Newsletter Archives

• Is online banking secure?

  Posted on May 29, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Over the past few years, banks have been increasing their online footprint.

  From mobile banking with cell phones to remote depositing with check scanners, banking has drastically changed. Some of the changes are forced on us due to the changing hours of operation at our local banks, but some of the changes enhance our ability to get our funds where we want them to be.

  Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).

  On Security Banking, Credit cards, Debit cards, Newsletters, Online Banking, Patch Lady Posts, Payment Processing

• Is Secure Boot important for security?

  Posted on May 22, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  During the last few months, some chinks have appeared in Secure Boot’s armor as the result of various attacks and vulnerabilities.

  Let’s go back in history and understand how we got here.

  When a computer boots up, and before the operating system is launched, other code runs. For many years, that was the Basic Input/Output System (BIOS) pioneered by IBM in the original IBM PC. Unfortunately, inventive attackers found ways to permanently install malicious code as part of this launch sequence.

  Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).

  On Security IPSec, Microsoft Outlook, Newsletters, Patch Lady Posts, Secure Boot, VPN

• Planning for the final digital divide

  Posted on May 8, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  In a letter to Jean-Baptiste Le Roy in 1789, Benjamin Franklin wrote a phrase that has often been repeated ever since.

  Most of us don’t realize that his comment started with a mention of the recently signed U.S. Constitution, but instead remember only the final part of his saying.

  Read the full story in our Plus Newsletter (20.19.0, 2023-05-08).

  On Security Credentials, Death, Digital assets, Newsletters, Patch Lady Posts, Personal Media, Taxes

• The problem with local administrator accounts

  Posted on April 24, 2023 at 02:45 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 20.17 • 2023-04-24

  Look for our BONUS issue on Monday, May 1, 2023!

  ON SECURITY

  

  By Susan Bradley

  Microsoft doesn’t want you to use a local administrator account, whether in a consumer or a business edition of Windows.

  But depending upon which sort of user you are, the company is taking two different approaches to “encourage” you to stop using local accounts.

  Read the full story in our Plus Newsletter (20.17.0, 2023-04-24).
  This story also appears in our public Newsletter.

  On Security Administrator account, LAPS, local account, Local administrator account, Microsoft Account, Newsletters, Patch Lady Posts

• Who controls our tech?

  Posted on March 27, 2023 at 02:41 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  The other day I spotted a USA Today article by Kim Komando about how to ensure Chinese tech wasn’t spying on you.

  She wrote: “Know that there are plenty of allegations that the companies below have government ties, but it’s up for debate how much the Chinese government is genuinely involved in operations. I’m sharing this to help you make more informed decisions on what you purchase and use daily.”

  I think her view is far too simplistic.

  Read the full story in our Plus Newsletter (20.13.0, 2023-03-27).

  On Security China, Foxconn, Lenovo, Microsoft Telemetry, Newsletters, Packet sniffers, Patch Lady Posts, Windows 10, Windows 11

• When you are flagged as malicious

  Posted on March 6, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  We rely too much on automated reporting in our security solutions.

  Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.

  Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.

  Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).

  On Security Abuse Reporting, false positive, Flagged websites, Newsletters, Patch Lady Posts, security

• Being legal, supported, and secure

  Posted on February 27, 2023 at 02:43 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Who regulates your software decisions?

  As an operating system comes to the end of its life span, we users have to decide what to do with our technology. Do we continue using it as is, with no consideration of risks? Do we stop using the technology and look for alternatives? Or do some of us do a combination of both?

  With proprietary software, our decisions are often driven by what type of customer we are.

  Read the full story in our Plus Newsletter (20.09.0, 2023-02-27).

  On Security Licensing, Newsletters, Patch Lady Posts, Risk, Software, updates

• Which antivirus solution is the best?

  Posted on February 13, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.

  Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.

  Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).

  On Security antivirus, Newsletters, Patch Lady Posts, security, Software

• Passwords don’t work — until they do

  Posted on January 30, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.

  The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.

  Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).

  On Security Hardware Keys, Newsletters, passwords, Patch Lady Posts, security, Security Tokens

• Finding good security information

  Posted on December 26, 2022 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  I do this so you don’t have to.

  And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.

  Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.

  Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).

  On Security Newsletters, Patch Lady Posts, security, Sources

• Brute force vs. local admins

  Posted on October 24, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover the Local Administrator account’s password.

  The company introduced a new policy that provides “account lockouts for Administrator accounts.” Beginning with the October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable Local Administrator account lockouts. As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.

  Read the full story in our Plus Newsletter (19.43.0, 2022-10-24).

  AskWoody Plus Newsletter, On Security Administrator account, AskWoody Plus Newsletter, Brute-force cracking, local account, On Security, Patch Lady Posts

• When newer isn’t more secure, or better

  Posted on October 10, 2022 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It’s a dirty little secret in software — when new code is added to existing code, it doesn’t always result in a more secure system.

  Let me give you a specific example. Recently, Microsoft announced that there had been targeted attacks against ten organizations using fully patched Exchange servers. To gain access, the attackers needed rights on the server.

  That meant they had already employed a successful phishing attack.

  Read the full story in our Plus Newsletter (19.41.0, 2022-10-10).

  AskWoody Plus Newsletter, On Security AskWoody Plus Newsletter, Exchange, Patch Lady Posts, System upgrades
• « Older Entries