|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
Patch Lady – 31 days of Paranoia – Day 15
We’re on the 15th day of our travels through paranoia and on the day that Paul Allen, one of the founders of Microsoft passed away, I’m touching on the next big disruptor that the Microsoft company is increasingly implementing: That of cloud services.
Paul Allen and Bill Gates took mainframe computers from locked away in a freezing room only accessible by the few to where nearly everyone has more power in their desktop and laptop than the old mainframes used to have. The next disruptor is cloud services. Especially for small firms, my biggest fear for small businesses that rely on cloud computing is that we won’t get solid guidance on how best to secure and deploy cloud services.
Too often people see cloud services as easy to set up, and they are, but they don’t take the time to think about security. I have personally seen where users of cloud services will often share credentials to another person without thinking of the risk of sharing credentials. I’ve seen where consultants can misconfigure settings or – as often seen in big cloud breaches – leave files in cloud locations and not set the file security properly.
There’s a lot of good things about cloud services. And then there’s a lot of risks to cloud services. Always ask and check on how easy it is move FROM a cloud provider, check on the encryption status, check on the backup status. And these days I’m seeing more and more vendors providing cloud backup solutions to give users more granular options in restoring files saved in the cloud.
So read those end user license agreements, and ask questions of your vendors before you sign up.
-
Patch Lady – 31 days of Paranoia – Day 14
If you have a bit of time on your hands, take a stroll through the FBI’s most wanted for Cyber security attacks. You’ll find Russian hackers targeting our elections as well as one gentleman who
is allegedly a North Korean computer programmer who is part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history, including the cyber attack on Sony Pictures Entertainment, a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars, and the WannaCry ransomware attack that affected tens of thousands of computer systems across the globe.
Park was alleged to be a participant in a wide-ranging criminal conspiracy undertaken by a group of hackers employed by a company that was operated by the North Korean government. The front company – Chosun Expo Joint Venture, also known as Korea Expo Joint Venture – was affiliated with Lab 110, one of the North Korean government’s hacking organizations. That hacking group is what some private cybersecurity researchers have labeled the “Lazarus Group.” On June 8, 2018, a federal arrest warrant was issued for Park Jin Hyok in the United States District Court, Central District of California, after he was charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud (computer intrusion).
The NHS was impacted to an estimated 92 million pounds (assuming I have my monetary naming correct). The disturbing concern of WannaCry was that most were impacted by the ransomware attack due to the fact that they had not installed updates to protect from the Eternal Blue exploit. The patch was available but many had not yet installed it for various reasons.
Yet today we are in a position where many are concerned to patch as well. Vendor drivers were inadvertently pushed out this week causing some to lose audio (1) and blaming patching as the root cause. This is now the second such driver related issues with this month’s patching (Woody already posted about the first). This still gets back to a root cause of loss of trust. If we cannot trust our vendors, we will place ourselves in a position where cyber villains can get to us.
(1)https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109
Earlier this week, Intel unintentionally released version 9.21.00.3755 of the Intel Smart Sound Technology (ISST) Driver through Windows Update, and inadvertently offered it to a range of devices running Window 10 version 1803 or 1809. If your device contained a compatible audio driver, the new driver overrode it and caused audio to stop working. -
Patch Lady – 31 days of Paranoia – Day 13
Today I want to review browsers and application safety. On the heels of Woody’s post about the Microsoft Store offering it’s wise to add a healthy dose of paranoia when surfing and picking software to install on your system.
The FBI put together a video to warn those running for office to not be tricked into running or installing malicious code on your system. As noted in the video when you install your browser, you want to check it’s settings:
Disable autofill, remembering passwords, and browsing histories.
Do not accept cookies from third parties.
Clear all forms of browser history when closing the browser.
Block ad tracking.
Enable ‘do not track’ requests to be sent to websites.
Disable browser data collection.
When certificates are requested, ensure the browser requests your permission to provide them.
Disable cache (or storing) of web pages or other content, or set the cache size to zero.
Enable browser capabilities to block malicious, deceptive or dangerous content.
And while you are checking out your browser, there are a couple of new kids on the block that you might want to check out. Both have a musical name…. Opera is one…. Vivaldi is the other.
Check them out!
-
Patch Lady – 31 days of paranoia – day 12
We are at day 12 of our month long trip through paranoia. Today our topic is about routers and specifically router hardening. No matter if your router is provided by your Internet Service Provider or you purchased it, there are a few steps to take to ensure that you are as secure as you could be. Many of these steps are covered in this FBI video.
First if the router is provided by your ISP, often they enable guest access. I make a rule to find the section of the router that Comcast enables their allowed access and disable it. Next I reset all default passwords of the router and ensure that the router can not be accessed externally.
