Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Web Security – 360 million MY SPACE user accounts potentially compromised

In addition to Tumbler being hit by a data breach possibly in 2013, 360 million MY SPACE user accounts were potentially compromised around possibly the same timeframe.  Long term users are requested to select a new password for their accounts and to change other accounts if they used the same password on other sites.

http://www.ibtimes.com/myspace-accounts-hacked-time-inc-confirms-massive-breach-360-million-passwords-sale-2376092

Over 360 million Myspace credentials are being sold to the highest bidder on the dark web as Time Inc. confirmed the once-popular social network was the victim of a massive “hacking incident.”  Time Inc., which acquired the Myspace brand through its purchase of data-marketing company Viant in February, said in a statement Tuesday that its security team was informed shortly before the Memorial Day weekend that stolen Myspace-user login data was being made available in an online hacker forum.

While most of the affected accounts likely haven’t been accessed for quite a long time, their owners will still be at risk if they have reused the same email/password combination for accessing other online services like email, banking and shopping.  It remains unclear when the breach took place, with Time Inc. simply saying the compromised data is limited to “a portion of Myspace usernames, passwords and email addresses” from prior to June 11, 2013. Myspace was the world’s biggest social network in the years from 2003 to 2008, with a valuation of $12 billion, but it was eventually eclipsed by Facebook and Twitter.

Apple – iPhone 7 prototypes target improved memory and battery life

Some of the early leaked details note that the iPhone 7 may not have revolutionary new features, but will improve in some currently needed areas such as memory and battery life 

http://www.forbes.com/sites/gordonkelly/2016/05/30/iphone-7-32gb-storage-option/#794153407a47

Should you be excited about the iPhone 7? Widespread leaks argue new iPhone will be boring yet controversial. Headline features like Apple Pay and 3D Touch are what Apple finds most exciting.  For users the most important changes are typically far more practical such as better battery life and more storage.

The news comes from Kevin Wang, director of market research at respected analytics giant IHS Technology. Wang took to Weibo to announce IHS supply chain investigations have found the iPhone 7 (and presumably the iPhone 7 Plus/Pro) will come with 2GB RAM and 32GB of entry level storage. Apple may try and counter this by making 128GB and 256GB the new mid and top level storage options, but I can still see 32GB proving to be ‘enough’ for many mainstream users. Similarly the knock-on effect of a 128GB midranger would likely make the top end 256GB edition wholly unnecessary for most people.

As such the move to 32GB would be a risk. But does Apple have a choice?  Personally I’d argue it is no longer credible in 2016 to sell a smartphone with 16GB of storage for $650 and after Apple’s sales hit with the iPhone 6S it may be forced to move with the times.

Web Security – 65 million Tumblr user accounts potentially compromised from 2013 attacks

From a data breach during early 2013, 65 million Tumblr user accounts were potentially compromised and long term users are requested to select a new password for their accounts

http://www.welivesecurity.com/2016/05/30/65-million-tumblr-users-probably-careful/

Hunt recently came across a database being sold on the computer underground containing 65,469,298 unique emails and hashed passwords.  As Motherboard reports, the database is being sold by a hacker going by the name of “Peace”, for the lowly sum of $150. “Peace” also claims that Tumblr used the SHA1 algorithm to store the passwords, making them extremely hard to crack – and probably explaining the cheap price.

But even if your Tumblr password isn’t at much risk of being cracked, you should still probably change it. Just make sure it’s changed to something unique, hard to crack and hard to guess. I would also advise enabling two-step verification on your Tumblr account as well. And don’t think that dealing with the password breach means that you can relax. Your email address is now “out there”, and criminals know how to contact you and 65 million other Tumblr users.

 

https://staff.tumblr.com/post/144263069415/we-recently-learned-that-a-third-party-had

We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.  or additional information on keeping your accounts secure, please visit our Account Security page.

Social Networks – New EU laws require prompt removal of objectionable web content

Social Networks – New EU laws require prompt removal of objectional web content

The European Union has instituted new laws requiring objectionable web content be removed within a 24 hour period. While most social networks promptly take care of abusive conduct, improved legal standards plus major technology company support will further improve quality of site content.

http://www.businessinsider.com/facebook-twitter-youtube-and-microsoft-have-agreed-to-eu-hate-speech-rules-2016-5

BRUSSELSFacebook, Twitter, Google’s YouTube, and Microsoft on Tuesday agreed to an EU code of conduct to tackle online hate speech within 24 hours in Europe. EU governments have been trying in recent months to get social platforms to crack down on rising online racism following the refugee crisis and terror attacks, with some even threatening action against the companies.  As part of the pledge agreed with the European Commission, the web giants will review the majority of valid requests for removal of illegal hate speech in less than 24 hours and remove or disable access to the content if necessary.

IT Professionals – Benefits of tech-free vacation

This article shares benefits and techniques for being offline during holiday and vacation

https://www.entrepreneur.com/article/247799

When we do temporarily kick the tech addiction and unplug on holiday — c’mon, you can do it — we return to the office refreshed, relaxed and ready to tackle, yep, more work. When we don’t, medical and mental health professionals warn that we’re not doing a body good. And they’re right: We suffer from poor concentration, shoddy sleep patterns, eye irritation, sloppy posture and…let’s just stop there for now.

Before you brave a tech-free vacation, or even a staycation, do yourself a big favor — and your clients and/or co-workers — and give them a heads up that you won’t be answering email or calls. Basically, tell them to buzz off in a nice way and then banish the guilt. You owe yourself some tech-free downtime, worker bee, and you know it.

