Microsoft may ditch 60-day password refresh, weaken BitLocker
What is a Security baselines ?
They are Microsoft’s advice to users on how best to secure Windows, which isn’t easy because as Microsoft explains, “there are over 3000 Group Policy settings for Windows 10, which does not include over 1800 Internet Explorer 11 settings.”
The baselines help users and partners figure out just how to run Windows securely.
Microsoft updates the baselines continuously and late last week issued new drafts for Windows 10 version 1903 and Windows Server version 1903.
changes to the baselines, including changing the password policy that forces a password change every 60 days Windows’ Administrator and designated guest accounts.
Microsoft employee and self-described “Windows cybersec nerd” Aaron Margosis justified the proposed change as follows:
“If an organisation has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven’t implemented modern mitigations, how much protection will they really gain from password expiration?”
Margosis goes on to say that “Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value.
By removing it from our baseline rather than recommending a particular value or no expiration, organisations can choose whatever best suits their perceived needs without contradicting our guidance. At the same time, we must reiterate that we strongly recommend additional protections even though they cannot be expressed in our baselines.”
Microsoft warns Windows 10 May Update messes with PC storage
More Trouble for Microsoft’s May Update to Windows 10, with the warning it does not like PCs connected to USB or SD Card storage devices.
A new advisory warns that “Inappropriate drive reassignment can occur on Windows 10-based computers that have an external USB device or SD memory card attached during the installation of the May 2019 update.”
Before the upgrade, the device would have been mounted in the system as drive G based on the existing drive configuration. However, after the upgrade, the device is reassigned a different drive letter. For example, the drive is reassigned as drive H.”
The problem affects internal drives as well as USB or other removable storage present in a PC when the May Update is installed.
Needless to say, Windows and applications that expect a file to be on one drive will not behave well when that file is elsewhere.
Which is why Microsoft has stopped the update, writing “these computers are currently blocked from receiving the May 2019 Update.” Users who try the update will instead see the message below.
The workaround for the problem is simple: remove USB or SD Card storage, then do the Update.
Minecraft player loses five-year-long game
Phil Watson, 31, of Newcastle, had been playing in the most difficult Hardcore mode, which means his character cannot be brought back to life.
Having walked 6,316km, flown 7,798km and jumped 732,389 times, he had got “a bit full of myself” and been startled by a zombie baby and eaten by a spider.
I started saying I was the world’s longest Hardcore survivor because I couldn’t find anyone else.
“We couldn’t find anyone who had lasted more than a couple of months.”
Mr Watson plays Minecraft most days, averaging about 20 hours a week.
For those familiar with Minecraft, Mr Watson’s character was attacked by a zombie baby wearing enchanted armour.
He ran away from it and was shot in the back by a hidden skeleton, which knocked him into the spider.
He could have survived all of this if he had eaten a health-giving golden apple sooner, he said.
“I ran out of luck,” Mr Watson said.
“There’s so much I could have done, I felt stupid making such an easy mistake.”
Mr Watson has more than 3,500 followers on YouTube and nearly 2,000 on game-streaming platform Twitch, where he is known as Philza and met his fiancee, Kristin Rosales.
Telstra cable customers given free speed boost as NBN delays continue
Telstra cable broadband speeds are set to double for many customers across the country as the telco abandons its long-standing monthly fee to unlock maximum speeds.
Telstra is finally scrapping that fee, automatically shifting all cable broadband customers to unthrottled 100-ish Mbps speeds this month. Users may need to restart their cable modem to see the speed jump. All Telstra cable customers now have 5 Mbps upload speeds.
Telstra cable customers who were paying for the speed boost will keep those speeds and see their broadband bill drop by $20 per month.
Facebook will be overrun by dead people within 50 years, researchers say
By the year 2070, dead users could outnumber living ones on the social network, with potential implications for how our digital profiles are stored, according to new research from the Oxford Internet Institute.
The researchers predict that at least 1.4 billion Facebook users will die before 2100, with the dead outnumbering the living in about 50 years, based on current user growth rates.
These statistics give rise to new and difficult questions surrounding who has the right to this data, how should it be managed in the best interests of the families and friends of the deceased and its use by future historians to understand the past?
David Watson, also a student at the Oxford Internet Institute, explained in a statement: “Never before in history has such a vast archive of human behavior and culture been assembled in one place. Controlling this archive will, in a sense, be to control our history. It is therefore important that we ensure that access to these historical data is not limited to a single for-profit firm. It is also important to make sure that future generations can use our digital heritage to understand their history.”
Joes Podcast Notes for
02/05/2019
Systems with small disks won’t be able to install Windows 10 May 2019 update
- Traditionally, Microsoft would use the release of a new operating system to bump up the minimum hardware requirements that the software needs…..With Windows 10 being the “last” version of Windows, Microsoft is now using the major updates to bump specs. The May 2019 update, version 1903, takes the opportunity to do just this.
