Sunday, December 05, 2021

Happy New Year 2022

The start of a new year is a good time to review a few things and make sure everything is right. Here's my list of things I think you should check once a year.


Some of the steps may be a little out of date but I think you can find your way around. If not, leave me a comment and I'll help.

PayPal Preapproved Payments
Offline Backup
Certificate Store
Router Configuration
Windows Defender and Windows Defender Offline
Controlled Folder Access
System Restore

You'll sleep better.

Sunday, November 28, 2021

Wyze Cam Plus Person Detection

As I've mentioned previously, I'm a big fan of Wyze products.

Initially, the Wyze cameras had on-camera person detection but a dispute with Xnor.ai forced Wyze to remove this.

This seemed like a bad thing but it has been good.

Wyze introduced a paid service called Cam Plus. It's cheap ($1.25 per month per camera) and from time to time, they offer deals. I got an annual package for 5 cameras for $49.99.

In addition to person detection, Cam Plus offers package detection, vehicle detection, and pet detection. It also removes the 5 minute "cool down" period and has unlimited video length.

You can see how this looks in the following event log.


From the bottom to the top, you can see my neighbor pull into my driveway, walk to the front door, carry the package around to the back porch, return to his car, and drive off.

Just FYI, for my last purchase, I got the Wyze Cam v3 ($33.59) and a Samsung 32GB MicroSD card ($8.55).

Sunday, November 21, 2021

Windows 10 21H2 Enablement Package

Windows 10 November 2021 Update, a.k.a. 21H2, doesn't have many new features, especially for the home user.
  • Adding WPA3 H2E standards support for enhanced Wi-Fi security
  • Windows Hello for Business introduces a new deployment method called cloud trust to support simplified passwordless deployments and achieve a deploy-to-run state within a few minutes
  • GPU compute support in the Windows Subsystem for Linux (WSL) and Azure IoT Edge for Linux on Windows (EFLOW) deployments for machine learning and other compute intensive workflows

It hasn't shown up on ANY of my PCs so far. I always try to test new things so you don't have to. 21H2 is no exception.

Like 21H1, I found a link to download the enablement package. And like 21H1, when I clicked on that link, nothing happened. I had to right click and choose "Copy link address" and then paste that link into another browser tab.

Worked fine.

Sunday, November 14, 2021

I Can Print Again

This story starts with PrintNightmare. That's a long and arduous journey that isn't over.


But one of the side effects is that Microsoft's attempts to fix PrintNightmare has impacted Windows printing for months.

Printing to a direct connected printer hasn't been a problem (yet) but printing to a "server" connected printer has been impacted.

At my house, I have a Windows 10 Pro computer with a USB attached color laser printer. Each of my other PCs have this printer mapped across the network.

This has worked perfectly for YEARS - until August 2021's Patch Tuesday.

Then my PCs couldn't print to the shared printer.

But Microsoft couldn't let this situation persist, could they?

I waited until September's Patch Tuesday but I still couldn't print.

I took to Google and found a Registry hack that got me printing again.

Then after October's Patch Tuesday I couldn't print again.

But Microsoft couldn't let this situation persist, could they?

I waited until November's Patch Tuesday but I still couldn't print.

Again, I took to Google and found a Registry hack that got me printing again.

This time the workaround was in Bleeping Computer. grumpyoldadmin posted the following Registry hack from Microsoft for the November Patch Tuesday "fix."

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides] "713073804"=dword:00000000 

And that worked. There're specific hacks for the various versions of Windows 10. But if you read grumpyoldadmin's post, he notes that Microsoft also informed him that this change will need to be backed out once the December "fix" is released.

At this point, I'll take what I can get.

PS. Phil_Psdp commented:
For M$ to come up with entries to disable specific "features" in these updates certainly implies a deeper knowledge of the consequences than they are admitting
Aaarg!

Sunday, November 07, 2021

Unbelievable

I've published previously about Microsoft letting certificates expire on Teams and Exchange. I even offered Microsoft some advice:
Maybe they should have put a reminder on their Outlook calendar.
I guess, like Facebook, Microsoft doesn't read my blog.

It happened again.


Microsoft has started warning Windows 11 users that certain features in the operating system are failing to load due to an expired certificate. The certificate expired on October 31st, and Microsoft warns that some Windows 11 users aren’t able to open apps like the Snipping Tool, touch keyboard, or emoji panel.
Besides being unbelievable that this keeps happening is that "certain features" of Windows 11 are dependent on Internet-based certificates.

Why in the world would tools like the Snipping Tool and touch keyboard depend on Internet certificates?

And I love their mitigation advice (archive.is):
To mitigate the issue with Snipping Tool, use the Print Screen key on your keyboard and paste the screenshot into your document. You can also paste it into Paint to select and copy the section you want.
Doh.


Sunday, October 31, 2021

Nuclear Ransomware 3.0

I follow a lot of material from KnowBe4. They provide really good training for enterprises covering social engineering attacks.
Hopefully, I'm personally beyond that risk. At least I passed all the KnowBe4 classes I just took.

Recently KnowBe4's Roger Grimes posted an article on "Nuclear Ransomware 3.0."

We all know what ransomware started out doing.

He described Nuclear Ransomware 2.0 as "Quintuple Extortion."

The five elements were:
  • Stealing Intellectual Property/Data
  • Stealing Every Credential It Can - Business, Employee, Personal, Customer
  • Threatening Victim’s Employees and Customers
  • Using Stolen Data to Spear Phish Partners and Customers
  • Publicly Shaming Victims
Those are bad enough.

Then he went on to suggest what Nuclear Ransomware 3.0 would consist of:
  • Selling exfiltrated data
  • Selling exfiltrated stolen credentials
  • Selling initial access
  • Stealing money from bank and stock accounts
  • Personal extortion against individuals
  • Hacking for hire
  • Selling lead lists from stolen customer data
  • Business email compromise scams
  • Installing adware
  • Launching DDoS attacks
  • Crypto mining
  • Creating rentable botnets
  • Sending spam emails
  • Resource renting
  • Acting as proxy sites for other attacks
  • Anything else they can think of to generate revenue
Yikes!

And some of these are already emerging. If you haven't heard of Initial Access Brokers (IABs), read this.





Sunday, October 24, 2021

Top 5 Cyber Threats

Trend Micro shared a study in July 2021 on Cyber Risk Index.


There's a lot of comparison of risks across geographic regions, e.g. North America, Latin/South Americas, Europe, Asia-Pacific.

North America had the highest risk when Trend Micro compared regions' preparedness to the threat index.

While there's a lot to worry about there, to me the actionable topics are what Trend Micro called the "Top 5 Cyber Threats".

North America
  1. Phishing and social engineering
  2. Clickjacking
  3. Ransomware
  4. Man-in-the-middle attack
  5. Fileless attack
Make that your "to do" list.