Chatbots. They’re usually a waste of your time, so why not have them waste someone else’s instead? Better yet: why not have them waste an email scammer’s time.
That’s the premise behind Re:scam, an email chatbot operated by New Zealand cybersecurity firm Netsafe. Next time you get a dodgy email in your inbox, says Netsafe, forward it on to email@example.com, and a proxy email address will start replying to the scammer for you, doing its very utmost to waste their time. You can see a few sample dialogues in the video above, or check out a longer back-and-forth below.
It looks infuriatingly effective.
Using chatbots to give email scammers a taste of their own medicine isn’t that new. And although Netsafe has made a very fancy looking video promo for their bot, the technology behind it is relatively simple; relying more on pre-programmed conversational misdirects than sophisticated artificial intelligence.
Really, though, that’s all it takes. Another famous chatbot time-waster is “Lenny,” which is designed to waste telemarketers’ time, and does so without any AI or speech recognition component. Instead, Lenny uses just 16 pre-recorded snippets of dialogue, each of which is as vague and ambiguous as possible. Lenny simply waits until there’s a gap in the conversation, then plays one of its bits of dialogue, cycling through all 16 in various patterns.
The technique is surprisingly effective, as the video below shows. (You’ll feel sorry for the caller before long.)
But let’s just wait until the scammers have their own bots, too. That’ll be the future of cybersecurity: millions of bots battling back and forth behind-the-scenes, running interference for us. That is, until the bots stop fighting one another and decide to take on their common enemy instead. Let’s hope we can waste their time just a little longer.
With a crop of non-security Office updates due today, a big dose of security patches expected in a week, and a known bug in the KB 4041686 Win7 Preview, now’s a good time to make sure you have Automatic Update set so it won’t deal you a nasty surprise.Last month we had no end of problems with Microsoft’s Windows and Office patches. If your machine was attached to a corporate Windows Update server, and your admin approved Windows patches for immediate distribution, your PC may have joined a sea of blue screens. There were lots and lots of additional gotchas.
This month, we already know that KB 4041686, the 2017-10 Win7 Preview of a Monthly Rollup, has a retrograde bug in it that clobbers SFC scans. It’s not at all clear if Microsoft is going to fix that bug before the Preview becomes the for-real Monthly Rollup.
We also know that last Thursday's attempt to fix a bug introduced in the October security patches failed miserably, with Microsoft surreptitiously pulling KB 4052233, 4052234, and 4052235 and erasing them from the KB list, the catalog, and even the update histories. Heaven only knows if the next iteration of that abomination will succumb to a similar fate.
Later today, we should see a dozen or more non-security patches for Office. You don’t need any of them right away. A week from now, the security fixes should roll out. As I’ve argued many times before, it just makes sense to hold off installing Windows and Office updates until the major first-round bugs get shaken out. Let the unpaid beta testers sacrifice their machines first.
If your PC is attached to a Windows Update server, buy your admin a cup o’ coffee and gently make sure they don’t have WSUS or SCCM set to automatically approve updates as soon as Microsoft dishes them out.
If you’re running Win7 or 8.1, the method for blocking updates isn’t difficult. Disable Automatic Update in Vista, Win7 or 8.1
If you’re running Windows 10 Pro Creators Update (version 1703) or Fall Creators Update (1709), the method’s even easier: telling Auto Update to back off just takes a couple of clicks. See Steps 7 and 8 in 8 steps to install Windows 10 patches like a pro.
But if you have any other version of Win10, you aren’t so lucky. Win10 Home users, and those with earlier versions of Pro, are considered fair fodder for the unpaid beta-testing cannons.
Take a minute right now and make sure Automatic Update is turned off.
Bad Rabbit: Ten things you need to know about the latest ransom-ware outbreak's the third major outbreak of the year - here's what we know so far.
A new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe. Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics. Things you need to know about the latest ransomware outbreak. Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is. Now the initial panic has died down, however, it's possible to dig down into what exactly is going on.
IE is far from the cutting-edge for security, these days…
If you still use Microsoft’s Internet Explorer, then you should be aware there’s a bug in the browser which leaks the URL (or anything else) you type into the address bar.The problem affects the latest version of Internet Explorer and was discovered by security researcher Manuel Caballero.
ADVERTISINGAs Ars Technica reports, the flaw allows the website the user is currently visiting to view any text they type into the browser’s address bar, with that text becoming readable as soon as they leave (i.e. as they hit the enter key).
This means that a maliciously-controlled website can exploit the bug to grab the URL of the next website that you’re visiting, or if you’ve typed text into the address bar, it will also snaffle that – because Internet Explorer will automatically convert that to a search (on Bing by default).
