Patch Lady – 31 days of paranoia – day 7

Topic

New Reply

Patch Lady here with a kind reminder that at this time the release of 1809 has been paused while Microsoft investigates.  If you’ve been hit by the bu
[See the full post at: Patch Lady – 31 days of paranoia – day 7]

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

SueW, jburk07, Elly

Reply | Quote

Replies

This one looks really good.  I wonder if I can get updates monthly on a TFHaaS plan.

https://www.amazon.com/Electro-Deflecto-Unisex-Foil-Size/dp/B01I497JAM/ref=sr_1_1

1 user thanked author for this post.

OscarCP

Reply | Quote

Oh my, Latka, and what a wonderful gift for that “very special” friend this could be!

And it’s a coed model too!

Now, if we are going to discuss social engineering, I must have a degree on that from Somewhere U by now, as every year, for more years now than I care to think of, I have had to do a required course on IT security, including a lesson on the number of ways one can get abused or worse on line and even in person or over the phone. And social engineering, of course, is always one of those dirty tricks covered in that lesson. So what the Parch Lady has written in the Main page and started this thread with sounds pretty familiar to me. (Although I don’t really know about the vast majority of my still unread email just sitting there waiting for me to open it in order to get me…) Which means that I am now a totally paranoid old guy that does not thrust anyone on line he does not know really, really well. But always with that distressing idea at the back of his mind that, on the Internet, one’s interlocutor or correspondent can really be a dog. Grrrr… Arf!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Latka

Reply | Quote

“The vast majority of email in your inbox is there to attack you.”

That doesn’t sound right to me. If it isn’t a mistake, what is this assertion based on ?

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

2 users thanked author for this post.

OscarCP, b

Reply | Quote

https://gulfnews.com/news/uae/crime/two-thirds-of-emails-sent-this-year-were-malicious-1.2278892

”

Two-thirds of more than half-a-billion emails sent during the first half of 2018 were malicious, making email-based threats a popular means of cyberattack, a new report revealed on Sunday.

Based on Email Threat Report, released by FireEye Inc, an intelligence-led security company, only one-third of more than half-a-billion emails sent during the same period were considered ‘clean’. In fact, one in every 101 emails had malicious intent.”

By the time it gets to you, your ISP or email platform has probably cleaned and blocked a lot of that… so my apologies I shouldn’t have used the words “In your inbox” …rather “sent to your inbox” as a better way to put it.

Susan Bradley Patch Lady/Prudent patcher

6 users thanked author for this post.

rc primak, dlsdjh, SueW, samak, Latka, Elly

Reply | Quote

Susan Bradley wrote:

https://gulfnews.com/news/uae/crime/two-thirds-of-emails-sent-this-year-were-malicious-1.2278892

Two-thirds of more than half-a-billion emails sent during the first half of 2018 were malicious, making email-based threats a popular means of cyberattack, a new report revealed on Sunday.

The linked headline is misleading (in its use of two-thirds malicious). The actual report included spam in its figure of 68% blocked (and not actually delivered to an inbox):

The majority of emails organizations receive daily are considered spam or malicious. This point is highlighted in the data by the fact that only 32% of traffic seen was considered clean and sent through to an inbox.

Susan Bradley wrote:

Based on Email Threat Report, released by FireEye Inc, an intelligence-led security company, only one-third of more than half-a-billion emails sent during the same period were considered ‘clean’. In fact, one in every 101 emails had malicious intent.”

Yes, the report identified less than 1% as malicious.

The real message in the report is that 90% of malicious emails were phishing attacks and only 10% contained malware:

New FireEye Email Threat Report Underlines the Rise in Malware-less Email Attacks

1 user thanked author for this post.

samak

Reply | Quote

Set mail to text only — read and write.

Prohibit mail HTML.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

geekdom:

”  Prohibit mail HTML.  ”

What if one’s boss sends all the emails in HTML? As do a lot of people one wants to receive the emails from — even some whom one hasn’t even thought of, but what is in their messages is important — so one cannot whitelist them all? Perhaps you could elaborate on your comment? You might have a good point there, but it does not come through, at least to me, in that terse statement.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

My email providers give me a choice between “classic email” and “enhanced email” (or some similar description). The Classic email is text only, the enhanced allows HTML. You might check to see if you have the same options.

Reply | Quote

Thanks. I have that option only for sending email, and I prefer to send text only unless, for some unusual reason, I need to use HTML. For example when I reply to a message sent as HTML that I need to have a copy fully preserved in the reply.

