Ask you to give them remote access to your computer — which lets them access all information stored on it, and on any network connected to it
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
31 days of Paranoia – day 31
First off a bit of Halloween humor seen on a twitter post… someone was saying they were dressing up as “Outlook”. Their costume was to wrap themselves up in a translucent shower curtain with a sign that said “Not Responding!”.
I think we all can relate to that.
So as I’m here at the front door (dressed up like Supreme Court Justice Ruth Bader Ginsburg I might add) waiting for the trick-or-treaters let’s end our 31 days of paranoia with one more post of resources:
Places to go to get help – especially for Windows issues.
First off – and above all – this site. Specifically the Forums on this site. There is nothing that helps better than someone else saying “gee I don’t see that here”… or “yes, I’ve had that EXACT same issue and here’s how I fixed it!”. When you have no other machine to compare to, you tend to get a bit paranoid thinking that attackers are making your machine freak out when it might just be… well… patching or anti virus scanning or something third party making it freak out.
Next I’d recommend something that makes me shiver… and not just because it’s Halloween and I’m listening to the Amazon Halloween playlist (It’s playing Michael Jackson’s thriller right now). Twitter. Yup Twitter. I am lately finding that you can get one on one help when you direct it to a corporate or official twitter account. There is a list (it might be a bit outdated) of official twitter aliases, and their official support alias for Microsoft is https://twitter.com/microsofthelps
You can direct message them and get communication back. The reason it makes me shiver is I find that twitter is too narrow of a channel and the knowledge or solution doesn’t often get exposed like it does in a forum venue.
If you are an IT pro kind of person, I’m finding that Microsoft employees respond pretty good on the Techcommunity venue.
Also make sure you have at least SOMETHING that can get to google. The best way to fix a Windows machine is a working computer or device and a search engine. There are so many times I’ve fixed something scrolling around a page on my iPhone.
Now just so you don’t think I’m going to end the 31 days of paranoia in a happy spot here are some parting trends to worry about:
Crypto mining attacks are trending. The bad guys get on your machine and use the excess CPU to coin bitcoin. So they don’t want to steal your credit card data, they want to use your computer to make their own money.
Smaller more targeted phishing is on the rise.
Attackers that set up Office 365 relay rules and then hide the fact that they’ve taken over your email box.
And with that we close this month of paranoia. Going forward I’ll still throw in a paranoid post or two…. just not as often as one a day.
-
Patch Lady – 31 days of Paranoia – Day 30
Today’s topic on paranoia is about resources to keep yourself aware and secure. Besides this site (obviously) here are some other resources I recommend:
Information for businesses:
So what do you follow that keeps you aware and secure?
Edit: I am gobsmacked. I indeed should have included the following:
-
Patch Lady – 31 days of Paranoia – Day 29
Today’s topic of paranoia is one that I’m already paranoid over. While 2017 had the largest number of public data breaches, there is a bigger risk that I’m concerned about. That of the data breaches that we aren’t aware of. Just about every day I hear on the radio or TV an ad for identity theft monitoring services that tout the ability to search the “dark web” for sensitive information. I chuckle a bit a that because for something to be truly found on the dark web, then it’s no longer “on” the dark web but exposed as a known breach. I don’t buy for one minute that these identity theft companies have the ability to see into the dark web before the bad guys find ways to obfuscate it again.
I’m paranoid that we’re always going to be one step behind the bad guys, with our financial institutions (who already have proven that they can’t be trusted) making security decisions that are good enough. Good enough for their bottom line, but not good enough for our data. I’m paranoid that our legislature won’t understand the cyber issues well enough to ensure we have laws in place to disclose breaches and protect our data.
So? Are you as paranoid as I am? Do you think we’re doing enough to protect our financial data? What do you think they should do to make it better?
-
Patch Lady – 31 days of Paranoia – Day 28
Today’s paranoia topic is about hardening Windows… and specifically if Windows 7 is really more or less secure than Windows 10.
For all that people do not like about Windows 10 privacy (or lack of) settings and telemetry, Windows 10 does have much more hardware based security that can be enabled than Windows 7 has.
But therein lies the problem, many of this security goodness only kicks in if you have the right hardware, and the right operating system and the right knowledge to set it up right. Take credential guard for example… it’s only in Enterprise sku. Others like attack surface reduction rules only kick in as well with the Enterprise version. 1809 was supposed to get block suspicious behaviors but it was pulled at the last minute.
So whenever you hear that Windows 10 is the most secure version of Windows ever… it is. But…. depending on the version you have, you may not get all the features.
One thing you can do is to “harden” the operating system by uninstalling any software added by the vendor during the OEM process you don’t use, or better yet, reinstalling the operating system from scratch before you use it. Then you can use various tools to “de bloat” the games and other items from the operating system as well as possibly disable services.
But I don’t recommend following that guidance without making a solid backup of your system before you start tweaking and making changes.
So is Windows 10 the most secure operating system ever? Sure. But like most things in security, it takes work and nothing right out of the box is as secure as it can be.
-
Patch Lady – 31 days of Paranoia – Day 27
I apologize in advance if I’m a bit controversial tonight. In the last several days we’ve had horrific things occur in the United States and I think some of this bad stuff going on… or perhaps all of this… is enhanced by social media. I have posted in and on online forums for many years and remember the days of nntp and newsgroups. There were always good places to hang out and not so good places to hang out. The anonymous nature of technology tended to encourage some folks to be a bit too brutal, a bit too honest, and a bit… well.. just too much.
