November, 2015:

This NBC Tech article shares that most websites actively track users extensively as the visit or shop on e-commerce sites

http://www.nbcnews.com/tech/security/cyber-monday-what-happens-your-data-when-you-shop-online-n461711

So how exactly is your data collected, stored, and profited from? And how safe is it? Put down that credit card, because it’s time for a lesson on what happens to your personal information when you shop online.

1. What happens when you browse online? – Yes, even when people don’t enter their personal information to buy something, online shops are collecting information about them. That includes which products they click on, how long they spend looking at that product, which browser and operating system they’re using, and their IP address.

2. What are companies doing with that stuff? – They are using it for their own research. If a sporting goods store, for example, sees you like a certain brand, it might try to show you more of that brand next time you visit. But there is no guarantee that data will stay put.

3. Which companies are getting my data? – It’s not like e-commerce websites are creating reports and sending them off to Google. Instead, companies like Google and Facebook offer free social media and analytics tools. In return, they get access to data.

4. What are these cookie things I have heard about? – Companies build profiles of people using “cookies.” In his paper, Libert compared them to the “tracking bracelets” that scientists place on “migratory birds.”  Wherever your browser goes, this little text file goes too. A website might create one for you. When you come back, it recognizes the cookie and does things like automatically fill out your username and password.

5. What are these companies doing with the data? – Data brokers and ad networks essentially create profiles of you for advertising purposes. It’s supposed to be anonymous. That is not always the case.

Tech Republic shares a list of 8 special techniques when using the Visual Basic Editor to improve productivity:

http://www.techrepublic.com/article/eight-tips-for-working-more-efficiently-in-the-visual-basic-editor/

Office uses Visual Basic for Applications (VBA), an application development language, to extend functionality beyond its standard features. You might write a simple printing macro or use more complex procedures to perform custom tasks or even apply business rules. To add VBA code to a project, you use the Visual Basic Editor (VBE), a built-in interface. It’s adequate, but some tasks seem harder than necessary. Here are some tips that can help you fine-tune your coding sessions. You’ll spend less time with routine tasks and more time actually coding.

1. Display a little or a lot – Simply click the Procedure View icon in the bottom-left corner of the (code) module. In this view, the VBE displays only the current procedure, so you can’t accidentally scroll into another one.

2. Access procedures – Regardless of which module view you’re using, you can quickly access other procedures in the module by pressing [Ctrl] + Page Up and [Ctrl] + Page Down.

3. Access modules – If you have multiple modules open, you can move between them by pressing [Ctrl] + [Tab]. The access order defaults to the Project Explorer list and not the order in which you last accessed or saved a module.

4. Access procedures and variables – Quick access is helpful, but you might want to view a specific procedure or variable. For instance, you could encounter a call to another procedure and want to review it before continuing.

5. Disable Auto Syntax Check – This feature displays a warning when the syntax for a statement isn’t correct. It’s helpful but often inconvenient. For instance, suppose you’re in the middle of writing a statement when you decide to review another line.

6. Display a variable – While debugging, the VBE displays a variable’s current value in a tooltip. It’s a helpful feature and adequate most of the time. On the rare occasion when the value is over 70 characters, you’ll see only the first 70.

7. Drag the Debug arrow – Debugging tasks usually start with a break point. When VBA encounters that break point, it stops and turns flow control over to you. Most of the time, you’ll press [F8] to execute individual statements.

8. Display items – As you write code, a feature known as Intellisense (similar to AutoComplete ) often displays help. You don’t have to wait for it, though; you can get help by entering the first few characters of a function, property, method, or variable and pressing [Ctrl] + Spacebar to see a list of possible matches

Microsoft has improved security gradually over the years through a continuous improvement process and strategic initiatives of it’s executives.  Microsoft’s CEO recently discussed security improvements as noted below:

http://www.nytimes.com/2015/11/18/technology/microsoft-once-infested-with-security-flaws-does-an-about-face.html

REDMOND, Wash. — Microsoft was once the epitome of everything wrong with security in technology. Its products were so infested with vulnerabilities that the company’s co-founder, Bill Gates, once ordered all of Microsoft engineers to stop writing new code for a month and focus on fixing the bugs in software they had already built.

But in recent years, Microsoft has cleaned up its act, even impressing security specialists like Mikko Hypponen, the chief research officer for F-Secure, a Finnish security company, who used to cringe at Microsoft’s practices.  “They’ve changed themselves from worst in class to the best in class,” Mr. Hypponen said. “The change is complete. They started taking security very seriously.”

