, to the FBI under J. Edgar Hoover. So I’m hoping now we can have the discussion. I do believe there are sets of safeguards where the government shouldn’t have to be completely blind… The courts are going to decide this…  In the meantime, that gives us this opportunity to get [in] the discussion. And these issues will be decided in Congress.”

However, in a statement released on 2016-02-26, Microsoft itself has come out in support of Apple, and not the FBI, like its co-founder, Bill Gates.  Microsoft’s support comes in the form of an amicus brief that it will file with the court next week.  Microsoft’s support is joined to that of Google’s and Facebooks, but really, according to Microsoft’s President and Chief Legal Officer Brad Smith from testimony taken from a congressional hearing, the government, not the courts needs to discuss the [implementation of]new legislation to govern privacy.

The focus of Microsoft’s statements can be nicely summed up with a statement from an industry group, “while it’s ‘extremely important’ to deter crime and terrorism, no company should be required to build back doors to their own technology.”

Personally, I #StandwithApple.  While I support the US government’s stand against terrorism and generally consider myself to be a conservative, the government doesn’t need a back door into my smartphone.  Giving the government too much power and access into my privacy and personal life is NOT what I want.

I’d love to hear everyone’s opinion on this.  If you agree or disagree, support Apple or support the FBI, I’d love to hear your thoughts on the issue. Please share them with us in the comment section below and lend your voice to the discussion.

Related Posts:

Microsoft is Under the Antitrust Microscope in China

Apparently, China has “major issues” it wants Microsoft to explain…

chinese-flagIn July of 2014, China raided Microsoft’s local offices and confiscated a lot of data as part of an antitrust investigation. On 2016-01-05, Chinese regulators demanded that Microsoft explain “major issues it discovered with that data”. This was the first time in over a year that China gave any indication that their antitrust investigation would be moving forward.

Microsoft has publicly stated that it is “serious” about complying with Chinese law and to addressing SAIC’s (China’s State Administration for Industry and Commerce) concerns.

At the beginning of the investigation, China said it was interested in information on how both Windows and Office were bundled, about compatibility between the two and other unnamed concerns.

China’s most recent demands haven’t been clarified or spelled out, but SAIC has asked Microsoft to submit their “defense in a timely manner.”

God knows what they need to defend, or what Microsoft needs to respond to.

Some are speculating that this is retaliation due to Microsoft retiring Windows XP and discontinuing support for it to any and all customers – including the Chinese government and its citizens. China had asked Microsoft to extend XP’s lifespan. Microsoft refused. China said, “pretty please;” and Microsoft STILL said no. China has banned the use of Windows 8 on any government computers.

Microsoft is heavily pushing the adoption of Windows 10 around the world, and China is no exception to this marketing strategy. A short while ago, as of this writing, Microsoft expanded a partnership with one of China’s largest defense firms where it would license Windows 10 to government agencies and some state owned corporations in the energy, telecommunications and transportation industries.

While this is a serious issue, and while Microsoft is giving this issue the appropriate level of priority, it seems as though Microsoft could make all of this go away if they simply provided continued Windows XP support to the Chinese government.

I’m pretty certain, however, that capitulation isn’t a consideration for Microsoft, for a number of different reasons, the most important being

  1. Microsoft isn’t providing preferred XP support to anyone
  2. Microsoft is pushing the world’s Windows users to Windows 10
  3. Windows XP has been heavily pirated in China

Given all of this – and especially the last two points – Microsoft doesn’t really have any incentive TO capitulate. I know I wouldn’t want to if I were Satya Nadella.

Until SAIC can specify what they want Microsoft to respond to, I’m not certain how anyone would reasonably respond to this – in a timely manner or not.

What do you think? Is China’s SAIC just ticked off that their XP PC’s are unsupported? Does Microsoft have anything tangible to worry about in China? What do you think the final outcome will be?

Why don’t you meet me in the discussion area below and let me know what you think?

Related Posts:

Ransomware. Taking your Data Hostage

Yeah… Speaking of malware…

With all of the email problems I’ve been having over the past month or so, I’ve had my hands full. I’m nearly certain that I’ve got some kind of malware. Removing it, has been a real chore; but at least I don’t have any ransomware. Yeah. That would really suck.

