Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • 31 days of Paranoia – day 31

    Posted on October 31st, 2018 at 20:48 Susan Bradley Comment on the AskWoody Lounge

    First off a bit of Halloween humor seen on a twitter post… someone was saying they were dressing up as “Outlook”.  Their costume was to wrap themselves up in a translucent shower curtain with a sign that said “Not Responding!”.

    I think we all can relate to that.

    So as I’m here at the front door (dressed up like Supreme Court Justice Ruth Bader Ginsburg I might add) waiting for the trick-or-treaters let’s end our 31 days of paranoia with one more post of resources:

    Places to go to get help – especially for Windows issues.

    First off – and above all – this site.  Specifically the Forums on this site.  There is nothing that helps better than someone else saying “gee I don’t see that here”… or “yes, I’ve had that EXACT same issue and here’s how I fixed it!”.  When you have no other machine to compare to, you tend to get a bit paranoid thinking that attackers are making your machine freak out when it might just be… well… patching or anti virus scanning or something third party making it freak out.

    Next I’d recommend something that makes me shiver… and not just because it’s Halloween and I’m listening to the Amazon Halloween playlist (It’s playing Michael Jackson’s thriller right now).  Twitter.  Yup Twitter.  I am lately finding that you can get one on one help when you direct it to a corporate or official twitter account.  There is a list (it might be a bit outdated) of official twitter aliases, and their official support alias for Microsoft is https://twitter.com/microsofthelps

    You can direct message them and get communication back.  The reason it makes me shiver is I find that twitter is too narrow of a channel and the knowledge or solution doesn’t often get exposed like it does in a forum venue.

    If you are an IT pro kind of person, I’m finding that Microsoft employees respond pretty good on the Techcommunity venue.

    Also make sure you have at least SOMETHING that can get to google.  The best way to fix a Windows machine is a working computer or device and a search engine.  There are so many times I’ve fixed something scrolling around a page on my iPhone.

    Now just so you don’t think I’m going to end the 31 days of paranoia in a happy spot here are some parting trends to worry about:

    Crypto mining attacks are trending.  The bad guys get on your machine and use the excess CPU to coin bitcoin.  So they don’t want to steal your credit card data, they want to use your computer to make their own money.

    Smaller more targeted phishing is on the rise.

    Attackers that set up Office 365 relay rules and then hide the fact that they’ve taken over your email box.

    And with that we close this month of paranoia.  Going forward I’ll still throw in a paranoid post or two…. just not as often as one a day.

  • Patch Lady – 31 days of Paranoia – Day 30

    Posted on October 31st, 2018 at 00:12 Susan Bradley Comment on the AskWoody Lounge

    Today’s topic on paranoia is about resources to keep yourself aware and secure.  Besides this site (obviously) here are some other resources I recommend:

    Krebs on security

    Threatpost.com

    Schneier on Security

    Naked Security

    Internet Storm Center

    Zero day initiative blog

    FSecure blog

    Dark Reading blog

    Information for businesses:

    Cost of a breach study

    Symantec security report

    NIST guidance

    So what do you follow that keeps you aware and secure?

    Edit:  I am gobsmacked.  I indeed should have included the following:

    Ghacks

    Bleeping computer

    BornCity

     

     

     

  • Patch Lady – 31 days of Paranoia – Day 29

    Posted on October 29th, 2018 at 22:56 Susan Bradley Comment on the AskWoody Lounge

    Today’s topic of paranoia is one that I’m already paranoid over.  While 2017 had the largest number of public data breaches, there is a bigger risk that I’m concerned about.  That of the data breaches that we aren’t aware of.  Just about every day I hear on the radio or TV an ad for identity theft monitoring services that tout the ability to search the “dark web” for sensitive information.  I chuckle a bit a that because for something to be truly found on the dark web, then it’s no longer “on” the dark web but exposed as a known breach.  I don’t buy for one minute that these identity theft companies have the ability to see into the dark web before the bad guys find ways to obfuscate it again.

    I’m paranoid that we’re always going to be one step behind the bad guys, with our financial institutions (who already have proven that they can’t be trusted) making security decisions that are good enough.  Good enough for their bottom line, but not good enough for our data.  I’m paranoid that our legislature won’t understand the cyber issues well enough to ensure we have laws in place to disclose breaches and protect our data.

    So?  Are you as paranoid as I am?  Do you think we’re doing enough to protect our financial data?  What do you think they should do to make it better?

  • Patch Lady – 31 days of Paranoia – Day 28

    Posted on October 29th, 2018 at 00:17 Susan Bradley Comment on the AskWoody Lounge

    Today’s paranoia topic is about hardening Windows… and specifically if Windows  7 is really more or less secure than Windows 10.

    For all that people do not like about Windows 10 privacy (or lack of) settings and telemetry, Windows 10 does have much more hardware based security that can be enabled than Windows 7 has.

    But therein lies the problem, many of this security goodness only kicks in if you have the right hardware, and the right operating system and the right knowledge to set it up right.  Take credential guard for example… it’s only in Enterprise sku.  Others like attack surface reduction rules only kick in as well with the Enterprise version.  1809 was supposed to get block suspicious behaviors but it was pulled at the last minute.

    So whenever you hear that Windows 10 is the most secure version of Windows ever… it is.  But…. depending on the version you have, you may not get all the features.