Facebook, Twitter and Instagram can wait, but your health and well being can’t. For more on why you can’t afford not to unplug on vacation, take a (guilt) trip through the eye-opening infographic below, courtesy of Modis, a Jacksonville, Fla.-based IT staffing company. Bonus: It even showcases some gorgeous vacation locales to daydream about.

Windows 10 – Tuning Tips to deactivate unneeded new features

This article from ZDNET shares six techniques to improve Windows 10 experiences, especially in areas where new functions are not needed currently.

http://www.zdnet.com/article/six-windows-10-annoyances-how-to-make-them-go-away-for-good/

You’ve got complaints about Windows 10? Don’t worry, you’ve got plenty of company. From my mailbox, these are the top gripes about Microsoft’s new OS, with instructions to help you make those problems vanish.

1. Sign in with a local account instead of a Microsoft account
2. Tone down telemetry settings in sharing information back to Microsoft
3. Set your default browser
4.Disable Cortana the new Microsoft’s personal assistant in the search box
5. Keep your BitLocker key under lock and key
6. Stop Windows Update interruptions

Microsoft Edge Browser – Adblock Plus extension debuts

The Adblock Plus extension has been implemented for the Microsoft Edge Browser as noted below:

http://www.zdnet.com/article/windows-insiders-can-now-install-adblock-plus-in-microsoft-edge/

One of the biggest missing pieces in Windows 10’s default browser has finally arrived. If you’re running the latest preview release of Windows 10, the Adblock Plus extension is now available from the Windows Store. Adblock Plus is now available for free in the Windows Store. The download adds the extension to Microsoft Edge automatically, giving users of the default browser the same ad-blocking capabilities that other browsers enjoy. Microsoft released the first extensions for Edge in mid-March, with those first offerings requiring a separate executable download and then an activation step. The integration of Adblock Plus into the Windows Store makes that process a bit smoother.

Windows 10 – Free Technical Overview E-Book for IT Professionals

This 185 page PDF is chockfull of excellent information for IT Professionals to better learn WIN10 features and capabilities

https://blogs.msdn.microsoft.com/microsoft_press/2016/02/08/free-ebook-introducing-windows-10-for-it-professionals-technical-overview/

Windows 10 represents a major transformation of the PC landscape. For IT pros who’ve grown comfortable managing Microsoft Windows using a familiar set of tools and best practices, this version contains a startling amount of new. A new user experience. A new app platform. New security features and new management tools. New ways of deploying major upgrades.

My goal in this book is to help you sort out what’s new in Windows 10, with a special emphasis on features that are different from the Windows versions you and your organization are using today. I’ve tried to lay out those facts in as neutral a fashion as possible, starting with an overview of the operating system, describing the many changes to the user experience, and diving deep into deployment and management tools where it’s necessary.

Windows 10 Defender – Limited Periodic Scanning capability coming

The WIN10 anniversary edition will feature “Limited Periodic Scanning” which will allow the MS Defender AV product to perform additional secondary checks to complement the product’s main AV defense system.  For example a user with McAfee or Norton AV protection can implement the “Limited Periodic Scanning” capability and this will be performed during a less active timeframe for user to reduce performance degradations.

https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/

Windows 10 is the most secure operating system Microsoft has ever shipped, and we continue to make it better with regular security updates and new features. For example, we’re making malware detection and protection even easier and more seamless for our customers, whether they choose to use the built-in Windows Defender antivirus or a third-party antivirus solution. Starting with the Windows 10 Anniversary Update this summer—and available in this week’s Windows Insider build—Windows 10 will include a new security setting called Limited Periodic Scanning.

When enabled, Windows 10 will use the Windows Defender scanning engine to periodically scan your PC for threats and remediate them.  These periodic scans will utilize Automatic Maintenance—to ensure the system chooses optimal times based on minimal impact to the user, PC performance, and energy efficiency—or customers can schedule these scans. Limited Periodic Scanning is intended to offer an additional line of defense to your existing antivirus program’s real-time protection.

Windows 10 – GWX update changes for WIN7 and WIN8 home users

In the past the GWX (Get Windows Ten) update could be stoped close by clicking the red “X” windows close button in top right corner.  GWX is used to control update to WIN10 for WIN7 and WIN8 home users. Habitually knowing it’s been safe in past to prevent WIN10 installation, many users won’t even read the changed message. 

The new GWX requires user to click a link to either delay or cancel the GWX update. The previous behavior required you to click on something to INSTALL.  The changed behavior is that you now must click on something to PREVENT THE INSTALL.  Compounding this further are folks who have clicked thru the red “X” without reading the changed GWX and then they might let their PCs idle for a few days (past the install opt out target date) …. When they wiggle the mouse again they are in the WIN 10 EULA “accept” or “decline” prompt.

Users who carefully read the WGX will have no issues, with the new approach

http://www.computerworld.com/article/3070460/windows-pcs/microsoft-makes-final-aggressive-windows-10-upgrade-push.html

http://www.computerworld.com/article/3044518/microsoft-windows/users-seethe-as-windows-10-arrives-while-their-backs-are-turned.html

“If you click on OK or on the red ‘X’, you’re all set for the upgrade and there is nothing further to do,” the document stated. The “X” Microsoft mentioned is one way to close a window in Windows.  But Microsoft’s interpretation of clicking the X is contrary to decades of practice in windowed user interfaces (UIs) and normal user expectations: To users, shutting a window by clicking the X tells the OS to remove the notification or application frame without expressing an opinion, selecting an option or calling up an operation.  Instead, Microsoft equates closing the window with approving the scheduled upgrade.

Featuring WPMU Bloglist Widget by YD WordPress Developer