Archive for Microsoft Was Down…. But All Is Fine Now

Posted in Commentary with tags on May 22, 2020 by itnerd

Just before 4PM EST it seemed that went down. I tried to log in during that time and I got this:

A few minutes later, I couldn’t get this page. Instead I never got to a page. But it is clear that something was wrong. Though if you checked the Office 365 Status page, all was apparently good:

I also noted that email accounts on my iPhone weren’t working as well. But at 4:20PM things came back up. So all is fine now. Thus if you noticed an issue with on the web or on your device, you know why now.

Microsoft To Kneecap Cortana In A Future Windows 10 Update

Posted in Commentary with tags on March 3, 2020 by itnerd

Microsoft put out a blog post on Friday to talk about the changes that are coming to Cortana, the virtual assistant that nobody seems to care about. The first big change is this:

Through this updated Cortana experience, we will roll out new Cortana services delivered through Microsoft 365 backed by the privacy, security and compliance promises of Office 365 services as set out in the Online Services Terms. Protecting your data and privacy is our highest priority, and we give you control over your data.

In short, Microsoft is going to move Cortana to the world of Office 365. But that’s not all, there’s this:

As part of Cortana’s evolution into a personal productivity assistant in Microsoft 365, you’ll see some changes in how Cortana works in the latest version of Windows 10. We’ve tightened access to Cortana so that you must be securely logged in with your work or school account or your Microsoft account before using Cortana, and some consumer skills including music, connected home and third-party skills will no longer be available in the updated Cortana experience in Windows 10. We’re also making some changes to where Cortana helps you. As part of our standard practice, we are ending support for Cortana in older versions of Windows that have reached their end-of-service dates. We recommend that customers update their devices to the latest version of Windows 10 to continue using Cortana. We’ll also be turning off the Cortana services in the Microsoft Launcher on Android by the end of April.

So it seems that Microsoft is killing off anything that is consumer focused that relates to Cortana. To be frank, I am not sure anyone will miss that. Seeing as I am pretty sure nobody uses Cortana. But hey, it’s not all bad news. Assuming that you pay up for Office 365, you can have Cortana retrieve upcoming appointments, set reminders or change settings. The emphasis, according to Microsoft, will be on “productivity.” Though again, I don’t know if anyone would actually use it seeing as pretty much nobody uses it now. But you can’t blame Microsoft for trying to play in the sandbox with Siri, Alexa, and Google Assistant.

The Windows 10 Start Menu Now Harasses Firefox Users

Posted in Commentary with tags on February 10, 2020 by itnerd

From the “WTF?” department comes this story on the “Suggested” section on the Windows 10 Start Menu. It used to just promote its own apps, which was annoying in itself. But for some users who haven’t disable Microsoft’s “Suggestions”, that menu is now showing a new kind of ad listing reports MSPowerUser:

The listing displays “Still using Firefox? Microsoft Edge is here”, to all users of the former — even with the latter already installed.

The ad provides a link to download the chromium-based browser.

Undoubtedly, the suggestions won’t end here. Microsoft is reportedly planning to sprawl similar ads out to Wordpad, to encourage users to download official Office apps.

Microsoft’s “Suggestions” can be permanently disabled with a few tweaks, but the fact is that you shouldn’t have to put up with this. Operating systems shouldn’t be advertising the way that Windows 10 seems to. Users hate it and I often get asked to disable that and live tiles to make Windows 10 more usable. That should be a big hint to the folks in Redmond to stop doing this. Which of course they won’t unless they’re forced to.

You Can Get Microsoft’s Chrome Based Browser Today

Posted in Commentary with tags on January 15, 2020 by itnerd

About a year ago, Microsoft announced plans to move their Edge browser to Chromium  which is the open source version of Chrome. As in Google’s Chrome. While that announcement raised eyeballs pretty much everywhere, it does make sense. By using Chromium, Microsoft can simply not worry about compatibility issues and bring features to multiple platforms at the same time.

Today Microsoft announced that you can get Microsoft Edge in its new Chromium form on the following platforms:

  • Windows 10, 8.1, 8, and Windows 7. Support for Windows 7 seems a bit weird to me as support for that OS ended yesterday.
  • macOS
  • iOS
  • Android

Fun trivia fact: For Mac users, this is the first time Microsoft has put out a browser for the Mac since 2003.

You can download the new Edge browser here. My question for you is will you use the new Microsoft Chrome Edge? Leave a comment and share your thoughts please.

Today Is One Patch Tuesday That You May Want To Take Seriously… Microsoft May Be About To Patch A Serious Flaw In Windows [UPDATED]

Posted in Commentary with tags on January 14, 2020 by itnerd

To be honest, every Patch Tuesday should be taken seriously as the bugs that are fixed on Patch Tuesday are usually exploited by hackers 24 hours later with the targets being those who have not updated on Patch Tuesday. Having said that, today’s Patch Tuesday may be more important than usual because of this discovery by Brian Krebs:

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

If this is true, this is a big deal and you should patch all the things the second that this fix becomes available. Because based on the above description, any exploit that leverages this flaw will be serious and highly damaging. Assuming exploits aren’t already out there. I’ll update this post as soon as I get more info on this.

