Newsletter Archives
-
Beware of Google’s .ZIP domain and password-embedded URLs
ISSUE 20.22 • 2023-05-29 PUBLIC DEFENDER
By Brian Livingston
The security community is up in arms, because Google this month started selling domain names with deceptive endings such as .zip and .mov.
Even worse, some browsers are allowing usernames and passwords to be embedded into URLs. This means following a link can expose users to viruses without any explicit action (such as clicking “OK”).
Internet-standards bodies years ago prohibited usernames and passwords in URLs — but hackers still do it.
Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
This story also appears in our public Newsletter. -
Browser security and privacy — with the right extensions
INTERNET
By Lance Whitney
Each browser offers its own settings for security and privacy, but you can often control these options better via third-party extensions.
Managing your online privacy and security is always a challenge, especially as you browse different websites where you shop, bank, invest, and sign in to accounts personal or professional.
Read the full story in our Plus Newsletter (20.20.0, 2023-05-15).
-
How to manage your browser cookies
INTERNET
By Lance Whitney
Browser cookies can be helpful or harmful, depending on how and why they’re used in your browser. The key lies in taking control of them.
You probably already know that Web browsers use cookies to save certain information. Over the years, cookies have developed a bad rep because many websites and advertisers use them to track your online activities for the purpose of sending you ads and other targeted content.
But cookies can also help you by storing key details at websites that you frequently use. The trick here is knowing which cookies are good and which are bad, and how to manage them in general.
Read the full story in our Plus Newsletter (20.16.0, 2023-04-17).
-
TPM 2.0, required by Windows 11, is hackable. Upgrade now?
PUBLIC DEFENDER
By Brian Livingston
Researchers have discovered flaws in TPM 2.0, a security microcontroller that Microsoft requires on a device (with exceptions) before Windows 11 will install. If your computer is affected, a hacker could bypass TPM’s security to read some of your data or overwrite cryptographic keys that the microcontroller is expected to contain safely.
The news isn’t all bad. There are many ways you and your devices may be immune.
Read the full story in our Plus Newsletter (20.12.0, 2023-03-20).
-
What to do before your phone is stolen
SECURITY
By Peter Deegan
Having your smartphone or tablet stolen is a traumatic event, but there are things you can do beforehand to make loss and replacement much less stressful, risky, and expensive.
I speak from experience. My iPhone was stolen last month, which was very annoying. But — because I’m a careful nerd — no files or data were lost. The thief was locked out of the smartphone in minutes.
There are things you should do to make loss of a device less traumatic and easier to recover from.
Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).
-
When you are flagged as malicious
ON SECURITY
By Susan Bradley
We rely too much on automated reporting in our security solutions.
Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.
Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.
Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).
-
Which antivirus solution is the best?
ON SECURITY
By Susan Bradley
Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.
Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.
Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).
-
Passwords don’t work — until they do
ON SECURITY
By Susan Bradley
Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.
The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.
Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).
-
Let your PC start the new year right!
ISSUE 20.01 • 2023-01-02 HARDWARE
By Ben Myers
Taking a little time now to check and proactively service your Windows PC thoroughly can pay off big time in the coming year.
Whether you’re planning to move to Windows 11 or stick with Windows 10, this easy-to-follow annual checkup is the preventive medicine that can help ensure that your PC begins 2023 in the best shape possible.
Read the full story in our Plus Newsletter (20.01.0, 2023-01-02).
-
The best tech secrets of 2022: AirTags, TikTok, Twitter, oh my
ISSUE 19.52 • 2022-12-26 Look for our BONUS issue on January 2, 2023! PUBLIC DEFENDER
By Brian Livingston
Amid my efforts to help you protect yourself against some rather aggressive technologies, I’m glad to report that there’s been at least some progress this year on the worst aspects of our “labor-saving” devices.
Please note: I’m not claiming that my columns by themselves caused any of the changes I describe below. I just report the problems. We can all celebrate when bad tech is improved, whoever may have developed a particular solution.
Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
This story also appears in our public Newsletter. -
Finding good security information
ON SECURITY
By Susan Bradley
I do this so you don’t have to.
And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.
Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.
Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
-
Be watchful for scams in the forums
FROM THE FORUMS
By Susan Bradley
Last week, there was an incident in the forums that was unexpected and of some concern.
Someone (let’s codename the person “Rogue”) signed up for a Plus membership, then used it to send direct messages (DMs) to several other members. The DM contained a solicitation.
I took immediate action.
Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
This story also appears in our public Newsletter.