News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • A few smallish gremlins still infest Win10 20H2 and 2004

    Posted on November 8th, 2020 at 21:05 Comment on the AskWoody Lounge

    ON SECURITY

    By Susan Bradley

    With the release of Windows 10 20H2, May’s Version 2004 has moved into an elder-sibling role.

    But that doesn’t mean that the spring update no longer has growing pains. Currently in the process of upgrading my systems to Version 2004, I’ve not run into any significant problems. But that’s not the case for everyone.

    Read the full story in AskWoody Plus Newsletter 17.44.0 (2020-11-09).

  • Warning: If you pay ransomware, the US Dept of Treasury may fine you

    Posted on October 3rd, 2020 at 09:51 Comment on the AskWoody Lounge

    Dan Goodin at Ars Technica has a great review of the latest US Treasury Department advisory:

    Businesses, governments, and organizations that are hit by crippling ransomware attacks now have a new worry to contend with—big fines from the US Department of Treasury in the event that they pay to recover their data… payments made to specific entities or to any entity in certain countries—specifically, those with a designated “sanctions nexus”—could subject the payer to financial penalties levied by the Office of Foreign Assets Control, or OFAC.

    The prohibition applies not only to the group that is infected but also to any companies or contractors the hacked group’s security or insurance engages with, including those who provide insurance, digital forensics, and incident response, as well as all financial services that help facilitate or process ransom payments

    It’s an important new angle on an increasingly difficult subject.

    UPDATE: Brian Krebs has a more-detailed look on Krebs on Security.

  • Patch Lady – want to know what is in those URLs?

    Posted on August 14th, 2020 at 12:03 Comment on the AskWoody Lounge

    https://dfir.blog/unfurl/

    Came across this in my forensic reading the other day.

    Unfurl takes a URL and expands (“unfurls”) it into a directed graph, extracting every bit of information from the URL and exposing the obscured. It does this by breaking up a URL up into components, extracting as much information as it can from each piece, and presenting it all visually. This “show your work” approach (along with embedded references and documentation) makes the analysis transparent to the user and helps them learn about (and discover) semantic and syntactical URL structures.

    If you’ve ever seen a URL and seen all that tracking stuff on the back end, this parses all that info out and lets you see how all of these browsers and vendors can track us.  Next time you have a link with unusual info on the back side, stick it in there and see what it says it’s parsed out from the link.

  • SANS Institute security breach

    Posted on August 11th, 2020 at 14:50 Comment on the AskWoody Lounge

    Wow. If SANS can’t keep their systems secure, what hope do the rest of us have?

    Looks like somebody sent a malicious Office 365 add-in to a SANS employee, who installed it. The program started forwarding emails, including some with personally identifiable information on 28,000 accounts.

    Details here.

  • Technology in a pandemic

    Posted on July 27th, 2020 at 01:15 Comment on the AskWoody Lounge
    Logo

    COVID-19

    By Susan Bradley

    We all have good years and bad, but 2020 has been rough on everyone.

    The pandemic has damaged world economies, caused untold disruptions to our education systems, put millions in financial peril, and tested our ability to socialize responsibly — and it’s not over yet.

    In the face of those difficulties, I’ve been impressed and encouraged by how people have adjusted their personal lives, their work, and their businesses. And much of that adaptation involves technology. Interestingly, quite a bit of that tech is not based on Windows.

    Read the full story in AskWoody Plus Newsletter 17.29.0 (2020-07-27).

  • Krebs: Here’s how all of those Twitter accounts got hacked

    Posted on July 17th, 2020 at 09:36 Comment on the AskWoody Lounge

    Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet, and many others. The miscreant started sending out messages asking folks to send them $1,000 in Bitcoin – promising that the luminary would return $2,000.

    Brian Krebs tracked down the perp — more accurately, perps — and it makes a fascinating story:

    “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.”

    This Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers.

    There were multiple people involved in the Twitter heist.

    In short, if you use mobile phone SMS to verify a log on to an account, you could get slammed. Normal people don’t have to worry about it yet. But high-profile accounts are definitely in the crosshairs, and it’s probably just a matter of time before SMS-based hijacking becomes more pedestrian.

