Computer News & Safety – Harry Waldron Rotating Header Image

May, 2016:

Microsoft Security – Common weak passwords no longer permitted online

Microsoft online services like Outlook, XBOX live, and Azure cloud are being enhanced to no longer support the most common passwords found in a “hacking dictionary”

Microsoft wants you to stop using “password” as your account password, and the company knows just how to do that — ban it outright.  The company wrote in a technical blog, noticed by online news site Mashable, that it will ban users from setting up some of the most commonly used passwords.  Microsoft hopes the practice will increase security for user accounts, as those with passwords such as “football” and “12345” are some of the most susceptible to hackers.

If users try to set up an account with many of the passwords found on the annual Worst Passwords List put together by SplashData, Microsoft will show a red warning that says, “Choose a password that’s harder for people to guess.”  The feature is live across commonly used Microsoft accounts such as Outlook and Xbox Live, and will soon apply to the Azure Active DirectoryCybercriminals use commonly used passwords to force their way into accounts, Microsoft director of program management Alex Simons wrote in the blog.

Web Security – 360 million MY SPACE user accounts potentially compromised

In addition to Tumbler being hit by a data breach possibly in 2013, 360 million MY SPACE user accounts were potentially compromised around possibly the same timeframe.  Long term users are requested to select a new password for their accounts and to change other accounts if they used the same password on other sites.

Over 360 million Myspace credentials are being sold to the highest bidder on the dark web as Time Inc. confirmed the once-popular social network was the victim of a massive “hacking incident.”  Time Inc., which acquired the Myspace brand through its purchase of data-marketing company Viant in February, said in a statement Tuesday that its security team was informed shortly before the Memorial Day weekend that stolen Myspace-user login data was being made available in an online hacker forum.

While most of the affected accounts likely haven’t been accessed for quite a long time, their owners will still be at risk if they have reused the same email/password combination for accessing other online services like email, banking and shopping.  It remains unclear when the breach took place, with Time Inc. simply saying the compromised data is limited to “a portion of Myspace usernames, passwords and email addresses” from prior to June 11, 2013. Myspace was the world’s biggest social network in the years from 2003 to 2008, with a valuation of $12 billion, but it was eventually eclipsed by Facebook and Twitter.

Apple – iPhone 7 prototypes target improved memory and battery life

Some of the early leaked details note that the iPhone 7 may not have revolutionary new features, but will improve in some currently needed areas such as memory and battery life

Should you be excited about the iPhone 7? Widespread leaks argue new iPhone will be boring yet controversial. Headline features like Apple Pay and 3D Touch are what Apple finds most exciting.  For users the most important changes are typically far more practical such as better battery life and more storage.

The news comes from Kevin Wang, director of market research at respected analytics giant IHS Technology. Wang took to Weibo to announce IHS supply chain investigations have found the iPhone 7 (and presumably the iPhone 7 Plus/Pro) will come with 2GB RAM and 32GB of entry level storage. Apple may try and counter this by making 128GB and 256GB the new mid and top level storage options, but I can still see 32GB proving to be ‘enough’ for many mainstream users. Similarly the knock-on effect of a 128GB midranger would likely make the top end 256GB edition wholly unnecessary for most people.

As such the move to 32GB would be a risk. But does Apple have a choice?  Personally I’d argue it is no longer credible in 2016 to sell a smartphone with 16GB of storage for $650 and after Apple’s sales hit with the iPhone 6S it may be forced to move with the times.

Web Security – 65 million Tumblr user accounts potentially compromised from 2013 attacks

From a data breach during early 2013, 65 million Tumblr user accounts were potentially compromised and long term users are requested to select a new password for their accounts

Hunt recently came across a database being sold on the computer underground containing 65,469,298 unique emails and hashed passwords.  As Motherboard reports, the database is being sold by a hacker going by the name of “Peace”, for the lowly sum of $150. “Peace” also claims that Tumblr used the SHA1 algorithm to store the passwords, making them extremely hard to crack – and probably explaining the cheap price.

But even if your Tumblr password isn’t at much risk of being cracked, you should still probably change it. Just make sure it’s changed to something unique, hard to crack and hard to guess. I would also advise enabling two-step verification on your Tumblr account as well. And don’t think that dealing with the password breach means that you can relax. Your email address is now “out there”, and criminals know how to contact you and 65 million other Tumblr users.

We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.  or additional information on keeping your accounts secure, please visit our Account Security page.

Social Networks – New EU laws require prompt removal of objectionable web content

Social Networks – New EU laws require prompt removal of objectional web content

The European Union has instituted new laws requiring objectionable web content be removed within a 24 hour period. While most social networks promptly take care of abusive conduct, improved legal standards plus major technology company support will further improve quality of site content.