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay a ransom through an online payment system in order to regain access to their data or system. Some ransomware encrypts files. Other ransomware blocks communications.


No matter which way you look at it; you don’t have access to your data. Depending on how valuable that data is to you or to your organization, that can be a problem.

One of the most popular pieces of ransomware is CryptoWall or CryptoLocker – same thing. CryptoWall is a Microsoft Windows based Trojan horse. A computer that is infected with this virus has its hard drive encrypted, with the RSA decryption key held by a third party.

When infected, the virus payload installs itself in the user’s profile folder and then adds a key to the registry that causes it to run on startup. It then attempts to contact one of several, designated command servers where it retrieves a 2048bit RSA key pair. The command server sends the public key to the infected computer.

The virus then encrypts the user’s files across all local and mapped network drives with the public key and logs each encrypted file in a registry key. The process only effects files with a specific extension type – usually those belonging to Microsoft Office, OpenDocument, JPEG, GIF, BMP, etc.

Once encrypted, the virus then displays a ransom message that includes a countdown clock. If a ransom of $400USD or €400 in the form of a pre-paid cash voucher – like a MoneyPak or an equivalent amount of BitCoin. If the ransom isn’t paid within the specified timeframe, your decryption key gets deleted, and then there’s no way to decrypt your data. Once paid, the user is able to download a decryption program, preloaded with the decryption key, that unlocks the files.

However, some victims have claimed that even though they have paid the ransom, their files were not decrypted.

Now, there are three ways to get rid of CryptoWall/ CryptoLocker once you get it. Some of them are easy, others are not. Let’ run them down so you know what the options are.

  1. Pay the Ransom
  2. Restore from a Non-Infected Backup
  3. Use an Appropriate Mitigation Method
  4. Call it Quits and Restart from Scratch

Pay the Ransom
Many security experts have said that with a 2048bit encryption key, using some kind of brute force attack to get the decryption key was nearly impossible. Previous versions of the Trojan horse used 1024bit keys and while that may have been crackable – in at least one case, it was – doing so, was not easy and took a great deal of time. That method also required the use of tools and skills that most consumers don’t have, can’t afford, and wouldn’t know how to use.

While removing the Trojan from an infected PC is possible, especially in its early encryption stages (depending on the amount of data in question, encryption can take quite a while), the nature of the infection is that it works in the background. Many users don’t know or see that anything bad is happening. In cases like this, many security experts initially agreed that the only way to recover files was to pay the ransom. Users can usually expect to receive their decryption key within 24 hours.

However, given the dishonest nature of the individuals behind the Trojan horse infection, the 24 hour waiting period and the fact that some people don’t always receive their decryption keys without the call for additional payments, this is a risky removal method. Its certainly not guaranteed. They got your money once. Its very likely that if you don’t get your decryption keys early in the 24 hour period that you will get asked to make additional payments.

It has been estimated by Symantec that up to 3% of all infected victims pay the ransom. Its also been estimated that ransomware operators have collected upwards of over $3.0M USD. So, while you may get your data back with this, paying the ransom doesn’t always get your life’s memories back; and it could end up costing you more than was originally asked for.

Regardless of how much you may pay, if this is the case, you’re going to want to make a back up of your decrypted data and then blow your hard drive and reinstall Windows and all your applications from scratch. You’re also going to want to invest in a malware scanner and some kind of backup plan after that.

Whether its online or offline, it doesn’t matter. The key is starting from a known clean slate and then making certain you don’t get hit again.

Restore from a Non-Infected Backup
Even if your PC and all of your data becomes completely encrypted, if you have your computer’s restore DVD’s AND you have a back up of your data before it became infected (and that drive isn’t always connected to your PC), then you’re more than half way home.

In this case, you can just go tell the malware creator to go pound sand.

However, this may take just a bit of work on your part. You’re going to have to do a few thins to make certain you can safely get to your data.

Check the Status of your Backup
If your backup is done on line, through services like Carbonite or Backblaze, you should be ok.

If you’re using a backup drive that’s connected to your PC all the time, its likely infected and encrypted. However, if you’ve backed data up AFTER you got infected, its likely encrypted and should be considered bad. Do NOT use that data.

