Newsletter Archives

• Minor Lounge Button Tweaks

  Posted on January 5, 2021 at 01:15 CST by Kirsty • Comment in the Forums

  A long time ago when the Lounge was new, our wish list included having the Lounge posts with Reply, Thanks and Quote buttons in the header row of each post, and the Report button at the bottom. In the meantime, we have all got used to how we were forced to have it.

  Well, we now have the tools to make those wanted changes, which have just been activated.

  We are aware that some of us will be in the habit of the old button locations, and that this may be a bigger issue for those with sight impairments of varying degrees.

  We hope this change is found to be usable, and not too disorientating, in the short-term.

   
  UPDATE:
  The feedback received has been firmly on the idea that the header buttons should be in the footer, and vice versa. So we’re going to give this a try – Reply, Thanks and Quote in the Footer, with Report in the Header.
  Keep that feedback coming, please!

  AskWoody AskWoody Lounge

• Today’s the day – Flash EOL has arrived

  Posted on December 30, 2020 at 18:02 CST by Kirsty • Comment in the Forums

  Today’s the day – Flash EOL has arrived

  Back in 2017, Adobe announced it was “planning to end-of-life Flash”. Yes, this has been posted about before… Well, the time has now come. Pop-ups have been seen in those machines still using it, for a bit now.

  If you have questions about what happens next, Adobe has a page full of questions and answers here.

  If you’re looking for articles on how to uninstall, check out Martin Brinkmann’s ghacks post.

  (and yes, only half the world is having New Year’s Eve already – Happy New Year to all)

  Security EOL, Flash

• Windows 7 “not dead yet”

  Posted on December 30, 2020 at 17:34 CST by Kirsty • Comment in the Forums

  Nearly a year after Win7’s EOL, Ed Bott has been diving into how many might still be using the OS. He hints it’s a big number.

  …as December 2020 draws to a close, the proportion of PCs running Windows 10 has gone up 12%, to 87.8%; the Windows 7 count has dropped by more than 10 points, to 8.5%, and the population of Windows 8.x holdouts has shrunk even further, to a minuscule 3.4%
  …
  If my calculations a year ago were on the mark, that means more than 100 million Windows PC were retired, recycled, or upgraded in the past 12 months.

  It is somewhat reassuring to hear that WinXP is now in the region of a “fraction of a rounding error”. And of course, that doesn’t quantify how many of those Win7 machines are or aren’t enrolled in the ESU program.

  You can read Ed’s write-up on Zdnet here.

  Windows 10, Windows 7, Windows News Ed Bott, Win7 EOL, Win7 ESU, Win7 market share, Windows market share

• SetUp Guides for Microsoft 365 – request for feedback

  Posted on November 30, 2020 at 21:24 CST by Kirsty • Comment in the Forums

  Are you an IT Admin that sets up Microsoft 365 / Office 365 services? If you are, @mikebailey2000 is looking for feedback on SetUp Guides.

  Mike’s a Microsoft Program Manager. It’s great to welcome his interest in the opinion of our members.

  Please, head over to Mike’s first post here at AskWoody, wish him a very warm AskWoody welcome, and help him to improve the setup guides. He explains the limitations on accessing the documents.

  Office Microsoft 365, Office 365, Setup Guides

• Adobe license revoked … Hello, Updated Terms

  Posted on May 8, 2020 at 15:21 CDT by Kirsty • Comment in the Forums

  Yesterday, while busy working in Adobe Acrobat Pro (as part of Creative Suite 6), I had an unwelcome pop-up appear while I was in a hurry, telling me that my license had been revoked, and that to continue working on the document that my client was waiting for, I had to re-enter the software’s license number.

  This isn’t a cloud product with a dreaded monthly fee, but one of those where I paid a pretty penny for the software in advance, and don’t owe the company to be able to use it after that purchase.

  Finding the license number slowed me down a little. Then when I entered it, I was advised that a log-in was required or I would be in demo mode for up to 7 days, when it would again fail. I had to waste more time searching out the log in details, and in that log-in process, I received a screen headed Updated Terms – accept or else. I was rushing, and flustered. You can imagine how much time I had to read screeds of legalese.

  Now, this isn’t the first time I’ve had an issue with Adobe needing to have the license number reinstalled to take me out of demo mode for a paid suite, usually at an equally inconvenient moment. But I did wonder if I was the only one getting a license revoked pop up now.

  A little searching led me to find:

  Adobe General Terms of Use

  Published March 16, 2020. Effective as of April 16, 2020. These Terms replace and supersede all prior versions.

