Horowitz: New modem security is a disgrace

AskWoody_MVP @Michael432 tweeted last week:

Someone I know just got a new #router and modem from Spectrum. Security was a disgrace. Default router userid/password was not changed. #UPnP enabled. #WPS enabled. You are on your own. I can help at http://RouterSecurity.org

Martin Boissonneault responded:

UPnP is not evil. If it is not available from the WAN side, it’s acceptable in a residential setting. I use it myself in the form of UPnP2 (from memory). I blocked usage of some ports, but it is more convenient. Of course, I _know_ every device attached.

As for WPS, well, I don’t and won’t enable that. Ubiquiti’s AP does not even offer it. Since WPS is vulnerable over Wi-Fi, that should be default off. But if they think in terms of support costs, they will turn it on as well as UPnP…

Costs vs accountability!

And Michael again:

Bingo! WPS and UPnP are enabled by default to decrease support costs. Fewer phone calls. There are multiple flavors of WPS, some routers let you chose which flavors to use. One type is perfectly secure.

Care to join the discussion?

Patch Lady – Managed Service Providers targeted

Recently I did an article on CSOOnline about how MSP’s have been targeted lately in attacks in order to gain access to clients.  They didn’t use the video over on the CSOOnline website, so I asked if I could post it elsewhere.

Click here to download the video.

If you use a consultant or a managed service provider, ask them if they use Multi Factor Authentication on their administrator accounts.  If they say no, ask them why not?

More problems with Windows patches breaking older Access databases

Susan Bradley noted over the weekend that all of this month’s Windows patches break some Access 95-era Jet databases. That’s been acknowledged by Microsoft in all of the Knowledge Base articles.

Now an anonymous poster here on AskWoody has raised the cry about a second kind of old-fashioned Access database problem. NSch_L gives the details on the Microsoft Answers forum:

Problem with Access database after KB 4487017 [February’s Win10 version 1803 cumulative update] and KB 4487026 [this month’s Win10 1607/Server 2016 cumulative update]

We use an Access 97 database for our applications as a master database, so we can easily destribute this to customers. We access this master database using Adox to get the tables and columns (fields), compare it to the live SQL database and make changes where necessary.

Since the patch, we are getting errors when requesting the columns for wider tables. We are using an Adox.table and then use the .columns. When doing this for tables with more than 128 fields (exact number not sure) give error 3251 “Object or provider is not capable of performing requested operation”.

This is causing all kinds of problems.

It’s easy to click your teeth and tell these people that they should’ve upgraded their databases to a newer format about a hundred years ago. But it doesn’t work that way. Many of these older Access databases run drive key line-of-business apps that, for many reasons, can’t be changed without a complete re-write.

That isn’t as… incompetent… as it sounds. Remember when Microsoft apparently lost the source code to the 32-bit Equation Editor, back in November 2017? People in glass houses, etc.

If an advanced government-sponsored hacking team is out to get you, kiss your keester goodbye

Security research firm Crowdstrike just published a report that should bring a chill to the heart of anyone working in security for a large firm or organization. They found that the “breakout time” — the amount of time from first penetration of a network to completely taking it over — varies depending on the source of the attack. If you’re up against an attack from one of the advanced Russian APT groups you have, on average, under 20  minutes to discover the intrusion and plug it.

Twenty minutes.

It is quite remarkable to see that Russia-based threat actors are almost 8 times as fast as their speediest competitor — North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China.

So if you’re getting attacked by a Chinese APT group, on average, you have five hours to knock them out.

You have to sign up in order to get the report, but it makes very interesting reading. The graphics alone are worth the price of admission.

(Bear = Russia, Chollima = North Korea, Panda = China, Kitten = Iran, Spider = ecrime groups)

Thx Catalin Cimpanu, ZDNet

Server 2016 LTSC patches take for-e-ver. There are numerous reasons why – and not much you can do about it

AskWoody reader (and Server expert) @alQamar has discovered a very disconcerting pattern when updating Server 2016 LTSC Core and LTSC GUI machines.

An update to Server 2016 LTSC can take ten times as long as a similar update to Server 2019 LTSC.

There are tons of reactions about Server 2016 and Client being slow updating. While most reliability issues have been fixed by today – update speed has not, not even with the latest Servicing Stack Update 02-2019

Click on the Comments link up at the top to read Karl’s full original description.

Woody’s Windows Watch: Dispatches from the browser-war’s front lines

Internet Explorer isn’t a web browser. According to Microsoft, it’s been demoted to a “compatibility solution.”

Edge has some big fans, very few users — and it’s about to get a heart transplant.

Chrome’s the crowd pleaser, but one hare-brained idea (recently rescinded) has to give you pause.

Firefox keeps on foxing, but in terms of usage numbers, it can’t get a break.

What should you do?

Out this morning in AskWoody Plus Newsletter 16.6.0. Now available – yes, for free — on AskWoody.

LangaList: Should you trust a hard drive after a major error?

Tough question. No easy answers. But there are lots of ways you can diagnose a suddenly disruptive drive.

Fred Langa with money-saving advice to fix (or accept!) a problem we’ve all encountered.

Out this  morning in AskWoody Plus Newsletter 16.6.0. Now available – yes, for free — on AskWoody.

Patch Watch: February Patch Tuesday and yet more problems with the new Japanese calendar

Patching insight from Patch Lady Susan Bradley, including an overview of this month’s voluminous Windows, Office, .NET, and other patches.

If you’ve been following along, you know that Microsoft has had a wretched time fixing Windows and Office so they’ll work with the new Japanese date system. Here’s what’s going on — and why there’s so much energy being devoted to fixing the furshlugginer thing.

In the new AskWoody Plus Newsletter issue 16.6.0 – out this morning. Now available – yes, for free — on AskWoody.