Computer News & Safety – Harry Waldron Rotating Header Image

March 31st, 2017:

Windows 10 – Creators Update YouTube videos

Recently, I helped some good friends remotely, by sharing best practices for Windows 10 installation, privacy, and security.  In researching YouTube, I discovered extensive resources with excellent screen by screen actual experiences, so that users are well guided.  If someone needs help with Windows 10 and a specific topic area, YouTube is excellent resource.  I’m personally watching these to build greater knowledge myself. 

Below are two excellent resources for the  Windows 10 – Creators Update

Windows 10 Creators Update – Official Release Demo 26min

Windows 10 Creators Update – HANDS ON 9min

Facebook – implements Personal Fundraisers facility

A new Facebook feature, called “Personal Fundraisers” allows users to set up fund-raising campaigns in six categories in a similar fashion as GoFundMe

The new Facebook feature, called “Personal Fundraisers,” is basically a replica of GoFundMe; it lets you set up a campaign to raise money for yourself or someone else in need, like a friend, relative, or pet. Facebook plans to roll out this feature for people aged 18 or over in beta over the next few weeks.  To start, the feature will support six categories for financial needs, letting you raise money to cover costs related to:

1. Education: including tuition, books, and classroom supplies
2. Medical problems: includingprocedures, treatments, or injuries
3. Pet medical: including veterinary procedures, treatments, or injuries
4. Crisis relief: including “public crises” or natural disasters
5. Personal emergencies: like a house fire, theft, or car accident
6. Funeral and Loss: including burial expenses, or living costs after losing a loved one.

Personal fundraisers allow people to reach friends where they already are to quickly build momentum for their cause,” Facebook’s Vice President of Social Good Naomi Gleit wrote in a blog post. “Friends can donate in a few taps with secure payments, without leaving Facebook. Campaigns will go through a 24-hour fundraiser review process. Facebook said it hopes to add more fundraising categories in the future and automate more of the review process.

Facebook is slightly undercutting GoFundMe’s fee of 7.9 percent plus $0.30 per donation.  On Facebook, “personal fundraisers will have a 6.9 percent + $.30 fee, that will go to payment processing fees, fundraiser vetting, security and fraud protection,” Gleit wrote. “Facebook’s goal is to create a platform for good that’s sustainable over the long-term, and not to make a profit from our charitable giving tools.”

Windows 10 – Creators Update version 1703 rollout available for early adopters on April 5 2017

PC world offers an informative timeline for the Windows 10 Creators Update version 1703 rollout.  Using the WIN10 Update Assistant, users can manually request an early update starting on April 5 2017

Adding this new information, the Windows 10 rollout schedule currently looks like this:

*** March 29: Microsoft confirms the current Insider build qualifies as the Windows 10 Creators Update; Windows 10 CU rollout begins to the Xbox One and Xbox One S.

*** April 5: Windows 10 users running a stable build of the OS can download a (presumably) stable build of the Windows 10 Creators Update via Update Assistant.

*** April 11: Microsoft begins pushing the Windows 10 Creators Update to PCs, in a phased rollout that could take months.

*** April 25: Microsoft begins sending the Creators Update to Windows phones

Computer Security – IBM 2016 research report highlights numerous weaknesses

This study of 2016 developments from IBM affirm that a weak state of security and privacy exists for both home and corporate users

IBM says cybercriminals are starting to grab unstructured data, spam has rebloomed 400% and ransomware has just gone crazy. The state of online security is dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as:

*** The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion — more than the combined total from the two previous years.

*** In one case, a single source leaked more than 1.5 billion records [see Yahoo breach].

*** In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.

*** In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.

*** The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware.

*** In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services.

Windows 10 – Creators Update version 1703 rollout to start April 11 2017

The Windows 10 Creators Update will be a highly improved release offering many new beneficial features.  Version 1703 of Windows 10 is set to start on April 11, 2017.

Microsoft will begin rolling out to customers worldwide the Windows 10 Creators Update, also known as 1703 (as in March 2017), starting April 11.

Windows 10 is now running on 400 million devices, Microsoft said, and updates will start rolling out on the April release date. As is common for the company’s software updates, it will take a few weeks before the new update reaches all 400 million devices, although people can choose to update any time after April 11.

Web Security – IIS 6 vulnerability warning for outdated Windows 2003 servers

While security support for Windows 2003 server & IIS 6 ended almost two years ago, there are implementations still running for the Intranet or corporately on Intranets (in legacy mode).  Administrators should move to newer operating systems and also look for mitigating controls right away for these new concerns.

US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A.

Privacy – Approval of CRA law allows ISPs to sell aggregate data

User viewership patterns are highly desired by advertisers to help formulate strategies to improve online sales. The approval of CRA law allows ISPs to sell aggregate data in a similar manner to Google and other similar firms. Many privacy advocates see this as a step backwards.  It will be done without user knowledge or permission. Some potential concerns include: IP addresses, actual names (e.g., FB account name), personal websites, or other identifiable information found in URLs.

House Votes to Kill Privacy Rules Binding ISPs

The United States House of Representatives on Tuesday approved the Congressional Review Act (CRA), undoing privacy restrictions imposed on Internet service providers during the Obama administration. The Senate passed the CRA last week in a 50-48 vote along party lines.

Privacy advocates have fought against the CRA, warning of its dire consequences, but ISPs and businesses support it.  Supporters of the CRA argue that it puts ISPs on a level playing field with Google, which was exempted from the FCC restrictions even though it collects a considerable amount of customer data.

“There’s not a whole lot more money in selling individually identifiable customer Internet traffic records than there is in analyzing and packaging those records in a way that enables effective advertising but is not readily identifiable,” observed Ryan Radia, research fellow at the Competitive Enterprise Institute.  “Advertisers really don’t care who you are,” he told the E-Commerce Times. “They just want to be able to figure out what people like you tend to do, and how to sell things to people who have similar habits to you.”

Consumers should be wary when signing up for a VPN, however, said Paul Bischoff, privacy advocate at Comparitech, which maintains a list of reputable free VPNs.  There are “hundreds of supposedly free VPN apps out there,” Bischoff told the E-Commerce Times, “many of which contain malware, inject ads into Web browsers, and mine user data.”