Free stuff doesn’t come all that often. The wonderful window to a free OS is about to close. Tomorrow is the last day – miss it and you will have shell out for it. Sources say it will cost a reasonable 130 bucks but why throw out money? Get Windows 10 from your updates or from official sites and enjoy an amazing new OS for free!
Password security is nothing new. We have been told about complex passwords for a long time (in IT anything over 10 years is a long time 🙂 ). I have been hearing a lot lately about a type of attack on networks called “Pass the Hash”. In a basic sense this whole attack is simply taking a hash of a password (the encrypted – not “cracked” form of the password) and using that to authenticate into your oh-so-pretty-and-secure network. Devious, yes. Preventable, for sure.
I will be talking about this in at least 2 posts. First off we will cover what is a hash, rainbow table and all the other terminology you will need to understand around this. Then, we talk about how to prevent it and I will give you some homework (aka my sources) if you want more information.
This is the guiding principle here: ” All passwords are hackable given enough time. Your goal is make that time as long as possible.”
Account hashes are one way transformations (unless you are using reversible encryption. This means that once the password has been encrypted using whatever encrypting mechanism you prefer it is not possible to reverse the process. Never use clear text passwords or transmission methods
Rainbow tables are tables built when you know several possible combinations of words used as a password. They serve to help speed up the process. Using “dictionary” words is a big asset to hackers – so always make sure you don’t use actual words in a password
So here is what happens
- User creates a password
- That gets stored in your security application (Active Directory,..) as a hash (AD takes the password and encrypts it
- The user logs on.
- One of the main suppositions in these attacks is that the attacker can see your network traffic. Either they plugged into a wire or have sniffing software. They see the hash get sent and capture it. They could have a Linux Live sitting on a CD or USB key and boot a machine using that OS. Also, the could hve console access and run tools like FGDUMP. They can also resort to specialized attacks like “Cain and Able” which is a type of ARP cache poisoning/spoofing (see my sources post for more details). There is another called “John the Ripper” (great name BTW.
- Now they don’t actually have the password but they do have the hash and that is all they really need since this is what is used to authenticate.
- At this point they try to escalate the privileges of the account (maybe this was an admin account running in non-admin mode) and commence their nefarious work
Voila – that is the essence of the attack. Very simple, no? That is why it is so popular. In the next installment I will give you my sources and 6 simple things you can do on your own network to prevent (or at least minimize) these exploits
Getting back into the swing here people. The rust is coming off. I have a plan to post quite a bit more in the coming weeks. I am planning on a few projects in the next few months (maybe late summer start and work in the fall/winter). Currently the plan is to build a gaming rig, build a server 2016 box and build a home network. More details as they come up 🙂
Getting back to the task at hand though… I still have not finished my posts on Windows 10. Here is the next installment: We are Sparta…..n …(the browser)… This almost deserves a top 10 list of its own. In fact, that may be another series for me to write 🙂 but for now here are some of my favorite new features
- The ability to ink (write) on any webpage. All you need is a touch screen (actually the ability works on any screen but it is far more enjoyable on a touch screen). All you need to do is click the pen icon in the top right corner and then select your pen/highlighter color and start inking! You can also add comment-like type boxes and clip portions of the screen
- So, not specifically a Spartan plus but I am super happy it is there, is the ability to use IE instead of Spartan. Should you have any issues with browsing in Spartan you can always switch back to IE as all versions of W10 also include old faithful
- An awesome tag team is when you use Spartan as your main browser then you can click the ellipse (the 3 dots …) in the top right corner. From there you can see a list of options and one of them is the ability to launch an IE session from within Spartan
- Reading lists are a part of the new browser as well. Reading lists sync on all your Spartan devices so you can easily find your favorite pages. Also, there is a reading view to make reading long winded blog posts like mine far easier. Compatible pages will allow a full screen experience while moving away clutter and backgrounds
- Security is also strengthened. One of the new features I really love is the new pop-up boxes. When opening an external application from within Spartan you will get a pop-up box asking if you want to open the application (or is it some crap-ware that is sneaking its way in)
So that is all for today. There are tons of new and amazing features in Spartan and we may have to come back to this subject later. Next time we will look at Hyper-V.
Watch your back, conserve ammo and never, ever, cut a deal with a dragon
It has been quite a while since my last post. Sorry about that. I have had some major changes (new job, starting my own business,…) but thanks to you all and my good friends in the tech market in Ottawa I am still here and still have things to say 🙂
I decided to start back with two quick links.
