Update on Spectre & Meltdown

10 December 2018
The support page for Windows 10 version 1803, the microcode updates include mitigations for Spectre Variant 3a, CVE-2018-3640, Spectre Variant 4, CVE-2018-3639, as well as two of the Foreshadow bugs, CVE-2018-3615 and CVE-2018-3646, which are also known as L1TF or 'L1 Terminal Fault'.
As Microsoft recently highlighted, Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate the Foreshadow attacks. Check out this link for further information.

The latest update of the stable Linux kernel (4.14.13) includes patches designed to mitigate Meltdown with Kernel Page Table Isolation (KPTI). More comprehensive patches (including fixes for ARM64 processors) will be available in 4.15, scheduled for release in two weeks.
Patches have also been added to the 4.4 and 4.9 stable kernel trees.
Canonical has released a second update for Ubuntu 16.04 LTS Xenial users after the first caused boot issues. You can find the new update with Linux kernel image 4.4.0-109 here. 


17 June 2018
What is cryptojacking? Why should it concern you? 
Cryptojacking uses your computer, without permission as a resource to obtain cryptocurrency. It's like taking your car or truck without permission and using it to grab things from other locations. 

  • You can't tell where a program is going to spend its time.
  • The algorithms are slow, and it's going to have an impact on the performance of your computer.
  • Get out the "adult diaper", because your computer might end up soiling itself, and those who did it to you won't be responsible for the cleanup.
Find out more by clicking on this link.

Spectre & Meltdown

4 January 2018
If you own a computer, mobile phone or any other device made in the last 20 years, this is likely to affect you. This is one of the largest security problems, affecting all known Intel devices as far back as 1995. It also affects Arm Cortex-A75 cores. Qualcomm's soon to be released Snapdragon 845 is an example part that uses the A75. There are Linux kernel KPTI patches available to mitigate this problem. Cortex-A15, Cortex-A57 and Cortex-A72 cores suffer from a variant of Meltdown: protected system registers can be accessed, rather than kernel memory, by user processes.

Meltdown does not affect any AMD processors. AMD said it believes there “is near zero risk to AMD products at this time.” Intel Haswell Xeon CPU (often used in servers) would allow a normal user program to read kernel memory. Spectre, on the other hand will likely affect AMD processors. Patches are being made available.

Google and the security researchers it worked with said it was not known whether hackers had already exploited Meltdown or Spectre and that detecting such intrusions would be very difficult as it would not leave any traces in log files.

"Meltdown breaks all security assumptions given by the CPU’s memory isolation capabilities." Security researchers, describe Meltdown - at the hardware level there is an exploitable security problem. It has to do with the design of how a CPU works. There are periods of expedited instruction and data hand offs between the application, "user", and the kernel (the core structure of a CPU). During these periods, unrestricted memory access exists which can allow an attacker to easily read passwords and other sensitive data.

Spectre takes advantage of data as it's being shuffled between the fastest memory (found on the CPU) to larger capacity but slower memory, such as RAM or disk. The kernel moves data between fast and slow places because there's never enough of the fast on-board CPU memory, therefore the slower more abundant RAM or disk drive space is used.

Spectre makes programs to perform unnecessary operations so that there's time and less protected space in which to disclose leaks of data that should stay confidential.

Meltdown also grabs information - but it simply snoops on memory used by the kernel in a way that would not normally be possible.

What should you do?
Meltdown or Spectre will at first probably be limited to those prepared to plan and carry out more complex attacks, rather than everyday cyber-criminals. This may buy your computers, tablets, and smartphones a little time, but don't procrastinate any updates or released fixes when they become available.

Count on every PC, laptop, tablet, and smartphone will be affected by the security flaw, regardless of which company made the device or what operating system it runs. The vulnerability isn't easy to exploit — it requires a specific set of circumstances, including having malware already running on the device — but it's not just theoretical.  

