Newsletter Archives

• Beware of Google’s .ZIP domain and password-embedded URLs

  Posted on May 29, 2023 at 02:45 CDT by B. Livingston • Comment in the Forums

  

  ISSUE 20.22 • 2023-05-29

  PUBLIC DEFENDER

  

  By Brian Livingston

  The security community is up in arms, because Google this month started selling domain names with deceptive endings such as .zip and .mov.

  Even worse, some browsers are allowing usernames and passwords to be embedded into URLs. This means following a link can expose users to viruses without any explicit action (such as clicking “OK”).

  Internet-standards bodies years ago prohibited usernames and passwords in URLs — but hackers still do it.

  Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
  This story also appears in our public Newsletter.

  Public Defender Domain names, Google, Internet, Newsletters, security

• Browser security and privacy — with the right extensions

  Posted on May 15, 2023 at 02:44 CDT by Lance Whitney • Comment in the Forums

  INTERNET

  

  By Lance Whitney

  Each browser offers its own settings for security and privacy, but you can often control these options better via third-party extensions.

  Managing your online privacy and security is always a challenge, especially as you browse different websites where you shop, bank, invest, and sign in to accounts personal or professional.

  Read the full story in our Plus Newsletter (20.20.0, 2023-05-15).

  Internet Browser Extensions, Internet tracking, Newsletters, privacy, security, Web Browsers

• How to manage your browser cookies

  Posted on April 17, 2023 at 02:44 CDT by Lance Whitney • Comment in the Forums

  INTERNET

  

  By Lance Whitney

  Browser cookies can be helpful or harmful, depending on how and why they’re used in your browser. The key lies in taking control of them.

  You probably already know that Web browsers use cookies to save certain information. Over the years, cookies have developed a bad rep because many websites and advertisers use them to track your online activities for the purpose of sending you ads and other targeted content.

  But cookies can also help you by storing key details at websites that you frequently use. The trick here is knowing which cookies are good and which are bad, and how to manage them in general.

  Read the full story in our Plus Newsletter (20.16.0, 2023-04-17).

  Internet Android, Chrome, Cookies, Edge, Firefox, iOS, Newsletters, privacy, Safari, security, Web Browsers, Windows

• TPM 2.0, required by Windows 11, is hackable. Upgrade now?

  Posted on March 20, 2023 at 02:43 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  Researchers have discovered flaws in TPM 2.0, a security microcontroller that Microsoft requires on a device (with exceptions) before Windows 11 will install. If your computer is affected, a hacker could bypass TPM’s security to read some of your data or overwrite cryptographic keys that the microcontroller is expected to contain safely.

  The news isn’t all bad. There are many ways you and your devices may be immune.

  Read the full story in our Plus Newsletter (20.12.0, 2023-03-20).

  Public Defender Newsletters, security, TPM, TPM 2.0, Trusted Platform Module, Vulnerability

• What to do before your phone is stolen

  Posted on March 6, 2023 at 02:43 CST by Peter Deegan • Comment in the Forums

  SECURITY

  

  By Peter Deegan

  Having your smartphone or tablet stolen is a traumatic event, but there are things you can do beforehand to make loss and replacement much less stressful, risky, and expensive.

  I speak from experience. My iPhone was stolen last month, which was very annoying. But — because I’m a careful nerd — no files or data were lost. The thief was locked out of the smartphone in minutes.

  There are things you should do to make loss of a device less traumatic and easier to recover from.

  Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).

  Security Lost Phone, Newsletters, security, smartphones

• When you are flagged as malicious

  Posted on March 6, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  We rely too much on automated reporting in our security solutions.

  Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.

  Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.

  Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).

  On Security Abuse Reporting, false positive, Flagged websites, Newsletters, Patch Lady Posts, security

• Which antivirus solution is the best?

  Posted on February 13, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.

  Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.

  Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).

  On Security antivirus, Newsletters, Patch Lady Posts, security, Software

• Passwords don’t work — until they do

  Posted on January 30, 2023 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.

  The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.

  Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).

  On Security Hardware Keys, Newsletters, passwords, Patch Lady Posts, security, Security Tokens

• Let your PC start the new year right!

  Posted on January 2, 2023 at 02:45 CST by Ben Myers • Comment in the Forums

  

  ISSUE 20.01 • 2023-01-02

  HARDWARE

  

  By Ben Myers

  Taking a little time now to check and proactively service your Windows PC thoroughly can pay off big time in the coming year.

  Whether you’re planning to move to Windows 11 or stick with Windows 10, this easy-to-follow annual checkup is the preventive medicine that can help ensure that your PC begins 2023 in the best shape possible.

  Read the full story in our Plus Newsletter (20.01.0, 2023-01-02).

  Hardware Backups, Drive maintenance, hardware, Networking, Newsletters, PC maintenance, security

• The best tech secrets of 2022: AirTags, TikTok, Twitter, oh my

  Posted on December 26, 2022 at 02:45 CST by B. Livingston • Comment in the Forums

  

  ISSUE 19.52 • 2022-12-26

  Look for our BONUS issue on January 2, 2023!

  PUBLIC DEFENDER

  

  By Brian Livingston

  Amid my efforts to help you protect yourself against some rather aggressive technologies, I’m glad to report that there’s been at least some progress this year on the worst aspects of our “labor-saving” devices.

  Please note: I’m not claiming that my columns by themselves caused any of the changes I describe below. I just report the problems. We can all celebrate when bad tech is improved, whoever may have developed a particular solution.

  Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
  This story also appears in our public Newsletter.

  Public Defender AirTags, Cryptocurrency, Newsletters, NFT, privacy, security, Surveillance, TikTok, Twitter

• Finding good security information

  Posted on December 26, 2022 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  I do this so you don’t have to.

  And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.

  Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.

  Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).

  On Security Newsletters, Patch Lady Posts, security, Sources

• Be watchful for scams in the forums

  Posted on November 21, 2022 at 02:44 CST by Susan Bradley • Comment in the Forums

  FROM THE FORUMS

  

  By Susan Bradley

  Last week, there was an incident in the forums that was unexpected and of some concern.

  Someone (let’s codename the person “Rogue”) signed up for a Plus membership, then used it to send direct messages (DMs) to several other members. The DM contained a solicitation.

  I took immediate action.

  Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
  This story also appears in our public Newsletter.

  From the Forums Forums, privacy, scams, security
• « Older Entries