The Internet is Infected! The Ultimate Cyber Security Guide for Small Business and Home Computing!

If you find the information on this blog valuable you will find my upcoming three volume cyber security books infinitely more so! Visit my website at http://thatcybersecurityguy.com. My 8 years of research and 900 written pages are about much more than just cyber security as my writing presents valuable small business and general home computer knowledge. Visit me on Twitter @ThatCyberSecGuy. See the ACLU video "Invasion of the Data Snatchers" at YouTube to understand why you need my books and PDF files on the infected Internet.


Saturday, July 18, 2015

Switching your Samsung Galaxy phone to a new carrier, the new AT&T GoPhone plan!

Years ago, I purchased a T-Mobile Samsung Galaxy S2 model SGH-T989 because of the Walmart Family Mobile plan. While the T-Mobile cell network had dead spots in their coverage of my area, this inexpensive unlimited, no contract, everything smartphone plan met my needs for as little as I used my phone. However, with the launch of my business ThatCyberSecurityGuy, LLC and having a new, January 2015 copyrighted cyber security book, I wanted better coverage so I investigated the switching of my phone to a new carrier.

After a lot of research I decided on the AT&T GoPhone plan.
  • 4G LTE speeds on the AT&T network
  • No annual contract, no credit check
  • Easy activation
  • Great plan choices to fit your needs
  • Convenient and flexible - Renew your service when you need it for up to one year after your plan expires
  • Variety of refill card plans at Walmart from which to choose
  • Once plan is established you can purchase refill cards at any AT&T store easily with credit card or pay online

I chose the $45 plan that provides unlimited calls & texts, limited international texts and 1 GB of data. What is weird about this is that this plan is not listed at the AT&T / GoPhone website. To switch my phone to the new plan, I found out I needed something called an unlock code. This is intended to inconvenience customers as most mobile devices are programmed to prevent the device from operating with another wireless carrier network without first obtaining an unlock code. To get a 'unlock code' you have to meet your carriers unlock requirements. If you visit https://support.t-mobile.com/docs/DOC-1588 you will see the requirement for the various T-Mobile phone plans. In my example they were:

Unlock eligibility for monthly phones, tablets and mobile internet devices

The requesting line on the device must have been active on the T-Mobile network for at least 40 days on the requesting line.

  • If the device is financed using T-Mobile’s Equipment Installment Plan (EIP), all payments must be satisfied and the device must be paid in full.
  • If the device is on an account that is under a service contract term, at least 18 consecutive monthly payments must have been made or the account has migrated to Simple Choice no contract rate plan.
  • If the device is associated with a canceled account, the account balance must be zero, including all pending charges.
  • T-Mobile may request proof of purchase or additional information in its discretion and certain other exceptions may apply.

If you have a T-Mobile phone, you can visit https://support.t-mobile.com/community/contact-us, which has all their contact information. However, in my case I have a Walmart Family plan so I had to contact Family Mobile at 611 or 877-440-9758. (See: https://www.myfamilymobile.com) I knew that before I called I would need all my phone information, which required me to open it up, take out the battery, find a magnifying glass and write down all the phone information. After navigating their very lengthy automated phone question system and waiting on hold for a long time, I finally got a person on the line who did not speak English very well. That person then asked me for my passcode, which I did not have handy. I had written it down somewhere and stored it on my computer years ago.

I cried as I hung up to go search for the passcode. I finally found it, called back and an hour or two later after being on hold again I finally got a person on the line. My phone was going in and out on the network as he kept saying, "I could not hear that, why do you want an unlock code?" I finally shouted, "I think you can see why, because you can't hear me most of time!" He finally capitulated and gave me the unlock code but it was a long conversation and I could tell they really did not want to allow me to unlock my phone. I took the unlock code to Walmart and had them unlock the phone.

I needed to switch plans which required the purchase of a new SIM card. I could have purchased the AT&T card online for $4.95 but Walmart sells a universal SIM card kit for about $10 in case I want to use other networks. After purchasing the kit the Walmart employee swapped the phone SIM card and after I have purchased my first month on the GoPhone plan, he then switched my phone number to AT&T's. I knew I did not have the patience to navigate the Family Mobile phone system again without screaming… This took an extraordinary amount of time so I wandered around the store and did a little grocery shopping.