Then I ask myself… how long have I had this router? If you can’t remember when your ISP provided it to you, or when you purchased it, it’s time to contact your ISP and inquire about a hardware upgrade. Often you need a hardware upgrade, but they forgot to tell you that you need a replacement.
Review your wifi security settings and ensure that they are as secure as they could be. Ensure they are set to be at least WPA2.
Routers can be used by attackers in all sorts of ways. As noted in the video:
Bad actors could watch your Internet traffic and see or steal your sensitive data.
Bad actors could send a simple command to your router and permanently disable it.
Bad actors could use your router to launch a network attack on another device.
Time to review how your router is setup and how secure it is.
How well is yours set up?
-
Patch Lady – 31 days of paranoia – day 11
Patch Lady here with paranoia of day 11. Have you ever checked to see if your password has been discovered by attackers and is known by them? There is a site called “https://haveibeenpwned.com/” that has accumulated many email addresses and passwords that have been in data breaches. The site checks to see if any password of yours has been discovered. Recently Brian Krebs has had several stories about how phishing emails have been sent with old passwords being used in the email to frighten you into thinking the attackers had some information about you.
Pwned or being owned, is slang for the process of taking over your account. The database showcases the sites and databases that were exposed in databreaches. You can then think of all the times you used THAT password on a web site and determine how many sites might be compromised. Better yet using a password management program can ensure that you can use strong passwords or passphrases. Changing passwords and adding multi factor authentication is one of the key things you can do on any cloud service you are concerned about.
So? Did you find your passwords have been breached?
-
Patch Lady – 31 days of paranoia – day 10
Patch Lady here – I wasn’t going to do a post on Patching with a paranoid theme in mind until later in the month but several articles and the fact that this week is the 15 year anniversary of when we moved to a second Tuesday of the month routine prompted me to write this now.
Today two more tech journalists have joined myself, Woody and others in tilting at the windmill, better known as Microsoft.
Ed Bott and Mary Jo Foley added to the choir of voices asking Microsoft to slow down and focus on quality, not quantity. I remember a time years ago that patches came out at any time, any hour and I had to review if I was at risk of attack and consider installing updates during lunchtime and rebooting our office server to ensure that I was protected. Now we are at a point in time that no prudent person alive would install updates on the day they come out. Even worst, most prudent folks are waiting at least a week or longer. That’s making me very paranoid that we are going to have a very bad security issue arise because we aren’t patching.
Make no mistake I strongly still believe that there are good people that work inside of Microsoft that care about consumers, that care about patch quality, that care about feature release quality. But if I let my paranoia take over, and look at the focus on Azure, and know that once everything is packaged in a format that will run in a browser, then the desktop becomes irrelevant.
In patching there is a point in time where the risk of installing the patch and the resulting side effects is less than the risk of the attack that the patch is protecting you from. It’s that point in the middle where the scale tips away from patch pain to risk of attack that is the perfect point of installing updates. Microsoft tries to be the system administrator for all home users and any small (or even medium) business that is looking to Microsoft update for their updates. Right now I’m paranoid enough to say publicly that they are failing badly.
I don’t even have to wrap my head with aluminum foil to know that the worse thing that can happen to a computer user is to reboot their computer after an update and have it not boot. Yet that’s what happened to some in January of this year. I don’t have to add to my paranoia of lack of backups to be concerned when users lose data during a process that should them bring excitement to their computing experience. Once upon a time I knew people that camped out overnight at Best Buy to get the latest version of Windows. Now we have people losing data when they get a feature release. The fact that the amount of people impacted was not a material amount was just luck. The second of the two data loss bugs (the one they fixed in KB4464330) had the potential to hit a lot of Enterprises if they hadn’t found that bug.
My biggest paranoia about patching today is that all of this paranoia about patching is no longer irrational paranoia over immaterial corner cases that the vast majority of people would never hit. My biggest paranoia is that more and more people will stop updating because of the reality that we are seeing.
I’m also paranoid that folks in the insider program will overstate the severity of their bugs to the point that adding a severity rating to every bug will make no difference and once again we will have bugs that hurt lost in the firehose of feedback and upvoting.
Microsoft needs to take a severe action like moving feature release cadence to once a year to showcase that they too want to stop the paranoia over patching and make us feel comfortable again.
I remember when we had horrible patch quality. I remember when we had patches released without a solid release schedule. I remember when patches were pulled back, had to be redone. And I feel paranoid that we are back to where we started 15 years ago.
-
Patch Lady – 31 days of paranoia – day 9
Patch lady here – and today’s paranoia topic is one that I’m sure ALL of you have seen. You go to a web site. You search for something. You then go to another page and the very thing you were looking for is now in the advertisements in the facebook feed, the side banners, just about everything you look at. All due to tracking, beacons, cookies and all of the things that web sites use to keep track of you.