Described as the worst CPU bugs ever found, Meltdown testing shows anywhere from 5% to 30% performance hit on Intel CPU's, once this leak is fixed. This means the higher performance Intel users expect over comparable AMD processors, may actually turn out to be slower.

Researchers said Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown, while a patch is also available for Linux. Microsoft said it was in the process of patching its cloud services and had released security updates on 3 January for Windows customers.

Apple did not immediately comment.

Google said that Android devices running the latest security updates were protected, including its own Nexus and Pixel devices, and that users of Chromebooks would have to install updates.

ARM said that patches had already been shared with the companies’ partners.

Cloud services are also affected by the security problems. Google said it updated its G Suite and cloud services, but that some additional customer action may be needed for its Compute Engine and some other Cloud Platform systems.

Amazon said all but a “small single-digit percentage” of its Amazon Web Services EC2 systems were already protected, but that “customers must also patch their instance operating systems” to be fully protected.

The key thing you need to know is - UPDATE - UPDATE - UPDATE!
If you're in IT support, this needs to be made known to your staff, and ultimately with your clients.

 Chrome for Android Update 

Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. If you aren't using an iPhone, chances are you have an Android phone. You will need this update or newer as they're released. Chrome has been updated for smart phones and is available in Google Play. This release fixes a bug that prevents some apps from adding cookies. You may click on this link for more information.

  Uninstall QuickTime for Windows Now  

The U.S. Department of Homeland Security has sent out an urgent alert telling Windows customers to uninstall Apple's QuickTime program.

Apple has pulled support for QuickTime on Windows, the video and audio software that once had been widely used to play movie trailers and other Internet media clips. The company decided this week not to issue any more security updates for QuickTime on Windows, despite two major vulnerabilities in the software that permit hackers into you computer if QuickTime is installed.

Apple's last QuickTime update for Windows came in late January, and the company was periodically fixing bugs over the past several years. The last major QuickTime release for Windows was in 2005.

QuickTime for Windows will continue to work, and is still available for download, in spite of Apple and DHS warnings to Windows customers to uninstall the program.

 Things You Should Know About the Windows 10 Upgrade 

- 1) Don't procrastinate. Your time to free upgrade to Windows 10 ends on July 29, 2016. To get the free upgrade, the PC must have a valid licensed Windows 7 SP1 or Windows 8.1 . No license, no upgrade.

- 2) Your computer must meet minimum levels of performance and features. Consult an expert if your not sure. Sometimes it's actually less expensive to purchase new than upgrade an existing computer. As a bare minimum, here's what you need. (Microsoft minimums are lower, but they don't work well)
 · Windows 7 SP1 or Windows 8.1 Update.
 · Processor: 1.5 gigahertz (GHz) or faster processor
 · RAM: 4 gigabyte (GB) for 32-bit or 2 GB for 64-bit
 · Hard disk space: 80 GB for 32-bit OS 100 GB for 64-bit OS Small storage devices, like devices with 32GB hard drives or older devices with full hard drives, may need additional storage to complete the upgrade.
 · Graphics card: DirectX 9 or later with WDDM 1.0 driver
 · Display: 1024 x 768 with 24 bit color
 · An internet connection is required to perform the upgrade. Windows 10 is about 3 GB

- See the Windows Life Cycle page to know when your OS support ends.


Microsoft has apologized to OneDrive users upset by the unexpected removal of their 30GB free storage – and is offering existing users a chance to keep their free storage if they click a special link.

Microsoft announced in November, "Free OneDrive storage will decrease from 15 GB to 5 GB for all users, current and new. The 15 GB camera roll storage bonus will also be discontinued."

Then, due to the uproar by the Office365 user community this announcement, "Office 365 users will get 1TB storage, and users of free OneDrive who do not click the magic link in time will be reduced to 5GB."

 You're too late for One Drive bonus if you're reading this now.
... only for those who click a special link before the end of January. That link is -->
Get Your One Drive storage bonus here You must click on the link before January 30, 2016 to receive the Microsoft storage bonus offer.

