Turn Off SMB1 on Windows Now

Posted Posted in Security

For the non technical computer users out there, this is a red alert. You many have heard of Wannacrypt. There’s a new variant out now. Even if you haven’t heard of this ransomware malware, please turn off SMB1 on your Windows computers. The following is for Windows 10 and Windows 8.1/8. It is very easy to do (note – click or tap on an image to show larger version):

1. Type the words control panel in the Cortana/Search box lower left. Control Panel will appear at the top. Double click to select it.

control panel1

(more…)

Surface Pro (2017)

Posted Posted in Surface

I really loved my Surface Pro 3 (purchased June 2014), but earlier this year, it became useless as a portable with a non functional battery. If I hadn’t encountered the (well known) battery issues, I would still be happily using my SP3. But being chained to AC outlets isn’t my idea of portability. I was hoping that Microsoft would offer a special trade in allowance for SP3 owners in light of the well publicized battery issues afflicting this model, but alas, it didn’t happen. Nevertheless, I decided to spend the money and splurge on the new Surface Pro, i7, 512/16 configuration. The form factor is perfect for me and the extreme portability (bad back) just can’t be equaled elsewhere.

After three days, my opinion is that this is a dream machine powerhouse.

sp1.2

(more…)

Multi Factor Authentication App Backup and Usage Strategies

Posted Posted in Security

I’ve been using Microsoft’s Authenticator App because not only does it support Azure Authentication (Office 365) but because it supports my Microsoft Account, Google account, and anyplace else that supports the OTP standard. Any site or service that supports RFC6238 is supported by MS Authenticator and I can scan a QR code (and in some cases enter a Secret Key instead of a QR code) to “provision” an account.

As my list of 2FA/multi factor authentication enabled assets grows, I had been thinking a lot about what would happen if I upgraded my iPhone or had a hardware failure and needed to replace it. Even restoring a new phone from an iPhone backup does not restore the accounts to MS Authenticator (and the same is true of other 2FA apps, although several offer their own export/import or backup/restore functions). And, while I do get push notifications to approve or deny access on my Apple Watch from MS Authenticator for my Office 365 account and my Microsoft Account, for other sites and services, since Microsoft does not (yet) offer a full fledged Apple Watch App, I need my phone when prompted to enter a code.

(more…)

Change Hue Light Colors with Alexa

Posted Posted in Alexa, Amazon Echo, Connected Home, Home Automation

Hue and Lifx bulbs have been supported with Amazon’s Echo/Alexa ecosystem for a long time. One of the missing elements, the ability to specify specific colors or temperatures, was missing, although cool third party integration with Yonomi allowed you to create routines to handle specifying colors.

While Hue has been supported natively for a long time, to turn on the new functionality, go to the Alexa app or web page, search for “Hue” and enable the skill.

hue alexa colors

(more…)

Using MS Authenticator for 2FA Everywhere

Posted Posted in Security

Two Factor/Multifactor Authentication can help keep you safe.

The bad guys are out to get you. They’re phishing in your email, they are using brute force to try to get your password so they can log into your email accounts, your Microsoft Accounts, your Google accounts, Facebook, Twitter, and just about everywhere that you use a password to log in. Having a strong and unique password for every site and account isn’t enough these days. You CAN do more to protect yourself. There PROBABLY ARE baddies trying to break into your accounts right now. It’s a fact of life. Want an example? I was amazed at the number of unique IP’s trying to gain administrative access to the WordPress dashboard on one of my blogs by trying to login through the WordPress interface. And I was horrified.

What can you do to protect yourself? My advice is simply ‘if you don’t have 2FA enabled, enable it now if you possibly can’. (And if you are one of the folks that still doesn’t have a smartphone, consider a physical device like Yubikey’s devices. Microsoft blogged about using this product for Windows Hello as well.) I won’t cover using these devices in this article, but be aware that if you don’t have a smartphone, you do have an option.) Note that, in some cases, you can use a secondary email address as an option to SMS or Yubikey, but it isn’t as secure and I don’t recommend it.

Two Factor Authentication (2FA) relies on something you know (like a strong password) and something you have (like a cellphone/smartphone) to help secure your email, online email and social media accounts, etc. There are additional ways to use 2FA, and you can read more about this at Wikipedia, Microsoft, and there’s a particularly good write up at Google.
(more…)