Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of Paranoia – Day 17

    Posted on October 18th, 2018 at 00:12 Susan Bradley Comment on the AskWoody Lounge

    So you know you’ve been hacked.  Now what?  You can tell your passwords have been reset and you can’t get into your accounts.  You have evidence that a bank account has had funds transferred without your permission.  What can you do?

    Well it honestly depends on exactly the level and damage of the attack.  Financial crimes have a higher impact and thus will often get action.  Low impact crimes, for example where someone is spoofing you online and pretending to be you in Facebook and asking for “friend” requests won’t get police action.

    But what can you do to at least make authorities aware of the problem?  Obviously with any hacking or cyber activity that has a financial impact, immediately call your financial institution.  They can change bank account numbers, put in place positive pay processes to ensure that no authorized transactions get made without your explicit permission.   For high impact intrusions you can contact the FBI or the Secret Service or the Internet Crime Complaint Center.  For lesser impactful attacks you have much less options.

    Think the cyber attack is originating from Azure, or Amazon Web Services?  You can contact them.  And that’s often the best place to start.  See if you can determine where the attack originated from and contact the hoster or ISP that  the attack came from.  Often you can narrow this down by reviewing email header files.

    Tomorrow I’ll talk about the ways you can recover from an attack and some of the investigation tools you can use on machines.

  • Patch Lady – 31 days of Paranoia – Day 16

    Posted on October 16th, 2018 at 23:23 Susan Bradley Comment on the AskWoody Lounge

    Today we live in a world where recording devices are ubiquitous.  There are recording devices on public streets, recording devices in the door bells of houses, and in general, there is often a video recording that Authorities can obtain to gain more information.  California has a law that states….

    California’s wiretapping law is a “two-party consent” law. California makes it a crime to record or eavesdrop on any confidential communication, including a private conversation or telephone call, without the consent of all parties to the conversation. See Cal. Penal Code § 632. The statute applies to “confidential communications” — i.e., conversations in which one of the parties has an objectively reasonable expectation that no one is listening in or overhearing the conversation. See Flanagan v. Flanagan, 41 P.3d 575, 576-77, 578-82 (Cal. 2002).  A California appellate court has ruled that this statute applies to the use of hidden video cameras to record conversations as well. See California v. Gibbons, 215 Cal. App. 3d 1204 (Cal Ct. App. 1989).

    If you are recording someone without their knowledge in a public or semi-public place like a street or restaurant, the person whom you’re recording may or may not have “an objectively reasonable expectation that no one is listening in or overhearing the conversation,” and the reasonableness of the expectation would depend on the particular factual circumstances.  Therefore, you cannot necessarily assume that you are in the clear simply because you are in a public place.

    If you are operating in California, you should always get the consent of all parties before recording any conversation that common sense tells you might be “private” or “confidential.” In addition to subjecting you to criminal prosecution, violating the California wiretapping law can expose you to a civil lawsuit for damages by an injured party.

    If you have security cameras in a location where there is no expectation of privacy – out in the street in front of your house – you would not be under a wiretapping law.  However if your security cameras are inside your house, there is an expectation of privacy and thus wiretapping laws would come into play.  Now let’s layer on how some of these video cameras have less than stellar security and now layer on the ability to search for such internet of things devices through a specially crafted search browser, it’s no wonder that we’re all a bit paranoid these days.  Make no mistake, video cameras often help law enforcement put evidence together.  Case in point a local homicide in my City was able to spot an assailant’s truck in several videos captured by surrounding homes and businesses and was able to use the video as additional evidence of proof that the assailant was in the area where the homicide occurred.  So video capturing helps a great deal.  BUT… as with all technology – it can be abused both in terms of privacy and as well as being used by attackers.

    If you set up a home video camera consider the vendor security features:  Make sure it doesn’t have embedded passwords, demands complex passwords, can be updated relatively easily among other things.

    Cameras can help make you safer, but they can also introduce security risks as well.

  • Patch Lady – 31 days of Paranoia – Day 15

    Posted on October 15th, 2018 at 23:15 Susan Bradley Comment on the AskWoody Lounge

    We’re on the 15th day of our travels through paranoia and on the day that Paul Allen, one of the founders of Microsoft passed away, I’m touching on the next big disruptor that the Microsoft company is increasingly implementing:  That of cloud services.

    Paul Allen and Bill Gates took mainframe computers from locked away in a freezing room only accessible by the few to where nearly everyone has more power in their desktop and laptop than the old mainframes used to have.  The next disruptor is cloud services.  Especially for small firms, my biggest fear for small businesses that rely on cloud computing is that we won’t get solid guidance on how best to secure and deploy cloud services.