  THE MANDATORY ARBITRATION PROVISION AND CLASS ACTION WAIVER IN SECTION 14 (DISPUTE RESOLUTION) BELOW GOVERN THE RESOLUTION OF DISPUTES. PLEASE READ THEM CAREFULLY. IF YOU DO NOT AGREE WITH THE MANDATORY ARBITRATION PROVISION AND CLASS ACTION WAIVER IN THE TERMS, PLEASE DO NOT USE THE SERVICES OR SOFTWARE.

  Yes, I have been using the product since April 16th. So why now?! Have you seen this?

  If you’d like to read the new terms, you can find them here

  Other Adobe, Adobe Acrobat, terms of service

• Plea for spare computing power in new disease therapies

  Posted on March 4, 2020 at 01:15 CST by Kirsty • Comment in the Forums

  Until today, I’d heard of distributed computing but I hadn’t heard of Folding@Home.

  From their website:

  Folding@home is a project focused on disease research. The problems we’re solving require so many computer calculations – and we need your help to find the cures!

  Naturally, they are now focused on Covid-19.

  By downloading Folding@Home, you can donate your unused computational resources to the Folding@home Consortium, where researchers working to advance our understanding of the structures of potential drug targets for 2019-nCoV that could aid in the design of new therapies. The data you help us generate will be quickly and openly disseminated as part of an open science collaboration of multiple laboratories around the world, giving researchers new tools that may unlock new opportunities for developing lifesaving drugs.

  Elly posted about this in the Lounge this afternoon, with their plea for computing resources, along with a good deal of relevant information. Check out her post: Assist COVID19 Researchers.
  Thanks Elly!

  Other COVID-19, Distributed Computing, Open Science

• Nearly time to start tracking Santa again

  Posted on December 24, 2019 at 01:42 CST by Kirsty • Comment in the Forums

  While children, young and old, are readying the milk and cookies for Santa in New Zealand and Australia right now (where it is already Christmas Eve), Norad and Google are readying their trackers, so we can track the progress of Santa Claus and his eight Reindeer.

  You can also follow the Norad Tracks Santa Twitter account!

  #NORAD was just informed #Santa checked the time at the Clock Tower in his North Pole Village! He is getting ready for his magical journey around the world! https://t.co/gSvRD6ezKo#NoradTracksSanta #SantaTracker #NoradSanta #ChristmasEve #Christmas

  — NORAD Tracks Santa (@NoradSanta) 24 December 2019

  From all of us here at AskWoody, Merry Christmas to one and all.

  Other christmas, Norad, Santa Tracker, seasons greetings

• The web has a padlock problem

  Posted on November 30, 2019 at 13:29 CST by Kirsty • Comment in the Forums

  Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

  Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

  HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

  Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.
  …
  “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

  …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

  I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

  WSJ indicate the depth of the problem here:

  The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

  Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

  The padlock is putting users in danger

   
  We all need to get used to these changes, for our own safety.
   

  On Security, Security Browser security, phishing

• When Windows 10 Feature Updates don’t go smoothly

  Posted on November 15, 2019 at 21:45 CST by Kirsty • Comment in the Forums

  Last weekend, I decided to bite the bullet and update a Win10-1803 Pro machine to Win10-1809, using Windows Update. I’d taken a system image backup, and as it wasn’t my production machine, I wasn’t too worried.

  This machine is under a year old, a purchase necessary when a hardware failure put paid to my trusty Win7 Pro laptop. It allows me to work more than I can manage at my desktop, and does most of the hard yards online, especially here.

  Windows Update installed 1809 x64 2019-10B – this was before Woody changed MS-Defcon from 4 to 2. It took 20 minutes to Prepare to Install, and nearly 2 hours to download, and several hours to install.

  Needless to say, it didn’t go to plan… The first indication of a problem was after several hours of installing, when a blue screen appeared bearing the words “Stopcode” and “Bad Pool Header”. It restarted, still on 1803, pending install. It continued installing. Eventually it restarted, and I was able to see KB 4521862 and KB 4519338 had installed – along with a bunch of drivers being updated, when the Pro settings were not to download drivers from Windows. I also noticed I hadn’t had to reset the Metered Connection settings to allow the update to download!

  After it finished its update, it wasn’t working properly. It looked fairly normal, but restarting started problems – none of the visible desktop items actually worked – not the Start button, any of the TaskBar icons, or anything other than the Ctrl>Alt>Del routine.

