For locked down computers that are fairly easy to use you could try a
chrome book. Word documents can still be a problem though so a cloud
service might be necessary if they can't switch to libre office.
Cancelling credit cards and changing passwords might be required if they
were saved in a browser.
On Thu, 19 Dec 2019, 7:34 pm Mark Trickett via luv-talk, <
On 12/19/19, Brian May via luv-talk <luv-talk(a)luv.asn.au> wrote:
Seems like my father got scammed by "Telstra". They asked for the
model and serial number of our ADSL modem, and asked him what lights
were flashing. They had him install "Any place control 7.5" on his
Windows computer, gave them remote access. In doing so his screen went
blank, which makes me very suspicious. Then he left his computer on with
the remote access still enabled. As a result, we have no idea what the
attacker may have done. They said we could have free fibre connection
for $5 delivery fee, which finally got him suspicious, but he still
didn't think of turning off the computer or disconnecting the network
Therein is the issue with Microsoft, whomever has access, local or
network, has total freedom to do as they please, for good or ill.
Migrate him to a limited account on a Linux box, that can mean only
his account gets compromised, and then primarily the data rather than
We don't have any account with Telstra, and
there is no reason why they
should be calling.
I think we cannot trust that copy of Windows anymore. I have recommended
he use Windows from his old hard disk that wasn't plugged in at the
time. I am not sure what to do about his data files (Word + Excel),
other then do a full virus scan.
Also the data files, do not neglect the vulnerabilities through Visual
Basic for Applications, it can reintroduce all sorts of things when a
document is opened. I would strongly suggest Office Libre instead of
the Microsoft offerings, even on Windows.
He also has a backup copy of the files that was
not available to the
attacker, and was going to compare file sizes. I might suggest he
install a program that compares files in two directories, and run that.
Does he have enough competence to do that, and comprehend the results.
Some will vary legitimately, some compromises will deliberately make
the resulting file exactly the same size. It might take using
something like MD5 sums to see what is changed.
I might also block unknown telephone numbers on
incoming phone calls by
default. Sure we might miss some important calls (callers these days
generally refuse to leave voice mail), but I think it will be safer. I
think this could easily happen again.
And they are spoofing the numbers. There are reports of scam calls
where the caller ID shows the correct number for the purported calling
identity. He needs an education regarding "social engineering", see if
you can get a copy of "The Cuckoos Egg" by Clifford Stoll, not recent,
but still relevant.
Is there anything else we should be doing?
From the note, consider something permanently on with the requisite
features, that is Linux based, that he cannot add to, nor remove from,
except for toggling network connectivity. I believe the Raspberry Pi 4
is desktop capable, and runs on about 4 amps of 5V USB power. It does
need a screen and keyboard and monitor, and should have a USB drive
for the home directories. You would need to do the administrative
work, but hopefully less of an issue than the cleanup on Windows. If
he cannot install anything, nor open access ports and the like, and
the unnecessary ones are not enabled, he should be less able of making
such a mess.
 This the same father who just recently purchased an external USB
device, plugged a 12V power supply into it - instead of 5V, and fried
the device and his motherboard in his good computer at the same time.
Brian May <brian(a)linuxpenguins.xyz>
luv-talk mailing list