Blog Archives

• Hybrid attack can extract data from inert RAM

  Posted on November 11th, 2019 at 01:10 Tracey Capen Comment on the AskWoody Lounge

  LANGALIST

  By Fred Langa

  It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC.

  Specialized attacks on memory modules can reveal working passwords and cryptographic keys still stored random-access memory, possibly allowing malicious hackers to bypass encryption services such as BitLocker, VeraCrypt, FileVault, and others!

  Plus: Disabling Windows Firewall and its nags.

  Read the full story in AskWoody Plus Newsletter 16.41.0 (2019-11-11).

  LangaList AskWoody Plus Newsletter, RAM attacks, security, Windows notifications

• Freeware Spotlight — CipherShed

  Posted on July 8th, 2019 at 01:00 Tracey Capen Comment on the AskWoody Lounge

  Best Utilities

  By Deanna McElveen

  In a digital world that’s becoming increasingly less safe, data encryption is one of the better tools for keeping cyber thieves at bay.

  That’s especially true if you travel with a laptop or a flash drive — just imagine the damage you might incur if your device were lost or stolen. But keeping sensitive files, folders, and/or entire disks encrypted will make your files inaccessible to the device’s “new owner.”

  Read the full story in the AskWoody Plus Newsletter 16.25.0 (2019-07-08).

  AskWoody Plus Newsletter, Utilities AskWoody Plus Newsletter, CipherShed, encryption, security

• Windows 7: Preparing for an uncertain future

  Posted on July 1st, 2019 at 01:15 Tracey Capen Comment on the AskWoody Lounge

  ON SECURITY

  By Susan Bradley

  By now every Win7 user should know that official support for the venerable OS ends next year.

  The final updates should go out on January 14, 2020 (more MS info) — at least they’ll end for those of us who don’t have deep corporate pockets to pay for extra patches.

  Read the full story in the AskWoody Plus Newsletter 16.24.0 (2019-07-01).

  On Security, Windows 7 AskWoody Plus Newsletter, safety, security, updates, windows 7

• Really useful Windows 10 features

  Posted on July 1st, 2019 at 01:00 Tracey Capen Comment on the AskWoody Lounge

  WINDOWS 10

  By Amy Babinchak

  When Microsoft releases a new version of Windows, I’ll bet lots of users don’t bother to investigate the changes and new features — unless Microsoft moved the users’ cheese.

  Then I hear from clients, complaining that something in the UI is different and they’re not happy with the change. After upgrades, most Windows users tend to just continue doing what they’ve always done. And that’s too bad, because some of the new features are truly useful.

  Read the full story in the AskWoody Plus Newsletter 16.24.0 (2019-07-01).

  Windows 10 AskWoody Plus Newsletter, clipboard, fonts, night light, security, Windows 10

• Microsoft security’s unseemly jab at Google

  Posted on October 19th, 2017 at 08:29 woody Comment on the AskWoody Lounge

  In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

  Catalin Cimpanu at Bleepingcomputer boils it down:

  The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

  It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

  Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

  Paul Thurrott has a great article, turning Microsoft’s old words against itself.

  What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

  It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

  If you’re interested in browser security, I suggest you read it.

  Windows Patches/Security Browser security, Google, Microsoft, security

• Snapchat’s new Snap Map shares your location

  Posted on June 23rd, 2017 at 02:51 Kirsty Comment on the AskWoody Lounge

  A furore has erupted over Snapchat’s new location-sharing Snap Map – unless you set the app to “Ghost Mode”, your location is shared with your contacts.

  We’ve built a whole new way to explore the world! See what’s happening, find your friends, and get inspired to go on an adventure!

  It’s easy to get started — just pinch to zoom out and view the Map! You decide if you want to share your location with friends, or simply keep it to yourself with Ghost Mode.

  If your friends are sharing their location with you, their Actionmoji will appear on the Map. Actionmojis only update when you open Snapchat.

  We hope you enjoy the new Map as much as we do!
  Happy Snapping!
  Team Snap

  Many are retweeting instructions on how to set the Ghost Mode, while many are debating why anyone thought this was a safe idea…

  If you are using Snapchat, please check your settings now.

  Other PSA, security, Snapchat

• The Dangers of Posting Your X-Rays to Social Media

  Posted on June 16th, 2017 at 02:53 Kirsty Comment on the AskWoody Lounge

  Malwarebytes Labs published a post by William Tsing on June 9, 2017, explaining the problems that can occur when x-rays are shared online.

  The problem stems from the private details of both the patient and the hospital that are shown on x-rays. Most contain the patient’s full name, date of birth, and sometimes their Social Security Number, and will often contain the name of the medical facility that took the x-ray.

  The information can be used together to enable either identity theft or doxing, but it could also be used to jeopardise the security of the network of the medical facility. Personally, the name of the hospital would give your location, to add to your name and date of birth, and could be used to access property tax, tax or voting records. For the hospital, a networked x-ray machine connected to the internet could be identified in the x-ray details, which could be used to access the system. Malwarebytes were able to gain a lot of information from one x-ray they checked.

  “Yikes. Medical infrastructure security has problems. A lot of problems. But while the responsibility for an insecure network lies with the organization running it, posting photos that have exploitable information is also not a great thing. Given that vulnerabilities in the medical space can have catastrophic consequences, we should take extra care before exposing any data from inside a hospital or doctor’s office.”

  If you really must share an x-ray online, crop it first, so no identifying information remains. Read the full article on blog.malwarebytes.com

  Other Malwarebytes, security

• How Windows 10 data collection trades privacy for security

  Posted on December 2nd, 2016 at 13:56 woody Comment on the AskWoody Lounge

  Excellent article from Fahmida Rashid, in InfoWorld.

  As you read it, keep in mind that Win10 Home and Pro are considered to be “consumer” versions. The snooping protections Fahmida describes are only available with Enterprise Win10.

  In other words, if you aren’t paying for Windows by the month, you’re in the “consumer” category.

  Windows Patches/Security security, Windows 10 snooping