  I tried Sign Out. It took ages. It caused a loop of: Hi; We’re getting everything ready for you; This might take several minutes – don’t turn off your PC (that part remained until it got to Hi again); Leave everything to us; Windows stays up to date to help protect you in an online world; Making sure your apps are good to go; It’s taking a bit longer than expected, but we’ll get there as fast as we can. This loop took 5 minutes to restart, again, and again, and again.

  It had been over 12 hours since the process started at this point. As I had to do my day job, I just left it chugging away in the background while I got on with earning an income. Over 5 hours later, it finally came up for air – a desktop, but still not functioning.

  Along the way, I saw various errors:
  Error 0x80072EE7
  The gpsvc service failed the sign-in – access is denied
  windows\system32\config\systemprofile\desktop is unavailable

  To add to my woes, it wanted to restart itself again, where it re-entered the 5+ hour loop. I still had work to get done, so I just let it be. No stopcodes this time, but still it didn’t work.

  I couldn’t access safe mode, even with Recovery Tool USB access. Start Up Repair “couldn’t fix [the] PC”. Using the Recovery Tool, I was able to access the Command Prompt, where SFC /SCANNOW reported “Not enough memory resources are available to process this command” the first time, and then, after it went through 100%, “Windows Resource Protection could not perform the requested operation”. Attempting to use Restore Points was another failure – they were listed, but “unavailable”.

  At this time, I decided it was time to try to restore the system image. Again, the gpsvc error. Apparently there had been some issue prior to the update attempt? I had to put it aside for a few days, until I got time to address it properly. By this stage, I was heading for an ISO file on a USB stick. This laptop now needs to be reset from the ground up, going back over all the metered connection, deferred updates, Customer Experience, Start Menu apps settings etc. etc. etc. – and I’m sure there’ll be something important I forget!

  Having got the ISO installed, I was able to run SFC / SCANNOW and DISM /Online /Cleanup-Image /RestoreHealth. All 100% clear, thank goodness.

  There are only 5-6 programs to reinstall. If this had been a production machine, I’d have dozens of programs to have to reinstall. It’s still going to take another day or two until I get it back to normal, as I have other things I need to prioritize. If I’m a bit cranky this weekend, you now know why!

  I’m really lucky I have a wealth of knowledge, support and expertise here at my disposal. A normal home user would have ended up paying for professional technical support, and if it had been my production machine, would have resulted in a loss of chargeable hours. I’m counting my blessings!

  Upgrading, Windows 10 feature update, ISO, Windows Update

• BlueKeep exploitation expected soon

  Posted on July 23, 2019 at 02:59 CDT by Kirsty • Comment in the Forums

  Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.

  BlueKeep Warning: someone published a slide deck explaining how to turn the crash PoC into RCE. I expect we'll likely see widespread exploitation soon.https://t.co/MG2IZfy5B5

  — MalwareTech (@MalwareTechBlog) July 22, 2019

  Dan Goodin‘s article on ArsTechnica.com is fairly succinct:

  BEWARE OF WORMABLE EXPLOITS —
  Chances of destructive BlueKeep exploit rise with new explainer posted online

   
  We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.

  Are you protected?

   
  UPDATE:
  Kevin Beaumont is also warning about a more imminent threat from BlueKeep

  I've updated this thread with @0xeb_bp's #BlueKeep exploitation technical document, newly released today – it shows how to reach UAF. The bar for (unreliable) public exploitation POC is lowering significantly. https://t.co/UX1ujWaQik

  — Kevin Beaumont (@GossiTheDog) 23 July 2019

  Security, Windows Patches/Security BlueKeep, wormable

• 16-year U.S. data leakage: KrebsOnSecurity

  Posted on May 24, 2019 at 18:16 CDT by Kirsty • Comment in the Forums

  Security supremo Brian Krebs has published details of a long-standing data leak he stemmed this week:

  The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
  …
  I should emphasize that these documents were merely available from First American’s Web site; I do not have any information on whether this fact was known to fraudsters previously, nor do I have any information to suggest the documents were somehow mass-harvested (although a low-and-slow or distributed indexing of this data would not have been difficult for even a novice attacker).

  See Brian’s blogpost “First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records” for details.

  Other data breach

• WhatsApp spyware vulnerability

  Posted on May 14, 2019 at 03:13 CDT by Kirsty • Comment in the Forums

  WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I trust you’ll encourage them to make sure they’re up-to-date too.

  From theguardian.com:

  Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.

  Other spyware, WhatsApp
• « Older Entries