In this New York Times article they discuss FaceBook sharing your personal information with 3rd parties.  This is probably not a surprise to anyone in IT, but you may not realize how much data they share and with whom.  Two of the companies have links to the Russian and Chinese government.  You may not care if Microsoft has your info or Apple, but how do you feel about a Russian search engine being able to tell who & what you like, where you are and even possibly information in private messages.  All while trying to effect the outcome of a presidential election.  In their research the NYT finds that permissions were given above what was needed and they weren’t monitored or rescinded when there was no longer a need.  I encourage you to read more on the link below.

  Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

Source: As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants

Teams of software experts have discovered a bug in both Intel and AMD processors that can allow malicious code access to confidential information.  Some patches are currently available, but not all aspects are fixable at the moment.  This issue is serious and effects Microsoft Windows, Apple MacOS and Linux as well as as mobile devices Apple iOS and Google ChromeBooks.  Basically anything with an Intel or AMD effected CPU. Keep up to date on your patches, Retire old Out of Service Operating systems.  Yes people are still using XP, 2003, etc. It’s time for them to go away finally.  No patches will come out for older OS making them just huge targets. Keep your OS and AV up to date or just ask us about RMM and WebRoot. Read more in the links below. https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/  

In case you haven’t heard (if you follow our Blog or Facebook page you should have) there is some fallout from the NSA hacking tools being leaked.  At least allegedly.   Our  WebRoot customers are covered and our IDMax customers have been updated.  Are you one?  If not contact us and stay protected. The ‘new’ Ransomware has been wreaking havoc, causing outages, effecting Hospitals, telecoms and business in the UK, Russia, Tiawan and elsewhere. Microsoft has put out patches for it’s operating systems as well as offering some patches for it’s older XP and 2003 OS even though it discontinued support for them sometime ago.   Read More: Here on NetworkWorld, Here on ZDNet.com, More here on ZDNet.com including links to the Patches for Older OS (XP/2003)  

Is it right for Big Brother to be able to snoop on you indefinitely without you ever knowing?  They seem to think so.  MS Disagrees…  We do too.

Microsoft sues the US government over the right to tell its users when federal agencies want access to private data.

Source: Microsoft sues US government over secret data requests – BBC News

You may already have heard about this.  If not, read more below.  In Any event, get ready for some serious/critical patches in the near future. Adobe Flash has a significant number of Vulnerabilities so bottom line, if you don’t need it on your computer Don’t Install it or Uninstall it and you have one less source of stress.  Unless you are one of the fortunate (#Sarcasm) that needs it for some mission critical software you use.  In that case.  My heart felt condolences and contact us about keeping up to date.

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.

Source: Adobe to issue emergency patch for Flash vulnerability

The future will be here soon!

Microsoft has gained incredible mindshare for its HoloLens virtual reality headset, which is all the more remarkable since it’s pretty much been vaporware. However, development continues at quite a pace, and one of the more incredible ideas to sprout up is “holoportation.”

Source: Microsoft’s HoloLens might allow you to travel without ever moving | Network World

Are you ready?  I’ve been waiting for this.Well, this is it. The day all my dreams came true. I started out playing 2D side-scrollers in mall arcades in the 1980s, but I’ll soon be able to fight holographic robots bursting through my living room walls using my handheld blaster that’s a wearable hologram. WTF.

Source: Project X Lets You Fight HoloLens Aliens In Your Living Room, And It’s Freaking Unreal

I’ve had more than one complaint about the past Patch Tuesday.  One client had their server BSOD, a relative just had their system hang on updating do not shutdown (for 16+hrs) before I ignored and rebooted it. These issues could be tiny in comparison to the single bit change that allows Admin access.  Read more on Network World Below:

Researchers bypass protections on all Window versions.

Microsoft is upset that yet again Google has disclosed an as yet (at time of disclosure) unpatched flaw in Windows 8.1.  Google did give MS proper notification and a 90 day deadline to address the issue.  Microsoft if upset that Google didn’t extend its (set in stone) 90 day deadline to allow Microsoft to release the patch within it’s normal Patch window on what’s called “Patch Tuesday”. I agree with the cutoff myself.  Especially if you look at it like this..  Microsoft put out a product that has security issues in it, some have been there for years undiscovered by Microsoft as it releases new versions of it’s OS.  New versions that often are still susceptible to the same flaws.  Many of these flaws are brought to Microsoft’s attention from ethical outside sources including Google.  Unethical hacker may already know and be using these flaws for malicious purposes.  It’s reported that our own NSA knew about HeartBleed the SSL flaw for years and kept it silent to exploit it. So the question remains.  How much time should a company have to patch a flaw from the time it is informed of it?  Each day a fix is delayed is a possible exploit of systems and data.  Security breaches, stolen data, pictures, passwords, credit card & financial info.  So the question is…  Is 90 days long enough or is it too long?  Think of Sony, or iCloud or any other data breach you’ve heard of in the recent history.  Then think..  Should MS be upset about the  flaws being disclosed or should they Really be apologizing for not fixing it sooner? Read Network Worlds take on it at the link below.

Google discloses another unpatched Windows flaw, irritates Microsoft | Network World.

Microsoft was notified over 90 days ago about a vulnerability that would allow a user with local credentials to elevate their rights to that of admin.  Google’s Project Zero policy is to give 90 day for the vendor to fix the issue then disclose it to the public.  Wether fixed or not.

I approve of this practice.  90 days is ample time for a fix.  The more time a system is vulnerable the more likely someone will exploit it.

So what do you think?  Should Google continue the practice of disclosure after 90 days or just wait until the vendor fixes it regardless of how long that takes?

Google posts Windows 8.1 vulnerability before Microsoft can patch it.