Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Windows 10 – Fourteen Million copies installed in first 24 hours

Some early statistics are shared on the update process 

http://www.wired.com/2015/07/14-million-people-already-using-windows-10/

http://blogs.windows.com/bloggingwindows/2015/07/30/windows-10-the-first-24-hours/

Windows 10 is barely two days old and it’s already huge. How huge? According to a blog post from Microsoft, 14 million computers are running Windows 10 merely 24 hours after its release. And this number will keep growing. Even with 14 million computers running, Microsoft has yet to meet the demand for Windows 10, and will keep rolling out upgrades in waves. So if you’ve reserved your copy of Windows 10, be patient and you’ll get your turn.

WINDOWS 10 – Update tips on eve of world-wide launch

Windows 10 is receiving positive reviews and it is a worthwhile improvement in security and functionality for many users.  As Microsoft is attempting a few things for the first time, some new concepts have been misunderstood by some users.  However, in extensive beta testing, there have been very high rates of technical success and high levels of satisfaction.   The following are key considerations in migrating to new operating system:

* Research, planning, and ensuring prerequisites are met are a valuable starting point

* Users do not have to update immediately to take advantage of the great free offer for WIN7 and WIN8 upgrades.  Upgrades can be delayed until JULY 2016 if desired.  Some individuals may want to strategically wait, as very heavy Internet traffic is anticipated for next few days.

* BACKUP all your photos, Office documents, and other items in advance (32GB USB thumb drives are around $12) … While probably vast majority of all updates will go smoothly, it is always beneficial to backup your data

* Creating a WIN7 or WIN8 system recovery disk in advance is always helpful, and you can search the internet for techniques

* It is beneficial to scan for MALWARE in advance of the upgrade to ensure you have a clean virus-free system.  While the WIN10 kernel replaces the older O/S, this action prevents any potential for carrying malware across that might be embedded in files, registry settings, or Windows components)

* Anticipate the process taking one or more hours (and possibly longer depending on complexity of system)

* Please do not interrupt the install process (moving from an existing operating system to a new one is a time consuming process)

* Please REBOOT and follow all instructions as prompted.

 

The following key resources are excellent:

MORE ON HOW TO UPDATE WINDOWS 10 for free
http://www.microsoft.com/en-us/windows/windows-10-upgrade

WINDOWS 10 UPGRADE – FAQ (EXCELLENT GUIDE)
http://www.microsoft.com/en-us/windows/windows-10-faq

WINDOWS 10 UPGRADE – CNET article
http://www.cnet.com/au/news/heres-how-to-upgrade-to-windows-10/

Andriod Security – Major StageFright MMS vulnerability

A major vulnerability has been discovered in the Android operating system that could impact close to one billion users.  Thankfully, it is more of a proof-of-concept threat at this point and has not surfaced as an exploit in the wild yet.  Android users should monitor developments and patch promptly as security updates are rolled out in the future.

http://blog.lumension.com/10402/gaping-hole-in-android-lets-hackers-break-in-with-just-your-phone-number/

http://www.cnet.com/uk/news/researcher-finds-mother-of-all-android-vulnerabilities/

http://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/

Imagine that you want to infect someone else’s Android smartphone, but you cannot get physical access to the device. The normal method would be to attempt to trick the phone’s owner into installing a malicious app, or fool them into clicking on a link that points to a webpage that exploits a vulnerability that silently installs malware onto the device. That would be the normal method.

But Joshua Drake, a security firm with Zimperium, has found a serious vulnerability that does away with all that, and requires no interaction at all by the user. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.  What Drake has uncovered is a way of breaking into an Android user’s phone, and hijacking control of it, just by sending a MMS message with a maliciously-crafted movie file.  Once in place, the malware could secretly steal information and spy on your conversations without your knowledge.

