Tuesday, October 21, 2014

Setting Microsoft Lync Profile Picture with a picture on OneDrive

Need to set Microsoft Lync Profile Picture to a web address of your own picture easily? Here's how to use an image located in your   OneDrive and set to be your Lync account "My Picture".

Note: Lync profile pics should be 72 px (w)  by 108px (h) and < 30kb.
In OneDrive, right-click on the picture you are interested in adding to your Lync profile picture, and choose 
Embed. (I know example below is a file, same process)

This will bring up the Embed pop-up.
Highlight and copy the embed HTML code. Paste into text editor.

<iframe frameborder="0" height="120" scrolling="no" src="https://onedrive.live.com/embed?cid=8F99649728BEB2F3&resid=8F99649728BEB2F3%212780&authkey=AHGTayWelaWRDMA" width="98"></iframe>
Extract the link, and you will get link look like this:
Replace embed? to download? See link below after replace:
Now you can paste this link into the "Show a picture from a web address" in Lync 2010 or "Show a picture from a website" in Lync 2013 for Windows. Click "Connect to Picture" button will result in connected to picture successfully.

More information at : How to change your Lync profile picture from
Microsoft Support.

Lastly - I developed an app called ASCIIFY app to make ASCII Black and White images from a color photo, if you like the cat. Contact me for the software. This was an attempt to mimic NY Times profile pictures.

Tuesday, October 14, 2014

Microsoft WINDOWS API CODE PACK v1.1 Download

WINDOWS API CODE PACK v1.1 for download 
Surprisingly,  difficult to find, here's the full original Microsoft Windows API Code Pack v1.1  for download with source, binaries and full documentation. You can get the dlls in Nuget but not the doc.



The major changes v1.1 of the Windows API Code Pack includes:
·         Code clean-up
o    Addressed many FxCop violations and PREfast warnings
o    Various spot-fixes  for improved stability
o    Added String localization preparation
·         Bug Fixes within the Code Pack and Samples
·         New Features
o    PropVariant (Re-designed)
o    Thumbnail Handlers
o    Preview Handlers
o    ShellObjectWatcher
·         New Demos and Sample Applications
·         Visual Studio 2010 Compliance
·         xUnit test coverage
·         Signed assemblies

Friday, October 10, 2014

Locking down Adobe Reader to prevent PDF vulnerabilities, as much as possible

Adobe PDF vulnerabilities rising risk - why?

This was primarily due to increased exploitation of vulnerabilities in Adobe Reader and Adobe Acrobat software, as shown in Figure 2 from (http://blogs.technet.com/b/mmpc/archive/2013/04/29/the-rise-in-the-exploitation-of-old-pdf-vulnerabilities.aspx)
Figure 2: Computers affected with exploits for document readers and editors
Win32/Pdfjsc virus was the significant contributor to the rise in 4Q12. It is a family of specially crafted PDF files that exploit Adobe Acrobat (Creator) and Adobe Reader vulnerabilities. 

How you get infected? A brief explanation 

1) Adobe Reader, like many other document applications can be scripted for added functionality. 

In the case of Microsoft Office, adding functionality is added via macros using Visual Basic scripting language and now scripting is turned off by default for new installs. (But this has been a long sore spot for Microsoft, and is one of motivations  of moving Office365 into the cloud which prevents all of this. Open a bad document will infecting the "cloud" (ha-choo-d) and not your local machine). Adobe Reader specifically using Javascript as their "macro" language. Note, this script can run on Mac and Windows, so don't kid your self that Macs are safer.  Also, these scripting vulnerabilities are not limited to two aforementioned companies, they are just the most popular and therefore best paying targets for hackers. OpenOffice uses Basic as their scripting language, Apples' Keynote, Numbers, and Pages use Applescript, and many text editors or IDEs have their own macro language. 

2) Adobe Reader is trusted once installed, so macros can be programmed to bad things in a trusted state

Just the simple act of opening the PDF file could exploit a vulnerability to automatically download malicious code from the internet, and display a decoy PDF file to trick you into believing that nothing wrong has happened. Since Adobe Acrobat, is installed and fully trusted, all the permission have been set in your OS and usually your antivirus and firewall. Moreover, they launch sub-programs that use command line that is trusted to run scripts etc. These downloaded programs "should" be picked-off by the best anti-virus programs, but clearly they are falling behind to the onslaught of these craft payloads.

Again, these donwloaded PDF files contain a JavaScript that executes when the file is opened. The embedded JavaScript may contain malicious instructions, such as commands to download and install other malware. Files detected as Win32/Pdfjsc may arrive in the system when a user visits a compromised or malicious webpage, or opens a malicious PDF email attachment.