BRUSSELSFacebook, Twitter, Google’s YouTube, and Microsoft on Tuesday agreed to an EU code of conduct to tackle online hate speech within 24 hours in Europe. EU governments have been trying in recent months to get social platforms to crack down on rising online racism following the refugee crisis and terror attacks, with some even threatening action against the companies.  As part of the pledge agreed with the European Commission, the web giants will review the majority of valid requests for removal of illegal hate speech in less than 24 hours and remove or disable access to the content if necessary.

IT Professionals – Benefits of tech-free vacation

This article shares benefits and techniques for being offline during holiday and vacation

When we do temporarily kick the tech addiction and unplug on holiday — c’mon, you can do it — we return to the office refreshed, relaxed and ready to tackle, yep, more work. When we don’t, medical and mental health professionals warn that we’re not doing a body good. And they’re right: We suffer from poor concentration, shoddy sleep patterns, eye irritation, sloppy posture and…let’s just stop there for now.

Before you brave a tech-free vacation, or even a staycation, do yourself a big favor — and your clients and/or co-workers — and give them a heads up that you won’t be answering email or calls. Basically, tell them to buzz off in a nice way and then banish the guilt. You owe yourself some tech-free downtime, worker bee, and you know it.

Facebook, Twitter and Instagram can wait, but your health and well being can’t. For more on why you can’t afford not to unplug on vacation, take a (guilt) trip through the eye-opening infographic below, courtesy of Modis, a Jacksonville, Fla.-based IT staffing company. Bonus: It even showcases some gorgeous vacation locales to daydream about.

Windows 10 – Tuning Tips to deactivate unneeded new features

This article from ZDNET shares six techniques to improve Windows 10 experiences, especially in areas where new functions are not needed currently.

You’ve got complaints about Windows 10? Don’t worry, you’ve got plenty of company. From my mailbox, these are the top gripes about Microsoft’s new OS, with instructions to help you make those problems vanish.

1. Sign in with a local account instead of a Microsoft account
2. Tone down telemetry settings in sharing information back to Microsoft
3. Set your default browser
4.Disable Cortana the new Microsoft’s personal assistant in the search box
5. Keep your BitLocker key under lock and key
6. Stop Windows Update interruptions

Microsoft Edge Browser – Adblock Plus extension debuts

The Adblock Plus extension has been implemented for the Microsoft Edge Browser as noted below:

One of the biggest missing pieces in Windows 10’s default browser has finally arrived. If you’re running the latest preview release of Windows 10, the Adblock Plus extension is now available from the Windows Store. Adblock Plus is now available for free in the Windows Store. The download adds the extension to Microsoft Edge automatically, giving users of the default browser the same ad-blocking capabilities that other browsers enjoy. Microsoft released the first extensions for Edge in mid-March, with those first offerings requiring a separate executable download and then an activation step. The integration of Adblock Plus into the Windows Store makes that process a bit smoother.

Windows 10 – Free Technical Overview E-Book for IT Professionals

This 185 page PDF is chockfull of excellent information for IT Professionals to better learn WIN10 features and capabilities

Windows 10 represents a major transformation of the PC landscape. For IT pros who’ve grown comfortable managing Microsoft Windows using a familiar set of tools and best practices, this version contains a startling amount of new. A new user experience. A new app platform. New security features and new management tools. New ways of deploying major upgrades.

My goal in this book is to help you sort out what’s new in Windows 10, with a special emphasis on features that are different from the Windows versions you and your organization are using today. I’ve tried to lay out those facts in as neutral a fashion as possible, starting with an overview of the operating system, describing the many changes to the user experience, and diving deep into deployment and management tools where it’s necessary.

Windows 10 Defender – Limited Periodic Scanning capability coming

The WIN10 anniversary edition will feature “Limited Periodic Scanning” which will allow the MS Defender AV product to perform additional secondary checks to complement the product’s main AV defense system.  For example a user with McAfee or Norton AV protection can implement the “Limited Periodic Scanning” capability and this will be performed during a less active timeframe for user to reduce performance degradations.

Windows 10 is the most secure operating system Microsoft has ever shipped, and we continue to make it better with regular security updates and new features. For example, we’re making malware detection and protection even easier and more seamless for our customers, whether they choose to use the built-in Windows Defender antivirus or a third-party antivirus solution. Starting with the Windows 10 Anniversary Update this summer—and available in this week’s Windows Insider build—Windows 10 will include a new security setting called Limited Periodic Scanning.

When enabled, Windows 10 will use the Windows Defender scanning engine to periodically scan your PC for threats and remediate them.  These periodic scans will utilize Automatic Maintenance—to ensure the system chooses optimal times based on minimal impact to the user, PC performance, and energy efficiency—or customers can schedule these scans. Limited Periodic Scanning is intended to offer an additional line of defense to your existing antivirus program’s real-time protection.