And the victim won’t be aware that this has happened, because they’ll simply be whisked off to whatever website or search they entered.
Time to move on?Given the news yesterday that Windows 8.1 has been hit by a nasty bug which prevents users from logging onto their PC with a Microsoft account – and with no apparent ETA on a fix – maybe it’s time folks started seriously thinking about moving away from ageing Microsoft software.
Of course, if you are on Windows 10, it has the Edge browser as well as Internet Explorer, and the former is obviously where the software giant’s focus lies – particularly when it comes to security aspects.
As Caballero himself observes: “[Microsoft is] really moving forward regarding Edge, design bugs, and they even extended its bug bounty, which seems to be permanent now … but I still believe it is not acceptable to leave IE wide open.”
“In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, [and] more honest to simply tell users that their older browser is not being serviced like Edge.”
Naturally some users are forced to go with Internet Explorer due to legacy issues with services or sites, but if you have a choice, it seems like an increasingly good idea to step up to a contemporary piece of software – whether that’s Edge, Chrome or Firefox, or indeed another alternative.
With iOS 11 and macOS 10.13 High Sierra, Apple no longer allows the use of two-step verification, its original and hastily built, somewhat creaky systemfor confirming a login. If you’re still using two-step, the moment you upgrade to iOS 11 or High Sierra, Apple will convert you to the newer two-factorauthentication (2FA) method it introduced in September 2015. You don’t have to do anything but pay attention to how it works.
The best way for most people to protect an account from letting anyone who can obtain its password from being able to log in is to use 2FA. A factor is something that identifies you. A password is one kind of factor (something you know) and a token that’s sent to a phone or via SMS is another (something you have).
Apple’s original two-step system relied on its Apple ID site for set up and management, and could only send codes to iOS devices and via SMS. Its update in September 2015 left two-step in place for those who continued to want to use it, but the 2FA revision was far better. Enrollment happens via iOS and macOS. Apple’s system isn’t as robust as some security experts would like, but it’s definitely better than a password-only option.
If you’re still using two-step verification (and if not, you didn’t need to read this far), when Apple converts your account to 2FA with iOS 11 or High Sierra, here’s what you need to know:
iOS 11 is released yesterday here's a way you can get your hands on it.
HOW TO GET IOS 11
The recommended way is to tap Settings > General > Software Update and carry out the refresh from there.
Alternatively, you can connect the iPhone or iPad to a PC running iTunes and do the upgrade from there.
WHAT DEVICES CAN RUN IOS 11?iOS 11 is supported on the following devices:
REMEMBER: THINGS CAN GO WRONG!Before you go hog-wild, throw caution to the wind and start upgrading, be aware that there are risks. Things can go wrong, stuff may be broken, and you may lose data. Plenty of iOS launches have been marred by bugs and problems, so with that in mind, it's a good idea to have an up-to-date backup, because making a fuss isn't going to bring back your lost photos or documents.
You can either create a local backup using iTunes, or backup to iCloud by going to Settings > iCloud > Backup, and then turning on iCloud Backup.
Keep in mind that unless you're willing to jump through hoops and do things that Apple frowns upon, going to iOS 11 is a one-way trip, so you might want to let other people to go ahead of you just in case there are gotchas
SPRING CLEAN YOUR IPHONE OR IPADChances are that your iPhone or iPad has accumulated a lot of detritus over the months and years, so what better time to get rid of it than now.
While iOS 11 doesn't need as much free space to install as some of the earlier releases of iOS, getting rid of apps that you no longer use -- or perhaps have never used -- makes good sense.
KNOW YOUR PASSWORDSFollowing the upgrade, you'll need to enter your iCloud password in order to be able to reconnect to all your data and photos. If you don't have this close to hand -- remember, having it on the device you're upgrading isn't all that convenient -- then this might be a good time to do that.
Also, if your iTunes backup is encrypted, then remember you'll need that password if something goes wrong!
PREPARE YOURSELF FOR THE "APPOCALYPSE"The end is nigh for all 32-bit iOS apps, so if you're still relying on older apps, it's time to find alternatives.
For some time now, Apple has been warning iPhone and iPad users that legacy 32-bit apps may slow down their devices, but with the recent release of iOS 10.3, Apple has escalated things by making it clear that the end is nigh.
You can check installed apps for compatibility using the built-in checker tool (you need to be running iOS 10.3 or later for this to work).
You can find that by clicking: Settings > General > About > Applications.
