News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • OscarCP

    Forum Replies Created

    Viewing 15 posts - 16 through 30 (of 3,297 total)
    • Author
      Posts
    • OscarCP
      AskWoody Plus

      DrBonzo,

      I think that the one way the bug can be transmitted is via infected emails or from infected Web sites. They might come from crooks sending phishing emails and setting up phony sites to snare the unwary, or from good and trusted correspondents and Web sites with neither side knowing they have been infected and are unwittingly spreading the poison. The main problem seems to be that, once a computer is infected, the bug opens a backdoor that cannot be closed with a patch. So the relevant patches should be applied before this happens, as preventive vaccine and not after the fact remedy.

      An interesting twist to this story is that the person who developed a proof-of-concept program posted it, with all relevant information, on GitHub, as I presume many others in the same kind of business do, now and then. It looks like GitHub was massively hacked and many programs of all kinds and their documentation were stolen a few days ago (Alex5723 started a thread on that yesterday). Fortunately, the proof-of-concept of interest here was not among that booty, because it was posted on GitHub just over the last two days. This is Alex’s thread, for the benefit of those who may feel curious about this:

      https://www.askwoody.com/forums/topic/microsofts-github-account-has-been-hacked/

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
      OscarCP
      AskWoody Plus

      CADesertRat: We are on perfect agreement on that point. I also have brought up a question and some concerns on which I look forward to get some comments.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      in reply to: Are fingerprint readers useful? #2262401
      OscarCP
      AskWoody Plus

      To the original question on fingerprint usefulness, I would add these related questions that have bothered me enough not to use fingerprint readers in order to login into any computer so equipped I’ve ever had:

      What happens after one cuts the “login” finger and puts a band aid on it? And if the cut leaves a scar big enough to confuse the reader’s software? Can one, usually, save more than one fingerprint, to use as backup in such a situation? Is it known if some fingerprint scanning applications don’t save more than one print?

      I could have experimented to find out, of course, but I am not keen on making experiments with possibly irreversible bad consequences, so I have not.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      OscarCP
      AskWoody Plus

      Thanks for the alert, CADesertRat.

      According to the “zdnet” article, this “impacts all Windows versions going back to Windows NT 4, released in 1996.

      So this is a worry for anyone using Windows these days. But, from the same article it follows that this bug cannot infect computers over the internet, at least not directly. (And it can be fixed, supposedly, by installing the recent patches for Windows 10, but not if the infection has already occurred, according to the article; I’ve copied the relevant excerpt further down.)

      So, if not directly, then infection has to take place indirectly. Does this mean through successful phishing, or else delivered in a contaminated document or email sent by a trusted source (or downloaded from a Website)  unaware that their machine has been infected?

      The article does not say that this bug is a worm or a virus, though, only that it opens a back door in an infected Windows PC that can be used by attackers to direct the bug to do their bidding. So it is not clear if it also propagates from infected computers to infect others:

      On an unpatched system, this will install a persistent backdoor, that won’t go away *even after you patch

      Unfortunately, the proof of concept was posted in GitHub, that was just recently massively hacked with many, many of the programs participating developers keep there being stolen (Alex5723 posted a warning here #2261310   two days ago):

      Ionescu has also published proof-of-concept code on GitHub with the purpose of aiding security researchers and system administrators investigate the vulnerability and prepare mitigations and detection capabilities.

      Fortunately, perhaps, according to the GitHub record linked above, he did that yesterday (May 12) and early today, so it might not have been stolen, after all. Or I hope so.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • This reply was modified 2 weeks ago by OscarCP.
      • This reply was modified 2 weeks ago by OscarCP.
      OscarCP
      AskWoody Plus

      It is not the willful mistake of regular users, people with no testing machines, in-house advice, etc., based on a false premise: it is their lack of the practical alternatives that many businesses and organizations must have. The thing for them to do is wait for evidence that the patches to the vulnerability are available and not causing serious problems, or that attacks are actually under way targeting people willy-nilly. This should not be hard to understand.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • This reply was modified 2 weeks, 1 day ago by OscarCP.
      1 user thanked author for this post.
      OscarCP
      AskWoody Plus

