To create the app password you’ll have to go into your security info page here >> https://mysignins.microsoft.com/security-info

Using this new app password, I was able to automatically discover and add the account to Thunderbird.  However when I tried to send an email, it kept saying

And finally gave me a “Failed due to unexpected error 80004005” after I hit Cancel

Problem was “Authenticated SMTP” was not checked off:

This setting can be found by:

1. Open the  Microsoft 365 admin center
2. From the left navigation menu, go down to Users >> Active Users
3. Select the user to open their settings
4. Open the Mail Tab and select “Manage email apps“
5. Check off the “Authenticated SMTP“, then Save.

Thunderbird was able to send afterwards.

There is an an organization-wide setting to disable (or enable) the Authenticated SMTP.

Microsoft doesn’t recommend enabling.

Details: In the policy, updated April 1, the ACLU says that it may share personal information “with communications platforms, such as Facebook and Mother Jones,” and “may also share ACLU supporter information with organizations that display our advertisements or petitions to their subscribers.”

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

I hate Facebook.

Photo by Brady Rogers on Unsplash

Here is another “PayPal” email. This one purports to be “looking out” for me.

1. All the links in the email (including the “change your password” and “Help & Contact” lead to https://vk.cc/azxnUK.
2. Also note the actual email address (“closerdesign.co”), that has nothing to do with PayPal.
3. Notice how they try to get you by providing a link to “change your password” if this wasn’t you. Of course it wasn’t you, so they are trying to get you to click on the link and give up your credentials.
4. I love the “PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name” message. That in itself says this is fraud since it does not contain my full name.

When I look the URL up the “https://vk.cc/azxnUK” address using VirusTotal and Wheregoes which is a tool for tracking the redirection path of URLs, the VirusTotal marks the url as malicious and phishing.

At first glance, the email looks legitimate.  It comes with the official PayPal logo, has the same format as a typical email from PayPal. Also cites a legitimate merchant in storesupply.com. If you don’t have a PayPal account or haven’t recently purchased anything using PayPal, you would be more than concerned. However, if you look closely, there are several clues which prove this email is a scam.

1. Look at the From Address.  The email says it’s coming from “service@intl.paypal.com“. But if you look at the actual address within the < > brackets, it shows the email coming from another domain which clearly has nothing to do with PayPal.
2. If this transaction is something you don’t recognize, you would probably be inclined to immediately click on the Dispute this Transaction button, especially if you read the implicit threat of having only 24hrs to “DISPUTE” it. But without clicking on the button, and just hovering over it, you can see in the below address bar the address that the button will take you to. Again, it’s not PayPal.

I will be posting others as I receive them.

Anker PowerCore ($19.99)

It’s a 3350mAh portable charger (“Lipstick-Sized”) that will fit in your pocket and provide you with about 2 charges.  I got this for my wife as well a while back since she is always on the go with work and often times does not have a place to plug in and charge. This has been working well even after 3 years.

Along with that I got this mini iPhone Lightening Cable (2-Pack $14.99) because I hate having a tangled mess with me, especially in my pocket:

Since I’ve been working from home often, I’ve had my laptop closed and connected to external monitors, one of which actually hangs off of this solid non-Anker Diamond Display Adapter ($44.36):

It connects to the laptop via USB, while the main monitor connects directly using an HDMI cable to the laptop, which leads me to my next Anker device:

Anker 7-Port USB 3.0 Data Hub with 36W Power Adapter ($35.99)

You’re going to need to connect all of your peripherals (Keyboard, Mouse, Monitors, Printers, Webcam, Mic), most likely via USB, so you will need some extra ports. The USB Hub works well, also has a charging port so you can connect your phone to it to charge.

Finally, if you’re a cheapskate like me who doesn’t want to shell out for Airpods but still wants the bluetooth wireless earbuds, these are my go to:

Anker Soundcore Life P2 True Wireless Earbuds ($49.99)

These work extremely well, sound great, don’t fall out, and consistently connect with my phone as soon as I take them out of the charging/holding case.

