Posted on

Timeline – The next thing on your system to clean out

Reno Computer Repair - Spring Creators Update
Reno Computer Repair – Spring Creators Update.

Windows Spring Creators Update will feature a new utility called Timeline. It will let users see in chronological order all the activities they have performed on their computers. While this utility is being touted as something of a super “recently used” list. It may turn out to be a privacy issue. As anybody logged into your account will have an even easier time seeing what you have been up to.

While Microsoft says users will be able to change the settings of Timeline to show less (or no) information, it will as most settings on Windows 10 systems be buried. Meaning many if not most people will have little clue as to where they can adjust what is saved and shown.

I predict that this utility will be used against end users in a number of ways. Bosses at work demanding to see this log from workers to check up on them. (easier than asking the IT department to keep tabs on people).

And even IT support scammers using it instead of event viewer to give the impression that hackers are tracking their every move. In addition this provides a new attack vector for fake system utility programs. Claiming they will “clean” this new tracker and instead infecting users unknowingly.

Hopefully the good folks in Redmond, WA. Have already considered these possibilities and will provide some kind of hardening of this new program to prevent misuse of this utility.

But as with web browsers and email it will once again be up to the end user or their IT support staff to monitor and clean out the digital junk this new utility will create.

Posted on

No safe Harbor – AMD chips also have major flaws

Reno Computer Repair - AMD Flaw
Reno Computer Repair – AMD Flaw

It seems that the computer security company CTS has found 13 different flaws in modern AMD CPU’s. So for thoses that were going to jump off the Intel ship and switch to AMD, it may all be for not.

While I won’t get to far into why CTS released this information with only one days notice to AMD (and giving them no chance to repair the issues). It just highlights the need for much better testing of all CPU’s before being released for general use.

It also shows us all the need for more than just one or two big companies controlling the manufacture of most of the worlds CPU’s. As this forms a security bottleneck, where the failure of these two companies now jeopardises the security for almost everybody using a computer on the planet.

The fixes I predict, will take the same path as Intel’s did over the last few months. Deny a major problem, have O/S and software manufacturers try and patch things and then come out with their own firmware patches to address the issue.

But in the end these companies loose little because when they do come out with new “fixed” chipsets, people will flock to buy up the new, more “secure” CPU’s.

The big losers here are the companies and end users that will have to contend with less secure machines and the slowdowns of said machines once the patches are released.

As always make sure your IT staff or your personal computer technician or shop is up to date on these problems, so that they may protect both you and your company.

Posted on

The cloud is not all that private

I have been telling my customers for years that storing information in the cloud may not be all that safe if you do not know in what county your information is stored.

In the USA you have some limited rights as to what the government may do with your information and that’s after it gets permission to access it at all.

But in other parts of the world you may have even more rights then in the USA or none at all.

Most countries fall somewhere in between. And unfortunately you, as the end user, may not have a clue where your data is stored and what rights (if any) you have before a government decides to grab your data.

Now it seems the US government would like to take advantage that your data maybe stored on a server (cloud) in one these countries that have limited or no protection for your information.

The bill floating around would grant judges in the USA the right to force other countries to give up your data on demand. Even if they have laws in force that protect your data.

So it may behoove all of us that wish their data to be secure to make sure where it is stored and what rights you have to it. If your using backup services that operate their servers in foreign countries, you may wish to consider keeping your information on US based servers or doing the old fashion thing and getting off the cloud and getting a few backup drives to keep your data safe.

More information about the bill can be found here.

https://www.theregister.co.uk/2018/02/07/big_tech_biz_back_us_proposals_to_ease_overseas_data_transfers/

Posted on

Meltdown – The Intel CPU Security Flaw.

Meltdown – The Intel CPU Security Flaw.

Intel's Computer chip security flaw.
Intel’s CPU flaw

A critical design flaw in Intel based CPUs, going back ten years has been discovered by security researchers. Who have coined the name “meltdown” to describe the bug built into most Intel based chips and by extension most of the worlds computers.

The flaw allows the Kernel memory in most x86-64 operating systems, Windows, Macs and Linux, to be accessed by specially written malware that could then provide a users data to an attacker or allow the attacker to install other software on the compromised system.

While Intel has ramped up its PR machine to downplay the flaw. I find it a bit odd from an ethics viewpoint that their CEO Brian Krzanich, sold 24 million dollars in stock options AFTER Intel was informed of the flaw by Google. As reported by Business Insider…

http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1

As a physical replacement (after a redesign) of every CPU sold in the last ten years would be almost impossible to accomplish, its going to have to be a software fix implemented at the operating system level to address this blunder.

