2015-05-04 WTKM Talking Points (May 4th 2015)

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. It's 2015 and half a million people still click on stuff we knew was bad in the '90s. Users should stick to MS's decade-old advice and avoid executing macros

Have an LG cell phone? Running LG's Monitor software? If Yes to both your PC is at risk! LG Monitor disables UAC (User Account Control)..

Dell System Detect: All versions older than 6.0.14 are easily hacked! DSD does not get automatically updated, even if Dell's updater is running!

Motorola's DOCSIS 3.0 SBG 6580 cable broadband modem is very easy to hack! Could open your computer to the Internet. Arris, a spin-off brand, has same problem.

Verizon's Risk Assessment Team says that 2 out of 3 times a computer gets hacked the reason was a weak password. Runner-ups are clicking on links in emails and opening attachments.

If someone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM! 

Download portals (cnet.com, download.com et al) are huge malware slingers.
 
Have your DNS settings been tampered with? Test here (but know what is correct…).

Hackers move away from Java and to Adobe Flash. Check version and update! Per 5-03-15 version 18.0.0.95 is most current. Beware: Many false downloads!

2015-04-06 WTKM Talking Points (April 6th 2015)

Free Panda Ant Virus bricks computers! My advice: stay with MS Security Essentials or Defender.

Danger from USB drives: A newly demonstrated device has the potential to fry the USB port and possibly other components on motherboards, even the CPU!

A test for the Superfish bug is here, removal instructions are here.

Firefox vers. 36.0.1 has protection against SF, vers. 37 (current as of last week!) further improves certificate checking!

All Win 7 & 8 users can upgrade to Win10 for free – for one year (only?).

Then licensing will kick in? Home user be careful! I assume MS goes to a subscription model, that is yearly licensing. Win7 is paid for and good until Jan, 2020, Win8 until Jan 2023.
2016 is free but you would have to pay again for 2017, 18,19 (20, 21, 22).

Seagate reluctant to fix serious bug in some of their NAS drives.

More bugs in Adobe Flash Player! Per April 6 officially released version is 17.0.0.134!

Many fake Flash Player updates! Users are tricked to download and install a fake plugin that then installs a key logger to collect log in info & passwords. User beware! 

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!

Download portals (cnet.com, download.com. softonic.com et al) are huge malware slingers.

Have your DNS settings been tampered with? Test here (but know what is correct…)

Adobe's cash-less bug bounty program: Can it ever work?

Symantec splitting security (Norton) from storage business. The beginning of the end (like HP)?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

2015-03-02 WTKM Talking Points (March 2nd 2015)

Superfish (on some Lenovo laptops) is a real risk!
A test for Superfish is here, removal instructions are here.

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long term make oodles of money more than by selling the software.

More dangerous bugs in Adobe Flash Player! Current officially released version is 16.0.0.305! The catch: Many fake updates around! Mostly the user is tricked to download and install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware! 

Renewed warning: CryptoWall (new CrypotoLocker variant) spreads through advertising networks.
When you see advertisements your computer is not sufficiently protected or it is already infected with malware!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on her blog. Here is Ms. Gregoire's advice:

• If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer of.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
• Take the caller’s information down and immediately report it to your local authorities.

The supposed hack attack on French news media (after Charlie Hebdo shooting) was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!
As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table of Contents.

2015-02-02 WTKM Talking Points (February 2nd 2015)

Confirmed sensation: Microsoft will allow all Win 7 & 8 users to upgrade to Win10 for free – for one year (only?). But then the licensing will kick in? A rented operating system? Home user be careful! Microsoft does not give anything away for free; that is the first concrete step to get us all to accept a licensing model, that means yearly payments. This way Microsoft will in the medium and long run make oodles of money more than by selling the software.

New dangerous bug in Adobe Flash Player is exploited via Facebook! Current version is 16.0.0.296!The catch: Many fake updates around! Mostly the user is tricked to download/install a fake plugin that then installs a keylogger to collect log in info & passwords. User beware!

Renewed warning: CryptoWall (new CrypotoLocker variant) spread through advertising networks.

When you see advertisements your computer is already infected!It is more important than ever to have a backup routine in place AND TO DO IT!

