• The technology of cars

    As you well know, I’m a geek.  I love technology. Alexas surround me.  iPhones, iPads, Android tablets. But for many years I’ve had a car that was quite behind in technology.  As in it had a CD player and a stereo and an auxiliary jack and that was about it. Recently after having that car for many years (trust me I can’t name it because I’m still in mourning over having to finally let my head be more important than my heart) and now have “upgraded” to a used car that has many more features in the dash including bluetooth connection to my phone, as well as a Pandora app link. It does not have a SiriusXM link like my Dad’s newer Honda does. But one thing you find with technology in cars is beware that the vendor may not like it as much as you do. And thus, just like with computer technology, sometimes you have to find workarounds and alternatives.

    In my older car I was able to get Alexa to work in it quite reliably by using a Roav VIVA attachment and then connected it to a Bluetooth enabled AUX cable. So if I’ve forgotten to arm the House alarm I can say “Hey Alexa, tell Honeywell to set the alarm to away”. Note that Honeywell only lets you arm your House, not disarm it for safety reasons.

    On an occasional basis, I will have to resync up my Dad’s SiriusXM subscription as it falls off the Satellite. In going through the options for my “new” older car I noticed that some of it’s audio options no longer function as they originally were planned. Got an Onstar enabled car that dates from 2015 or before?  Guess what?  Due to 2G and 3G technology being out of date and retired, that feature is also going to be retired in older cars.  HondaLink App reviews are also showcasing that connecting TOO much and relying on an app that the vendor may not support well means you get frustrated.  Someone said… too bad it doesn’t have Apple Carplay and the problem with that is that it too will be obsolete at some point in time. Those vintage cars sold at Mecum Auctions – it will be interesting to see in the years ahead if our newfangled cars stay as valuable as those vintage ones do.

    And then of course there is the concern that any bit of tech can be used for nefarious purposes. Blackhat security conference has long had sessions about how hackers can break into remote starting cars or any number of issues.

    I am reminded by a quote from Brian in Pittsburgh… “The fun😐 thing about security problems going forward is that there will forever be new ones to worry about because developers are inherently more eager to create new functionality and get it out the door than they are to bake in good ways to prevent or restrict misuse.”

    So what technology in your car no longer works like it should?

  • Master patch list for August 9, 2022

    I’ve updated the Master Patch List tonight for today’s releases.

    So far we’re tracking some side effects with Excel patches. I’ll also have a full write up and details in Monday’s newsletter. I’m not seeing any OTHER major trending issues but it’s still a bit early. 

    Seeing issues with Outlook closing after launch in network settings. Not seeing it in standalone deployments with pop accounts.

    For those of you with Exchange servers, I’ll have a special section on concerns about this month’s updates for Microsoft’s on premises mail server.

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Long file names used in user redirected folders trigger issues

    Michael McElrath reported this yesterday and Born city follows up that after the Excel patch is installed that files with a long path length – meaning that the ending name and location of the file results in a LONG path, an error is reported.

    When he opens an excel file it will open from the desktop but not the redirected folder on a 2019 server.  The error is “The file format and extension of “file.xlsx” don’t match. The file could be corrupted or unsafe. Unless you trust it’s source, don’t open it. Do you want to open it anyway?”

    When he copied the file to other shared locations the issue went away so it looks like it’s a redirected folder issue.

    “If you shorten the file name it goes away.

    Follow up, I copied the file to several other shared locations on the server and it opened fine. It appears to be a User Redirected folder issue.

    Next, I changed the name from ‘longfilenameofexcelfile.xlsx’ to ‘shortname.xlsx’ and it worked fine. ‘shortername.xlsx’ also worked.

    The path is:

    \\Servername\FolderRedirections\username\Documents\Accounting\Banking\longfilenameofexcelfile.xlsx

    The file above it wouldn’t open either until I shorten the name to ‘Loan.xlsx’.

    It appears to be a path length problem.”

    It’s been reported on 2013 but I’d keep an eye out for 2016 as well.

    5002242 8/9/2022 Defer Security Excel 2013
    5002232 8/9/2022 Defer Security Excel 2016

    I am not using folder redirection here and with click to run Excel, I’m not seeing this issue so you may need to test to see if this applies to you.

  • It’s time for those August updates to be deferred

    Annnndddd here we go again….

    It’s Second Tuesday of the Month and Microsoft is releasing their updates:

    Remember first and foremost to always update your browsers so ensure Firefox, Chrome, Brave, Tor, Edge, Safari, whatever you use is up to date.

    Now onto the updates:  https://patchtuesdaydashboard.com/

    21 Critical

    2 already in the wild and exploited

    227 vulnerabilities patched

    The majority are “elevation of privilege” — translation the attackers want to get inside the office.

    I’ll link up more as we know it and in the meantime I’ll keep an eye out for side effects.

    Dustin Child’s zero day write up – https://www.zerodayinitiative.com/blog/2022/8/9/the-august-2022-security-update-review

    Dogwalk Zero day (the OTHER Microsoft support tool bug) got fixed

    There is a “Secure boot patch” I’ll be recommending you defer at least until we know more about it. Impacting all the way back to Windows 8.1.

     

  • The new privacy policy’s here! The new privacy policy’s here!

    newsletter banner

    ISSUE 19.32 • 2022-08-08

    LEGAL BRIEF

    Max Oppenheimer

    By Max Stul Oppenheimer, Esq.

    On July 26, Meta (aka Facebook) changed its privacy policy.

    So this is a good time to ask two questions: what’s in the new policy, and what should you do about it?

    You can find the new privacy policy here. Settle in — it’s enormous.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).
    This story also appears in our public Newsletter.

  • $52 billion for semiconductor giants — but will we get more chips?