If its not always connected to your PC, do NOT connect it to your infected PC. CryptoWall/ CryptoLocker will encrypt it. Check the status of the backup from ANOTHER, uninfected PC and check the last backup date and perform a malware scan on it. Once verified clean, that’s the state of the data you’re going to get back.

If you’ve got all of your data on a cloud service drive, you’re in even better shape., as its likely NOT encrypted. Those services should be set to scan all the data that comes into their data centers and should prevent infections like CryptoWall or CryptoLocker from infecting them. You just need to restore your PC (see below) and then log back into your cloud service and resync your data.

Restore Your PC
After you have the back up drive for your PC identified and set aside, you’re going to need to restore your PC back to factory fresh status. You’re going to need to do this no matter what you do (pay the ransom, restore from a non0infected backup or use a mitigation tool. Once compromised, its not good to continue to use a Windows installation that’s been infected by such a serious piece of malware.

If you have something like a Surface Pro or other tablet/ convertible device do NOT restore from the device’s recovery partition. There’s no way to know that it hasn’t also become infected as well.

In that case, you’re going to need to download the recovery image on a separate computer and then burn that image to a DVD, also from that separate computer. Do that and set it aside

If you have a PC that has a set of restore DVD’s grab those now. Place the restore DVD (either the one you just made for your Surface or other similar device or the ones that come from your PC manufacturer) into either your PC’s DVD drive, or into a USB DVD drive connected to your computer.

You’ll need to set your UEFI or BIOS to boot from the DVD drive. Use that DVD to restore your computer. Once it finishes, and you can reinstall your backup software and a suitable malware scanner. After you’ve updated all of the appropriate malware definitions and performed a malware scan on your newly configured PC, THEN connect your backup drive to your PC.

Perform a second malware scan on your backup drive before the restore. Its better to be safe than sorry.

Once verified clean again, you can restore your data; and you should be good to go.

Use an Appropriate Mitigation Method
You should know up front that this is by far, the riskiest option of all. Its not easy, and you’re not guaranteed to be successful.

If you don’t have your data on some kind of cloud sync service, backed up to a drive that was connected to your PC BEFORE you got infected with CryptoWall/ CryptoLocker, and you aren’t using an online backup tool and you MUST get all of your data back, then you can try to use an appropriate mitigation method.

Now… this is where things get a bit sticky. If you’re not comfortable working with and modifying the Windows Registry, installing and updating hardware drivers or other low level components, then stop. It might be a good idea to take your infected computer to a trusted, reputable repair shop and let them handle it.

They’ll likely keep it for a few days. They may charge you $150 – $250 bucks to get rid of the virus; but you’ll likely get your computer back, with some to most of your data, without having to pay a huge sum to some crook.

In a nutshell, here are the steps you’ll need to perform:

  • Boot to Safe Mode
    In Windows 7, XP and Vista, you’ll need to restart or turn on your PC and quickly and continuously press F8 until you see the Advanced Boot Options screen. From here, you’ll have 30 seconds to use the up/down arrows to choose the “Safe Mode with Networking” option from the list and press the Enter Key.

In Windows 8/ 10, its best to start with the computer already on and sitting at the Windows Logon Screen.

Press and Hold the Shift key, and then click Restart. On the resulting screen select Troubleshoot – Advanced Options – Startup Settings, and then Restart. When your computer becomes active, select Enable Safe mode with Networking.

Let your PC boot into Safe Mode. Your PC should be up and running in Safe Mode. You should be logged in (do so if you aren’t) and you should have access to the Internet.

  • Download a Malware Removal App
    Open up a browser window and download SpyHunter or other spyware/ malware removal app. Purchase a licensed copy if you need to. Use it to remove CryptoLocker/ CryptoWall from your PC. Use that app to remove all of the malicious files that belong to the ransomware and complete the CryptoWall/ CryptoLocker removal.
  • Salvage your Data
    If this works, get your data off your computer and store it on a known clean drive. Then, refer back to the section above where I tell you how to rebuild your PC from scratch.Rebuild your PC from scratch.If you don’t get everything – and that’s possible, even with a good malware removal too – you don’t want to be on a PC that’s had ransomware on it. Rebuild your PC and then put your data back on it.