      If, over al these years, such a malware attack had happened to some regular user that took to heart Woody’s advice not to worry about its likelihood for the time being, I suspect that all of us would have read here the written imprecations and lamentations of the so afflicted. Not a single case of that happening comes to mind. Anyone remembers one such case ever occurring here? Thanks.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      4 users thanked author for this post.
      in reply to: One of the main problems #2262040
      OscarCP
      AskWoody Plus

      Thanks to all of you for recommending, directly or indirectly, “His Dark Materials”. So I have read, here and there, about them and decided to order the books, as doing so promises to be a good investment of my time and money. I’ll get them in a few days, then I’ll see if I was right.

      Now, any more comments on time travel, maybe also including some on it’s possible physical relationship to parallel universes? I’d love to see some of those.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      OscarCP
      AskWoody Plus

      Woody: “Everyday Windows users don’t have the luxury of testing regimens.

      And everyday Windows users (like Yours Truly) probably do not have also the luxury of testing machines available to test patches if they wanted to: just the one PC actually used to do their work and, or communicate with the rest of the world.

      I know there is a chance that some day, somehow, I might be hit with something very nasty that was originally developed by some organization, legitimate or otherwise, and then was either sold under the table, or else leaked out into the wide world and, eventually, came into the hands of even bored pimply teenagers eager to do something interesting. And there is always a small chance that an unknowingly infected machine might, in turn, infect the emails that I am sent from a trusted source and look perfectly legitimate (and are legitimate, if infected) and the bug in one of them manages to get past my defenses.

      Well, in 22 years of using Windows, many really bad exploits have come and gone, some are still around, but I have never been troubled by any of them. There is always the chance that some day I might get caught by one; if so, what? What choices I have to do something better than what already I do to protect myself: backups of the whole HD, use of AV, firewall, etc., asking for, listening and following the advice of people who I am sure know enough about IT security? Answer: nothing, except to quit using computers, or at least never using them again to communicate through the Internet. Which, in my case, pretty much means not using the Internet at all and would be really bad.

      As what Woody calls a “regular user”, I have to chance it as described and, for that and other practical things, the advice given in this site has been, generally, helpful to me in many ways besides security, even if the latter might not be ideal for businesses and other organizations (and these should have the means to deal with so-called “0-days” and such: in-house and contracted expert advice, testing machines, etc. — or else those in charge would be guilty of not doing their proper due diligence.

      And, by the way, although Woody has already and repeatedly asked here for an example, just one, to prove those criticisms correct, all he has got, so far, are repetitions of the same criticisms, some phrased somewhat differently, without offering a shred of relevant information, particularly to regular users like myself.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      2 users thanked author for this post.
      in reply to: One of the main problems #2261532
      OscarCP
      AskWoody Plus

      PK: I did not read the book, but saw the movie (“The Golden Compass”) Have you seen “Tomorrowland”? It flopped in the box office, but is one of the best I’ve seen that have time-travel as the main plot-device. It is, same as “The Golden Compass”, pure fantasy, not hard science fiction, but I have no problem with this kind of fantasy (i.e.: with dragons, swords, wizards, knights on horseback and beautiful damsels in trouble nowhere to be seen.)

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      in reply to: One of the main problems #2261525
      OscarCP
      AskWoody Plus

      Charlie: Whether you go forwards to the future or backwards to the past, the return trip will also be problematic, if the hypothesis (*) that we live in a certain kind of multiverse is true (to satisfy some quantum mechanics conundrums). If so, every time someone (person, cat, goldfish, anyone) makes a decision the universe splits in two, with your timeline splitting in two along with it and both being continuous with the original (i.e. with no appreciable changes to be noticed, initially) but not the same as the original, so both “you” experiences diverge more and more as time and life goes by in each timeline, for ever. Both “you” will not notice anything different at the very start and will believe themselves to be the original “you.” But when either “you” tries to get back to the point of departure in the original timeline, that “you” timeline splits again… So, if this multiverse hypothesis is correct (there are others), then you only are “you” for a time, until someone makes a decision and the universe, and everyone’s timelines in it, and “you”, split once more. And the same is true of everyone you know. So you have a problem: you are not really “you” and the people you think you know are not really “them.”