Finally: Microsoft takes on scam tech support phone call organizations (PDF).
If MS succeeds I expect the crooks to move off-shore and do the same from India.
Microsoft Digital Crimes Unit attorney Courtney Gregoire has an article and a video about these scams on this blog.

If anyone calls you and claims to be in any way affiliated with Microsoft IT IS A SCAM!
Here is Microsoft's own advice for such a case:

• Do not purchase any software or services.
   
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
   
• Never give control of your computer to a third party unless you can confirm that it is a legitimate person you personally know and trust and/or are already a customer or when you personally  initiated a support call with Microsoft.
   
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.
   
• Take the caller’s information down and immediately report it to your local authorities.

EBKAC errors are the most common ones and no program protects against that!

The supposed hack attack on French news media after the Charlie Hebdo shooting was no attack at all. It was a simple server cockup.

In Canada it is now illegal to install computer programs without consent. Why not in the US?

375 of the 500 largest companies do not protect their web sites from typosquatters. That causes real danger when you mistype a web address in your browser. Be careful!

As usual I welcome suggestions right here in the blog.

Click here for a categorized Table Of Contents.

2014-12-01 WTKM Talking Points (December 1st. 2014)

USPS hacked. Personal data of 500,000 full time and 178,000 part time employees stolen including SSN numbers! Plus names, addresses, telephone numbers, email addresses and other information of people dialing in to one of the USPS’ call centers between Jan 1^st. and Aug. 16^th of this year. Credit card information was not compromised.

Microsoft's own language says it:

"Remote code execution if an attacker sends specially crafted packets"
"remote code execution if a user views a specially crafted web page using Internet Explorer"

Original quotes from MS bulletins for November's Patch Tuesday.
I preach for many years: Don't use IE.

New flaw in VERY IMPORTANT and ubiquitous security software got quietly patched. In this context a prominent MS security researcher said:

"It is of critical importance that all versions of Windows are updated ...”

Sad that we still need to be reminded – and sadder yet that some still don't do it.

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements your computer already needs to be cleaned!

Microsoft's newest “... Security Intelligence Report” makes it clear: Not up-to-date or expired security software does NOT protect in any way!And I thought that was a no brainer; Silly me.

Adobe pushed out its own Patch Tuesday updates. .. [they] released Flash Player fixes that squash four pretty bad flaws.

Poodle: An understandable explanation and instructions on what to do are here.

Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Win 10 Technical Preview updated to build 9879.

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

Hot off the press this morning: TheWeather Channel web site open to simple, primitive attacks if you click on any link in that web site!

2014-11-03 WTKM Talking Points (November 3rd. 2014)

The Poodle bug:

The gist of it is: SSL is buggy, outdated security (encryption) protocol and only still supplied for backward compatibility. You can protect your computer relatively easy.

An understandable explanation and instructions on what to do are here. 

Google and Microsoft will kill SSL in upcoming browser updates.

MS warns explicitly to upgrade older versions of IE. 

Windows 8 will have to be upgraded to 8.1 by Jan. 12, 2016 (See MS blog here).

Windows 10 Technical Preview got updated to build 9860.

Very big (= LONG download and install times, think hours; In a VM or an a computer with only 2GB think many hours)!

Windows 10 will probably bring significant security improvements and/or new security features.

Brace yourself, the good old password will be “reborn”. Look up Two Factor Authorization. You likely will either have to carry some gadget or a smartphone to be able to log on to your computer.

Surely sounds tedious but it's MUCH safer.

Computer prices in stores have crept up; about + $100 compared to three months ago.. Do dealers prepare for Black Friday "rebates"?

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

2014-10-06 WTKM Talking Points (October 6 2014)

Windows 10 announced. I am really impressed by the preview that I have running.

PLEASE check your Firefox web browser and Thunderbird email program for updates.
FF needs to be at least at version 32.1.2 and TB at version 31.1.2
A really serious bug in some common, standard encryption code was updated.

Shellshock bug in Linux/Unix:
At first I assumed the worst, we’d have to buy new routers. But home routers are not at risk!
We do not have to worry about Android or Apple phones from this - so far at least and if we use common sense.

If you have a cloud-enabled NAS device you are potentially at risk. Switch off remote access until the manufacturer releases updated software.
Mostly enterprise systems running Linux or Unix are at risk.
It is a good idea to check your home router for firmware updates anyway.

