Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

March, 2017:

Windows 10 – Creators Update YouTube videos

Recently, I helped some good friends remotely, by sharing best practices for Windows 10 installation, privacy, and security.  In researching YouTube, I discovered extensive resources with excellent screen by screen actual experiences, so that users are well guided.  If someone needs help with Windows 10 and a specific topic area, YouTube is excellent resource.  I’m personally watching these to build greater knowledge myself. 

Below are two excellent resources for the  Windows 10 – Creators Update

Windows 10 Creators Update – Official Release Demo 26min
https://www.youtube.com/watch?v=XCj-wJB5j4c

Windows 10 Creators Update – HANDS ON 9min
https://www.youtube.com/watch?v=wXJA8e5NxM0

Facebook – implements Personal Fundraisers facility

A new Facebook feature, called “Personal Fundraisers” allows users to set up fund-raising campaigns in six categories in a similar fashion as GoFundMe

http://www.pcmag.com/news/352781/facebook-introduces-personal-fundraiser-feature

The new Facebook feature, called “Personal Fundraisers,” is basically a replica of GoFundMe; it lets you set up a campaign to raise money for yourself or someone else in need, like a friend, relative, or pet. Facebook plans to roll out this feature for people aged 18 or over in beta over the next few weeks.  To start, the feature will support six categories for financial needs, letting you raise money to cover costs related to:

1. Education: including tuition, books, and classroom supplies
2. Medical problems: includingprocedures, treatments, or injuries
3. Pet medical: including veterinary procedures, treatments, or injuries
4. Crisis relief: including “public crises” or natural disasters
5. Personal emergencies: like a house fire, theft, or car accident
6. Funeral and Loss: including burial expenses, or living costs after losing a loved one.

Personal fundraisers allow people to reach friends where they already are to quickly build momentum for their cause,” Facebook’s Vice President of Social Good Naomi Gleit wrote in a blog post. “Friends can donate in a few taps with secure payments, without leaving Facebook. Campaigns will go through a 24-hour fundraiser review process. Facebook said it hopes to add more fundraising categories in the future and automate more of the review process.

Facebook is slightly undercutting GoFundMe’s fee of 7.9 percent plus $0.30 per donation.  On Facebook, “personal fundraisers will have a 6.9 percent + $.30 fee, that will go to payment processing fees, fundraiser vetting, security and fraud protection,” Gleit wrote. “Facebook’s goal is to create a platform for good that’s sustainable over the long-term, and not to make a profit from our charitable giving tools.”

Windows 10 – Creators Update version 1703 rollout available for early adopters on April 5 2017

PC world offers an informative timeline for the Windows 10 Creators Update version 1703 rollout.  Using the WIN10 Update Assistant, users can manually request an early update starting on April 5 2017

http://www.pcworld.com/article/3186805/windows/windows-10-creators-update-rolls-ahead-with-early-access-and-date-for-phones.html

Adding this new information, the Windows 10 rollout schedule currently looks like this:

*** March 29: Microsoft confirms the current Insider build qualifies as the Windows 10 Creators Update; Windows 10 CU rollout begins to the Xbox One and Xbox One S.

*** April 5: Windows 10 users running a stable build of the OS can download a (presumably) stable build of the Windows 10 Creators Update via Update Assistant.

*** April 11: Microsoft begins pushing the Windows 10 Creators Update to PCs, in a phased rollout that could take months.

*** April 25: Microsoft begins sending the Creators Update to Windows phones

Computer Security – IBM 2016 research report highlights numerous weaknesses

This study of 2016 developments from IBM affirm that a weak state of security and privacy exists for both home and corporate users

http://www.networkworld.com/article/3185813/security/ibm-on-the-state-of-network-security-abysmal.html

http://www-03.ibm.com/press/us/en/pressrelease/51946.wss

IBM says cybercriminals are starting to grab unstructured data, spam has rebloomed 400% and ransomware has just gone crazy. The state of online security is dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as:

*** The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion — more than the combined total from the two previous years.

*** In one case, a single source leaked more than 1.5 billion records [see Yahoo breach].

*** In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.

*** In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.

*** The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware.

*** In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services.

Windows 10 – Creators Update version 1703 rollout to start April 11 2017

The Windows 10 Creators Update will be a highly improved release offering many new beneficial features.  Version 1703 of Windows 10 is set to start on April 11, 2017.

http://www.seattletimes.com/business/microsoft/microsoft-gets-creative-with-latest-windows-10-update/

http://www.zdnet.com/article/microsoft-confirms-windows-10-creators-update-rollout-to-begin-april-11/

Microsoft will begin rolling out to customers worldwide the Windows 10 Creators Update, also known as 1703 (as in March 2017), starting April 11.

Windows 10 is now running on 400 million devices, Microsoft said, and updates will start rolling out on the April release date. As is common for the company’s software updates, it will take a few weeks before the new update reaches all 400 million devices, although people can choose to update any time after April 11.

