Welcome to: Absoblogginlutely! -

KeySmart Extended version makes my keys a lot easier to handle. No comments yet

I received my new Key Smart  extended quite a while back and forgot I hadn’t reviewed it online.

Here is the before mess of all my jumbled keys:-

Mess of Keys

A mess of keys, loyalty cards and stuff that filled my pockets.

and then my after neat and tidy stack of keys and loyalty cards.

Keys and loyalty cards in the Keysmart

Everything in the Keysmart

Comparing the height of the Keysmart.

Comparing the height of the Keysmart.

I did remove about 3 loyalty cards and trimmed the rest of them so they fit nicely in the device and also removed a couple of keychains, but the end result is a lot tidier and much easier on my pocket. I also splurged and got the USB key fob (the larger silver device at the bottom right of the third picture so I always have some data storage handy.  This new version of the keysmart seems to be sturdy with the expansion pins holding up well (too well – I had to use two pliers to pull two apart when I made it too big).  At first I was concerned about how easy it would be to get the required key out, but they rotate very easily (possibly a little too easily) and as long as your keys have distinguishing features you can tell them apart easily. If they don’t – get some permanent markers or nail polish. I kept my work keys on one end at the top and my house keys on the other end at the top so they are the easiest to get to and I know where they are.

Starting at $21 for the extended version I have here you can also get 15% off at getKeysmart.com (affiliate link). Note that I did buy my own KeySmart and also purchased one for Brandi too.

I used to use Keyring on the android for all my loyalty cards but had issues with the lasers being unable to scan the cards on the phone. Nowadays most places also just ask you for your phone number or alternate id, so it is rare that I even use a loyalty card – I think the last time was at the Gas station to get my 3c off at Shell as like most gas stations, it does not have NFC for card payment and no barcode scanner (although the shell one doesn’t even have a barcode anyway.

WordPress 4.6 is out now. No comments yet

I’ve spent most of the day fighting a WordPress install at work as it has been slow and sending various out of memory issues on a 16GB of memory VPS – so should really have enough memory to run a WordPress site. Therefore it was quite a surprise to see that 4.6 was released today for me to spend yet more time in WordPress today.

However, on this personal site, the upgrade went through smoothly with no issues (as far as I know).

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

A laymans guide to malicious files and why you shouldn’t always trust the software. No comments yet

It was an interesting week at work with several malware infections making it through the various av protections that we have in place which proves that end user education should be your primary line of defense in the fight against virus’. It is amazing how often people will click on random emails that have been sent to them with random filenames just because the email arrived in their inbox (or in another mailbox that they happen to have access to), even if it was not addressed to them.

I was lucky enough to get one of these emails through to my corporate mailbox on Tuesday this week, evading detection by McAfee email protection and Forefront on the desktop. (Using another av solution would not have prevented this as you will see later)

Fake looking email

Would you trust this email?

This was obviously some scam with the description of the user not even matching the email address of the user. Being curious, I naturally saved the file to my hard drive and then uploaded it to virustotal. On Tuesday, only 1 of 58 av engines recognised this as a virus – kudos goes to Quihoo-360 for being the sole detector. I must admit that I’ve never even heard of this software and I was very surprised to see that only 1 av vendor recognised the file.

Tuesday morning's virustotal result - only one av picking it up from Quihoo-360

I submitted the file to McAfee for scanning by zipping the file up with 7-zip and password protecting it with the phrase infected and sending it to their response team at virus_research@mcafee.com. Incidentally, McAfee’s instructions for doing this are very outdated as Windows10 no longer has the option to password protect a zip file. McAfee immediately came back saying that their analysis was inconclusive and the file had been submitted for further research.  This was an improvement on the previous sample I had submitted on Friday for a cryptolocker variant that came back as no virus found!

Wednesday morning I uploaded the file to virustotal again to see what the state of detection was.

This time the detection rate was slightly better – 9 products including Sophos that I use at home, but neither of the products in use at the office.

Wednesday morning detection rate

Thursday morning, two days after receiving the virus I received a response back from McAfee that confirmed the file was malicious. They included an extra.dat that would detect the file.

By this time, virustotal was showing 25 out of 53 products detecting the virus so it is getting better. Microsoft’s product was listed as detecting the file, yet Forefront was still passing it through as clean. Although virustotal has the definition date of 7/28, my computer was showing “defs of 7/26, update on 7/27”. Not sure why there is this discrepancy of the definition dates.

Yesterday, my laptop at home still had old definitions as it was not connected to the corporate lan and was still showing the file as clean which is pretty scary.

This morning I downloaded the file to my personal laptop, saving the file with a .txt extension so I would not accidentally open it – something that is easier to do on a touch screen tablet. Interestingly Sophos did not detect anything wrong with the file. Launching the file in notepad, it starts with the letters PK which implies the file is actually a zip file and there are several strings referring to HP printers and Adobe Photoshop.Snipped notepad view of infected file

At this point I’m not going to risk my machine further by opening it with 7zip to see what happens.

However when I copied the file to .zip or to .rtf Sophos did spring into action and quarantine the file. This is really handy as it protects the file from being saved to the machine in an executable form, but also allows you to save the file to the hard drive for further analysis in your debugger of choice.  Other applications will quarantine the file no matter what the extension is, making it harder to retrieve. On the other hand, you now have an infected file on the machine that av is not discovering.

This Sunday morning, I uploaded the file to virustotal again. This time we’re slightly better at 29/54 detections. However, Comodo, Malwarebytes, Panda, SuperAntiSpyware,Symantec, TrendMicro and Vipre (among others) do not detect the file as malicious.

Malware bytes is an interesting discovery as it’s not usually regarded as an av product as it typically protects you from software being installed into suspicious locations such as autorun, startup, browser toolbars etc as opposed to traditional av that scans every file being written or read to the hard drive. However in this case and my recent cryptolocker, MalwareBytes failed to find anything malicious although HitManPro did find the Cryptolocker exe file on the machine (but MalwareBytes and McAfee did not).

The best av is the human kind that recognises a file is suspicious or unexpected and does not open it – although even this kind of av can fail (and some are more prone than others!)

Incidentally, one of my favourite solutions for the Cryptolocker variant, in theory at least, is pretty drastic and requires the permissions of file shares to be changed so that files can be created but they can’t be edited. Users (and software) would be able to write new files to the file share, but any edits to the file would not be allowed unless the changes are written to a new file. This forces users to do Save-As all the time, may break Office documents that insist on modifying the original file, but would stop Cryptolocker from overwriting files on the drive. Obviously this takes up a lot more disk space and would not be suitable for shares holding Autocad documents.

*Please note that this post is not meant to denigrate any one particular av product in particular as I understand that definitions take time to produce but av software that does not detect infections 5 days later should probably be evaluated to see if it is safe for continued use.  I do reserve the right to moderate comments on this post if they are not helpful and just say “Product XYZ is useless”

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Absoblogginlutely (weekly) No comments yet

Posted from Diigo. The rest of my favorite links are here.

Top of page / Subscribe to new Entries (RSS)