For-Pay Windows maintenance tools worthless

Home Depot got stripped of 56 million customers credit card data

• It ignored security warnings from staff
• It failed to update Symantec Anti Virus since 2007
• It did not consistently monitor its network for signs of attack
• It failed to properly audit its eventually-hacked payment terminals
• It's executives reportedly told pleading staff that "we sell hammers"
• Former unnamed HD security staff were so concerned of the poor state of IT systems that they warned friends to 'use cash' instead of credit cards.

JP Morgan (Chase bank plus nine! othe banks) attacked. Chase alone got stripped of 84 million customers personal data but no logins stolen. Personal data? Including SSNs? No word...

Have these banks been as sloppy as Home Depot? See above.

As I repeatedly have said: Management, management, management.

Can your account be pwned? Check on Have I been pwned? Well, HD and Chase cases probably not yet included.

Why do people create virus programs? MONEY!
CryptoWall alone cashed over six months more than $1.1 million

 

Apple Mac security programs: Only three of 18 very good, a few good. Fuhgetabout the rest. 17,000 Macs in just one botnet.

Marriott fined $600k for JAMMING guests' Wi-Fi hotspots
Posh hostel borked guests' networks to sell their pricey WiFi

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.
 

2014-09-08 WTKM Talking Points (September 8 2014)

Linksys and Cisco routers unsafe! Updating does NOT help.
Any other router: Turn WPS off (known since 2011)

Cloud Storage: Another example of lost access and no recourse.

For-Pay Windows maintenance tools worthless

“Infectious” USB drives on the horizon. So far only drives with a certain type of controller but that might change.

But they don't tell us what brand controller is affected.

14 antivirus apps have security problems.
    After finding basic boo-boos in security software researcher says vendors just don't care.
Avira, BitDefender, ESET and Panda (among others) in “hall of shame”.

The skinny: The more a security app does the bigger the attack surface –
and the more it slows down the computer.

Why do people create virus programs? MONEY!
CryptoWall alone cashed over six months more than $1.1 million

Did Home Depot get hacked? Whether yes or no,
currently do not use ANY card at any retail stores.

Firefox enhances security with new version 32. Upgrade!

Mac security programs: Only three of 18 very good, a few good. Fuhgetabout the rest.

As usual I welcome suggestions and comments right here in the blog. 
 

Click here for a categorized Table Of Contents.

2014-08-04 WTKM Talking Points (August 04 2014)

Linksys and Cisco routers unsafe! Updating does NOT help.
Cisco comment: “There are currently no known workarounds available for this vulnerability."
You could possibly switch your router to safer firmware by installing OpenWRT or the EFF's OpenWireless Router. Beware: This is not for the faint of heart!

Bitdefender enterprise endpoint security is unsafe!
Where does that leave the home user?
Remember, the company and their support are in Romania!

Cloud Storage: Another example of lost access and no recourse.

Passwords

“Infectious” USB drives on the horizon. So far only drives with a certain type of controller affected.
That will change!

New RAT (Remote Access Trojan) targets Bank of America, Citibank, Natwest, RBS and Ulsterbank (last three in GB) but there may be more.

AVG search revenue from freebie scanners dries up. Significant drop in income from search!

14 antivirus apps have security problems. After finding basic boo-boos in security software researcher says vendors just don't care. Avira, BitDefender, ESET and Panda (among others) in “hall of shame”.The skinny: The more a security app does the bigger the attack surface –  and the more it slows down the computer.

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents. 
 

2014-07-07 WTKM Talking Points (July 07 2014)

 

Security researchers despair: Users will run malware if paid as little as one cent.
This raises questions about the effectiveness of well known security advice when competing against the smallest of incentives,

Cloud storage service Norton Zone closes down. Users have until August 6, 2014 to migrate their data to other services.
My opinion on clous storage was published here.

Whether you use DropBox, Micro$oft's SkyDrive, Google Drive or any other free cloud storage service the service or your data can vanish “over night”.

CryptoLocker: The UK’s National Crime Agency (NCA) a month ago has warned people have just two weeks to protect themselves against the CryptoLocker ransomware before both return from the dead. C&C servers were temporarily down.
These 2 weeks are past by now. What have you done?
NCA hit the nail on the head when they said:

“Our message is simple: Update your operating system regularly, update your security software and use it and think twice before you click on links or attachments in unsolicited emails.”