    One thing you can do is to “harden” the operating system by uninstalling any software added by the vendor during the OEM process you don’t use, or better yet, reinstalling the operating system from scratch before you use it.  Then you can use various tools to “de bloat” the games and other items from the operating system as well as possibly disable services.

    But I don’t recommend following that guidance without making a solid backup of your system before you start tweaking and making changes.

    So is Windows 10 the most secure operating system ever?  Sure.  But like most things in security, it takes work and nothing right out of the box is as secure as it can be.

  • Patch Lady – 31 days of Paranoia – Day 27

    Posted on October 28th, 2018 at 02:00 Susan Bradley Comment on the AskWoody Lounge

    I apologize in advance if I’m a bit controversial tonight.  In the last several days we’ve had horrific things occur in the United States and I think some of this bad stuff going on… or perhaps all of this… is enhanced by social media.  I have posted in and on online forums for many years and remember the days of nntp and newsgroups.  There were always good places to hang out and not so good places to hang out.  The anonymous nature of technology tended to encourage some folks to be a bit too brutal, a bit too honest, and a bit… well.. just too much.

    Fast forward twenty years to where twitter, facebook, Instagram and other platforms are deemed “mainstream” and I think the same issues we saw twenty years ago in the newsgroups – that where communication is broken down – is now in our daily lives.  And now what used to be a small small group of folks that you could easily ignore is now a much larger problem in society.

    In 2016, this page indicates that 87% of kids have witnessed cyberbullying.  Wow.  I wonder what that statistic is now.

    So I challenge all of us.. .including me, to do something tomorrow. Instead of using technology tomorrow, glance up at another human being and say Hi to them.  Keep your phone in your pocket and technology away from your fingertips and your head up tomorrow.

    Consider this an online hug from me, and here’s hoping something can be done.

     

  • Patch Lady – 31 days of Paranoia – Day 26

    Posted on October 27th, 2018 at 00:27 Susan Bradley Comment on the AskWoody Lounge

    Our next topic of paranoia is one that there is more paranoia than there is reality:  Being concerned about automobiles being hacked.  Sure there are headlines about attacks and threats, but is there truth and fact in these attacks?

    To be fair there is ample evidence to be concerned about the risks.  There have been clear demonstrations of cars taken over and remotely controlled.  But to be clear these hacks occurred after a long period of investigation.  The risk of cars…to me… is no different than the risk of the internet of things.  We have devices that you don’t normally think of needing updates and patches.  We have devices that are probably hard to patch (one doesn’t normally think of rebooting a car does one?)  We have a thing that most of us can’t service ourselves and must rely on the vendors and “consultants” (car dealers and mechanics) of varying quality that we have to rely on.

    Don’t get me wrong, I love the idea of driverless cars, of technology that can drive me automatically to where I want to go, of technology that will ensure that we can be mobile at any age of our lives.  But with every technology we build, there are always people that will want to make that technology not work.

    So when you buy a car and there is technology under the hood, ask about how that technology gets serviced.  Is it over the air patching?  Do you have to take the car to the dealer to get boards “flashed”?

    It’s time to ask hard questions of all of our vendors.

  • Patch Lady – 31 days of Paranoia – Day 25

    Posted on October 26th, 2018 at 00:23 Susan Bradley Comment on the AskWoody Lounge

    How many times has this happened to you?  You get a call and the person on the other end of the phone says you have a problem with your [computer, iPhone, apple device, technology].  They usually say that your device is alerting them that it is full of viruses.

    Their goal?  To either get on your machine or get your credit card from you and then steal money from you.  As noted on this FTC page,

    The scammers may then

    Ask you to give them remote access to your computer — which lets them access all information stored on it, and on any network connected to it

    Try to enroll you in a worthless computer maintenance or warranty program

    Install malware that gives them access to your computer and sensitive data, like user names and passwords

    Ask for credit card information so they can bill you for phony services or services available elsewhere for free

    Try to sell you software or repair services that are worthless or available elsewhere for free

    Direct you to websites and ask you to enter credit card, bank account, and other personal information

    How many of you try to play along and keep the scammers online?  I know some folks that purposely keep a virtual machine around and let scammers log into that and pretend to be really really dumb in regards to technology to keep the scammers online as much as possible.  I have often dragged them along for a time and then finally asked them if they feel right scamming people.  They promptly hang up.

    If you’ve let them on your system, make sure you scan your system with an antivirus program.  Cancel credit cards if you gave them any financial information.

    But just know that Microsoft never calls you, unless you’ve called them first.

  • Patch Lady – 31 days of Paranoia – Day 24

    Posted on October 24th, 2018 at 22:36 Susan Bradley Comment on the AskWoody Lounge

    Today Tim Cook spoke at a Privacy conference and asked that we set new policies for privacy.

    He asked for four things: 

    1.  the right to have personal data minimized;

    2.  the right for users to know what data is collected on them;

    3.  the right to access that data;

    4.  the right for that data to be kept securely.

    Online tracking is a big problem.  Big data is a big problem.  I always say if you don’t pay for something, you are the product.

    Watch Tim Cook’s speech here

    What do you want from your vendors in regards to privacy?  But can we trust our vendors to do the right things in regard to privacy?  Or should we push for more than even what our vendors what?