Hackers Say They’ve Broken Face ID a Week After iPhone X has been Released

As I have said many times before, for every security protection there is a hack.  Always be careful, sometimes the simple things are still the best.

Read full article here.

https://www.wired.com/story/hackers-say-broke-face-id-security/

Posted in Mike's Blog by bigmike.

Havent seen a Windows XP machine in a while.

I forgot how simple and solid this OS is.  IF Microsoft would have kept working on this platform many people would be happy to run some of the old software that isn’t made anymore therefore will never be updated.

Posted in Mike's Blog by bigmike.

The latest update causing QuickBooks 2017 Pro to crash?

Clients are complaining that the latest update for QuickBooks 2017 Pro and am now receiving the error “QuickBooks has stopped working: Windows is checking for a solution to the problem…” After several seconds the error message continues to “A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available”.  This wasn’t occurring before I installed the update.

We found the latest Microsoft .NET Framework update is not compatible with QB 2017 on Windows 7 computers. If this is the case, then go to control panel -> Programs and Features -> double click on Microsoft .NET Framework 4.7 and choose repair option. Click continue/OK and finish reverting back to 4.6.1 ( the previous version).

Posted in Mike's Blog by bigmike.

How worried should I be about the new vulnerability found using Wireless connections?

WPA2 protocol used by vast majority of Wi-Fi connections has been broken by Belgian researchers, highlighting potential use of attackers.  Key word here is potential, the attack is complicated and must be done within range of your Wi-Fi.  Most issues will be that of Legacy products that are no longer being updated, like most of the consumer grade items sold at Best-Buy and office depot type places.  These devices get out of support much quicker than business models do so the only way to get a fix is to replace the unit itself.  This goes for the home consumer routers and any device that provides or uses Wi-Fi. Most major manufactures have the fix in Beta and will be releasing soon.  As these get done we will post.  Remember you probably have more devises than you think, tablets, phones, Smart TV’s too.

Crucially, the attack is unlikely to affect the security of information sent over the network that is protected in addition to the standard WPA2 encryption. This means connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN) and SSH communications.

However, insecure connections to non-secure websites. Those which do not display a padlock icon in the address bar, indicating their support for HTTPS – should be considered public, and viewable to any other user on the network, until the vulnerability is fixed.

Equally, home internet connections will remain difficult to fully secure for quite some time. Many wireless routers are infrequently if ever updated, meaning that they will continue to communicate in an insecure manner. However, Vanhoef says, if the fix is installed on a phone or computer, that device will still be able to communicate with an insecure router. That means even users with an unpatched router should still fix as many devices as they can, to ensure security on other networks.

Alex Hudson, the chief technical officer of subscription service Iron, said that it is important to “keep calm”.

“There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,” Hudson wrote. “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

“Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an HTTPS site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”

There’s likely to be a delay before the vulnerability is used to actually attack networks in the wild, says Symantec researcher Candid Wuest. “It’s quite a complex attack to carry out in practice, but we’ve seen similar before, so we know it’s possible to automate.

 

“Small businesses and people at home should be concerned, but not too worried,” Wuest added, advising most users to simply apply the updates to their software as and when it becomes available.

Posted in Mike's Blog by bigmike.

Language changed in Outlook update without asking!

Just an FYI I came across this when I was approving updates. In case you run into the issue that Outlook is displaying different languages in the UI check to see if this (these) updates are installed. I have seen similar updates for other versions of office as well. (I do  not approve them though).

 

After you install this security update, Outlook may display mixed languages in the user interface. To fix this issue, follow these steps:
1. Uninstall security update 4011086. Read the following section for information about how to do this.
2. Install Security Update for Microsoft Office Outlook 2007 (KB4011110).
From
https://support.microsoft.com/en-us/help/4011086/descriptionofthesecurityupdateforoutlook2007september12-2017

Posted in Mike's Blog by bigmike.