Sunday, November 21, 2021

Windows 10 21H2 Enablement Package

Windows 10 November 2021 Update, a.k.a. 21H2, doesn't have many new features, especially for the home user.
  • Adding WPA3 H2E standards support for enhanced Wi-Fi security
  • Windows Hello for Business introduces a new deployment method called cloud trust to support simplified passwordless deployments and achieve a deploy-to-run state within a few minutes
  • GPU compute support in the Windows Subsystem for Linux (WSL) and Azure IoT Edge for Linux on Windows (EFLOW) deployments for machine learning and other compute intensive workflows

It hasn't shown up on ANY of my PCs so far. I always try to test new things so you don't have to. 21H2 is no exception.

Like 21H1, I found a link to download the enablement package. And like 21H1, when I clicked on that link, nothing happened. I had to right click and choose "Copy link address" and then paste that link into another browser tab.

Worked fine.

Sunday, November 14, 2021

I Can Print Again

This story starts with PrintNightmare. That's a long and arduous journey that isn't over.


But one of the side effects is that Microsoft's attempts to fix PrintNightmare has impacted Windows printing for months.

Printing to a direct connected printer hasn't been a problem (yet) but printing to a "server" connected printer has been impacted.

At my house, I have a Windows 10 Pro computer with a USB attached color laser printer. Each of my other PCs have this printer mapped across the network.

This has worked perfectly for YEARS - until August 2021's Patch Tuesday.

Then my PCs couldn't print to the shared printer.

But Microsoft couldn't let this situation persist, could they?

I waited until September's Patch Tuesday but I still couldn't print.

I took to Google and found a Registry hack that got me printing again.

Then after October's Patch Tuesday I couldn't print again.

But Microsoft couldn't let this situation persist, could they?

I waited until November's Patch Tuesday but I still couldn't print.

Again, I took to Google and found a Registry hack that got me printing again.

This time the workaround was in Bleeping Computer. grumpyoldadmin posted the following Registry hack from Microsoft for the November Patch Tuesday "fix."

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides] "713073804"=dword:00000000 

And that worked. There're specific hacks for the various versions of Windows 10. But if you read grumpyoldadmin's post, he notes that Microsoft also informed him that this change will need to be backed out once the December "fix" is released.

At this point, I'll take what I can get.

PS. Phil_Psdp commented:
For M$ to come up with entries to disable specific "features" in these updates certainly implies a deeper knowledge of the consequences than they are admitting
Aaarg!

Sunday, November 07, 2021

Unbelievable

I've published previously about Microsoft letting certificates expire on Teams and Exchange. I even offered Microsoft some advice:
Maybe they should have put a reminder on their Outlook calendar.
I guess, like Facebook, Microsoft doesn't read my blog.

It happened again.


Microsoft has started warning Windows 11 users that certain features in the operating system are failing to load due to an expired certificate. The certificate expired on October 31st, and Microsoft warns that some Windows 11 users aren’t able to open apps like the Snipping Tool, touch keyboard, or emoji panel.
Besides being unbelievable that this keeps happening is that "certain features" of Windows 11 are dependent on Internet-based certificates.

Why in the world would tools like the Snipping Tool and touch keyboard depend on Internet certificates?

And I love their mitigation advice (archive.is):
To mitigate the issue with Snipping Tool, use the Print Screen key on your keyboard and paste the screenshot into your document. You can also paste it into Paint to select and copy the section you want.
Doh.


Sunday, October 31, 2021

Nuclear Ransomware 3.0

I follow a lot of material from KnowBe4. They provide really good training for enterprises covering social engineering attacks.
Hopefully, I'm personally beyond that risk. At least I passed all the KnowBe4 classes I just took.

Recently KnowBe4's Roger Grimes posted an article on "Nuclear Ransomware 3.0."

We all know what ransomware started out doing.

He described Nuclear Ransomware 2.0 as "Quintuple Extortion."

The five elements were:
  • Stealing Intellectual Property/Data
  • Stealing Every Credential It Can - Business, Employee, Personal, Customer
  • Threatening Victim’s Employees and Customers
  • Using Stolen Data to Spear Phish Partners and Customers
  • Publicly Shaming Victims
Those are bad enough.

