We see those a lot actually, stupid hackers gonna try to stupid hack
Our CEO gets pages of those on occasion
Wow… Yeah I think something that doesn’t help is that my email is very short, so maybe a) desirable or b) something that users might type for a throwaway account. Like joe@outlook.com. I keep getting signup alerts for people that use if for say snapchat. So that might make me a bigger target by accident.
1 Like
Yes that’s exactly what it is. Your email which is often exposed, gets attempts by “dictionaries” of exposed passwords
1 Like
So one thing I’m considering doing is disable that main email from being used for logins. I’m just afraid I mess up and lock myself out! 
I actually don’t think you have anything to worry about, its a constant thing now days and it sounds like your are already doing the prudent things.
I have couple of 'throwaway" email accounts, one each on outlook and gmail that I use for register signup requests where I don’t know the provenance. I see attempted hacks of those accounts all the time.
1 Like
Hmm, this setting?
I certainly never requested those languages, ever. I wonder how it decides these things?
1 Like
BTW I mentioned I had rebuilt my system starting from a “fresh” drive image of my open-box SLS. Given that I’m still seeing loads of rare messages in the event viewer logs I’ll have to go all out and install a fresh Win11 image from scratch.
Like I’m seeing tons of “CIMWin32 provider started with result code 0x0”, several messages like “An error occurred when transitioning from DesktopLocked in response to EvDesktopLocked” (related to remote desktop it seems, which I’m not using), “Ctap WebAuthN completed” (zero google hits…), and hundreds of errors containing “onecoreuap\shell\cloudstore\resolver\src\walkabletoencryptable.cpp”, apart from one hit off hybrid-analysis.com, nobody runs into this cpp module. So… all pretty freaking suspicious.
What a pain… Note to self, for any used equipment install a completely clean OS. Although… given that UEFI can be infected, maybe the note to self should be “buy NIB sealed only”.
1 Like
And the hits just keep coming:
Same here with duck and cover drills. The joke among us third graders was that you had to tuck your head tightly to your knees under your desk in case of a nuclear attack, so you could be in a position to kiss your ass goodby.
With contemporary weapons sporting multiple 50 megaton warheads (3,800 times the power of the Hiroshima bomb), I was never really concerned about EMP. This is particularly true considering my location in one of the most populated regions of the US. We were toast if somebody had an itchy trigger finger.
Talk among our adversaries about the use of limited nuclear weapons is sheer madness.
Well, for folks who are further away and out of any likely blast radii there is:
3 Likes
Bit the bullet, did a full clean install of Win11 on my SLS to eliminate any remaining concern. Typing this from the SLS, which feels snappier (just kidding).
The process:
- Made a bootable USB from within Win11 on a known (likely…) good PC. Didn’t recall this, MS offers a media creation tool that downloads Win11 itself, so no need to download the iso first. Nice.
- entered UEFI on SLS using vol-up + power and enabled boot from USB
- hooked up external keyboard, since neither keyboard, trackpad, or touch screen worked initially
- deleted every single partition on the SSD to eliminate any rootkits present (hoping there are no UEFI exploits yet for the SLS)
- Created new partitions, installed Win11, updated, rebooted, updated, etc.
The result
Checked the event logs using Nirsofts FullEventLogView… Same errors! 
Good grief… So either the hackers work at MS or these errors are linked to Win11 and/or my account.
- same long list of errors that “data of type Windows.Data.Security.Vault.WebCredentials was corrupted and ignored” (over a 100 of these)
- same list of issues with known folders missing (something like ten of these)
- same list of ten warnings of the type “LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard”
- same suspect driver error: igd10iumd64.dll did not meet the Custom 3 Antimalware signing level requirements.
- same long list of errors from Microsoft-Windows-WMI-Activity, of the type “Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE ‘%PHYSICALDRIVE0%’; ResultCode = 0x80041032; PossibleCause = Unknown” (gee, thanks)
- Short list of alarming “The driver detected a controller error on \Device\Harddisk1\DR1” errors (I’ll install Samsung Magician and see if there’s a firmware update).
Long story short, probably not hacked (yay), possibly power issues with the original 2TB SK Hynix SSD (boo) that I installed, which would explain the two hard crashes to the boot logo, or alternatively, possible hardware issues with the SLS itself. If the crash recurs, the SK Hynix drive might be innocent after all.
I’ll keep an eye on my system, but most likely this was all a giant waste of time, aside from replacing the SSD if that was indeed the thing causing the crashes.
Dude you need a PC security detox… Maybe pick an iPad Pro where even if something is going on, you won’t be able to see it as Apple doesn’t easily expose it. 
2 Likes
Just following the advice from the local experts here. 
This guy gets it. (posting this from an iPad Pro BTW 
)
2 Likes
Back to being serious for a moment. The messages around this "data of type Windows.Data.Security.Vault.WebCredentials was corrupted and ignored” actually indicate to me that there may be an issue with corrupted data during a sync in the past and sync can’t reconcile between the two.
I’m assuming you are a MS Office user as well? If that’s the case, MS can essentially reset all the various tokens and authentication stuff on their end if you contact them directly.
You won’t lose any data as it in essence is it is as if you are syncing for the first time.
That also may clear the LSA guard stuff too.
1 Like
Thanks for the suggestion. Yeah I am now 95% sure that that particular string of errors is an honest-to-god data corruption/sync conflict. It’s tied to OneDrive, when OneDrive doesn’t run I don’t get those errors. And I did recently delete a ton of saved passwords from Edge and from the Windows Credential Manager. It doesn’t seem to be causing any problems though, other than costing me a lot of time trying to figure it out.
BTW I had a pretty funny interaction with a support agent via chat. I tried the ‘get help’ option in Windows, never did that before (and might never do that again).
I’m like “the problem seems to be tied to OneDrive”. He suggested to reinstall OneDrive. I uninstall it, check for errors, and tell him “now that it’s uninstalled, I don’t see the errors”. His response: “That is great to hear, is there anything else I can help you with today?” :vb-headbang:
2 Likes
Random question about emails and images. For decades I’ve been telling the Outlook desktop app to not download remote images. Most of us know that linked images are used to track whether you see or open the email, verifying that your email address is real, potentially (likely?) leading to more spam.
Occasionally I have noticed that despite this setting, some emails populate all their images over the span of one or two seconds, despite the “do not load external images” setting being active. I have not whitelisted any senders, and they are not in the trusted zone.
Question: have spammers found a workaround, or is there another reason why some emails do show images? I guess next time I see this happen I’ll double check the size of the message (maybe they embedded all images and they just took time to show?). Curious if anyone has any thoughts.
Could the images be included in the e-mail as a MIME attachment? Look at the raw text?
(I really wish it was easier to just specify plain text and auto-bounce anything which doesn’t provide a plain text form — yes, I know I shouldn’t be using an @aol.com e-mail address when making such a complaint, what can I say, I’m cheap)
2 Likes
For those that are nervous or bothered by what happens when you give your PC to a repair shop, this isn’t going to make you feel any better.
And the fact that they seem to target women, is especially slimy and reinforces some bad stereotypes.
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
1 Like
This sounds bad, although tbh I’m not sure through what path fake updates / app packages could make it onto an end user’s phone. Anyone have more insight?
1 Like
This not as bad as ARS would have made it out to be IMHO. For a user to be affected, they would still have to install an app like this outside of the standard app store.
The issue is that all of Androids malware detection is based on app signing. The worst case scenario I can think of would be with Samsung Pay, where other apps rely on it and in the case of Pay, may have direct access to bank account information
1 Like