  • Patching printers

    Posted on July 13th, 2020 at 01:30 Comment on the AskWoody Lounge

    ON SECURITY

    Patching printers

    The June bugs in Windows 10 that caused all of my PCL 5 printers to not print reminded me that there are several ways that printers need updating. The days when we could install a printer and never worry about it again are over.

    Susan BradleyBy Susan Bradley

    If you haven’t updated your printer lately, the first thing to review its printer driver. The older the printer, the more likely you will need something like a universal PCL 6 driver in order to have it work with Windows 10.

    Last and certainly not least, even in a home setting, I often have very good luck by setting up the printer on the wireless or wired network to determine the IP address assigned to the printer.

    Read the full story in AskWoody Plus Newsletter 17.27.0 (2020-07-013).

  • What’s the best way to lock your Android phone?

    Posted on July 5th, 2020 at 02:30 Comment on the AskWoody Lounge

    Android security

    Security vs. convenience: What’s the best way to lock your Android phone?

    Lincoln SpectorBy Lincoln Spector

    You want your smartphone to be locked down so that no one but you can find your secrets. But you want to unlock your phone quickly and easily.

    You can’t have the best of both worlds. You must choose between the best security and the easiest entry. But with the right precautions, you can have reasonable security without constant annoyance.

    Read the full story in AskWoody Plus Newsletter 17.26.0 (2020-07-06).

  • Say goodnight, Flash. We hardly knew ye.

    Posted on June 23rd, 2020 at 10:11 Comment on the AskWoody Lounge

    © 2013 Lunar Eclipse

    Ye haven’t an arm, ye haven’t a leg, hurroo, hurroo
    Ye haven’t an arm, ye haven’t a leg, hurroo, hurroo
    Ye haven’t an arm, ye haven’t a leg,
    Ye’re an armless, boneless, chickenless egg
    Ye’ll have to put with a bowl out to beg
    Adobe Flash I hardly knew ye

    One of the most reviled products in PC history — deservedly so! — officially hits the skids on December 30.

    Adobe’s been warning us since July, 2015 that Flash’s time is at an end:

    open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web.

    Now it’s official:

     Adobe will stop distributing and updating Flash Player after December 31, 2020… with three years’ advance notice, we believed that would allow sufficient time for developers, designers, businesses, and other parties to migrate existing Flash content as needed to new, open standards… Adobe will be removing Flash Player download pages from its site and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.

    At long last.

  • Patch Lady – Chrome patching impacted by “work from home”

    Posted on March 18th, 2020 at 22:23 Comment on the AskWoody Lounge

    https://www.zdnet.com/article/google-pauses-chrome-and-chrome-os-releases-due-to-coronavirus-outbreak/

    Interesting side effect of this disruption, Google is pausing Chrome feature updates due to the virus outbreak

    Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases. Our primary objectives are to ensure they continue to be stable, secure, and work reliably for anyone who depends on them. We’ll continue to prioritize any updates related to security, which will be included in Chrome 80. Please, follow this blog for updates.”

    Security updates will still come however.  Wonder if Microsoft will do likewise with the Windows 10 feature release?

  • Conference showcases a tsunami of security products

    Posted on March 16th, 2020 at 01:10 Comment on the AskWoody Lounge

    SECURITY

    By Michael Lasky

    If you needed proof that Web security has become a major industry, you need only to have walked the acres of booths at the RSA Conference 2020.

    More than 36,000 attendees, 704 speakers, and 658 exhibitors gathered at San Francisco’s Moscone Center this past February to explore the “Human Element” in cyber security. The conference included hundreds of keynotes, track sessions, tutorials, seminars, and special events. Protecting the Internet has become a veritable military-industrial complex.

    Read the full story in AskWoody Plus Newsletter 17.11.0 (2020-03-16).

  • Patch Lady – bad news about those Server 2008/2008 R2 licenses

    Posted on December 27th, 2019 at 22:18 Comment on the AskWoody Lounge

    So I have bad news about any extended security updates for Server 2008/2008 R2 licenses that us common folks might want or need to buy a little more time for our Servers.  Even if you have a software assurance license you would need an Enterprise agreement to get extended patches.

    Your only other option is to move to a virtual machine in Azure.

    I heard back from the vendor I use for software assurance and he said….

    Hello Susan,

    I won’t be able to provide pricing on this since you don’t have an enterprise agreement.

    Happy Holidays!