Home

Personalised and targeted email attacks. See below, don't click. Same as usual with a bit more effort from the hackers...

People who know about these things are getting a bit worried about the LastPass data breach. If you use LastPass you need to evaluate what action to take.

Late last year a hacker broke into LastPass and stole their entire data vault, that included all your logons and passwords if you use LastPass (or even have an old account that you don't use anymore).

LastPass say that they, and consequently the hackers, don't have access to your logon data because its encrypted and protected by the master password that only you know. They have advised that it would take 'millions of years' to crack open the vaults and get access to your data.

However, as time has gone on, we have been hearing that there are caveats to this and it depends on the length of the master password and some of the default settings that you had setup in LastPass, some of those settings have changed their defaults over time so If you have an older account, you may have less protection. The end result of that is that some online security sites are saying in reference to the 'millions of years' claim that in actuality "it may be a lot less than that!"

Advice is extremely varied about what to do, here are some examples:

• LastPass are saying 'millions of years' to crack open, assuming you have a 12 digit complex password, your PBKDF2 iterations is set to 100,100 or more and [OBVIOUSLY] you never reuse your master password on other websites
• Almost all are saying change the LastPass master vault password
• Some are saying change all your passwords for any accounts that are stored in LastPass and change the LastPass master vault password
• Some are saying dump LastPass altogether and move to another password manager, plus changing all your passwords as above

Whatever action you decide on, do it soon as the clock is ticking if the hackers are trying to brute force crack the data. Some sites are reporting that LastPass have been very coy about the details including when the data was even stolen and as such how long the hackers may have been working on the data, and some say that general communication about the whole event has been poor which brings about a loss of confidence in the service.

The LastPass notice:
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Some other sites information:
https://www.wired.com/story/lastpass-breach-vaults-password-managers/

https://www.bostonglobe.com/2023/01/09/business/lastpass-security-breach-was-worse-than-youve-heard-heres-what-do/

https://blog.1password.com/not-in-a-million-years/

Finally, almost all security experts still recommend a password manager for managing your passwords. The general consensus is that having strong complex passwords for all your sites and services that you don't have to remember, all stored within a very secure service, protected by a single unique, strong password still provides the best protection compared to the alternatives.

This blog post has been provided for the benefit of digitalwelcomemat IT customers. Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

Digitalwelcomemat will be on Christmas break starting this afternoon. I will be on leave from 22/12/22 - 08/01/23 inclusive then working part time for the week of 09/01 - 13/01. 

I will be checking email during this period for any urgent issues.

Thank you to all my customers for 2022 and I look forward to being able to support you in 2023, I hope you have a good break and a Merry Christmas.

This is a typical example of a phishing email. If you click on the link the bad guys will harvest your username and password and start using them to access you email inbox, send emails or worse.

This is a 'obvious' fake email, but people keep getting caught out so I will keep reminding you. Admin and management staff, consider sending this information on so your staff can be reminded.

Multi factor authentication on your Microsoft account will mitigate the impact of being fooled into clicking this. Talk to me if you want this turned on.

Some users are reporting a persistent password popup in their mail application this morning, this is due to Microsoft changing the Microsoft/Office 365 authentication method and requiring 'modern authentication' by default.

If you are using Outlook 2013 this can easily be solved by changing\adding a Registry setting in Windows which is normal and 'IT support level' change:

(more details here https://learn.microsoft.com/en-gb/microsoft-365/enterprise/modern-auth-for-office-2013-and-2016?view=o365-worldwide)

This can also be easily pushed out by 'group policy' if you have a Windows domain.

If you're seeing this in another mail app for example on your phone this will require further investigation and planning.

Here is some further reading on the subject:
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437​

ACSC (Australian [Government] cyber security centre) are recommending that all business purchase their equivalent domain name to prevent "...to help protect your business from opportunistic cybercriminals" before 20 September 2022.

To help protect your business from opportunistic cybercriminals, the Australian Cyber Security Centre (ACSC) recommends that all Australian businesses with existing domain names register their .au equivalents before 20 September 2022. If a business does not reserve their .au equivalent direct domain name during this six-month period, that name will become available to the public on a first come, first served basis. 

https://www.cyber.gov.au/acsc/view-all-content/alerts/new-domain-name-changes-could-leave-your-business-or-organisation-risk

Digital pacific is reporting that the pre-order process for new .au domains now open now go here: https://digitalpacificdomains.com.au for details.

If you have reallylongdomainname.com.au this may be your opportunity to purchase imshort.au instead or to secure your business identity and reputation by purchasing mydomainname.au as well as your existing mydomainname.com.au (before your competitors do) I don't know what the allocation process is but I strongly suggest you act quickly if your interested.

I advised last week that there were problems with the 21H2 Windows update from Microsoft. Microsoft has reported that the 'MSI install issue' is resolved now with another patch. As far as the Intel sound card driver conflict goes this is a Windows 11 only issue so Windows 10 users can allow updates to naturally instal now as usual. If you put a 7 day pause on your windows updates they will automatically begin again in a few days.

