Free Help from Tech Experts

Geeks To Go is a helpful hub, where thousands of volunteers serve up answers and support. Check out the forums and get free advice from the experts, including malware removal and how-to guides and tutorials. Converse about Windows 10, get system building advice or download files... Go to forums >>

Exchange Server – Chinese Hafnium Hack

If your organization runs Exchange Server with OWA, assume that it was compromised between 02-26-21 and 03-03-21. Exchange Server versions 2013, 2016, and 2019.

  1. Patch ASAP Multiple Security Updates Released for Exchange Server – updated March 8, 2021 – Microsoft Security Response Center
  2. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\
  3. Scan Exchange Server logs with Microsoft’s IOC detection tool: Microsoft IOC Detection Tool for Exchange Server Vulnerabilities | CISA
  4. More technical information to determine if systems are compromised: Mitigate Microsoft Exchange Server Vulnerabilities | CISA

Unfortunately, none of these will remove the threat actors, web shells or backdoor trojans left behind. An estimated 60,000 organizations worldwide have been impacted.

Error Trying to Claim All Access Game Pass Ultimate on Xbox Series X / S

Xbox All Access errorXbox All Access offers free hardware up-front, and Game Pass Ultimate for a 2-year subscription price of $24.99 for Series S, or $34.99 for Series X. Game Pass Ultimate includes xCloud streaming, hundreds of Xbox and PC titles, every Microsoft Studio game, and all of EA Play’s titles. After 2 years you own the hardware, for less than if you purchased it and Game Pass Ultimate separately. All-in-all a pretty great deal!

Unfortunately, there have been some errors when trying to claim Game Pass Ultimate included on the console.

  1. It’s not showing in the settings titled, “Included with this Xbox”:
    • If you’re not seeing the claim now button after setting up your new Xbox, try logging out and logging back in.
    • If that doesn’t work,  restore by pressing Home > Profile & System > System > Console Info > Reset console > Reset and keep my games & apps
    • If it still doesn’t work, the Xbox might have been shipped out without the retailer registering the serial number with Citizens One. Call them at at 1-888-824-3783 with your account number and serial number (Citizens One handles the line of credit for Xbox All Access)
  1. When clicking the Claim Now button, “Try that again – Something happened on our end. Try again later” error occurs. Followed by a long App Error code:
    • The best option for this error is to contact Microsoft phone support. Use these steps:
      • Xbox Status | Xbox Support
      • Click Contact Us button
      • Select Hardware & network, then select I need help setting up my console
      • Chose the option to call back
      • Tell the agent a new X Box Series X with Game Pass Ultimate, gave an error message when clicking on the Claim Now button, “try that again, something happened…”
      • They’ll check your account. You likely already have an active Xbox Live account, and they will have to cancel it to make the new subscription work. Remaining months will be added to the new Game Pass Ultimate subscription.
      • Click Claim Now button again, and Success!
    • You could also wait for your current Xbox Live subscription to expire, then activate the new one on your console (you have 2 years).
    • Or, if you don’t have much time remaining, cancel the active Xbox Live subscription yourself, and then activate the new one.

Enjoy your new Xbox Series X/S and Game Pass Ultimate!

Echo Flex — Maybe the Best Echo You’ve Never Heard (of)

Amazon Echo FlexI’m guessing the Amazon Flex is probably being  returned in large numbers. Which is unfortunate. There’s really nothing wrong with the product, I fact it’s awesome! However, it may not fit the perception of what an Echo device should be.

You may have noticed a not too subtle pun in the title. So, let’s address the Flex’s biggest shortcoming — the speaker. It’s okay for listening to Alexa’s speech. Horrible for music. If your idea of an Echo device is that you’re going to communicate from across the room, listen to some music, and control devices. You’ll be 1/3 happy.

So why buy a Flex with a tin(n)y little speaker? First reason is the price. You can buy one right now on Amazon for $9.99, shipped free with Prime. However, because a good percentage of these are likely being returned, there appears to be an ample supply in the Amazon Warehouse from only $6.99 Amazon.com: Buying Choices: Echo Flex – Plug-in mini smart speaker with Alexa

Second reason, there’s no external adapter. There’s a built-in plug on the back and adapter inside. Which means this Echo can go places others can’t. There’s also a USB-A port on the bottom. Not only could this be used to charge your phone, it could power a Bluetooth speaker.

Read the rest of this entry »

Can’t get an Xbox One Series S/X? Upgrade your old one!

There are plenty of stories about people refreshing their web browser for hours, only to find an anticipated shipment of Xbox One Series S or Series X selling out online in seconds. Easy to understand why when they are selling for twice the price on the secondary market. It and the Sony PS5 are the hottest gifts this season.

We could argue whether you should buy a new generation console at launch. The lack of games, software and hardware bugs, an expected price drop — but that’s for another article. If you’re one of the few lucky enough to get a next generation console, the first thing you’ll probably notice is faster loading times. What if you could get your Xbox One S or X to load games faster? Help ease the pain of having to watch all the videos of lightning fast load times on new consoles.

Read the rest of this entry »

Why I Still Teach Malware Removal

When Microsoft introduced Windows 10, it used the tagline “The most secure Windows ever – and built to stay that way”. In a perfect world, everyone would now be running on Windows 10 and enjoying the enhanced security features that are included. This is real life, however, and that’s not how it works. There are still millions of PCs running Windows XP, four years after Microsoft ended support for the product, and millions more than that running Windows 7. Aryeh Goretsky, a researcher for ESET, states in a white paper that the number of computers “…running Windows XP has stayed about the same over the last few quarters at around 5.5 percent.  While that may not sound like much, it means there may be somewhat over 80 million computers out there still using Windows XP.” ComputerWorld estimates that at the end of 2019, just a year from Windows 7’s retirement, an estimated 47% of Windows computers will still use that OS.