Web Security – IIS 6 vulnerability warning for outdated Windows 2003 servers

While security support for Windows 2003 server & IIS 6 ended almost two years ago, there are implementations still running for the Intranet or corporately on Intranets (in legacy mode).  Administrators should move to newer operating systems and also look for mitigating controls right away for these new concerns. 

https://www.us-cert.gov/ncas/current-activity/2017/03/30/Internet-Information-Services-IIS-60-Vulnerability

US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A.

Privacy – Approval of CRA law allows ISPs to sell aggregate data

User viewership patterns are highly desired by advertisers to help formulate strategies to improve online sales. The approval of CRA law allows ISPs to sell aggregate data in a similar manner to Google and other similar firms. Many privacy advocates see this as a step backwards.  It will be done without user knowledge or permission. Some potential concerns include: IP addresses, actual names (e.g., FB account name), personal websites, or other identifiable information found in URLs.

House Votes to Kill Privacy Rules Binding ISPs
http://www.technewsworld.com/story/84420.html

The United States House of Representatives on Tuesday approved the Congressional Review Act (CRA), undoing privacy restrictions imposed on Internet service providers during the Obama administration. The Senate passed the CRA last week in a 50-48 vote along party lines.

Privacy advocates have fought against the CRA, warning of its dire consequences, but ISPs and businesses support it.  Supporters of the CRA argue that it puts ISPs on a level playing field with Google, which was exempted from the FCC restrictions even though it collects a considerable amount of customer data.

“There’s not a whole lot more money in selling individually identifiable customer Internet traffic records than there is in analyzing and packaging those records in a way that enables effective advertising but is not readily identifiable,” observed Ryan Radia, research fellow at the Competitive Enterprise Institute.  “Advertisers really don’t care who you are,” he told the E-Commerce Times. “They just want to be able to figure out what people like you tend to do, and how to sell things to people who have similar habits to you.”

Consumers should be wary when signing up for a VPN, however, said Paul Bischoff, privacy advocate at Comparitech, which maintains a list of reputable free VPNs.  There are “hundreds of supposedly free VPN apps out there,” Bischoff told the E-Commerce Times, “many of which contain malware, inject ads into Web browsers, and mine user data.”

Internet Privacy – HTTPS encryption may not fully hide site visitation history

The Atlantic shares an excellent security awareness article — that even encryption may have certain limitations in fully providing privacy as noted below:

https://www.theatlantic.com/technology/archive/2017/03/encryption-wont-stop-your-internet-provider-from-spying-on-you/521208/

Encryption is on the rise online. Data from Mozilla, the company behind the popular Firefox browser, shows that more than half of web pages use HTTPS, the standard way of encrypting web traffic. When sites like The Atlantic use HTTPS, a lock icon appears in users’ web browsers, indicating that the information being sent to and from servers is scrambled and can’t be read by a third party that intercepts it—that includes ISPs.

But even if 100 percent of the web were encrypted, ISPs would still be able to extract a surprising amount of detailed information about their customers’ virtual comings and goings. This is particularly significant in light of a bill that passed Congress this week, which granted the lobby group’s wish: It allows ISPs to sell their customers’ private browsing history without their consent.

Although the exact URL of a page accessed through HTTPS is hidden to the provider, the provider can still see the domain the URL is on: For example, your ISP can’t tell what exactly story you’re reading right now, but it can tell that you’re somewhere on theatlantic.com. That may not reveal much other than your (excellent) taste in news sources.

Ransomware – New Cerber variants disable Windows Defender Firewall rules

A fellow MVP and cybersecurity expert shares awareness that latest Cerber Ransomware variants have code in them to disable Windows Defender Firewall rules:

https://myonlinesecurity.co.uk/cerber-using-firewall-rules-to-disable-windows-defender/

For the last 10 days or so we have noticed Cerber ransomware disabling Windows Defender by using firewall rules to prevent Windows Defender accessing the internet.  This shows a change in behaviour using firewall blocks to disable windows defender. This will be primarily aimed at Windows 10 users. Windows Defender is the inbuilt “free” antivirus in Windows 8.1 and Windows 10.

Computer Security – Information Assurance Analyst job role

Corporations are using the “Information Assurance Analyst” position to firm up risk management and response needs for critical applications as documented in this informative CSO article:

http://www.csoonline.com/article/3185393/it-careers/what-it-takes-to-become-an-information-assurance-analyst.html

The demand for information assurance analysts is fairly high right now “because C-level executives are concerned about the quality of the information that’s being transmitted and the extent of how much information is being made public.   The information assurance analyst is a bridge between other security staff and users.

In general, an information assurance analyst conducts ongoing vulnerability management activities to assess potential treats, coordinates and leads technology staff in identifying and remediating system vulnerabilities, and works with IT to ensure appropriate procedures and processes are in place for detecting and preventing system intrusions, according to the Janco job description report

The position also requires above-average communication and critical-thinking skills,  “They have to understand the why behind what they’re doing,” he says. “You may also have to wake up someone at 3 a.m. or deliver bad news to management, so those critical thinking and communication skills become especially important.”