• Mothy

    Mothy

    @mothy

    Viewing 15 replies - 46 through 60 (of 89 total)
    Author
    Replies
    • in reply to: Zyxel Command Injection CVE-2023-28771 #2566542

      As Paul T mentioned, your router should be blocking/preventing any connection attempts from the Internet to devices on your internal network. You can test your router security via ShieldsUp URL below. Click proceed and then “Common ports”. Ideally you want to see “Stealth” status for everything. Otherwise you need to check your router settings, especially if it reports anything as “Open”.

      https://www.grc.com/x/ne.dll?bh0bkyd2

    • in reply to: Getting Error When Trying to Do Windows Updates #2566529

      The ISO is still available directly from Microsoft here: https://www.microsoft.com/en-us/software-download/windows8ISO

    • in reply to: Ready for June updates? #2566061

      The quote is from Susan, near the bottom of the page here: https://www.askwoody.com/2023/ready-for-june-updates/

      2 users thanked author for this post.
    • in reply to: Ready for June updates? #2566055

      It may be because the vulnerability is only information disclosure as well as the attack vector is only local and requires some complexity to try to exploit. So there is little risk/need for regular home users to worry about implementing the registry changes to enable the fix.

      More details below about the vulnerability via Microsoft:

      https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019

      Attack Vector – Local
      The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)

      Attack Complexity – High
      A successful attack depends on conditions beyond the attacker’s control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require an attacker to: gather knowledge about the environment in which the vulnerable target/component exists; prepare the target environment to improve exploit reliability; or inject themselves into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g., a man in the middle attack).

    • in reply to: Are you travelling this summer? #2565346

      The only tech I take on trips is a smartphone and over the ear headphones (ear plug type are always too uncomfortable). When it was a Samsung Galaxy Note 4 with a user-replaceable battery, I would also take a couple spare batteries and a Samsung external battery charger. But now with the S22 Ultra with a sealed battery, I use an Anker PowerCore external battery/portable charger.

    • I always leave the setting off as well as I do not want Firefox (or any other application) to use anything other than the DNS settings of the operating system itself where the local hosts file is also included to resolve domain names. Otherwise Firefox would bypass my blocking hosts file (ex. StevenBlack) and be exposed to all the ad networks and known malicious Internet websites that the file normally blocks which would greatly reduce the privacy and security of the web browser (or any application that can access the Internet).

    • in reply to: Why millions of usable hard drives are being destroyed #2565107

      It can depend on the type of business whether the drives can be reused or not. For example in the United States, if you are a healthcare company there are HIPAA (Health Insurance Portability and Accountability Act) security rules that can require destroying the old data center drives to ensure protection of ePHI (electronic Protected Health Information). Otherwise there can be serious financial penalties to a company for a breach of PHI.

    • in reply to: Can we control the changes to our operating systems? #2564524

      Agree, I made the switch to Linux Mint (LTS 21.1 Cinnamon) little over 5 months ago now. Rock solid system that works very well out of the box with no need for third party tools or tricks to try to prevent changes or control updates. Instead the system is designed to respect your settings and stays out of your way and does not attempt to change anything unless you initiate it yourself. It also does not attempt to monetize you in any way like Microsoft is constantly trying to do now.

      For Windows specific software that is still needed I set up Windows 8.1 Pro as a virtual machine via Virtualbox (had a spare license to maintain full functionality of everything). It works very well and has no discernible performance impact on the Linux Mint host running it. It’s also a much more secure option than using Wine as it completely isolates the virtual machine from the host operating system. Whereas Wine has access to the Linux file system and can be a potential security risk.

      Anyway, other than the VM of 8.1 I’m done with Microsoft on my personal systems. IMHO they have lost the plot of what an operating system is supposed to be!

      5 users thanked author for this post.
    • in reply to: Desktop or Laptop? What’s your choice? #2563881

      I prefer desktop as it’s a lot easier to customize everything for your exact computing needs/wants and to be the most productive and comfortable. This was particularly important when my work transitioned to full time work from home in 2020 as well as after changing to 50% work from home a year ago. That was when I set up a home office with two desktop computers each with two 27 inch monitors across two desks in order to duplicate my work desktop computer environment for when I remote in via Citrix. It’s like sitting in a cockpit surrounded by monitors where either desktop system can be used for work and the other is still available for anything personal.

      Otherwise I used to have a laptop but did not use it very much anymore. Instead found it much easier and convenient to use my Samsung Galaxy Note (currently S22 Ultra) with its large screen and S Pen when away from the desktop systems or from home. The laptop has since been retired due to age (initially purchased in 2010) but also because the CPU fan was beginning to fail.

    • in reply to: How is Windows XP a security risk? #2562643

      It sounds like you have some good security layers (defense in depth) in place to secure the system and most importantly you are aware of the dangers and take precautions in how you operate the computer which is one of the MOST important layers of security.

      First, since the computer is behind the firewall of your router it’s secure from being compromised remotely. In addition the software firewall on the OS also protects it from compromise in the event a bad guy somehow gets past the router’s firewall (very unlikely) or the computer is connected to a different network without any kind of firewall (ex. laptop used away from home). Second, the use of a custom hosts file that blocks known malicious websites and ad networks is a very important security layer that protects the system when using the web browser, not to mention the additional layer of security in using noscript.

      IMHO these layers alone will protect a system well regardless of the operating system version being used. Experience has proven this over the last 20+ years where I’ve used various old outdated operating systems (including Windows XP for well over two years after support ended), even old outdated web browsers (including IE) for extended periods of time and never had a single instance of malware or any kind of compromise.

