It’s getting harder and harder to make excuses for Microsoft when it comes to Windows 10, and they are quickly eroding whatever good will they may have sown with the free upgrades offered last year. If you weren’t already traumatized by an intentional or unintentional “upgrade” to 10, or if you happened to be one of the lucky few to walk the upgrade gauntlet (relatively) unscathed, Microsoft seems determined to make you regret installing its new operating system – let’s call it “death by 1000 annoyances.” The latest insult: many users are reporting a recent update to Windows 10 is resetting the default app assignments on their computers to – you guessed it – Microsoft apps.
Whatchoo talkin’ ’bout Woo?
One of the “features” of Windows 10 is the inexorable, unstoppable OS updates that Microsoft forces upon everyone. There are ways to trick Windows 10 into not downloading updates, and if your computer happens to be a part of a managed domain your administrator may be able to exert some control, but Microsoft has gone on record stating that giving users less control over this aspect is really for everyone’s own good. In the above case, a yet-to-be-identified recently released update from Microsoft is actually resetting choices you’ve made to your own computer to a setting that arguably benefits Microsoft. A good example of this is one that several of my clients have already experienced: instead of using Acrobat to open PDF’s, the OS is being reset to use Microsoft’s new browser, Edge – hardly a comparable substitute, especially for those that paid good money for the full versions of Acrobat. The default PDF app setting is one of possibly hundreds of default settings that Microsoft can “accidentally reset” so the annoyance potential on this “feature” is incredibly high. Fortunately it’s not permanent, and once you figure out what the heck is going on, it’s not hard to reverse. But it’s just another thorn on this once attractive, but increasingly prickly, OS rose.
I’ve put enough notches in my cyberbelt to speak with confidence on tech security and I’m reasonably sure most of you take me seriously, but it’s nice when the President of the United States backs up your message about the state of cybersecurity, especially when that message is that our work has only just begun. In a Wall Street Journal Op Ed piece published today, President Obama announced an aggressive plan to improve America’s cybersecurity profile, starting with increasing the nation’s budget on technology security to $19 billion. Three billion of that planned increase is targeted at upgrading Federal computer systems, many of which he recognizes as being woefully past due for an upgrade. And as is always the case, those computer upgrades are going to need tech-savvy hands, hopefully supplied by a tech-focused “Peace Corps” initiative and a new cybersecurity Center of Excellence which will formed as a collaboration point between the government and private sector. Some of this new money will also fund a national security awareness campaign (and you thought my password nagging was bad!). To cap it off, he is also calling for the creation of a bi-partisan Commission on Enhancing National Cybersecurity and creating a new national Chief Information Security Officer.
What this means for you:
In the short run, not much is going to change for you or your organization, even if you happen to work for or with an organization that might be first in line for Federally-funded computer upgrades. Federal programs never move swiftly, and I doubt this one will be any different. In order for any problem to be solved, it must be first acknowledged. Allocating money (however trivial it may seem in the face of our defense spend) is an important step in the right direction. Many business both big and small fail to budget for security issues, sometimes through willful denial, and most often because of a lack of understanding about how important cybersecurity has become. We all know the government regularly gets low grades on their technology proficiency – hopefully money won’t be a part of that problem going forward. The more important lesson here is that while money does help, talent, cooperation and a plan to change are crucial to developing a sound security policy, whether you are the federal government or sole proprietor.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Most of us have seen the persistent little icon in the system tray, and clicked the many variations of “Not now!” to Microsoft’s constant reminders to upgrade to Windows 10. Some of you even caved in and upgraded your computer to Winodws 10, and an even smaller percentage of you have come out on the other side mostly intact and productive. I still continue to recommend against upgrading existing Windows 7 and 8 computers without considerable caution, planning and the watchful supervision of a trained technology professional. “Cleanly” installed (either on a blank hard drive or from the factory new), Windows 10 is a good operating system that performs well but still has many rough edges, and I have seen way too many upgrade installations go south faster than geese in winter. For reliabililty and performance, Windows 7 is still very hard to beat, and is still considered the standard in enterprise/corporate technology. Despite all of this, Microsoft continues to advance its agenda of “Upgrade all the things”, and has now made the Windows 10 upgrade installer a “recommended update”.