- Previously, 32-bit version of Windows had a minimum storage requirement of 16GB, and 64-bit version of Windows 10 needed 20GB…. Both of these were extremely tight, leaving little breathing room for you to install your actual software, but technically this was enough space for everything to work.
- That minimum has now been bumped up, it’s now 32GB for both the 32 bit version – and the 64-bit versions of Windows 10.
- The reason for part of this growth may be due to a new behavior that Microsoft is introducing with version 1903…. That is to ensure that future updates install without difficulty, in order for this to happen a 7GB of disk space are permanently reserved for the install process…. While this will avoid out-of-disk errors when updating, it will represent a substantial reduction in usable space on devices with low-storage systems.
- If your system can’t be upgraded, it’ll be stuck with version 1809 for the remainder of its supported life; that is currently set to expire on May the 12th at 2020 for the Home, Pro, and Pro for Workstations editions…. And on May 11, 2021 for Enterprise and Education editions…. Version 1809 also has a long-term servicing channel counterpart, which will receive bug fixes and security updates up until January 9, 2024 and all security fixes up until January 9, 2029.
- The new disk requirements also don’t apply to the Windows 10 IoT edition. This version should have a smaller disk footprint in general, so should have more breathing room for future updates. There’s also no change for Windows Server’s hardware requirements; that version of Windows already required a minimum of 32GB disk space.
It would be nice if Microsoft could offer the security fixes to gather to hardware instead of adding a feature update for the smaller storages, that way older devices can have a longer life.
—————————————————————————————————————–
Google will soon let you auto-delete your location tracking data
- Google is introducing a new feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after a set period of time. You will be able to delete the data after either three or 18 months, and it will then continue to be deleted on a rolling basis over time.
- Google says it’s rolling out the new feature worldwide “in the coming weeks” and that it will be available in addition to the existing options that allow you to delete this data manually. The company also mentions that Location History and Web and App Activity data are the first two bits of user data the feature will be available for, suggesting that the option might soon be available for more of your data.
- The feature being announced deletes data for your Location History and your Web History and also App Activity, meaning that it should cover pretty much every bit of history data Google holds on you.
Useful widgets called Tiles are being added to Wear OS smartwatches
https://www.theverge.com/2019/5/1/18525335/google-wear-os-tiles-widgets-new-feature-announced
- Google has spent the last year refining its Wear OS smartwatch software to make everything feel simpler, more intuitive, and easier to use. The improvements have gone a long way in making Wear OS feel smoother and more useful. Today, Google is announcing another new addition: Tiles. Tiles are glanceable widgets that you can swipe between to get information quickly, including the weather, your next calendar appointment, your heart rate, news headlines, etc.
- You access Tiles with a left swipe on your Wear OS watch face, which previously took you to Google Fit…. Your Fit data is still in that spot, but now you’ll have these other widgets available to you as well.
- Thing you can do is check your progress towards your fitness goals or start a workout routine, you could know where you need to be next, plan ahead with the latest weather forecasts, you can also check your heart rate, follow the latest breaking news headlines and set a timer…etc, etc,etc… pretty much what you can do now with widgets on your android phone.
- Tiles can be rearranged to your liking with a tap and hold, and layouts can also be adjusted with the Wear OS mobile app.
- Not all smartwatches running Wear OS will have all of these featured tiles… Let’s say for example your device lacks a heart rate sensor, you’re obviously not going to use that widget. Google says it plans to add more tiles as time goes on.
——————————————————————————
ATO throws out a data dragnet for cryptocurrency tax crackdown
https://www.itnews.com.au/news/ato-throws-data-dragnet-for-cryptocurrency-tax-crackdown-524450
- The Australian Taxation Office will begin electronically analysing the tax affairs of Australians that hold and trade cryptocurrency to ensure they are paying the correct amount of tax. The ATO also revealed on Tuesday that it had begun collecting bulk records from Australian-based cryptocurrency businesses under a new data matching program.
- Data is to be provided by Australian cryptocurrency designated service providers who will include cryptocurrency purchases and sale information to the ATO, in which the ATO will then use as the basis for its compliance activities. The data will be collected on an ongoing basis.
- The Tax Office is also working together with global and local regulator like the Australian Transactions Reports and Analysis Centre (AUSTRAC) and the Joint Chiefs of Global Tax Enforcement (J5) to investigate cryptocurrency-related tax evasion and money laundering.
- Reports pointed to the use of cryptocurrency as a means of hiding funds within the black economy, and to hide money offshore….. and in some instances, were “linked to risks with unexplained and undeclared taxable capital gains”. For example the highest reported losses were attributed to investment scams, whereby individuals are tricked into dummy investment opportunities such as fake initial coin offerings.