Newsletter Archives
-
Is online banking secure?
ON SECURITY
By Susan Bradley
Over the past few years, banks have been increasing their online footprint.
From mobile banking with cell phones to remote depositing with check scanners, banking has drastically changed. Some of the changes are forced on us due to the changing hours of operation at our local banks, but some of the changes enhance our ability to get our funds where we want them to be.
Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
-
Is Secure Boot important for security?
ON SECURITY
By Susan Bradley
During the last few months, some chinks have appeared in Secure Boot’s armor as the result of various attacks and vulnerabilities.
Let’s go back in history and understand how we got here.
When a computer boots up, and before the operating system is launched, other code runs. For many years, that was the Basic Input/Output System (BIOS) pioneered by IBM in the original IBM PC. Unfortunately, inventive attackers found ways to permanently install malicious code as part of this launch sequence.
Read the full story in our Plus Newsletter (20.21.0, 2023-05-22).
-
Planning for the final digital divide
ON SECURITY
By Susan Bradley
In a letter to Jean-Baptiste Le Roy in 1789, Benjamin Franklin wrote a phrase that has often been repeated ever since.
Most of us don’t realize that his comment started with a mention of the recently signed U.S. Constitution, but instead remember only the final part of his saying.
Read the full story in our Plus Newsletter (20.19.0, 2023-05-08).
-
The problem with local administrator accounts
ISSUE 20.17 • 2023-04-24 Look for our BONUS issue on Monday, May 1, 2023! ON SECURITY
By Susan Bradley
Microsoft doesn’t want you to use a local administrator account, whether in a consumer or a business edition of Windows.
But depending upon which sort of user you are, the company is taking two different approaches to “encourage” you to stop using local accounts.
Read the full story in our Plus Newsletter (20.17.0, 2023-04-24).
This story also appears in our public Newsletter. -
Who controls our tech?
ON SECURITY
By Susan Bradley
The other day I spotted a USA Today article by Kim Komando about how to ensure Chinese tech wasn’t spying on you.
She wrote: “Know that there are plenty of allegations that the companies below have government ties, but it’s up for debate how much the Chinese government is genuinely involved in operations. I’m sharing this to help you make more informed decisions on what you purchase and use daily.”
I think her view is far too simplistic.
Read the full story in our Plus Newsletter (20.13.0, 2023-03-27).
-
When you are flagged as malicious
ON SECURITY
By Susan Bradley
We rely too much on automated reporting in our security solutions.
Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.
Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.
Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).
-
Being legal, supported, and secure
ON SECURITY
By Susan Bradley
Who regulates your software decisions?
As an operating system comes to the end of its life span, we users have to decide what to do with our technology. Do we continue using it as is, with no consideration of risks? Do we stop using the technology and look for alternatives? Or do some of us do a combination of both?
With proprietary software, our decisions are often driven by what type of customer we are.
Read the full story in our Plus Newsletter (20.09.0, 2023-02-27).
-
Which antivirus solution is the best?
ON SECURITY
By Susan Bradley
Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.
Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.
Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).
-
Passwords don’t work — until they do
ON SECURITY
By Susan Bradley
Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.
The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.
Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).
-
Finding good security information
ON SECURITY
By Susan Bradley
I do this so you don’t have to.
And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.
Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.
Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
-
Brute force vs. local admins
ON SECURITY
By Susan Bradley
Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover the Local Administrator account’s password.
The company introduced a new policy that provides “account lockouts for Administrator accounts.” Beginning with the October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable Local Administrator account lockouts. As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.
Read the full story in our Plus Newsletter (19.43.0, 2022-10-24).
-
When newer isn’t more secure, or better
ON SECURITY
By Susan Bradley
It’s a dirty little secret in software — when new code is added to existing code, it doesn’t always result in a more secure system.
Let me give you a specific example. Recently, Microsoft announced that there had been targeted attacks against ten organizations using fully patched Exchange servers. To gain access, the attackers needed rights on the server.
That meant they had already employed a successful phishing attack.
Read the full story in our Plus Newsletter (19.41.0, 2022-10-10).