Computer News & Safety – Harry Waldron Rotating Header Image

November, 2017:

Leadership – Leaders can better prepare for 2018 through Reflective thinking

John Maxwell shares an excellent article on how to value of reflective thinking in a lessons learned fashion for 2017. Reflecting back on both good & bad experiences can improve results in 2018

http://johnmaxwellcompany.com/blog/how-looking-back-leaders-prepare-for-the-future

In today’s fast-paced and highly competitive corporate environment, it’s never been more important for your leaders to push pause and reflect on what happened last year in order to best plan for the year ahead. Reflective thinking can help leaders prepare for the future & thrive in the following five ways:

1. Gives True Perspective — What were their successes? What did they learn? It’s important to reflect on experiences because human beings have the tendency to take things for granted.

2. Gives Emotional Integrity — Reflective thinking enables leaders to distance themselves from the intense emotions of particularly good or bad experiences and stop carrying around emotional baggage.

3. Gives Confidence in Decision-Making — Every leader must make snap judgments from time to time—and later wonder if he or she did the right thing. Reflective thinking can help to diffuse that doubt.

4. Helps Keep the Big Picture in Mind — Reflective thinking puts ideas and experiences into a more accurate context. It encourages leaders to ponder what had been done and observed.

5. Takes a Good Experience and Makes It a Great Experience — It’s not necessarily experience that is valuable; it’s the insight leaders gain because of the experience. Reflective thinking turns experience into insight. An experience becomes valuable when it informs or equips leaders to meet new experiences.

MacOS 10.13.1 – Root vulnerability critical security patch released

Apple has just released an emergency patch to better lock down the “root” account where a preset password does not exist.  In certain settings, the “MacOS 10.13.1 Root vulnerability” allowed a missing password challenge to be fully worked around.  This bug is serious and Apple quickly responded with a “patch now” update  

https://redmondmag.com/articles/2017/11/29/apple-issuing-macos-high-sierra-patch.aspx

Apple is issuing a patch today for macOS High Sierra users that fixes a major password-bypass flaw in that operating system. The flaw lets anyone access a system with superuser privileges by using the user name “root” and a blank password. Apple is releasing Security Update 2017-001, which is designed to fix a logic error in the credentials validation process, according to a Nov. 29 Apple support article. The fix is only for macOS High Sierra 10.13.1 users. Older macOS High Sierra versions aren’t affected, according to Apple.

More can be found here:

https://blogs.msmvps.com/harrywaldron/2017/11/29/macos-10-13-1-root-vulnerability-allows-new-admin-account-without-password/

Verizon 5G Wireless – 2018 implementation planned for Sacramento

Widespread implementation of the high-speed 5G standard is still a few years ago. Verizon will start making commercial service available in a few regional areas in 2018 as standards like the new 5G radio specifications are finalized. Sacramento has been designated as one target city for this new high-speed wireless standard.  

Verizon commercializing 5G fixed wireless access in 2018

Throughout this year, Verizon has tested 5G fixed wireless access in 11 U.S. markets, which the company said included “several hundred cell sites that cover several thousand customer locations. Now Verizon says it will use that technology to deliver residential broadband services in three to five markets next year.

The carrier will make the commercial service available first in Sacramento, Calif., during the second half of 2018. Given the timing, Verizon’s commercial launch should follow the 3GPP’s release of the 5G New Radio specification, which is tracking for June 2018. Operators in the U.S. and around the world have looked to 5G fixed wireless access as a way to deliver multi-gigabit-per-second throughput speeds without needing to deploy fiber directly to homes and premises, which is a costly and time-consuming process.

Malware – Coinhive cryptocurrency miner steals visitors CPU power on infected websites

The Coinhive cryptocurrency mining facility is being misused as a new hacking tool.  Cybercriminals can secretly imbed this on vulnerable websites with weak security controls & mine digital currencies for themselves. There is no notification to visitors that any mining is taking place.

https://www.pcmag.com/news/357535/why-hackers-love-cryptocurrency-miner-coinhive

A brilliant idea to monetize internet traffic appears to be running amok.  You may have encountered it. Computer code that has found its way into tens of thousands of websites secretly siphons CPU processing power to mine a digital currency called Monero.