Read the rest of this entry »

Yoast SEO, do you need to be green? Content analysis and importance.

Yoast SEO is not only one of the most popular WordPress plugins, but one of the most popular WordPress plugins overall. One of the reasons WordPress powers a 1/4 of all websites (and growing) is that is has pretty good SEO out-of-the-box. Yoast succeeds in making a good thing better.

If you were just to install the plugin, and forget about it. You’d still see benefit. Yoast rewrites page titles, and creates an XML sitemap for search engines. Beginners often get hung up on Yoast’s mechanism for grading your SEO per post. It works like this. You specify a keyword (only one with the free edition), and then it displays the colors of a stoplight to rank your post; red, yellow and green. It’s tempting to tweak every post until you have all green lights. Like a deserted street at 3am.

Yoast has “live” recommendations, that change with your content. So we can’t cover every recommendation here. Let’s review some of Yoast’s most common content analysis recommendations, and see which are worthy of your time.

Yoast content analysis

Read the rest of this entry »

Beware the Facebook Urban Myths

 

If you have a Facebook account, you’ve probably seen, or shared, at least one urban myth. Maybe it’s this image:

100_shares_heart_transplantOr this:

Today, 12/01/2014 in response to the Facebook guidelines and under articles L.111, 112 and 113 of the code of intellectual property, I declare that my rights are attached to all my personal songs, lyrics, literary excerpts, data, drawings, paintings, photos, texts etc… published on my profile. For commercial use of the foregoing my written consent is required at all times……

Or even this:

I just found out that should you ever be forced to withdraw monies from an ATM machine, you can notify the police by entering your Pin # in reverse. The machine will still give you the monies you requested, but unknown to the robber, etc, the police will be immediately dispatched to help you.
The broadcast stated that this method of calling the police is very seldom used because people don’t know it exist, and it might mean the difference between life and death. Hopefully, none of you will have to use this, but I wanted to pass it along just in case you hadn’t heard of it. Please pass it along to everyone possible.

There is no validity to any of these posts, and none of them are new.  In fact, the third one started circulating in an email as early as 2006, before migrating to Facebook. The first one has been circulating since at least 2010. The Facebook privacy one surfaces in a new form every time Facebook announces changes to its privacy policy. These are just a sample of the many myths that are out there. All of these have been discredited, and the validity can be easily checked. The next time you see a Facebook status like that, stop and think about it. How will sharing a picture 100 times provide a free heart transplant? If entering a PIN backwards would summon police, don’t you think that information might actually be shared by your bank? Who decided stating your rights in a Facebook status would provide any legal protection whatsoever? (For the record, you agree to Facebook’s Terms and Conditions when you create an account. Stating otherwise publicly doesn’t change anything).

While it’s not possible to completely stop these things from circulating, you can become part of the solution. Don’t blindly share or post anything just because everyone else is. It’s possible to quickly check whether a post is valid or not. I use Snopes.com to check these items out. For example, here’s the Snopes link debunking the backwards ATM  PIN myth. If the story isn’t true, don’t spread it. While there’s not necessarily anything malicious about these myths, there’s no point in perpetuating them. Your friends will probably thank you for having a little less clutter in their feed, too.

Robots, Humans and the Future of Jobs

Robots are fact and no longer science fiction. Robotics technology we have in development NOW is going to greatly impact our jobs and economy. This issue is creeping up on us quickly, but experts are split on their opinions about how it will affect jobs. Historically, new technology created new jobs to replace those it displaced, but this time it might be very different. All the rules go out the window when technological acceleration reaches a certain point.

If you haven’t seen this video, it’s worth 15 minutes of your time:

And if you’re really interested, here’s a longer read from the Pew Research Institute: AI, Robotics, and the Future of Jobs [pdf]

Can robots and artificial intelligence replace your job?

Heartbleed–Things you should know and what you can do about it

 

What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

XP End of Support Popup Notifications Start March 8th (tomorrow)

Windows XP End of Support is on April 8th, 2014. Click Here to learn more.

Don’t show this message again

xp-popup

Microsoft is ending support for Windows XP, and it’s about to let every XP user know. On Saturday March 8th, and then the 8th of every month after, XP users will see the popup window shown above (unless they tick don’t show again). Many users may mistake this warning for a fake security alert, often used to trick people into installing malware. But this one is legitimate. Any computer connecting to Windows Update will display it. Most enterprise computers won’t, as they don’t get updates directly from Windows Update.

There are two more patch Tuesday’s left for XP, and then Windows Update will no longer offer updates for what may be the most successful operating system of all time. Many experts are predicting a spike in XP related malware as vulnerabilities go unpatched. Amazingly, XP still has a 29% market share. Not sure if you have XP? There’s a website for that: http://amirunningxp.com/

There is no direct upgrade from XP to Windows 7 or 8. However, Laplink has a free migration tool called PCmover Express that will help transfer files, settings, and profiles. If you want to also transfer programs, there’s a special offer on the professional version ($23.95).

Are you still running Windows XP? Will you be upgrading? What are you going to upgrade to?