Tag: featured

What to do when you can't delete a program in Windows
Little TipsMalwareWindows 10 TipsWindows PCWindows Server Tips

How To Manually Uninstall a Stubborn Service in Windows?

There are programs that are not easy to uninstall. Sometimes you can easily uninstall the said programs only to find out that they left a trail of files in C:\Program Files\ or C:\Program Files (86)\ that you then try to manually delete.

If all goes away and leaves your computer alone, great! You do not need this article. This article is for times when the program just won’t go away and reports that there is another system using it or another user currently running the program. If there is no user that you know of and there are not programs you are aware of that are still running the unwanted application:

  1. Try to kill the process in the Applications tab of your Windows Task Manager.
  2. If the problem persists, Check your Services tab of the Windows Task Manager and look for the name of the unwanted application or for anything related to it.
  3. If the application you are uninstalling had a server component, you will find it in the list of Services. (Hint: Sort the list by Name instead of PID you can at least identify the program by name.)
  4. Once you find the problematic service. Right mouse click on it to Stop the service and then try to delete the folder or application you had a hard time deleting.
  5. If that still does not let you remove it, then go ahead and run an elevated command prompt to run sc.exe
  6. The command  sc.exe delete <service name> should help you completely remove or delete the service, where <service name> is the name of the service itself as you see it in the service management console, not of the exe.
  7. Finally try to delete the folder you were attempting to delete from C:\Program Files\ or wherever you had installed the application.
  8. If all none of the above solves the problem, there are certainly other methods out here. Let us know what did the trick for you by commenting below. (Pro Tip: Consider bringing in some of the big guns like the Process Explorer from Microsoft’s SysInternals Utilities).
Advertisements
macbookOS XSecurityUncategorized

When Was The Password Last Changed On This Mac?

In one more of these wonderful scripts that can do crazy things,  philastokes from APPLEWRITERHELPER, has handed you the keys to the kingdom. With this simple script, you can find our the last time the passwords for a set number of users was changed on a Mac running OS. And that right from your Terminal.

Sometimes it can be useful to know when the user’s password was last changed. For example, you might want to enforce a policy of having users (or yourself!) change login passwords after a given period. Alternatively, if you or one of your users is experiencing login difficulties, you might want to check that the password […]

#one liner command line to get last password set times for all users on the mac

# see http://applehelpwriter.com/2018/03/14/6228
echo; echo Password Last Changed:; u=$(dscl . list /Users | egrep -v ‘^_|daemon|nobody’); for i in $u; do printf \\n$i\\t; currentUser=$i;t=$(dscl . read /Users/”$currentUser” | grep -A1 passwordLastSetTime | grep real | awk -F’real>|</real’ ‘{print $2}’); date -j -f %s “$t” 2> /dev/null; done

via how to find when the login password was last changed —

Local Session Manager
Little TipsNetworkingRDS - Remote Desktop ConnectionWindows Server Tips

How To Find Out All Remote Desktop Logon Sessions That Took Place On Windows Server 2012 R2

The first time I used these logs is when I was running an audit to figure out whether a specific user has recently accessed my server using Remote Desktop Connection.

In order to identify who has recently had a full session remotely running on your server, you: look at the events located at these two places:

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – Local SessionManager > Operational

and

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – RemoteConnectionManager > Operational

To have any events logged in here, you have to at least have these things in place:

  • You must be running the Windows Feature AppServer (Terminal Services Application Server)
  • The specified logs must be enabled.

With these conditions in place, these logs show give you the user names and computer names of all Remote Desktop sessions that have taken place between your computer and other client devices for a certain duration of time. Of course the length of the log depends on the properties you have set for the logs (e.g. Enabled logging, Maximum log size, what to do when maximum event log size is reached, etc.).

Please note that these logs can also be used to diagnose and troubleshoot RDS sessions that disconnect in an apparently random way.

One other place you can check is your Event Viewer > Windows Logs > Security which should have audit log of successful and failed logons if you had activated the “Audit logon events” in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy snap-in.

Finally, a rather simple way you can go about it is by using the command line as an administrator and typing the following command (more about it at the Windows Command Line reference below):

net user  username | findstr /B /C:"Last logon"

Do you know of any other ways to achieve this audit? Please let us know in the comment section.