The code’s developer, Coinhive, rakes in the dough, but some security researchers claim it’s a form of malware, and say the code is lining the pockets of hackers, too. “It’s becoming a new revenue stream for cybercriminals,” said Troy Mursch, an independent security researcher.

Coinhive first released its cryptocurrency miner in September as a novel way for websites to generate revenue. Once embedded into a website, the code mines the digital currency Monero by borrowing visitors’ CPU processing power. The more visitors, the more money earned. Site owners take a 70 percent share, while Coinhive grabs the rest.

That may sound great, but there’s one big problem: the Coinhive code often doesn’t tell website visitors that any mining is taking place. It can simply borrow CPU processing power via the browser, without any warning.  Mursch found the crypto miner in over 30,000 random sites, many of which don’t appear to be using the Coinhive code deliberately. Among them was PolitiFact, a fact-checking service which briefly hosted the Coinhive code in October because its site was hacked.

Internet Security – Akamai study notes increased attacks in Q3 2017

This 9 page slide show is excellent & chockfull of graphs and exhibits that illustrate current safety concerns in the Internet security vector

Akamai Finds Web App Attacks Increased in Q3 2017

http://www.eweek.com/security/akamai-finds-web-app-attacks-increased-in-q3-2017

Windows 10 – New SETs tabular interface better organizes project history

In a futures Windows 10 release, history stored will be in new SETs tabular interface, as decribed below

https://www.pcworld.com/article/3238524/windows/windows-10-sets-timeline.html

https://www.pcworld.com/article/3196130/windows/microsoft-builds-biggest-reveals-windows-10-fall-update-story-remix-cortana-hardware-and-more.html#slide4

Windows 10’s future look could be Sets, a tabbed app interface Microsoft will start testing.  Microsoft said Tuesday that it plans to overhaul Windows 10 with a browser-like, tabbed application dubbed “Sets”.  This is where groups apps and files are organized by project. The changes will roll out over a period of months, if not years.

Think of Sets as a mashup of existing and emerging Windows 10 technologies. Take Windows Explorer and the little-used Task View within Windows 10, mix in the newer “Pick up where you left off” and “Timeline” features, and wrap it all into a single-window experience. The idea is that every task requires a set of apps—Mail, a browser, PowerPoint, even Win32 apps like Photoshop—and those apps will be optionally organized as tabs along a single window.

But that’s not all. Microsoft knows that one of the most difficult things to remember isn’t what you were working on a week or so ago—browser histories help with that. It’s remembering all of the associated apps and documents that went with it. It’s a complex concept, with a complex tag line: Sets is a way to “organize and resume multi-faceted tasks,” according to Microsoft.  Sets will first make its way to Windows Insiders for feedback on the new UI. Microsoft will also seek out support for the Set

Leadership – How to build a corporate culture of leadership

John Maxwell shares an excellent article on how to build a corporate culture of leadership

http://johnmaxwellcompany.com/blog/what-does-leadership-culture-look-like

Leadership is not a position, but a process. It doesn’t just happen, but is shaped. If companies want to build a culture of leadership and mutual respect across all layers, then they need to heavily invest in their people – both with financial resources and time. Start with building a clear set of values and watch your leaders blossom before your eyes.

1. Servant Orientation — Our founder John C. Maxwell has been credited with bringing servant leadership to the forefront of organizations across the world. “What’s your highest calling as a leader?” he asks. “Well, I believe it’s being a servant leader. I often teach that leaders ask the question, ‘Will I help people?’ But servant leaders ask, ‘HOW will I help people?’ When you’re a servant leader, you do so much more than just make people a priority. You look for specific opportunities to serve them and help them reach their potential.”’

2. Empathy — The key to empathy is that it centers on others. An investment in your employees — all employees — is an investment in your company. Unless you own a business in which you are the only employee, company success hinges wholeheartedly on the people you work with.