If that doesn’t work, or if your version of CryptoWall/ CryptoLocker prevents you from booting to Safe Mode with Networking, then you can try something else. However, if this doesn’t work, your options become limited.

  1. Boot into Safe Mode with Command Prompt
    In Windows 7/ XP/ Vista, restart or turn on your PC and tap F8 multiple times until you see the Advanced Boot Options window. Use the up and down arrows to move down to Safe Mode with Command Prompt and press Enter.In Windows 8/ 10, at the Windows login screen, press and hold the Shift key and then click Restart. On the resulting screen select Troubleshoot – Advanced Options – Startup Settings, and then Restart. When your computer becomes active, select Enable Safe Mode with Command Prompt in the Startup Settings Window.
  2. Restore your System Files and Settings with System Restore
    Once the Command Prompt window is available, you should be logged into your computer and the Command Prompt window should have you logged in to C:\Windows\system32Type – cd restore – and press the Enter keyType – rstrui.exe – and press the Enter key

    When System Restore comes up, click the Next button and then select a restore point that is PRIOR to you getting infected with CryptoWall/ CryptoLocker. After that, click the Next button again.

    A warning dialog will display, notifying you that System Restore can’t be interrupted. Click the Yes button and let System Restore run and complete.

  3. Remove the Virus Files
    After System Restore completes, you can reboot your PC. After that, you can download Spy Hunter or other spyware/ malware removal app. Use it to get rid of the malware files
  4. Attempt to Salvage your DataYou need to understand that using a mitigation method does NOT remove any encryption from your data. It just removes the malware. If you data is encrypted, you can try to use Windows’ Previous Versions feature to restore any files that may have been encrypted.To do that, find the file in question and right click it. Choose Properties from the context menu that appears. When the Properties dialog appears, look for the Previous Versions tab and look for a restore point for your file. Choose a date before you got infected, and follow the process.

    However, you need to understand that this method is ONLY effected after System Restore completes and the ransomware is removed. Ransomware often deletes Shadow Volume Copies and this method may fail to work.

Call it Quits and Restart from Scratch
Ransomware is a very SERIOUS piece of malware. If you get it and you end up with your data encrypted, depending on how adventurous or wealthy you are, you can try one of the methods that I’ve listed above, or you can cut your losses and call it a day.

In other words, you can simply resign yourself to the fact that your data is gone and you can rebuild your PC, again, using one of the rebuild methods I noted, above.

Depending on how much you trust the drive you’ve got, you may want to just go and buy a new hard drive for your computer, put it in, and then rebuild your PC from scratch, again, using one of the rebuild methods I noted, above.

There are a few advantages to this. While it consigns your files to a permanent rubbish bin, its likely a much safer way to go, especially if you catch it early in the encryption process.

Ransomware is a huge problem in many countries around the world, especially in the United States. Malware is EVERYWHERE on the internet, and you can get it from visiting dubious websites and even through ads that display in a browser window. You can get malware from email, from infected files and just about anywhere else on the internet.

While you’re clean, the best thing for you to do is to make a backup of all of your data. You can use a backup program, a cloud data service like Dropbox, Google Drive orOneDrive and the like. You can also use online backup programs like Carbonite or Backblaze. Whatever you do, though. Make a backup of your data.

If you do find that you get infected with ransomware, again, you have very limited options. You can:

  1. Pay the Ransom
  2. Restore from a Non-Infected Backup
  3. Use an Appropriate Mitigation Method
  4. Call it Quits and Restart from Scratch

There’s a price to each of these, either in cold hard cash, or in time. Unfortunately, despite any of these methods, you’re likely going to experience some data loss, unless you have a recent, uninfected backup. So the rule here, as always should be to back up early and often.

But again, if you do get infected, the best thing to do as quickly as you can, is to get off the internet, remove the malware, rebuild your system and then restore your data. How you pull this together is up to you, but it isn’t easy, and it can often create other problems that you didn’t initially anticipate.