Linux programmers already have a Kernel replacement being tested while Apple and Microsoft have made statements their operating systems will be patched in the days and weeks to come.

But due to the nature of the flaw all these fixes will have to bypass or change the way the O/S will address each systems Kernel memory, resulting in a system slowdown of anywhere from 5% to 30%.

So for some end users their computer may lose close to 1/3 of their speed overnight, after the respective patches are applied to their operating system. All to address Intel’s massive screw up.

I am sure the lawyers are already preparing their class action lawsuits as I write this. But it won’t be much help to the regular computer user.

And from a computer repair and support viewpoint, this will mean IT support departments, computer stores and independent computer repair technicians will start to soon receive a large influx of support calls from users that have no idea Intel’s bug is the cause of the coming slowdown and will demand a fix.

And unfortunately one will not be coming soon from Intel, as it takes years to redesign and re tool production for a new or at least updated CPU. And while many people may run out and buy a new computer once they discover their current computer’s performance hit after the patches are installed. It will not really do that much good if they try and get a system with the same specs as they had before. As the chips will still be defective.

UPDATE 1/10/18

While Apple, Microsoft and others have pushed patches to address this issue, it seems that these fixes are not ready for primetime just yet. With AMD chipset users and other systems that use certain antivirus products either being bricked after being updated or stuck in a reboot loop.

At this time as no real world attack has been demonstrated to be out in the “wild” just yet. It may be a better idea to wait to install these patches until they can be demonstrated to be working on the vast majority of systems. Not 100% safe, but better than bricking your system. I am sure in the weeks to come working patches will become available.

Posted on

Apple slows down iPhones?

Apple has, after a recent update been accused of intentionally slowing down it’s older iPhones. And after a few bloggers have tested their old phones, it seems to be the case.

So is this some conspiracy to get you to buy a new phone at almost $1000 a pop, or is their a reasonable explanation to this “update?”

It maybe a combination of both. Apple does not make any extra money if you hold onto your iPhone forever. And if you have seen the iPhone “Season” commercials it looks like your supposed to buy a new iPhone every year.  And I guess it’s to their advantage if they can get you to spend upwards of $1000 every 365 days. And all this blends in very well with the trash talk that Apple is slowing down your old phone to make you buy a brand new one.

But Apple claims that the update was to prevent older iPhones from shutting down unexpectedly. Which makes a little sense, knowing that older batteries do indeed discharge faster than newer ones will and a phone that quickly shuts down after a charge is inconvenient to use.

In my view it might be a mix of both reasons. Apple does want to increase sales year over year, but also needs to try and make sure their older products do not get a reputation for failing badly at the end of their life cycle. And I might 100% believe their claim of such if they had of implemented this update in a different way.

Instead of a update that installs this new battery management protocol in the background, I would have made some kind of popup asking the phone user if they would like to have their phone slowed down to increase battery life. Then the phone owner knows what is going on and made the choice themself.

By not asking for permission to implement a major change in the function of their phones, Apple left themselfs wide open to these claims against them. And I doubt if they will ever be able to get rid of these rumours without changing the update in the way I described above.

So is this a flat out fraud? Slowing down phones just to get people to buy the next one? I doubt it. My thinking takes me to a conclusion that they indeed were trying to fix something. But they’re weird implementation of the fix also implies to me that they had few qualms of hiding it in such a way that they would not be obverse to selling a few new phones along the way.

Update: 12/28/17

Apple has come out and apologized for their bad handling of this software update and is now offering consumers a $29 battery replacement. But I still have to wonder why they would not just adjust the software update to let end users decide if they want their iPhones speed changed or not. In the end still being forced to buy something or having your phone intentionally slowed down, would play into the rumors that they are just trying to find a way to force people to buy new equipment.

 

Posted on

The FCC just killed Net Neutrality

It seems that once again the FCC has sided with big companies to take away the average computer users rights. With the end of Net Neutrality expect to see higher costs and slower service, presented in confusing packages. Also expect to see more big players kick out and stifle development by innovative, smaller companies.

Take note today of your current cost per month for the Internet. I can all but guarantee that next year you will be seeing higher prices, with less access than before.

Posted on

Why Net Neutrality is Essential

Who cares about Net Neutrality? Why does it matter if companies get to do what they want. They own the networks right?

In a nutshell it’s all about being fair. Today every website in the world must be treated equally by your Internet Service Provider or (ISP). In other words Netflix gets the same priority and download speeds as Facebook or your aunt’s personal homepage about her cat, fluffy.

