Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Windows 10 – Edge Browser Improvements coming in Creators Update

Windows 10 Creators Update will provide Microsoft Edge with some of the following improvements for end users and developers

https://mcpmag.com/articles/2017/01/31/windows-10-creators-update-bringing-edge-improvements.aspx

Microsoft said that once the next major Windows 10 update releases, the company’s Edge browsers will also be receiving a slew of new features and tweaks.  There will be enhancements for end users, along with standards support for Web application developers. Many of the improvements are showing up now for “fast-ring” Windows Insider Program testers. Some Edge features will make the “Redstone 2” (creators update) release of Windows 10, which is thought to be arriving in April.

1. On the end user side, the Microsoft Edge browser will have the ability to preview multiple open tabs in a thumbnail view when the Windows 10 creators update arrives, Microsoft announced on Tuesday. Open tabs can be set aside as a group, to be revisited later, which Microsoft sees as a way of staying organized and not losing tabs. A screenshot in Microsoft’s announcement showed that tab collections can be saved from different time periods, such as “yesterday,” “3 hours ago” and “just now.”

2. Users possibly will be able to block Flash use with the Windows 10 creators update. Microsoft had announced this capability back in December, but it wasn’t mentioned in its announcements on Tuesday. The Microsoft Edge browser already has the capability to automatically pause Flash ad content that’s not deemed essential.

3. Developers can expect to see Content Security Policy Level 2 (CSP2) support in Microsoft Edge when the Windows 10 creators update is released. CSP2 is a World Wide Web Consortium (W3C)-recommended approach that’s designed to help ward off content injection attacks, as well as cross-site scripting exploits, because developers can “lock down the resources that can be used by their web application,” Microsoft explained, in a Jan. 10 blog post.

4. Developers also will see WebRTC 1.0 API support in the Edge browser coming with the Windows 10 creators update, Microsoft explained, in a second announcement on Tuesday. In essence, Microsoft will enable video and audio communications in peer-to-peer scenarios, such as Skype calls between devices, which will work “across browsers and platforms.”

5. Microsoft Edge also will get support for the “H.264/AVC and VP8 video codecs” for real-time communications (RTC). The added support “means video communications are now interoperable between Microsoft Edge and other major WebRTC browsers and RTC services.”

6. Microsoft also plans to bring Brotli compression to the Edge browser with the Windows 10 creators update release. It’s a lossless data compression format spearheaded by the Internet Engineering Taskforce. Brotli compression is expected to improve browser load times because of “20% better compression ratios

Apple – iPhone 7 wireless headphone products review

Several third party products are reviewed as alternatives to Apple’s new innovative ear buds which will soon become more widely available.

http://www.pcmag.com/article2/0,2817,2497785,00.asp

The iPhone 7 and iPhone 7 Plus are two of the world’s most popular music players, packed with exclusive technology. One technology that’s missing, however, is the good old 3.5mm headphone jack. That’s driving a lot of iPhone owners over to wireless headphones, but not every pair will make the most of your phone’s audio capabilities. These headphones are our best picks specifically for the iPhone 7.

Why Go Wireless? — Getting rid of the headphone jack on the iPhone 7 means that in almost all cases, if you’re not using the earbuds that came with your phone, you’ll have to use an annoying $9 dongle to connect your headphones to your iPhone. Wired headphones that use Apple’s Lightning port exist, but they aren’t very common. We’ve reviewed one pair so far, the ridiculously expensive (but also awesome) Audeze iSine 20.

The iPhone 7 uses a special W1 Bluetooth pairing chip to make wireless connections easier, and it uses the AAC music encoding scheme to transmit high-quality audio. No Android phones have the W1, and the AAC situation is an iPhone thing.  The W1 is Apple’s proprietary chip for easier Bluetooth pairing. Once they’re set up, W1 headphones connect and disconnect from iPhones automatically, without fiddling with settings and without fail. That gets rid of one of the major complaints about Bluetooth headphones, which is that you may periodically, mysteriously have to dig into your phone’s settings and manually connect.

We’ve reviewed all three of the first set of W1 headphones: Apple’s Airpods, the Beats Solo3, and the Beats Powerbeats3. They’re not bad, but you’re definitely paying a premium for the easier pairing and improved range the W1 provides. Looking at the chart above, between the Beats Solo3 and the Bowers & Wilkins P5 Wireless, you’re basically trading that W1 connection on the Beats for better all-around audio quality and a more comfortable fit on the Bowers & Wilkins P5 Wireless.

