Newsletter Archives
-
Passwords don’t work — until they do
ON SECURITY
By Susan Bradley
Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.
The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.
Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).
-
Finding good security information
ON SECURITY
By Susan Bradley
I do this so you don’t have to.
And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.
Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.
Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
-
Brute force vs. local admins
ON SECURITY
By Susan Bradley
Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover the Local Administrator account’s password.
The company introduced a new policy that provides “account lockouts for Administrator accounts.” Beginning with the October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable Local Administrator account lockouts. As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.
Read the full story in our Plus Newsletter (19.43.0, 2022-10-24).
-
When newer isn’t more secure, or better
ON SECURITY
By Susan Bradley
It’s a dirty little secret in software — when new code is added to existing code, it doesn’t always result in a more secure system.
Let me give you a specific example. Recently, Microsoft announced that there had been targeted attacks against ten organizations using fully patched Exchange servers. To gain access, the attackers needed rights on the server.
That meant they had already employed a successful phishing attack.
Read the full story in our Plus Newsletter (19.41.0, 2022-10-10).
-
Securing Windows 11 with 22H2
ISSUE 19.40 • 2022-10-03 ON SECURITY
By Susan Bradley
The recent Windows 11 update brings more security features, but with a big caveat — only users with specific license levels benefit.
In addition, hardware requirements are tighter; I’ll discuss those shortly.
I’ve received some key questions about Windows 11 from our readers, and I’m going to take the opportunity to answer some of those in this column.
Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).
This story also appears in our public Newsletter. -
Keeping out the bad applications
ON SECURITY
By Susan Bradley
Both Microsoft and Apple are trying to tackle an ongoing problem that plagues us — keeping our systems secure and protected.
But the vendors are not tackling the problem in the same ways.
Apple has a huge user base of small devices, especially the iPhone, which provide the user with instantaneous access to real-time human interaction. Microsoft, on the other hand, has a huge user base of “traditional devices” (e.g., PCs) that certainly connect to the Internet but don’t involve phone calls, text messages, or anything else — such as FaceTime, the built-in visual medium.
Although the companies share the overall security challenge, their approaches are different.
Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).
-
Do you need to encrypt your data?
ON SECURITY
By Susan Bradley
Encryption can protect your data, but sometimes it can block you from it.
Let’s get some facts. Encryption, when done right, protects your data at rest. If an attacker breaks into my house but does not know the username and password of the laptop I keep there, access attempts will fail.
But if that computer is running, it’s a different story. If I’m doing any sort of data transmission, such as interacting with a website or handling email, data is vulnerable unless I’ve taken separate steps to encrypt those processes.
Read the full story in our Plus Newsletter (19.36.0, 2022-09-05).
-
Check the health of your systems
ISSUE 19.36 • 2022-09-05 ON SECURITY
By Susan Bradley
It’s time to ensure your computer is sound, the operating system is healthy, and your system is backed up.
Why? Because a feature release is right around the corner: 22H2 for both Windows 10 and Windows 11 is due shortly. It’s not that I recommend that you move to those versions, at least not right away. But if you do decide to move ahead, it’s critical to be sure to do so safely, with your ability to retreat secured.
Read the full story in our Plus Newsletter (19.36.0, 2022-09-05).
This story also appears in our public Newsletter. -
Ready to patch your car?
ON SECURITY
By Susan Bradley
Recently, I lamented having to get rid of an older automobile that had very little in the way of technology.
As I mentioned in that post, the technology (if you can call it that) consisted of a CD-ROM player, an ordinary radio, a cigarette lighter, and an auxiliary port. It certainly didn’t have the newfangled automobile technology available in almost every vehicle today. The newer the car, the more likely it is to have a technology-infused dashboard as well as out-of-sight processing power under the hood.
Read the full story in our Plus Newsletter (19.35.0, 2022-08-29).
-
The Ransomware Task Force’s advice needs work
ON SECURITY
By Susan Bradley
A few weeks ago, the Ransomware Task Force (RTF) released the Blueprint for Ransomware Defense.
The RTF was created by the Institute for Security and Technology (IST) in April 2021 in response to the emerging national and economic security risk posed by ransomware.
Unfortunately, I find the advice and information contained in the Blueprint centered too much on large enterprises and not enough on the broader audience it was supposedly targeting. Unquestionably, outages and stolen data for large enterprises can have a huge effect on large groups of people, but the Small Business Administration points out that there are 32 million small businesses — and we all can agree they have fewer resources to fend off attacks.
From my perspective, something very big is missing: detection.
Read the full story in our Plus Newsletter (19.34.0, 2022-08-22).
-
Can you trust technology?
ON SECURITY
By Susan Bradley
The other day, a reader asked why I use a Lenovo laptop, expressing concern that it was built overseas and contained sensitive technology.
He noted that the US Department of Defense had recommended that its divisions stop buying technology that included components suspected of containing (or known to contain) spying capabilities.
Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).
-
Do we really want (or need) Windows 12?
PATCH WATCH
By Susan Bradley
The famous old idiom “moving the deckchairs around on the Titanic” is sometimes applied to technology.
Even though the saying usually implies the futility of a particular action, it often conjures up to me a technology company doing something — anything — to encourage us to purchase more of their product — or at least the latest, so-called greatest version. In my experience, it’s not what we really want but what the vendor thinks we need.
Case in point? Rumors are flying that Windows 12 is just around the corner.
Read the full story in our Plus Newsletter (19.30.0, 2022-07-25).