What this means for you:
By default, Windows 7 and 8 are set to automatically check for, download and install critical security updates. There is also another option rug “Recommended updates” which is also checked, and that is where Microsoft gets its virtual hooks into your precious Windows 7 (or 8, I’m not here to judge) operating system and plants the seeds of an upgrade. If your machine is still set to download recommended updates (as it will be if you’ve never changed these settings), you will soon be (if you aren’t already) the proud recipient of a 6GB hidden folder that, if you continue to deny Microsoft the satisfaction of upgrading you to Windows 10, will reside happily on its little 6GB plot of hard drive. Forever. Removing it doesn’t help – Windows Update will cheerfully re-download it for you, to make sure your Windows 10 upgrade experience isn’t slowed down by having to download it when you finally give in to their relentless nagging.
If you have a large hard drive and “all-you-can-eat” internet bandwidth, this isn’t a problem, but for those of you with smaller hard drives (like earlier model laptops with SSD drives) or metered bandwidth, 6GB is a lot of space AND bandwidth. There are ways to combat Microsoft’s insidious peer pressure, but to truly banish the upgrade nagging, you’ll need to fiddle with registry settings or install a third-party utility. If neither sounds like an activity for which you are qualified (either in patience or technical proficiency), why not have a friendly chat with your local tech professional to discuss a more moderate, considered approach to upgrading to Windows 10? If you are a business professional that uses Windows-based computers, its a bridge you will have to cross at some point, but you should do it on your own schedule and on your own terms.
Microsoft made a major splash a few years back when they announced that the NFL would be using the Surface tablets on the field and in the locker room for various aspects of team management. Up until now it really only caught the media’s eye briefly when commentators mistakenly identified the Microsoft tablets as Apple iPads, a stinging verdict on the strength of both Microsoft and Apple’s branding. Unfortunately for Microsoft, the Surface tablets were correctly identified this time at the recent AFC Championship game between the New England Patriots and the Denver Broncos. Unfortunate because the Patriots were experiencing technical difficulties with the devices at a crucial moment in the most important game of the season. As you’d expect, the internet had a field day with this, even though the the technical difficulties were quickly overcome, and the Patriots carried on.
What this means for you:
Rather than taking an easy opportunity to poke fun at Microsoft as you might expect, I’m more interested in making sure everyone grasps the more important lesson here. Even though the Surfaces had become an important part of sideline operations during a game, the Patriots were able to keep moving forward with their critical processes because the Surface tablets weren’t a single point of failure in the complex workflow of team and game management. Are there parts of your business or organization that depend on a single point of technology that, if it failed, would prevent you from executing on critical processes or tasks? Always have a back up plan, both in the literal sense (as in: Back up that data!) as well as the figurative. Important presentation tomorrow that you’ve only stored on a single thumb drive and nowhere else? What would happen if that little thumb drive accidentally fell out of your pocket while you were on the way to the big meeting? When it’s game day, make sure you have more than one way to get the ball into the end zone!
It’s a new year, and I’m sure every one of us made at least one small promise (if only whispered to ourselves at 12:01am on Jan 1) to be better or do better at something this year. I can help you out with an easy one that will definitely improve your security profile, and I’m pretty sure a safer you = a more healthier you (at least digitally).
Let’s talk about the foundation of personal security: the Password.
Change that password. You know the one. The one you use everywhere. Change it! Make it hard. There are dozens of methods for coming up with one. Here’s one:
- Pick your favorite quote (or one you have memorized), use the first letter from each word. How about, “Twas the night before Christmas” which gives us “Ttnbc” – 5 characters, a good starting point.
- Randomize the capitalization in a way you can remember. How about reverse camel caps? “tTnBc”.
- Since we need 8 characters minimum, let’s add two numbers, and since we’re talking about Christmas, let’s add “24” on the end (or the beginning, it doesn’t matter).
- And we need a special character, how about the “@” symbol which looks like a Christmas ornament.
So now we have “@tTnBc24”. You’ll remember it because you created a small story behind the password, which will make it memorable. But Chris, you always say to use a unique password for every account! No problem, here’s how you do that, while still making every password you create memorable:
- For every unique account password you need to create, pick a string of 3 or 4 letters based on the name of the account (however you remember it, company name or type) – let’s say the first 3 letters, and always use the same rule. So for your Chase bank account, you’d add “Cha” somewhere to the password, either beginning or end.
- Before you tack it on the end of the password, pick a symbol that will act as the glue (or divider) between your specific account divider, let’s just say “+” because that makes sense right?
- Now you have “@tTnBc24+Cha”.
WARNING: if anyone ever gets ahold of more than one of your passwords generated via the above method, they may spot the pattern right away, especially if the account is known for each password, making it relatively easy to guess other account passwords. My recommendation here is to not use this method with passwords that you have to share with other people (it will be obvious if they see more than one). For those, use a random generator and store them in a known secure password utility, such as LastPass, KeePass, Dashlane or Roboform.
