Category Archives: Media and Technology

Vol. 10, No. 3 – Nov 8 – Nov 21, 2017 – Tech Today with Ken May

What’s new in Windows 10 Fall Creators Update

After a little more than two years, Microsoft has finally settled into a rhythm with its new, fast-paced development for Windows 10.

What Microsoft’s marketers are calling the Fall Creators Update (officially version 1709) began arriving on desktop PCs on 10/18 via Windows Update and will soon be available for download at all the usual places.

This is the fourth feature update to Windows 10 in a little over two years. And that pace will continue, with new feature updates (essentially full upgrades) due on a predictable twice-yearly cadence going forward. As with previous feature updates, there are no last-minute surprises in this update. It’s been developed in the open, with dozens of preview releases to members of the Windows Insider Program.

Every Wi-Fi connection now has a prominent option to configure whether it’s part of a public or private network, as shown here. In previous versions, that option was difficult to locate.

Similarly, the venerable Task Manager has several small improvements, including options that allow you to track GPU activity on a per-application basis and more convenient grouping of related processes. This release also incorporates changes designed to improve the experience of running Windows on high-DPI displays; built-in utilities like Registry Editor and Snipping Tool are no longer blurry when moving between multiple displays running at different scaling factors.

The Power Throttling feature makes its debut in this release, offering a simple slider-based option that lets you tune Windows 10 for better battery life or better performance. The built-in Windows 10 apps also include major improvements in this release.

Windows Update has also evolved significantly in the two years since Windows 10’s initial release. When new updates are available, you’ll see an interactive toast notification that doesn’t interrupt whatever you’re doing now. In addition, the Windows Update display now offers detailed information about the status of individual updates, so you don’t have to wonder whether anything’s happening in the background.

The long list of improvements to the security architecture of Windows 10 starts with a momentous change. The horribly insecure SMBv1 protocol is being removed from clean installs of Windows 10. (The SMBv1 components will continue to be included on upgrades where they are already installed.)

The Windows Defender Security Center, which was introduced in an earlier feature update, has two major additions. The first is Exploit Protection, which offers many of the mitigations that were previously part of the separate Enhanced Mitigation Experience Toolkit (EMET).

The Fall Creators Update also debuts an anti-ransomware feature called Controlled Folder Access, which is also available through the Windows Defender Security Center, under Virus & Threat Protection Settings. When this feature is enabled, only approved apps can access Windows system files and data folders. (You can customize the list of data folders and whitelist specific apps, using the instructions in this online documentation: Protect important folders with Controlled folder access.)

If your business needs help updating to this version, call Swift Chip at 1-866-326-2008.

Finally, there’s Windows Defender Application Guard, a security feature that uses Hyper-V virtualization to create sandboxed browser sessions using Microsoft Edge. For now, this feature is available only in Windows 10 Enterprise edition.

There are many other useful new features and updates as well, so this looks like a must-do free upgrade!

Vol. 10, No.1 – Oct 11 – Oct 24, 2017 – Tech Today with Ken May

News about the massive Equifax data breach has been unrelenting since the credit bureau publicly disclosed its lapse at the beginning of September. It’s difficult to keep up with all the company’s blunders, not to mention the complicated fiscal policy and regulatory debates the incident has fueled. But weeks later, most consumers in the United States are still just trying to figure out what the whole thing means for them, and how to steel themselves against identity theft and fraud.

Equifax will be extending the enrollment period for its credit monitoring and freezing services through January. Credit monitoring sends you alerts so you can catch any suspicious activity early, while credit freezes actually lock down your credit files so institutions you don’t already do business with can’t access your data without specific permission from you and special PIN numbers. A freeze significantly reduces the chance that a fraudster will be able to do things like take out a line of credit in your name. Personal identity security advocates have long favored freezes, but acknowledge that the measure isn’t necessarily for everyone (say, someone who anticipates applying for student loans) since it is fairly rigid and restrictive.

It is worth utilizing one or both of these tools, but at the end of the free year 143 million social security numbers (not to mention other valuable data) will still have been compromised in the breach, necessitating ongoing defense. “We generally tell people that if an entity is offering a free service they should strongly consider taking advantage of it,” says Eva Velasquez, president of the nonprofit Identity Theft Resource Center. “Consumers have to demand security over convenience so that businesses will respond. Just don’t be the low hanging fruit. Anything is better than nothing long term.”

The free monitoring and freezes have a short time span, perhaps because they are services Equifax wants to resume capitalizing on as quickly as possible.

The third service Equifax is rolling out, a so-called “credit lock” tool, will debut in January, and will be a more flexible option through which consumers can lock and unlock access to their credit data whenever they want.