      “An estimated 234,000 computers worldwide, half in the US, have been infected with CryptoLocker since September 2013. These infection have been used to bilk victims out of more than $27m according to FBI estimates.” 

Protection? 

CryptoPrevent from FoolishIT

CryptoGuard from SurfRight (this is what I use; but my main defense is paying attention!)  

Do you remember?
About 10 to 12 weeks ago the US government (DHS) advised NOT TO USE Internet Explorer! Update, update, update!
In Windows version you should run at least
Vista SP2 IE 9
Windows 7 IE 9
Windows 8 IE 10
Windows 8.1 IE 11

Do NOT tolerate Youtube ads! Some of them distribute malware and trojan horse viruses!

"Microsoft scam calls": Sorry but neither MS not their "partners" know that we exist.
“I am calling from Windows”; there is no company named "Windows"!

All downloads, fixes updates a.s.o. for Windows XP offered on web sites are bogus; beware!

The first file encrypting and device locking trojan horse virus on Android discovered.

Microsoft has changed their Terms and Conditions. (See here for details)
Basically
- you give up your rights to become part of an eventual future class action lawsuit and
- you agree that Micro$oft is not responsible for anything.
My personal take-away:
Don't do any business with Micro$oft, don't entrust any data to their services!

2014-06-02 WTKM Talking Points (June 02 2014)

First thing’s first: If you log in to Facebook on your computer and are mysteriously prompted to download a “unique software tool for safe and secure authentication” to your Android device, do not proceed.

If this occurs, your computer is already infected and downloading the software will infect your Android device as well. If you are seeing such a prompt you need help!

A new Trojan distributed through Facebook instant messaging and Yahoo! Messenger has claimed hundreds of victims.

Ebay data breach: Have you changed your password? Is it unique (on the whole big web)?
Ebay is very slow to alert affected customers.

Antivirus firm Avast: We got broken in to. Security guys can't secure their own computers? Oh PLEASE! Do NOT use Avast any longer! Replace it with Microsoft Security Essentials (or Windows Defender on Win 8).

Do you remember?
About 6 to 8 weeks ago the US government (DHS) advised NOT TO USE Internet Explorer! IE 8 still vulnerable; no fix yet. Upgrade to newer version!
In Windows version you should run at least
Vista SP2 IE 9
Windows 7 IE 9
Windows 8 IE 10
Windows 8.1 IE 11

AOL confirms security breach. Yes, we are in 1995 again!

Windows 8.1 Update went to Automatic Updates April 8^th. 890+MB; huge; be VERY patient!

Apple has released updates for Safari web browseron OS X fixing 22 serious security flaws.

Test if your Linksys/Cisco Routers is supported. If not you have to replace it.
"Not supported" means that the firmware is unsafe and can not be updated.

 Do NOT tolerate Youtube ads! Some of them distribute malware and trojan horse viruses!

"Microsoft scam calls": Sorry but neither MS not their "partners" know that we exist.
“I am calling from Windows”; there is no company named "Windows"!

All downloads, fixes updates a.s.o. offered for Windows XP are bogus; beware!

Yahoo and AOL hacked; serve infected advertisements!

Symantec: Antivirus (the Norton products!) is 'DEAD' – says Symantec's CEO.

US Senate slams advertisement servers for security failings.
Will anything ever be done about it?

2014-05-05 WTKM Talking Points (May 05 2014)

First thing’s first: If you log in to Facebook on your computer and are mysteriously prompted to download a “unique software tool for safe and secure authentication” to your Android device, do not proceed.
If this occurs, your computer is already infected and downloading the software will infect your Android device as well. If you are seeing such a prompt you need help!
This Android malware can:

• Intercept real two factor authentication codes sent by real service providers
• Capture any SMS text, incoming and outgoing
• Redirect outgoing calls to a preprogrammed phone number
• Capture audio by activating microphone
• Steal metadata like call logs and contacts lists

AOL confirms security breach from spam attack. Email addresses, passwords and home addresses swiped. AOL Mail locks down email servers to deal with spam tsunami; are we in 1995 again?

