Replies

It’s about time to reign in the social media companies overzealous use of censorship to protect the public promote specific ideologies.  The best example is probably that of John Stossel, who’s now suing Facebook for defamation https://youtu.be/cCOvFLlsjI4

Recently, I suffered the wrath of Facebook for sharing a meme that poked fun at California’s new electric vehicle mandate, which made the news.  Several days later, California had another potential energy grid crisis. https://fortune.com/2022/09/01/california-electric-cars-charge-newsom/

If you’ve been around Facebook for any amount of time, you’re probably aware of their post “privacy” classification system.  You can choose the “privacy” for your posts to show to “public” (the little world icon), “friends” (the two-person silhouette icon), “friends except…”, “specific friends”, or “only me”.

Did this meme meet the condition “…the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable…“?  I think using the reasonable person rule, they’d have a difficult time justifying it.  Nonetheless…

To make the potential for liability worse for Facebook, If I had posted this meme with a “public” privacy option, then Facebook may have some legitimacy to their flimsy defense they were protecting the public from this “otherwise objectionable” material.  But they weren’t.

My meme’s “privacy” setting was “friends”.  Which means it wasn’t meant for public consumption.  It was a private conversation, between “friends”.

So, now Facebook is reaching into private conversations for it’s continued censorship promotion of specific ideologies.  Almost like the short-time delay TV broadcasters use for live events, especially sports, so they can bleep out any of FCC’s seven forbidden words.

While writing this rant, I went back to my post on Facebook, just to confirm that I had flagged it as “friends” and not “public”.  You wouldn’t believe what I discovered (or maybe you would).  The “false or misleading” banner that was covering the meme, has since been removed.  No mention anywhere in my feed, no apology, explanation, or retraction provided to their previous censorship of the post.  Nope, it’s as if nothing ever happened.  Perhaps Facebook’s now using a Triple-D (DDD) method: Defame, Delete, Deny…

5 users thanked author for this post.

Cybertooth, CraigS26, ibe98765, wavy, windbg

I can confirm it affects mapped drives.  Win Server 2019, Win 10 Pro, Excel 2013.  Gives two different errors, one it’s corrupt and won’t open.  The other is the extension doens’t match, but offers the opportunity to open this “corrupted” or “unsafe” file.

Depending on the length of the filename, it seems the problem appends all or part of the file extension to the filename field:

• CamSpecs.xlsx  shows as CamSpecsxlsx in the error messages.
• PoLow.xlsx shows as PoLowx in the error messages.

I’m certain someone at MS is counting down the days to April 11, 2023…

1 user thanked author for this post.

Microfix

In regards to temporarily toggling MFA off, setting up a new PC/laptop/phone/etc., then toggling it back on.  I’ve been curious about doing this, but haven’t yet tried.

In my case, it’s setting up Microsoft 365 accounts on new laptops.  If I toggle Microsoft’s MFA off, install the various Microsoft 365 whiz-bangs, then toggle MFA on, will Microsoft invalidate the original MFA settings, and require the user setup MFA again?  Or, will be it as if nothing happened, and the user will continue with the same old MFA process they’re currently using?

I’m hoping it’s the latter.

While Microsoft may be peddling their add-on payware, the attack surface reduction rules can be enabled with simple group policy, or not quite as simple PowerShell.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide

 

All business users should consider spplying the Microsoft Security Baselines.

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines

In fact, those with the baselines installed wouldn’t have been vulnerable to the latest 0-day in Office.

 

Microsoft doesn’t like to make it easy, so here are the GUIDs applicable to the ASR.

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rules-and-guids-matrix

 

1 user thanked author for this post.

windbg

The Global Cyber Alliance offers some great resources on DMARC (which, in turn, relies on SPF and DKIM).  They have a nice, free, web-based training portal at:

https://edu.globalcyberalliance.org/courses/understanding-dmarc

They also offer an SPF / DMARC validation tool at:

https://dmarcguide.globalcyberalliance.org/#/

Another great, free, tool to monitor DMARC reporting is:

https://app.valimail.com

 

Thanks for the link to the blog on Domain-Join Computers.  I’ve been meaning to do this for some time now.