Use the above method for the accounts you access frequently, but don’t want to lower your security because of how valuable they are. Examples should include your email account (especially the one you use to send password resets/reminders to), anything that is attached to your money, accounts that has sensitive private information like insurance websites, and, most importantly, all of your social media sites, especially any in which you interact with friends and family.
If you are wondering if a password you’ve used in the past has been exposed, you can check https://haveibeenpwned.com if you know the email address to which the account was attached. This website is essentially a giant database of all the known data breaches over the past couple of years. If your email address raises a red flag, you should change the password you used for that account, especially if you used that same password elsewhere.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Back in 2014 Microsoft announced that in 18 months it would cease to support older versions of Internet Explorer on currently supported operating system platforms. As of January 12th, Microsoft is making good on that promise and will only support the latest version of its web browser on supported OS’es. You might think that this will mean less zero-day exploits of older versions of IE (one of the biggest security risks to date) because people will be forced to abandon the older browsers, but not so fast! Microsoft is trapped within their own doublespeak, and the catch is “lastest version of IE released on a particular supported platform”.
What on earth does that mean?
If you happened to only skim (instead of read) their 2014 announcement or the news stories released this week about this new policy, you might have come away with the impression that Microsoft was finally dropping support for older versions of IE, namely 6, 7, 8, 9 and 10. Depending on your business need, this may have been cause for celebration or hair pulling, but a slightly deeper dive on this tells a less draconian tale. In a nutshell, depending on the operating system, some older versions will still be getting patched and updated, but only because the newer versions of IE were never officially released on a particular OS. Still confused? That’s OK, it’s Microsoft, so just shrug and take away the following:
- Microsoft will still be patching older versions of Internet Explorer as far back as version 7, but…
- Patches for versions 7-9 are likely to be hard to get, if not near impossible for normal consumers.
- Don’t use older versions of IE unless you have a compelling business restriction that prevents the use of IE 11.
- Businesses relying on websites that require the use of older versions of IE should be upgraded ASAP. You are putting your employees/clients/customers in danger.
- Remember #3? If you have to use Internet Explorer, you should be using version 11. It has competent backwards-compatibility capabilities that should work with websites that require older versions of IE to function.
Reports are streaming in of Dell customers being targeted by scammers pretending to be Dell support staff, leading many in the industry to wonder if the computer manufacturer has been hacked and their customer database stolen. The con artists are phoning Dell users and gulling the victims with convincing information about equipment and service records that should only be known to Dell. After the fake support techs gain access to their target’s computer, the usual scare scam follows, intimidating users into paying for virus removal, performance tuning, etc. This may have been going on as far back as May of last year, but with reports flooding Dell’s actual service desk, they are finally admitting it’s a problem without confirming whether any data has been stolen.
What this means for you:
Unless you’ve hired a company like C2 to monitor your equipment and network, it’s extremely rare that a company like Dell or Microsoft will call someone directly to fix a problem, especially if you didn’t initiate the interaction from the onset. While manufacturers like Dell do actually ship some of their models with software that can perform monitoring and remote access, they aren’t actually in the business of monitoring the millions of computers they sell. The same is true of Microsoft – they have support desks, but proactively contacting customers about problems on individual machines is just not something either company will do. Anytime you receive a call like this from someone you don’t know, your best course of action is to disengage immediately and contact a trusted technology professional. If you are feeling cheeky, you can try to get a callback number (they may actually give you one) and get someone like C2 to vette the caller. Ninety-nine times out of 100, it’s going to be a scam. Don’t waste your time on these con artists, and always get a second opinion before acting on an unsolicited technical support call.
Image courtesy of Miles Stuart at FreeDigitalPhotos.net
Though it may feel like it some months, I don’t intend to write about doom and gloom every week on this blog. Scattered in among the zero-days, hacks and malware infections are a handful of articles you don’t want to miss. As you prepare to wind down the year and check off your various lists, why not add these to your to-do’s and give yourself the gift of a more secure technology infrastrucure!
- How to be a secure mobile citizen – ’tis the season for travel. Take a refresher on traveling safely with your mobile technology.
- Cheap technology not always a great buy – the same goes for gifts for yourself and others. You get what you pay for!
- Backups more important than ever – If I didn’t regularly remind you to back up your data, you’ll know something is very wrong with me.
- User, heal thyself! – Sometimes your technology falls down. This is how you can pick yourself up.