I'm thinking I'm done at last and take my phone home but for some reason I start getting text message errors about 50 times a day. I have no idea what is happening so I run the phone to an AT&T store… no one there knows anything… I go to the Walmart store and once again, no one knows anything. Weeks later, I corner the Walmart cell phone guru (this guy knows everything!) who helped me switch my plan and had described all my plan options in great detail and patience. He went to work on my phone, he pulled out the battery… no luck and then searched the smart phone websites he knew about and found an article on a T-Mobile application that was known to cause this problem. After another ½ hour of research he figured out how to delete the application and all was well at last, or so I thought. He suggested that I root my phone and update it to get all the old T-Mobile apps off my phone to which I replied, "Oh yeah, I'll have to do just that someday!"

I was being sarcastic but this project stuck in the back of my mind and I'm happy to say now, months later, I finally found time to do this and blog about it. Stay tuned as next month I describe how you can do this also.

How To Setup your Windows 7 VPN Client to use at Hotspots Everywhere

We now have to configure our client as an outgoing VPN connection:

Click on Start > in the search bar type VPN and then select Set up a virtual private network (VPN) connection.

In my book we set up an SSH server; we learned that most ISP's assign a DHCP IP address to our cable modem.  This means that this IP address can shift from time to time.  Therefore, I showed you how to set up your router to use http://dyn.com to set up a domain name and automatically update your router whenever your IP address changes.  This used to be a free service but now you will have to pay a nominal cost to maintain a domain name that will always keep you pointed at your local network.  We did this so that whenever we are at some other place in the world our shifting IP address never prevents us from connecting to our network.

In the Create a VPN connection dialog enter your Internet address: that can be a domain name or the IP address of the router or server to which you want to connect (e.g. yourdomainname.dyndns.org).  If you're connecting to a work network, your IT department will provide you the address, username and password to use.

The Destination name: field is how you have to identify the connection so it can be resolved on your local network.  The destination name is your VPN server computer name that you made note of while setting it up.  The default, which is "VPN Connection", must be overridden with your VPN server's hostname.

At the bottom are three options from which you are to choose.  Check Use a smart card if you are using one > if this is your laptop or you share it with others check Allow other people to use this connection > if you want to set up the connection, but not connect, select Don't connect now;… otherwise, leave it blank, Next.  I recommend that you never select Don't connect now, as you will have to go back, experiment and reconfigure everything if it does not work the first time you try to connect.

On the next screen, you can either put in your username and password or leave it blank. You'll be prompted for it again when you establish the actual connection.  For convenience, enter both and check Remember this password.  If your Internet device is ever lost or stolen you can easily and quickly delete the server VPN connection information.  Click on the Connect button at the bottom and the Connecting to VPN server name… screen will appear.  If you are successful you should see the You are connected message which means you have a working VPN connection.

To connect, click on the Windows network logo on the lower right part of your screen, then select Connect under VPN Connection.

In the Connect VPN Connection box, enter the appropriate domain and your login credentials, and then click on the Connect button.

To delete your client VPN connection:


1. Bring up the Network and Sharing Center.
2. Click on the Change adapter settings link on the left pane.
3. You will then see the adapters and the VPN connection, right-click on the VPN connection and select Delete.

To use your laptop remotely at a hotspots in the future, click on the network icon on the lower right of the task bar and pick the client VPN Connection that we just configured > click on the Connect information and enter your username and password.

Disabling your VPN Connection when it is not in use

When you are not on the road and just using your local network, you should disable your VPN connection.  You can do this by telling your router not to forward incoming connections to your Windows VPN server or by deleting the connection from your VPN server.  To delete the connection right click on the Start button > in the Search box type Network and Sharing and click on Network and Sharing Center or right click on the desktop Network icon and arrow down to select Properties > on the left, click on Change adapter settings > right click on the Incoming Connections network connection and arrow down to select Delete, Yes.