3. Communication — Clear communication is key to nurturing a culture of leadership. When information is shared and exchanged effectively, it helps create positive relationships and keep internal processes running well. Keep in mind that most conflicts in the workplace are a direct result of a breakdown in communication. When information is withheld, or not shared in an organized fashion, people are left to fill in the blanks on their own.

4. Common Language — An effective leadership culture instills a common language. I am not talking about the professional jargon of your field, but the language of leadership. This means that everyone in your business understands the principles of leadership that your company values.

Smartphone Security – Google adds Spying Eye detection capabilities

Google is looking to possibly add detection capabilities for onlookers who may be looking over the users shoulder in future either to Pixel cameras as feature of an app they can add as needed

https://www.pcmag.com/news/357630/google-researchers-add-spying-eyes-detection-to-a-smartphone

If someone else is looking at your screen the front-facing camera will detect it and alert you.  We are all used to seeing people walk around hunched over and completely consumed by what’s happening on their phone display. Many accidents have happened because of it, and it proves we do not pay attention to what’s going on around us when using a smartphone. That includes when other people are looking at your screen.

Two Google researchers believe they have come up with a good solution to the spying eyes problem, though. It takes the form of an app which relies on access to the front-facing camera on your phone.  We are all used to seeing people walk around hunched over and completely consumed by what’s happening on their phone display. Many accidents have happened because of it, and it proves we do not pay attention to what’s going on around us when using a smartphone. That includes when other people are looking at your screen.

MacOS 10.13.1 – Root vulnerability allows new ADMIN account without password

Apple is in process of building an emergency patch to lock down the “root” account where a preset password does not exist.  In certain settings, the “MacOS 10.13.1 Root vulnerability” allows a missing password challenge to be fully worked around.  That allows user accounts to be reset, allowing full compromise of vulnerable systems.  This bug is serious and believe Apple with quickly rectify with an expedient “patch now” update    

https://www.pcmag.com/news/357614/macos-high-sierra-root-bug-makes-hacking-it-easy

The bug appears to only affect High Sierra (MacOS 10.13.1), and Apple is working on a fix.  Mac computers with High Sierra (MacOS 10.13.1 or higher) have a serious bug that can let anyone gain root access to the system without a password.

The hack is easy to pull off. It can be triggered through the Mac’s System Preferences application when “Users & Groups” is selected, and the lock icon on the window is clicked. After that, a new login window will appear. Anyone who types “root” as the username, leaves the password field empty, and clicks unlock (once or twice) is on their way to a new account that has system admin privileges to the computer.

Amit Serper, a security researcher with Cybereason, replicated the result and said the bug “is as serious as it gets.”  Hackers are always crafting malware that can gain greater system privileges into a computer. Now they have a new way, which can also be triggered via a Mac’s command line function. Imagine a piece of malicious code designed to attack Macs using the same flaw. Users wouldn’t even know they were compromised, Serper said.

WORKAROUND – Allocate & preset “ROOT” account to password ahead of time instead of leaving unset as null value

https://support.apple.com/en-us/HT204012

HDMI 2.1 – 10K resolution future support

The new HDMI 2.1 standard supports 4K video at 120Hz; 8K video at 60Hz; & even video at 10K resolution as described below:

https://www.theverge.com/circuitbreaker/2017/11/28/16710568/hdmi-new-specification-10k-resolution-future-proof-standard

The HDMI Forum, the governing organization that creates specifications for (you guessed it) HDMI cables, has officially released the next version of the HDMI standard: HDMI 2.1. The new standard was first announced earlier this year at CES 2017, but has now been finalized and released to companies to start integrating into devices.

The new standard supports a whole host of new video outputs including 4K video at 120Hz and 8K video at 60Hz, along with support for video at 10K resolution. But good luck finding anything to watch in that resolution. This time-lapse from photographer Joe Capra is probably the only thing around that can even attempt to approximate the format.

As my colleague James Vincent pointed out when he first covered the specification back in January, HDMI 2.1 is more a future-facing update than one that will directly affect current devices, seeing as we’re still just starting to reach the point where 4K video is becoming commonplace, to say nothing of 8K resolution or technologies like dynamic HDR video that HDMI 2.1 in theory will be able to support.