Related Posts:

Anyone Can Pick Up Malware

The past few weeks have been hellacious at Casa de la Spera…

I’ve been in computing since 1984. I have written more than I can remember without actually reviewing the stuff I’ve written. This includes seven years of columns on CompuServe’s Computing Pro forum as well as approximately 10,000 tips for Windows (95, 98, 98SE, NT, ME, 2000, and Windows 7), Internet Explorer, Office (95/97/2000/2007) and Windows-based Hardware, for WUGNET (The Windows User’s Group Network). I’ve written COUNTLESS software reviews for both Mac and Windows platforms; and I was nominated for Microsoft MVP for Windows Mobile at least twice between 2004 and 2007.

Yeah… I’m giving you the resume more for ME than for anyone else right now.

malwareOver the past few weeks, I’ve been dealing with some hacked email accounts over here; and quite honestly, it’s been very aggravating.

It started during the middle of October. I started seeing bounce notices hit my account, and I wasn’t certain why. Not all of them, or the delivery delay notices I got had the body of the original email with them. Some did. When I was able to look at what that was, it was clear that my Google Apps based email account had been compromised.

I immediately changed my password.

However, that didn’t resolve everything.

Gmail has a few different tools to help you protect your account if you think it’s been compromised, including signing out all web sessions. I did that and then changed my password – AGAIN – and signed back in. However, by that time, the damage had been done and Google had suspended my SMTP permissions. I couldn’t send any email. According to Google, I had sent over 5000 emails in the course of a 24 hour period.

At that point, I also noticed that my contact list had been increased by over 1500 entries, as well. Many of these were simply a strange looking address and nothing more. For example:


Many of the entries had either just the full email address as the contact name or firstname<dot>lastname as the contact name. Those were easy to spot and eliminate, though I had to go through my contact list at least 3-4 times. I didn’t get all of them, and somehow, they got repopulated (with different entries) a couple times. (I’m still pulling crap out of my contacts list…)

After upgrading my Google Apps instance from a grandfathered, less than 50 member free edition to a paid subscription, AND speaking with Google on this for over an hour, I submitted a ticket to get the account reinstated. It took them about two hours, but they put me back in business, and I was able to file a couple of articles with Soft32.

Things quieted down for about a week, and then it kicked in again, though this time, I was able to go through the process again, very quickly and then cut things off before I had sent 5000 emails. This went on – this back and forth – for about another week or so, then things just stopped.

Last weekend (the weekend of 2015-11-08), it started up again, and I got more bounce notices and some forwards back from a couple of people that my account had been hacked again.

That’s when I enabled two factor authentication on my Google Apps account and domain. Two factor authentication is where access to an online account requires not only the account user name and password, but also a validation token or code, usually sent to a mobile or smartphone. The validation token can also be sent via an authentication app.

At this point, I think I have control of the account again.

The bigger problems that remain –

  1. How was the account compromised more than once?
  2. How was it compromised after implementing a 13+ character (multi-chase, letters, numbers, and special character) password?
  3. What significance did the 1500+ additional address book entries play?
  4. Was there any hidden XML payload associated with any of the additional address book entries?
  5. When I deleted them, did I get them all?
  6. Would that even make a difference
  7. Did I pick up a key logger?


A key logger…

The answer at this point is, I don’t know. I’ve ordered a FixMeStick; and while that arrived and scans a mac running OS X 10.11, it currently can’t read a Mac boot drive running El Capitan.

In fact, the boot drive isn’t even visible to the FixMeStick. Thankfully, the vendor is aware of the issue and they’re working on a resolution. FixMeStick owners will have their sticks updated automatically once the solution is published.

My other saving grace is that Time Machine apparently doesn’t have the same security measures placed on its drive as the boot drive on a Mac running the OS. FixMeStick has scanned my Time Machine backup drive and hasn’t found any malware.

The big point that everyone needs to understand, however, is that anyone and everyone can get malware from just about anywhere on the internet. Ad networks are a huge problem. Malware can flow through those and can infect your computer even from a site you know and trust. Products like FixMeStick are helpful ; but you’ve got to be careful, especially right now.

Both Windows 10 and OS X 10.11 El Capitan are new operating systems. Existing anti-malware products may not work correctly on these operating systems as of this writing. They may need some updates.

You may also have issues with anti-malware products that run while your computer is running from its boot drive. It’s very possible that malware on your PC may hide from your scanner – no matter how good it is – and it either may not be detected, or may not be removable.