One of the major changes in the Microsoft world is that we now have 2 shiney new data centers in Canada. They are setup and services are coming online all the time. This is huge news for many of us who were constrained by fears of the Patriot Act and data sovereignty. Now that those concerns have been mitigated there is a …void… or more accurately there was a void. People have spent time/energy/money on building Azure infrastructure in the US datacenters but how to move all that stuff to Canada?
The answer is so easy: http://aka.ms/move
That’s it. One link. Type it. Scroll down the page and you will see all you need in order to get your data migrated.
And now that you are most likely chomping at the bit for more Azure – here is another great link: http://aka.ms/azuretrialottawa
Free Azure. Yup 100% free. 200$ to do with as you please. Once the trial expires you can either opt to go to a full subscription (and start paying accordingly) or let it expire and you will never see a bill
Thats it for now web-friends
Keep you stick on the ice!
In my new position I don’t get to play much with the ole IT Pro skills I spent years honing. So when I get a chance to dust off the knowledge tomes it is always fun. Today’s lesson: How to launch IE from the command line. Today’s lesson comes in 2 parts. First, we will see how to launch IE from the command and go to a website. Then we will look at different ways of launching IE (using different credentials)
So here we go!
Here is the first piece. Go to command prompt and type the following:
“C:\Program Files\Internet Explorer\iexplore.exe” (INCLUDE the quotes – but not this comment 😉 )
Now to add the specific webpage
“C:\Program Files\Internet Explorer\iexplore.exe” http://gorling.ca/blogs (INCLUDE the quotes – but not this comment)
So far so good? A little bit of code never hurt anyone, right? This could come in handy so lets put it on the back burner for now and we may come back to it later if we ever need it.
Here is the second part of the lesson for today:
runas /user:domain\username iexplore.exe
So this lovely little command lets you enter the password for a user (defined in “username” and if you know the password for that account launches the given application (“iexplore.exe” in this case)
A neat little addition is the following:
runas /user:domain\username /savecred iexplore.exe
This one switch will allow the credentials to be saved for future use.
Now I wish I had the third part of this. It would be great if we could launch IE as another user AND open a specific web site in the same command…
I am working on the last bit as we speak and as soon as I find the way to make it work I will make sure to update all of you, dear readers
This has been a great series of articles to write. I only hope you are all learning from this as much as I am. In this next installment we are going to look under the hood a bit. This one caused me a bit of frustration and I was not a happy camper at first. When I first started looking at the Windows 10 build I thought the good ‘ole control panel was gone. It seemed to have been replaced with the Settings applet. Thankfully that is not the case. Both exist in harmony, the way all good apps should 😉
Control Panel still exists (power user tools). There are many ways to find Control Panel but by far the easiest is to either just right click on the windows logo (Start Button) or just type it in the Cortana search box (see my last post for details on that)
Default save locations: settings -> system -> Storage. Here is one of the things that I really like. Settings control the user experiece while Control Panel covers more of the computer settings..
To change the default save locations has not been easy in some past versions of Windows but in W10 it is very easy. Just launch the Settings applet and go to system then click on storage. You will be given the option to change to other drives if you want
Default apps: Settings -> system -> Default apps. While looking for the above I also noted that you can change your default apps here as well.
Devices: Settings -> devices. More things to look at in the Settings applet are found under the devices. Here you can setup printers and blue tooth settings and lots of other fun stuff too
Defer upgrades: Settings-> Update and security-> Windows Update-> Advanced-> defer upgrades. This is another nice one. W10 will always auto-upgrade – that is the service model for all home users. Enterprise clients have a bit more flexibility but not as much as they used to. As a home customer customer you can easily slow down the updates by going to the above path and opting to defer your upgrades.
There are lots of more new gems in the settings applet so do take your time and peruse them all in detail but know that Control panel is only a few clicks/keystrokes away if you need it 🙂
One of the most innovative new features for Windows fans is Cortana. She is funny, smart and super well organized. She makes the perfect assistant… once you get to know her. In this blog we will cover the basics to wet your appetite.
Launched by clicking on search. She lives on the task bar. You can either click on the search box or just talk to her. Just turn on the feature and say “Hey, Cortana”; however, do remember to turn off the feature when out at presentations or the such as she can pop-up unannounced if left to her own devices
Can be hidden (right click taskbar). The search box can be turned off and you can leave just the icon on the task bar. Of course, you can turn Cortana off completely but where is the fun in that.
