In this issue:
Ask Our Readers (new question): Cursor glitch in Win11 Mouse Properties. Editor’s Corner – cloud dependence and other issues, and a belated April Fool’s Joke. This Week in IT – cybersec, privacy, Win, WinSrv, Linux, Cloud. Tool of the Week and other stuff. Windows Autopatch resources and thoughts. IT Bookshelf: Cybersecurity: Ethics, Legal, Risks, and Policies. Factoid: I’d rather trust a fake! Plus lots more — read it all, read it here on WServerNews!
Someone just pulled the plug on the cloud. I wonder what life will be like. Photo by Kelly Sikkema on Unsplash
Mailbag
The following email was sent to us by Giles Merriott the IT Coordinator for the Civic Centre in Edson, Alberta, Canada:
Hello WServerNews,
Very much enjoy receiving your newsletter – I always find something of interest and use.
Just a very quick contribution:
In this past issue (#1338), you had recommend a strong password generator from F-Secure.
I’ve been using one from Bitwarden from some time now. I’ve been a customer of theirs for years, and have found their tools approach to security very solid. Although their password generator is yet another in a long list of many, theirs provides passphrases.
Not only does the philosophies of passphrases appeal to me greatly, but I’ve also enjoyed the complete buy-in with my users. Generating passphrases has been a source of amusement as I joke that ‘I keep hitting refresh until something makes me laugh’.
You can find the Bitwarden password generator here:
https://bitwarden.com/password-generator/
Thank you for your comments and the recommendation!
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Ask Our Readers (new question): Cursor glitch in Win11 Mouse Properties
Bruce Millar sent us the following email this week:
I found an odd glitch in my Windows notebook on the first boot after the Win 11 update was installed. I was having trouble finding my black cursor on screen with one of the new background slides. and wanted to try changing it. In the Main.cpl control panel, Pointers tab, there are only three cursors viewable in the Browse pop-up when trying to change the default cursor. the rest are all notebook icons:
This makes for extreme difficulty choosing an alternate cursor. Have you heard if anyone else has the same issue?
I replied that it looks like the .cur extension has been remapped to the Notepad app on the machine, and since this was an update to Windows 11 this issue may have been present previously on Windows 10. The question however is how do you remove a mapping of an app to a file extension and not remap it to another app? Because if you look at this registry key on a Windows machine that *doesn’t* have this problem:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\OpenWithProgids
you will see that .cur files are *not* mapped to any existing application or program. Do any of our readers have any ideas on how Bruce can restore his Cursors browse folder so it displays icons of cursors instead of Notepad? Email us if you do!
Got questions? Ask our readers!
WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Help spread the news!
Please tell all your colleagues and friends about WServerNews and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!
Editor’s Corner
Leveraging the flexibility and power the cloud certainly can bring big benefits to businesses. But what happens if a product or service you utilize that runs from or depends upon the cloud in some way suddenly goes AWOL? This has apparently happened with a vendor of “smart-home” devices called Insteon which abruptly shut down last weekend, causing users of their devices to stop working without warning. Ars Technica says “The app and servers are dead. The CEO scrubbed his LinkedIn page. No one is responding.” Yikes! Fortunately for the geeky-minded there is a workaround which is explained in this comment on SolyentNews, but it’s probably only a solution that the technically sophisticated to easily implement, not your average smart-home user.
This made me think however, which of the cloud services and cloud-enabled products we use for our business might be rendered useless if the vendor providing them suddenly shut down or died mysteriously? Would we still be able to operate certain aspects of our business, or would everything go kablooie? Every organization or company that utilizes anything to do with the cloud should give consideration to such possibilities. And as the story about Insteon indicates, even ordinary consumers can be badly affected by such cloud shutdowns—which makes me rethink my plans to buy a next gen smart refrigerator that leverages Azure Precept if Fujitsu ever brings this product to market (Internet of Things Blog).
There are other concerns with the cloud too of course. Such the risk of having your sensitive data exposed if you utilize cloud squatting (Bioengineer.org). Or calculating an accurate estimate of your cloud costs (eWeek). Or figuring out whether it makes sense to move from one cloud provider to another should the need arise (TechGenix). Or deciding whether it’s really worth your time and effort to try and right-size your instances running in the cloud (Last Week in AWS).
