Absoblogginlutely!

Microsoft Edge guide in Creators update is a nice tutorial

By Andy on Saturday, April 8, 2017

Thank you for upgrading dialog box after upgrading to latest Windows 10 version I downloaded the Creators Update last night and did an in place upgrade on my Surface last night and the upgrade went nice and smoothly.

I especially liked the tutorial that pops up with the different features that come with this edition of the Edge browser. As the upgrade isn’t available via Windows Update just yet, you can get a sneak peak at the extra features by looking at the tutorial here.I like the ability to pin and save pages for later and the drop down preview for finding a tab is pretty handy – but it will be interesting to see how well this works when you have tons of tabs open. The combination of Tabman Tabs Manager and OneTab work well for this in Chrome with the former allowing you to get a drop down list of all the tabs open (but no preview) and the latter instantly closing all open tabs and saving them into a html page for later reference – both highly recommended for keeping all those tabs you might read later and reducing the memory footprint for Chrome.

Note you can do a manual install now by going to https://www.microsoft.com/en-us/software-download/windows10 and selecting the option to update now. A small stub file will download, you run this, confirm you really do want to upgrade to the latest version and it downloads in the background. Once downloaded it will automatically install 30 minutes later with several reboots but you can pause or run it now as required.

AntiVirus Security

Ransomware decrypters

By Andy on Monday, March 27, 2017

Filing for future reference for reference in case of a ransomware infection. This list gathers together a list of tools and references that may allow you to get access back to encrypted files.

Kasperky’s Decrypters
Kaspersky’s AntiRansomware or Cryptoprevent– prevent infection in the first place
Avast Decrypters (Multiple tools available)
Trend Micro Decrypters – Multiple decrypters available

Remember the best way to not get infected is to install a cryptolocker prevention tool (I use the Cryptoprevent), watch the sites you go to, educate yourself on what a phishing attack looks like, don’t run as administrator, use opendns (or google safe browsing) and ensure you have a good backup that is not accessible from your normal machine with your normal credentials.

If you know of any others then please let me know.

Edit – https://www.nomoreransom.org/ is also a good resource and probably should be your starting point. It even allows you to upload an encrypted file (or the ransom note) and will then check what version of crypto you have and let you know if there is a decrypter available for you.

Books Security

Book Review – The Art of Invisibility by Kevin Mitnik

By Andy on Thursday, March 16, 2017

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick
My rating: 4 of 5 stars

A cautionary tale of just how visible you are on the internet and in todays connected society.

First off I am fully aware of the irony of posting a review of this book online on Goodreads, my blog and Facebook after reading a book on how to be invisible on the internet…..

This was a an entertaining read and although I work in the IT field, there were still some security facts in the book that I was not aware so I learnt a fair amount. There are also some useful references for security tools that I had not been previously aware of (although I’m not a security professional).

Despite the above, the book isn’t too technical to make the non IT person bored but it may well make them paranoid! There is a huge emphasis on becoming invisible in the book through extreme measures such as paying a complete strange to buy some gift cards at a store that doesn’t have cameras in the store OR on the way to the store, then using that to buy bitcoins – twice to ensure they are completely laundered and then using those new coins to purchase various items. Not something that the average person in the street is likely to ever do ……and I must admit I do wonder if someone needs to go to all that trouble, would they be reading this book?

There are useful hints and tips about using secure messaging, email etc that can be used by everyone just to keep their internet usage secure which are not too extreme for the day to day consumer.

But for the ultra paranoid/nefarious, this book will either help you solve some of your issues or make you even more paranoid as it brings up points you hadn’t thought of before….

Thanks to Netgalley for the opportunity to read and review this book.

View all my reviews

Work

Absoblogginlutely (weekly)

By diigo on Saturday, March 4, 2017

Simplifying Office 365 License Control with Azure AD Group-Based License Management

Simply Office365 licences by just adding users to a group.

tags: office365 management 4work permissions licencing

Posted from Diigo. The rest of my favorite links are here.

Work

Absoblogginlutely (weekly)

By diigo on Saturday, February 25, 2017

How was your stay at the Hotel La Playa? – SANS Internet Storm Center

Powershell mapping of wifi and where people have stayed.A companion article to the wifi auditing but this maps information of where the access points could be to provide a rather interesting map of where you have been. Unfortunately not a powershell capable script….yet

tags: scripting wifi wireless mapping audit wigle 4work
Investigating Off-Premise Wireless Behaviour (or,

Powershell script to retrieve Wireless access points used across an organization. Very useful to see who is connecting to ” Free Public Wifi” and all the issues that will bring up….

tags: powershell wireless wifi auditing 4work security

Posted from Diigo. The rest of my favorite links are here.

Security

Cloudflare checker for Lastpass in PowerShell and .net

By Andy on Saturday, February 25, 2017

With the recent report of cloudflare credentials being cached/available in search engines, it is always wise to see just how many sites you’ve logged into recently. If you don’t use a password manager, then you will have a fun time going through your browser history, working out what sites you logged into and then changing your passwords.

Hopefully you are using a Password Manager by now and there are several routines available (with source) to check an exported list of urls from your manager of choice against a public list of cloudflare protected sites.
I used CloudFlareChecker as I could use powershell to filter out my password list to url’s first and then run the site list through the tool (which required the .net runtimes installed).
Out of 1200+ url’s in my password export, there were 25 sites using cloudflare. It didn’t take too long to change credentials and update the passwords in LastPass. Yes it’s worth doing for all sites – but I really don’t have time to log into that many websites!

If you don’t use LastPass then there are several other resources at your search engine of choice that will help you check firefox saved passwords (hopefully you don’t), Keepass or even check an individual website for potential issues.

As an aside, I’ve been trying out Dashlane as an alternative to LastPass but I’ve not been very impressed with it so far. It fails to recognise any saved credentials for Office365 and the extension doesn’t even activate in Chrome so I’m staying with LastPass. If you haven’t signed up for a Password Manager yet, then signing up with this Lastpass premium link gives us both a free month of premium access and if you have any questions then let me know.

Work

Absoblogginlutely (weekly)

By diigo on Saturday, February 18, 2017

PowerShell Script to Remove Mailbox Folder Permissions

Great script for removing permissions. Needed to use this when migrating mailboxes to office365 where permissions had been previously granted to an ex-employee. The mailbox move fails as the permissions can’t be copied across

tags: powershell office365 migration hybrid 4work scripting
Upgrading WordPress with WordPress CLI

Script WordPress installs. In theory should never be needed as most installs are set to autoupdate.

tags: WordPress WordPressCLI scripting
Managing Usernames and Passwords with PowerShell for SharePoint Online – Petri

Powershell password management. I type my office365 passwords into powershell soooooo many times a day.Some good information here, especially with Windows Credential Manager and never heard of pnp

tags: powershell 4work scripting passwords security