Fortunately, Josh Drake believes in responsible disclosure and not only informed Google’s security team of the serious security hole but also provided patches for their code at the same time. But, unfortunately, the problem doesn’t end there. Because even if Google patches Android, that’s very different from the estimated 950 million Android devices around the world *receiving* updates to their vulnerable devices.  The only silver lining is that, so far at least, there is no evidence that the flaw has been exploited by malicious hackers in the wild. Nonetheless, if you are one of the lucky Android users who finds themselves able to to install an update, I would recommend that you did as soon as possible.

Google Plus – Some services are being decoupled

Originally Google Plus was seen as a competitor with Facebook.  While that did not fully materialize, it will remain a “shared interest” resource among Google users.  This article shares some of the changes ahead for this social networking resource  

http://techcrunch.com/2015/07/27/google-weans-itself-off-of-google/

It’s no secret that Google+ didn’t quite work out the way Google envisioned and now, after already moving Google Photos out of the service, it’s starting to decouple Google+ profiles from its regular Google accounts.  The idea behind Google+ profiles was to give users a single identity across all the company’s platforms. Users didn’t like this and as Google VP of Streams, Photos and Sharing Bradley Horowitz acknowledge today, the company is starting to wean itself off from Google+.

The first service that will be decoupled from Google+ is YouTube, which introduced Google+ comments back in 2013 in an effort to reduce trolling in its comments section. YouTube users were not amused. In a few months from now, you won’t need a Google+ account to share YouTube videos, comment or do anything else on the site, really. Users who have linked their Google+ accounts to YouTube will also be able to remove their Google+ profiles from the service in the near future.

Horowitz also today announced that the company will continue to move some features out of Google+. The focus of Google+ — which still isn’t quite dead — will be on “becoming a place where people engage around their shared interests, with the content and people who inspire them.” That means Google will focus on features like Google+ Collections and move location-sharing to tools like Hangouts, where they, according to Horowitz, really belong.

WINDOWS 10 – Key considerations for updating from WIN7 and WIN8

While many of us are looking forward to advent of this modern O/S and browser, this article from Computerworld shares key considerations and some users may want to delay immediately updating system if they are uncomfortable with some of points listed below.

Additionally, before WIN10 is installed, backup all your data onto USB or other drives to ensure no loss of valuable information just in the worst were to occur (while highly unlikely, it’s always a best practice to be backed up anyway in case of a hard drive failure)

http://www.computerworld.com/article/2945195/microsoft-windows/9-reasons-not-to-upgrade-to-windows-10-yet.html

Windows 10 is just about here — and many users (especially those who have been wrestling with Windows 8) are probably eager to upgrade. But even if you can get it now — the upgrade will be sent first to those who signed up for the Windows Insider beta program and then in “slow waves” to everyone else — you may want to hold off. Here are nine reasons you might want to put off a Windows 10 upgrade.

1. Your system can’t run it — in order to run Windows 10, you need a PC or tablet with a 1GHz processor or faster, 1GB of RAM for 32-bit machines or 2GB for 64-bit machines, 16GB hard disk space for 32-bit machines or 20GB hard disk space for 64-bit machines, a DirectX 9 or later graphics card with a WDDM 1.0 driver and an 800 x 600 display or better.

2. You get a year for the free upgrade offer – You have a full year and the clock starts on July 29, 2015.

3. You’re using Windows 7 — So if you currently use Windows 7, you’re already set — you have a Start menu and you work only on the desktop. In short: If you’re happy with the way Windows 7 works, you may want to stay with it.

4. You like Windows 7 desktop gadgets — Windows 7 includes desktop gadgets that do things such as check the weather and stock quotes, monitor your CPU, report about the state of your system, let you listen to streaming radio stations, and check your hard drive speed and the state of your network

5. Security updates for Vista, Windows 7 and Windows 8 will be available for years — Microsoft will keep issuing security patches for Windows 7 until January 2020 and for Windows 8 until January 2023. Even Windows Vista will get security updates until April 2017. So no need to rush.