Casey

Our method of firmware patching is linked to Windows 10 version updates.  If we’re running 20H2, and preparing to update to 21H2, we first run the manufacturer’s update application (Dell Command Update, Lenovo System Update).

Since the probability of exploit is low (remember Spectre and Meltdown), the 12-18 months between version updates is sufficient.  It also gives us a warm fuzzy feeling that an outdated BIOS/UEFI won’t contribute to any issues with newer OS revisions.

Like Microsoft’s WSUS, some computer manufacturers offer their own version of firmware update repositories where firmware updates can be managed and  deployed company-wide.

I suppose if we were more concerned, we could activate the BIOS/UEFI options to not allow firmware updates/downgrades, unless the BIOS administrator password were entered on reboot.

My Microsoft 365 Admin center didn’t have the option under the notification bell.  It was found under:

Microsoft 365 Admin Center > Settings > Org Settings > Services > Office Installation Options > Feature Updates

In the event anyone else was looking for it (in all the wrong places…)

Casey

1 user thanked author for this post.

IT Manager Geek

Just stumbled across this while searching for something else.  It looks like “Patch Tuesday” may eventually become a thing of the past.  Or, perhaps more eloquently stated, looks like we’re returning to the Wild West of willy-nilly patch releases…  Wasn’t the whole reason for “Patch Tuesday” to bring some order to it?

https://www.zdnet.com/article/microsoft-windows-autopatch-is-coming-soon-heres-what-you-need-to-know/

I’m not too certain I want or need Microsoft to push patches wherever and whenever to my business systems.  The ability to “hold” patches, using WSUS, until the kinks are worked out has saved me more than once on headaches and frustration.

One step forward, two steps back…

Casey

1 user thanked author for this post.

Pim

We use Veeam commercial backup solutions for our business.  They also offer a free Windows Backup agent.  I’ve recommended it to our users for their personal devices.  [They do require you register (create an account) in order to download.]

https://www.veeam.com/windows-endpoint-server-backup-free.html?ad=downloads

Help to install is available at

https://helpcenter.veeam.com/docs/agentforwindows/userguide/installation_process.html?ver=50

Searching YouTube, you can find some 3rd party walk through install videos if you’re the type who learn by seeing rather than reading.

The nice thing, at least I think, is it offers an easy creation of a disaster recovery / bare metal boot media to restore from.  Just another free backup solution to add to your repository of potential backup software solutions.

They also offer a free “community edition” of their backup and replication suite, which can manage backups for multiple devices (small home server and workstation setup).  It’s been a couple of years since I’ve used it.  One thing I remember is it comes with 10 licenses, but they don’t count licenses quite like you’d expect.  If I remember correctly, a plain old PC/workstation counts as one license, but anything with a server edition of software installed (Windows Server 2012R2, 2016, 2019, etc.) uses 3 licenses.  Still, it worked well for our initial needs, and subsequently lead to us purchasing the commercial version as our needs grew.

And, no, I’m not a sales rep for, nor do I receive compensation, affiliate referral kickbacks or the like.  It’s just something I happened upon while searching for backup solutions, and ended up liking the product.  Their handing out a free mini “community version” that met our initial needs, was also a factor in my appreciation for their approach.

I agree with the other comments, no need to install an app.  Use GRC and this website to generate the QR code:

https://qifi.org/

 

Newer Android phones have the option to join a WiFi network using a QR code.  Embedded in the QR code is the SSID, encryption used, the password/key, and if the SSID is hidden.

Source: https://qifi.org/

 

[Casey S]

Microsoft is pushing even harder for enterprises to apply and reboot outside of active hours.  They’ve incorporated it recently in their security baselines:

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-update-baseline-joins-the-security-compliance-toolkit/ba-p/2098482

I’ve commented to check the delay restart until grace period expires.  This give the user the option to choose when to reboot.  If they ignore it for a predetermined time (for our network, it’s 2 days), the system will then reboot.

This is a hybrid solution, and seems to work well.  Users have some say, it’s only if they delay two long (pun intended), is the choice made for them.

• This reply was modified 4 years, 2 months ago by Casey S.

Exactly.  The blurb was a bit short on details.  Did Susan mean the changes should be made on the Hyper-V host, or the Hyper-V guest(s), or both?