News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Patch Lady – bad news about those Server 2008/2008 R2 licenses

    Posted on December 27th, 2019 at 22:18 Susan Bradley Comment on the AskWoody Lounge

    So I have bad news about any extended security updates for Server 2008/2008 R2 licenses that us common folks might want or need to buy a little more time for our Servers.  Even if you have a software assurance license you would need an Enterprise agreement to get extended patches.

    Your only other option is to move to a virtual machine in Azure.

    I heard back from the vendor I use for software assurance and he said….

    Hello Susan,

    I won’t be able to provide pricing on this since you don’t have an enterprise agreement.

    Happy Holidays!

    Security

  • LastPass to be acquired, taken private

    Posted on December 18th, 2019 at 06:42 woody Comment on the AskWoody Lounge

    LogMeIn Inc — the maker of LogMeIn and LastPass — announced yesterday that it will be acquired by two private equity firms.

    Martin Brinkmann has the details on ghacks.

    Security

  • Patch Lady – if you use a IT consultant

    Posted on December 9th, 2019 at 18:54 Susan Bradley Comment on the AskWoody Lounge

    If you use an IT consultant please please please forward them this post by Amy Babinchak on what a Managed Service Provider should do to audit their own internal processes:

    http://techgenix.com/msps-internal-security-audit/

    Hackers, attackers are targeting consultants because they know they can hit a lot of people with one targeted attack.  Just the other day Krebs on Security reported that 100 small dentist offices were impacted by ransomware after their IT consultant was targeted.

    If you don’t use an IT consultant and instead do your own IT, make sure you think about the vendors and services you use for online activities and think about ways to add two factor authentication to sensitive information.  Add two factor to your bank access.  If you use hosted email, check with your ISP or vendor if they support two factor.  Just the other day I got an alert that my Xfinity had been logged in from an Ubuntu device.  I do HAVE an ubuntu device but I sure wasn’t logging into Xfinity from it.  I quickly added two factor it that account as well.

    Need two factor for remote desktop?  Check out duo.com

    Need a third party app that supports multiple vendors?  Check out authy.com

    Bottom line make sure that you protect accounts and log ins that you can’t live without and make sure they have extra protections.

    They are out to get you.

    Security, Small Business Computing

  • Patch lady – Alexa should be on her own network

    Posted on December 7th, 2019 at 19:50 Susan Bradley Comment on the AskWoody Lounge

    As a geek I use Alexa enabled devices to turn on and control turning on and off the Christmas Tree and other lights in the house.  “Hey Alexa, turn on the Christmas tree” is all I have to do to turn on the tree rather than crawling underneath and turning on the tree.  I have Internet enabled outdoor controls that turn on the outdoor Christmas lights at exactly sunset and then turn it off at 11 p.m.  But the one thing I do is ensure that my Alexa enabled devices are on a separate router away from my computers and other devices.  My Alexa devices are on a separate IP addressing scheme and thus can’t browse or talk to the devices on my other network.  The Portland FBI office recommends in fact that you separate out the Internet of Things from the rest of your sensitive devices and laptops.

    They also recommend that you review what features your smart TV has and ensure it’s patched and set to update automatically.  Unlike Windows, most smart tvs and internet of things are based on Linux, not Windows and thus installing updates and rebooting are typically less of an issue.

    Finally, be aware of Holiday scams this time of year.  As they note, keep an eye on your credit card and bank account and always monitor the use of both.  Use a credit card, not a debit card when shopping online.  If you see any fraudulent charges, contact your bank immediately.  Sign up for and turn on fraud alerts on your bank accounts.  It may be a slight bother if they deny a large purchase that you really wanted to get, but it saves you from having fraudulent transactions posted to your account.

    Be aware this holiday season…. they are out to get us.

    Security , , ,

  • The web has a padlock problem

    Posted on November 30th, 2019 at 13:29 Kirsty Comment on the AskWoody Lounge

    Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

    Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

    HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

    Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.

    “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

    …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

    I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

    WSJ indicate the depth of the problem here:

    The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

    Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

    The padlock is putting users in danger

     
    We all need to get used to these changes, for our own safety.
     

    On Security, Security ,

  • Microsoft is enabling Win10 version 1903 “Tamper Protection”

    Posted on October 15th, 2019 at 07:50 woody Comment on the AskWoody Lounge

    Yesterday, Microsoft program manager Shweta Jha posted an announcement on the Microsoft Tech Community blog, saying that a feature called “Tamper protection” has reached general availability for Win10 version 1903. Permit me to parse that sentence:

    • Tamper protection is a switch that prevents programs from altering Defender security settings. (You may be surprised to know that programs can alter Defender settings.)
    • General availability in this case means that Microsoft will be turning on the switch on updated Win10 version 1903 machines. The precise mechanism for turning it on isn’t described, and we don’t explicitly know which build number will be required, but “We’re currently turning on the feature gradually; some customers will start seeing the setting on their devices.”

    To me, the rollout sounds a whole lot like the remote feature enabling we’ve been warned about in Win10 version 1909, which is due next month.

    At any rate, the feature sounds worthwhile (should I say “long overdue”?) and it’s easy to set manually if you’re so inclined.

    For details, Lawrence Abrams at BleepingComputer has a good rundown.

    Security, Windows 10 Releases

  • Office 365 ProPlus to get support on Windows 7 after January 14, 2020

    Posted on October 7th, 2019 at 17:25 joep517 Comment on the AskWoody Lounge

    Microsoft has decided to give Office 365 ProPlus users running Windows 7 some grace time after Windows 7 goes out of support on January 14, 2020. Office 365 ProPlus users will continue to get security updates for Office 365 ProPlus until January 2023. According to Microsoft this is to transition to a “support operating system”.

    See Windows 7 end of support and Office 365 ProPlus for details and more information.

    Microsoft News, Office News, Security ,

  • Patch Lady – 31 days of security

    Posted on October 1st, 2019 at 23:59 Susan Bradley Comment on the AskWoody Lounge

    October is the national cyber security awareness month and I’m kicking off the month by linking to another author.  John Opdenakker posts about why everyone should care about online security.

    Are you making any changes to your online security due to what’s going on?  I know that I’m adding more multi-factor authentication to my accounts.  What about you?

     

    Security ,
  • « Older Entries

Recent Replies

Recent Topics

February 2020
M T W T F S S
« Jan    
 12
3456789
10111213141516
17181920212223
242526272829  

Copyright © 2019 AskWoody LLC. All rights reserved.

Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft