Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Microsoft Security Updates – JULY 2017

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release

https://isc.sans.edu/forums/diary/Julys+Microsoft+Patch+Tuesday/22602/

http://blog.talosintelligence.com/2017/07/ms-tuesday.html

https://portal.msrc.microsoft.com/en-us/security-guidance

Microsoft has released their monthly set of security updates designed to address vulnerabilities. This month’s release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework,  Internet Explorer, Office,  and Windows.

One that caught my attention was the RCE which affects the Windows Search service and may allow an unauthenticated attacker to take control over the target system through a SMB connection giving him the possibility to install programs, view, change or delete data or create new accounts with full user rights.

Security – Best Practices to prevent corporate Phishing attacks JULY-2017

This best practices article for corporate protection is excellent and many of those same principles can protect home users as well

http://www.csoonline.com/article/2132618/phishing/social-engineering-11-tips-to-stop-spear-phishing.html

Here are our top phishing prevention tips for best technology practices, employee education and social media smarts.

1. Inbound email sandboxing — Deploy a solution that checks the safety of an emailed link when a user clicks on it.

2. Real-time analysis and inspection of your web traffic — First, stop malicious URLs from even getting to your users’ corporate inboxes at your gateway. Your web security gateway needs to be intelligent, analyze content in real time, and be 98 percent effective at stopping malware.

3. Employee behavior — The human element is incredibly important. Adopting an employee testing program  and do this training on-going basis. The result isn’t really employee education or security awareness — it’s behavior modification

4. Pen-test your organization — Select a group of folks from each major department and send them targeted spear-phishing emails using an outside email address. For any who fail the phishing tests, communicate best practices in a positive way.

5. Ask marketing for help — Create a communication plan that both teams can execute against and track what methods are the most effective.

6. Change how your message is communicated — Some people learn visually, others learn audibly and for many, it’s a combination of both.

7. Make security relevant to them — When a large company makes headlines for a data breach, because an employee opened an infected email, immediately communicate how something like that could happen to your employee base.

8. Reward good behavior — Start rewarding your employees for “Catch of the Day” monthly or quarterly.  Publicize the spear-phishing attempt for other employees to see

Social networks are gold mines of personal information for cybercriminals, especially for targeted spear-phishing emails. Below are three things IT security professionals shouldn’t discuss online.

 1. Any birthdays/addresses/other items. that are used for your network passwords — We know you use these for passwords despite our best advice. Don’t also advertise them on social media.

2. Your vacation schedule and home photos — It’s like an advertisement for when you will be out of town, while doing reconnaissance for the criminals.

3. Your phone number — Cybercriminals are getting more creative. More and more criminals are calling targeted employees and asking for information. For example, some criminals call and pretend they are from their help desk and need to reset passwords. When in doubt, go with your gut. If something seems off or you don’t know the person, ask for their contact information and look into it. Ultimately, its better to be safe than polite.

Microsoft – Free eBook reference manuals for Windows 10, Server, Cloud, and Office products

As an IT professional keeping up-to-date with changing technologies is challenging.  In past years, I would often buy expensive reference books until this excellent & free resource was discovered.   I have been using this excellent resource for a few years, which gets updated annually. 

Additionally, You Tube offers free video links for high level overview, how to install or secure technologies, etc.   For example, searching on topical areas like “How to secure Windows 10 professional” can share screen-by-screen examples of this process. 

>>> CLICK HERE —->  FREE! That’s Right, I’m Giving Away MILLIONS of FREE Microsoft eBooks again! Including: Windows 10, Office 365, Office 2016, Power BI, Azure, Windows 8.1, Office 2013, SharePoint 2016, SharePoint 2013, Dynamics CRM, PowerShell, Exchange Server, System Center, Cloud, SQL Server and more!

As noted in my “Multi-Million FREE eBook Giveaway post, I am sharing with you how you can “Download All” of the FREE eBooks and resources I am including in my annual giveaway. Here’s a quick FAQ/How-To to help address many of these in one place as a way to make it as easy as possible for my readers to find what they need. I hope these help you out and address questions you have regarding the post.

How to “Download All” of the FREE eBooks and Resources in My FREE eBooks Giveaway

Windows 10 Redstone – New preview build 16237 released for testing

Some of latest features for the forthcoming version of Windows 10 Redstone can be found in the new preview build 16237, which has just been released for testing

https://www.engadget.com/2017/07/08/latest-windows-10-preview-takes-the-headache-out-of-high-dpi/

Because of old legacy programs, using Windows with high-res displays has always been a little tricky, especially if you’re switching between multiple screens. The latest preview build pushed to Insiders helps with that problem by changing the way Windows tells a program what DPI it’s using. With the new build 16237, if a user changes the resolution of the display by docking/undocking or adjusting a setting, they’ll only need to close and reopen most programs to fix any blurriness, instead of rebooting or logging out.

That’s not the only feature getting some love either. Notification action buttons are scaled across the full notification and the first one in each group is expanded so it’s easy to read. Emoji are easier to use now that search in the panel supports the new 5.0 set and it’s ready to describe what each one actually is if you hover the mouse arrow over it. Also, accessibility is improved now that Edge can read out loud on all websites and on PDFs

Mozilla Firefox Focus – New mobile browser for iOS and Android

Mozilla has introduced their new lightweight Firefox Focus browser for the iOS and Android smart phone environments as shared below:

https://www.mozilla.org/en-US/firefox/focus/

https://support.mozilla.org/en-US/products/focus-firefox

As long as other browsers let ad trackers follow you around the web, Mozilla keeps coming up with new ways to outfox the trackers. Our latest is Firefox Focus, the ultimate private browser, now available for Android. Firefox Focus automatically blocks ads so you get blazingly fast search results. When you’re done, delete your history — cookies, passwords, all of it — by tapping “Erase.”  Best of all, Firefox Focus is a lightweight app that takes up very little space on your phoneonly 4MB.