Unfortunately, this isn’t like the 1990’s. Getting malware today can be devastating and life altering, if not life ruining. Phishing attacks and other data breaches can lead to identity theft, and some of the damage related to it, may be difficult to come back from.

The lessons learned here should be multi-fold:

  1. Mind where you surf
  2. Have some kind of malware scanner running, regardless of platform, and keep its definitions current
  3. Invest in some sort of offline, self-booting anti-malware solution so that stubborn threats can be removed without being activated

Related Posts:

Keep your computer malware free with Avira Free Antivirus

Keep your computer malware free with this platform independent scanning utility.


Keeping your PC free of malware – either a virus or something that invades your privacy and steals your personal information – is a difficult job. The amount of malware on the internet today is staggering. Its difficult to go anywhere or do anything without putting you, your information and your bank and credit accounts at risk. This is one of the reasons why I really suggest using some kind of malware scanner with your computer.  Its becoming a must have; and applications like Avira Free Antivirus are a good candidate for bringing safety and reliability to your computing experience.

Avira Free Antivirus offers effective protection against computer viruses on a single PC or Mac workstation. The app detects and removes more than 50,000 viruses.  An Internet-Update Wizard updates both app and virus definitions. Avira’s built in resident Virus Guard monitors file movements automatically, for example, when downloading content from the internet. Heuristic scanning also provides Protection against previously unknown macro viruses.

Avira Free Antivirus runs silently in the background while stopping Internet attacks before they infect your computer. Its lightweight footprint means you’ll never have to choose between security and performance.  The app analyzes any file the system accesses and is completely configurable for on-demand searches for known viruses and malware when you suspect something isn’t quite right.

When the app does find something that it doesn’t like, the file is immediately quarantined, and offers you one-click repairs, if possible.  Avira Antivirus also has an integrated scheduler that will automate recurring tasks, like updates or scans to help insure that your computer stays bug free.

I’ve been a serious computer user since 1995. Throughout the years, I’ve had maybe, one or two serious malware infections.  I mean, who hasn’t been bitten at least once?  Most often the best course of action is to recover what you can and then blow your system and start over.  That… however can be problematic for many. Not everyone has the time, patience or skill to do that all the time.

When you don’t, its good to have tools like Avira Antivirus.  I use both Mac and Windows systems for both my day job and my night job.  Its nice to have the same branded solution on both of the platforms that I use. That’s a huge plus.  The biggest issue that you have though is cost.

On the Mac side, where there really isn’t an AV scanner at the OS level, having something on your Mac is a great idea, and important if you frequent sites that are less than on the up and up.  On the Windows side, its getting harder and harder to justify any other malware scanner other than Windows Defender, as it is free, and integrated directly into the OS.  There has been a huge push on both platforms towards unpaid malware solutions since 2009 or so.

This app is great on the Mac side and good on the Windows side as well.  Paying for the app on either platform is a bit pricey.  At €30 or $34 USD, its pricey for a paid desktop app. However, the biggest question you have ask yourself is – if I don’t have an antimalware app, is running without one worth saving $35 bucks?  The answer should be, “no;” but only you can answer that. The free version does a good job, and is worth using.



Related Posts:

In-Flight Cellphone Calls to be Banned?

The US DoT is moving towards banning in-flight calls


The use of electronic devices on plane flights has been banned for a number of years, not only in the US, but worldwide. Originally, the thought was that the electro-magnetic radiation or EMR from these devices would interfere with onboard aviation equipment. So the FAA banned their use on flights in the US. Recently, that policy has changed.

Last October, the FAA announced that it would permit the use of all electronic devices during all phases of flight. This meant that you didn’t necessarily have to turn off your iPad or iPod when the doors closed and you had your nose reducing headphones plugged in, turned on and pumping music through your ears during take off. No more crying and screaming children for you!

However, this also meant that you could conceivably spend the entire flight next to Chatty Cathy as she gabbed away on her cell phone at 35,000 feet. However, according to the DoT, the agency is preparing some rules that may prevent just that.

