How to Set Menus to Open Aligned to Left or Right in Windows 10

In Windows, you can change where menus appear on the screen by indicating which hand you write with.

If you set right-handed, then menus appear to the left of your hand.

If you set left-handed, then menus appear to the right of your hand.

This tutorial will show you how to have menus open aligned to the left or right by default for your account in Windows 10.

Read more…

Microsoft Creators Update – Coming changes for 2017

Microsoft shared some key new tools & coming changes for 2017

Microsoft wants artists and content creators to want its products. The company unveiled multiple creative-minded products at its keynote today, including a major Windows 10 upgrade called the “Creators Update” and a gorgeous PC called the Surface Studio. It has 80 custom parts in its arm alone! Most of today’s announcements were about advancing into the future, but Microsoft also stayed true to its roots with an update to Paint. We have all the highlights below.

1. Windows 10 Creators Update
2. 3D Paint
3. Windows VR headsets
4. Xbox live streaming
5. Windows People mode (new key contact approach)
6. Surface Studio (touchscreen all-in-one desktop computer – hi-res 28″ touch screen display)
7. Surface Dial (new input device for Surface)
8. Surface Book i7 (high-end version with Intel i7 microprocessor)

Transforme su hoja de cálculo de Excel en página web con Office 365 SharePoint Online

A lo largo de mi carrera como profesional en portales de colaboración he encontrado algunos usuarios expertos en Excel capaces de construir en un santiamén complejos análisis de datos o aplicaciones que realizan cálculos basados en el uso de fórmulas. En cuanto a SharePoint se refiere, si ven atractivo el hecho de que ahora pueden compartir su hoja de cálculo con otros y de alguna forma hacer accesible su hoja de Excel para que otros re utilicen su trabajo. Sin embargo sigue siendo el mismo modelo, seguimos usando a SharePoint como repositorio de datos, usuario tendría que descargar la hoja de cálculo y usarla.

He grabado un breve video donde explico el uso de parámetros en plantillas de Excel para poder exponer su hoja de cálculo en Office 365 SharePoint Online en una página web accesible a los empleados de su empresa y usar su hoja como si fuese una especie de aplicación. EL uso de parámetros en Excel permite exponer celdas de la hoja de cálculo como parámetros que cualquier usuario o aplicación puede usar para enviar datos a nuestra hoja de cálculo.

Espero este pequeña demostración le permita a usted potencializar aún más su experiencia y conocimiento de Excel.



Apple iOS 10 updated to 10.2

Looks like Apple has released an update to address a problem with images that can carry malware.

The most (and least) secure messaging apps

Somehow, this doesn’t surprise me.

SnapChat, Skype among worst messaging apps for not respecting users’ right to privacy

Release Notes for Flash Player 23 and AIR 23 – October 26, 2016

Welcome to the Flash Player and AIR 23 release notes!

October 26, 2016

In today’s release, we’ve updated Flash Player with important security updates.

Fixed Issues

Flash Player

  • Security Fixes

Removal instructions for Trojan.Agent.GenX.IPH

What is Trojan.Agent.GenX.IPH?

The Malwarebytes research team has determined that Trojan.Agent.GenX.IPH is a Trojan.Agent.

Spybot Search & Destroy Weekly Update – October 26, 2016

++ Ad.SunriseBrowse + Firseria
+ Clearsearch.Net + NavExcel Websearch
+ QuickBrowser
+ ++ + Win32.VB.ik
Total: 2622327 fingerprints in 833465 rules for 7728 products.

» ··· updates/

This example teaches you how to convert a text string to lower, upper or proper case in #Excel

How to Change the Default Font in Windows 10

Windows 10 uses the Segoe UI font as the default system font. This font is used for icons, menus, title bar text, File Explorer, and more.

If you would like to use a different font, then you are able to change this default font to any font you like.

This tutorial will show you how to change the default system font in Windows 10 for all users.

