Wednesday, September 10, 2014

Please, please, please turn on Two Factor Authentication for all your Cloud accounts

Jack doesn't even need to explain why I am saying this with all the news about the "Cloud" (which is really just someone else's servers, but that's another discussion) not being secure.

Why is it not secure?

1. Poor, easily guessed passwords that are used everywhere.
2. Poor, easily researched security questions.
3. Not enabling two-factor authentication.
4. See #3, #2, and #1

So....make sure none of your security questions can be answered by researching your social media posts, and then go to the places listed below (and this is not a complete list) and enable two factor authentication. Have different passwords for your social media sites and your e-mail account. Never use your e-mail password anywhere else but that one account. Don't use your social media password or e-mail password at your bank's website.

Apple ID:

How do I set up two-step verification?
  1. Go to My Apple ID.
  2. Select Manage your Apple ID and sign in.
  3. Select Password and Security.
  4. Under Two-Step Verification, select Get Started and follow the onscreen instructions.


Just click here to setup 2-factor for your Google account - this includes Gmail, Google+, Picasa, and all those Google sites that might have photos.


Instructions can be found here. Dropbox is often integrated with Android phones and auto-backs up your photos.


If you use Samsung or ASUS backup on your mobile device, do it there also, if it is not available, encrypt the files there.

Got it? Good.


Monday, September 01, 2014

"Forest of the Dead" musings.

It is Labor Day weekend 2014 in which I have decided to continue on my Doctor Who marathon to where I reach "The Stolen Earth". Right now I am on the "Forest of the Dead" two-part series with the 10th Doctor and I am enjoying meeting River Song for the "first" time.

This command line appears on the screen while the Doctor is investigating the computer:


//-rpr 0; with%20link

So, rpr is either a Cisco iOS command (not likely) or more likely a CGI "thingy":

Which makes much more sense considering Doctor Who would absolutely use some sort of CGI softare. %20 is the symbol for a 'space' - which one never uses the actual ' ' in proper programming or command so as to avoid the use of quotation marks (") improperly.

Also, the semi-colon in *nix is a way to execute multiple commands in a certain order.

"The Library" stored people on "the largest hard drive ever". So I am guessing this is the command line to store "people", with a specific link in CGI to the "nothing" (0)?

So what is "kz" and why is it redirected to be stored or send to ndataextract1.

Inquiring minds want to know.

Mind blown.

Tuesday, March 18, 2014

Run Windows OpenVPN as a service for Users that aren't Administrators - Untangle

I needed to run the OpenVPN-GUI for users that weren't Administrators of their local computers to connect to an Untangle 10 server. It took me forever to find the solution, which is to run the Windows OpenVPN client as a service, but I couldn't because the of the following error:

"Windows could not start the OpenVPN Service service on Local Computer. Error 2: The system cannot find the file specified."

This is how you fix it (some of this is from different OpenVPN FAQs and How-To articles that I didn't write):

Go to START > Control Panel > Administrative Tools > Services
Right click on OpenVPN and select Properties
Change Start-up Type to Automatic
Click on the "Log On" tab, and select "This Account" and enter the username and password of a local account with Administrator privileges.
That account will be granted "Log On as a Service" rights.
Click OK
Close the Services window
Close the Administrative Tools window
Close Control Panel

Modify the Registry (64-bit Windows Only. This is not necessary on 32-bit Windows)

Go to Start > Run > Regedit (or Windows-R Keys)
Follow path down to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wow6432Node\
Locate the entry for "OpenVPN-GUI"
Modify the following registry value to be 1 (instead of 0): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wow6432Node\OpenVPN-GUI\allow_service
Follow path down to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wow6432Node\
Locate the entry for "OpenVPN"
Right Click and Choose "export" and save it as openvpnold.reg
Exit RegEdit
Right Click on openvpnold.reg and choose "edit"


Save it as openvpnnew.reg
Exit the Editor.

[The above is no longer necessary, but it is included in case you are using an older version of Untangle]

Double-click on openvpnnew.reg and allow it to be imported.

When the machine restarts,the user will automatically be connected to any VPN site with an .opvn file in the /config directory of OpenVPN (C:\Program Files....). There will be no more OpenVPN icon on the system. If a user needs to reconnect, they will have to either reboot, or restart the OpenVPN service if they have that right.

The right to restart a service can be granted by downloading SubInACL.exe from and running:

"C:\Program Files\Windows Resource Kits\Tools\subinacl" /service "OpenVPN Service" /grant=<username>=TO where <username> is the non-admin account username. You may have to change C:\Program Files (x86) depending on your Operating System.

Apparently, this is fixed in the latest build ( for 10.1 - Build: 10.1.0~svn20140228r37310release10.1-1squeeze) of the OpenVPN Untangle client, but you have to uninstall and remove all registry entries by hand as the Uninstaller doesn't remove them all. Then redistribute the client and reinstall.