Without this rule your ISP can slow down a website, play your favorite movie in low resolution or even charge you extra money to go to Facebook, hulu etc…

They can even block websites so they can replace services you like with services that make them more money.  Want to start paying extra for every google search or have to use comcast’s search engine instead? This can (and will) happen if these rules are repealed.

Own a small website that helps you get new clients? You might have to pay extra to be seen on Charter, Comcast or AT&T. And if you don’t pay up you could lose all your viewers and customers that use these providers because they will never even see you. This makes the hassle of Search engine optimization (SEO) seem like a walk in the park compared to what might be coming.

Imagine you own a non-profit and have to pay extra money to each ISP just to get the word out. Would that hurt the money you will have available for your cause? I would think so.

What if these ISP’s decide that a secure connection to your credit card or bank account (HTTPS) should be a “premium” service and you have to pay $5.00 each time you want to check your balance or pay for a Amazon purchase? What will happen if you have to pay $1.00 for every cat video on YouTube or $5.00 for each porn video (I know it’s your teenage son doing it)? Maybe 25 cents for each email you get from that Nigerian Prince? Without Net Neutrality the sky is the only limit.

Worse yet, what about your first amendment rights? You think if you post a negative review about comcast that they won’t have some kind of automated filtering system in place so none of their customers ever even see it? Without Net Neutrality they would have nothing stopping them from blocking what they wish.

What if the Koch brothers (or insert here villain of your choosing) payoff AT&T a billion bucks to block all Pro Democrat advertising or comments on their network. Or somebody blocks the NRA, Peta, Planned Parenthood? What if a woman was searching for birth control information and got redirected to the Catholic Church?

It matters not, right / left or anarchist . The things you care about and wish to support or learn more about could vanish at the press of the “enter” key tomorrow.

As much as these companies will wish to have you fall for the “we built” the network and it should be “free” from all regulation ideal. It’s just plain wrong, and we are being willfully misdirected on this subject.

The original network (ARPANET) was paid for with your tax dollars. The Universities that then expanded it were paid for with your money. And every major ISP has taken government money (aka, YOUR MONEY) to develop and expand it into the Internet we all rely on today. The US Air Force is in charge of cyber security of the countries networks. And guess who pays for the Air Force?

The Internet belongs to you and me and anybody that says different is trying to scam you.

If we lose this rule, everything we do on the net will become a premium service or you will have to buy a package like we already do for cable TV. And as most know first hand, these packages are seldom fair to the customer. It will turn into buying HBO and getting 25 crappy channels with it that you never watch. And then having to do the same thing to get Showtime. Just Replace HBO and Showtime with Netflix and Facebook and you get an idea of what may come.

If you don’t like what will happen without Net Neutrality, then you need to do something to keep the Internet the way you like and have grown to use it. Or it will all go away.

Sign the petition below and write or call your representatives, ASAP!

NET NEUTRALITY Petition to Congress

Posted on

Comcast, Verizon, and AT&T all down

There are reports from all over the Internet that major ISP’s are down or experiencing major connectivity issues. So it’s not you this time.

A Comcast tweet is calling it an “external network issue”. While first reports seemed to suggest an attack of some kind it seems to be a switching error on the Internet backbone.

Posted on

Taking out the trash

Seems in the past few weeks a bunch of old tech favs have fallen by the wayside.

Piriform’s Ccleaner had a bad security breach that left it’s utilities hacked and without a clear response and explanation on how their security failed so badly are now off my list of recommend software.

AIM Messenger, once a classic instant messaging platform is calling it a day. Now if AOL will just stop scamming all the computer illiterate with their AOL Desktop software I will be happy.

And Today Microsoft admits that they are now out of the phone business. Letting Windows 10 mobile die off. If not so gracefully.

The one rule in technology is it always changes, and I am happy to see the above fade away in favor of more modern,  secure and helpful technology that I can tell my computer repair clients about.

 

 

Posted on

Homeland Security and US-CERT forward nonsense alert

Just got an email from US-CERT forwarding a FTC alert stating that you should use Equifax to monitor the effect of the Equifax breach on your credit accounts?!?!?!

See this line in the email…
Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax.

Forgive me if I don’t get it. But this seems to me like letting the doctor that left the scalpel inside your gut, go back in for another try. It is the industry standard to have an outside agency or company monitor a break of this magnitude. Until they have proven they have fixed the breach AND a resolution has been implemented for ALL those that have been affected.

jeeesh !!!