    SILICON

    Brian Livingston

    By Brian Livingston

    President Joe Biden recently signed a $52 billion subsidy program for the semiconductor industry, within an overall $280 billion package called the Chips and Science Act, but will we see an easing of today’s maddening chip shortages any time soon?

    The short answer is “no,” but the reasons might surprise you — and you shouldn’t assume we’ll get no bang for our bucks at all.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • Restored desktop computers must work flawlessly

    HARDWARE

    Ben Myers

    By Ben Myers

    Test, test, and test again — just to be on the safe side.

    In my last article, I covered the basic and essential tests needed to assure that a computer was in generally sound operating condition. As the late-night TV pitchman always says: “But wait! There’s more!” More testing, that is.

    There are still electronics that need to be working right for the entire computer to be fully functional. Along the way, you need to do at least a visual inspection to see that all the ports and connectors — in back, in front, and even on top of a computer — are not damaged.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • Can you trust technology?

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    The other day, a reader asked why I use a Lenovo laptop, expressing concern that it was built overseas and contained sensitive technology.

    He noted that the US Department of Defense had recommended that its divisions stop buying technology that included components suspected of containing (or known to contain) spying capabilities.

    Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).

  • After you install updates that impact printers….

    I have several printers at home and several printers at the office.  Some drive me crazy, others are well behaved.  Generally speaking HP drive me crazy, Brother and Lexmark printers are more well behaved.  The big copiers/printers at the office that we lease are Ricohs and once you get the drivers just so most of the time we’ve left them to just do their thing.  But lately Microsoft has been working on security issues with the print spooler code that attackers use to gain access to our networks.  So our nice well behaved printers are now slightly driving us crazy as a result. .

    So, these days after updating, here are some steps I recommend that you review.

    • If you have it set up to be connected via a network connection, that is you have your printer on a wireless or wired connection and it normally is on a specific IP address, click on start, settings, devices, printers and scanners and review your printer setup.
    • First recommendation is to ensure that you have disabled the setting in Windows 10 where it decides what printer you are going to use. Ensure that “Let Windows manage my default printer” is NOT checked. Every time I’ve had this enabled, I end up with the wrong printer in use.

    • Next, I always set up my wired or wireless printers via tcp/ip address.  I will go into the settings and ensure that in settings, printers and scanners, click the printer name, click on manage, click on printer properties and then review the port setting.  Make sure it’s  set for IP address if you’ve set up the devices on the network.  You can determine what IP address by typically printing out a demo printer page from the printer itself. This will tell you what the IP address is. Then review the setting and make sure it’s set for an IP address that your printer has picked up from your router. Newer printers like to pick up a WSD port and I still have issues when I use that protocol.
    • If your printer is connected via USB the process is similar. Go into settings, then click on the printer name, click on manage, printer properties and review the port settings. Ensure that you see it connected to the proper USB port.
    • The next thing I do for any printer I set up is give them a reasonable printer name. So if it’s on my computer, I’ll rename it Susan’s Color printer rather than Lexmark HD-2425. This is especially handy when I have printers  remotely as well as locally and I need to know which one is which.

    Doesn’t everyone have a Barbie doll that is a Computer geek for decoration in their home office?

    If all of that was confusing to you, here is a video showcasing what I mean.

  • Two factor authentication – the old fashioned way

    Today I went to the bank to get something out of a lockbox at my bank. To gain access to the box I used …. what I’m going to describe as…. two factor authentication. I brought my key into the lockbox room; the bank employee had her key to unlock the safe. It took the two keys to open the door to the safety deposit box.  Earlier in the day we had to remember WHERE we had hidden the key for the lockbox in our house. (We finally found it after searching our brains and trying several locations).

    When I was inside the vault, I could tell that several safety deposit boxes had been drilled out as someone had forgotten where the keys were.

    Worse yet is when someone passes away and you don’t realize where all of the documents are stored. It reminded me to remind all of the readers to make sure you write down, document, talk to your heirs, pass along to your loved ones, all of the information that will be needed to get into the sensitive information no matter where it is stored. I have had to help friends who had loved ones reset passwords because they didn’t leave behind information on how to get into their computers and passwords.

    So just like the information in that bank vault, ensure that you protect sensitive information. But make sure that someone else knows how to access that sensitive information should they need to.

  • MS-DEFCON 2: Printing issues, again

    alert banner

    ISSUE 19.31.1 • 2022-08-04
    MS-DEFCON 2

    By Susan Bradley

    This time we’re forewarned, and the problem probably won’t affect many.

    Here we go again. Month after month this year, updates have affected printing in some way, and the side effects have ranged from minor to major (such as printers being completely disabled).

    Fasten your seatbelts anyway, although chances are that many of us won’t notice this side effect at all. In fact, the security fix causing this side effect has actually been installed on our systems for over a year. Starting with the July and August updates, “hardening” is finally being enabled. Still, prudence demands raising the MS-DEFCON level to 2.

    Anyone can read the full MS-DEFCON Alert (19.31.1, 2022-08-04).

  • August 2022 Office non-Security Updates have been released

    The August 2022 Office non-Security updates have been released Tuesday, August 2, 2022. They are not included in the DEFCON-4 approval for the July 2022 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Remember, Susan’s patching sequence and recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

    Office 2016
    Update for Microsoft Office 2016 (KB5002248)

    Office 2013
    Update for Microsoft Office 2013 (KB5002250)

    On April 10, 2018, Office 2013 reached End of Mainstream Support. Extended Support ended for Office 2013 on April 11, 2023.
    Office 2016 also reached  End of Mainstream Support on October 13, 2020. EOS for Office 2016 is October 14, 2025.

    Updates are for the .msi version (perpetual). Office 365 and C2R are not included.

    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday