Archive for May 18, 2017

#Fail: Trump Properties Are Easily Pwnable Via Poorly Secured WiFi

Posted in Commentary with tags , on May 18, 2017 by itnerd

Gizmodo is running a story where they test the security at a few properties owned by US President Donald Trump including The Mar-a-Lago Club where he has brought foreign leaders and found that any “half decent hacker” can break into their networks via poorly secured WiFi:

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, N.J., with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

That doesn’t sound good. But you’re likely asking “is this really a big deal?” Well, yes it is. Here’s why:

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just [Gizmodo and] ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Seeing as Trump is President, likes to go to these places frequently, take foreign leaders to these places, and likely conduct business that affects the security of the United States, this is a problem. Now, if you also consider that he signed an executive order to force the government to step up its game on the cybersecurity front, maybe he should get his own house in order first as the optics from this are pretty craptastic.

Advertisements

#Fail: Dell BIOS Update Bricks Computers

Posted in Commentary with tags on May 18, 2017 by itnerd

It seems that Dell has some pissed of customers on its hands due to a BIOS update that is apparently bricking computers. Apart from a power light, nothing much happens. The main model affected by this is the Inspiron 20 3052, although a few users reported similar problems with Inspiron 3252s.

If you want to see how frustrated users are, the thread on the Dell Support Forum that has the outrage in progress is here. Let’s hope that Dell has a fix for this that they can roll out quickly to mitigate this disaster.

I Was Wrong: Maybe You Should Enable Automatic Updates On Windows 10

Posted in Commentary with tags on May 18, 2017 by itnerd

Frequent readers of this blog know that I am not a fan of Windows 10’s update scheme which force feeds updates down your throat. The reason why I am not a fan is because they have a tendency to break your PC every once in a while. Such as this recent example. But because of this epic cyberattack this past week, I’ve altered my stance a bit. Maybe I was wrong on this and people should enable automatic updates.

But before I get to why am altering my stance and how to make automatic updates something that is tolerable, let me get one thing out of the way. And I’m directing this at you Microsoft. Automatic updates in Windows 10 needs to be way better than it is. I get that unlike the folks at Apple, Microsoft doesn’t fully control what their OS goes onto. Thus that opens the door to a weird combination of security patches and driver updates that Microsoft couldn’t possibly have tested crashing a PC. On top of that, there’s the fact that the way Microsoft has automatic updates implemented can also result in lost work when a computer is force rebooted, or bandwidth usage skyrocketing without your permission because a large volume of updates get downloaded. This whole experience needs to be redesigned so that it is way better than it presently is to make it less risky and more palatable to have automatic updates turned on.

Now, with that out of the way, here’s why I have altered my stance. Components of the ransomware that hit users in 170 or so countries this past week used an exploit that was patched by Microsoft in March. Now if you ignore the people who were running out of date Microsoft OS’es, a lot of computers that got hit by this could have avoided this if they automatically got the patch in question. That one simple fact has made me change my tune. Now how do you use automatic updates without it annoying the daylights out of you? Here’s my suggestion:

  1. Tap or click on the Start button, followed by Settings. You’ll need to be on the Windows 10 Desktop to do this.
  2. From Settings, tap or click on Update & security.
  3. Choose Windows Update from the menu on the left, assuming it’s not already selected.
  4. Tap or click on the Advanced options link on the right, which will open a window headlined Choose how updates are installed.

Here’s where the fun begins. You need to check the following:

  • Automatic (recommended): Choose this option to automatically download and install updates of all kind, both important security patches as well as not-as-important non-security updates, like feature improvements and minor bugs.
  • Give me updates for other Microsoft products when I update Windows: I recommend checking this option so other Microsoft programs (Microsoft Office for example) that you have installed will get automatic updates too.

From there, I would do the following:

  1. Tap or click on the Start button, followed by Settings. You’ll need to be on the Windows 10 Desktop to do this.
  2. From Settings, tap or click on Update & security.
  3. Choose Windows Update from the menu on the left, assuming it’s not already selected.
  4. Select Change active hours.

This feature allows you to define when you use your PC. That way it will not restart in the middle of your work and instead restart itself when you are asleep or likely to be away from your PC. Just make sure to save your work before you leave your PC and make sure you leave it on.

The last thing that I would suggest is to always backup your PC. None of this deals with the issue of updates making your PC non-functional. Thus you should have a recent backup handy in case things go south.

In closing, other operating systems that Microsoft still supports such as Windows 7 and 8.1 have a similar feature. If you want a guide for those operating systems to allow you to set up automatic updating, please leave a comment and I’ll do my best to build one.