Newsletter Archives

  • Finding good security information

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    I do this so you don’t have to.

    And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.

    Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.

    Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).

  • Happy Holidays 2022

    Happy holidays to all and hope everyone around the world has had a great and safe morning no matter where you are or what you celebrate.

    Today is the day I make one of my favorite breakfast recipes. And of course, while I could go find the cookbook on the shelf, like any good geek, I just googled it. Or rather duck duck go’d it.  (Sorry duck, you are going to have to work on your naming as it just doesn’t roll off the tongue.

    Here’s hoping you have a wonderful holiday season, always have batteries on hand, always have power on hand, always have lit up Christmas trees and no burnt out bulbs and above all else, always have a helpful community to help you through any questions that life, or technology may throw your way.

    Thanks to all our readers and forum participants.


  • So did you buy a new computer or laptop this season?

    What did you buy?  What brand did you buy and why?  What specs?  Hard drive, memory?

    Where did you buy it?  Several of my friends buy electronics at Costco because of the return policy.

    One thing that I’m sad to see in the marketplace is that while you can find Chromebooks, the market for Linux based laptops and desktops is moved back to niche brands and a bit more expensive business machines and not affordable (i.e. cheap) home versions. Yes you can put it on older laptops that are aging away from Windows 7 and 8.1 but it’s also nice to see a healthy ecosystem of cheaper Linux based laptops geared towards the home market.

    So what did you buy? Why did you buy it? Where did you buy it?

  • If you use LastPass…. read on

    So there is a bit of disturbing read on the LastPass situation

    Read this first.

    also a bit of commentary from a Security expert on the topic:

    Ask yourself…. do you have two factor authentation set up on your LastPass? I have Yubikey as a second factor on my password manager.

    If you use LastPass and do not have two factor enabled, ensure that you change your master password. Add two factor authentication to any cloud based password manager.

    Don’t get rid of a password manager, just make sure it’s appropriately protected. We will cover more on how best to protect your passwords in a future newsletter.

  • Patching year 2022 comes to a close

    newsletter banner

    ISSUE 19.51 • 2022-12-19

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Every vendor brought us a lump of coal.

    No matter which platform you use, we are closing out a year in which we have been very vulnerable. From Microsoft to Apple to our firewall vendors — and even to Linux distros such as Ubuntu and Mint — just about every vendor has ended the year with patches, vulnerabilities unfixed, and new releases.

    Read the full story in our Plus Newsletter (19.51.0, 2022-12-19).
    This story also appears in our public Newsletter.

  • So when do you decide to update?

    So there’s a pending update. It has security components. Should you update immediately? Well if you are a regular AskWoody reader you’d know what that answer is. Tonight’s tip for the weekend is not about what you should do if you run Windows, rather it’s about what to do if you run the Apple platform.

    Unless you’ve set your machine to automatically install updates, you can see that you’ll be reminded/prompted that Ventura 13.1 is ready to be installed if you’ve already installed Ventura 13. But should you install Ventura in the first place?

    .

    First you need to ask yourself – do you have a backup? Should something happen with the update or should the hard drive fail for any reason, you want to make sure you have a backup. So first review if your backup has been working. On the Apple platform you can either use the built in time vault or use a third party program to back up your computer. Next no matter the platform I make sure I test how to restore at least a file. It may feel a bit extreme to test restore an entire machine, but at a minimum you should delete a few files and then test restoring those files.

    Ventura includes improvements to search in Messages, an option to play a sound in the Find My app to locate AirTags, AirPods Pro, and ‌Find My‌ network accessories, plus there are several bug fixes.

    Now just like in the Microsoft universe, there is no need to install major updates right away. Especially in business and University settings, some are still saying to hold off and not install Ventura on your Apple systems. And of course the more you hold back, the more the vendor puts back those items that they removed and people wanted back.

    Bottom line, no matter what the platform, have a backup. Don’t jump to a new release too quickly. Take the advice from this site no matter the platform and don’t be first in updating your system.

  • Master Patch List as of December 13, 2022

    MS-DEFCON 2

    #PatchTuesday

    Business patchers:  Microsoft has indicated that they fixed the memory issue with the LSASS patch but still waiting for community confirmation.

    Consumers:  Defer updates at this time.  The secure boot patch KB5012170 has been released to apply to Windows 10 and 11 22H2 so be sure to defer it as well.

    I’ve updated the Master Patch List for Tuesday’s releases.

    It’s too soon at this time for consumers to be making recommendations, I’m still watching for issues.

    For businesses, the impact to look out for and keep an eye on are the Kerberos related patches.  Microsoft has indicated that the memory leak issues introduced in last month’s Kerberos updates have been fixed but I am still waiting for community confirmation.

    As a reminder

    • Windows 11 22H2: Not recommended
    • Windows 11 21H2: If you have a Windows 11 PC, recommended
    • Windows 10 22H2: Recommended
    • Windows 10 21H2: Recommended (if a vendor won’t support 22H2)

    As always, thank you all for supporting the cause! Remember a donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Final patches for 2022

    #PatchTuesday and MicrosoftCentric

    It’s the final patches for 2022 for those of you in the Microsoft centric world

    But don’t just think operating systems….. Firefox is out with Version 108

    Citrix is recommending you update Citrix ADC and Gateway 

    Fortinet is patching a zero day in FortiOS SSL VPNs

    No matter what OS you have, take this week to review your vulnerabilities.

