Home

Microsoft has released a Windows 10 tool to download the required files and make an install DVD disk, USB or ISO image:
http://www.microsoft.com/en-us/software-download/windows10ISO

If you have multiple PC's that your upgrading and you don’t want to download 3+GB of data per PC this is the way to go. Also doing this at a time that you specify may be better than risking your PC's auto updating at the most inopportune moment.

The install media also gives you the ability to erase your PC and do a fresh install (after backing up your data) just bear in mind that the mechanics of how licencing and product keys work in terms of your free entitlement is still unknown present.

My initial "don’t upgrade yet" recommendation still stands unless you are a "tech enthusiast" and either way I highly recommend you take a full "system" backup first see here for more detail.

Microsoft released Visual Studio Community edition for free this week. If you ever had the urge to develop software (and the time to learn) the same professional software that cost $800 last week is now available for free. You can use it personally, in a business and even to create software for resale.

http://www.visualstudio.com/en-us/products/visual-studio-community-vs

Microsoft appears to have recently updated its security policy's for multifactor authentication and is now forcing you to "verify" which essentially requires you to add a mobile phone number to your Microsoft account then enter the code that has been sent to you via SMS.

This has been a "feature" for added security for quite a while but just this morning I have had three outlook.com/hotmail.com/live.com email accounts that have been unable to send email until "verified". Ultimately it's good to have better security (after all you wouldn't want them to be careless an expose your personal photos and information out on the net right?). This will reduce the amount of spam out there as well but it does impose a 5 minute interruption on you.

As always keep your wits about you when handling this type of request.

Here are some notifications I have received:

If someone calls up purporting to be from Telstra or Microsoft (or anyone really) and offering to fix your computer please don't let them remotely access your PC and "fix" it for you. I know that sounds obvious but they play the numbers game in saying that they are aware that you are having issues with your PC or internet connection. Inevitably some of the people they will call at any given time will, in fact, be having issues just based on probability.

Having just fixed one of these issues in the last 24 hours I can assure you it's a significant and unnecessary expense to reverse their "fix", get your data back and restore your computer to a working state.

If anyone calls you offering to fix your PC I suggest you just politely decline and hang up on them, also be prepared that they will probably persist.

Also seriously consider NOT being an administrator on your own PC and instead have a separate administrator account. Also, never store banking, credit card details on your PC just in an unencrypted document.

Sometimes in IT things are hard to explain and when I get a good short explanation its sometimes worth sharing. This is from the Sophos antivirus guys:

[A botnet is a collection of] malware-infected computers, individually referred to as bots or zombies, that can be controlled remotely by criminals known as bot-herders or botmasters.

As well as stealing information such as banking passwords from each computer in the botnet, the crooks can also send commands to all the computers in the botnet at the same time, essentially giving them a huge distributed "network cloud" of computing resources.

Botnets can therefore be used to send massive quantities of spam (including spam runs containing email attachments with more malware), to clock up huge numbers of fraudulent but legitimate-looking ad clicks, to carry out online attacks, and more.

Attacks of this sort are hard to block because they originate simultaneously from thousands of innocent-looking computers, so there isn't a single, obvious source of criminality.

http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-the-dead/

If your running windows 8[.0] without the free windows 8.1 update you need to install this free update now. If you don't you will no longer receive the security and reliability updates

http://www.zdnet.com/windows-8-1-consumers-its-time-to-move-to-update-1-7000030378/

Today, June 10, is Microsoft Patch Tuesday. It's also the deadline for consumers running Windows 8.1 to install the Windows 8.1 Update if they want to continue to receive patches and fixes from Microsoft.

win81update1rumors

Microsoft originally imposed a deadline of May 13 on consumer users to move to the Windows 8.1 Update. On May 12, Microsoft announced a deadline extension to June 10.

Ebay hack reported, 128 million active users account details globally compromised in Feb - March and they are only telling us now, thanks for that.

Do you have unique passwords for each of your online services? Consider yourself warned.