Experts agree that to protect themselves, consumers need to see past the gimmicks and noise to the long game of utilizing what Equifax and other companies that have experienced data breaches provide while planning to supplement as needed. If your data is compromised in multiple breaches over time you may be able to daisy chain years of free services together. And everyone can pull and review one complete credit report per year for free from AnnualCreditReport.com. Additionally, consumers need to be aware that credit monitoring, locks, and freezes alike don’t protect against things like tax fraud and medical fraud, in which identity thieves can file bogus tax returns on your behalf to claim your refund or jeopardize your insurance coverage by scamming your provider.

Vol. 10, No. 25 – Sept 13 – Sept 26, 2017 – Tech Today with Ken May

What Are Password Managers?

One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. Reusing the same password for different accounts is dangerous, because once someone compromises your password, they can access all your accounts. A simple solution is to use a password manager. These are programs that securely store all your passwords, making it easy to have a different password for each account. Password managers make this simple, because instead of having to remember all your passwords, you only must remember the master password.

Password managers work by storing all your passwords in a database, which is sometimes called a vault. The password manager encrypts the vault’s contents and protects it with a master password that only you know. When you need to retrieve your passwords, such as to log in to your online bank or email, you simply type your master password into your password manager to unlock the vault. In many cases, the password manager will automatically retrieve your password and securely log in for you. This makes it simple to have hundreds of unique, strong passwords, since you do not have to remember them.

Most password managers include the ability to automatically synchronize your password vault’s contents across multiple devices that you authorize. This way, when you update a password on your laptop, those changes are synchronized to all your other devices.

When you first set up a password manager, you need to manually enter your logins and passwords. Afterwards, the password manager can detect when you’re attempting to register for a new online account or update the password for an existing account. This is possible because most password managers work hand-in-hand with your web browser. This integration also allows them to automatically log you into websites.

It’s critical that the master password you use to protect the password manager’s contents is very difficult for others to guess. In fact, we recommend you make your master password a passphrase, one of the strongest types of passwords possible. If your password manager supports two-step verification, use that for your master password.

Meanwhile, when trying to find the password manager that’s best for you, keep the following in mind:

• Your password manager should be simple for you to use. If you find the solution too complex to understand, find a different one that better fits your style and expertise.

• The password manager should work on all devices you need to use passwords on. It should also be easy to keep your passwords synchronized across all your devices.

• Use only well-known and trusted password managers. Be wary of products that have not been around for a long time or have little or no community feedback. Cyber criminals can create fake password managers to steal your information.

• Make sure whatever solution you choose, the vendor continues to actively update and patch the password manager, and be sure you are always using the latest version.

• The password manager should include the ability to automatically generate strong passwords for you and show you the strength of the passwords you’ve chosen.

• The password manager should give you the option of storing other sensitive data, such as the answers to your secret security questions, credit cards, or frequent flier numbers.

Vol. 10, No. 23 – Aug 16 – Aug 29, 2017 – Tech Today

Tech Today with Ken May

Backup and recovery

If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidently delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way to rebuild your digital life.

Backups are copies of your information stored somewhere other than on your computer or mobile device. The first step is deciding what you want to back up. There are two approaches: (1) backing up specific data that is important to you; or (2) backing up everything, including your entire operating system. If you are not sure what to back up or want to be extra careful, back up everything.

Second, you must decide how frequently to back up. Common options include hourly, daily, weekly, etc. Other solutions offer “continuous protection,” in which new or altered files back up immediately each time you save a document.

There are two ways to back up your data: physical media or Cloud-based storage. If you are not sure which approach to use, you can use both at the same time. Physical media is devices you control, such as external USB drives or network devices. The advantage of using your own physical media is it is very quick. The disadvantage is if you become infected with malware, it can spread to your backups. Also, if you have a disaster, such as fire or theft, it can result in you losing not only your computer, but the backups as well.

Cloud-based solutions are online services that store your files on the Internet. An advantage of Cloud solutions is their simplicity–backups are often automatic and you can usually access your files from anywhere. Cloud backups can help you recover from malware infections, such as ransomware, as many Cloud solutions allow you to recover from pre-infected versions. The disadvantages are it can take a long time to back up or recover very large amounts of data.

Finally, don’t forget your mobile devices. Your mobile app configurations, recent photos, and system preferences may not be stored in the Cloud. By backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade. An iPhone/iPad can back up automatically to Apple’s iCloud. Android, or other mobile devices depend on the manufacturer or servicer provider. In some cases, you may have to purchase an app for backups.