Telephone Scam – Can you hear me

The Better Business Bureau warns of a new “Can you hear me” scam circulating, where the attackers can capture a “YES” response and play back the victim’s voice affirmation to link them to fake purchases of goods or services. Users should always avoid answering unknown or suspicious phone calls.

http://www.usatoday.com/story/tech/nation-now/2017/01/27/can-you-hear-me-phone-scam/97152110/

SEATTLE — A growing “Can you hear me?” phone scam can make you a victim if you utter just one word: “Yes.”  This is how it works, according to the Better Business Bureau:  An automated call provides an introduction and identifies a business or agency. After the intro, the recording will ask if you can hear clearly. If you answer yes, the scammer behind the call may have recorded you, could plan to use your affirmation to sign you up for a product or service you never knew about and then will demand payment. If you refuse, the scammer may produce your recorded “yes” response to confirm your purchase agreement.

How to prevent phishing scams — The best advice from the BBB:

Hang up on any unsolicited robocall. If you are on the federal Do Not Call List and a company calls out of the blue to ask questions, it’s likely a scam.

Avoid responding with “yes,” “sure” or “OK.”

Hang up if you’re asked to press a button to be placed on the Do Not Call registry. Doing anything else could help scammers identify an active phone number. No government agency will ever solicit for the Do Not Call Registry.

Write down the phone number and file a scam report with the BBB Scam Tracker and the Federal Trade Commission’s Do Not Call List.

College students are prime targets of ID thieves, scammers.  That doesn’t always help because these scammers also often know how to fool phones’ caller ID features.

MALWARE – New GMAIL PDF based phishing scam captures passwords

A new GMAIL PDF based phishing scam is widely circulating.  When users click on a PDF attachment that appears to be in genuine email message of a trusted contact, it launches a FAKE GMAIL login page that is designed to captures ID and password information.  Attackers can later use those captured credentials to break into the users email and send out legitimate looking emails to contacts in the address book.  

http://time.com/4638214/google-phishing-scam/

https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/

Security researchers have identified a “highly effective” phishing scam that’s been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.  Here’s how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.  Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline. By all indications, the page is a facsimile of the real thing. Except for one clue: the browser’s address bar.

In fact, the text in the address bar is what’s known as a “data URI,” not a URL. A data URI embeds a file, whereas a URL identifies a page’s location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. This is the trap. As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person’s inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person’s contacts.

Malwarebytes v3.0 – New version resource links

During December 2016, a new version of Malwarebytes was released.  As last version release was in 2014, this is an important milestone for one of best free cleaning tools available.

Malwarebytes v3.0 – HOME PAGE
https://www.malwarebytes.com/

Malwarebytes v3.0 – PRODUCT ANNOUNCEMENT
https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/

Malwarebytes v3.0 – FAQ
https://forums.malwarebytes.org/topic/191650-malwarebytes-30-frequently-asked-questions/

RECENT REVIEW – PC MAGAZINE rates as Excellent as free tool
http://www.pcmag.com/article2/0,2817,2455505,00.asp

I am thrilled to announce the launch of our next-generation product, Malwarebytes 3.0! This product is built to provide comprehensive protection against today’s threat landscape so that you can finally replace your traditional antivirus. Our engineers have spent the last year building this product from the ground up and have combined our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all into a single product which we simply call “Malwarebytes.” And it scans your computer 4 times faster

Leadership – Problem Solving improved by asking right questions

John Maxwell reflects on the need to focus on problems by asking the right questions, which focus on the root cause analysis process

http://www.johnmaxwell.com/blog/youll-never-find-the-right-answers-if-youre-asking-the-wrong-questions

When problem-solving, it’s so easy to fall into the rut of uncreative thinking. We can focus so much on answers and solutions that we lose sight of the question. And if we’re asking the wrong questions, we’ll often end up with the wrong answers.

How creative is your thinking? When faced with a problem, do you immediately turn to the tried-and-true solutions that you’ve always used? Or do you open your mind to new ideas?

A good way to do that is to start asking some right questions, like these:

*   Why must it be done this way?
*   What is the root problem?
*   What are the underlying issues?
*   What does this remind me of?
*   What is the opposite?
*   What metaphor or symbol helps to explain it?
*   Why is it important?
*   What’s the hardest or most expensive way to do it?
*   Who has a different perspective on this?
*   What happens if we don’t do it at all?

Google – Blocked 1.7 billion fake ads in 2016

Google employed automation and human effort in removing over 1.7 billion ‘bad ads’ in 2016 and banned 200 publishers.  This was over twice the volume of 2015 and illustrates the need for users to constantly keep safety in mind, as they use web resources.

http://www.businessinsider.com/google-blocked-released-its-annual-bad-ads-report-2017-1

Google purged itself of 1.7 billion bad ads last year – more than double the number it axed in 2015 – a fact which belies a problem set to swell unless more advertisers refuse to turn a blind eye to inflated numbers caused by ad fraud. The online behemoth’s latest update on its own efforts to curb ad fraud highlights the scale of a problem; for all Google’s efforts last year, is blocking a greater volume of ads just a consequence of there being more bad ads in the first place?