For Windows 11 users MS has setup a compatibility block so the offending upgrade shouldn't auto install however they say 'We recommend that you do not attempt to manually upgrade using the Update now button or the Media Creation Tool until this issue has been resolved and the safeguard removed.

Here is the link if your running Windows 11 and want to track this issue:
https://docs.microsoft.com/en-au/windows/release-health/status-windows-11-21h2#2746msgdesc

For those customers where I manage Windows updates via Windows Update services, I have now release the 21H2 update for Windows 10 as it resolves a number of vulnerabilities.

Just a reminder about allowing Windows updates to install, I strongly recommend logging off each evening and restarting your computer once a week. This allows a few things to happen which should enhance your computing experience as well as allow for better security. I also recommend leaving your computer on overnight at least once per week to allow installs to complete (that is if you don't leave it on all the time anyway)

Some of the befits of logging off and restarting:

• It allows windows updates to auto-occur when they are needed, at least on a 24 hour basis.
• Logging off closes all your programs/applications which releases all the memory back to windows to be 'cleaned-up' and reused, it closes all open programs and resolves any transient 'weirdness' that may be happing. 
• Restarting does the same as logging off but it also does same for system processes and Windows services
• If you have roaming user profiles setup in your organisation data is only saved back to the servers when you log off, if you have a power outage before that time data may be lost.
• It forces you to clean-up, save your documents and close off the clutter. It could be just me but I can't see how having 15 word documents open at the same time for a month helps with productivity! (but perhaps that's just me:-/ )
  

 A number of users are reporting and issue when saving-as from within Adobe acrobat reader. When trying the save, instead of a dialogue box allowing you to choose the save location all you see is a blank dialogue box form/screen.

Click here for the workaround

Every now and then someone asks me about a backup strategy for home, this is my current recommendation. I suggest you investigate what's suitable for your own environment before making decisions.

Macrium reflect free: Full *system* backup, install and run this periodically even if only once when you get a new PC and its fully setup. This allows you to go back to a working state if you get virused or you have a hard drive failure or a bad windows update.

https://www.macrium.com/reflectfree
Cost $free

Notes:
Make sure you make a "rescue disk" on a USB thumb drive when you install the software

• You will need a backup drive to store the backup such as this (cost ~$80): https://www.officeworks.com.au/shop/officeworks/p/wd-elements-se-2tb-usb3-0-portable-hard-drive-wdel2000se. Don't buy Seagate I have had so many of those fail its just not worth it
• Note this is not intended for a "data" backup in this context just for restoring windows and saving yourself hundreds of dollars of IT labour if this is necessary

Backblaze: Continuous backup of all^ *data* files to the internet for off-site cloud/internet storage. Unlimited storage

https://www.backblaze.com/cloud-backup.html
Cost US$70 per year

Notes:

• May not be suitable if you don't have good internet
• May not be suitable if you don't have unlimited internet
• Doesn't keep "versions" (at the base cost)
• Backups files only stored for 30 days after deletion
• ^Check that it *IS* including that weird folder location that your [insert weird software product name here] is using

• Hint: Make an automated copy of all your data to one "always-on" PC in the house and you can back up an unlimited number of PC's

Remember all PC's will fail eventually, there is a good chance that you will eventually lose all your data if you don't have some strategy in place.

EXTRA NOTE:
saving all your data on an external hard drive is NOT a backup. That's just data on an external drive, which is arguably more susceptible to failing that your actual PC. A backup is a second copy of your data.

A example spam/phishing message, obviously don't click on these:

From Wikipedia, the free encyclopedia
Phishing is a type of social engineering where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.[1] As of 2020, phishing is by far the most common attack performed by cyber-criminals, with the FBI's Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.[2]

Recommended answers to the "stay signed in to all your apps" question for Office 365:

When you connect to or interact with Microsoft office 365 in some way using your PC or laptop, such as when you setup your mail in Outlook, you will often get the popup below asking you if you want to "remember your account". While this may seem like a reasonable idea, unless you explicitly know what this is will do and want that to happen I strongly suggest you chose "no, sign in to this app only".

This will avoid some potentially undesirable consequences such as "binding" your PC to your organisations Azure active directly security for administration, setting up for you files *not* to be saved to your PC or network share by default, but instead being saved to your organisations online "SharePoint" server. If this happens by accident these and some other consequences will need to be reversed, sorted out, and things put back where they belong.

This is also why I also recommend that all PC's are initially installed as standalone PC's with a local administrator account.

If you're a digitalwelcomemat customer, your organisations centralised security and file store won't be Microsoft Azure or SharePoint so there is no advantage to using this Microsoft "feature".

I am experiencing increased care and family responsibilities due to support service cancellations as a result of the greater Sydney, NSW COVID-19 lockdown. As a consequence I will have (and have already had) less available time for support work.

 Digital Pacific Phishing attack underway, do not click (see image below)...

