Computer help and discussion

[RAM]

Windows 10 will install upgrades automatically - you have no selection ... unless you set 'Metered Connection". In which case it will defer updating until you "tell it to do so". But, even then it's all, you can not pick and choose.

Spot on.

The key advantage is that M$ has this annoying habit of putting out updates that have unintended side effects such as freezing machines from time to time etc.

By setting 'metered connection' you get the advantage of not being the automated guinea pig (aka unpaid beta tester) for M$.

Normally within a week if there are issues with M$ updates then copious articles will be appearing everywhere in the tech press. Similarly, if a 'data' gathering update is added then you do not fall victim to it. Several of those updates over the last 18 months were silently reversed by M$ after high-level tech throwback. Others had 'optional' updates issued that removed that component from a broader single file update. <Who says politicians cannot teach companies a trick or two?>

 

[rainbowgirl]

Our 'boffins' protecting Australia from the evil hackers et al have issued an updated guide to keeping your IT safe.

Worth a look...

Malicious Email Mitigation Strategies Guide: ASD Australian Signals Directorate

[h=2]Introduction[/h]

1. Socially-engineered emails containing malicious attachments and embedded links have been observed by the Australian Signals Directorate (ASD) being used in targeted cyber intrusions against organisations.
2. This document has been developed by ASD in collaboration with local and international partners to provide mitigation strategies for the security risk posed by malicious emails. It should be read in conjunction with the advice on email security and content filtering contained in the Australian Government Information Security Manual (ISM).
3. Not every mitigation strategy within this document will be suitable for all organisations <or AFFers but many will>. Organisations should consider their unique business requirements and risk environment when deciding which mitigation strategies to implement. Furthermore, before any mitigation strategy is implemented, comprehensive testing should be undertaken to minimise any unintended disruptions to the organisation’s business.

Interesting that you should mention the Australian Signals Directorate. I first heard of this organisation recently in a TV show called "Secret City". I thought they had made the agency up for the show but later realised it actually existed. I recognised all the other security and spying agencies mentioned in the program. I wonder now whether all the electronic spying techniques mentioned in the show are actually possible. If so, we really do need computer help and discussion.

 

[RAM]

Interesting that you should mention the Australian Signals Directorate. I first heard of this organisation recently in a TV show called "Secret City". I thought they had made the agency up for the show but later realised it actually existed. I recognised all the other security and spying agencies mentioned in the program. I wonder now whether all the electronic spying techniques mentioned in the show are actually possible. If so, we really do need computer help and discussion.

These are the guys who picked up the Indonesian order to unleash the militias.

 

[RAM]

Just in case you use a M$ account...

M$ refuses to fix flaw known since 1997 - allowing hackers access to your Microsoft account details...

Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.
But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.
The flaw is widely known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.
The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

SOLUTION (extreme) =There's a simple mitigation, according to the group. Don't use Internet Explorer, Edge, or Microsoft Outlook, and don't log in to Windows with a Microsoft account.
Chrome and Firefox users aren't affected.


A Microsoft spokesperson suggested that the company would not patch the flaw.

"We're aware of this information gathering technique, which was previously described in a paper in 2015. Microsoft released guidance to help protect customers and if needed, we'll take additional steps," the spokesperson said.

 

[prozac]

Can't believe I was so foolish. In a dumb attempt to get some old hardware to run on W10 I allowed a twain drv file to install a virus (js/redir) on the office computer yesterday. Spent half (most) the night in safe mode running avg boot scan etc to clean it up. So embarrassed, please don't tell anyone.