tinyapps.org / blog

Free and easy email migration from Thunderbird to Outlook #

Aid4Mail has long offered a fast and easy path from Thunderbird to Outlook (as illustrated in our 2005 review). However, there were few free and easy options until MailStore Home; it seamlessly handles importing from Thunderbird and exporting directly into Outlook. In fact, once your email is archived in MailStore Home, you may not need or want to export into Outlook at all, as the full-text search feature (including attachments) is very fast and PST files are a nightmare anyway.

/windows | Oct 09, 2015

That's a lot of gigabytes... #

Seen on a Windows 10 desktop today:

CCleaner Alert - Cleaning can save 13,808,924,507 GB of disk space

13,808,924,507 gigabytes is equal to 13.808924507 exabytes. Considering that "by the end of 1999, the sum of human-produced information (including all audio, video recordings, and text/books) was about 12 exabytes of data", this might take a little while.

/windows | Oct 01, 2015

BitLocker _requires_ giving Microsoft your recovery key (unless you're in a domain) #

While setting up a new Surface Pro 3 with a local user account under Windows 10 Pro, I noticed an unfamiliar icon on the C: drive - a yellow yield sign with an exclamation mark on top of an open padlock:

yellow yield sign with exclamation mark icon on C: drive

Thinking it might have something to do with encryption, I searched Settings for "BitLocker" and was directed to System > About where I found this:

You need a microsoft account to finish encrypting this device
You need a Microsoft account to finish encrypting this device

Hardly believing such a thing was possible, I turned to the Internet for answers; sadly, Microsoft confirmed the ugly truth:

Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected . . . If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required.

Cem Paya clarifies it rather succinctly:

Remembering that "not domain-joined" will apply to most consumer PCs for use at home, this translates to: for any Windows 8.1 machine that happens to have requisite TPM hardware, BitLocker disk encryption will be enabled with recovery keys escrowed to MSFT automatically.

At least Apple still has the decency to ask (for now?) if you want to give them your recovery key:


/windows | Sep 21, 2015

Find out what process changed a registry key or value #

Process Monitor (and the deprecated RegMon) is swell for live monitoring of registry activity, but, if run for long periods, it will saturate the page file and stop capturing data.

In order to track down which process kept (vexingly) changing a registry value once or twice a day, Windows' built-in registry auditing was used:

  1. C:\>auditpol /set /subcategory:"Registry" /success:enable
  2. In regedit, right click key to monitor then click "Permissions..."
  3. "Advanced" > "Auditing" > "Add..."
  4. Everyone > OK > check both boxes to right of "Set Value" > OK x3
  5. Any value changes will be recorded to Windows Logs\Security in the Event Viewer, including the guilty process name

/windows | Sep 17, 2015

Outlook Today page is blank: FIXED! #

The Outlook Today page has been a trouble-spot for years. One of the most oft-reported problems is it appearing blank:


Not a single working solution could be found (short of creating a new Windows user account), nor was a tier 2 Microsoft support rep able to help resolve the issue.

Google and Microsoft having failed me, I was finally forced to stir my stumps.

(Very) long story short, deleting "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer" restored Outlook Today to its former glory.

Posted to the Microsoft Community for good measure. May the suffering cease!


With a bit more experimenting, I found that simply deleting the OUTLOOK.EXE name value (or changing its value data as explained below) in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION restored Outlook Today.

FEATURE_BROWSER_EMULATION "defines the default emulation mode for Internet Explorer". The value data of OUTLOOK.EXE was 2af8, which corresponds to IE 11. Changing it to 22b8 (which corresponds to IE 8) resolved the empty Outlook Today page as well. Here is the list of values from Microsoft for posterity:

UPDATE 2: Microsoft has posted this solution as a KB article: Outlook Today displays no information under section headings

/windows | Sep 11, 2015

Change the Windows 7 interface language #

Vistalizator is a portable app that helps you change the display language in any version of Windows Vista or 7 (inexplicably, Microsoft normally restricts this ability to Ultimate or Enterprise editions). Links to necessary MUI (Multilingual User Interface) files hosted at Microsoft and steps for creating a multi-language Windows DVD are also provided.

/windows | Aug 25, 2015

Sniffing encrypted traffic #

Fiddler Screenshot ("The free web debugging proxy for any browser, system or platform") has long been used for sniffing encrypted web traffic, but it requires full administrator access to install an untrusted root certificate for decryption to work (Tools > Fiddler Options... > HTTPS > etc) and the .NET Framework to run.

NetRipper ("Smart traffic sniffing for penetration testers") requires neither. It is "a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption." Further, "NetRipper should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support."

Here's a simple example of it in action:
  1. Launch Google Chrome
  2. Open cmd.exe (no need for elevated command prompt), cd to the NetRipper directory and run:
    C:\Release>NetRipper.exe DLL.dll chrome.exe
    Trying to inject DLL.dll in chrome.exe
    Reflective injected in: 2880
    Reflective injected in: 2992
    Reflective injected in: 3096
  3. Login to GMail account in Chrome
  4. NetRipper saves data to %temp%\NetRipper by default (on most systems, this will be C:\Users\username\AppData\Local\Temp\NetRipper):
    C:\Release>dir %temp%\NetRipper /B
  5. Search for the string "Passwd":
    C:\Release>findstr Passwd %temp%\NetRipper\2880_chrome.exe_SSL_Write.txt
Fiddler: NetRipper:

