Using Microsoft? Lucky You in 2023

December 14, 2022

Several days ago, I had a meeting with an executive representing a financial services firm. In the course of confirming the meeting, the person told me, “We use only Microsoft Teams. Our security group has banned our use of Zoom and other video chat services.”

That’s why I found myself sitting at a sticky table in a coffee shop talking with this executive about a notification procedure which caught my attention. In that meeting, I mentioned that for each email sent to my official email by this person I received a notice that the individual was out of the office until mid-September 2022. Since we were meeting in the first week of December 2022, I found the emails from this person confusing.

I asked, “Why are you sending me an email and when I reply, I receive a notification from your corporate email system which tells me you are out of the office until September 2022.”

The response was, “Really? I will get IT to help me.”

Wow. Really.

Many organizations have embraced Microsoft systems and services. My hunch is that people want to use Excel. With full time employees in corporate information technology departments getting crushed by fixes, user issues, and software which does not do what the IT professional expects, companies want an fix.

Enter the cloud, certified consultants who can arrive like Wonder Woman, and big time engineers from a regional office to make everything work. Perfect. What could go wrong?

I read an article which may be accurate or may be presenting an incomplete report. Let’s proceed assuming that there is a kernel of truth in “Ransomware Discovered Carrying Legitimate Windows Certificates.” The write up states:

Cyber security company Sophos has issued a warning over antivirus-nullifying malware it discovered bearing legitimate digital certificates, including signatures from Microsoft’s own digital verification service.

The drivers, found paired with a ‘loader’ executable that was used to install the driver, carried the digital signature of Windows Hardware Compatibility Program (WHCP), and appeared to be specially designed to limit the functions of endpoint detection and response (EDR) security programs.  Code signatures are cryptographic certificates that indicate a program has not been altered since its release by its manufacturer. WHCP signatures are only intended to be given to software that Microsoft has checked over and given its personal seal of approval, and therefore seen as trustworthy files to run by Windows systems. Researchers say that the find shows that threat actors are working harder to move up the ‘trust chain’, employing increasingly sophisticated methods to sign malware with legitimate cryptographic signatures so that it can be installed on systems without detection.

The article is in my opinion content marketing; that is, the information is designed to cause someone to license Sophos technology.

The idea is that bad actors can exploit systems and methods set up my Microsoft to make certain their systems are secure. People have struggled with getting Windows to print; others have found that Exchange Server (probably the email system which baffled the financial executive) vulnerabilities have caused some sleepless nights.

Several observations are warranted in my view:

  • Microsoft like Google is a Leviathan. It is a target, and is may be that the Softies are in over their heads. Perhaps too big to make secure?
  • Users are baffled with fairly simple operations of widely used software. What interesting security issues does this pose? Phishing works for a reason: Users click without th8inking.
  • Corporations perceive their decisions to be good ones. The continuing increase in cyber aggression is not something people want to discuss in a meeting of suits, sales professionals, and worker bees.

Net net: Good enough software and systems, PowerPoint presentations from certified partners, and customer cluelessness suggest an exciting 2023. Legitimate Windows Certificates? Oxymoron maybe?

Stephen E Arnold, December 14, 2022

Instant Messaging Security Is Becoming a Serious Issue

November 29, 2017

It might sound like a problem from twenty years ago, but the security of instant messages is a serious concern. We didn’t even know it was a thing, but once we started digging—yikes. We started this journey with the Make Use Of article, “Signal Desktop Brings Secure Messaging to Your PC.”

According to the story:

Signal, the messaging app which values privacy above all else, now has a standalone desktop app. Signal Desktop, which is available for Windows, MacOS, and Linux, replaces the Signal Chrome app. The app itself isn’t very different, but having a dedicated desktop offering is always welcome.

 

While most of the big messaging apps are starting to take your privacy seriously, Signal has made this its number one priority. This has made it popular with people for whom privacy is of the utmost importance, such as politicians and journalists. All of whom can now use Signal Desktop.

Sounds like Signal is hitting the desktop market just in time. A recent study found that doctors are sharing sensitive patient information via instant messaging software. Whoa. If anything should be secure, it’s that. Let’s hope they get onboard soon.

Patrick Roland, November 29, 2017

The Cloud Needs EDiscovery Like Now

October 16, 2017

Cloud computing has changed the way home and enterprise systems store and access data.  One of the problems with cloud computing, however, is the lack of a powerful eDiscovery tool.  There are search tools for the cloud, but eDiscovery tools help users make rhyme and reason of their content.  Compare The Cloud reports that there is a new eDiscovery tool to improve the cloud, “KroLDiscovery Brings End-To-End eDiscovery To The Cloud With Nebula.”  Nebula is the name of KrolLDiscovery’s eDiscovery tool and it is an upgrade of eDirect365, building on the software’s processing and review capabilities.

Nebula was designed with a user-friendly eDiscovery approach that simplifies otherwise complex tasks.  Nebula is also a web-based application and it can be accessed from most browsers and mobile devices.  The benefit for Windows users is that it can be deployed within Windows Azure to bring scalability and rapid deployment capabilities.

KrolLDiscovery is proud of their newest product:

 ‘We are excited for the future of Nebula,; said Chris Weiler, President and CEO of KrolLDiscovery. ‘Expanding our eDiscovery capabilities to the cloud is a benefit to our multi-national and international clients as they can now process, store and access their data across the globe. All the while, we are dedicated to providing the same industry-leading service we are known for by our clients.’

Nebula was designed to improve how users interact and use their content on a cloud-based system.  Cloud computing has a real-time and portable air about it, but its weaknesses lie in lag and security.  Perhaps Nebula will enhance the former making its other weaknesses a mere shadow of the past.

Whitney Grace, October 16, 2017

 

Searchy Automates Your Search Parameters

January 25, 2017

The article on FileForum Beta News titled Searchy for Windows 0.5.1 promises users the ability to gain more control over their search parameters and prevent wasted time on redundant searches.  By using search scopes, categories, and search templates, Searchy claims to simplify and organize search. The service targets users who tend to search for similar items all day, and makes it easier for those users to find what they need without all that extra typing. The article goes into more detail,

Your daily routine consists of lots repetitive searches? With Searchy you can automate that. Just write a template for similar search queries and stop typing the same things over and over… Search using Google’s and Bing’s web, image, video and news search engines. Often performing searches on same websites? Spending much time on advanced search filters in Google or Bing? Searchy will simplify that too. Just add scopes for the websites and search filters, and use them like a boss.

Searchy was developed by freelance developer Alex Kaul, who found that entering the same phrase over and over in Google was annoying. By automating the search phrase, Searchy enables users to skip a step. It may be a small step, but as we all know, a small task when completed one hundred times a day becomes a very large and tiresome one.

Chelsea Kerwin, January 25, 2017

  • Archives

  • Recent Posts

  • Meta