Security Protection – Harry Waldron MVP Rotating Header Image

Microsoft EDGE browser – Blog and Development links

Links for the new Microsoft EDGE browser Blog and Development resources are noted below:

http://blogs.windows.com/msedgedev/

http://dev.modern.ie/

http://dev.modern.ie/platform/

Internet Explorer – VERSION Support in legacy operating systems after 2015

This link provides valuable planning information for ensuring IE is kept up to date for workstation and server security requirements.  It is always a best practice to be on latest IE version and to stay patched fully, so as to benefit from better protection in latest releases. 

http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx

After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates. For example, customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 should migrate to Internet Explorer 11 to continue receiving security updates and technical support. For more details regarding support timelines on Windows and Windows Embedded, see the Microsoft Support Lifecycle site.

Beginning January 12, 2016, the following operating systems and browser version combinations will be supported:

Windows Vista SP2 Internet Explorer 9
Windows Server 2008 SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows Server 2008 R2 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows Server 2012 Internet Explorer 10
Windows Server 2012 R2 Internet Explorer 11

 

Leadership – Learn from the experience of others

John Maxwell shares more informative leadership guidance as noted below 

http://www.johnmaxwell.com/blog/standing-on-the-shoulders-of-giants

1. Stand on the lessons of history — Norman Cousins writes, “History is a vast early warning system.” Over the centuries of human history, much has been recorded of the successes and failures of others. When we choose to study history, we tap into their lessons and have the opportunity to avoid some of their mistakes.

2. Stand on the lessons of others — Throughout my life, starting when I was a very young man, I’ve made it a practice to spend time with people ahead of me on the journey. Observe and ask questions of people you respect, and you’ll gain incredible lessons that you can apply to your own life.

3. Stand on the lessons of experience — When you learn from others first, you gain skills in evaluating experience in order to grow. I’ve often said that experience is not the best teacher; evaluated experience is. Use what you learn from others’ experience to evaluate your own, and you’ll go farther, faster, than you would have otherwise.

Microsoft Security Updates – JULY 2015

Microsoft is releasing the a large number of security bulletins for newly discovered vulnerabilities.  All home & corporate users should promptly update their systems:

https://technet.microsoft.com/library/security/MS15-jul

https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/

http://blogs.technet.com/b/msrc/archive/2015/07/14/july-2015-security-updates.aspx

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer.   As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month’s security updates and advisories visit the Security TechNet Library.

Abode – Critical Flash and PDF reader updates for JULY 2015

All users should promptly update applicable Adobe products as there current zero-day exploits circulating in the wild

https://isc.sans.edu/forums/diary/Adobe+Updates+Flash+Player+Shockwave+and+PDF+Reader/19917/

In a warm up to patch Tuesday, it looks like we have a new version for Adobe Flash Player, Shockwave Player and PDF Reader. Given that some of the exploits against the vulnerabilities patched are public, you may want to expedite patching and review your Flash Player and browser configuration.  The latest (patched) versions are:

* Flash Player 18.0.0.209
* Flash Player EST 13.0.0.305
* Reader 10.1.15
* Reader 11.0.12
* Shockwave Player 12.1.9.159

Bulletins:

https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://helpx.adobe.com/security/products/reader/apsb15-15.html

You can get the latest version of Flash Player here:

https://get.adobe.com/flashplayer/

Also note that many browsers now allow you to disable Flash by default. You can re-enable it for sites that require Flash. Here is a nice page that will explain how to have your browser ask for permission before running plugins:

http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Federal Government Data breach – 21.5 Million personal files compromised

Over 21 million individuals had personal information in recent government agency data base breach by hackers as documented below

http://www.darkreading.com/attacks-breaches/opm-personal-info-on-215-million-people-exposed-in-hack/d/d-id/1321252

The Office of Personnel Management today confirmed the final body count of victims affected by its massive data breach, which also exposed some 1.1 million fingerprints stored in the background-check database. The body count is in: some 21.5 million individuals had their social security numbers, residency and employment history, family, health, and financial history exposed in the massive data breach of the Office of Personnel Management’s (OPM) background-check investigation database.

Of the 19.7 million individuals who had applied for the background checks, 1.1 million had their fingerprint scans exposed as well. The remaining 1.8 million people affected by the breach were spouses or other members of the applicants’ households, OPM said today. “Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen,” OPM said today in an announcement describing the findings from its forensics investigation of the breach.

Mozilla Firefox – Flash Player is now disabled by default

This change ties into recent concerns and Flash zero-day is the root cause of recent hacking incident in Italy, as well as other recent zero-day incidents.

http://www.pcmag.com/article2/0,2817,2487628,00.asp

Mozilla has blocked all versions of Adobe Flash Player in its Firefox browser after a recent breach left Flash vulnerable to attack.  “When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use,” Mozilla said.

Last week, Italy-based Hacking Team was breached and 400GB of sensitive data published online. That data revealed a Flash Player bug, which scammers quickly exploited. Adobe released a patch for that bug, but it was not the only one. So on Sunday, Facebook’s chief security officer, Alex Stamos, suggested Adobe take a more drastic approach (“It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day“)

WINDOWS 10 – Ten improvements found in new version

PC Magazine summarizes features and benefits found in latest build of Windows 10 as it is being prepared for the July 29th release.

http://www.pcmag.com/article2/0,2817,2487499,00.asp

Windows 10 is nearly here, and a major thrust of its design is to be more familiar to users of pre-8 versions of Windows. It’s a chance for everyone who missed out on all the performance and feature advances in Windows 8 and 8.1—and believe it or not there are plenty, many of which are included in this list—to get caught up. Not only that: It’s free!