Backing up your data is only half the battle; you must be sure that you can recover it. Check periodically that your backups are working by retrieving a file and making sure it is the same as the original. Also, be sure to make a full system backup before a major upgrade (such as moving to a new computer or mobile device) or a major repair (like replacing a hard drive) and verify that it is restorable.

Vol. 10, No. 19 – June 21 – July 4, 2017 – Tech Today

We all WannaCry
by Ken May

On Friday, May 12, a new ransomware, called WannaCry, began circulating throughout the United Kingdom and Spain, rapidly infecting over 400,000 exposed workstations and servers at healthcare, financial, and other business sectors. This ransomware stood out for several reasons, including being the largest ransomware attack in history, and the first widely spread ransomware worm.

I had an exciting time analyzing this as it happened. I was in San Diego for the SANS Security West 2017 Cybersecurity conference as a facilitator. We all piled into a room late one night for an emergency session, while we shared data and studied what was happening in real time. Because of some of the connections I made there, I later was able to provide some assistance to the FBI Special Agent in charge of the WannaCry investigation.

The ransomware infection is Version 2.0 of WanaCypt0r (also known as WCry, WannaCry, and WannaCryptor). Unlike previous instances, this version takes advantage of the SMB vulnerability outlined in Microsoft Security Bulletin (MS17-010). This vulnerability was first exploited by the ETERNALBLUE malware, revealed by the ShadowBrokers leak in March, and targeted the Microsoft MS17-010 SMB vulnerabilities. SMB (Server Message Block) is a protocol primarily communicating on port 445 and is designed to provide access to shared resources on a network. Last fall, Microsoft propounded system administrators to disable SMB Version 1 on systems.

According to an FBI FLASH Alert, the WannaCry ransomware infects initial endpoints via a phishing campaign or compromised RDP (remote desktop protocol). Once the ransomware gets into a network, it spreads quickly through any computers that don’t have the patch applied. The worm-like capabilities are the new feature added to this ransomware.

New instances of this ransomware worm dramatically decreased following the activation of a “kill-switch” in the ransomware. A security researcher going by the Twitter handle @MalwareTechBlog noted an unregistered domain (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) in a sample of the malware. WannaCry checked to ensure non-registration of the domain at some point prior to infection. According to the researcher, this was likely intended as a way to prevent analysis of the malware in a sandbox. If the domain is registered, WannaCry exits the system, preventing further infection. While this doesn’t benefit victims already infected, it does curb further infection. Of course, shortly after that, a new variant began making the rounds.

At least three separate Bitcoin wallets, controlled by unknown criminals were identified as part of the ransomware campaign. As of May 25th, a total of 302 payments totaling over $126,000 had been transferred. All in all, a shockingly small amount.

Some interesting notes:

  1. This was patched by Microsoft back in March, so anybody who got infected is over 2 months behind on installing security updates.
  2. 98% of the victims were running Windows 7.
  3. It’s estimated that there are currently over 1 million computers connected to the internet, according to scans, that are still vulnerable, and still haven’t been updated.

Install those updates, folks!

h/t: https://blog.barkly.com/wannacry-ransomware-statistics-2017

What Is WannaCry? Analyzing the Global Ransomware Attack

Robots descend on Ventura

The future of the world is in the hands of these kids.

Article and photos by Richard Lieberman

Teams faced off at FIRST (For Inspiration and Recognition of Science and Technology) Robotics regional competition at Ventura College. Teams from Ventura County, Chile and Hawaii compete in the FIRST Robotics competition.

The local team is Team 3925 from Ventura County. The team is comprised of seven different local high schools competing against 42 high school teams, including teams from Newbury Park High,  Construction and Engineering charter high school in Camarillo and the Ventura County Career Education Center, where students from six county high schools make up the team.

This event called FIRST Steamworks incorporating a Steampunk theme. The student designed robots are required to pick up an item then throw it, climb and then hang on a tower and to carry an item and place it on a platform.  The teams were given a starter kit to help design and build their robot. Students were allowed six weeks to build, program and test their robots.

More than 5,000 teams, totaling 78,000 students world-wide are taking part in the FIRST Robotics competition this year. Aiding the students were teachers, and mentors from the programming, engineering, manufacturing field to help students design their robots and form their business plans. All team participants have the option to apply for twenty-two million dollars in scholarships from more than 200 colleges and universities.

Event chair Velma Lomax said “This is what I love so much, it’s not just about robotics and competing, it’s about everything these kids learn” There are regional competitions that will move on next month to western competitions in Houston, then on to eastern competitions in St. Louis and a final world championship in New Hampshire in July.

