Monday, February 17, 2020

Two very recent Microsoft Windows 10 updates are causing system crashes for some users



Last week, Microsoft offered a general update KB4532693 and special security update KB4524244 for Windows 10 (at least creators update 1903). 


My HP computer took two tries to do the first one, and in the past few days the update is reported to have deleted some files and caused crashes.

The second of these was a security update, which was very small and did not require much recycling to restart, was issued the next day (Feb 13).  It is reported to cause crashes (Forbes) and Microsoft has withdrawn it and will replace it.

Most experts recommend that Windows 10 users uninstall both updates.  The second of these is very quick to uninstall, the first will take a few minutes and require full restart.

The list of installs will show the removed updates but the uninstall list shows them deleted;  but KB4528760, which had been installed before, will be relisted on the uninstall list. . 
I am holding off on creators update 1909 until things settle down. 

Smart News had these stories this morning.  

I did not have any crashes on either HP Envy or ASUS.  However, there was one instance where the HP power button would not turn on the computer until HP removed a firmware update, which may be related to the first problem. 

The ASUS machine, on the same Cox connection, keeps offering an HP update! 

Wednesday, February 12, 2020

Utility scams could actually threaten physical safety


WJLA and the AP in Washington are reporting on a scam where someone calls an electric utility customer and wants to enter the home to provide service and demand money.  This could lead to a home invasion.
   
Another variation is scammers calling people and asking them to meet to pay overdue utility bills in cash, which can lead to robberies.

   
Dominion Power in Richmond has been warning consumers about these scams, according to an AP story.

WJLA reports in some detail about scammers setting up phone numbers and maybe websites that mimic power companies, very much like bank-imitation scams.  Dominion Power has been targeted by such a scam.  Utilities have formed a pressure group, UUAS, Utilities United Against Scams

Friday, February 07, 2020

There's one prank virus that 10% of all Macs have


ThioJoe explains “10% of Al Macs Have this Virus”.
  
   
It’s the Schlayer virus. It’s a prank (or proof of concept), where people post website links (even Wikipedia footnotes) to get you to download a virus that loads bloatfare or fake copies of Adode flash with ads you visited recently.

Thursday, February 06, 2020

Personal privacy online and health-related self-isolation or quarantine (growing future concern even in US for Wuhan novel coronavirus)



I think you can think about protecting yourself from a real epidemic as an “Internet security” or certainly privacy issue.

It’s inevitable that person-to-person transmission of the Wuhan novel coronavirus is happening now in the United States and will happen.  It may turn out that most people with small exposures don’t actually develop significant illness themselves and become “vaccinated” but can transmit it to others for a few days.  People could reasonably be concerned about being told to self-isolate if automated systems show they were in close contact with someone with the virus, even within the U.S.  I don’t know how realistic this would be, but it could happen if you were on a flight sitting next to someone who later tests positive (airlines know the seat assignments) of it you were in some location that was checked.

The personal cost from “unnecessary” confinement, which normally could not be recovered or insured against, can be devastating, leading to career and job loss. 


We all hear that surveillance by outdoor cameras is intense in China, and somewhat intense in the UK, at least in larger cities.  Even though most retail businesses and buildings have outdoor security cameras in the U.S. too, they are not used widely for “stalking” except after specific crimes have occurred.  I don’t have a sense of whether police in the US could really use them to track requested self-confinements.

You could consider not using credit cards in some businesses that are crowded, like bars.

You could think about what you post on social media (like checking in to a location on Facebook).  

You could consider turning off persistent identifiers in your web browsers. 
   
You could consider using VPN, especially when on laptops away from home, and turning off location on your phone. 

This is something to start thinking about, and looking for unprecedented public health steps, especially when away from home, even within the U.S., in the next few months. 
  
Update: Saturday, Feb. 8 
   
A New York Times editorial indicates that face-identification surveillance (with cell phone tracking) is getting much worse in the U.S. than I had thought. 

Wednesday, January 22, 2020

Did a hack of Bezos's smartphone affect Washington Post coverage of Saudi Arabia?


Apparently big corporate executives are not safe. Jeff Bezos’s phone (with WhatsApp) was apparently hacked by the personal account of the Saudi Crown Prince, according to a Guardian story.  
   
  
Critics have said this would not have happened with a landline.
  
The hack is said to perhaps have compromised objective coverage of Saudi Arabia and the recent Khashoggi murder in the Washington Post.

Sara Morrison explains for Vox how this WhatsApp attack could happen to anyone. 

Tuesday, January 21, 2020

Big Tech wants you to stop depending on passwords, use your own body for recognition


CNBC reports “Why Big Tech Wants You to Ditch  Your Password”.


Kevin Mitnick describes how he got into hacking and served 5 years in prison.  Now he says he is an “ethical hacker”.

It is possible for crooks to get access to “databreach” databases.

Gradually companies are introducing biometric identification as well as two-factor id, and are more likely to make it mandatory or preferred for an app.

My concern would be that some change happens to your body and it doesn’t work.  Retinal scans are possible.  Particularly of note if FIDO (facial) but that could raise issues I discussed on the main blog today.  Apple has not fully embraced FIDO yet.

The Apple Watch could be used this way, or bracelets could be designed for this purpose. A few companies have tried small hand implants near the thumb. 
   
Ad hoc, I would wonder if tattoos could be used some day, and I personally find them disfiguring.
  
Passwords are the “cockroaches of the Internet”.

Friday, January 17, 2020

NSA instructs Microsoft to make emergency patch to Windows 10, unusual situation



The NSA, of all people, has intervened and insisted that Microsoft release a patch to a serious vulnerability in its encryption in Windows 10 computers and servers.  The document is here.   The NSA notes a problem that could affected secure signatures (as financial documents) and https.  It could also affect selective connections to the Internet (note, like airgaps with power companies). 
    
The patch is said to have been released Tuesday Jan. 16 and if you ran the regular monthly upgrade you are “all set”. 

   
CISA also has the alert here
   
But on one of my machines, HP also then did a firmware update (unusual).
  
Techradar reports that this patch would not update on some computers.