1. Forget the ad trackers — Block ads with sneaky trackers that secretly collect your data by keeping a clean slate. Firefox Focus won’t remember you, so neither will they.

2. Make a fresh start — Wipe out your entire browsing session — passwords, history, cookies — with a single click, whenever the mood strikes.

3. Pick up browsing speed — Browse lighter and clutter-free by blocking pesky ads that wear down loading speeds and your patience.

Mobile Phones – Google Pixel 2 developments JULY 2017

Below are early leaked & rumored changes for the next generation of Google Pixel smart phones

http://www.pcworld.com/article/3204445/android/google-pixel-2.html

Details are already starting to leak about the Pixel 2 phones, so stay tuned to this article for the very latest information:

Display — According to a report by XDA Developers, the smaller Pixel will feature a similar 4.97-inch 1080p display that the current model uses, with an “almost identical” design. As for the larger version, it will reportedly sport a larger 5.9-inch display with a 1440p OLED panel and “a smaller bezel than what we saw in the original Pixel XL.”

CPU & Memory — Developers claims the phones will be powered by the Snapdragon 835 chip, along with the same 4GB of RAM in the current models. Additionally, the smaller Pixel will come in a 64GB variation, though it’s unclear if it will replace the 32GB base model or add another tier.

Water Resistance – It was somewhat surprising that Google opted to skip IP68 water resistance in the original Pixel, but there are signs it will rectify that in its next handset

Camera — Google won’t focus on megapixels with the Pixel 2, but rather will “compensate in extra features.” It’s unclear exactly what that means, but the site says the camera will be a “major focus” in the development of the Pixel 2. Additionally, XDA Developers reports that the Pixel 2 will stick with a single camera rather than a dual setup. This may include nighttime photography techniques that use the existing Pixel camera to generate some incredible low-light image

Pricing — Google’s next handset will be “at least” $50 higher than this year’s model, meaning it would start at $699 for the 5-inch model and top $800 for the Pixel 2 XL.

Open Source – Red Hat JBOSS Java middleware development suite

Below are resources and educational videos for Red Hat’s JBOSS Java middleware development suite

JBOSS Developer Home Page

http://www.jboss.org/

Red Hat JBOSS Middleware Presentation

https://www.youtube.com/watch?v=E0xMgavPC34

What is Red Hat JBoss Enterprise Application Platform?

https://www.youtube.com/watch?v=bPEVIn1EZvU

Get started with JBoss EAP 7, using JBoss Developer Studio 10

https://www.youtube.com/watch?v=VgMTHhv54cM

JBOSS-EAP is an open-source Java Enterprise Edition (EE) based application server runtime platform used for building, deploying, and hosting highly-transactional Java applications and services.  Red Hat JBoss Middleware is a family of a lightweight, cloud-friendly, enterprise-grade products that help enterprises innovate faster, in a smarter way. That’s what we call enlightened innovation.

The ideal middleware portfolio for open hybrid cloud environments, our products and services help you accelerate application development, deployment, and performance, integrate data and applications efficiently, and automate business processes across physical, virtual, mobile, and cloud environments.

Facebook – New Wi-Fi hotspot locater tool introduced

A new Facebook “Find Wi-Fi hotspot” locater tool has been created as documented below:

http://www.techtimes.com/articles/210945/20170702/new-facebook-feature-can-help-you-find-wi-fi-hotspots-around-the-globe-heres-how-to-use-it.htm

Facebook Founder and Chief Executive Officer Mark Zuckerberg recently announced that Facebook has reached two billion active monthly users, making it the world’s largest social network. The social media site has already listed down the things it would do to show gratitude to its users. Rolling out “Find Wi-Fi,” one of the application’s more recent but limited feature, globally could well be the cherry on top.

The “Find Wi-Fi” feature is a new addition so users should not expect for a button to just show up on their Facebook applications. Just like any other new feature, “Find Wi-Fi” may be accessed by clicking on the “More” tab.  Users should be able to see the “Find Wi-Fi” tab from there and just simply turn it on.  For a more visual instruction, Facebook also prepared a video showing where to find the “Find Wi-Fi” feature in the application. Watch the video below.

Pentest Tools – How to use NMAP to locate MS17-010 network vulnerabilities

SANS ISC shares techniques on using NMAP to locate any MS17-010 network vulnerabilities within the corporate network

https://isc.sans.edu/forums/diary/Using+nmap+to+scan+for+MS17010+CVE20170143+EternalBlue/22574/

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

With both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable.  Even if you have comprehensive vulnerability management and patching programs there are almost certainly servers that have been missed, whether because they are vendor supported or part of your company’s cottage IT.  It is important to be able to find those servers and either remediate them or put additonal controls in place to protect them. My fall back to do any kind of discovery scanning is always nmap.  It is easy enough to identify devices that have SMB open using nmap.

Apple iPhone – 10th anniversary slide show

The history of Apple iPhone is documented in following link:

https://www.pcmag.com/feature/302519/a-visual-history-of-the-iphone

On the 10th anniversary of the iPhone’s launch, we look back at the phone’s evolution.  One decade ago, Apple finally released the first iPhone. The iPhone’s success certainly stems from its hardware design(s). But Apple is also to be credited with developing the app ecosystem.