Searches files, apps, online. She is a really powerful and wonderful search assistant. She will look on you local machine, she will find and launch apps for you, she will look up internet articles and posts. Try to use her and you will quickly stop using the keyboard and spend much more time talking to your computer
Built into Edge browser to pull out useful info. She is part of the new browser and keeps up the helpful assitant role when you are online as well. Select text on a web page, right click and ask her to help. She will look up the phrase in question without leaving the page. Quite nice really
Can set reminders. Of course, what assistant wouldn’t help you with your busy schedule. She will give you reminders and let you know when you have upcoming meetings. She can even be set to give you reminders when you are with certain people. Setup a reminder for the next time you see John and if you have a meeting with John she will give you the reminder just before your meeting starts
Settings are changeable and trainable an can set cloud storage privacy. She can be configured and works best once you look into the settings under the hood. Just click in the search box or on the icon and go to the settings on the top left.
train voice recognition. Much like the settings Cortana needs a little lovin to work at her best. Take the time to let her know you and she will work all the more. Again, just click in the search box or on the icon, select the second (notebook) icon and go into the settings. There you will the option to “Learn my voice”
Imagine how convenient it is to tell Cortana on your phone to deliver a reminder that pops up, at just the right time, on your desktop
She is available on iPhone and Android too!
My friend Whyves (not his real name – gotta protect the innocent 😉 ) has asked me a great question and I got some great answers at this live event so I interupt my regularly scheduled blog posts to bring you this breaking news:
Microsoft does not want your data
With the release of Windows 10 the amount of data (telemetry) being sent back to Microsoft (called “phoning home”) has increased. This data is used to drive the update mechanisms: they will fix the parts of the OS/applications that are being used and not focus their efforts on the trailing edges.
There is one important distinction in that: telemetry is not personally identifiable data. It is data on what features were used but not the data itself – none of your data is at risk: they just want to know how you use the OS/applications
Now, as always in the modern age there are other considerations:
- If you turn on (and I mean tracking features in) Cortana some of your data will be sent out to the cloud. If you ask Cortana to remind you of a meeting that data will be sent to the cloud (for storage) until the meeting and then deleted.
- Turning on tracking features in IE/Edge will allow some data to be tracked. Again, you will have to turn on these features and if you asked to be tracked you will be
- The best way to avoid being tracked is to not asked to be tracked. Also, the more you remove store apps and apply security to your device the less telemetry will be sent back
- Google and Apple take more telemetry and data than Microsoft does. Again:
Microsoft does not want your data (just look at the changes to OneDrive if you dont believe me 😉
Thanks Wjyves – keep your stick on the ice!
As I write this I am sitting in an Ask Us Anything session with some of my good friends at Microsoft. We are going to be exploring all the new things coming down the pipe and explore Azure. It seems fitting that we cover some exploration tools…. how about File Explorer?
Windows File Explorer
As of Win 8/ Server 2012 Windows file explorer was renamed to File Explorer since Windows Explorer is part of the Win OS shell (Desktop, start screen/menu, taskbar and control panel)
It has a jump list like Office applications. If you are not familiar with Jump Lists they are the right click menus that started showing up in Windows 7. You can pin applications to the list and the body of the Jump List will auto-populate with your recent documents
Share commands are in share tab. There have been some changes to the share tab. If you skipped Windows 8 (and lots have – sadly for them) then take a look at the tabs in general 🙂 but the share tab is going to be your new best friend
Tip: Copy path command : File Explorer -> Home tab -> “Copy Path” (useful for networked paths)
Tip: show all folders (like older versions): File Explorer -> View -> Navigation Pane drop down -> “Show all folders”
Tip: Change default view: Open a folder -> select detail view (example) -> the new view is “sticky” it keeps the change without needing to be saved
Support issues for Internet browsers has always been fun. The amount of customization and personalization is astounding. I use IE as my default browser and I like it! It does the job and I have not had any major issues with it. However, twitterings abound since the release of Windows 10: there does seem to be some fear that IE 11 has gone away.
It has not.
It is in the default build of Windows 10 and, even though it is not as easy to find, it will be around for a while. Microsoft has on their site stated that “Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates.” (https://support.microsoft.com/en-us/lifecycle/search?sort=PN&alpha=internet%20explorer)
So IE 11 will be supported in Windows 7 (and 8.1 for that matter) for a long time to come (some sites say up until 2023). As per the good folks at http://windowsitpro.com/windows-10/tale-two-windows-10-browsers: “Based on Windows 8.1’s records, this means that Internet Explorer 11 will reach the end of mainstream support on January 8, 2018 and extended support on January 10, 2023.”
If you want to make IE 11 your default browser your fix is below. A big thanks to my good friend Rob Williams for bringing this to my attention as some people seem to be a bit worried: Thanks Rob!