    Too often people see cloud services as easy to set up, and they are, but they don’t take the time to think about security.  I have personally seen where users of cloud services will often share credentials to another person without thinking of the risk of sharing credentials.  I’ve seen where consultants can misconfigure settings or – as often seen in big cloud breaches – leave files in cloud locations and not set the file security properly.

    There’s a lot of good things about cloud services.  And then there’s a lot of risks to cloud services.  Always ask and check on how easy it is move FROM a cloud provider, check on the encryption status, check on the backup status.  And these days I’m seeing more and more vendors providing cloud backup solutions to give users more granular options in restoring files saved in the cloud.

    So read those end user license agreements, and ask questions of your vendors before you sign up.

  • Patch Lady – 31 days of Paranoia – Day 14

    Posted on October 15th, 2018 at 00:34 Susan Bradley Comment on the AskWoody Lounge

    If you have a bit of time on your hands, take a stroll through the FBI’s most wanted for Cyber security attacks.  You’ll find Russian hackers targeting our elections as well as one gentleman who

    is allegedly a North Korean computer programmer who is part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history, including the cyber attack on Sony Pictures Entertainment, a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars, and the WannaCry ransomware attack that affected tens of thousands of computer systems across the globe.


    Park was alleged to be a participant in a wide-ranging criminal conspiracy undertaken by a group of hackers employed by a company that was operated by the North Korean government.  The front company – Chosun Expo Joint Venture, also known as Korea Expo Joint Venture – was affiliated with Lab 110, one of the North Korean government’s hacking organizations.  That hacking group is what some private cybersecurity researchers have labeled the “Lazarus Group.”  On June 8, 2018, a federal arrest warrant was issued for Park Jin Hyok in the United States District Court, Central District of California, after he was charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud (computer intrusion).

    The NHS was impacted to an estimated 92 million pounds (assuming I have my monetary naming correct).  The disturbing concern of WannaCry was that most were impacted by the ransomware attack due to the fact that they had not installed updates to protect from the Eternal Blue exploit.  The patch was available but many had not yet installed it for various reasons.

    Yet today we are in a position where many are concerned to patch as well.  Vendor drivers were inadvertently pushed out this week causing some to lose audio (1) and blaming patching as the root cause.  This is now the second such driver related issues with this month’s patching (Woody already posted about the first).  This still gets back to a root cause of loss of trust.  If we cannot trust our vendors, we will place ourselves in a position where cyber villains can get to us.


    Earlier this week, Intel unintentionally released version of the Intel Smart Sound Technology (ISST) Driver through Windows Update, and inadvertently offered it to a range of devices running Window 10 version 1803 or 1809. If your device contained a compatible audio driver, the new driver overrode it and caused audio to stop working.

  • Patch Lady – 31 days of Paranoia – Day 13

    Posted on October 14th, 2018 at 02:16 Susan Bradley Comment on the AskWoody Lounge

    Today I want to review browsers and application safety.  On the heels of Woody’s post about the Microsoft Store offering it’s wise to add a healthy dose of paranoia when surfing and picking software to install on your system.

    The FBI put together a video to warn those running for office to not be tricked into running or installing malicious code on your system.  As noted in the video when you install your browser, you want to check it’s settings:

    Disable autofill, remembering passwords, and browsing histories.

    Do not accept cookies from third parties.

    Clear all forms of browser history when closing the browser.

    Block ad tracking.

    Enable ‘do not track’ requests to be sent to websites.

    Disable browser data collection.

    When certificates are requested, ensure the browser requests your permission to provide them.

    Disable cache (or storing) of web pages or other content, or set the cache size to zero.

    Enable browser capabilities to block malicious, deceptive or dangerous content.

    And while you are checking out your browser, there are a couple of new kids on the block that you might want to check out.  Both have a musical name…. Opera is one…. Vivaldi is the other.

    Check them out!

  • Patch Lady – 31 days of paranoia – day 12

    Posted on October 12th, 2018 at 23:10 Susan Bradley Comment on the AskWoody Lounge

    We are at day 12 of our month long trip through paranoia.  Today our topic is about routers and specifically router hardening.  No matter if your router is provided by your Internet Service Provider or you purchased it, there are a few steps to take to ensure that you are as secure as you could be.  Many of these steps are covered in this FBI video.

    First if the router is provided by your ISP, often they enable guest access.  I make a rule to find the section of the router that Comcast enables their allowed access and disable it.  Next I reset all default passwords of the router and ensure that the router can not be accessed externally.

