AskWoody

Real-time MS-DEFCON alerts debut!

ISSUE 18.36 • 2021-09-20

MS-DEFCON

By Susan Bradley

The new AskWoody SMS alert system is now available for Plus members.

The MS-DEFCON system has been a staple of the AskWoody site for many years now. You know it as a visual system of numbers and colors that provides a quick indicator of the relative safety of applying updates (patching) to Windows and other Microsoft apps and services.

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).
This story also appears in the AskWoody Free Newsletter 18.36.F (2021-09-20).

Older Geeks: Keeping it clean

PROFILES

By Chris Husted

Hidden away in a small town of 5,000 in the Missouri Ozarks is a small computer-repair shop run by a pair of self-confessed “super nerds” who over more than a decade have amassed some 4,000 freeware programs that all satisfy one steadfast credo: “No ads, no crapware, no b.s.”

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).
This story also appears in the AskWoody Free Newsletter 18.36.F (2021-09-20).

Apple gives privacy one minute

APPLE NEWS

By Silvia Eckert

“California streaming” ducks the controversial CSAM issue at last week’s annual iPhone event.

As reported by Brian Livingston in his column Apple plans to break its end-to-end encryption (AskWoody 2021-08-30), Apple announced about a month ago an initiative to limit the distribution of Child Sexual Abuse Material (CSAM) by looking for inappropriate imagery on its customers’ devices and reporting occurrences to the National Center for Missing and Exploited Children. But because the technology represented what amounted to surveillance that could be applied to virtually anything, an enormous amount of backlash against the initiative occurred.

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).
This story also appears in the AskWoody Free Newsletter 18.36.F (2021-09-20).

Reader wants the deets on failed Home v. Pro test

LANGALIST

By Fred Langa

OK, this is embarrassing: A reader called me out after my planned side-by-side Home/Pro test drive fell apart. (“Crashed and burned” might be more descriptive.)

So, with a deep gulp to swallow my pride, here’s where things went really, really wrong — and why.

Plus: Beyond simple disk wipes and overwrites, a better way to prep an old hard drive for safe resale!

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).

Sanas makes emerging-market English sound American or British

PUBLIC DEFENDER

By Brian Livingston

A tiny tech startup says its software can almost instantly convert the accent of an ESL (English as a Second Language) speaker into a stream of audio that sounds almost exactly like an American or a British native speaker.

Sanas — whose domain name is Sanas.ai — is based in Palo Alto, California, and has used artificial intelligence to analyze thousands of ESL speakers in India, Latin America, the Philippines, and elsewhere. The AI system picks up differences in their speech patterns compared with Western speakers who learned English in childhood. The software’s output is like a 3-D printer for sound.

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).

Freeware Spotlight — SageThumbs

BEST UTILITIES

By Deanna McElveen

Some of the most common things I get asked about at our computer store are how to email a picture and how to make it smaller. Or, how to make a picture my desktop background image.

To us geeks, these tasks are pretty straightforward because we have done them hundreds of times; but to a novice who is just learning to use a computer, it can seem rather confusing.

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).

Back to School, Back to patching

PATCH WATCH

By Susan Bradley

September is the month for in-the-wild patching.

September is a month of change. From going back to school here in the United States to seasons changing all over the world, one thing remains constant: we have to patch. No matter what technology we have or use, it seems like this month, we’re patching it.

From Apple devices that are getting a fix for the targeted attack that allowed journalists to be spied upon, to Chrome’s several vulnerabilities that have already been used in targeted attacks, to Microsoft’s ActiveX and Office bugs that have already been seen in active attacks, you will probably be patching sooner versus later.

Read the full story in the AskWoody Plus Newsletter 18.36.0 (2021-09-20).

Tasks for the weekend – September 18, 2021 – it’s squirrel away time

(Video here) It’s squirrel away time. Time to download a copy of Windows 10 21H1 and ensure you have a copy in case you need it to do a repair install or a clean install.

To do this go to the Windows 10 ISO page and download a copy and place it on your computer or to a spare flash drive.

We think that 21H2 might be coming out soon but we’re not sure when. Microsoft is very focused on Windows 11 and I’ve yet to see an announcement surrounding the release of 21H2. Regardless I recommend downloading a copy and keeping it aside.

The other day I reinstalled from scratch on my home Lenovo laptop due to the fact that I wanted to really clean it up and it was slow in connecting via RDP. Once I got done installing the Windows 10, I went into device manager to see if there were any missing drivers. There were some missing. Even looking at the optional updates via Windows updates didn’t find all of the drivers. I ultimately went to the vendor web site and downloaded the drivers from there. There are a lot of third party websites out there that advertise that they can update your drivers. I strongly recommend not using these sites as some of them have less than stellar reputations.

