Wednesday, December 19, 2018

Windows 10 Patching

 In recent Microsoft blog posts, it was revealed that Windows 10 updates come in B, C, D flavours.
The B updates are the 2nd Tuesday you are probably familiar with. The C and D updates are "preview" updates of the patches, fixes, and enhancements that may or may not be released to the user base at the next B update on the 2nd Tuesday.

 Some users view this practice as releasing updates and fixes not fully tested. You can get these C and D updates by checking for updates with the Windows Update System setting. Using the Windows Update system setting is also a method of getting the latest signature updates for Windows Defender.

 In my experience in a large corporate Microsoft environment, the updates released for download are tested, just not by the entire user base. Before the recent Windows 10 quality control issues I felt comfortable and secure in the practice of checking for updates before most daily sessions on Microsoft products. I also check for updates in browsers, VPN, smart phone, routers, wireless access points, and similar.

 Your experience may differ. If so, be aware that manually checking for Windows updates can make you a "seeker" looking for the latest update to protect your environment.

 It is good practice to keep your Media Creation Tool current, take explicit restore points before any and all updates, and practice 3-2-1 backup.

 If your comfort level leans in getting the latest updates/fixes before general release, use the appropriate Windows Setting. If nor, be aware and use caution with the Windows Update setting.

 Important: Microsoft will release out-of-band updates when a serious vulnerability is being exploited. Today, December 19, is one such case. A vulnerability in current use takes advantage of a vulnerability in Internet Explorer. Applying the KB4483224 update should protect you from any site that exploits the un-patched vulnerability. The patch can protect you even if you don't use Internet Explorer as a browser.

Friday, December 7, 2018

Internet of Things Privacy risk?


 For the holiday giving and receiving, a smart device might be under a tree. If so, how Internet safe might they be?

 Baby monitors that connect to the Internet. Helpful? Harmful? Can Internet connected devices connect to your home network devices?

  Mozilla has put together a site to allow checking on the "creepy" factor of devices.


https://foundation.mozilla.org/en/privacynotincluded/


 Your privacy may vary. Using network segmentation is advised.

Apple updates everything 12/06/2018

 Remember Apple does not reveal all security fixes in updates.

 Also Real Time Text can be both helpful and harmful.

 iOS 12.1.1
 macOS Mojave 10.14.2
 tvOS 12.1.1

Tuesday, December 4, 2018

SamSam Ransomware

 I have mentioned the SamSam ransomware strain in past presentations and blog posts. Recently the Department of Homeland Security has issued several bulletins warning of a rapid rise in infections from this ransomware strain. The delivery methods vary, but the effectiveness has caused the DHS bulletins. Companies and individuals infected usually get their files back after paying the ransom and applying the decryption key(s).
 Consider taking the time now to create a backup on an external disk or device that is NOT left plugged in and available to your computer(s).

Monday, December 3, 2018

Caution - Some iPhone apps sneak in fees and charges

 Two apps are cited as being found in the Apple App store. Fitness Balance and Calories Tracker.
There may be more. The tactic employed informs the user to press and hold the Touch ID with the user's finger to identify the user via fingerprint to "unlock" features of the app. The app then uses an in-app payment request to charge the user. Since the fingerprint scanner "pre-scans" the payment request is approved.

 In a similar scam, a game lights up buttons on screen for the user to rapidly touch the flashing button. One of those buttons is an in-app purchase and approve button.