Expanded policies, better detection and sharper internal expertise investments in 2016 suggest it’s a conundrum not lost on the advertising business as the industry starts to understand its own involvement in ad fraud.  “While we took down more bad ads in 2016 than ever before, the battle doesn’t end here,” continued Spencer. “As we invest in better detection, the scammers invest in more elaborate attempts to trick our systems. Continuing to find and fight them is essential for creating a sustainable, open web from which we all enjoy.”

To stress the point, Google pointed out that over 1,300 accounts were suspended last year for attempting to game its system by pretending to be news, a trick known as “tabloid cloaking”.  Any quality ad tech platform will have multiple layers of defence in place in the form of both human and technology review systems that work to eliminate bad ads.

PC Operating Systems – History of 64 bit computing

This interesting article by PC Magazine discusses the history and evolution of computing from 32 bit to 64 bit addressability.

http://www.pcmag.com/article/350934/32-bit-vs-64-bit-oses-whats-the-difference

Keep going exponentially and you eventually get 32-bit (2 to the 32nd power) worth 4,294,967,296; 64-bit (or 2 to the 64th power) is worth 18,446,744,073,709,551,616 values.  That’s a lot of bits, and the numbers show just how much more powerful a chip that supports higher bit computing can be. It’s a lot more than double. That’s because every few years, the chips inside the computers (even smartphones) and the software running on those chips make leaps forward in supporting a new number. For example:

*  The Intel 8080 chip in the 1970s supported 8-bit computing.
*  Windows 3.1 back in 1992 was the first 16-bit desktop version of Windows.
*  AMD shipped the first 64-bit desktop chip in 2003.
*  Apple made Mac OS X Snow Leopard entirely 64-bit in 2009.
*  The first smartphone with a 64-bit chip (Apple A7) was the iPhone 5s in 2014.

It’s pretty obvious: 64-bit, sometimes styled as x64, is capable of doing more than 32-bit (which is actually called x86, a term that stuck from when Windows Vista starting sticking 32-bit apps in a folder called “Program Files (x86),” x86 originally referring to any OS with the instruction set to work on Intel chips like 8086 through 80486).

These days, you are most likely already running 64-bit chips with 64-bit operating systems, which in turn run 64-bit apps (for mobile) or programs (on the desktop, to settle on some nomenclature). But not always. Windows 7, 8, 8.1, and 10 all came in 32-bit or 64-bit versions, for example. If you are running Windows on a computer less than 10 years old, your chip is almost guaranteed to be 64-bit, but you may have installed a 32-bit version of the OS. It’s easy enough to check.

Twitter – Star Wars BOTNET of 350,000 fake users

Security researchers have discovered an automated BOTNET of 350,000 fake users using a “Star Wars” theme as documented below.  

http://www.pcmag.com/news/351285/massive-star-wars-twitter-botnet-uncovered

http://www.bbc.com/news/technology-38724082

UK analysts accidentally uncovered more than 350,000 bogus accounts used to fabricate follower numbers, send spam, and boost interest in trending topics.  Most people sign onto the social networking site to share thoughts, photos, and where to find the best hot dogs in New York City. But legions of automated accounts, or bots, can serve as political propaganda or facilitate trades on the black market.

In this case, 350,000 bots exclusively post random quotes from Star Wars novels—often with incomplete sentences or broken words at the beginning or end. This ensures messages appear as if they are written by real humans.

Despite Twitter’s regular efforts to remove suspicious users, these clever bots have flown under the radar since 2013 by acting differently from obviously automated accounts. Research suggests they tweet only a few times per day, don’t include URLs, never mention or reply to other users, and only follow a few “friends.”

“The Star Wars botnet provides a valuable source of ground truth data for research on Twitter bots.”  Researchers set out with the intention of better understanding how people use Twitter. But their observations led them to the dark side of social media.  “We were really lucky to discover the Star Wars bots by accident,” the research paper said.

Malware – Malicious Scalable Vector Graphics SVG image files

The ISC warns of malicious Scalable Vector Graphics (SVG) “image files” that are circulating in the wild.  While SVG files are rarely used, they can execute scripts and trick users into disclosing sensitive information or infected them malware. The SVG file extention is a good one to add to the email blocking list and to avoid if encountered when visiting websites  

https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/

http://securityaffairs.co/wordpress/53650/malware/svg-images-locky.html

http://blogs.msmvps.com/harrywaldron/2016/11/29/malware-imagegate-embeds-malicious-code-in-graphics-files/

In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people. SVG files (or “Scalable Vector Graphics”) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system, SVG files are handled by Internet Explorer by default.

From a file format point of view, SVG files are XML-based and can be edited/viewed via your regular text editor. Amongst all the specifications of the SVG format, we can read this one in the W3C recommendations.  All aspects of an SVG document can be accessed and manipulated using scripts in a similar way to HTML. The default scripting language is ECMAScript (closely related to JavaScript) and there are defined Document Object Model (DOM) objects for every SVG element and attribute.