Upload questionable PDFs to an online drive

An easy solution is to use   Microsoft OneDrive  or   Google Drive and upload the PDF and open it there! Do this for any questionable PDFs. I would recommend doing that with any questionable document such as Word, PowerPoint, Excel, etc.

If your default browser is  Microsoft Internet Explorer you may have do some work to just download a PDF directly to your hard drive, without opening in default Adobe Reader first. Check out this article: http://stopmalvertising.com/security/adobe-reader-lockdown-saving-pdf-files-in-internet-explorer-9-and-10/all-pages.html to do that and it also works for IE 11 as well. 

Additionally, you can upload to scan for PDF vulnerabilities, see this article, scroll to end.

Good News - Stop PDF's running malicious macros
Here's how to lock down Adobe Reader. The first 2 are essential and set a firewall rule to block Adobe Reader completely.

1) Disable Adobe Reader using Javascript - it's a preference!
    In Adobe Reader choose Edit->Preferences to get the following window

2) Block PDFs Connecting to external sites in Adobe Reader

While in Preference, select Trust Manager and do 
a) Uncheck "Allow opening of non-PDF file attachments with external applications".
b) In Change Settings, check "Block PDF files access to web sites"  

3) Security (Enhanced) setting turn off "Automatically trust site from my Win/Mac OS security zones". this prevents the demonstrated a social engineering attack, which relies on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 

4)  Multimedia Trust (legacy) setting turn off "Allow multimedia operations", this disables Adobe Flash Player and others from being used (another hugely exploited program, someone seeing a patter here with Adobe ?)

5) Online Services setting turn off "Always connect when opening documents enabled for live collaboration"

6) Tracker set to Never

Additional steps to lock down Adobe Reader

1) Add an outbound rule to Adobe Reader in Windows Firewall to block it going to internet. While you are there add an inbound rule as well.

2) Note Microsoft Windows only allows one active firewall at a time,  This means if your anti-virus solution has a firewall it will overrule MS firewall.  Here's how to set a firewall rule in Kapersky

Thursday, October 9, 2014

JQuery Selector Performance by Browser

JQuery Selector Performance by Browser Results (latest browser versions)

FireFox 32 JQuery Selector Performance

Internet Explorer 11.0.12 JQuery Selector Performance

Chrome 37 JQuery Selector Performance

Do your own tests at http://jsperf.com/id-vs-class-vs-tag-selectors/2. Thanks Scott Kosman

Wednesday, October 1, 2014

Winner - Microsoft Most Valuable Professional, Windows Expert-IT Pro

Hey cats, your friendly neighborhood spider IT-man, is the recipient of Microsoft Most Valuable Professional Award in the area of Windows Expert-IT Pro today.
Who is this caped crusader? See profile here.

I was 1 of 1031 pros out of pool of ~100M techs, awarded an MVP world-wide today. Official press release here

                      MVP Program details here.

In honor of winning an MVP award, here's a freebie to fellow MVPers.
A Powershell script to c
reate a MVP Metro tile to link to Yammer or MVP site.

Wednesday, September 3, 2014

iStopCloud App - Stop nude photos syncing to the iCloud

Get the only application that will Stop iCloud-Hacking of Naked Photos of Yourself from your Windows desktop 

Prevent the iCloud hack that leaked nude photos of top celebrities including Kate Upton, Jennifer Lawrence, Kaley Cuoco, Leaha Michelle and Selena Gomez, to name a few using iStopCloud (http://www.dailymail.co.uk/news/article-2739215/Jennifer-Lawrence-victim-hacker-leaks-slew-graphic-nude-photos-Oscar-winning-actress.html

Easily start and stop iCloud programs and services.
Get iStopCloud App @ http://istopcloud.blogspot.com

Get iStopCloud App @ http://istopcloud.blogspot.com/

Here's a list of Apple processes registered by Kapersky's Firewall, some of which runs in the background and IStopCloud app prevents.

Friday, July 11, 2014

Complex Math Calculator with Seperate Measurement/Units Conversion Tool

    Microsoft Mathematics provides a set of mathematical tools that help students get school work done quickly and easily. With Microsoft Mathematics, students can learn to solve equations step-by-step while gaining a better understanding of fundamental concepts in pre-algebra, algebra (matrix math), trigonometry, physics, chemistry, and calculus. Any college or university student will find this calculator extremely helpful.

    You can download this amazing tool for free from Microsoft here.

    Bonus tools, include a handy unit converter, which may seem redundant given online calculators, but if you pin this (C:\Program Files\Microsoft Mathematics\ConversionTool.exe) to Start, you'll know it's accurate and virus free. 

    The Formulas and Equations yields a plethora of equations and constants.