Microsoft’s chief executive, Satya Nadella, says he is listening. On Tuesday, he delivered a speech to government technology workers in Washington about the importance of security in the technology business and how Microsoft has evolved to confront security threats.  Mr. Nadella, in a phone interview, said his aim was to lay out how Microsoft products make it harder for hackers to compromise PCs, and how the company has eliminated the corporate divisions that separated security managers from each other to improve how threat information is shared.   “It’s kind of like going to the gym every day,” said Mr. Nadella, who himself runs about three miles a day. “You can’t say I’m serious about security without exercising the regimen of keeping security top of mind every second, every hour of the day.”

Numerous articles warm of security dangers duing this intense period of e-commerce and credit card activity

http://www.darkreading.com/vulnerabilities—threats/cyber-monday-what-retailers-and-shoppers-should-watch-for/d/d-id/132330

http://www.darkreading.com/vulnerabilities—threats/black-friday-security-brick-and-mortar-retailers-have-cyber-threats-too/d/d-id/1323235

https://r-cisc.org/wp-content/uploads/2015/11/R-CISC-2015-Hacking-Season-.pdf

Cyber Monday: What Retailers & Shoppers Should Watch For –Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach. While store managers and salespeople gear up for long lines, social engineering, and point-of-sale malware on Black Friday, CIOs and development teams gear up for fraudulent online purchases and Web-based data breaches on Cyber Monday.

The most immediate concern is anything that prevents a retailer from making money, like a denial of service attack on an online shop or mobile purchasing app — or a security measure that causes impatient customers to take their business elsewhere. Threats that may cost a retailer money — like shipping fraud or chargebacks for fradulent purchases made with stolen credit cards or gift cards bought with stolen credit card data — are secondary. Data breaches of customer payment card records or other information fall to the bottom of the priority list.  As the Retail Cyber-Intelligence Sharing Center (R-CISC) explained in advice to members about holiday “hacking season”: “Downtime is expensive, but especially so at this time of year. Retail staff is motivated and focused on sales, at the risk of possibly allowing fraudulent transactions or other types of breaches.”

The Internet Storm Center warms of a new malicious spam attack wave that appears to be a billing statement during this season of high e-commerce activity:

https://isc.sans.edu/forums/diary/Malicious+spam+Subject+RE+Bill/20417/

Earlier today (Wednesday 2015-11-25), one of our readers notified the ISC of malicious spam (malspam) with a Word document designed to infect a Windows computer with malware.  I found examples of the malspam and looked into it.  Word documents from this particular campaign will download Pony malware to infect a Windows computer with Vawtrak.  This malspam was blocked by our spam filters, but others might see it, so I’m posting the information in a diary.   The emails spoof your company name (or whatever domain you’re using for your email address), and they have a Microsoft Word document as an attachment.  The one’s I’ve found have all been plain-text.

From: “accounting@[your company].com”
 Reply-To: “accounting@[your company].com”
 Date: Wednesday, 2015-11-25 at 09:37 CDT
 To: [your email address]
 Subject: Re: bill

This bill just came through and it has your name on it.
 What is this about?

—
 Este email está livre de vírus e malware porque a proteção avast! Antivirus está ativa.
 https://www.avast.com/antivirus

Attachment: Bill.doc

The messages all have a notification at the bottom stating “This email is free of viruses and malware protection because the Avast! Antivirus is active.”  These antivirus messages were all in different languages, based on the host these emails were sent from.

Microsoft has released build 1511 (aka Threshold project) as first major update to Windows 10 and some key tuning is found in the following 3 areas below:

http://blogs.windows.com/windowsexperience/2015/11/12/first-major-update-for-windows-10-available-today/

http://www.computerworld.com/article/3005602/microsoft-windows/what-you-need-to-know-about-windows-10s-new-upgrade.html

With this update, there are improvements in all aspects of the platform and experience, including thousands of partners updating their device drivers and applications for great Windows 10 compatibility. Windows 10 also starts rolling out to Xbox One today and select mobile phones soon. But most importantly, with this free update we have reached the point in the platform’s maturity where we can confidently recommend Windows 10 deployment to whole organizations.  Experience improvements in this update include:

1. Performance in everyday tasks, such as boot time now nearly 30% faster than Windows 7 on the same device.

2. With Cortana, you can use your device’s pen** to just scribble a note in the Cortana Notebook and Cortana will recognize the phone number, email address, and even physical address to help you set reminders. Cortana can also now keep track of your event and movie bookings too, sending you helpful reminders to know where to go and get there on time, plus the option to book and track an Uber**. We’re excited to make Cortana available in Japan, Australia, and Canada and India (in English) with features and experiences customized for each market.