/windows | Aug 15, 2015

Migrating email from Windows Live Mail (eml) to Apple Mail (mbox) #

  1. Install Thunderbird
  2. Open Thunderbird and cancel the automatic setup
  3. Install ImportExportTools
  4. File > Offline > Work Offline
  5. Tools > Account Settings > Account Actions > Add Mail Account... > enter any name, address, and password > Continue > Advanced config > OK
  6. Select the Inbox folder in the left-hand pane
  7. Tools > ImportExportTools > Import all messages from a directory > also from its subdirectories > browse to Windows Live Mail top folder (e.g., C:\Users\user\AppData\Local\Microsoft\Windows Live Mail) > Select Folder
  8. The import process will begin and progress will be displayed in the status bar at bottom
  9. Tools > ImportExportTools > Options > Export directories > check "Export folders as MBOX file" and select a destination directory > OK
  10. Select the desired top mail folder in Thunderbird
  11. Tools > ImportExportTools > Export folder with subfolders (with structure)
  12. The export process will begin. Unlike the import process, progress is not displayed.
  13. When the export is complete, copy the exported data to the Mac and import into Mail (File > Import Mailboxes... > Thunderbird > etc.)

/windows | Aug 12, 2015

Windows 10: Privacy nightmare #

July 29 - the big Windows 10 release day. Rather than trying an unreliable workaround that was making the rounds, I followed RiotShielder's advice and downloaded an ISO from Microsoft, installing over a Windows 8.1 virtual machine (because you must upgrade your existing Windows OS to get a valid Windows 10 key before doing a clean install* (recover the key with Nir's ProduKey (actually, it looks like you needn't bother))).

When installation completes, be sure to click the tiny "Customize" link on the "Get going fast" screen; you may (not) be surprised at how invasive Microsoft has become. Here's a taste (these are all enabled by default):

  1. "Personalize your speech, typing, and inking input by sending contacts and calendar details, along with other associated input data to Microsoft."
  2. "Send typing and inking data to Microsoft to improve the recognition and suggestion platform."
  3. "Use pge prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft."
  4. "Automatically connect to suggested open hotspots. Not all networks are secure."
  5. "Automatically connect to networks shared by your contacts."
  6. "Send error and diagnostic information to Microsoft." (The toggle switch to enable or disable was hidden below the screen; a near-invisible scroll bar was required to view it.)

Number five apparently refers to Wi-Fi (Non)Sense, which Claus covered in some detail.

Much more about the mounting privacy problems in Windows 10 from Heini Järvinen:

By default, when signing into Windows with a Microsoft account, Windows syncs some of your settings and data with Microsoft servers, for example "web browser history, favorites, and websites you have open" as well as "saved app, website, mobile hotspot, and Wi-Fi network names and passwords". Users can however deactivate this transfer to the Microsoft servers by changing their settings.

More problematic from a data protection perspective is however the fact that Windows generates a unique advertising ID for each user on a device. This advertising ID can be used by third parties, such as app developers and advertising networks for profiling purposes.

Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.

Microsoft’s updated terms also state that they collect basic information "from you and your devices, including for example "app use data for apps that run on Windows" and "data about the networks you connect to."

Users who chose to enable Microsoft’s personal assistant software "Cortana" have to live with the following invasion to their privacy: "To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device. Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more." But this is not all, as this piece of software also analyses undefined "speech data": "we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames."

But Microsoft’s updated privacy policy is not only bad news for privacy. Your free speech rights can also be violated on an ad hoc basis as the company warns:

"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to", for example, "protect their customers" or "enforce the terms governing the use of the services".

At the very least, be sure to create a local account and customize the privacy settings after installation. Better yet, migrate to a truly free operating system; Richard Stallman was right all along.

UPDATE: Not content to spy on just Windows 10 users, Microsoft is retrofitting Windows 7, 8, and 8.1 with Telemetry and more. In response, /u/spexdi has assembled a script which roots out and blocks this newfound spyware: MTRT - Microsoft Telemetry Removal Tool (download).

* /u/justmoa kindly shared an alternative approach:

  1. Copy \source\gatherosstate.exe from the Windows 10 ISO image to the Desktop (or any writable directory) of an activated Windows 7, 8, or 8.1 system
  2. Run gatherosstate.exe; it will create GenuineTicket.xml in the same directory
  3. Copy GenuineTicket.xml to some external storage device
  4. You can now perform a clean install of Windows 10 (click "Do this later" when prompted to enter a product key)
  5. When the install is complete, copy GenuineTicket.xml to C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\ and reboot

As usual, Microsoft's licensing policies are as clear as mud:

/windows | Jul 29, 2015

Mount USB drives as read-only in Windows #

via a quick registry edit (no reboot required - tested in XP SP2, 7 SP1, and 8.1). Simply save the following text as an .reg file and double click to merge:
Windows Registry Editor Version 5.00

To restore mounting removable disks as read-write, just change "00000001" to "00000000", resave the file, and double click to merge. Not as sound as a hardware write blocker like the Forensic UltraDock, but might come in handy for less sensitive work.


UPDATE: Just stumbled onto SAFE Block, "a software-based write-blocker that facilitates the quick and safe acquisition and/or analysis of any disk or flash storage media attached directly to your Windows workstation. It is proven to be safe, significantly faster than hardware write-blocking solutions, and used across the globe by agencies, law enforcement, and private firms". Retails for $219 to $549, depending on Windows version. The licensing scheme is "single-instance use . . . machined-tied to one computer".

/windows | Feb 17, 2015

Subscribe or visit the archives