Apple zero days fixed – November 30, 2023

End of the month zero days for Apple
Apple pushed updates for 2 new zero-days that may have been actively exploited.

🐛 CVE-2023-42916 (WebKit),
CVE-2023-42917 (WebKit):
– iOS & iPadOS 17.1.2
– macOS Sonoma 14.1.2
– Safari 17.1.2

Link at the Apple site

MS-DEFCON 3: A slightly bumpy November

By Susan Bradley

For most Windows 10 and 11 users, including me, there have been no side effects as a result of November’s updates.

Nonetheless, there appear to be a few potholes in the road. That’s enough to make me cautious — I’m lowering the MS-DEFCON level to only 3.

One thing I did notice was updates taking more time to complete than usual — not a good sign. At the very least, it’s a good reason to take a look at the update history in Settings.

Anyone can read the full MS-DEFCON Alert (20.48.1, 2023-11-28).

Privacy is complicated

EDITORIAL

By Will Fastie

AskWoody spends a lot of time discussing matters of privacy and security.

It would be great if we could write one article that would serve as a permanent primer on the subject. Unfortunately, you know from decades of experience that the threat landscape changes constantly. We’re lucky if we can stay one step ahead of the bad guys.

Or, for that matter, the good guys, who seem hell bent on learning everything they can about us and using that information — for better or for worse.

Although a single primer seems an unreachable goal, we can offer some guidance around specific technologies. That’s the theme of this, our fall Bonus Issue. In the following four articles, Susan Bradley shares her thoughts and offers guidance to help you keep your personal information as private as possible, short of becoming a hermit on an isolated atoll in the remote Pacific. She covers privacy from the perspective of location, gadgets, the Web, and the PC.

Your patronage makes it possible to provide this bonus material, and more. Thank you for being a Plus member.

Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

Why do computers want my location?

PRIVACY

By Susan Bradley

On a regular basis, my phone and computers ask whether they can use my location.

iPhone apps, in particular, often generate multiple requests. To be fair, these annoying prompts are meant to alert you to the fact that the apps want your location for one reason or another.

But why do these apps need location information? Are they spying on you?

Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

Keeping gadgets talking and secure

PRIVACY

By Susan Bradley

I admit to being a lover of gadgets, from streaming audio devices to IoT sprinkler systems to dog-minding cameras.

I use all sorts of gadgets in my house. But when I do, I understand two things. First, I must choose the device carefully, read the entire end-user license agreement, and determine whether I will accept the risks.

Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

Spying or helpful? You decide.

PRIVACY

By Susan Bradley

Years ago, my girlfriend had her first baby.

Suddenly, I found myself sitting in front of my computer, searching only for baby bottles, baby clothes — everything baby-related.

Milliseconds later (at least it seemed that fast), I was receiving mail for everything baby-related. Clearly, my online activity was being tracked, but I was missing the prominent online notices explaining how I could opt out.

Then something really weird happened. That baby got a bit older. When he became a toddler, the marketing machine made sure I heard about the perfect baby pull-up pants. He hit kindergarten and I learned about all the books he needed to read.

Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

Hardening for privacy

PRIVACY

By Susan Bradley

Privacy means different things to different people.

At the office, we want to keep our information private from certain individuals and certain departments, but not from ultimate business needs.

In fact, we will often “spy” on our own employees. Want to know exactly what your users in the office do? Consider an analytics app such as ActivTrak to monitor the productivity of employees.

Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

Thank you to all the readers and supporters

As this is the American day of Thanksgiving, I’d like to give thanks to all the readers and supporters!  We wouldn’t be here without you!

I’d also like to thank you for being a bit more aware, a bit more savvy, a bit less prone to scams and fraud. Take this holiday season when you interact with others to educate others about the latest frauds and scams. The Holiday season is always a time when you can get sucked into online shopping scams.

This year I’m not doing any major technology migration projects this weekend, but I am going to be hanging up the Christmas lights and decorations. In addition to making sure Alexa still turns on the Christmas lights in unison, I had to debug why my garland wasn’t lighting up properly in anticipation of hanging it up. Amazing how many burnt-out light bulbs can hide in the garland!

Here’s hoping all of your Burnt-out lightbulbs are easily found this holiday season.

And again, thank you for being here!

SlickRun — A powerful way to launch anything

FREEWARE SPOTLIGHT

By Deanna McElveen

We all have that handful of programs that get installed on every new computer. Now we have another.

Eric Lawrence, a developer hailing from Texas, has created a very nifty, free program called SlickRun that is so intuitive and so, well, slick that you will be using it in no time. SlickRun is so powerful that once you get it customized to your liking, it will become second nature.

Things like “intuitive,” “slick,” “nifty,” “powerful,” and “free” are the sort of descriptors that find themselves on Deanna’s list of always installed software

Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).
This story also appears in our public Newsletter.

Microsoft adopts passkeys in Windows 11 — death to passwords!

PUBLIC DEFENDER

By Brian Livingston

When Microsoft enhanced Windows 11 in a September 2023 update to support “passkeys” — a more secure form of authentication — it signaled the beginning of the end for insecure and hard-to-remember passwords.

To create a passkey, you simply use whatever method unlocks your devices: a character-based PIN, your face, a fingerprint, or what have you. You then visit any website or other remote service that’s passkey-compatible. The server exchanges with your device an “authentication token.” This uniquely identifies you and the device you are using to sign in.

The token is a private/public key pair. Your PIN, photo, or fingerprint is never sent across the network, where it could be intercepted by man-in-the-middle attacks.

Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).

A serving of zero days

PATCH WATCH

By Susan Bradley

In a lighter-than-usual November release, Microsoft is patching 63 vulnerabilities, including three already under targeted and limited attacks and three deemed critical.

Even though you and I will see the same number of patch installs, the number of underlying vulnerabilities for the month is down compared to past years. But that doesn’t mean you should change how you install updates — wait to see what side effects may occur, my usual recommended practice.

Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).

Need to uninstall an update?

It’s really easy to uninstall an update and then pause updates while we investigate what’s going on with the patches. Remember I have NOT approved installing updates at this time and if you have installed them and are seeing interactions with third party menu or file explorer programs you can uninstall the updates.

I’ve uploaded a video here of the process for both Windows 10 as well as Windows 11. Once you’ve uninstalled the update, don’t forget to pause updates so that it won’t attempt to reinstall again tomorrow.

If you HAVE installed the updates and are not seeing issues, keep them installed. If you haven’t yet installed the updates, remember I have not changed my recommendations at this point in time, I’m still in pause mode and I’m personally testing and monitoring for issues.

Got questions?  Ask in the forums!