The other option is to disable the connection in your router by logging in and clicking on the Advanced tab at the top > click on Advanced Setup > arrow down to select Port Forwarding / Port Triggering and delete the VPN-PPTP port 1723 service forwarded to your VPN server.

Troubleshooting your Windows VPN Connection Setup

You will find the procedure and steps above detailed at Microsoft, as well as at many websites and blogs.  I often wonder if these authors actually get their VPN connections working or just say that they do.  After following the detailed steps above, unfortunately for me, when I attempted to connect to my VPN server I received the following message:

The "Connection failed with error 800" message indicates that your connection is unable to reach the VPN server behind your router and/or software firewalls so you have to start eliminating the usual suspects.  First try disabling the Windows firewall on your VPN server by clicking on Start > Control Panel > select the Windows Firewall icon > on the left click on the Turn Windows Firewall on or off and disable your Windows Firewall.

If that does not work, make note of your cable modem IP address and try taking your router out of the loop.  Hook your cable modem directly to the local VPN server and travel to a nearby hotspot to try to connect to your VPN server via your cable modem's IP address.

Try to connect multiple times so that if your VPN server is rejecting your connection it will be reflected in its event logs, this will provide irrefutable evidence that your remote connection never made it to your VPN server.  Log in and view the VPN server event logs by clicking on Control Panel > select Administrative Tools > select Event Viewer > under Windows Logs click on System and examine your errors & warnings.  If, for some reason, you do not see any messages indicating that your Windows VPN server rejected a connection for some reason you will have to look elsewhere for the problem.  In my case, when trying to establish a VPN connection from my client laptop it was:

Connecting to domainname using 'WAN Miniport SSTP'…
Connecting to domainname using 'WAN Miniport PPTP'…

After viewing the VPN server event logs it was obvious that the VPN client connection never even made it to the server, so what to try next?  Bypass your cable modem and router and just try connecting to your VPN server using its local network IP address (e.g. 192.168.1.x).  Hopefully, this will solve your problem or at the very least you will get yourself one step closer to getting a working VPN to use at hotspots.  In my case I got the following error message on my VPN client:

"Error 720: A connection to the remote computer could not be established.  You might need to change the network settings for this connection."

I looked at the VPN server event logs and at last found an error message at last indicating that it was rejecting the connection, "CoId={CB8A5A38-787F-4EEF-A931-D0232ADB8A21}: The user asuscrosshairv\User connected to port VPN3-1 has been disconnected because no network protocols were successfully negotiated."  When scouring the Internet for a solution, I found the answer at http://www.chicagotech.net/VPN/error720b.htm, which described this as a weird problem that may arise due to a Protocol issue on the remote computer.  This explanation is not very scientific but to establish a VPN connection I had to perform the following steps on the VPN server, right click on the Network icon on the desktop arrow down to select Properties, which will open up the Network and Sharing Center > on the left menu click on Change adapter settings > right click on Incoming connections TBD… > click on the Networking tab at the top > double click on Internet protocol version 4 (TCP/IPv4) >tick Specify IP address and type the IP range values that includes your remote device local network and later your cable modem IP address from your ISP, OK.

After performing these steps, I at last had a VPN connection at last via my local area network.  The next step is to change the Internet protocol version 4 (TCP/IPv4) IP addresses to the address range of your cable modem and attempt to connect from a hotspot.

Web pages I looked at to research and put together this blog entry:

http://lifehacker.com/5900969/build-your-own-vpn-to-pimp-out-your-gaming-streaming-remote-access-and-oh-yeah-security
http://www.howtogeek.com/135996/how-to-create-a-vpn-server-on-your-windows-computer-without-installing-any-software/
http://power-byte.wonderhowto.com/how-to/mastering-security-part-2-create-home-vpn-tunnel-0130261/
http://www.pcworld.com/article/2030763/how-and-why-to-set-up-a-vpn-today.html
http://technet.microsoft.com/en-us/library/cc733803%28v=ws.10%29.aspx