UPDATE: This is likely the first of many updates on this story. The NSA just held a press briefing and according to the Washington Post they confirmed that they found a flaw that matches the description that Brian Krebs reported and alerted Microsoft. That’s a major shift for the NSA as they tend not to report such flaws and instead weaponize them. That officially makes this a big deal and you should patch all your Windows computers the second this becomes available.

UPDATE #2: I posted this Tweet with a link to the Microsoft write up about this issue a few minutes ago:

But as informational as that is, what you actually want to read is the CERT document on this. I had a look and this bug is incredibly bad. This summary has all you need to know:

The Microsoft Windows CryptoAPI fails to properly validate certificates that use Elliptic Curve Cryptography (ECC), which may allow an attacker to spoof the validity of certificate chains.

In English, that means that an attacker can use a fake certificate to look at data that should be encrypted at all times. Thus I will reiterate what I said earlier in this post. As soon as the patch comes out, patch all the things.

Microsoft Shipped Skype And Cortana Recordings To China For Review….. What Could Possibly Go Wrong?

Posted in Commentary with tags , on January 10, 2020 by itnerd

Do you use Skype or Cortana? If so, this might bother you. Apparently Microsoft had a program to transcribe and vet audio from Skype and Cortana, its voice assistant in China. And it apparently ran for years with “no security measures” which is chilling. This is from a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company:

The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management, the former contractor said. Employee vetting was practically nonexistent, he added.

“There were no security measures, I don’t even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details,” he told the Guardian. While the grader began by working in an office, he said the contractor that employed him “after a while allowed me to do it from home in Beijing. I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login.” Both username and password were emailed to new contractors in plaintext, he said, with the former following a simple schema and the latter being the same for every employee who joined in any given year.

This is not just bad. It is horrifically bad. There are so many ways that this could have ended very badly for Microsoft. Especially since we are talking about the fact that these recordings went to China who are basically a surveillance state. Now, the folks in Redmond have deep sixed this program after it became public. But as far as I am concerned, that’s not good enough. Microsoft needs to answer the tough questions about this program in front of congress or the EU because I think we all deserve to know how pervasive this practice is within the company.

Windows 7 & Server 2008 End Of Support Comes On January 14….. What Happens Next?

Posted in Commentary with tags on January 9, 2020 by itnerd

Windows 7 is reaching end of support on January 14 2020. What that means is that there will be no technical support, software updates or security fixes from Microsoft. Meaning that if you have a problem and the OS is the issue, it won’t be fixed. New or improved features will not be added. And most importantly there will be no software updates which means that the security of your PC will immediately come into question. And you can copy and paste what I just said for Windows Server 2008 and 2008 R2 which also go out of support on the same day.

So what do you do?

Well, Microsoft would really like it if you upgrade to Windows 10. If you go that route, I recommend doing a fresh installation of your programs and apps on your new Windows 10 PC. I would not just try to upgrade on top of your existing Windows 7 system as you may run into issues.

Here’s the minimum specifications for Windows 10:

  • Processor: 1 gigahertz (GHz) or faster processor or SoC.
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit.
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS.
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver.
  • Display: 800 x 600 resolution

Top Tip: If your hardware is more than a couple of years old, you may be better off buying a new PC and installing up to date apps as well as moving your files over to said new PC.

Another option is to stay with Windows 7. But you leave yourself open to becoming a victim of malware as well as the fact that nobody is going to fix anything in that OS. I will say that nobody is forcing you to go to Windows 10. But if I were you, I would make the jump.

The last option is to move to another OS such as Linux or macOS. In the case of the former, there are a number of Linux distros that are specifically designed to run on older hardware. Such as hardware that once ran Windows  7.  These distros can give your hardware a new lease of life, allowing it to run better than ever. There’s also a ton of free apps that should allow you to replicate your setup. However there is a catch. Linux is quite different to Windows in a number of ways, and that can create a bit of a culture shock. If you do go from Windows 7 to Linux you’ll need to spend some time learning how to use the new operating system and how it works. In the case of macOS, Apple has the advantage of making the hardware and software, and there are versions of applications like Microsoft Office available. But you’ll have to pay up for them, on top of the fact that Apple hardware isn’t exactly cheap. And like Linux, there’s a bit of a culture shock in terms of moving to macOS. That’s something that could be smoothed over with some help from your local Apple Store. But the shock still exists.

Whichever way you go, there are only a few days left to decide what to do if you run Windows 7. Regardless of what you do, my advice is that you act on a course of action ASAP.