PC Mag: Tech companies exploiting users

I have to say that for a story like this, a picture truly does say 1,000 words.  And in the case of companies like Avast that have historically offered a good free antivirus program, just know that there’s no such thing as free and that there is always a price to pay.  In this case, your browsing freedom is being spied on.

As the article’s summary states:

Avast is harvesting users’ browser histories on the pretext that the data has been ‘de-identified,’ thus protecting your privacy. But the data, which is being sold to third parties, can be linked back to people’s real identities, exposing every click and search they’ve made.

Check out the full article written by Michael Kan here for the full scoop!

NSA exposes critical flaw in Windows 10!

According to Microsoft’s security update guide, a spoofing vulnerability that utilizes the Crypt32.dll file can be used to control a machine at will.

As stated within the emergency bulletin:

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

Good news is that Microsoft has already released a patch to close the loophole so make sure you take care of this ASAP!

R.I.P. Windows 7

At last, the time has come.  Today marks the last day of free security updates for the legacy OS.  For those of you that still plan on using it for the foreseeable future, it may be in your best interests to bit the bullet and spend the extra $50-60 for an additional year of coverage.

For more info on the extended security updates (ESUs), head to Microsoft’s site and check out their FAQ sheet here

 

Whistleblower alert results in security fixes

 

I have to admit that this is a rare occurrence…a whistleblower complaint that was brought to the attention of the company’s Board of Directors which actually resulted in significant change to address the issue.  It definitely should not have to come down this and management should get its fair share of blame and be held accountable.  IMHO, this may actually have more to do with the health provider not wanting to lose customers more than anything else.  Funny how when the financial health of a company is on the line, they more often than not take immediate action to address the problem at hand!

Check out the article here for more info and let me know what you think…

New Edge browser coming soon!

 

Ladies and Gentlemen, mark your calendars!  The latest revamp of Microsoft’s “Chromium-based” web browser will be released to the public January 15, 2020.

As Mary Jo Foley from ZDNet.com states, the new browser will be eventually available via Windows Update on all PCs running Windows 10 version 1709 and can also be obtained as a standalone install package.

I’ve been using the beta version of the browser for about a month now and much to my surprise, so far so good!

Check out the full article here for more details!

HP Enterprise hard drives failing!

 

An alarming bulletin courtesy of HP detailing the almost certain guarantee of SAS hard drive failure right as it approaches the four year mark…

Bulletin: HPE SAS Solid State Drives – Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

HPE was notified by a Solid State Drive (SSD) manufacturer of a firmware defect affecting certain SAS SSD models (see article) used in a number of HPE server and storage products (i.e., HPE ProLiant, Synergy, Apollo, JBOD D3xxx, D6xxx, D8xxx, MSA, StoreVirtual 4335 and StoreVirtual 3200 are affected. 3PAR, Nimble, Simplivity, XP and Primera are not affected.)

The issue affects SSDs with an HPE firmware version prior to HPD8 that results in SSD failure at 32,768 hours of operation (i.e., 3 years, 270 days 8 hours). After the SSD failure occurs, neither the SSD nor the data can be recovered. In addition, SSDs which were put into service at the same time will likely fail nearly simultaneously.

So I guess this means I’m going with Dell…haha!

Two excellent posts by “The Patch Lady”

Kudos to Susan Bradley aka “The Patch Lady” who gave us some interesting insight here as to how Microsoft plans to handle extended updates for Windows 7 (apparently the service plans are not available! Yuck!) and also sheds some light here on an FBI precinct’s recommendation to place all IOT (Internet Of Things) devices on a different network segment for security purposes.

Delays in Microsoft M365 subscriptions

The continued push for subscription based services and software is unavoidable at this point and we as users and consumers of whatever technology we are interested in really have no choice when it comes to how the heavy hitters such as Microsoft, Google, Adobe, and so on.

That being said, it’s surprising when a company like Microsoft struggles to communicate the benefits of or even stick to an already scheduled release date.

When it comes to their latest subscription based service, its somewhat baffling that there’s still confusion about when Microsoft 365 will be released and on top of that, what is this actual new “service” all about…

Fortunately for us, Mary Jo Foley at ZDNet.com does an excellent job at breaking down what’s going on with “M365″… check out her article here and let us know what you thoughts are about this.

“MECM” is here!

As you may recall, Microsoft made the announcement of Intune and ConfigMgr merging together at their Ignite Conference which took place last month.  We’ll it turns out that the first live, production version of the program is now available to the masses.  I’m looking forward to installing it in my lab environment as well as possibly deploying it in production at the school district!

Lots of information and articles on the new product is available online but one source you must visit would be Prajwaldesai.com who developed a great write-up about all the latest features of #MECM1910 here.  Check it out and let me know if and when you plan on deploying it in your environment whether it be for testing or production!

More Windows 7 FAQs

As we continue to get closer and closer to the Windows 7 end of life date, there are plenty of resources available that are aimed at users struggling with the transition to something newer or are forced to keep the soon to be obsolete OS in their respective production environment.

As with most things, Woody Leonard (the founder of Askwoody.com) has put out a terrific piece here outlining the “dos-and-dont’s” of Windows 7 at this stage.

Check it out and let me know if you or your organization is still dealing with those Windows 7 stragglers!