Read more…

Internet Cyber Security – Dyn attack harnessed IOT security exploits

A brand new way for hackers shutdown INTERNET emerged earlier in the week when a DYN a key internet hosting company suffered a massive DDoS attack.  They recovered quickly, as a new approach of manipulating a new evolving technology called IOT (Internet of things) was discovered

I also don’t want to get too far into this post without:

1.Acknowledging the tremendous efforts of Dyn’s operations and support teams in doing battle with what’s likely to be seen as an historic attack.

2.Acknowledging the tremendous support of Dyn’s customers, many of whom reached out to support our mitigation efforts even as they were impacted. Service to our customers is always our number one priority, and we appreciate their understanding as that commitment means Dyn is often the first responder of the internet.

3.Thanking our partners in the technology community, from the operations teams of the world’s top internet companies, to law enforcement and the standards community, to our competition and vendors, we’re humbled and grateful for the outpouring of support.

Attack Timeline — Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.

What we know — At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.

Leadership – Integrity means being true on consistent basis

To achieve long-range objectives over time, there must be a pattern of consistency or the day-to-day distractions will impact the overall success of the team.

We live in a culture that rewards image – often over integrity. We promote people who appear to have their act together, and encourage others to do the same. Never mind any warning signs about their character. As long as they look good while they produce, our culture is satisfied.   Why do we reward image over integrity?  The answer is simple: Image is easy. Integrity is hard.

Am I Being True to Myself?Living with integrity begins within. The only person in the world you can’t hide from is you. To be a genuine person, you have to be able to live with yourself and the decisions you make. If your actions would cause you shame or embarrassment if they were ever found out, then you’re not being true to yourself and your values.

Am I Being True to My Mentor? — Mentors are the people who have chosen to invest in you. They believe in you and your potential, and have shared their time and wisdom to help you maximize it. If your actions would disappoint them, then you’re not putting enough value on your mentor’s investment.

Am I Being True to My People? — You are surrounded by people who are affected by your actions. Be they family, friends, colleagues, or neighbors, your choices impact them on a daily basis. If you are not living a genuine life with them, it will ultimately damage the relationships that you need to thrive.

It’s easy to believe that integrity doesn’t really pay off. In fact, that seems to be the message our culture thrives on! Why do things the hard way when you can just “fake it ‘til you make it” – especially when so many people seem to succeed overnight through shortcuts and shams? It’s tempting to believe that you can or should do the same. After all, everyone wants to get to the top, so why not take the fastest route?

Microsoft Security Updates – New Patch Tuesday cumulative update process

Microsoft’s new “Patch Tuesday” model improves installation process, but if issues surface with the updated system or devices the capability to fine tune and eliminate a small subset of the total release is no longer present.

Microsoft as of this month officially transitioned its Patch Tuesday model to a cumulative patching process for Windows 7 and Windows 8.1 that security experts say is a more flexible and streamlined way to update vulnerable systems. But it also comes with some risks.  October 11 marked the first time Microsoft released updates via its new system, which combines security and non-security fixes into large bundles. Three distinct update bundles will roll out each month; two available to enterprise customers, and one for consumers.

One of these, for businesses and consumers, is released via Windows Update, Windows Server Update Services (WSUS), and the Windows Update Catalog. This is a monthly rollup of security and non-security fixes, which contains all updates for the month as well as fixes for the previous months. If a user skips a month, they will receive the patches for that month in the following month’s bundle.  The second bundle contains all security patches for the specific month and excludes fixes from previous months. These security-only rollouts, intended for enterprise users, are distributed through WSUS and Windows Update Catalog.

“What Microsoft is trying to do is make things simpler for users by delivering all updates together,” explains Amol Sarwate, director of vulnerability labs at Qualys. “When administrators install patches, they can just deploy one patch.” This model also makes it easier to learn which fixes are included and which aren’t, he adds.  Ullrich acknowledges the new model will make patch application easier, but there is also risk related to availability.  “If a particular patch interferes with a particular function of the PC, either a hardware component or customer software, then the entire patch has to be delayed and it will not be advisable to just apply a partial patch,” he explains.

Microsoft Security Updates – OCTOBER 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

Patch Tuesday has once again arrived! Microsoft’s monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today’s release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.  The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127

Removal instructions for SparPilot

What is SparPilot?