Windows 8.1 Update 1 went to Automatic Updates April 8^th. Be warned, that will be up to 6 updates rolled in one of 890+MB; huge; be VERY patient!

Apple has released updates for iOS and OS X operating systems fixing 19 sserious security flaws as well as some stability updates.

New hole in Internet Explorer already under attack to hijack Pcs. The bug hits all IE versions from 6 to 11, no patch yet!

      US government advised NOT TO USE Internet Explorer!

Test if your Linksys/Cisco Routers is supported. If not you have to replace it.
"Not supported" means that the firmware is unsafe and can not be updated.

Do NOT tolerate Youtube ads! Some of them distribute malware and trojan horse viruses!

"Micro$oft scam calls": Sorry but neither M$ not their "partners" know that we exist.
“I am calling from Windows”; there is no company named "Windows"!

All downloads, fixes updates a.s.o. offered for Windows XP are bogus; beware!

"Open" public WiFi-Hotspot? UN-safe by design! Do nothing requiring a password or the password could get stolen!

Michael's Crafts hacked. Three million more credit card's info stolen!

  

Search all now-public NSA surveillance docs at your leisure. See The NSA Archive.

Microsoft spells out new rules for exiling .EXEs. Adware classification regime won't tolerate privacy probes or auto-installs. Let's see what that does to PuPs.

2014-04-07 WTKM Talking Points (Apr 07 2014)

Windows 8.1 Update 1 will go to Automatic Updates April 8th. Be warned, that will be up to 6 updates. BE patient!

Apple has fixed 27 vulnerabilities in it's Safari web browser for OS X

Linksys Routers can be hacked.You own any Linksys or Cisco router? Update router firware NOW.Many common models are at danger. Test if your Linksys/Cisco router is still supported. If not you have to replace it. "Not supported" means that the firmware can not be updated any more.

Cisco fixes SIX different vulnerabilities in it's Cisco and Linksys routers! Check your router for firmware updates now if you have a Linksys or a Cisco router!

Banking Trojan Caphaw distributed through Youtube ads! If you get ANY ads when on YouTube you need to call me; you are using the wrong web browser and/or your browser is not set up for safe browsing. Firefox and AdblockPlus rule.

"Micosoft scam calls" abound. I asked one of these callers which one of our five computers he was talking about. Fun...

Public WiFi-Hotspot? UN-safe by design! Do nothing requiring a password!

Malware in hoax emails warning recipients that they may have cancer.

Microsoft Word 2003, 2007, 2010, 2013, and Office for Mac 2011 are vulnerable to a newly discovered bug in handling RTF files. No fix yet.

Banks charge Target and one of it's suppliers (of computer security advice!) in a class action lawsuits. Already $172 million damage to banks and more to come.

New ransomware CryptoDefense made programming error and left decryption key behind. Be very careful opening ANY attachments. When in doubt ask!

Search all now-public NSA surveillance docs at your leisure. See The NSA Archive.

Microsoft spells out new rules for adware classification. Won't tolerate privacy probes or auto-installs. Let's see what that does to PuPs

.

2014 03 03 WTKM Talking Points (Mar 3rd 2014)

Linksys Routers can be hacked.

Update router firmware NOW (if you have any Linksys router).
Models E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000 and E900 are at danger. Some of these models are no longer supported; that means you have to replace them."Not supported" means that there are no more updates for the firmware to fix problem!

Belkin Home Automation routers (WeMo) are unsafe.New variant of Zeus banking trojan horse virus "hides" in common picture file format (.jpg).

Again Adobe issues emergency patch for it's ubiquitous Flash Player.

You have to be on version 12.0.070

Apple fixes 10(!) major bugs in all it's operating systems.

Supposedly secure network connections could easily be hijacked.
True for iPhones as well! UPDATE!

Major upheaval at Microsoft. What will the new(?) people bring? Windows 8 fallout at work.

Banking Trojan Caphaw distributed through YouTube ads!

If you get ANY ads when on YouTube you need to call me; you are using the wrong web browser and/or your browser is not set up for safe browsing.
Firefox and AdblockPlus rule.

"Micosoft scam phone calls" abound.

I asked one of these callers which one of our five computers he was talking about. Fun...

New to computers and want to learn the basics? Try this web site.

New to the Internet? Want to learn the basics? Start here..