- Security 1-2-3 – If only security was as easy as…
- Understanding how your internet works – It’s nearly 2016. Don’t you think it’s about time you learn how your internet works?
- Email’s growing problem – part 1 of a 3-part series on taming the email beast. Let me email it to you!
- Can your business survive an internet outage? – El Nino is here! Your internet provider is not ready, but your business can be!
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Looking for a small gift for the technophile in your life? These are my recommendations for this holiday season:
- Portable Battery Charger: At least one person on your gift list spends their day on the move, whether at work or play, and probably spends the back third of that day babying their mobile device’s dwindling battery while desperately looking for a convenient AC outlet. Give them one of these chargers for their daily carry and they can work or play into the wee hours of the next day without being tethered to a wall socket. They are small, light enough to carry in a jacket pocket and will quickly charge just about any USB powered device and then some.
- Brightly colored, extra-long Lightning charging cable: Everyone and their mother’s brother has an iSomething at home, and you can bet their one power cord is one tug away from an electrical disaster. Why not get them something that is hard to miss and long enough to use comfortably while being plugged into an inconvenient power source? If they have an older model iPad or iPhone with the older connector, this will work for them. Sadly, the color choices aren’t nearly as festive. If they hail from the Android side of the fence, these swanky cables will work for micro-USB devices, and these will work for the ones that come with the new-fangled Type-C connectors (the new Nexus phones, for example).
- Portable 4-port Wall Charger: The best holidays are spent with friends and family, and you can bet a full house will have its share of dying mobile devices looking for a charger. These handy devices are compact with a folding plug for easy storage and portage, and can provide a quick, safe charge for up to 4 devices and with minimal wall-wart eruptions.
- Chromecast TV: Small enough and cheap enough to put one on every HDMI TV in the house, and capable of playing content from both Android and iOS devices. Small warning, they will need Wi-Fi, and cat videos are even more awesome on a big screen in your living room. If you are more into music, they make an audio-only version as well.
- I call this the “Gadget Hound Night Stand Sanity Saver“: Some of us keep our phones and tablets on the night stand by our bed. Every single one of us has at least one charging cable dangling on or about our work space. This handy gadget provides charging for up to 4 USB devices, two AC outlets and a convenient stand that works perfectly for phones or small tablets, and is right at home by the bed or on your desk. Why not have one for every night stand in the house, so your family and guests can charge up right where their devices work and sleep?
- Waterproof Bluetooth Earbuds: While perhaps a little steep for a stocking-stuffer, these might be the perfect gift for that special, active person in your life. I personally find music, audio books and podcasts to be great motivators while engaged in labor-intensive but otherwise mindless endeavors (exercise, yard work, house work, etc), but I hate getting tangled in the cord running to my smartphone. Bluetooth headphones allow you to cut the cord without sacrificing quality audio, and they can double as a headset when the inevitable call comes in right while you are in the middle of your activities.
I really wanted this holiday season to be one of joy and goodwill towards all people, but it seems like the black hats will never rest. Let’s just get the ugliness out of the way: VTech – maker of tech toys for kids – has suffered a data breach that has exposed over five million customer accounts, and worse still, over six million child profiles. As per the usual, it seems that the Hong Kong company initially tried to downplay the breach by omitting any numbers or that kid’s profiles might be at risk, but eventually came clean as word began to spread. Even after announcing the number of people affected by this breach, VTech continued to spin the incident and tried to downplay the extent of data leaked, despite proof provided to the media that the data exposed included a year’s worth of chat logs and childrens’ profile pictures, which were uploaded to VTech’s Kid Connect service, a supposedly secure social media platform that parents can use to chat with their children through VTech’s tablets.
What this means for you:
It’s not clear yet when VTech (if ever) will take action and contact the affected families. Hopefully you will know whether or not you’ve purchased an internet-capable VTech toy for your child and set up the Kid Connect service. The information exposed in this hack has not been released to the internet, and the hacker behind the breach says that the info that was shared with the press to expose VTech’s poor security practices, but that’s not to say that it won’t eventually be released. As a parent, you should be mindful of any activity that involves exposing confidential information about your children on the internet (including Facebook!) and this will continue to be more important as more and more toys become increasingly sophisticated, connected and complex. According to VTech’s own admission, they were unaware of the security breach until the media contacted them for comment. As a business owner or manager, that is one nasty surprise you don’t want as a holiday gift. Make sure you have a good understanding of what confidential information you do store, and make sure it’s wrapped tight and kept safe, if it has to be kept at all.