From there, you'll get a list of all the 32-bit apps on your iPhone or iPad that won't run on iOS 11. If you're lucky, you won't have any apps listed, or the apps that are listed will be old stuff that you forgot you had installed and no longer use.
However, if an app that you are relying on is listed, then you need to get ready for its demise.
IS IT BETTER TO UPGRADE OR WIPE THE DEVICE AND START FROM SCRATCH?It's a lot less hassle to just upgrade a device because you get to keep all your apps and settings.
However, devices that I have wiped and reloaded a new iOS onto, and then installed and re-setup all my apps and such, feel faster and seem to suffer from fewer problems (such as Bluetooth and Wi-Fi issues). However, wiping and reloading the apps and data is pretty big hassle, and it's probably more work than most want to undertake.
SHOULD I WAIT A WHILE BEFORE DOING THE UPGRADE?There will likely be an update or two to iOS 11 coming down the pipes over the coming weeks, so you might want to wait for the dust to settle and for any last-minute bugs to be squashed before making the leap, especially if you rely on your device.
Also, if you use your device in a BYOD setting, make sure you get the OK from the IT department before upgrading, in case you're unable to access the network or data you need.
Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast's own figures, 2.27 million ran the affected software, though the company said users should not panic.
The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.
Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.
Cisco TalosThe CCleaner app, designed to help users carry out good cyber hygiene, was itself infected.
The malware would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hackers' server. The hackers also used what's known as a domain generation algorithm (DGA); whenever the crooks' server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.
Downplaying the threat?
CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.
"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."
Not all are convinced by the claims of Piriform, acquired by Avast in July. "I have a feeling they are downplaying it indeed," said Martijn Grooten, editor of security publication Virus Bulletin. Of the Piriform claim it had no evidence of much wrongdoing by the hacker, Grooten added: "As I read the Cisco blog, there was a backdoor that could have been used for other purposes.
"This is pretty severe. Of course, it may be that they really only stole ... 'non-sensitive data' ... but it could be useful in follow-up targeted attacks against specific users."
In its blog, Talos' researchers concluded: "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates."
Avast CTO: No need to panic
Avast chief technology officer Ondrej Vlcek said there was, however, little reason to panic. He told Forbes the company used its Avast security tool to scan machines on which the affected CCleaner app was installed (in 30 per cent of Avast installs, CCleaner was also resident on the PC). That led to the conclusion that the attackers hadn't launched the second phase of their attack to cause more harm to victims.
"2.27 million is certainly a large number, so we're not downplaying in any way. It's a serious incident. But based on all the knowledge, we don't think there's any reason for users to panic," Vlcek added. "To the best of our knowledge, the second-stage payload never activated... It was prep for something bigger, but it was stopped before the attacker got the chance." He said Cisco Talos wasn't the first to notify Avast of the issues, another unnamed third party was.
It's unclear just who was behind the attacks. Yung said the company wouldn't speculate on how the attack happened or possible perpetrators. For now, any concerned users should head to the Piriform website to download the latest software.
Over 143 Million Affected as Equifax is Hit by Massive Cyber AttackThe names, Social Security numbers, birth dates and drivers license numbers of more than 143 million people in the U.S. have been exposed
The names, Social Security numbers, birth dates and drivers license numbers of more than 143 million people in the U.S. have been exposed as a result of a cyber attack at credit reporting agency Equifax Inc.
Equifax said Thursday, Sept. 7, that criminals gained access to the information through its website in breaches between May and July. The company said it learned of the attack on July 29. The information accessed wasn't from Equifax's consumer and commercial credit databases, meaning that credit scores don't appear to have been exposed.
However, the credit card numbers of 209,000 U.S. consumers and dispute documents belonging to an additional 182,000 people were accessed, according to Equifax.
The company set up a website -- https://www.equifaxsecurity2017.com/ -- where people can check to see if their personal information may have been stolen.
Equifax shares fell 13.5% in premarket trading on Friday.
Apple has released iOS 10.3.3 for the iPhone, iPad and iPod touch to the public today. Six betas of iOS 10.3.3 were rolled out to developers and the public before the final version launched. The previous iOS update — iOS 10.3.2 — was released on May 15th.
Like iOS 10.3.2, iOS 10.3.3 is also a minor point release update with bug fixes and security improvements for iOS 10.3. And the larger iOS 10.3 update contained noteworthy features like a revamping of the file system, a Find My AirPods feature, Wi-Fi Calling on iCloud devices with Verizon, an Apple ID Settings menu, a Podcasts app widget, weather forecasts in the Maps app, an iCloud storage meter and new app animations.
iOS 11 Coming This Fall
And in early June, Apple hosted the Worldwide Developers Conference (WWDC) where iOS 11 was announced. So Apple is unlikely going to be adding any major features to iOS until iOS 11 arrives in the fall.