6. You use OneDrive placeholders — In Windows 8.1, OneDrive placeholders, also called smart files, let you see all of the files in OneDrive, even if the files are located in the cloud and not on your device. When you double-click a placeholder on your PC, the file is downloaded

7. You have old peripherals and devices — The Achilles heel of most new operating systems is handling older peripherals, such as printers and scanners.

8. You love Windows Media Center — There are some people who are big fans of Window Media Center, which was released way back in 2002 and which is used to play video, music and other media. Microsoft has been trying to kill it off for years, and even disbanded the team responsible for it back in 2009.

9. You don’t need the pain of early adoption — No matter how widespread beta testing is for a new operating system, it can’t uncover all the bugs and gotchas. A new operating system hasn’t been tested on every possible piece of hardware, with every piece of software, and with every hardware/software combination. People who upgrade immediately are the guinea pigs. They’re the ones who feel the pain.

Microsoft update – MS15-078 Font Driver Security fix

The ISC just posted an out-of-band “PATCH NOW” security update change to improve security for OpenType font drivers.

https://isc.sans.edu/forums/diary/Special+Microsoft+Bulletin+Patching+Remote+Code+Execution+Flaw+in+OpenType+Font+Drivers/19941/

Microsoft just released a special “out of band” security bulletin with a patch for a remote code execution vulnerability in Windows’ OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in it’s bulletin, that it had information that the vulnerability was public, but had no indication that it was actively exploited. MS15-077 had been exploited at the time the MS15-077 bulletin was released last week. As a workaround, users may remove the font driver, but this may cause applications that rely on it to not be able to display certain fonts.

Microsoft Skype for Business – Eight improvements over Lync

Microsoft recently launched “Skype for Business” as a replacement for Lync, and key new features and improvements in the new product version are enumerated below:

http://www.networkcomputing.com/unified-communications/skype-for-business-8-ways-its-better-than-lync/d/d-id/1321249

This spring, Microsoft launched Skype for Business, replacing its unified communications platforms Microsoft Lync 2013 and Lync Online. Integrated with its Office 365 service, the new product added a new client experience, new server release, and online service updates. The concept was to provide businesses the ability to connect with more Skype users outside their enterprise networks while maintaining enterprise security and reliability.

The new business platform is based on Skype, which more than 300 million people currently use to communicate. It allows customers to search for, and connect with, anyone on the Skype network, whether they’re inside or outside their organization. Most hardware and software solutions that are compatible with Office 2013 can also handle Skype for Business. Skype for business is built into Office, so features like IM, voice and video calls, presence, and online meetings are all now integrated Office components. The new platform offers the features formerly available on Lync and delivers enterprise-grade security, compliance, and control to IT.

Microsoft Skype for Business – Eight improvements over Lync

1. Easy User Experience – Skype for Business provides a similar look and feel as Skype for Desktop and offers a more simplified user interface compared to the Lync client. Icons, presence indicators, contact lists, buttons, and several quick-action tasks, such as adding another contact during a conversation, will feel similar to users familiar with the older clients

2. Desk Phone Integration – Skype for Business can seamlessly integrate with existing private branch exchange (PBX) systems deployed in organizations. With this integration, employees can contact their co-workers using Skype for Business to place calls, while at the backend, audio call flow is routed through existing desk phones.

3. Skype Directory – Lync users were once allowed to connect with other users via Active Directory integration or organizational federations. The new Skype for Business allows users to connect with all Skype users across the world directly, just by using their corporate IDs.

4. The Mobile Experience – Skype for Business has made improvements in providing seamless support for a variety of devices, including mobile phones and tablets, and offers advantages including an enhanced meeting experience, single sign-on support for Office tools, and access to conversation history

5. No New Hardware – Organizations already using Lync Server with Software Assurance will get the benefit of deploying Skype for Business with a new, already-in-place upgrade feature. This feature utilizes existing Lync Server 2013 hardware and server investments, reducing the deployment costs of Skype for Business Server.