But I have understood, perhaps incorrectly and that is why I would like to see this clarified, that the point made by geekdom in his entry is about blocking all incoming HTML mail, not sending it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

It stuns me time and again that many people cry out loud if the government tracks or collects some data from them, via computer on filling mandatory forms or intel services collecting data in the background – but considering they voluntarily hand over FAR MORE data about themselves to PRIVATE BUSINESS COMPANIES operating outside the counter-monitoring of democratically legitimized institutions with their checks and balances, the yelling silence and the carelessness and mindlessness is breathtaking.

Its as if you leave the house  not minding to close – not to mention: locking – the door, or getting to terms with your loved one in the bedroom and not caring for closing the window curtains first. But when the government calls for a census, the emotions spike high!

Absurd.

Marc

Reply | Quote

Kevin Mitnick is not a real hacker. He should be chief officer. Most of his exploit were minor and had minor impact. Plus his train gives zero help and some of it has tracking/hacking stuff embed in it. Beware of his training courses.

Reply | Quote

If you upload a file to VirusTotal. It is theirs to keep. I would never upload any document that has personal information.

1 user thanked author for this post.

rc primak

Reply | Quote

Remind me to blog about how you can upload the sha1 value to test rather than the file itself.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Elly

Reply | Quote

I do not know about Virus Total, but have Webroot’s “WebrootSecureAnywhere” and perhaps both do the same thing. Although WSA works in part from the Cloud, it does not send one’s files to the Cloud. As I understand it, it makes hashes of new files in one’s PC and then sends those hashes to the Cloud to compare them with those of known malware kept in their very large and up to date data base there. If it finds a match it rises a red flag and alerts the user. So it scans and compares hashes, not files and signatures, which is also faster than the usual approach of checking every file in the PC against all viruses’ signatures kept in a data base also in the PC, a data base that needs frequent updating. In my 11-year old PC it takes some seven or eight minutes to check for malware (and, if found, have options given as to how to deal with them), while in my new, faster Mac that takes between one and five minutes, depending, I suppose, on how busy their servers are at the time.

This is from an article in Quora:

” SecureAnywhere is not signature based and does not require signature updates. It does not need to scan files to make determinations, but calculates a simple MD5 hash of each file and checks those MD5s with our database in the cloud. There are no processor-intensive file scans and database look-ups like traditional anti-virus software. A simple MD5 string pushed up to the cloud is all that is needed for new files arriving on the system to be vetted. ”  ” As soon as someone sees a new piece of malware, the MD5 hash and other metadata are transmitted to the cloud, and within minutes, that information is available to every other computer running SecureAnywere, every where in the rest of the world. “

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I am the only one at the office who does not use Outlook for my email. Instead, I use a really old email program. I deliberately never set up Outlook when I installed Office 365 on my home computers since Outlook sends everything through Word.

Reply | Quote

I would be interested to know which mail program you use.

At my last job, we had to set Outlook to not use Word for composing mail as that caused problems with an enterprise system which also used Word for creating documents.

Reply | Quote

I wish what I am posting now could be applied to the general population. I have Asperger’s Disorder, a form of autistic disorder. This means for the purpose of this discussion that I don’t receive social cues in a normal way, and I miss a lot of the “conversation” in most social situations. One effect of this disorder is that I don’t get the kind of social manipulations which can rope a lot of “neurotypical” people in. Combined with a lifetime of learning to be skeptical, I have managed to avoid most (but maybe not absolutely all) social engineering schemes.

I wish I could codify what it is about me that filters out the most common scamming techniques. But I haven’t got the research or social tools to make a full accounting of what the useful differences are, and to teach people how to ignore the cues I naturally miss.

Another side-effect of my disorder is that I just don’t have much interest in social media platforms or the kinds of feeds they promote. Maybe that’s not always a good thing, but maybe my missing out is something not to be feared or disrespected by others, but something to be emulated from time to time.

More research would seem to be justified. Just don’t use me as a “lab rat”, please. I prefer genuine friendships when I can sustain them.

-- rc primak

8 users thanked author for this post.

AlexEiffel, Microfix, mindwarp, SueW, Latka, Elly, Tom in Az

Reply | Quote

Tom in Az wrote:

I would be interested to know which mail program you use. At my last job, we had to set Outlook to not use Word for composing mail as that caused problems with an enterprise system which also used Word for creating documents.

Can you explain how to do that? The office has occasional issues of Word and Excel docs occasionally locking up (can’t save them) when Outlook is running.

Reply | Quote