    I’ll link up to the patches once they come out – and remember I’ll have full detailed guidance in the next newsletter.

    Looks like .net security updates this month.

    Our dear dear friend the lovely secure boot patch KB5012170 has been released to apply to Windows 10 22H2.

    PK reports that searching in the Microsoft catalog site appears to be wonky – you can search by KB but searching by 2022-12 gives you results that don’t make sense. Apparently the Outlook search team is branching out to the Catalog site?

  • Tame your tech: Office

    OFFICE

    Susan Bradley

    By Susan Bradley

    We all have a love/hate relationship with Microsoft Office.

    Chances are, Word is not the first word processing program you started with. It’s the one that took over and became the de facto standard, dominating the market. (If you work in an attorney’s office, it’s possible you’re still using WordPerfect, because the company did excellent marketing to that segment.)

    My first — and, quite frankly, still the easiest — word-processing program was pfs:Write. Back when Lotus 1-2-3 was our go-to spreadsheet, pfs:Write was our go-to word-processing program. But, alas, today’s article won’t wax poetic about an old piece of software. Instead, we’ll once again try to tame technology that wants to do things its way, not your way.

    Read the full story in our Plus Newsletter (19.50.0, 2022-12-12).

  • So you are looking for a Windows 10 pro key?

    So the other day I was upgrading a Windows 10 home to pro and found it interesting the ‘current’ way one has to upgrade to Windows 10 professional.

    In the past I’ve been able to get the key online – even through the Microsoft store and apply it to the Windows 10 Home.  You go into system, about and there’s a button there to “Change product key or upgrade your edition of Windows”  On the recent Windows 10 Home I was assisting with, there was an option to enter a key or buy a key from the Microsoft store.

    If you buy a key through the Microsoft store it ties it to a Microsoft account and I could not find where it sent the product key code separately.

    Q: Where can I find my Product Key?

    A: Your Product Key will be provided with your purchase. However, if you need to find it again it is included on your confirmation email or in your Digital Content.

    To find your Product Key:

    Sign in with your Microsoft account.

    In the menu select Digital Content

    Find your Windows 10 purchase and you can see your Product Key

    Hmmmm not that I can see.  There is no “digital content” only orders.  This doesn’t exist anymore.  I do see my order.  I don’t see a separate product key.

    So the good news is that clearly you can get the home to pro upgrade, but you’ll need at least a temporary Microsoft account.  My guess is that once you remove the Microsoft account from your computer it would roll back to Home sku.

    Amazon only showcases a 11 home to pro upgrade key.

    Go out to google and you get what I call “Malware roulette”. When the price tag of the upgrade is ridiculously low, I treat it with EXTREME caution and distrust.

    So bottom line there is a way still to purchase a key code to go from Home to Pro.   Sort of.  Kinda of.  With a catch of a Microsoft account.

    Update as of 12-11-2022

    Just tested purchasing a Windows 10 Home to Pro key with B&H photo online.

    Within about 30 minutes of purchasing a key I got an email that included the upgrade key.  Bottom line there is still places online that sell keys that I don’t feel are slimy and will send you A KEY.

    Dear ASKWOODYTECH,Thank you for your purchase from B&H.

    Here is your download link and installation instructions:

     

    Thank you for purchasing this Microsoft product!

    • Below is your product key which is used to activate your Microsoft product. To upgrade from Windows 10 Home to Pro follow these instructions. Search the word ?Activation? in the Windows search bar. You will see the option Activation Settings UI. Select that option and click on Change Product Key. Enter the license key that you received in this email.
  • MS-DEFCON 2: The maintenance window for Windows closes

    alert banner

    ISSUE 19.49.1 • 2022-12-08
    MS-DEFCON 2

    By Susan Bradley

    This is your last call to install updates.

    Businesses typically have a concept in their information technology divisions about maintenance windows. It’s a period of time set aside to install updates, review computer systems, and in general ensure that everything is working as it should.

    Consumers and home users should follow a similar concept. Devote a period of time, no matter the platform, to ensure that your devices are working as they should. Then let your maintenance window close. That’s why I’m raising the MS-DEFCON level to 2 — with fresh updates due next week, get the current updates installed now.

    Everyone can read the full MS-DEFCON Alert (19.49.1, 2022-12-08).

  • Why can’t Windows provide their own drive partition tool?

    Tonight I will ask the pondering question of why…. why can’t Microsoft/Windows provide a native tool that properly partitions drives?

    If you want to merely expand a drive and there’s no other space next to where you want to expand, no problem. But if the drive isn’t quite set up right, you have to go to a third party Linux based tool to resize, expand, etc etc.

    Some of the ones I’ve used include:

    MiniTool

    EaseUS

    Paragon

    All of them work well.

    But why, Microsoft?  Why can’t in the year 2022, why can’t you natively include a tool to handle what I consider to be … well…. basic?

    When have I used tools like this?

    On physical machines where I’ve moved to a new SSD drive and suddenly I find that I can’t expand the bigger area because of some OEM partition left behind.

    On virtual machines where it won’t let me expand the C drive.  (Just had to do this the other day on a domain controller)

    To me this just seems like something you should be able to do at 37 years of age.

    What do you think?