By clicking on the new-style Windows logo in your system tray that Microsoft has added to all machines eligible for the free upgrade. Doing so enrolls you in the upgrade program, which starts on July 29.  If you have a valid license for a Windows 7 SP1 or 8.1 Update installed, then you’re golden. The offer lasts for a year.

Note that the new operating system sheds some features that weren’t used by a large enough audience for Microsoft to continue offering them. Things like Windows Media Center, Windows 7 desktop gadgets, and a few more trifles. You can read more about what’s going away and how to replace it in 6 Features Disappearing in Windows 10 (and How to Replace Them)

Without further ado, here is why you should upgrade that old Windows box:

1. Speed – Startup and more. If you never made the move to Windows 8 or 8.1, you’ve missed out on one of the best things to hit Windows operating systems in forever: Fast startup.  Compared with Windows 7, the newer Microsoft OSes leave the older one at the gates. Another speed boost mostly aimed at gamers will come from DirectX 12, the new 3D engine for game developers.

2. The Start Menu – The loud voices in the tech community have long clamored for the return of the Start menu after its replacement by the Start screen in Windows 8. Microsoft has heeded the cries for its return, but given it a tile-based appendage, so as not to lose live tile info, and to make the OS still touch-enabled.

3. Cortana – It’s nice to be able to talk to your technology in hands-free mode. “Hey Cortana, play music,” or “take a note” are just for starters.

4. Universal Apps – Windows 10 lets you find software you need for large and small tasks, and you can run apps either windowed or full-screen. Windows 10 also comes with slicker and more powerful productivity and media apps, including new Photos, Videos, Music, Maps, People, Mail, and Calendar.

5. Touch – Just about every screen in your life these days is a touch screen—your smartphone, your tablet, even your car navigation system. So why not your desktop or laptop PC?

6. Action Center – Your smartphone pops up notifications for messages, updates, and even breaking news, so why shouldn’t your PC? With Windows 10 it does. Similar to the Mac OS X Notification Center, the Action Center shows messages from email, the system itself (you’ve installed an update), and from apps (weather warning, or a birthday reminder).

7. A Better Browser Microsoft Edge brings the OS’s default browser into the modern world of browsers. That means improved compatibility and speed, and add a few helpful new capabilities like webpage markup and reading mode.

8. Security – Windows 10 inherits the Secure Boot feature from Windows 8 and makes it even more secure. This requires any code that runs right when the OS starts be signed by Microsoft or the hardware maker. Three new security feature for Windows 10 are Device Guard, Microsoft Passport and Windows Hello, which you can read about on the Windows for Your Business blog.

9. Virtual Desktops – Windows 10 finally brings the capability to Microsoft’s desktop operating system. In Windows 10, the feature is incredibly easy to use: You simple click or tap the task-switching icon next to the Cortana search box in the taskbar.

10. Xbox App – If you’re a gamer, you’ll love the integration with Xbox that comes in Windows 10.

Facebook – Delta Airways Hoax impacts numerous users

Most free offers that are “too good to be true”, are usually a hoax designed to cause users to let down their guard and compromise security or privacy safeguards

http://facecrooks.com/Internet-Safety-Privacy/Delta-Air-Lines-Facebook-Users-Hit-With-Viral-Giveaway-Hoax.html/

A Facebook promotion from “Delta Airways” has gone viral on the site, getting shared nearly 65,000 times in 24 hours. The only issue: the promotion is a hoax, and it’s from an imposter Facebook page.

The fake promotion says that Delta is “celebrating a 100 million customers already this year we’re giving you the chance to win one of 175 gift bags. Each one contains $5,000 in cash, 5 first class tickets to be used till 2016 and some delta goodies.” To win these gift bags, Facebook users are encouraged to share and like the post, thus perpetuating it further across the site.

A Delta representative told Buzzfeed News that they asked Facebook to remove the page, and as of Wednesday afternoon the original page had indeed been shut down. However, another one popped up to replace it soon thereafter. While scams like this one are widespread, they’re also extremely easy to detect. For instance, Delta’s official name is “Delta Air Lines,” not “Delta Airways.” A small bit of Internet research would immediately prove that the too-good-to-be-true offer really was.

Windows 10 Theme – A more human way to do

Windows 10 will be released later this month with a theme of “A more human way to do” 

http://bits.blogs.nytimes.com/2015/07/13/microsoft-strikes-new-tone-for-windows-10-release/

SEATTLE — Almost 20 years ago, Microsoft licensed the Rolling Stones song “Start Me Up” to add a dash of rock ‘n’ roll to the release of Windows 95, the product that catapulted the company to a high-water mark of influence in the tech industry. Microsoft‘s tagline for Windows 10, a new version of the operating system that will be released later this month: “A more human way to do.”

That slogan will be part of an advertising campaign for Windows 10 that Microsoft will announce on Monday. The ads will start appearing online and on television July 20 in the United States and outside the country on July 29, which is when Windows 10 becomes available for downloading to the first wave of consumers.

It’s clear the introduction of Windows 10 is going to be more low key than that for Windows 95. The technology industry is a much bigger, more diverse business than it was 20 years ago and the PC is just one of many devices. The release of a new Windows operating system isn’t the kind of cultural event that piles of marketing dollars can will into existence anymore. For Windows 95, Microsoft held a jamboree with huge circus tents on its campus in Redmond, Wash., hiring Jay Leno, then the “Tonight Show” host, to act as emcee.