News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: October 23, 2018

  • Patch Lady – 31 days of Paranoia – Day 23

    Posted on October 23rd, 2018 at 23:36 Susan Bradley Comment on the AskWoody Lounge

    Small and even medium sized businesses often use consultants to help them in their network and security setups.  Recently the US computer emergency readiness team showcased that these very consultants are being targeted.  Often Managed Service Providers use remote management tools to remote into systems.  Attackers are using phishing attacks, going after remote portals, or attacking the software that MSP’s use to gain control of their customer’s networks.

    While the recommendations that the US Cert have some merit, there are some suggestions that either don’t make sense, or miss a step.  One of them I would add is multi factor authentication to remote access solutions to ensure that any new or unusual remote access demands a code verifier from a cell phone or other two factor means. Also the other recommendation that doesn’t make sense is the recommendation that MSP accounts don’t have domain administrator access.  Especially with smaller firms that are monitored by MSP’s, that’s the entire point… they often are the remote domain administrators.

    If you are a small business that relies on consultants, send them that link and ask them…what are you doing to ensure that you are not targeted to that I am not targeted?  And ask them if they have a technology checklist they can share with you.

  • Patch Lady – 31 days of Paranoia – Day 22

    Posted on October 23rd, 2018 at 00:56 Susan Bradley Comment on the AskWoody Lounge

    We come to our 22nd day of paranoia and today is about a topic that is near and dear to many of you….. end user license agreements.  Those statements that vendors provide that we all click through and most of us don’t understand them, nor read them like we should.  The electronic foundation recaps most of the terminology that we miss, but there’s another end user license agreement issue that we often overlook.  One where the terms change and we don’t realize that it has changed:

    For example… let’s look at the Windows 10 end user license agreement.

    In Windows 10 the eula specifically says this:

    Section 2 c (v):
    use the software as server software, for commercial hosting, make the software available for simultaneous use by multiple users over a network, install the software on a server and allow users to access it remotely, or install the software on a device for use only by remote users;

    Windows 8.1 Pro the eula says this:
    The software is not licensed to be used as server software or for commercial hosting, so you may not make the software available for simultaneous use by multiple users over a network

    One could argue that the eula specifically disallows the ability to set up a headless Windows 10 machine that one can remote into and use remotely.

    Given that they have announced a Microsoft virtual desktop hosted on Azure, you can see that’s where they want the remote experience to be.

    Bottom line, never assume that end user license agreements are static.  They can be updated with newer terms.  Keep reading ….and keep reading between the lines… as necessary.