Head’s up: We will be closed from tonight until Monday, in observance of hunting season! Feel free to leave a voicemail/email, and we will return it Monday evening.
For anyone who is interested, I have put together a bulletin board called “Spokane People”, and I welcome everyone in Spokane to use it as an open forum to post whatever you would like to that involves your neighborhood. I have added a section for each neighborhood in Spokane, so everyone can have their own area to use. 100% free, and less restrictive than other social media platforms. You could think of it as a hybrid between Facebook, NextDoor, and CraigsList, with a clean design that looks as good on a computer as it does a smartphone. There’s also sections specifically for Buy/Sell/Trade/ISO posts, Free Business Listings, and Upcoming Community Events. Check it out at https://spokane.booksnbytes.net/
Sometimes, we all have one of those “how did this happen?!?” moments, as we watch our mouse go shooting across the screen, deleting all of your files. You panic, and call your local computer technician, to ask what to do about it. A Trojan, worm, or human (a taller version of a worm) has taken over your computer. You’ve been hacked. You shut it off, and wait for your technician to show up. While you wait, here’s a list of the things of what they should have already told you on what to do if your computer has been compromised, and what you’ll probably be paying for.
From a technology perspective:
Turn off your device immediately
Have you been hacked or lost control of your computer? Simply turn it off. An off computer cannot be controlled, as there is nothing to control at that point. This is the fastest way to stop an ongoing attack and avoid a follow-up attack. In the event that you were compromised by a Trojan or worm, this will prevent it from causing any more damage than it already has. Once you have made sure that the device is off, contact a computer technician immediately to inspect and cleanup your computer. If you don’t have it sanitized before you start using it again, there is a very good chance that a Trojan or worm that has been installed on it will just turn on again, and continue wreaking havoc. They also tend to open up a bunch of holes in your computer, which makes it easier for hackers to gain access to your computer again.
Using another device, change your passwords
Since the device that was compromised is turned off, you will want to use another computer or device to get online and start changing your passwords. Not just the important ones, ALL of them. If you do any online banking, make sure to change your password for your bank’s website first to avoid anyone getting access to your accounts. Next, take care of your email account(s). Your email account is the gateway to almost all of your online accounts, so anyone with access to that could simply use the Forgot Password buttons on other websites to reset your passwords. Honestly, it wouldn’t hurt to handle your email accounts first, since they could still be used to change the password on your bank accounts. Next, make sure to log in to all of your social media accounts and do the same. Keep working through your list of online accounts until you have changed the passwords for everything.
When changing your passwords, make sure you follow these rules. They are common rules for all passwords, so they apply any time you ever create or change a password. These are just a few of hundreds of password tips. For more thoughts on password security, try Googling “password rules”.
- Use a strong password. “password” is NOT strong. Most websites these days make you use a secure password. You want it to be an absolute minimum of 8 characters in length (10 is better, the more the merrier), and use a combination of uppercase and lowercase letters, numbers, and symbols.
- Don’t use a modified version of the password you are changing. If you only change one or two characters in your old password, you are not really helping yourself out. While this will trick most automated hacking tools for a while, a true hacker will be able to figure out what you changed pretty quickly. If you make it easy for yourself, you’re making it easy for them too.
- Names, birthdays, anniversaries, and “password” all make horrible passwords, don’t use them. IF you are going to break this rule, use a combination of them.
- Don’t ever use the same password twice. If the password for your email account is the same as your bank account and Facebook page, you are going to be in a lot of trouble if someone finds out your password. Use a program like KeePass (http://keepass.info/) to keep track of your passwords for you. It is completely free, and can help you safely keep track of what passwords go where.
Tell your friends!
Nobody likes to admit that they were duped, but it is important that you let people know what has happened. If your friends and family (online and offline) are aware that you were hacked, they will be able to help keep an eye out for suspicious activity for you. It only takes one caring friend online to agree to wire “you” money because your social account is under the control of another person. Knowledge is power. Empower yourself and your friends.
From an identity/financial perspective:
Call the police (non-emergency line, NOT 911), get a police report
It doesn’t really seem like something you would have to do if your computer was hacked, but if you believe that someone has stolen any of your personal data, you need to contact your local law enforcement and file a police report. Digital theft is still theft, and theft is against the law. Additionally, your bank, credit card companies, and other businesses may require you to have a police report when filing claims with them. It may end up being a very simple police report, but so long as they can file that “my files were stolen on this date at this time”, you’ll have something to work with.
Call your bank and credit card companies
If you think that your bank or credit card account information may have been compromised, you will want to contact your banking institution and credit card companies as soon as possible to let them know that you may have lost your data. At bare minimum, you will want to tell them what happened, and to be on alert for any suspicious activity. Your banking representative will help you decide what to do next. In some cases, this may simply be to monitor your account for suspicious activity. In more extreme cases, they will help you freeze your accounts. If you have already had fraudulent purchases made in your name, they can help you get your money back.
File a fraud alert with the credit bureaus
Anytime you have to have to contact your bank, you will also want to call the big three credit bureaus (Experian, TransUnion, and Equifax) to file a fraud alert. In case you don’t already know, these agencies are responsible for tracking all of your financial accounts to determine how good of a credit user you are compared to other people (they do this using credit scores). Since your credit score is based on your credit, they will need to know if your bank accounts or credit cards have been compromised, so they can keep a lookout for any suspicious activity as well. While your bank is your first line of defense at stopping any fraudulent expenses, the credit bureaus are the second. As long as they know what is going on, they will be happy to work with you to make sure that any fraud does not negatively affect you.
If you follow the advice I have laid out for you in this article, there is a pretty good chance that any damages caused to you and your computer by a hacker (human or otherwise) will be minimal. For more tips on how to avoid these scenarios to begin with, check out this article on 5 Tips to Staying Safe Online (https://www.booksnbytes.net/5-tips-for-staying-safe-online/).
How have we been doing? Let us know by writing a review on Google, Yelp, NextDoor, or our social media sites, search for Books N’ Bytes!
Click here to write a review on Google
Find us on Yelp!
We’re Also on NextDoor
For the past two years, I have been actively developing a collection of proprietary software products, which I have maintained in one of Microsoft’s free visualstudio.com TFS repositories. For a single developer, this has been a great way to keep a complete revision history on the code base. Recently, I ran into a few caveats that have put me in a situation where it is time for the repository to be moved to a newly-created in-house Team Foundation Server. Thinking to myself “ok, I’ll just migrate the repository real quick”, I set to work. After a few hours of poking around VSO, it became painfully clear that there is no viable way to do this (while keeping the full revision history), since I did not have access to the underlying database for the repository. This gave me two options: 1.) Checkout the latest copy of the repository and commit it to the new repository (keep the latest source but lose the history), or 2.) Write some script that will loop through the repository, checking out each and every revision (starting at 1), and committing them one-by-one to the new repository (keep the source and the history, but may take DAYS or WEEKS to run).
After thinking on the options, I realized that they both sucked. I then remembered that I had written an article awhile back about Migrating from TFS to Git, so I pulled it up, re-read it, and though “I wonder if I can use this same technique to do a TFS to TFS migration?” The answer was yes! Though there was one downside: I kept all of the revision history, but I lost the Changeset Timestamps (all of the migrated history has the same check-in date). In the same fashion of migrating from TFS to Git, I had to use the “git-tf” tool for this process. Here’s how I did it:
1. Installing Git-TF
Download and install the Git-TF utility from the CodePlex page here, and extract it somewhere on your computer. Don’t forget to install the Java Runtime Environment (JRE) if you don’t already have it, it is required for the tool to run.
2. Cloning the TFS repository (with full history)
The next step was a bit trickier. The tool needs the latest copy of the TFS repository that is going to be migrated. However, to clone the repository, I needed to configure Alternate Credentials on my visualstudio.com account. It took a while to find a recent enough article on how to do this. After some trial and error, it’s easier than it should be:
- Log into your visualstudio.com account
- In the top-right corner, click on your name and select Security
- In the new window, click on “Alternate authentication credentials” on the left
- Make sure the “Enable alternate authentication credentials” checkbox is checked
- Enter a secondary username and password to use, and click save
Once this was done, it was just one command from a Command Prompt to clone my TFS repo:
git-tf.cmd clone https://jarrenlong.visualstudio.com/DefaultCollection $/RepoIAmMoving –deep
Note: If you didn’t follow the Git-TF instructions and add the Git-TF root directory to your system path, just use the full path to the git-tf.cmd file when executing the command. Since I only planned on using this tool once, this is what I did.
This did take a while to clone, as it is pulling the entire TFS repo history with it. Just let it cook until it’s done. The repository that I was migrating had just over 4900 Changesets, so it ended up taking about 24 hours to do the complete clone. While this is running, it will be a good time to go ahead and create an empty TFS repository on your new server, if you haven’t already done so. For this example, we’ll say that my new Team Foundation Server is accessible at https://tfs.mynewserver.com/DefaultCollection, and the repo I created is called “RepoIAmHosting”.
3. Performing the TFS to TFS Migration
Before you commit the repository to the new server, you need to make a few minor changes:
- Using Windows Explorer, you need to open the .git directory that was created inside of the cloned repo. There should be a file in there named “git-tf”; rename it to something else. This file tracks all of the Changesets for the repo, but is bound to the old server. If you tried to commit the repo to the new server now, you will most likely get a “Changeset XXX not found” error.
- Use a text editor to modify the “config” file in the .git directory. This file tells git where the server for the repository is located. In here, you need to modify the [git-tf “server”] section to point to the new server/repository.
For this example, I would change
collection = https://jarrenlong.visualstudio.com/DefaultCollection
serverpath = $/RepoIAmMoving
collection = https://tfs.mynewserver.com/DefaultCollection
serverpath = $/RepoIAmHosting
Save and close the config file. You are now ready for the actual commit! From the root directory of the repository you cloned, you just need to issue a “git-tf.cmd checkin –deep” command, which will start committing the complete repository to the new server. Again, this is going to take a while, but when the check-in is finished, you will have your complete repository history visible in the new TFS portal. Note: If you need to retain commit usernames, use the –keep-authors flag with this command (see git-tf documentation for info on how this works). In my scenario, I was the only developer on the project, so there was no need for me to do this.
As I said at the beginning of this article, there is only one downfall to this process, which is that each and every Changeset will have the same timestamp (+/- a few minutes). Sadly, this appears to be unavoidable (at least, I have not found a way to preserve the commit timestamps). There is one way that you can (partially) retain the timestamps though. By using the –metadata flag with the checkin command, git-tf will attach the additional metadata for each commit from the old repository. This will preserve the timestamps, however it makes the display of each commit look a little funky in the Changeset list for the repo when viewed from the web portal. Instead of showing the Changeset # and the description attached to the commit, the web portal will just show “Commit xyz (Timestamp)”, and the description of the commit will be embedded further inside of the Changeset’s details.
Like this article? Make a Donation to Feed the Developer!