Then he went on to suggest what Nuclear Ransomware 3.0 would consist of:
  • Selling exfiltrated data
  • Selling exfiltrated stolen credentials
  • Selling initial access
  • Stealing money from bank and stock accounts
  • Personal extortion against individuals
  • Hacking for hire
  • Selling lead lists from stolen customer data
  • Business email compromise scams
  • Installing adware
  • Launching DDoS attacks
  • Crypto mining
  • Creating rentable botnets
  • Sending spam emails
  • Resource renting
  • Acting as proxy sites for other attacks
  • Anything else they can think of to generate revenue
Yikes!

And some of these are already emerging. If you haven't heard of Initial Access Brokers (IABs), read this.





Sunday, October 24, 2021

Top 5 Cyber Threats

Trend Micro shared a study in July 2021 on Cyber Risk Index.


There's a lot of comparison of risks across geographic regions, e.g. North America, Latin/South Americas, Europe, Asia-Pacific.

North America had the highest risk when Trend Micro compared regions' preparedness to the threat index.

While there's a lot to worry about there, to me the actionable topics are what Trend Micro called the "Top 5 Cyber Threats".

North America
  1. Phishing and social engineering
  2. Clickjacking
  3. Ransomware
  4. Man-in-the-middle attack
  5. Fileless attack
Make that your "to do" list.

Sunday, October 17, 2021

8 Inches vs 12 Inches

Ok, get your minds out of the gutter. I'm talking about silicon wafers.

We've all heard about car and truck production being impacted by chip shortages.


Why? I could have never guessed.

It turns out that automotive chips are fabricated on 200mm (8 in.) silicon wafers. Current wafer technology is 300mm (12 in.).

The use of chips in automobiles is booming so demand for 200mm wafers is increasing.

But the manufacturers of the wafer production technology are focusing on 300mm wafers.

This has caused a crunch in manufacturing of 200mm wafers.
As one headline from December (2020) read, "8-inch wafer capacity is in short supply to unimaginable levels", with the article stating "wafer production capacity is so tight that customers' demand for production capacity has reached a panic level." And that from mid 2021 "to the second half of 2022, the logic and DRAM markets will be out of stock."
ExtremeTech reported:
200mm was supposed to fade away as 300mm came online, and that worked from 2007 - 2014, ... 200mm capacity has gotten difficult to book. Large foundries like TSMC have been slow to add new 200mm capacity ...
Even the IEEE weighed in:
Despite the auto industry's desperation, there's no great rush to build new 200-mm fabs.
So, maybe the automotive industry could just move to 300mm wafers.
For automotive products from specification to PPAP would be more like 24 to 36 months, again depending on the complexity.
There's not going to be a quick fix.

Here's the only good news I've found around this:
Stop-start technology will be gone for now from non-diesel versions of Cadillac Escalade; Chevy Tahoe, Suburban, and Silverado; plus GMC Sierra and Yukon.

Sunday, October 10, 2021

Plan Z

Facebook had a bad day recently. And the next day wasn't too good either.


I've posted a couple of times (here and here) about my "Plan Z."

I've also posted several times (here, here, and here) about WFH risks.

Apparently Facebook doesn't read my blog.

Somebody at Facebook made a mistake. People make mistakes. That will happen.

What happened (or rather what didn't happen) next is the issue.

The Daily Mail had a good recap of the series of problems.
But the repair was delayed, according a purported insider, because of 'lower staffing in data centers due to pandemic measures', ...
There's the "WFH risk." And no Plan A.
Kieron Harding, an IT Infrastructure Engineer at GRC International Group, told DailyMail.com: 'The nature of the problem meant Facebook would have needed network engineers to physically access their BGP routers - and due to the pandemic, some of the data centers quite possibly don't have an engineer based on site, or someone who could have immediately started to work on the problem.'
"Facebook would have needed network engineers to physically access their BGP routers," Facebook didn't have a Plan B.
... the misconfiguration of the BGP also affected Facebook's physical door access systems
Facebook didn't have a Plan C.

You have to have a plan all the way down to Plan Z.

Be prepared.