Sunday, August 29, 2021

Chrome Incognito

Google recently came out on the short end of a $5 billion class-action lawsuit concerning Chrome's Incognito mode.

Apparently as a result of that lawsuit, Google is being more obvious about what Incognito means.

I thought it would be worth sharing. Here is the new splash screen for Incognito mode.

What Incognito does
After closing all Incognito tabs, Chrome clears:
• Your browsing activity from this device
• Your search history from this device
• Information entered in forms

What Incognito doesn't do
Incognito does not make you invisible online:
• Sites know when you visit them
• Employers or schools can track browsing activity
• Internet service providers may monitor web traffic

One subtlety in the first section is that Chrome doesn't take any clearing action until after you close all Incognito tabs. What this means is that if you visit a site that only allows limited visits from a non-subscriber, the cookie that tracks your visit isn't deleted until you close all Incognito tabs. Specifically, if you have Facebook open in an Incognito window and then visit a paywalled site, the count of you visiting the paywalled site will remain until you close the Facebook Incognito window.

It's probably a good time to revisit How to Sandbox Facebook.

Sunday, August 22, 2021

If You’re Going to Use the Cloud

... for Pete's sake, please use its strengths.

You know I have mixed opinions on the "cloud" depending on the size and capability of your organization.

An example of leveraging the cloud's strengths is in a recent article I saw from KnowBe4 entitled "Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?"

KnowBe4 referenced an article from Hornetsecurity entitled "1 of every 4 companies suffered at least one email security breach, Hornetsecurity survey finds." (Don't click on that just yet.)

Realizing that everybody has an agenda, let's look at these articles.

KnowBe4 calls out the following findings:
  • 33% of organizations are not using Microsoft’s multi-factor authentication (MFA)
  • Of those using MFA, 55% of organizations are not using Conditional Access which scrutinizes connection requests beyond just providing credentials and additional authentication factors
  • Only 43% leverage Microsoft’s data loss prevention policies to keep data from leaving the organization
  • 68% of organizations expect Microsoft to keep email safe from threats
This is my point. If you're going to use a cloud solution such as Microsoft 365, leverage its capabilities. Even if they are premium services, they're probably NOT services you could deliver yourself.

KnowBe4's recommendation: Have your "Users ... undergo continual Security Awareness Training."

By the way, that's KnowBe4's business model - training users. And that's a good thing.

Now, before you click on Hornetsecurity's link, get ready for a pretty aggressive privacy policy.

That almost scared me off. But just click on "Cookie-Details" and slide everything to "Off".

In addition to the points that KnowBe4 raised from Hornetsecurity's study, Hornetsecurity has one more finding: "An impressive 82% of all our respondents who use third-party email security solutions reported no breaches."

I'll bet you can guess what Hornetsecurity sells.

Regardless of the various agendas, the Hornetsecurity study is solid and the findings valuable. Take them into consideration for your Microsoft 365 implementation.

And consider the value-add capabilities of any cloud solution you implement.

Sunday, August 15, 2021

Three Problems with Two Factor Authentication

One of the podcasts I listen to regularly is the SANS Internet Storm Center's "StormCast."

In addition to their podcasts, they have "diary" posts. Recently one of their contributors posted "Three Problems with Two Factor Authentication."

They actually listed 3 issues and "other gotchas."

Their list was:

0 - Usability
1 - Resetting the 2nd Factor
2 - Using a Token to Reset a Password

Now, being an engineer, I wasn't surprised by them beginning their count at "0."

But then they enumerated their "other gotchas."

4 - Other Gotchas

Where'd "3" go?

Very much worth the read!

Sunday, August 08, 2021

You Say Tomato, I Say Tomato

Does this irritate you as much as it does me?

It kept popping up on various web sites and you had to close it.

Here's how to eliminate this pop-up.

Set "Google Account sign-in prompts" to OFF.

It's that easy.

Tomato, tomato.

Sunday, August 01, 2021

Follow the Wire

I'll start by conceding that the problem I'll be discussing was MINE, not Xfinity's.

But we didn't know that for a long time.

Recently my 2 year contract with Xfinity lapsed and my bill jumped $50 per month. I called to renegotiate.

They responded with a new plan that had the same TV channels and bumped the Internet speed from 200Mbps to 800Mbps. While I didn't NEED that speed increase, faster is always better.

So after a couple of days, I tried a speedtest.

Hmmm. 250Mbps. What's up with that?

So I looked at my modem, a CISCO DPC3008. While it is DOCSIS 3.0, it only has 8 download channels. This limits it to 340Mbps.

Maybe that was the problem. Not.

But it was time for a new modem anyway so I got an Arris SB6190. It was still DOCSIS 3.0 but had 32 download channels for 1.4Gbps.

Maybe that would fix it. Not.

So I called Xfinity for support. I got a representative in Honduras who was very thorough. His thinking was that there was a cap still in place somewhere but he couldn't see it. So he dispatched a technician.

The technician showed up. His diagnosis was that I had a bad coupling on the coax going into the modem. Not.

I was still at 250Mbps.

I placed another service call. This time the technician didn't even show up. He just called.

He said that I needed a different bootfile. His attempts at downloading a new one didn't work. He said that was because I needed a DOCSIS 3.1 modem.

The SB6190 was listed on Xfinity's modem page for 800Mbps. But I bought a Netgear CM2000 to satisfy him.

No change.

And that's the end of the Xfinity lack of support story. Hours and hours of my time. Several hours of Internet down time while replacing/testing hardware. Hundreds of dollars spent. Two technicians dispatched neither of whom was capable of diagnosing a problem.

So I decided to take the advice I gave to one of my Unix admins when he was troubleshooting a dial-out modem on an HP 9000.


I took a laptop with a gigabit Ethernet port and plugged it directly into the Netgear CM2000.

Bingo! I got 650Mbps.

Then I plugged that laptop into the LAN port on my router.


That pointed directly at my Asus RT-AC68R router.

As Pogo said, "We have met the enemy, and he is us."

So off to Google I went.

What I FINALLY found was that the RT-AC68R defaults to using the CPU to perform NAT acceleration. But the RT-AC68R has dedicated hardware that it can use. When I dug down into the settings and switched "NAT Acceleration" to "Auto", all was well!

The download speed jumped to 950Mbps!

The switch point where you should use the dedicated hardware is 150-200Mbps so I hadn't stumbled on it earlier.

Then I switched back to the Arris SB6190 and returned the Netgear CM2000. I still got 850Mbps.

Lessons learned: 1) Fast home Internet is a challenge and 2) Xfinity is no help.