 Still another good reason to use Linux or a non-IE browser 

You don’t have to do anything unique for your Windows computer to become infected by this latest zero-day malware exploit. All you have to do is visit a website that has been compromised by hackers while using any version of Internet Explorer from 6 to 11.

If you use Windows XP, you will never receive a patch for this zero-day vulnerability. Microsoft released its last security patches for Windows XP on April 8, 2014.

This computer attack has been named “Clandestine Fox” by FireEye. Every version of Internet Explorer – from version IE 6 to 11 – is vulnerable to the flaw, which has not been patched by Microsoft, as of this post.

The exploit permits the following: An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker may use this vulnerability to take complete control of an infected system. An attacker may then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft posted a security advisory and a configuration plan on how the breach can be minimized.

 OpenSSL potential critical security vulnerability - April 8, 2014

An Open-SSL Breach exists which means many people who transact business through the Internet, connect to their bank / investment institution on-line, may have had their username and password grabbed by a criminal hacker. I recommend you contact your financial institution if you do business over the net. The reason it may not affect you, not all versions of SSL Internet secure access are affected. Read more about it - click here.

If you are a current user of an iPhone or for that matter, someone who uses Apple computers, then please read this security note. If you recently received an update on your iPhone and are running iOS version 7.06, you don't have to be concerned. Anyone using an older iPhone such as 3GS, you need to be using iOS version 6.16.

If you're on an iOS device, as of February 24, 2014 - you need to download iOS version 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. On February 21st 2014, Apple released iOS 7.0.6, commenting on the release that it fixed a bug in which "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." That's a mild understatement. What this means to you -- Update your iPhone right now.

Apple computer running OS X had the same security compromise. The issue; security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website. A fix was released for Apple OS X on February 25, 2014.

I want to remind everyone that uses a computer or smart phone / tablet in a public area such as a coffee shop, restaurant or any free wi-fi location, don't connect to your bank account, stock management service, eBay, paypal account or anything that might jeopardize your financial situation if someone could see everything you type including your username & password. Why? Unless your connection is through a VPN tunnel, your data can be listened to by someone running programs designed to capture data packets. If you aren't specifically set up with this service then be aware of you're circumstances and vulnerability to the possibility of data snooping.

If you read anything about my using Linux, you will know by now I'm a big fan. That doesn't mean I like everything about it. I'm currently using Linux Mint 13 (Maya). My everyday computer is a Compaq (HP) laptop which has a touch pad. After a few automatic updates, I noticed my touch pad quit working. Most of the time this doesn't bother me because I prefer a mouse. When I'm at a client site however this becomes a problem as I frequently roam with the laptop. Something must be done about this, now!

I found a solution and if you're a Linux user and understand how to use the terminal to go to the command line, here's how I resolved this problem.
  • Open the Terminal
  • cd /etc/modprobe.d/
  • gksudo pluma options.conf
  • In the text editor, type: options psmouse proto=imps
  • Save the file and close it.
  • sudo modprobe -r psmouse
  • sudo modprobe psmouse
  • exit
 How Linux got started 

In 1991 while attending the University of Helsinki, Linus Torvalds became curious about operating systems and frustrated by the licensing of MINIX (a multi-user UNIX operating system), which limited it to educational use only. He began to work on his own operating system which eventually became the Linux kernel.
Linux continued to be developed and matured as the community of Linux development became a cooperative global programming initiative with new programs and updates released through a combined coordinated open source effort.  There are many 'flavors' of Linux and the choice depends on your specific requirements.

Linux has been used by professionals for server applications for over 15 years. Linux was first released in October 1991 under a free and open source software development and distribution model. It has evolved exponentially from an x86 (Intel) processor platform to almost any other CPU you can name. In recent years due to simplicity of installation, world-wide support and of course the all-encompassing incentive, free or low-cost, has encouraged rapid growth in desktop use.