All of these items I’ve had for more than a year, and have put them through good use. They are still going strong which is a testament to the quality products Anker puts out.

To work around this vulnerability, make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet that’s allowed:

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters 

Value: TcpReceivePacketSize

Type: DWORD 

Value data: 0xFF00

Notes

• The default (also maximum) Value data = 0xFFFF.
• The recommended Value data = 0xFF00 (255 bytes less than the maximum).
• You must restart the DNS Service for the registry change to take effect. To do this, run the following command at an elevated command prompt:

net stop dns && net start dns

After the workaround is implemented, a Windows DNS server will be unable to resolve DNS names for its clients if the DNS response from the upstream server is larger than 65,280 bytes.

https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

With this COVID19 running rampant, and more people working from home, your work IT support folks may not be readily available to answer your technical questions. Or, you may be a freelancer, self-employed, and you need to be your own IT support, solving your own problems. It’s in times like these when scammers easily find their victims. So one of the most important things you as a computer user can do, from a security perspective, is to safeguard your username and password to everything.

Many businesses (including the company I work for) have transitioned from using software applications locally installed on a computer to using web-based applications such as GSuite ( Google Docs, Sheets, Gmail, Hangouts) and Office365 (Excel, Word, PowerPoint, Outlook, and Teams). All of my calls with colleagues nowadays are through Microsoft Teams. Most of my chats are through Google Hangouts. And, as a remote user, web-based applications are easier to access from anywhere. As a developer you may be using Azure, AWS, or Google Cloud. HR and Payroll may be using something like ADP or Quickbooks.

With the prevalence of web-based apps, and more people working from home, along with the usual Facebook, Amazon, or Netflix type of personal accounts, more vectors are being introduced through which scammers can trick you into giving up your personal information. They are getting more ingenious and sophisticated. Take for example the following email:

Office365 is telling me that my password expired and I have to reset it. For the untrained eye, it looks legit. I may be busy at the time I receive this email, working against the clock to meet a deadline for a project, and I can’t afford to be locked out of my account. I panic, and without thinking, I click on the Password Reset button. It takes me to a webpage where I can sign into Microsoft and reset my password:

But what did I actually do? I just gave my username and password to some hacker. If you’re like most people (who don’t want to remember a billion different passwords), you may be using that username and password combination elsewhere, like to access your bank account (or worse, your Netflix account — we get to see what you’ve been binge watching while you’re “working from home”).

The email above is what is called a phishing email. Phishing emails can be crafted to look legitimate, with official company logos (pulled from public company webpages), important sounding headers like ”From: CORPORATE IT HELPDESK”, and big bold letters threatening a loss of account access. Clicking on the Password Reset button took me to a meticulously crafted, legitimate looking, sign-in page. All to give up my credentials to a hacker.

And the hacker doesn’t need 10, 100, or even 1,000 victims. To start, they just need 1 to fall for the scam. Once they have access to my email account, they can see what companies I deal with, maybe reset my banking password by using “Forget my password” link on the company sign-in page. They can see who my contacts are and send them emails pretending to be from me, the CIO, or ”From: CORPORATE IT HELPDESK”, and have my contact give up their personal information. In a large company, you’re bound to get users who unfortunately fall for the scam.

How to Spot a Phishing Email

Let’s take a look at the email above more closely:

• Look at the actual address the email is coming from.

The domain the email is coming from looks like mine, jbnetworkdesign.com, but it has a dash in it. The email you receive may look like it’s coming from within your company, or from your bank (like bankoffamerica.com instead of bankofamerica.com), or even Microsoft (like microsft0365.com or ourlook.com). Look for subtle clues in the From: address section of the email that demonstrates that the email is not legit.

• Hover over (Don’t click!) the links or buttons to see the actual address they will take you to.

