Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Google Calendar – Improved layout and corporate features OCT-2017

Google’s online calendar facility offers improved an layout and some new collaborative capabilities, as shared below:

https://www.pcmag.com/news/356814/google-calendar-gets-a-new-look-on-the-web-upgrades

Google’s Calendar on the web now offers a fresh color scheme and a responsive layout that auto-adjusts to your screen size. But looks aside, G Suite admins can now enter detailed information about their company’s meeting rooms, like where they’re located, how many people they can hold, whether they have audio and video equipment, and whether they’re wheelchair accessible. Employees can view this information by hovering over the room name in Calendar when they book a space.

They can also now beef up Calendar invites with rich formatting and hyperlinks. This way, attendees can check out any relevant spreadsheets, documents, or presentations without having to go hunt for them.  Besides that, employees can view and manage multiple calendars side by side, a feature that should come in handy for administrative assistants and other employees who schedule meeting on behalf of their teams. Just click “Day” view and select the calendars you want to compare.  Finally, Calendar now lets you see the contact information of meeting participants when you hover over their names in a Calendar invite.

Additional information can be found at:

https://www.blog.google/products/g-suite/time-refresh-introducing-new-look-and-features-google-calendar-web/

https://calendar.google.com/

Leadership – 7 questions for leadership awareness and development

John Maxwell shares an excellent article on the need for leaders to become self-aware of their personality traits, blind spots, and other factors that might impact their team relationships.

http://johnmaxwellcompany.com/blog/7-questions-for-leadership-development

Here are 7 questions to encourage leadership development and greater self-awareness. Pass these along to potential leaders in your company and incorporate them into planning for leadership development initiatives:

1. Are they squeezing into someone else’s success box?  All leaders perform best when they don’t need to fit a certain personality profile or a preconceived notion of success.

2. Have they identified their most dangerous blind spots? Leaders often fail to see weaknesses because they presume everyone sees the world from the perspective of their own strengths.

3. How well do they interact with people who are their opposites? When leaders know themselves better, they more easily recognize the potential hazards in interacting with others on the team.

4. What relationship keys will position them to take their leadership to the next level? By figuring out how they best relate to others, leaders can head off potential people problems before they develop.

5. How are they naturally wired to deal with confrontation? Conflict is unavoidable. It’s part of the human condition. When they understand how they are naturally wired to respond to confrontation, they can choose their best response to fit the situation and minimize disruption to the team.

6. How do they naturally respond to change? We live in a world of rapid change. For leaders to succeed, they must encourage growth and show how to make it happen. How leaders are hard-wired to respond to change is neither good nor bad in itself, but understanding it prepares them to seize an opportunity instead of run from it.

7. Are they leveraging their behavioral hardwiring to increase influence?  Their leadership development potential —for better or worse— always determines their effectiveness and potential for success, because everything rises and falls on leadership.

ROCA exploit – Attackers recover Private RSA Keys CVE-2017-15361

Security experts have discovered a new vulnerability, tracked as CVE-2017-15361. An exploit called ROCA is the Return of Coppersmith’s Attack (allowing the users private keys to be recovered in breaking encryption).  A vulnerability testing tool has also been developed

http://securityaffairs.co/wordpress/64401/breaking-news/roca-vulnerability-cve-2017-15361.html

http://wccftech.com/roca-worse-krack-crypto-keys-risk/

While security experts are discussing the dreaded KRACK attack against WiFi networks IT giants, including Fujitsu, Google, HP, Lenovo, and Microsoft are warning their customers of a severe flaw in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. The vulnerability, tracked as CVE-2017-15361, affects the implementation of RSA key pair generation by Infineon’s Trusted Platform Module (TPM).

Infineon TPM is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and helps to shield against unauthorized access to the data stored by improving the system integrity. The vulnerability in Infineon’s Trusted Platform Module (TPM), dubbed ROCA (Return of Coppersmith’s Attack), was discovered by security researchers at Masaryk University in the Czech Republic.

The researchers published the details of the ROCA vulnerability in a blog post and also published a tool online that could be used to test if RSA keys are vulnerable to this dangerous flaw.The ROCA attack works against differed key lengths, including 1024 and 2048 bits, which is widely used for differed applications, including the national identity cards and message protection like PGP.

“The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used. We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP.” said the researchers. “The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable. The details will be presented in two weeks at the ACM CCS conference.

Microsoft Security Updates – OCTOBER 2017

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/

http://blog.talosintelligence.com/2017/10/ms-tuesday.html

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.

