Newsletter Archives
-
Is firmware patching important?
ON SECURITY
By Susan Bradley
Firmware patching has always been fraught with concern.
Until very recently, applying firmware updates often meant launching the update process from a DOS prompt. You often received warnings that if your computer lost power during the process, your machine might be bricked. This is such a daunting thought that, for servers, I would often update the firmware when I initially installed the server and never touch it again.
But firmware is nothing more than software, and — like every other kind of software these days — attackers find vulnerabilities in firmware. Recently, researchers found security issues in Lenovo consumer notebook firmware.
Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).
-
Gearing up for cyberwar
ON SECURITY
By Susan Bradley
Once upon a time, I used to publish maps showing the location of each water pump in the city where I live.
Fresno residents rely on the underground water supply and pump much of the drinking water from various wells throughout the city. And then Fresno — like every other city — realized that publishing information about critically important infrastructure items, such as drinking water, probably wasn’t wise. That was especially driven home after 9/11; governments realized that they were handing over helpful data to those who might use it to attack us.
Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).
-
Is this the end of the road for Windows 7?
ON SECURITY
By Susan Bradley
Vendors start to draw the line.
Ahh, Windows 7. I remember when you first came out. I remember when people hated — truly hated — your User Account Control (UAC) system that required administrator approval any time they wanted to do something that had been perfectly normal in Windows XP. I remember that UAC was so annoying that Apple lampooned it (more like harpooned it) in several of its famous Mac-versus-PC TV ads.
I went so far as having a cartoon made, urging people to “zip up” their UAC setting rather than disabling it, because I saw both users and administrators removing the UAC prompt entirely. But that represented a lowering of security for Windows 7. I thus urged people not to disable it, despite the annoyance. I told them to zip the slider all the way to the top. Remember the slider?
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).
-
Check your defenses
ON SECURITY
By Susan Bradley
On March 21, the US president issued a warning about the possibility of Russian cyberattacks against American businesses, an outgrowth of the conflict with Ukraine.
As part of the administration’s briefing on the topic, the White House issued a fact sheet, “Act Now to Protect Against Potential Cyberattacks.” The short document contains a list of recommendations, along with the exhortation: “We urge companies to execute the following steps with urgency.”
Here are some of those recommendations.
Read the full story in our Plus Newsletter (19.13.0, 2022-03-28).
-
Extra security for all your devices
ON SECURITY
By Susan Bradley
These days, I don’t have just traditional PCs that I must protect — I have iPads, iPhones, Kindles, Chromebooks, and others. And these don’t run Microsoft operating systems.
Not to pick on her, but my sister used to randomly surf with her Windows PC and, after searching, would end up with some sort of infection or malicious browser plugin. But when she did the same on her iPad or iPhone, I was spared the chore of cleaning up those devices — they were less targeted and less likely to end up compromised.
Read the full story in the AskWoody Plus Newsletter 19.09.0 (2022-02-28).
-
Falling for the click
ON SECURITY
By Susan Bradley
After watching the technology-related advertisements from this year’s Super Bowl, my takeaway was that we are a gullible population that will absolutely and utterly click on anything without verification.
For Super Bowl LVI, cryptocurrency companies were a major advertising presence. Coinbase ran an ad with a floating QR code moving around the screen. So many people scanned the QR code that Coinbase couldn’t handle the load, crashing the website and the app.
Read the full story in the AskWoody Plus Newsletter 19.08.0 (2022-02-21).
-
The other ransonware scam
ON SECURITY
By Susan Bradley
You can’t decrypt your way back to normal.
In addition to all the other irons I have in the fire, I help moderate a group that assists information technology professionals in dealing with ransomware as well as other security issues.
When people ask to join, we try to vet them as best as we can. The vast majority of people joining the group are consultants and firms in the “Managed Service Provider” category who assist small businesses with their technology needs. But there is a second group of people attempting to join, which I’m going to call “the other ransomware scammers.”
Read the full story in the AskWoody Plus Newsletter 19.05.0 (2022-01-31).
-
Twenty years of trustworthy computing
ISSUE 19.04 • 2022-01-24 ON SECURITY
By Susan Bradley
Are we more secure now?
It’s been 20 years since Bill Gates wrote the “trustworthy computing” memo and had Microsoft’s developers take a coding pause so they could be trained in how better to write secure software.
Twenty years later, are we more secure? Do you feel more secure?
I’m not sure I do. You know I watch this every hour of every day, and it sure feels like we are doing the same updating and patching dance over and over, without feeling more secure. We are promised that the hardware and software we buy will meet the safety promises. We certainly deserve that — period.
Read the full story in the AskWoody Plus Newsletter 19.04.0 (2022-01-24).
This story also appears in the AskWoody Free Newsletter 19.04.F (2022-01-24). -
Click-to-run dribbles out changes
ON SECURITY
By Susan Bradley
Office patches are handled differently than Windows patches, and they can be very disruptive as a result.
Microsoft always releases security patches for Windows on the second Tuesday of the month, no matter what the actual date. It’s the reason that this month’s updates haven’t yet arrived — today is December 13, and Patch Tuesday is December 14. We won’t receive security patches until tomorrow!
Read the full story in the AskWoody Plus Newsletter 18.48.0 (2021-12-13).
-
Why is printing so hard to get right?
ISSUE 18.45 • 2021-11-22 Look for our special issue on November 29! ON SECURITY
By Susan Bradley
I work in an industry that keeps promising we are going paperless, but we still find ways to kill trees. Even though I regularly print to PDF, I continue to print to various desktop and network printers.
Physical printing is still very important to me and many other professionals. Any problem with printing will affect productivity. Each month, when new updates come out, one of my top priorities is to test printing. Can I print? If I can, then I know I can keep the new patches installed. But why are we constantly fighting issues with printing, and why are we constantly patching our systems for printing?
Read the full story in the AskWoody Plus Newsletter 18.45.0 (2021-11-22).
This story also appears in the AskWoody Free Newsletter 18.45.F (2021-11-22). -
Security isn’t just a Microsoft thing
ON SECURITY
By Susan Bradley
Here at AskWoody, we concentrate on Microsoft patch days and security issues.
But insecurity, privacy, and protection of your sensitive information aren’t just a Microsoft thing. Attackers go where there are people, and computers, to attack. Recently, an ad claiming that Chromebooks were immune to ransomware caught my eye. While makers of Chromebooks can state that they do not have the operating system targeted by ransomware, that’s not to say they are immune from all security risks. There should be a certain amount of paranoia on every platform.
Read the full story in the AskWoody Plus Newsletter 18.42.0 (2021-11-01).
-
Becoming more security-aware
ON SECURITY
By Susan Bradley
Windows 11 is now nearly a week old, and are we magically more secure? I’d argue not.
An up-to-date operating system does help to make us more secure, so I cringe any time anyone wants to disable updates because they don’t feel that updates improve their security. But I’d also argue that installing Windows 11 isn’t a magic pill that, overnight, grants you the goodness of security.
Read the full story in the AskWoody Plus Newsletter 18.39.0 (2021-10-11).