It was bound to happen sooner or later. Someone was going to come up with malware designed to either harm your software or stealthily grab information for someone to enhance their pocket-book illegally. That day has arrived and the Trojan you might unknowingly install on your computer is called, “Hand of Thief“.

A distribution is driven by its developer and user communities. Software is developed, improved and mostly supported by individuals which submit their software to a committee operated by an organization which also sells a more comprehensive and supported version. Server revenue with applications are the principal financial structure as well as voluntary donations in supporting these organizations / companies.

Depending on what Linux flavor you use, determines how updates are sent out and notifications received for updates to the individual systems. Desktop Linux such as Mint, which I use, provide a tool bar notification placed at the bottom of the desktop. Whenever updates are available, the shield icon will change from a check mark to an exclamation point. If I click on this symbol, I will be asked to enter my password to allow these updates and modifications to my software on my computer.

If you go outside of the normal process to obtain updates, you run the risk of possibly loading this new Trojan, “Hand of Thief“ Prevention of loading this program is relatively simple, avoid going outside your normal software updates or software application center for new or updated programs. Loading any updates from the command line exposes you to a possibility of installing the "Hand of Thief", Trojan application.

What does this program do to harm you? It captures information you type to access bank accounts and other private secured screens. It then back doors that information which is sold on the open market. The stolen information is currently sold in cyber crime communities for $2,000.00 (USD), and that price includes free updates. It is rumored to work on Ubuntu, Fedora, and Debian Linux distributions as well as others. It attacks all common web browsers, such as Firefox and Chrome.

Distributions such as Ubuntu review all submitted packages. Mint is based on UBUNTU, therefore if someone attempts to slip them this Trojan, they will catch it & not distribute the application and track the individual which sent it.
✧ Do not install unsigned (non-certified) packages
✧ Do not add unofficial repositories without knowing the safety of repository.
✧ Keep your system up to date at all times.
✧ Keep all browser plugins up to date.
✧ If your distribution has SELinux, use it.
✧ Do not let others install software on your machines.
✧ Use secure passwords that aren't simple phrases or contain your birth-date or social security number.
✧ If prompted to enter the root user (or sudo) password, 1st understand why you have been asked to enter this password. It may just be a method to gain access to your computer.

I have installed an anti-virus program on my Linux PC. I suggest you do as well.

Related articles

Microsoft Windows XP support terminated in 2014. Don't use Windows XP. Upgrade immediately.

All HIPAA compliance ceases when this support is removed.

No newer updates will be produced for patches or security past that point. There are many organizations considering what they must do to acquire new licenses for all their desktops in either Windows 7 or Windows 8. Windows 8 is the least traditional in appearance. It uses tiles instead of icons. It is possible with Win 8.1 to take a back-step and use the more traditional Windows 7 desktop.

Frankly if I was forced to make the change over decision between Win 7 or Win 8, the overwhelming decision for me would favor the latest OS. Using the latest Windows lengthens support time.

Linux has become a market share leader of web servers. The desktop is dominated by some version of Microsoft Windows or Apple OS X.

There are a lot of companies that will need to update their desktop computers as the support for Windows XP ceased in April 2014. Windows Vista mainstream support ended in 2012 with extended option to 2017.

Given my experience and knowledge of managing both the Windows and Linux desktop environment, the hands down favorite for me is Linux. If I was given the choice in a company where I managed the desktop, and was positioned to have to migrate to a newer OS, Linux would be a better choice as a path to improve reliability, performance, elimination of planned obsolescence, and a much lower Total Cost of Ownership. The only reasons that might prevent this migration are the following:

 1 - Company managers refuse to allow I.T. this option. Clearly for those not exposed to this OS, there are a lot of falsely circulated rumors which suggest Linux is hard to manage, difficult to support, can't run the necessary applications for the business. Most of this is entirely false but there are some conditions which can impact this decision.

