Beware of Google’s .ZIP domain and password-embedded URLs

PUBLIC DEFENDER

By Brian Livingston

The security community is up in arms, because Google this month started selling domain names with deceptive endings such as .zip and .mov.

Even worse, some browsers are allowing usernames and passwords to be embedded into URLs. This means following a link can expose users to viruses without any explicit action (such as clicking “OK”).

Internet-standards bodies years ago prohibited usernames and passwords in URLs — but hackers still do it.

Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
This story also appears in our public Newsletter.

Longstanding feature requests, and their status

ONENOTE

By Mary Branscombe

We’ve been waiting a long time for the OneNote features promised in 2019.

I asked Microsoft to tell us what’s coming when.

The very first time I heard about OneNote, at a press briefing for Office 2003, I saw how useful it would be — but there were also some things that I thought wouldn’t work. I went over to talk to Microsoft’s Chris Pratley and spent the next 20 minutes trapping him in a corner between the wall and the lunch table, making suggestions and asking for changes, before a PR person tactfully extracted him.

Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).

Three typing tutors — no more “hunt and peck”

FREEWARE SPOTLIGHT

By Deanna McElveen

Let’s face it, life is too short to be taking 30 minutes to type out an email or a witty Facebook rebuttal.

Today, I’m going to show you three best-of-the-best — and absolutely free — typing tutors. Each one is a bit different, and each one has some pretty nifty features. So sorry, Mavis Beacon. You’ve always been a nice lady, but you are getting expensive! There is always a free alternative.

Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).

Is online banking secure?

ON SECURITY

By Susan Bradley

Over the past few years, banks have been increasing their online footprint.

From mobile banking with cell phones to remote depositing with check scanners, banking has drastically changed. Some of the changes are forced on us due to the changing hours of operation at our local banks, but some of the changes enhance our ability to get our funds where we want them to be.

Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).

Are you ready for AI?

The Microsoft BUILD conference is over and they will be adding AI to well…. everything.  As usual while Microsoft will be … well Microsoft. We’ll be ensuring that we can tame and make the technology what you want it to be.

If you don’t want AI in Edge now, you can start with the basics such as blocking the request to change the default browser to Edge and the default search engine to Bing. This setting as noted in Edge policies can be set via group policy or Intune. Additional settings include to block the Bing Chat AI from the Windows 11 search. To disable Bing Chat AI from the Search field on the taskbar press the Windows key and open Settings, or use the Windows key + I shortcut to open it directly. Now click Privacy & security from the left panel scroll down to the Windows permissions section and click on Search permissions from the list. Scroll down to the More settings section and toggle off the Show search highlights option. The Bing Chat AI icon will no longer appear in the search field.

For those that use group policy there is a new Group Policy setting to disable the bing chat icon, and this setting was added with Windows 11 21H2 administrative templates. You must download the ADMX Templates for Windows 11 October 2021 Update [21H2] from the Official Microsoft Download Center. You’ll want to copy the files from from C:\Windows\PolicyDefinitions on a Windows 11 computer to your central policy store.  Navigate to Computer Configuration\Administrative Templates\Windows Component\Chat. Find “Configures the Chat icon on the taskbar“.

Bottom line, don’t worry, we’ll keep you aware of all the tips and tricks to tame your operating system so it won’t go “I’m sorry, Dave. I’m afraid I can’t do that.” Stay tuned. we’re have more in the newsletter as Microsoft showcases the changes. Previews will be coming in June.

I’d also like to wish everyone in the United States a great Memorial Day holiday.  To everyone who has served, thank you.

MS-DEFCON 4: Skip those Secure Boot scripts

By Susan Bradley

Deploy May updates — and nothing but the updates.

I’m lowering the MS-DEFCON level to 4 to encourage you to install the May updates now.

However, I do not recommend taking the optional steps recommended by Microsoft to revoke the vulnerable bootloader files, as I discussed in yesterday’s On Security column. I do not think these manual steps provide full protection for this vulnerability — or potential future ones.

Anyone can read the full MS-DEFCON Alert (20.21.1, 2023-05-23).

Getting started with winget

WINDOWS

By Simon Bisson

If you’ve used Linux, you’ll be familiar with package managers such as Debian’s apt and Red Hat’s yum.

They keep track of what’s installed on your computer — downloading updates and installing new software, managing dependencies so you always have the right libraries for your code. Drop into your command line, type a few keystrokes, and you’re automatically up to date.

Windows hasn’t really had the same design philosophy.

Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).
This story also appears in our public Newsletter.

No NumLock key? Problem solved! Here’s the fix.

PUBLIC DEFENDER

By Brian Livingston

Most laptop makers are now leaving the NumLock key out of their smaller notebooks.

That’s a disaster for people who’ve been getting symbols that aren’t on their keyboard by entering Alt+number — for instance, typing Alt+0169 on the numeric keypad to get the copyright sign (©).

Some laptops have a function key for a “hidden” numeric keypad. But I’ll show you much easier ways. Read this today, and you’ll be writing documents faster — mañana!

Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).

Windows Storage Spaces

HARDWARE DIY

By Will Fastie

I decided to try Storage Spaces on Opal, just to see what it would be like.

It’s a mixed bag. On the one hand, it’s less technically challenging than the Intel Rapid Storage Technology (RST) solution that lives partly in UEFI and partly in a Windows driver. On the other hand, it’s a work in progress, with some confusing configuration steps.

Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).

Is Secure Boot important for security?

ON SECURITY

By Susan Bradley

During the last few months, some chinks have appeared in Secure Boot’s armor as the result of various attacks and vulnerabilities.

Let’s go back in history and understand how we got here.

When a computer boots up, and before the operating system is launched, other code runs. For many years, that was the Basic Input/Output System (BIOS) pioneered by IBM in the original IBM PC. Unfortunately, inventive attackers found ways to permanently install malicious code as part of this launch sequence.

Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).

What is your favorite home consumer tech thing?

What’s your favorite technology thing that you use at home? I’ll start with mine. A kindle. But only for books, not for gardening magazines. One can get a book sized kindle which can also hook into your email so you can send email from it. I typically purchase two at a time so that I can be charging one while I’m reading the other.

So what is YOUR favorite technology thing that you use strictly for personal use and not for business?

Apple security updates for May

Apple security updates out…

💻 macOS Ventura 13.4 – 51 bugs fixed
📱 iOS and iPadOS 16.5 – 39 bugs fixed
⌚ watchOS 9.5 – 32 bugs fixed
💻 macOS Monterey 12.6.6 – 29 bugs fixed
📺 tvOS 16.5 – 28 bugs fixed
💻 macOS Big Sur 11.7.7 – 25 bugs fixed
📱 iOS and iPadOS 15.7.6 – 17 bugs fixed
🌐 Safari 16.5 – 5 bugs fixed

Three zero days fixed in this batch