      My own position on this: one might just as well live with it and, if you like and can, go back in time to the original public offering of MS shares in March 13 1986. Just don’t forget to bring along those troy ounces of gold to change into 1986 money and buy some of those original shares (see my next entry). Because money shall be money in any timeline “you” might reach within the span of “your” lifetime. Assuming “MS” is still much the same MS when you go back to the past leaving in, let’s say, 2020, to buy those shares and also when you return with them to whatever future 2020 universe you may end up in.

      (*)  https://en.wikipedia.org/wiki/Many-worlds_interpretation

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
      in reply to: Microsoft’s GitHub account has been hacked #2261512
      OscarCP
      AskWoody Plus

      If true, this would be absolutely devastating news to those developers whose work has been stolen and to their customers, actual and potential, who after this may never benefit from it. But I do wonder about this and similar disclosures: how do the people a “bleepingcomputer” know that this information is real? How do they know that “Shiny Hunters”, the criminal “black hat” that is letting them know about this and claiming that he or she did it, is really a black hat and really did this, or knows about this and is claiming all the glory for his or her pseudonymised self? Do they used some code words to identify themselves to the staff of “blepingcomputer”? I am asking this because I imagine that a real criminal will not send an email from his AOL address to “bleepingcomputer”, but will use as anonymized a connection as possible, he or she being such a big shot cyber criminal and all.

      I am not writing this to dismiss off-hand the alleged facts mentioned in “blepingcomputer”, but because I think it is an interesting question that I have been thinking of asking for some time now.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      in reply to: New Apple Online Shopping Website #2261210
      OscarCP
      AskWoody Plus

      If one just wants to buy a new Mac, clicks on a link in, say, an advertisement posted on line by Apple for new Macs, goes wherever that links takes one and chooses one model and next wants to configure and then order it. Will the existence of this “hub” make this process any different from the one I described in my previous posting? Thanks for some more information helping me understand this (to me at least) novelty.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
      in reply to: New Apple Online Shopping Website #2261118
      OscarCP
      AskWoody Plus

      Nathan: I bought my Mac (a MacBook Pro) close to 3 years ago. I configured its hardware and its pre-installed software online, then paid also online with a credit card and, some time later, it arrived by mail, in a box.

      I am asking the following because I am not sure about this:

      Is this article about a way of buying a Mac that is different from how I did it then?

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
      OscarCP
      AskWoody Plus

      Nathan: “There is an issue with Catalina 10.15.4 and large file transfers causing the Mac to freeze.

      How large, very roughly, is a file transfer large enough to freeze the Mac? (Assuming that yours is not a Mac much older or much newer than my MacBook Pro ca. mid 2015.)

      I probably will have to install Catalina in the not too distant future, so I would like to know if this is something I might run up against or not after I do that, because of the way I usually work. If I am likely to run up against this freezing problem before it gets resolved, then it would be worth my while to try to follow this issue. Mojave, so far, has not given me this kind of trouble.

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
      OscarCP
      AskWoody Plus

      Nathan: You can have a 2 TB HD, powered through its own connector (no need for a separate cable to plug on a power strip or a wall socket). You can use as a connector a dongle USB 3.0 – Thunderbird 3 to connect to the MacBook, as it is likely the HD will have an USB 3.0 socket. I am not sure if there are dongles USB 3.0 to Thunderbird 2, for your iMac. Is that the real problem? You mentioned using an adapter Thunderbird 3 to 2, so couldn’t use a dongle and the adapter plugged together, USB 3.0 to Thunderbird 3 + Thunderbird 3 to Thunderbird 2? Not terribly elegant but that would not bother me, at least (I’m not the sensitive type.)

      Here is a Western Digital with an USB 3.0 socket, for both Windows PCs and Macs, that seems to fit the above description and might fulfill your own preferences:

      https://www.amazon.com/Western-Digital-Elements-Portable-External/dp/B06W55K9N6/ref=psdc_595048_t1_B07VTFN6HM

      Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      1 user thanked author for this post.
    Viewing 15 posts - 16 through 30 (of 3,297 total)