As always if you have any issues with your computer, we’re here to help.

November 1 – basic auth is really being shut off

PK reminded me of this the other day:

New minimum Outlook for Windows version requirements for Microsoft 365 – Microsoft Tech Community

What is it?

Microsoft is finally (after a delay due to the pandemic) shutting off “basic” authentication to Microsoft 365. So if you have an older Outlook that you are using to access Microsoft 365 this will impact you as there is no longer any grace period. Basic authentication is older, less secure way of passing usernames and passwords to the hosted email.  Attackers go after basic authentication and can gain access, thus it’s EXTREMELY good that they are FINALLY shutting this off once and for all. But that said, it doesn’t make it easier for you if you love Outlook 2010.

But I don’t have Microsoft 365, what do I care?

Ah but do you have your email through a service like Godaddy which these days uses Microsoft 365 on the back end? I’ve also seen some ISPs offer their email through Microsoft 365.

Bottom line if you use an older Outlook – like Outlook 2007 or 2010 you need to migrate off of those desktop versions if you connect to Microsoft hosted email.

Remember if you are not a fan of the newer Outlook there are other options including the web based version of Outlook but be aware that Thunderbird may not work, especially in a business setting.

How can I know what my ISP uses?

I’d check their help forums (yea, I know that’s not a great answer), or ask here and we’ll see if we can figure it out for you!  I’ll remind you again in the newsletter when it gets closer to November 1.

September 2021 – it’s patch day!

This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days.

Today we have the Microsoft version.  Now while Adobe doesn’t have any zero days in their release bundle, if you are (still) a user of Adobe Acrobat or Reader, you’ll be getting and wanting an update.

Today we are fixing the Microsoft zero day MSHTML vulnerability I wrote about the other day. If you used the registry key to protect yourself, when I give the all clear I’ll remind you to undo that.

One thing I’m not clear on from initial read of my usual sources of Dustin Childs and Bleeping computer is the situation with the print spooler. There are more print spooler bugs being fixed – but are they the ones we were concerned about that were carried over from prior months that kept me urging you to keep the print spooler service disabled? I’ll be digging into that question.

Stay tuned, deeper analysis by this weekend.

As always for those that DO have a backup, like to be the beta testers for the rest of us, do let us know of any issues you see. In the meantime I’ll be watching and accumulating the facts – and not the rumors – as we always do here on AskWoody.

—

Don’t forget to sign up for either the twitter alerts or the newly minted text alerts:

Want to get alerted when the AskWoody MS-DEFCON status changes?

MS-DEFCON Alert system

If you want to get alerted when the MS-DEFCON status changes there are two ways to do so:

Twitter:  https://twitter.com/defconpatch Sign up for twitter and follow that account. Then set up notifications in the twitter app so that you get alerted when the account tweets a change. COST:  free – other than now having a twitter account but I honestly find that some of the best security information and advice is freely given on twitter. You can also follow the official Askwoody twitter account as well.

Cell phone notifications via text:  You need to be a PLUS member to get the fullest benefit from this service.  We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. Click here to sign up. COST:  We ask a minimum of $1 a month to keep the lights on and the chipmunks powering the servers fed, but if you’d like to donate more to the cause we’d all be appreciative!

Security patches for Apple – Sept 13

Security patches for Apple:

https://support.apple.com/en-us/HT212807

Apple is patching two “in the wild” zero days – 1 in CoreGraphics (aka CVE-2021-30860) and 1 in WebKit (CVE-2021-30858)

Patches for iOS 14.8 and iPadOS 14.8

1 zero-day fixed in Security Update 2021-005 Catalina
2 zero-days fixed in macOS Big Sur 11.6

2 zero-days fixed in iOS and iPadOS 14.8

Judge halts over-the-air TV streaming by Locast

ISSUE 18.35 • 2021-09-13

PUBLIC DEFENDER

By Brian Livingston

A nonprofit organization that uses the Internet to stream live, over-the-air television signals to digital devices has suspended its service throughout the United States after a federal district-court judge ruled that the offering didn’t fully comply with an exception Congress wrote into the US Copyright Act.

Read the full story in the AskWoody Plus Newsletter 18.35.0 (2021-09-13).
This story also appears in the AskWoody Free Newsletter 18.35.F (2021-09-13).