Sunday, March 29, 2026

H&R Block Root CA

I don't expect that many of you run H&R Block Business 2025 but humor me and go read the show notes to Security Now Episode #1071. Consider that H&R might not be the only organization doing this.


Now come down off the ceiling. Go read my annual Happy New Year blog post. Scroll down and go read the Certificate Store blog post.

Do what it says and rest easier.
Posted by Ben Moore at 7:20:00 PM 0 comments

Sunday, February 08, 2026

What's Your Plan?

One of my favorite podcasts had a segment I thought was pertinent, especially to enterprise class readers.

Here's an excerpt:
What if every laptop under your control ... BSODs tomorrow morning when the person boots up? What's your plan? This is probably a good day to examine your massive failure plan. The solution is wipe the drive, reinstall Windows, and reload. You've got a desktop and folder backup but what's the restore time like? How long will it take you to wipe, format, reinstall the operating system, and then restore backups? When was the last time you went through that process and got a time? I hope you weren't planning to do anything else this year.
The video is here.


Think about it.



Posted by Ben Moore at 7:15:00 PM 0 comments

Sunday, December 28, 2025

Happy New Year 2026

It's time for my annual New Year's post. Most of these are oldies but goodies but still very applicable even for Windows 11.


Here's my list of things I think you should check once a year.

Some of the steps may be a little out of date but I think you can find your way around. If not, leave me a comment and I'll help.


You'll sleep better.
Posted by Ben Moore at 7:13:00 PM 0 comments

Sunday, December 21, 2025

What to Do if Your Phone Is Lost or Stolen

One of my regular podcasts is Security Weekly News. A recent episode covered "Dealing with loss, phone loss." It's almost 42 minutes long and very detailed. I'm just going to share one of the items by one of the hosts. Take a deep breath and dive in.


What to do if your phone is lost or stolen: practical steps to restore peace of mind
  • “IMEI now. *#06#—write it down off device.” 
  • “Find My ON – iPhone and Android. Test it at icloud.com/find or android.com/find.” 
  • “Strong passcode + biometrics. Avoid birthdays.” 
  • “Lock the lock screen controls.” 
  • “2FA everywhere.” 
  • “SIM PIN – physical SIM and eSIM.” 
  • “Backups on.” 
  • “iPhone: Stolen Device Protection ON; know Lost Mode.” 
  • “Android: Find My Device Network; Secure Folder/App Lock.” 
  • “Emergency: Lock & locate; carrier kill SIM; IMEI blacklist; change passwords; police report; don’t chase.” 
  • “Scams: Fake ‘Find My’, extortion texts. Don’t click, don’t reply. Forward spam (7726; KSA 330330). Keep Lost Mode ON.”
As soon as you find your phone is missing Try to locate your phone with Find My on Apple or Google, if you have it turned on. You can use a browser on a computer, tablet or even a friend’s phone.

Remotely lock your phone using Find My and mark it as lost, which helps protect your data, blocks the use of Apple or Google Pay and can leave a message on the screen for anyone who finds it. You can also remotely erase your phone from here too.

Contact your network provider and block your sim to stop thieves running up bills. Also ask it to check for any new “charge to bill” activity and to disable the feature.

Contact your credit card company for any cards you have stored on your phone and disable Apple or Google Pay.

Report the theft to the police and give them your phone’s IMEI number, which may be on the box, in your Apple or Google account or their Find My services.

Contact your insurance company if you have phone cover.

Change your passwords for important accounts. Start with your email account so that thieves can’t gain access to your other accounts through password resets.

Remove your phone from your accounts and services, which will log it out and stop thieves accessing saved details.

When you get a new phone, get back your old one, or before something goes wrong, there are some steps you can take to help if you lose it again:

Set a strong pin, a short screen lock time out and turn on biometric fingerprint or face scanners to help keep thieves out of your phone.

Turn on Find My on your phone in settings, which allows you to locate it, lock it or erase it remotely via a web browser or another device.

Turn on Stolen Device Protection in settings on an iPhone, which blocks access to passwords, pins and credit cards without your face or fingerprint.

Turn on Theft Protection in Google settings on Android, which locks your phone when it detects it has been snatched, enables remote locking, locks the phone if it goes offline and prevents access to passwords, pins and other settings without your face or fingerprint.

Set a sim pin in your phone’s settings, which stops thieves being able to use your phone account by transferring the sim or esim to another phone.

Take note of your phone’s IMEI (serial) number – dial *#06# to see it.

Use biometrics for any and all banking and other sensitive apps that support them to block access for anyone other than you.

Disable access to quick settings, Siri or Google Assistant/Gemini and notifications when your phone is locked. This prevents thieves reading two-step codes, turning off internet access, making calls or accessing data.

Back up your phone’s data and settings using iCloud on an iPhone or Google Drive on an Android phone.

Back up your photos to the cloud using iCloud Photos, Google Photos, Amazon Photos or other service.
Posted by Ben Moore at 7:57:00 PM 0 comments

Sunday, December 14, 2025

Old Wives' Tales

Maybe not exactly, but kinda like that.


You've probably heard lots of "conventional wisdom" about digital security. Recently I came across a good article (archive.org) that refutes many of these recommendations.
  1. Avoid public WiFi
  2. Never scan QR codes
  3. Never charge devices from public USB ports
  4. Turn off Bluetooth and NFC
  5. Regularly “clear cookies”
  6. Regularly change passwords
    And I'll add one...
  7. Keep your "tap" cards in a secure wallet
Even as you retire these recommendations, there are several that you should add.
  1. Keep critical devices and applications updated
  2. Enable multi-factor authentication (“MFA”, sometimes called 2FA)
  3. Use strong passphrases
  4. Use a password manager
    And again, I'll add one...
  5. Use passkeys
The source article is a MUST read.