3. Microsoft Edge offers improved performance and security, along with tab preview, which allows you to hover over your open tabs and get a preview of what’s on those websites without leaving the page you’re on. Microsoft Edge now syncs your Favorites and Reading list items across devices so you can easily get back to the content you’re interested in most. And, Cortana will now notify you of the best coupons** from your favorite retailers such as Staples, Macys and Best Buy when shopping in Microsoft Edge.

An interesting technology development as standard headphone jack may no longer be an option due to the very thin design of this future model

http://www.techtimes.com/articles/111442/20151128/iphone-7-and-iphone-7-plus-design-will-be-so-thin-3-5mm-headphone-port-will-be-replaced-with-lightning-port.htm

A new report claims that Apple’s next-generation iPhone 7 is going to be so thin that the company will abandon the 3.5mm headphone port. Instead, the iPhone 7 will use its Lightning port to listen to audio and ship with Lightning equipped EarPods.  When Apple introduced the original iPhone in 2007, it was the first of many backlashes the company would face in terms of the design of its smartphone. Most iPhone owners were out of luck when it came to using their favorite headphones with the smartphone because its 3.5mm headphone port was recessed several millimeters. Most users either had to suffer and use Apple’s iconic but uncomfortable headphones that shipped with the iPhone or buy a special adapter or updated headphones that were designed to fit in the port.

Dell has quickly responded to potential manipulation of a new master root certificate, that could have been potentially compromised for a limited # of recent new laptops & PCs 

http://www.eweek.com/security/dell-instructs-users-to-remove-rogue-edellroot-ca.html

Dell installed a root certificate on new machines, in a security faux pas similar to Lenovo’s Superfish. Dell is back-pedaling today after it was revealed that the PC giant has been shipping a number of its laptops with a preinstalled, self-signed root certificate authority called eDellRoot. The impact of this is that users could be left at risk from attackers, potentially enabling information theft.

“The recent situation raised is related to an on-the-box support certificate intended to provide a better, faster and easier customer support experience,” Dell stated. “Unfortunately, the certificate introduced an unintended security vulnerability.” Dell has now publicly posted instructions on how the eDellRoot CA can be removed from users’ systems. Dell also stated that it will be removing the certificate from all Dell systems moving forward.

PC Magazine notes porting of Windows 10 Cortana application to Apple iOS operating system as noted below

http://www.pcmag.com/article2/0,2817,2495757,00.asp

http://warenotice.weebly.com/news/cortana-for-ios-beta-now-rolling-out-to-first-waves-of-users

Microsoft has officially started its beta test of a new Cortana app for iOS. And if you’re one of the lucky few to be involved in it, consider yourself part of a fairly exclusive club. According to a blog post over at WareNotice, Apple limits TestFlight-based betas to roughly 2,000 or so people per application, and we figure there are a probably a lot more Microsoft fans looking to play around with the Cortana app than that.

If you’re in the beta, you should have received an email earlier this week to give you the good news. If you have now scoured your inbox and come up with nothing, don’t fret just yet: It’s possible that Microsoft is rolling out invites in waves, and perhaps your time will come soon.

“Your life is not limited to one device, and neither is your digital assistant. Cortana is with you on your Windows 10 PC, tablet, and phone—helping you whenever and wherever you need it. But we also know that there’s a choice of mobile devices out there, so we want help from our Windows Insiders to make sure she’s a great personal assistant on iOS too,” read Microsoft’s description in an early-November blog post.

Facecrooks Security warns users to not accept untrusted or unfamiliar “friend requests” in Facebook or other social networks.  Attackers may mine for past historical data for identify theft or other fraudulent purposes.

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Users-Warned-About-Strange-Friend-Requests.html/

A strange new trend has bubbled up on Facebook lately that has users receiving strange friend requests from people all over the world, including the Middle East. What could be behind this sudden spate of odd requests? One expert believes that it’s likely an identity theft scam.  University of South Florida information systems professor Brandon Gill said that people should be cautious when accepting any request on Facebook, because opening up your profile to a stranger leaves you vulnerable to identity theft.

“For example, if there happens to be someone from the military in these networks, they might be able to start to pick up information from their profile that would identify for example who they are, where they are,” Gill said.  Indeed, this kind of random friend-adding is a pretty common tactic for cybercriminals; the Better Business Bureau has spoken out specifically about the problem.

“Facebook is an easy way for scammers to reach networks of people, and in this case, under the guise of someone they trust,” it said. “If you happen to add a scammer, they have access to information that could lead to identity theft or other fraudulent activity. In this case, it seems like the ‘fake friend’ was after money (aren’t they all, really?) through a loan scam.”