While iOS 10 emphasized improvements on Apple’s stock apps and the Lock Screen, iOS 11 will be known for productivity features, especially for the iPad. The iPad will support more app icons in the dock, a new slide over feature, drag-and-drop, a new App Switcher interface and a Files App.
ADVERTISINGiOS 11 features also include a redesigned App Drawer and Control Center, action syncing for Messages across all devices, the ability to make payments through Messages, real-time language translation through Siri, editable Live Photos, indoor mall and airport maps in the Maps app, a Do Not Disturb feature that can be automatically activated while you are driving, speaker support in the Home app, an AirPlay update for multi-room audio streaming, revamped Apple Music profiles, an App Store app overhaul, a document scanner feature in the Notes app, a one-handed keyboard mode, a screen recording feature, an automatic setup for new devices, ARKit for facilitating augmented reality apps by developers and much more.
What Is Included In The iOS 10.3.3 Update?
Apple did not provide much information in its release notes. However, the iOS 10.3.3 betas revealed some of the details. iOS 10.3.3 has only one visible change: new wallpapers for the 12.9-inch iPad Pro. There will likely be one more minor iOS 10 update with bug fixes before iOS 11 arrives.
The release notes of iOS 10.3.3 simply say: "iOS 10.3.3 includes bug fixes and improves the security of your iPhone or iPad." Once I find out more specific details about the update, I will update this article.
iOS 10.3.3 update
The download size of iOS 10.3.3 update will vary based on the device and carrier you have. But it appears to be between 80-100MB
You can install iOS 10.3.3 by connecting your device to iTunes or downloading it by going to the Settings app > General > Software Update. The iOS 10.3.3 update is available for the following devices: iPhone 5 and later, iPad 4th generation and later, iPad mini 2 and later and iPod touch 6th generation and later.
macOS, watchOS and tvOS Updates
Apple also released macOS Sierra 10.12.6 for Mac computers, watchOS 3.2.3 for the Apple Watch and tvOS 10.2.2 for the Apple TV today, all of which have minor bug fixes as well. You can update the Apple Watch with a connected iPhone while the smartwatch is plugged into the charger with over 50% battery remaining. macOS 10.12.6 is available as a download on the Mac App Store. And you can update the Apple TV through the System menu and tap on Software Update.
A few weeks ago, Google announced a new Google Drive feature that will let users back up and sync more data and ever. Called Backup and Sync, the service will let you backup up practically any file you desire, not just your beloved photos. The service is now available and you can try it on Mac and PC.
Google explains that the new tool will replace the existing Google Photos desktop uploader and Drive for Mac or PC. “It’s a simpler, speedier and more reliable way to protect the files and photos that mean the most to you,” Google says.
Backup and Sync works with both Google Photos and Google Drive. You just have to select which folders to backup, and the service will do everything else. You can even set up the new app to automatically upload the files on devices you connect to your computer, including cameras, phones, SD cards, and others.
Once the backup is complete, you’ll be able to access the files from any device that has Google Drive installed, whether it’s a computer or a smartphone. Photos and videos, meanwhile, will be found inside Google Photos apps.
Backup and sync is available for free to users who have Google accounts. However, you’ll want to make sure you have enough cloud storage available before you start backing up your entire computer — read more about Google’s new service and download the new apps you need at this link.
If you’re a G Suite customer, Backup and Sync will work a little differently, here’s all the information you need.
Thecomputerheale.com makes no claims about the efficacy of the information contained in the documents and related graphics published on this website for any purpose. All information, documents and graphics are provided "as is" without any kind of guarantee of effectiveness. Thecomputerhealer.com hereby disclaims all responsibility for the manner in which the information offered on this website is used by you.
In no event shall Thecomputerhealeronline.com be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits arising out of or in connection with the use or performance of information available from this website.
The documents and related graphics published on this website may include technical inaccuracies or typographical errors. Changes are periodically added to the information on this website. Thecomputerhealer.com reserves the right, at its discretion, to change or modify all or any part of this agreement and the content on website at any time, effective immediately upon publication of this notice.
Your continued use of this website constitutes your binding acceptance of these terms and conditions, including any changes or modifications made by Thecomputerhealer.com as permitted above. If, at any time, the terms and conditions of this agreement are no longer acceptable to you, you should immediately cease using this website.