While the FAA hasn’t laid down any new rules, and the DoT hasn’t come out with anything definitive as yet, its clear that the airline carriers are considering making some rules of their own. Your time next to Chatty Cathy may be totally cut off if they get their way, so you may be saved from all of the grief.

As of this writing – 2014-08-11 – I am currently sitting in the O’Hare International Airport waiting on a flight to Pittsburgh, PA for a job interview. I’m flying the Friendly Skies, so United has my business on both legs of this trip. In my opinion, United has been one of the more restrictive carriers with passenger privileges and freedoms in Coach. It will be interesting to see how things go after I get on board.

OK, well, this is already partially implemented…at least on United. They allow use of portable electronic devices at all times on the plane. When the doors close, they tell you smartphones and tablets with cellular have to be put in airplane mode. Wireless headsets are permitted, but no Wi-Fi. The flight I was on didn’t have in-flight Wi-Fi.

I fully expect that despite what the FAA or the DoT implement as rules or guidelines, that the airline carriers will do what they want. They will likely further limit the use of electronic devices on domestic and international flights originating in the US. Despite what the regulatory agencies specify, passengers will be required to follow the rules the carriers lay down. Failure to do so, will get you booted and likely banned (depending on how you behave). Its going to be an interesting time. I will continue to follow the issue and will report back with any new updates.

In the mean time, why don’t you meet me in the discussion area, below and let me know what you think the FAA and DoT should outline in any new regulations? I’d also like to hear what you think the airlines will do, too; so jump in and give me your thoughts!

Related Posts:

iOS 8 Beta 5 – Finally… PROGRESS!

iOS 8 Beta 5 has been released. Let’s take a look to see how (well) things have progressed…



Over the past ten weeks or so, Apple has been releasing betas of iOS 8, their new mobile operating system. I’ve covered the first four betas with some rants that have left me (and I would assume other developers and testers) lamenting. You can read up on how things have progressed here:

Beta releases of iOS 8, to put it politely, have been a train wreck at best. They have been nearly unusable, crashing and causing issues and problems with nearly each and every core, as well as nearly every third party app I have had installed, too. Apple recently released iOS 8 Beta 5. Let’s take a look at how things are going and see if iOS 8 is (finally?) ready for a wider audience as well as some other third party app work by developers worldwide.

I’m also going to touch on a few OS X Yosemite Beta 5 issues, as I bumped into updates on them while looking at iOS 8 Beta 5. So much of what is cool about iOS 8 requires Yosemite and a Mac, that it’s hard to draw the line between the two devices and operating systems… at least when they are close by (and vice-versa)


Installation of iOS 8 Beta 5 was only slightly smoother than previous versions of iOS 8. I did have problems with iTunes Match again (see Music, below), and almost had to blow the device and reinstall, but thankfully, have not… Yet.

There are still a number of know issues with iOS 8 Beta 5, and as always, caution should be used when deciding to install any kind of beta on any mission critical equipment. Generally, it’s not a good idea. For example in Beta 5, updating iCloud settings may appear to hang when you try to change them. The thought is that the device will eventually come back. Try to see if you can wait it out before you kill the app, or perform a hard reset (power + home button until the Apple logo appears), which will clear all settings and reboot the device.

While using Beta 4, I didn’t blow the device and rebuild it from scratch. I toughed it out and made it the entire two weeks. However, during the 2-3 days prior to the release of Beta 5, I REALLY did want to. I didn’t as I knew that I would be doing exactly that for Beta 5 soon. However getting to that release wasn’t a lot of fun (though it was mildly better than with Betas 1 – 3).

The question of stability of iOS 8 Beta 5 is still to be determined.

 Bluetooth and Wi-Fi

According to Apple’s release notes, there aren’t any known issues with Bluetooth in iOS 8 Beta 5. There weren’t any documented issues in Beta 4 either, but it was still a mess. I am pleased to say that things are a bit better here in Beta 5.

BT-LE (Bluetooth Low Energy) seems to be working and communicating with my Pebble Steel smartwatch. However, the Pebble app does seem to be sending some corrupted data, as the watch doesn’t always vibrate at configured intervals and the display often gets corrupted. I haven’t had to hard reset the watch (return it to factory settings), but I’ve wanted to at least once since repairing it with my iPhone 5.

