When Will Email Providers Quit Blaming Their Users For Security Breaches?

February 23, 2014 –

If you have an email account managed by Yahoo!, (eg. Bellsouth, AT&T, Prodigy, etc.) or AOL, then I bet the majority of you have had to change your password at least once in the last 3 years.  The problem starts when you start getting calls or reply emails from the people in your address book describing strange emails they are receiving from you.

The emails in question either have a virus attached, links to infected websites or spam.  Sometimes they are emails begging your friends for money because “you” are stranded somewhere and have had your wallet stolen.  Whatever the case may be, you now have an email account that has been breached.  I get several calls a month by customers who say, “I have a virus on my computer that is sending email…”  Actually, they are wrong, probably 98% of the time.

In almost all cases, their passwords have been compromised – not by a virus – but by a hacker.  And the hackers haven’t accessed the user’s computer; they have hacked their email provider’s servers directly.  The solution is to simply change your password, but the root issue remains.  The email provider has one or more vulnerabilities and thousands of their customer’s accounts are getting hijacked – all at once.

The biggest problem is the email providers lie to their customers and blame things like weak passwords as the culprit.  Sure a hacker can brute force or guess a weak password, but why would they bother when they can hack authentication servers and get thousands of email accounts all at one time?  Both Yahoo! and AOL have had this problem for years now, with no resolution.  It doesn’t matter if your password is “password” or “Sup3rc@l1fr@G1l1st1c3Xp1@l1D0c10us”, if the hackers get into the server and steal your information, the account will be compromised.

I’m writing this today because I have seen another wave of attacks, specifically with AOL.  I have received multiple emails from different AOL accounts, all hacked within the same 24 hour period.  I’m also seeing a rise in “mom and pop” web and email hosting being targeted by sophisticated overseas hackers.  Yahoo! recently admitted to a breach.  I laughed as they acted like it was the first time.  Of course, they still didn’t take responsibility for the problem, blaming it on a 3rd party vendor.

I wonder how much longer these companies will continue to make up lame excuses to their customers before the truth is finally publicized.  If you have had your email account hijacked, I encourage you to share your story.

Advertisements

iTunes update causing MSVCR80.dll error – SOLVED

I have compiled information that I found on different websites that ultimately allowed me to fix the msvcr80.dll error on both Windows 7 and Windows XP.  I have yet to figure out what underlying issue is common on all the computers getting this error, but one of my hunches is that some computers with old versions of MobileMe may run into a problem when iTunes tries to update itself.

Using system restore made no difference with the existing issue.  A simple reinstall from download didn’t either.  Note that I always disable the antivirus during installs and uninstalls with programs of this complexity.    The best advice I found wasn’t on Apple’s forums, it was by a guy named Tim Fisher at http://pcsupport.about.com/od/findbyerrormessage/a/msvcr80-dll-not-found-missing-error.htm.  I followed his instructions:

“Uninstall from Windows the following programs in this order: iTunes, Apple Software Update, Apple Mobile Device Support, Bonjour, Apple Application Support, iCloud, and finally MobileMe.”  On Windows 7, I ran into a problem when I got to Apple Mobile Device Support.  Whether I tried to uninstall or change (and then uninstall), it would always roll back on me and fail.

A forum suggestion recommended getting the Microsoft uninstall Fixit utility, found at http://support.microsoft.com/mats/Program_Install_and_Uninstall.  I launched this utility and selected the Apple Mobile Device Support to be uninstalled and let the utility start.  This program ran and ran and ran.  I was beginning to wonder if it was doing anything, and started monitoring it in task manager.  At times, it would utilize over 7GB or physical memory on a computer that had 8GB with CPU utilization over 25%.

I finally got tired of waiting and went to the control panel while the Fixit utility continued to run.  I clicked on Apple Mobile Device Support and attempted to uninstall again.  This time it reported that it had already been uninstalled and the entry was removed from the program list.  I took this as a good sign.  I continued uninstalling the programs in the order recommended, all while the Fixit utility continued to run in the background.  I know that might have been a gamble, but I didn’t have all day to see if it would finish.

After everything else was uninstalled, I rebooted the computer and downloaded iTunes again and proceeded to do the clean install.  I prayed to the gods of Zeros and Ones when it got to the point where it needed to start services.  You may have noted that this is where reinstall previously went south.  Voilà! Success.

I hope the above information helps someone, especially if they run into a few hiccups like I did.  Good luck.

Install Failed – OS X could not be installed on your computer. The OS X upgrade couldn’t be started because the disk Macintosh HD is damaged and can’t be repaird. SOLVED

Mavericks upgrade failureLet me start by saying DON’T replace your hard drive until you read this.  Here is my story:

Just another routine upgrade on a customer’s computer; or so it seemed.  I have upgraded many Mac computers.  It is usually one of the most mundane tasks. I noticed the customer had a stalled Mavericks upgrade download that would not unpause.  I rebooted, and was able to resume the download.  When the install started, it asked for Admin password.  There was no password, so I just clicked OK, which worked for all other installs.  The password box continued to pop up, so I went to user and groups in preferences and created a temporary password; the Mavericks upgrade accepted the new password and continued, prompting for restart.  It was all downhill from there.

After rebooting, the install resumed and within a few seconds, got the “Install Failed”.  I followed the recommendation and ran disk utility from the current Mountain Lion recovery partition.  Verification immediately reported errors and recommended repairing.  Unfortunately repair didn’t work and stated it couldn’t be repaired.

If you don’t feel like reading the whole story, here’s the short version:

  1. Boot in recovery mode and install Original OS to External Drive.
  2. Tell the install to transfer data from other drive which will copy from “bad” internal drive.
  3. Use disk utility to delete partition on internal drive.
  4. Used Super Duper to clone external drive to internal drive.

I found it hard to believe that the drive suddenly had unrepairable errors given the computer was running flawlessly on Mountain Lion immediately before the restart.  I was convinced Mavericks had hosed the file system.  Searching the web, the advice was to replace the hard drive – that it was bad, blah blah blah.  I didn’t accept that as true  and was determined to get the data off the drive, and prove the disk was fine by erasing the partition and installing back on the same drive.

My theory was correct.  I connected an external hard drive to the iMac and used the recovery partition to download and install Mountain Lion to it.  When the installation was successful and offered to transfer data, I chose “from disk”.  And what do you know?  I was able to migrate the data and settings from the Macintosh HD.  Interesting, considering the disk was supposed to be bad and unrepairable.

After successfully transferring all the customer data and successfully booting, I launched disk utility and erased the Macintosh HD.  I downloaded the free Super Duper Mac cloning software on the external drive and cloned back to the internal.  I can’t say enough about this piece of free software.  It just works!  Once this tasks was completed, I simply removed the external drive and booted normally.  Just for confirmation, I verified the disk and it checked out OK.

Suspecting, that the first (interrupted and then resumed) download of Mavericks was corrupt, I deleted it and downloaded a fresh Mavericks package.  After downloading Mavericks again, it updated perfectly.  My conclusion:  Don’t listen to people telling you need a new hard drive if your Mavericks (or future upgrades) fail and report hard drive problems. The chances of going from a perfectly running system to a hard drive crash after reboot is very slight.   Follow the above steps and you will probably be up and running in no time.