Another 2 Seagate hard drives failed.... what, again? I hear you ask

In the continuing saga of older "perpetual license" MS office apps accessing Microsoft 365 services here is a good article:

https://www.computerworld.com/article/3569435/microsoft-points-to-october-end-of-support-for-older-office-apps-accessing-365-services.html

Some points from the article:

"Microsoft has long played with the support of Office applications connecting to Office 365 services. Three years ago, the company said that perpetual-license versions of Office would be able to connect to Microsoft's cloud-based services only during the first half of their 10-year support lifecycle. It set Oct. 13, 2020 as the date when the new policy would take effect."....

......Mcrosoft softened the blow considerably. "We won't take any active measures to block other versions of the Office client, such as Office 2013, from connecting to Office 365 services, but these older clients may encounter performance or reliability issues over time," the Redmond, Wash. developer stated in the support document."

UPDATE: If your planning to edit AVCHD files i.e. files in the .MTS format you may be in for a bumpy ride, Resolve 16 doesn't seam to support these files very well and they may need to be "re-wrapped" or converted before editing. This is more of an issue with the AVCHD format itself and they way it encodes the video file (read here https://bit.ly/2Q0AkUB if you want the long story) having said that Adobe premier worked perfectly fine with these files.
After a fair bit of struggling I found that converting the files to .mov (QuickTime format) completely resolved the issues I was having but that is an extra step in workflow and extra storage. 

A while ago someone asked me to look into a good product for video editing for low cost or free, my choice is:

DaVinci Resolve
https://www.blackmagicdesign.com/products/davinciresolve/

Its history is that it used to be a $150,000 "colour grading" program for feature films and TV but has since morphed into a full function video editing program.

I have been using Adobe premiere for the past few years as this has been the gold standard in editing for some time. However due to Adobe's "you-can-never-own-it-only-rent-it-for-the-rest-of-you-life" pricing strategy I have been looking for an alternative.

That alternative is DaVinci Resolve and the price… Zero

I wouldn't call it an easy program to use but its hugely powerful and will serve you from beginner to wherever you want to go, even if that is a full feature movie editor. That said you can churn out a basic cut of a movie fairly quickly if you are familiar with the process of editing. If you are prepared to invest the time it seams like a great product, only took me a week to be editing at the same level as I was with Premier.

The only catch to it is that although they say it can run it on a relatively low specification PC, their idea of low spec might be different to ours, however at $0 it's not a lot to invest to try it out.

This blog post has been provided for the benefit of digitalwelcomemat IT customers.

Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

Yes, your hard drive will fail and all the data will be lost, it's just a matter of time.

Based on my experience, hard drives are the component that fails the most out of all the internal PC components (second would be the internal power supply) especially older style platter hard drives, imagine an old record player spinning the and playing the same record for 3 -5 years 24 hours per day that's essentially what the hard disk has to do. 

You should assume that your disk will fail "at any moment" and strategize your backup, duplication or redundancy strategy based on that assumption.

However even with good strategies in place it can still be still painful and expensive when a drive fails. I have recently added hard drive monitoring software to my standard recommendation for mission critical systems and really any other PC that can't be replaced by a simple reimage, "the accounting lady's PC" is a good example of a unique complex system where a disk failure can be very painful and costly.

My recommended software for this purpose is HD sentinel (https://www.hdsentinel.com)

See the screen shot below for an example of the display you can opt to have this open at startup and or monitor and email is there is any issue. Note also for server's its able to "see through" the RAID array and monitor the disks directly*.

For HD sentinel professional:

• A 5 computer license is USD $53 (lifetime license)
• or USD $29.95 for a single PC/server

This blog post has been provided for the benefit of digitalwelcomemat IT customers.

Treat this information as informative only and do not take actions or make decisions on the basis of the information contained here. All IT decisions and actions should be made after consultation with your chosen IT professional taking into account all the of the relevant factors.

Every now and then I get asked this question:

I deleted my file can I get it back?

[For traditional drives not a SSD with TRIM...] When you delete a file it doesn't actually delete it at all, it just removes the bit of information from the storage "Index" or "table" that records where the file is located and that it exists.

Theoretically if you use some special undelete software straight away and nothing else has happened on the storage device you can get your file back 99% of the time*. 

HOWEVER: as soon as the bit of info in the storage "Index" or "table" is deleted, that also marks that space free and available to be overwritten with data again. Unfortunately that "nothing else has happened on the storage device" scenario seldom exists so there is only a chance that you will be able to reasonably recover the file. As soon as data is written over that spot on the storage it's a LOT more to get the original file back.

So if you want to recover a deleted file it needs to be done ASAP preferably before you start to write more data files to that storage drive.

Digitalwelcomemat continues to provide IT support as usual, there is currently no change to support services. As usual I try to minimize onsite support. This is because, remote support is significantly more timely efficient, which means a better service and more cost effective for everyone but also has the added bonus that it helps with social distancing. However as usual I am available for onsite support as required.

Should this situation change I will let you know.