Just out today is something that is interesting, frightening, sad, and empowering all in one. And for those of us in the United States, a bit timely.
Firefox and ProPublica are bundling a browser that has specific extensions specifically to monitor election ad tracking as well as provide a database of what ads are targeting us. Just the other day my Dad said that if every politician did what their opponent said they did, we shouldn’t vote either one into office. But nevertheless, someone needs to represent us and rather than not voting at all, it’s time to make your voice heard.
The ProPublica extension specifically tracks what ads end up in your Facebook stream and what they are targeting.
What the Extension Does
The extension places a content script on every Facebook page you visit. That script scans for ads, which it then stores on your computer. These ads are also sent to ProPublica to support research and journalism
But Susan, (you say) in the month of paranoia you want to SEND information to a journalism site? For this purpose I do. I’m convinced that foreign countries did (and still do) use targeted facebook and targeted twitter bots to enhance and influence opinions in other countries.
If you don’t do social media, wonderful, this paranoia isn’t for you. But if you do… it might just be an interesting experiment to undertake in the month left before the elections.
Even if you don’t think this is an interesting idea, may I strongly urge you to ensure you are signed up to vote. For some states, the deadline was today.
I don’t want to make this post political in any way, I just want to urge you to vote, period. It’s time we all keep a bit more eye on things.
-
Patch Lady – 31 days of paranoia – day 8
Patch Lady here with our 8th day of paranoia. Today I’d like to remind you about a risk of something that too often we don’t think anything about and just take for granted…. wifi. Walk into a Coffee shop and you will find people using a wifi that they don’t know anything about. Go to a hotel and the check in process hands you a password to a wifi access point.
Yet you should think about what CAN occur on a hotel or public wifi which includes malware, man in the middle attacks, Malicious hotspots, or wifi sniffing. I generally make it a rule to not connect to a wifi access point that I haven’t personally installed (my home and office), or personally know who has (friends and family).
Now you can add vpn services like NordVPN, ExpressVPN, OpenVPN and any number of other VPN services that put a layer of protection around your connection, but my recommendation is to also pay for that as well. Don’t rely on free. As a general rule “free” means that you are the product they are selling. Review the end user license agreement very carefully, or don’t connect at all.
Also consider the device you travel with. As a general rule, traveling with an ipad or android tablet is not only easier to get through the TSA lines, but also less of a target for malware. Not saying that ipads are immune but giving the apps store experience, there is more of a vetting process that goes on. When I do travel with a laptop for travelling, I travel with a (now several years older) Surface with built in cellular connection so I have the easy ability to get online with a paid cellular connection and not connecting to the Amtrak wifi, hotel wifi or coffee shops. It’s getting a bit slow now and I’m looking forward to replacing it with a newer lightweight device that contains built in cellular as well.
Too often I see too many of us in restaurants, hotels and coffee shops with our nose in our phones or computers and not enjoying the ambiance of the moment. Time to be a bit more paranoid about connecting to the wifi and make eye contact with that person sitting across the room from you.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Latest Firefox requires Password on start up
by 2 hours, 1 minute ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 6 hours, 23 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 2 hours, 14 minutes ago
-
How Much Daylight have YOU Saved?
by 2 hours, 57 minutes ago
-
A brief history of Windows Settings
by 1 hour, 54 minutes ago
-
Thunderbolt is not just for monitors
by 3 hours, 2 minutes ago
-
Password Generators — Your first line of defense
by 2 hours, 15 minutes ago
-
AskWoody at the computer museum
by 2 hours, 35 minutes ago
-
Planning for the unexpected
by 3 hours, 33 minutes ago
-
Which printer type is the better one to buy?
by 8 hours, 8 minutes ago
-
Upgrading the web server
by 6 hours, 33 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 1 day, 1 hour ago
-
Creating a Google account
by 1 day ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 6 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 17 hours ago
-
AI *emergent misalignment*
by 1 day, 19 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 3 hours, 4 minutes ago
-
Trouble signing out and restarting
by 19 hours, 41 minutes ago
-
Windows 7 MSE Manual Updating
by 2 days, 3 hours ago
-
Problem running LMC 22 flash drive
by 1 day, 2 hours ago
-
Outlook Email Problem
by 1 day, 2 hours ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 10 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 2 days, 2 hours ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 2 days, 2 hours ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 3 days, 3 hours ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 3 days, 3 hours ago
-
Sysprep issue
by 3 days, 3 hours ago
-
Android Security Bulletin—March 2025
by 3 days, 6 hours ago
-
23h2: PIN TO START randomly available on right-click
by 3 days, 6 hours ago
-
Microsoft Defender
by 3 days, 11 hours ago