Posted by Ben Moore at 7:30:00 PM 0 comments

Sunday, November 09, 2025

Liar, Liar, Pants on Fire

AI failures or hallucinations are getting to be a theme of my posts.

Our family is considering a trip to Europe next summer. When we realized that it would take 3 flight legs to get there, I went to Microsoft's Copilot for help.
Looking at flying from Memphis to Vienna. What is the flight with the least connections?
Copilot was quick to respond:
The flight from Memphis to Vienna with the fewest connections typically has just one stop,
most commonly in New York (JFK or LGA). There are no direct flights available.
And gave me details about total duration, layover times and booking tips.

I followed up:
Show me the details of the Delta and Austrian connection.
Copilot gave me pages of Flight Details, Booking & Amenities, and even Tips for Smooth Travel.

The only problem was that Delta didn't show that connection.
I don't see that connection from Delta.
Copilot fessed up.
You're right - Delta does not currently offer a seamless connection from Memphis to Vienna via JFK with Austrian Airlines. While Austrian operates direct flights from JFK to Vienna, Delta's Memphis-to-JFK segment doesn't consistently align with Austrian's departure times, and the two airlines don't coordinate on a single ticket for this route.
My reply.
Then why did you offer that to me?
Copilot's reply.
You're absolutely right to call that out - and I appreciate your sharp eye.

I initially offered the Delta + Austrian connection based on a common routing pattern (Memphis to JFK, then Austrian to Vienna), which can sometimes be pieced together manually. But I should have been clearer: that route isn't currently offered as a coordinated itinerary by either airline, and booking it would require separate tickets and careful timing - which introduces risk and complexity.
Just a total waste of my time.

Here's the whole dialog.




Posted by Ben Moore at 8:04:00 PM 0 comments

Sunday, November 02, 2025

PowerShell Scripts by Copilot

Ok, I've been down on AI (Artificial Intelligence). But it's not all negative.

I'm good at writing IBM mainframe assembler language but not so much with PowerShell scripting.

Recently, I "needed" a tool to tell me when Windows Defender had run on my PCs and what the results were. In that this was on Microsoft's Windows, I went to copilot.microsoft.com.

After a little bit of coaching, Copilot gave me an excellent script and a batch file to run it.

Here's the output:


Here's the script:

$scanTypes = @{ '0' = 'Quick'; '1' = 'Full'; '2' = 'Custom' }
$triggers  = @{ '0' = 'Unknown'; '1' = 'Scheduled'; '2' = 'Manual'; '3' = 'Real-time'; '4' = 'On-Demand'; '5' = 'Startup' }

Get-WinEvent -LogName "Microsoft-Windows-Windows Defender/Operational" -MaxEvents 100 |
  Where-Object { $_.Id -eq 1001 } |
  ForEach-Object {
    $xml = [xml]$_.ToXml()
    $data = $xml.Event.EventData.Data
    [PSCustomObject]@{
      TimeCreated = $_.TimeCreated
      ScanType    = $scanTypes[$data[3].'#text']
      Trigger     = $triggers[$data[5].'#text']
      Threats     = $data[10].'#text'
    }
  } | Format-Table -AutoSize
Read-Host "Press Enter to exit"

Here's the batch file:

powershell -NoExit -ExecutionPolicy Bypass -File "DefenderScanSummary.ps1"

That worked so well that I tried again.

I use Drive Snapshot to backup my systems. I wanted to be able to look at the external drive and see when each system was last backed up.

So I went back to Copilot.


Here's the script:

$usbDrive = "E:\"  # Change this to match your USB drive letter
$report = @()

# Get all system folders
$systemFolders = Get-ChildItem -Path $usbDrive -Directory

foreach ($folder in $systemFolders) {
    $systemName = $folder.Name
    $backupFiles = Get-ChildItem -Path $folder.FullName -Filter *.sna -File -ErrorAction SilentlyContinue
    $logFiles = Get-ChildItem -Path $folder.FullName -Filter *.log -File -ErrorAction SilentlyContinue

    # Get most recent backup
    $latestBackup = $backupFiles | Sort-Object LastWriteTime -Descending | Select-Object -First 1

    # Determine backup type from last 3 characters before .sna
    $latestType = "Unknown"
    if ($latestBackup) {
        $baseName = $latestBackup.BaseName
        if ($baseName.Length -ge 3) {
            $suffix = $baseName.Substring($baseName.Length - 3)
            switch ($suffix.ToLower()) {
                "ful" { $latestType = "Full" }
                "dif" { $latestType = "Differential" }
            }
        }
    }

    $latestDate = if ($latestBackup) { $latestBackup.LastWriteTime } else { "None" }

    # Calculate total size of backups
    $totalSizeMB = if ($backupFiles) {
        ($backupFiles | Measure-Object Length -Sum).Sum / 1MB
    } else {
        0
    }

    # Check for errors in logs
    $errors = @()
    foreach ($log in $logFiles) {
        $logContent = Get-Content $log.FullName -ErrorAction SilentlyContinue
        $logErrors = $logContent | Select-String -Pattern "error|failed|exception" -CaseSensitive
        if ($logErrors) {
            $errors += "$($log.Name): $($logErrors.Count) issues"
        }
    }

    $report += [PSCustomObject]@{
        System       = $systemName
        LatestBackup = if ($latestBackup) { "$($latestDate) ($latestType)" } else { "No backups found" }
        TotalSizeMB  = [math]::Round($totalSizeMB, 2)
        Errors       = if ($errors) { $errors -join "; " } else { "None" }
    }
}

# Display the report in PowerShell output
$report | Format-Table -AutoSize

So the AI tools aren't completely useless!

Posted by Ben Moore at 7:38:00 PM 0 comments
Subscribe to: Comments (Atom)