6. Call Quality Data – Similar to Skype for Desktop, Skype for Business provides a feature to rate the user calling experience once you are done with the conversation. This allows administrators to analyze audio and video call quality, tracking performance so they can troubleshoot problems and plan for further enhancements

7. Quick Access To Call Controls – Skype for Business provides users with a quick access bar to control call functions. While participating in a call that engages a public switched telephone network (PSTN), a dial pad is visible on the screen. Even if the calls are non-PSTN, all call controls and the dial pad can be accessed with just one click

8. Call Monitoring – Skype for Business offers a Call Monitoring feature that provides users with a compact call monitoring window on their screen that makes the active call visible even if the user is simultaneously working on another task. The window provides its own quick-access bar to mute the call and end the active conversation. The feature is available for both audio and video calls.

Major Cyberattack – Preparation tips from Kim Komando

Kim Komando shares some preparation tips that can help individuals better endure a major Cyberattack

http://www.komando.com/tips/316593/cyberattack-a-big-one-is-coming-prepare-now

There’s a cyberattack coming, and it’s going to be a big one. Whether it’s an attack on the power grid, air traffic control, the stock market, a weakness we haven’t found yet, or all of the above, you can count on serious confusion and chaos to result. Just so we’re clear, I’m telling you this so you can prepare, not panic. That way when a digital Paul Revere starts yelling, “The hackers are coming! That hackers are coming!” you won’t be taken by surprise.  First, let’s talk about the scope of the problem. We’ve known for years that America’s infrastructure isn’t as robust as it should be.

Back in 2003, for example, a large portion of the American northeast and some of Canada was blacked out thanks to a minor software bug at an electrical station. Combine that with older hardware across the board and lax security, and a hacker could easily knock out power stations at will. In fact, back in January, the Department of Defense accidentally released an 800-page document on the Aurora Project. It was a detailed analysis of how hackers could take down the U.S. power grid and water systems. It wasn’t very comforting, especially combined with the report that an attack on the power grid could cost the U.S. up to $1 trillion.

A few key advanced preparation ideas are listed on page 4

http://www.komando.com/tips/316593/cyberattack-a-big-one-is-coming-prepare-now/4

1. For longer-distance communication, you might think about keeping a landline and a phone that doesn’t rely on power. Landlines tend to be fairly bulletproof in disasters. Here are some more reasons to keep a landline.

2. Of course, you’ll want to stockpile standards like canned food, water, spare batteries and a first aid items. Your home emergency kit should be enough to get you through at least 30 days.

3. Make sure you have important documents, your passport and some cash, since credit and debit cards might not work for a while. If you have important documents as digital files on your computer, print them out and store them in a safe location. You might not be able to get to them in a crisis.

4. You’ll want to keep up with what’s going on, and radio is the most likely thing to be working. Most radio stations have backup generators, and there are thousands of private operators who will be broadcasting as well.

5. Keeping a basic radio handy is good, but you can also grab an emergency radio that includes a hand crank, solar charger, and the ability to charge other gadgets.

Microsoft EDGE browser – Blog and Development links

Links for the new Microsoft EDGE browser Blog and Development resources are noted below:

http://blogs.windows.com/msedgedev/

http://dev.modern.ie/

http://dev.modern.ie/platform/

Internet Explorer – VERSION Support in legacy operating systems after 2015

This link provides valuable planning information for ensuring IE is kept up to date for workstation and server security requirements.  It is always a best practice to be on latest IE version and to stay patched fully, so as to benefit from better protection in latest releases. 

http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 should migrate to Internet Explorer 11 to continue receiving security updates and technical support. For more details regarding support timelines on Windows and Windows Embedded, see the Microsoft Support Lifecycle site.

Beginning January 12, 2016, the following operating systems and browser version combinations will be supported:

Windows Vista SP2 Internet Explorer 9
Windows Server 2008 SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows Server 2008 R2 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows Server 2012 Internet Explorer 10
Windows Server 2012 R2 Internet Explorer 11