If you look at where the link or button will take you, it’s often some crazy long url (or a shortened url that’s trying to mask it’s true destination). In either case it would be something unrecognizable.

Here’s another example:

You may get an email claiming to be from Facebook support, saying you need to reset your password. In the email you see a link that says:

Facebook Password Reset

But if you hover over it, you can see it just brings you back to Medium (which in this case is a good thing!). But that’s how the scam works.

Other Types of Phishing

This post originally appeared on Medium – On how to avoid becoming a phishing victim.

Medium Article | Don’t Click On That Link!

Install Guest Additions if it is not already installed:

1 – With Linux Mint running, from the Virtualbox menu, go into Devices > Insert Guest Additions CD image

2 – This should mount the image as a virtual CD. Double-click on the CD to open the folder

3 – Right-click in an empty space of the folder and select Open in Terminal

4 – Install the Virtual Box Guest Additions by running the following command in the Terminal window:

$ sudo ./VBoxLinuxAdditions.run

5 – Reboot your Linux guest

Create Shared Folder in Windows

1 – Identify a folder in Windows that you want to share (or create a new one)

2 – In Virtual Box, go to Devices> Shared Folders> Shared Folders Settings…

3 – Click the Add Shared Folder button

4 – Enter the path to the folder you want share, give it a name, select Auto-Mount, and if necessary Make Permanent

Mount the folder in Mint

1 – Create a folder in Mint that will share files with the host Windows OS. In my example I create a folder on the desktop called Shared. Open a Terminal and enter the following:

$ sudo mkdir ~/Desktop/Shared

2 – Mount the shared folder. In the Terminal window, enter the following:

$ sudo mount -t vboxsf Mint ~/Desktop/Shared

where Mint is the folder we’re sharing in the host Windows OS and Shared is the folder in the guest Linux Mint OS.

At this point you should be able to share files between the host and guest. However, if you reboot the guest, the above mount would need to be redone.  Instead, what I’d like to do is create two shortcuts on the Linux Mint Desktop that I can double-click to mount or unmount the share.

Create Shell Scripts to Mount and Unmount the folders

1 – Open Nemo (or Nautilus, depending on your flavor of Linux) as sudo using Terminal:

$ sudo nemo

2 – Navigate to the /bin folder, right-click and Create an Empty Document and call it MountShared.sh (or call it whatever you want but use the .sh extension)

3 – Double-click the file to open it in a editor, enter the above mount command (shown again below):

$ sudo mount -t vboxsf Mint ~/Desktop/Shared

4 – Save and close the file

5 – Right-click on the MountShared.sh file and select Properties

6 – Under the Permissions tab, check  the Execute option Allow executing file as a program and close

7 – Create another Empty Document in the /bin folder and call it UnMountShared.sh

8 – Double-click this file to open in an editor and enter the following unmount command:

$ sudo umount -t vboxsf Mint ~/Desktop/Shared

9 – Save and close the file

10 – Right-click on the UnMountShared.sh file and select Properties

11 – As above, under the Permissions tab, check  the Execute option Allow executing file as a program and close

Create Desktop Shortcuts for the Shell Scripts

1 – Right-click on an empty space on your Desktop and select Create a new Launcher here…

2 – Name the shortcut. I called it Mount_Shared

3 – For the Command, browse to /bin folder and select the MountShared.sh script you created.

4 – Check the Launch in Terminal?  option and then OK

10 – Repeat the above 9 steps to create the UnMountShared.sh shortcut

Now you should be able to double-click the Desktop shortcuts to mount and unmount your shared folder

Optional – Change Shortcut Icon

1 – Right-click the shortcut your created on the Desktop and select Open With> Other Application, and select Text Editor

2 – In the Text Editor, add the following Icon option and specify the name of the icon file, including the path.  For example,

Icon=/usr/share/icons/Mint-X-Orange/places/128/stock_folder.svg

3 – Save the file, and the icon should change.

That’s it!