Lomax added “These kids are in business fields, they design their own brochures, they do all of their own promoting, their own fundraising. They don’t get money from anyone. These kids are amazing and every child can fit in. Additionally, Lomax said “They call it a varsity squad for the mind, another important thing they learn is time management.”

Three teams who won the regional with their robots are Team 114 from Los Altos high school, Team 3925 from Career Education at Ventura High School, includes members from Ventura High School, Buena High School, and Foothill Technology. Ventura’s team 3925 won a spot to advance to the upcoming competitions.

“It’s a lot of components this year, event chair Velma Lomax said.” She added  “It’s an interesting competition.”

 

Vol. 10, No. 14 – April 12 – April 25, 2017 – Tech Today

Tech Today with Ken May

How the ISP Law Change Affects Your Privacy

On Tuesday, March 28th, Congress sent proposed legislation to President Donald Trump that wipes away landmark online privacy protections, the first salvo in what is likely to become a significant reworking of the rules governing Internet access. The legislation would kill a set of Obama-era privacy regulations for internet service providers created by the Federal Communications Commission last October.

The most notable part of the rules, which has not yet taken effect, would require broadband providers such as Verizon, Comcast, and AT&T to obtain explicit consent before selling their customers’ web-browsing histories, app-usage data, and other personal information to advertisers and other third-parties. The vote is concerned with some recent changes to what the internet is in the eyes of the American government.

In February of 2015, The Federal Communications Commission (FCC) reclassified ISPs as “common carriers,” which means they traffic in utilities. This effectively put the internet in the same category as telephones, water, gas, and other necessary components for living in terms of how it’s regulated. This allowed the FCC to enforce net neutrality laws, which force all ISPs to provide access to all kinds of content on the internet equally. (In the past, ISPs would slow down users’ traffic when visiting certain websites or sharing files to discourage them from engaging in these acts.) Classifying the internet as a utility also meant ISPs had to follow the privacy guidelines previously written for telephones. This legislation would effectively roll back many of these changes, allowing ISPs to do whatever they want with their users’ browsing data.

So, this is a complicated issue. What’s the easiest way to get my privacy back?

Well, states could try to implement some form of the FCC rules for their own residents. ISPs might conceivably change their practices nationwide if enough states do so, or customers in some states could have fewer privacy protections than customers in other states.

“As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights, a New York Times article said this week. The Times article mentioned laws in California, Connecticut, Nebraska, and West Virginia and proposals for new laws in Illinois, Hawaii, and Missouri, but none of these laws and proposals was specifically targeted at ISPs.

But let’s assume that doesn’t happen. Now what?

Last year, Opera, the little browser that everyone seems to forget about, rolled out a free VPN. It’s easily the simplest, cheapest, and most reasonably private way to access a VPN that will circumvent your ISP right now. It does come with a slew of caveats though. An Opera spokesperson said that the VPN is a no-log service, which is good, however, while Opera is a Norwegian company and therefore acts under Norwegian law, SurfEasy, the company that provides the VPN service, is a Canadian company, and Canada is known to hand over intelligence data. Regardless, using the VPN means you’re agreeing to SurfEasy’s Privacy Policy. Opera was also purchased by a Chinese consortium last year, so any data Opera does collect could be accessible by that company at some point. Also, keep in mind, only the web browsing you do in Opera will go through their VPN. It’s not perfect, but it’s a good step forward. Hopefully, we see something similar implemented in other browsers.

h/t Business Insider, Game Informer, Lifehacker, Ars Technica

 

The Lester Tong Visualization Center

3-D demonstration held at College Applied Science Center.

On March 23 a dedication of the Lester Tong Visualization Center at Ventura College Applied Science Center was held.  This 75-seat classroom utilizes a state-of-the-art 3-D dual rear projector system onto an 8′ tall glass “touch screen” where the viewing audience wear powered 3-D glasses.  A 3-D demonstration was held.

Lester Tong worked at the Ventura County Community College District Office and in the Information Technology department at Ventura College for over 30 years. He was dedicated to serving the campus and the community.  Retiring in 2016, Mr. Tong continues his devotion to service in Ventura County by volunteering at various non-profit organizations.

The son of Cantonese immigrants, Lester became a first-generation college student, receiving his B.S. in Business Administration from Pacific Union College in 1971. Lester attributes his success in life to the education he received. He is grateful for an education which created many opportunities for him, including his career at Ventura College.

His passion for education inspired him to leave a lasting impact at Ventura College by creating an endowment for the Ventura College Promise, a program that covers the enrollment costs for the first year at Ventura College.

The District Board of Trustees unanimously authorized the naming of the Ventura College Visualization Center: The Lester Tong Visualization Center.