Wireless Security – KRACK WPA2 Vendor Patching directories

Below are a few additional updates from overnight security feeds:

Excellent FAQ & latest info for KRACK https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/

Vendor directory for KRACK patching  (two lists)  

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

http://wccftech.com/keep-safe-wifi-wpa2-krack-exploit/

MICROSOFT PATCHES AVAILABLE  (OCT 10th Patch Tuesday)   
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Wireless Security – KRACK WPA2 proof-of-concept exploit

Early this morning, the SANS Internet Storm Center and other security sites shared proof-of-concept information for a new Wireless Security attack called “KRACK” (Key Reinstallation Attacks).   Some early links include:

https://isc.sans.edu/forums/diary/WPA2+KRACK+Attack/22932/

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/

https://www.krackattacks.com/

https://papers.mathyvanhoef.com/ccs2017.pdf

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

The researcher went on to say that the weakness allows attackers to target both vulnerable access points as well as vulnerable computers, smartphones and other types of clients with differing levels of difficulty. Neither Windows nor iOS aren’t believed to be vulnerable to the most effective attacks. Linux and Android appear to be more susceptible, because attackers can force network decryption on clients in seconds with little effort. Vanhoef said clients can be patched to prevent attacks even when connected to vulnerable access points. Linux patches are available but it’s not immediately clear when they will become available for various distributions and for Android users. Patches are also available for some but not all Wi-Fi access points.

Mozilla Firefox 56 – New features and security release

Firefox 56 was recently released with new  features and security improvements

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox56

  • Launched Firefox Screenshots, a feature that lets users take, save, and share screenshots without leaving the browser
  • Added support for address form autofill (en-US only)
  • Updated Preferences
    • Added search tool so users can find a specific setting quickly
    • Reorganized preferences so users can more easily scan settings
    • Rewrote descriptions so users can better understand choices and how they affect browsing
    • Revised data collection choices so they align with updated Privacy Notice and data collection strategy
  • Media opened in a background tab will not play until the tab is selected
  • Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account

RFID Technology – commentary on possible human use in future

This PC Magazine commentary discusses possible human micro-chipping that may emerge years from now

https://www.pcmag.com/commentary/355485/ready-or-not-youre-getting-microchipped

Since 2016, the UK has required pet owners to microchip their dog before eight weeks or face a £500 fine. A small RFID chip is implanted just below the skin, so if a lost dog is found wandering, it can be easily reunited with its owner.  But we’re not stopping with furry friends. Recently, a vending machine company in Wisconsin microchipped (supposedly willing) employees. The chip, inserted in the hand, opens doors and buys stuff from office vending machines. About 50 of 85 workers took the firm up on its offer.

Like it or not, getting “chipped” is in your future. The fact that anyone would want this diminutive “tag” embedded in their hand (it’s generally placed in the fleshy area between the thumb and the forefinger) is beyond me. But don’t be surprised to see pro-microchip propaganda.  If you use Apple Pay, Android Pay, or any Near Field Communication (NFC) system, this will be much easier to use. Just wave your hand to pay.

NFC has no inherent power capabilities; there’s no lithium battery or anything. A nearby induction field powers the device and turns it on when it’s in range. This passive option seems more acceptable to the public. Entrepreneurs can always sell “Faraday” gloves for the paranoid.  The little device could eventually contain a credit card, driver’s license, passport, maybe even your medical records.

FBI – October is Cyber Security month

The FBI shares an informative post that October is designated as Cyber Security month

https://www.fbi.gov/news/stories/national-cyber-security-awareness-month-2017

As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, this year’s National Cyber Security Awareness Month is an important reminder of the need to take steps to protect yourself and your family when using the Internet. Launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance, the annual campaign held every October is designed to help the public stay safe online and to increase national resiliency in the event of a cyber incident.

“Cyber risks can seem overwhelming in today’s hyper-connected world, but there are steps you can take to protect yourself and reduce your risk,” said Assistant Director Scott Smith of the FBI’s Cyber Division. “The FBI and our partners are working hard to stop these threats at the source, but everyone has to play a role. Use common sense; for example, don’t click on a link from an unsolicited e-mail, and remember that if an online deal seems too good to be true, it probably is. And overall, remain vigilant to keep yourself and your family safe in the online world, just as you do in the physical world.”

Windows 10 – Version 1511 end of support during OCTOBER 2017

The following are key “end of support” dates for Windows 7-10 product releases.  Windows 10 version 1511 end of support occurs this month

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to upgrade or make other changes to your software. Below are the end dates for Windows lifecycle support:

WINDOWS 7 — END OF SUPPORT DATES
Windows 7 Gold …………. January 13, 2015
Windows 7 SP1 ………….. January 14, 2020

WINDOWS 8 — END OF SUPPORT DATES
Windows 8 Gold …………  January 9, 2018
Windows 8.1 ……………. January 10, 2023

WINDOWS 10 — END OF SUPPORT DATES
Windows 10 v1507 ……….. May 9, 2017
Windows 10 v1511 ……….. October 10, 2017
Windows 10 v1607 ……….. March 2018
Windows 10 v1703 ……….. September 2018