The Malwarebytes research team has determined that SparPilot is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

Linux – Dirty Cow exploits nine year old vulnerability

Linux vendors are scrambling to patch a nine year old vulnerability that is being used in the “Dirty Cow” exploit

An easy-to-exploit flaw in the Linux operating system has been present for nearly a decade, and security researchers warned last week that hackers are now starting to use it.  Linux developer Phil Oester discovered the so-called Dirty Cow bug, which lets attackers gain read and write access to a Linux system’s memory that would normally be read-only for all but the local user. Oester wrote in an email to Ars Technica that after exploiting it, “any user can become root in 5 seconds in my testing, very reliably.”

To take advangate of the Dirty Cow bug and gain access to the memory, a hacker just needs to upload a file to the system they’re targeting and execute it. That’s hacking 101, and can be accomplished numerous ways—from sending a malicious email to cracking a password.  “As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.”

NMAP 7.31 – Stability release of popular PENTEST tool

A minor stability release was made for NMAP 7.31, the popular free PENTEST tool to fix minor issues after last month’s major version release

The big Nmap 7.30 release last month was a great success.  We didn’t even see as many bugs as expected for such a large release, but we have collected and fixed the ones which did arise in the last few weeks into a new 7.31 point release.  It includes the latest updates to our new Npcap driver, a fix for Nping on Windows, and more.  Nmap 7.31 source code and binary packages for Linux, Windows, and Mac are available for free download.  Here are the changes we put in since 7.30:

**  [Windows] Updated the bundled Npcap from 0.10r2 to 0.10r9, bringing increased stability, bug fixes, and raw 802.11 WiFi capture (unused by Nmap).

**  Fixed the way Nmap handles scanning names that resolve to the same IP. Due to changes in 7.30, the IP was only being scanned once, with bogus results displayed for the other names.

**  [Nping][GH#559] Fix Nping’s ability to use Npcap on Windows.   A privilege check was performed too late, so the Npcap loading code assumed the user had no rights.

**  [GH#350] Fix an assertion failure due to floating point error in equality comparison, which triggered mainly on OpenBSD

**  [Zenmap] Fix a crash in the About page in the Spanish translation due to a missing format specifier

**  [Zenmap][GH#556] Better visual indication that display of hostname is tied to address in the Topology page. You can show numeric addresses with hostnames or without, but you can’t show hostnames without numeric addresses when they are not available.

**  To increase the number of IPv6 fingerprint submissions, a prompt for submission will be shown with some random chance for successful matches of OS classes that are based on only a few submissions.

“Toymaster” has released Security Mailer Volume 16 Number 43

Security Mailer V16#43

  • Part 1
    Browser Firefox updated
  • Cisco Security Advisories
  • Java updates; 11 year old Linux Kernel Bug, Linux patches and updates
  • Windows 10 problems – the fix needs a fix
  • General Security entries
  • Oracle releases one of largest quarterly updates ever
  • Microsoft PRO covers MS16-101 issues and KB3185331 crashing the SCOM console

    Part 2

  • Before the IoT Buries Us All – paper I wrote regarding the current state of the Internet of Things, and it isn’t good
  • sshowdown exploitation – PDF from Akamai technologies covering sshwdown exploitation of the IoT
  • Tweaking WSH – two papers from Computerworld to help you defend your email
  • Why you should be cautious – Peter Mackenzie over at Sophos covering email cautions we should all follow

Firefox updated to 49.0.2

Mozilla Releases Security Update for Firefox

Security vulnerabilities fixed in Firefox 49.0.2

  • A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49.
  • A developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49.

PowerShell and DevOps Global Summit 2017 agenda

The agenda for next year’s Summit is almost complete – we’ve notified all speakers as to whether their sessions have been accepted or not. If you haven’t received your notification please check your spam/junk mail.


We have a small number of sessions yet to publish – mainly around possible focus groups on the Wednesday afternoon.


To view the agenda go to the Summit event site – from click on the Brochure and registration link.


Registration opens 1 November 2016.

Recent Comments