 2 - A large staff with little to no experience in rolling out and supporting Linux as opposed to Windows. This becomes less valid of an argument when the staff is only familiar with XP or Vista and maybe a little Win 7. There's a definite learning curve for desktop support in Win 7 but even more so with Win 8. Proper training can never be trivialized but if the learning curve appears formidable to migrating to Linux, it might make economic sense in the long run to send out key staff to be trained on Linux and desktop / server support because the acquisition cost of Windows 7 or 8 vs Linux is astronomically larger for Windows.

 3 - Key business software only runs under Windows and the third party seller / integrator hasn't tested their product using Linux. Rest assured this is short sighted on multiple fronts. Linux is slowly gaining market share and most application software has an equivalent program running under Linux. There are times when the required application program will only be certified to run and is the only program of its kind to meet the need of the business. Again, research into what's available for Linux usually turns up a solution equal or even better than the restrictive Microsoft only program(s).

Two other programs which have received wide usage and support most Windows programs are WINE or the commercial version from Codeweavers. CrossOver Office allows you to install your favorite Windows productivity applications in Linux, without needing a Microsoft Operating System license. CrossOver includes an easy to use, single click interface, which makes installing a Windows application simple and fast.

While many books and magazines have switched to Linux a long time ago, Linux software still has very experimental CMYK features. This is getting better, but it's not really satisfying for professional use yet. If you work in the printing industry and use a lot of CMYK colors with special image printing effects, you probably should stick with Microsoft Windows for now. You can still install Linux, keep Windows, and use both of them, depending on your needs.

 Why you should consider updating to Linux

Are your tired of restarting your computer all the time? Reboots after software updates or security patches are often necessary with Windows. Say goodbye to 99% of those issues in Linux. Linux is stable, it runs perfectly well without restarting all the time. Clearly if you are having hardware issues, Linux isn't going to fix those problems. So if your desktop hardware is functioning fine, say goodbye to the nasty blue screens. Many computers I've supported haven't restarted for several years running under Linux.

If you want a better browser, a decent email application, an instant messaging program with support for many protocols like IRC, AIM, ICQ, MSN, Jabber, MySpace, Yahoo, an easy to use application for image editing and many more programs, then a Linux distribution may be right for you. Get a pre-installed box and have a secure, fast and reliable system which doesn’t get on your nerves. never bother with Windows again. 
Adding programs is a breeze under Linux as well as updates. Most programs (not all) are free under Linux. I find that when a commercial version OS offered, it's best to pay and have better support with added features over the free version.
Linux is very secure. There are literally thousands of nasty virus, malware and worms which you must routinely keep your applications and anti-virus programs up to date to fight off. I use an anti-virus program for all of my Linux machines however I've never experienced a program attacking the OS. In theory it could happen in practice over the past 20 years it never has for me. I can't recall the number of times I've had to spend hours troubleshooting or restoring servers / desktops back into service that are running Windows.

An Operating System is like building a house, if you start out on a good foundation you won't have to be repairing cracks or re-leveling the building. Linux started as a full fledged multi-tasking operating system with a kernel for the core tasks with fully inter-operable documented shells for added features. Windows required a lot of changes over the years to migrate from a single tasking / single computer operating system. OS/2 NT were their first successful attempts in trying to achieve what UNIX was doing successfully since the 60's & 70's.

A Linux system is not based on the assumptions of hard drives making it much more flexible than a 'Drive Letter' approach.  No patchwork quilt was required when it came to Linux as the developers realized the advantages of a UNIX / MINIX environment and patterned the kernel after these systems.

Another advantage of Linux is the support available with experienced users that can guide you through your problem or question, regardless of the time. You can ask people at 3 a.m. and still find people on-line who will know the solution.

Five points of comparions - Ubuntu 12.04 vs Windows 8
Why Linux is better than Windows
Why it's time to ditch Windows and switch to Linux

I can guide your choice based on your needs as well as help your staff roll-out a Linux system wide distribution.