Fast forward twenty years to where twitter, facebook, Instagram and other platforms are deemed “mainstream” and I think the same issues we saw twenty years ago in the newsgroups – that where communication is broken down – is now in our daily lives. And now what used to be a small small group of folks that you could easily ignore is now a much larger problem in society.
In 2016, this page indicates that 87% of kids have witnessed cyberbullying. Wow. I wonder what that statistic is now.
So I challenge all of us.. .including me, to do something tomorrow. Instead of using technology tomorrow, glance up at another human being and say Hi to them. Keep your phone in your pocket and technology away from your fingertips and your head up tomorrow.
Consider this an online hug from me, and here’s hoping something can be done.
-
Patch Lady – 31 days of Paranoia – Day 26
Our next topic of paranoia is one that there is more paranoia than there is reality: Being concerned about automobiles being hacked. Sure there are headlines about attacks and threats, but is there truth and fact in these attacks?
To be fair there is ample evidence to be concerned about the risks. There have been clear demonstrations of cars taken over and remotely controlled. But to be clear these hacks occurred after a long period of investigation. The risk of cars…to me… is no different than the risk of the internet of things. We have devices that you don’t normally think of needing updates and patches. We have devices that are probably hard to patch (one doesn’t normally think of rebooting a car does one?) We have a thing that most of us can’t service ourselves and must rely on the vendors and “consultants” (car dealers and mechanics) of varying quality that we have to rely on.
Don’t get me wrong, I love the idea of driverless cars, of technology that can drive me automatically to where I want to go, of technology that will ensure that we can be mobile at any age of our lives. But with every technology we build, there are always people that will want to make that technology not work.
So when you buy a car and there is technology under the hood, ask about how that technology gets serviced. Is it over the air patching? Do you have to take the car to the dealer to get boards “flashed”?
It’s time to ask hard questions of all of our vendors.
-
Patch Lady – 31 days of Paranoia – Day 25
How many times has this happened to you? You get a call and the person on the other end of the phone says you have a problem with your [computer, iPhone, apple device, technology]. They usually say that your device is alerting them that it is full of viruses.
Their goal? To either get on your machine or get your credit card from you and then steal money from you. As noted on this FTC page,
The scammers may then
Try to enroll you in a worthless computer maintenance or warranty program
Install malware that gives them access to your computer and sensitive data, like user names and passwords
Ask for credit card information so they can bill you for phony services or services available elsewhere for free
Try to sell you software or repair services that are worthless or available elsewhere for free
Direct you to websites and ask you to enter credit card, bank account, and other personal information
How many of you try to play along and keep the scammers online? I know some folks that purposely keep a virtual machine around and let scammers log into that and pretend to be really really dumb in regards to technology to keep the scammers online as much as possible. I have often dragged them along for a time and then finally asked them if they feel right scamming people. They promptly hang up.
If you’ve let them on your system, make sure you scan your system with an antivirus program. Cancel credit cards if you gave them any financial information.
But just know that Microsoft never calls you, unless you’ve called them first.
-
Patch Lady – 31 days of Paranoia – Day 24
Today Tim Cook spoke at a Privacy conference and asked that we set new policies for privacy.
He asked for four things:
1. the right to have personal data minimized;
2. the right for users to know what data is collected on them;
3. the right to access that data;
4. the right for that data to be kept securely.
Online tracking is a big problem. Big data is a big problem. I always say if you don’t pay for something, you are the product.
[embed]https://youtu.be/kVhOLkIs20A[/embed]What do you want from your vendors in regards to privacy? But can we trust our vendors to do the right things in regard to privacy? Or should we push for more than even what our vendors what?
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 44 minutes ago
-
How Much Daylight have YOU Saved?
by 3 hours, 46 minutes ago
-
A brief history of Windows Settings
by 2 minutes ago
-
Thunderbolt is not just for monitors
by 1 hour, 3 minutes ago
-
Password Generators — Your first line of defense
by 2 hours, 52 minutes ago
-
AskWoody at the computer museum
by 42 minutes ago
-
Planning for the unexpected
by 1 hour ago
-
Which printer type is the better one to buy?
by 1 hour, 2 minutes ago
-
Upgrading the web server
by 3 hours, 17 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 18 hours, 32 minutes ago
-
Creating a Google account
by 17 hours, 17 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 23 hours, 41 minutes ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 10 hours ago
-
AI *emergent misalignment*
by 1 day, 12 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 10 hours, 13 minutes ago
-
Trouble signing out and restarting
by 12 hours, 35 minutes ago
-
Windows 7 MSE Manual Updating
by 1 day, 20 hours ago
-
Problem running LMC 22 flash drive
by 19 hours, 11 minutes ago
-
Outlook Email Problem
by 19 hours, 17 minutes ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 2 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 1 day, 19 hours ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 1 day, 19 hours ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 2 days, 20 hours ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 2 days, 20 hours ago
-
Sysprep issue
by 2 days, 20 hours ago
-
Android Security Bulletin—March 2025
by 2 days, 22 hours ago
-
23h2: PIN TO START randomly available on right-click
by 2 days, 23 hours ago
-
Microsoft Defender
by 3 days, 4 hours ago
-
New Laptop-Another ?
by 2 days, 22 hours ago
-
Global USB power controls
by 2 days, 9 hours ago