      Now with all that said, I would not recommend the average user do that as they are not going to be aware of or use many of these important security layers (beyond a router firewall most likely) so it would only increase the likelihood that they would compromise their system. Many even do so when using the most recent, supported and fully patched/updated OS version!

      In the end, security is NOT just about the operating system version. Just because you are using an old outdated OS does not equal, “OMG, the sky is falling and you are going to be compromised at any moment!”.

      2 users thanked author for this post.
    • in reply to: Are you ready for AI? #2562431

      It’s rather sad what’s become of Windows and of Microsoft that one has to “tame your operating system” or worry about unwanted/unneeded features like “AI” being added that are only an attempt to monetize you or your data. Microsoft has truly lost the plot of what an operating system is supposed to be.

      I get to experience some of this at work with Office 365 where as soon as I start any Office application an “Artificial intelligence” process starts (seen via Task Manager) which I promptly end task. Thankfully the process does not come back unless all Office applications are closed/re-opened (Outlook is normally left open all day). Also while I never use Edge (Google Chrome is the primary web browser or I also use Firefox ESR) I still see numerous random Webview2 processes in Task Manager which I believe are tied to something with Office 365. It takes numerous attempts to end task them via Task Manager as they keep spawning over and over again like malware before they finally go away after repeated attempts to kill them. I miss the old Office 2016 (or older) as well as Windows 7 that we used to use and were much more stable and reliable without all these extraneous random processes always running in the background. It was also a lot easier for our IT department to setup and administer those older systems/applications.

      Otherwise on my personal systems I no longer have to worry about or deal with any of this since moving to Linux Mint (also has LibreOffice). It’s a system that still respects the end user and does not attempt to monetize you in any way or add such superfluous features. There is also no need to “tame” the system or jump through a bunch of hoops to try to prevent changes or updates being applied. Instead the system respects your settings and stays out of your way and does not attempt to change anything unless you initiate it yourself. It’s quite refreshing and provides great peace of mind.

      4 users thanked author for this post.
    • I agree with HP about wiping the hard drive and installing a fresh copy of Windows as something is clearly amiss with the existing Windows installation with no end in site of possibly getting it fixed after six days of troubleshooting.

      Sometimes you just have to take the hard road and nuke it from orbit (it’s the only way to be sure) and start over from scratch. Chances are it works and you will have a functioning system again and know that it’s a solid foundation to build on and re-install all needed software. Worse case if it doesn’t work, restore your drive image and continue troubleshooting.

      1 user thanked author for this post.
    • in reply to: Firefox and Firefox ESR Updates! #2560828

      I’ve been using the “Advanced users” option to get the latest version as soon as it’s released as referenced per Mozilla: https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-from-mozilla-builds-for-advanced-users

      Using some of the steps from that page below is what I use to install/update ESR on my Linux Mint 21.1 systems.

      1. Download the *tar.bz2 file for Firefox ESR from: https://ftp.mozilla.org/pub/firefox/releases/ (ex. 102.11.0esr/linux-x86_64/en-US/firefox-102.11.0esr.tar.bz2 – 74 MB size)

      2. Go to where the file was downloaded, right click on it and choose “Extract Here”

      3. Open the /opt directory as root (right click it and choose “Open as root”)

      4. Copy the extracted Firefox folder to /opt

      Note: if updating an existing installation, delete the contents of the /opt/Firefox directory. Then copy the extracted contents of the Firefox directory into /opt/Firefox

      5. Create a symlink to the Firefox executable:

      ln -s /opt/firefox/firefox /usr/local/bin/firefox

      6. Download a copy of the desktop file:

      wget https://raw.githubusercontent.com/mozilla/sumo-kb/main/install-firefox-linux/firefox.desktop -P /usr/local/share/applications

      Alternatively, if wget is not installed on your computer, go to the URL mentioned above, right-click on the page to open the contextual menu and select Save Page As. After you downloaded the file, move it to /usr/local/share/applications.

      To verify that the installation was successful, you can open the Troubleshooting Information page. In the Application Basics section, the value of Application Binary should be /opt/firefox/firefox-bin.

      2 users thanked author for this post.
    • in reply to: What is your favorite home consumer tech thing? #2560803

      Keurig K-1500 coffee maker, makes it quick and easy to get a cup (or two, three, four…) of my favorite brew to start the morning. 😛

      A very close second favorite that I need to mention are my two desktop computers each with two 27 inch monitors that make things a lot easier to see for the ol’ aging eyes as well as helps increase productivity and ease of use with the extended screen real estate to more easily use multiple applications at the same time. They are also invaluable for when I work from home (via Citrix) as it duplicates my work desktop computer environment that also has two 27 inch monitors. But also because I can use either system for work and still have the other available for anything personal.

    • in reply to: Firefox and Firefox ESR Updates! #2560794

      It’s due to feature updates being included more often in the rapid release version after which bugs are discovered (from more wide spread use/feedback by general users after the release). So another small update is needed to fix those bugs. Whereas the ESR version does not receive feature updates as often, only security updates. So it’s much more stable and less likely to need such frequent updates to fix bugs. Below is from Mozilla regarding the two versions: https://support.mozilla.org/en-US/kb/choosing-firefox-update-channel

      “Rapid Release: receives major updates every four weeks and minor updates such as crash fixes and security fixes as needed during those four weeks.”

      “ESR: receives major updates on average every 42 weeks with minor updates such as crash fixes, security fixes and policy updates as needed, but at least every four weeks.”

      Also see this thread with more info regarding the use of ESR: https://www.askwoody.com/forums/topic/why-use-firefox-esr/

      1 user thanked author for this post.
    Viewing 15 replies - 46 through 60 (of 89 total)