Newsletter Archives
-
Ready to patch your car?
ON SECURITY
By Susan Bradley
Recently, I lamented having to get rid of an older automobile that had very little in the way of technology.
As I mentioned in that post, the technology (if you can call it that) consisted of a CD-ROM player, an ordinary radio, a cigarette lighter, and an auxiliary port. It certainly didn’t have the newfangled automobile technology available in almost every vehicle today. The newer the car, the more likely it is to have a technology-infused dashboard as well as out-of-sight processing power under the hood.
Read the full story in our Plus Newsletter (19.35.0, 2022-08-29).
-
The Ransomware Task Force’s advice needs work
ON SECURITY
By Susan Bradley
A few weeks ago, the Ransomware Task Force (RTF) released the Blueprint for Ransomware Defense.
The RTF was created by the Institute for Security and Technology (IST) in April 2021 in response to the emerging national and economic security risk posed by ransomware.
Unfortunately, I find the advice and information contained in the Blueprint centered too much on large enterprises and not enough on the broader audience it was supposedly targeting. Unquestionably, outages and stolen data for large enterprises can have a huge effect on large groups of people, but the Small Business Administration points out that there are 32 million small businesses — and we all can agree they have fewer resources to fend off attacks.
From my perspective, something very big is missing: detection.
Read the full story in our Plus Newsletter (19.34.0, 2022-08-22).
-
Can you trust technology?
ON SECURITY
By Susan Bradley
The other day, a reader asked why I use a Lenovo laptop, expressing concern that it was built overseas and contained sensitive technology.
He noted that the US Department of Defense had recommended that its divisions stop buying technology that included components suspected of containing (or known to contain) spying capabilities.
Read the full story in our Plus Newsletter (19.32.0, 2022-08-08).
-
Do we really want (or need) Windows 12?
PATCH WATCH
By Susan Bradley
The famous old idiom “moving the deckchairs around on the Titanic” is sometimes applied to technology.
Even though the saying usually implies the futility of a particular action, it often conjures up to me a technology company doing something — anything — to encourage us to purchase more of their product — or at least the latest, so-called greatest version. In my experience, it’s not what we really want but what the vendor thinks we need.
Case in point? Rumors are flying that Windows 12 is just around the corner.
Read the full story in our Plus Newsletter (19.30.0, 2022-07-25).
-
It’s the end of the road for Windows 8.1
ON SECURITY
By Susan Bradley
You need to start planning now.
Although Windows 8.1 may seem lost in the cobwebs of time, its small user base loved it and stuck with it. Many users, especially in business, were turned off by the tablet-first approach of Windows 8.0 and then, instead of moving to 8.1, stuck with Windows 7 and later migrated to Windows 10.
Now, however, the Microsoft axe is falling.
Read the full story in our Plus Newsletter (19.28.0, 2022-07-11).
-
The ASR GUI tool is safe
ON SECURITY
By Susan Bradley
Most antivirus programs flag ASR GUI as infected. Those results are false positives.
In my most recent AskWoody MS-DEFCON Alert, I recommended a tool to help you set preventive attack rules, otherwise known as ASR (Attack Surface Reduction) rules. I’ve recommended ASR GUI tool for years because Microsoft doesn’t provide an easy GUI to set rules for standalone computers.
Read the full story in our Plus Newsletter (19.24.0, 2022-06-13).
This story also appears in our public Newsletter. -
What should you consider sensitive?
ON SECURITY
By Susan Bradley
What information is sensitive? What information should you never give to anyone?
The answer is, it depends. Sometimes it depends on what you are doing, sometimes it depends on the jurisdiction (i.e., country or state) you live in. But often it comes down to what you feel comfortable giving to someone else. And the answer is usually different for different people.
Read the full story in our Plus Newsletter (19.24.0, 2022-06-13).
-
Dealing with MFA
ON SECURITY
By Susan Bradley
In my excitement about the three-day weekend for Memorial Day, I left my phone at the office.
In years past, I would merely confirm that the phone was safe and sound at the office by using a finder app such as Find My Phone or Life360. Then I’d just get the phone the next time I was at the office. Yes, I used to be able to live without the phone for a day or so.
Read the full story in our Plus Newsletter (19.23.0, 2022-06-06).
-
Why is email authentication changing?
ON SECURITY
By Susan Bradley
Throughout the lifetime of Internet-based email, we’ve been told over and over that it was dying, or soon to be dead.
Then why are we still on a dead platform? Why aren’t we using some new, whiz-bang thing that was touted as so much better than email? There have been some proposed ideas, but they died off.
I have a rather simple theory: Email comes to you — you don’t have to go find it. And it’s ubiquitous, too. No matter what device you’re using, what vendor it comes from, or what operating system it runs, email works.
Read the full story in our Plus Newsletter (19.22.0, 2022-05-30).
-
Is firmware patching important?
ON SECURITY
By Susan Bradley
Firmware patching has always been fraught with concern.
Until very recently, applying firmware updates often meant launching the update process from a DOS prompt. You often received warnings that if your computer lost power during the process, your machine might be bricked. This is such a daunting thought that, for servers, I would often update the firmware when I initially installed the server and never touch it again.
But firmware is nothing more than software, and — like every other kind of software these days — attackers find vulnerabilities in firmware. Recently, researchers found security issues in Lenovo consumer notebook firmware.
Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).
-
Gearing up for cyberwar
ON SECURITY
By Susan Bradley
Once upon a time, I used to publish maps showing the location of each water pump in the city where I live.
Fresno residents rely on the underground water supply and pump much of the drinking water from various wells throughout the city. And then Fresno — like every other city — realized that publishing information about critically important infrastructure items, such as drinking water, probably wasn’t wise. That was especially driven home after 9/11; governments realized that they were handing over helpful data to those who might use it to attack us.
Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).
-
Is this the end of the road for Windows 7?
ON SECURITY
By Susan Bradley
Vendors start to draw the line.
Ahh, Windows 7. I remember when you first came out. I remember when people hated — truly hated — your User Account Control (UAC) system that required administrator approval any time they wanted to do something that had been perfectly normal in Windows XP. I remember that UAC was so annoying that Apple lampooned it (more like harpooned it) in several of its famous Mac-versus-PC TV ads.
I went so far as having a cartoon made, urging people to “zip up” their UAC setting rather than disabling it, because I saw both users and administrators removing the UAC prompt entirely. But that represented a lowering of security for Windows 7. I thus urged people not to disable it, despite the annoyance. I told them to zip the slider all the way to the top. Remember the slider?
Read the full story in our Plus Newsletter (19.15.0, 2022-04-11).