    Then I ask myself… how long have I had this router?  If you can’t remember when your ISP provided it to you, or when you purchased it, it’s time to contact your ISP and inquire about a hardware upgrade.  Often you need a hardware upgrade, but they forgot to tell you that you need a replacement.

    Review your wifi security settings and ensure that they are as secure as they could be.  Ensure they are set to be at least WPA2.

    Routers can be used by attackers in all sorts of ways.  As noted in the video:

    Bad actors could watch your Internet traffic and see or steal your sensitive data.

    Bad actors could send a simple command to your router and permanently disable it.

    Bad actors could use your router to launch a network attack on another device.

    Time to review how your router is setup and how secure it is.

    How well is yours set up?


  • Patch Lady – 31 days of paranoia – day 11

    Posted on October 11th, 2018 at 22:05 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here with paranoia of day 11.  Have you ever checked to see if your password has been discovered by attackers and is known by them?  There is a site called “https://haveibeenpwned.com/” that has accumulated many email addresses and passwords that have been in data breaches.  The site checks to see if any password of yours has been discovered.  Recently Brian Krebs has had several stories about how phishing emails have been sent with old passwords being used in the email to frighten you into thinking the attackers had some information about you.

    Pwned or being owned, is slang for the process of taking over your account.  The database showcases the sites and databases that were exposed in databreaches.  You can then think of all the times you used THAT password on a web site and determine how many sites might be compromised.  Better yet using a password management program can ensure that you can use strong passwords or passphrases.  Changing passwords and adding multi factor authentication is one of the key things you can do on any cloud service you are concerned about.  

    So?  Did you find your passwords have been breached?

  • Patch Lady – 31 days of paranoia – day 10

    Posted on October 10th, 2018 at 22:52 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here – I wasn’t going to do a post on Patching with a paranoid theme in mind until later in the month but several articles and the fact that this week is the 15 year anniversary of when we moved to a second Tuesday of the month routine prompted me to write this now.

    Today two more tech journalists have joined myself, Woody and others in tilting at the windmill, better known as Microsoft.

    Ed Bott and Mary Jo Foley added to the choir of voices asking Microsoft to slow down and focus on quality, not quantity.  I remember a time years ago that patches came out at any time, any hour and I had to review if I was at risk of attack and consider installing updates during lunchtime and rebooting our office server to ensure that I was protected.  Now we are at a point in time that no prudent person alive would install updates on the day they come out.  Even worst, most prudent folks are waiting at least a week or longer.  That’s making me very paranoid that we are going to have a very bad security issue arise because we aren’t patching.

    Make no mistake I strongly still believe that there are good people that work inside of Microsoft that care about consumers, that care about patch quality, that care about feature release quality.  But if I let my paranoia take over, and look at the focus on Azure, and know that once everything is packaged in a format that will run in a browser, then the desktop becomes irrelevant.

    In patching there is a point in time where the risk of installing the patch and the resulting side effects is less than the risk of the attack that the patch is protecting you from.  It’s that point in the middle where the scale tips away from patch pain to risk of attack that is the perfect point of installing updates.  Microsoft tries to be the system administrator for all home users and any small (or even medium) business that is looking to Microsoft update for their updates.  Right now I’m paranoid enough to say publicly that they are failing badly.

    I don’t even have to wrap my head with aluminum foil to know that the worse thing that can happen to a computer user is to reboot their computer after an update and have it not boot.  Yet that’s what happened to some in January of this year.  I don’t have to add to my paranoia of lack of backups to be concerned when users lose data during a process that should them bring excitement to their computing experience.  Once upon a time I knew people that camped out overnight at Best Buy to get the latest version of Windows.  Now we have people losing data when they get a feature release.  The fact that the amount of people impacted was not a material amount was just luck.  The second of the two data loss bugs (the one they fixed in KB4464330) had the potential to hit a lot of Enterprises if they hadn’t found that bug.

    My biggest paranoia about patching today is that all of this paranoia about patching is no longer irrational paranoia over immaterial corner cases that the vast majority of people would never hit.  My biggest paranoia is that more and more people will stop updating because of the reality that we are seeing.

    I’m also paranoid that folks in the insider program will overstate the severity of their bugs to the point that adding a severity rating to every bug will make no difference and once again we will have bugs that hurt lost in the firehose of feedback and upvoting.

    Microsoft needs to take a severe action like moving feature release cadence to once a year to showcase that they too want to stop the paranoia over patching and make us feel comfortable again.

    I remember when we had horrible patch quality.  I remember when we had patches released without a solid release schedule.  I remember when patches were pulled back, had to be redone.  And I feel paranoid that we are back to where we started 15 years ago.