Now, the only issue I need to verify is the secret sauce connection (Continuity and Handoff) my iPhone shares with my MacBook Pro.

Speaking of secret sauce connectivity, little to nothing related to Handoff or connectivity (both relying on Wi-Fi and home network connectivity) worked well for me in the iOS 8 Beta 4 – Yosemite Beta 4/Consumer Preview 1 combination.

There are currently two huge known issues with Handoff

  1. Handoff will not work on systems configured with multiple user accounts.
  2. Handoff icons may not appear in the Dock after using the corresponding app on another device. Trying another Handoff-supported app may resolve this issue.

At this point, Handoff should be considered a work in progress. Though when it does work, it IS pretty cool, especially if you’re using apps that save to documents in iCloud Drive.

 FaceTime, Phone and Contacts

In previous versions of OS X as well as iOS, Apple had a clear line of separation between the Phone app and FaceTime. With Yosemite and iOS 8, that line is SERIOUSLY blurred. This is both good and bad. Now, you have a choice in how you communicate with someone given the type and speed of the network you are connected to. On your Mac, all of your calls regardless of type – FaceTime or cellular – all show up in FaceTime. It looks like it wants to function as the main phone app for your Mac, though you can dial from just about anywhere you can find or see a phone number, Calendar, Contacts and Safari included. In Beta 4 of both OS X and iOS 8, this was nothing more than a total train wreck.

I have no idea if this is because of development issues with Phone on my iPhone 5, with Contacts on either my device or my Mac or with FaceTime on either my iPhone or my Mac. There are too many possible integration points for me as a tester (without direct access to design docs, code and/ or developer resources) to determine. I’m going to have to give this a shot when I get a moment back at the house.

Besides the “progress” made, above, Apple has also fixed the ability for users to use FaceTime in landscape orientations on your iDevice. In earlier betas, this didn’t work. It does now, in Beta 5. Fixed – at least somewhat – is also the ability to determine which number to specify as a Favorite, though the Favorite chooser in Phone. Favorites now provides a contact method picker, but force quits the Phone app when a contact method is chosen. We’re close, but no kewpie doll yet. Unless Apple has gotten the iPhone integration working correctly with both Beta 5 releases of iOS 8 and Yosemite, it’s going to be a very long beta period for both operating systems.

UPDATE: While this article was being written, a new <a href=”—report”>rumor was breaking</a> regarding a reported Apple media even scheduled for 2014-09-09. <a href=””>Re/code</a> is reporting that both new iPhone 6 devices – the 4.7″ and the 5.5″ iDevices – will be announced with a projected order rate of 80M units. It is not known if the iWatch will be announced at the same event or not. However, you can expect new iPad Air and iPad mini with Retina models to be announced with TouchID sensors.

UPDATE 2: The integration between iPhone with iOS 8 Beta 5 and OS X Yosemite Beta 5 is MUCH better than in the Beta 4 release of both operating systems. Previously, while a call could be established by your Mac through you iPhone, no audio would come across. In short, the feature was only partially implemented and didn’t work.

Now, not only is the connection established, but I was able to use my Mac as a speakerphone as intended without too many call quality issues. There does seem to be a volume issue for the person that you’re talking to. The caller I spoke with initially had trouble hearing me, though the call quality for them did improve over the length of the call.

Provided that audio quality and reliability improves on both sides of the call, I can see where this would be very usable as a way to conduct conference calls in a home office. I have my doubts however, how this kind of feature would work in the enterprise. Unless Apple builds some kind of partnership with, say, Cisco, Avaya or some other VoIP vender where the feature was totally integrated into their server(s), I’m not sure how this would be considered valuable or usable in any kind of corporate setting. The feature (even if mic and volume issues were totally resolved and call quality was continuously in the upper 90th percentile), as currently implemented doesn’t seem well suited for anyone else other than regular consumers or SOHO users.

However, it was really kinda cool to be able to get up away from the computer and still be able to converse with the caller without having to wear a Bluetooth headset. This is an area where I will need to do further testing, however, as its clear that this is a work in progress for Apple as well.

Next Page

Related Posts:

Stay in touch with Soft32 is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Community!

Get the latest software updates directly to your inbox

Find us on Facebook