News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: November 30, 2019

  • The web has a padlock problem

    Posted on November 30th, 2019 at 13:29 Kirsty Comment on the AskWoody Lounge

    Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

    Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

    HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

    Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.

    “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

    …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

    I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

    WSJ indicate the depth of the problem here:

    The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

    Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

    The padlock is putting users in danger

     
    We all need to get used to these changes, for our own safety.
     

  • Born: Here’s why the free upgrade from Win7 to Win10 still works

    Posted on November 30th, 2019 at 07:37 woody Comment on the AskWoody Lounge

    It’s one of the worst-kept secrets in the industry: You can still upgrade from a licensed copy of Win7 to Win10 for free.

    The how is easy: Almost everyone can upgrade using the Media Creation Tool. If you’re asked for a product key, use the one that came with your copy of Win7 (or 8.1). There are detailed instructions on Microsoft’s Answers Forum.

    But the why remains a tantalizing unknown. Günter Born has found a possible answer, in a Reddit post from a self-proclaimed Microsoft employee. Short version: The cutoff date was a marketing ploy that was easily bypassed anyway.

    Fascinating stuff.

  • Organizations with Enterprise E5 and Microsoft 365 E5 licenses will get one free year of extended Win7 updates

    Posted on November 30th, 2019 at 07:18 woody Comment on the AskWoody Lounge

    To quote the official FAQ:

    Starting June 1, 2019, EA and EAS customers who have active subscription licenses for Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, or Windows VDA E5 (as of January 14, 2020) receive Windows 7 Extended Security Updates (ESU) for Year 1 as a benefit. This limited-time promotion gives customers more options to continue receiving Windows 7 security updates after the end of support.

    Note
    This promotion is available only to volume licensing (VL) customers, and is not available through cloud service providers (CSP). This promotion does not apply to Academic SKUs.

    Not sure when that announcement first appeared, but it’s accurate as of Nov. 26.

    Thx @teroalhonen

  • A few notes about the Brave browser

    Posted on November 30th, 2019 at 07:02 woody Comment on the AskWoody Lounge

    I just started testing the Brave browser and I’m impressed.

    Built-in ad blocking. Tracker blocking (AskWoody still has some Twitter trackers, which I’m running down right now). Easy setup with the search engine of your choice. Chrome add-ons work. Much to like about this one.

    The ad block seems to work with all of the sites I visit normally. Ad blocking shouldn’t make any difference with AskWoody because we’re ad-free, but the ad-laden sites I’ve seen in the past couple of hours render correctly – and quickly.

    I’ll be setting up Brave Rewards shortly, so y’all can leave micro-tips, should you feel so inclined.

    Give it a shot and let me know what you think.