Here are some further details:

http://www.theverge.com/2014/5/21/5737914/ebay-will-ask-all-customers-to-change-passwords-after-massive-breach
https://au.finance.yahoo.com/news/massive-breach-ebay-urges-password-105845341.html
http://mashable.com/2014/05/21/ebay-breach-ramifications/

Excerpt:
..."For the time being, we cannot comment on the specific number of accounts impacted," said Ms Ramirez.

"However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords."

Potentially affecting eBay's 128 million active users globally, the attack could be one of the largest affecting a retailer.

It comes after retail giant Target disclosed a security breach which could affect more than 100 million customers....

Here is a roundup of the easiest to understand information about the heartbleed vulnerability, read these and you should have a pretty fair idea of the lay of the land.

I have told many of you before but best practice recommendation is NOT TO DUPLICATE PASSWORDS each service should have a unique, strong password that won't fall over domino fashion if there is a breach like this one, and the Adobe one a year or so ago and the Sony PlayStation one before that. How do you manage all these passwords?, well see below the info on lastpass.com. Its free on the PC and minimal cost if you want the multiplatform apps. This is important, consider yourself warned.

Here are the details on heartbleed:

From: http://www.pcauthority.com.au/News/382247,heartbleed-memory-bug-leaks-encrypted-data.aspx
Researchers have warned of a serious security bug in OpenSSL that allows encrypted data to be stolen. OpenSSL is an open-source library of SSL/TLS encryption - the transport layer security protocols by which email, IM, and some VPNs are kept secure online.
A bug dubbed "Heartbleed" lets anyone read the memory of systems using vulnerable versions of OpenSSL software, researchers from Codenomicon have revealed. "This compromises the secret keys used to identify service providers and to encrypt the traffic, the names and passwords of the users and the actual content," the researchers wrote on a website dedicated to the security bug. "This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."...

Office 365? Microsoft say this about Windows based products:

Information on Office 365 and Heartbleed: Microsoft Account, Microsoft Azure, Office 365, Yammer, Skype, along with most Microsoft Services, are not impacted by the OpenSSL "Heartbleed" vulnerability. [The] Windows' implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.

From: http://www.theage.com.au/it-pro/security-it/heartbleed-security-bug-what-can-you-do-20140411-zqtff.html
...that chunk of data might include usernames and passwords, reusable browser cookies, or even the site administrator's credentials. While the exploit only allows for small chunks of data to be dumped each time it is run, there is nothing to prevent attackers from replaying the attack over and over, all the while recording fresh data flowing through vulnerable servers. Indeed, I have seen firsthand data showing that some attackers have done just that; for example, compiling huge lists of credentials stolen from users logging in at various sites that remained vulnerable to this bug.

For this reason, I believe it is a good idea for internet users to consider changing passwords at least at sites they visited since this bug became public (Monday morning). But it's important that readers first make an effort to determine that the site in question is not vulnerable to this bug before changing their passwords.

From: http://www.pcauthority.com.au/News/382523,heartbleed-dont-change-all-your-passwords.aspx
Security experts warn that changing all your internet passwords now could do more harm than good
Security experts are warning users to ignore advice to change all of their internet passwords in the wake of the Heartbleed compromise.

Lastpass password manager:

From: http://www.zdnet.com/worried-about-heartbleed-lastpass-security-check-has-you-covered-7000028367/
LastPass has updated its built-in Security Check so that you can now easily see which sites require you to update your passwords to be safe from possible Heartbleed attacks [and which to wait until they have sorted out their own SSL security first]....

Example screenshot:

Lastpass: https://lastpass.com/

Microsoft Onenote software is now free and with auto-sync to your (free 7GB) Microsoft onedrive/skydrive/livedrive online storage. Its a great product for school, uni, work or home notes. You can share between your team or family so that you can all "be on the same page".

Get the apps too so you can auto-sync with your Windows phone and Windows 8 tablet (supports other lesser products also).

http://www.onenote.com/

(or if you want to pay $89 then you can do that also)