Vol. 10, No. 12 – March 15 – March 28, 2017 – Tech Today

Tech Today with Ken May

How did Amazon take down the internet?

On Tuesday, February 28th, an Amazon cloud server, specifically an AWS cluster of servers in the US-EAST-1 region, stopped responding. Sites and web apps like Mashable, Trello, Giphy, Quora, Netflix, Spotify, Slack, Pinterest and Buzzfeed, as well as tens of thousands of smaller sites all were suddenly down or slowed to a crawl. To the average person, all we saw was that a ton of sites and apps in common usage were not working. How does this happen?

It was so bad that Amazon wasn’t able to update its own service health dashboard for the first two hours of the outage because the dashboard itself was hosted on AWS.

“This is a pretty big outage,” said Dave Bartoletti, a cloud analyst with Forrester. “AWS had not had a lot of outages and when they happen, they’re famous. People still talk about the one in September of 2015 that lasted five hours,” he said.

The reason this affected so many sites is because Amazon’s AWS platform hosts virtual servers used by all of these businesses. Amazon’s S3 cloud storage systems were also affected. SO, even a site not running on an AWS server might have issues if it’s data was on S3. For example, a business might store its videos, images or databases on an S3 server and access it via the Internet.

As it turns out, it was all due to human error. A simple typo. As Amazon explains it, some of its S3 servers were operating rather sluggish, so a tech tried fixing it by taking a few billing servers offline. A fix straight from the company’s playbook, it says. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended.” Whoops.

As for why the problem took so long to correct, Amazon says that some of its server systems haven’t been restarted in “many years.” Given how much the S3 system has expanded, “the process of restarting these services and running the necessary safety checks to validate the integrity of the metadata took longer than expected.”

Cyence, an economic modeling platform, shared some data that show the ramifications:

-Losses of $150 million for S&P 500 companies

-Losses of $160 million for U.S. financial services companies using the infrastructure

Apica Inc., a website-monitoring company, said 54 of the internet’s top 100 retailers saw website performance slow by 20% or more.

Ouch!

Amazon apologized for the issue and said that it has put schemes in place to avoid the same problems caused by human error in the future. Let’s have this stand as a reminder to have adequate failover systems in place! Never put all your eggs in one basket.

Vol. 10, No. 10 – February 15 – February 28, 2017 – Tech Today

Cybersecurity While Traveling
by Ken May

While your network at home or at work may be secure, you should assume that any network you connect to when traveling cannot be trusted. You never know who else is on it and what they may be doing. Here are some simple steps that go a long way to protecting you and your data before you travel:

  • The safest information is information you don’t have. Identify what data you need and only bring that information. This can significantly reduce the impact if your devices are lost, stolen, or impounded by customs or border security.
  • Lock your mobile devices with a strong passcode. if it’s stolen or lost, people cannot access your information on it. Also, enable full disk encryption. For most mobile devices, this is automatically enabled when you use a screen lock.
  • Install or enable remote tracking software. Some kinds can even remotely wipe the device.
  • Update all your devices’ applications, and anti-virus software before leaving. Many attacks focus on systems with outdated software.
  • Do a complete backup of all your devices. This way, if something does happen to them while traveling, you still have all of your original data in a secured location.

Once you begin your travel, ensure the physical safety of your devices. For example, never leave your devices in your car where people can easily see them, as criminals may simply smash your car’s window and grab anything of value they can see. While crime is definitely a risk, according to a recent Verizon study, people are 100 times more likely to lose a device than have it stolen. This means always double-check that you still have your devices when you travel, such as when you clear security at the airport, leave a taxi or restaurant, check out of a hotel room, or before you disembark from your airplane. Remember to check that seat back pocket.

Accessing the Internet while traveling often means using public Wi-Fi access points, such as ones you find at a hotel, a local coffee shop, or the airport. There are two problems with public Wi-Fi: you are never sure who set them up and you never know who is connected to them. As such, they should be considered untrusted. In fact, this is why you took all the steps to secure your devices before you left.

 

In addition, Wi-Fi uses radio waves, which means anyone physically near you can potentially intercept and monitor those communications. For these reasons, you need to ensure all of your online activity is encrypted. For example, when connecting online using your browser, make sure that the websites you are visiting are encrypted. You can confirm this by looking for ‘HTTPS://’ and/or an image of a closed padlock in your address or URL bar. In addition, you may have what is called a VPN (Virtual Private Network), which can encrypt all of your online activity when enabled. This may be issued to you by work, or you can purchase VPN capabilities for your own personal use. If you are concerned that there is no Wi-Fi you can trust, consider tethering to your smartphone. Warning: this can be expensive when traveling internationally. Check with your service provider first.