Some other useful resources include:

Sitemap Illustration
GoogleLittle TipsSEOWeb DevelopmentWordPress

How to Refresh My Sitemap for Google Search Console to Find It?

Is Google Search Console failing to retrieve your website’s sitemap? It is possible that you need to refresh your permalinks.

To do that:

  1. Go to your /wp-admin page.
  2. Go to the “Settings” menu and click on Permalinks.
  3. Once on the permalinks page, without altering anything, click on “Save Changes.”

Give it some time and then go test yoursite.com/sitemap.xml and see if Google is finally picking something up.

You can find some more ideas here:

Wi-Fi Protected Access II (WPA2) Vulnerability Paper
AntivirusMalwareModemsNetworkingRouters

Wi-Fi Protected Access II (WPA2) Vulnerability – All Your Wi-Fi Devices Might Need A Security Patch

UPDATE3: On a website dedicated to the “Key Reinstallation Attacks,” https://www.krackattacks.com/, the researcher who brought attention to this vulnerability describes what it is, presents a demo of the attack against an Android device as client, and suggests practical steps in a rich Q&A article.

UPDATE2: More companies have updates available. Microsoft also has released an update for client devices. (Source: Pileum Corporation)

If you have a Meraki access point, they have released a patch to address this issue. See below link for more information.
If you have an Aerohive access point, they have released a patch to address this issue. See below link.
SonicWALL has announced that their firewalls and access points are not vulnerable to the flaws in WPA2.
Cisco has released patches for some of their products that are affected. You can check for those products and updates as they are released here:
Microsoft has released a patch that provides additional protection on the client workstation. We recommend that this be installed on all workstations immediately.

UPDATE1: Several Wi-Fi AP manufacturers have started developing and releasing Updates. Please check the CERT website below for updates. One of the most recent ones is Meraki access point.

In a research paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA,” Leuven, Belgium researchers Mathy Vanhoef and Frank Piessens just proved that WPA2 handshake traffic can be manipulated to induce nonce and session key reuse. Here is an overview of the announcement from CERT:

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

The simplest solution is to install updates provided by your Wi-Fi device vendor.

More on this here:

Little TipsWeb Development

Simple Text Editor Right in Your Browser

What do you do with those little ideas that sometimes light up in your head but you have no notepad ready to jot them down? Well, you just open a new tab on your web browser and type:

data:text/html, <html contenteditable>

And there you go! You just transformed your web browser (most modern browsers with HTML5 should do it) into a notepad. Well, not really, but kinda. You actually just took advantage of the Data URI scheme (defined in RFC 2397) that allows to include data in-line in web pages.

Wanna Shave the File?

The most basic way of using this feature would be for quick ideas or links or other types of notes you do not intent to save. But if save you must, go ahead and Ctrl (or command) + S the web page, which will then be save as a… well, web page, not a text document. Oh, I also meant “save” the file, not shave. You know what I mean!

Where Does It Work?

Since you are still here reading all this, you probably are wondering already if this will work in your browser. We tested the feature in Chrome Version 50.0.2661.94 (64-bit), Safari Version 9.1, and Firefox 45.0.2. Everyone worked just fine. Please see screenshot for proof.

data text html contenteditable

Web DevelopmentWordPress

Your WP Site Is “Briefly unavailable for scheduled maintenance”

So there you are staring at your WordPress site or admin page wondering what just happened. “This is going to auto-update in just a minute and all will be back to normal,” you tell yourself, but nothing happens. Well, I suppose it is time for the quickest fix of all times for a problem of this size.toolbox-closed-for-maintenance

It turns out that this is a classic of WordPress since Version 2.7. During an automatic update of your WordPress site, WordPress places a file named .maintenance in your blog base folder. For as long as that file will be there, visitors to your site will see the message “Briefly unavailable for scheduled maintenance. Check back in a minute.

To bring your site back to usual business, just delete the .maintenance file either by FTP into the the folder that contains the wp-admin folder or by way of your hosting site.

Before I let you go, let me tell you about some people who have gotten really mad over this issue. They could not find the .maintenance folder because the file is actually hidden from Linux/Unix users since it starts with a dot. So, please make sure your set your File Manager or FTP client to show you hidden files. You can read the discussions here and here. Some of them address the question of where the file is actually located.

Important: Please remember verify that the update has been completed. Otherwise, try again.

That’s it for now, folks!

Source: The Maintenance FAQ at Codex.WordPress.org