The cloud is not a simple one-all fix for all your on-premises IT headaches. Properly benefiting from cloud computing takes a lot of planning and careful preparation to ensure the result is secure, dependable and cost effective. The pricing estimate tools and wizards offered by vendors need to be used wisely to generate estimates you can trust (Tobias Zimmergren).
How do you feel about such cloud concerns? Let us know your thoughts about this subject.
Oh, and by the way we forgot to include an April Fool’s Joke several issues ago, so here it is for your nerdy enjoyment:
RFC 9225 – Software Defects Considered Harmful
https://www.rfc-editor.org/info/rfc9225
Enjoy.
Anyway, we hope that you enjoy this week’s issue of WServerNews, feel free to email us your comments or questions about anything in this newsletter.
This Week in IT
A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in.
Let’s kick off This Week in IT with some more coverage about the Spring4Shell vulnerability in the Java Spring Framework which the Mirai botnet is exploiting to infect systems around the world. Vuk Mujovic has a quick summary of this vulnerability and lists some risk indicators in his article on TechGenix. And Günter Born has links to key vendor posts concerning the vulnerability plus links to several other informative articles. If you know of any other useful infos about this problem please let us know and we’ll share it here next week.
In other cyber security news—well, there’s lots of it so let’s be concise:
- Millions of Endpoints Affected by Critical HP Teradici PCoIP Vulnerabilities (Heimdal Security)
- Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? (Ars Technica)
- CISA warns of attackers now exploiting Windows Print Spooler bug (BleepingComputer)
- Phishing uses Azure Static Web Pages to impersonate Microsoft (BleepingComputer)
And on the privacy front, since the whole world seems to follow wherever California goes, make sure you read the following if compliance matters for your organization:
Sometimes I think IT professionals these days have to spend more time keeping up with new privacy legislation than learning new technologies!
Windows news
Ned Pyle has announced on the Storage at Microsoft blog that SMB1 will now be disabled by default on Windows 11 Home Insiders builds. And when the next major release of Windows 11 goes out to customers, SMB1 will be disabled by default on it as well. But if you perform an in-place upgrade of a SMB1-enabled machine to Windows 11, your upgraded machine *will* still have SMB1 enabled. And if you still really need SMB1 to communicate with your old NAS or other legacy hardware, you can always enable it with admin credentials on your machine. For some additional perspective on this change see this article by Günter Born.
Did you know the Windows Task Scheduler is often used by threat actors to create hidden scheduled tasks that maintain persistence after they hack a Windows machine? The following post on the Microsoft Security blog explains how hidden tasks are created and how to recognize and prevent them.
Windows Server news
BleepingComputer reports that Windows Server systems can now be opted into getting automatic updates for the .NET Framework and .NET Core via Microsoft Update (MU).
Linux news
A bit of news for readers using Linux in their environment. Fedora Plans to Drop Support for Legacy BIOS Systems (Linuxiac). Linux Mint has released a new version of their operating system that’s based on Debian instead of Ubuntu (Tom’s Hardware). Kali Linux has added a snapshot feature to its filesystem which means you can now take VM-like snapshots on bare-metal installs (BleepingComputer).
Microsoft has done a refresh of its in-house CBL-Mariner Linux distro (TechRadar) and has also added AlmaLinux to its line of distros available for installation on Windows using WSL (Linux Magazine).
And speaking of distros, Linux OS has proven to be a good choice for powering IoT devices, but which of the many Linux distros is best for your purposes? Find out in this TechGenix article.
Cloud news
Microsoft has made some improvements to Azure Backup so that it now provides alerts via Azure Monitor (ITOps Talk Blog). For customers running virtual machines in Azure, this can help ensure they always know the status of their backups as nothing is worse than trying to restore a VM from a failed or incomplete backup.
On the AWS side comes news from Cado Security about new malware designed to run in the serverless AWS Lambda environment (BetaNews). And if you use AWS RDS you might not be aware that this services doesn’t enabled TLS by default, which means that clients are able to connect to it insecurely. This post on the Kloudle blog explains how to mitigate this issue.
Upcoming webcasts, events and conferences
Got an event, conference or webcast you want announced in our newsletter? Email us!
Directions Asia 2023 – April 28-29 in Bangkok, Thailand. Register.
Dell Technologies World – May 2-5 in Las Vegas, Nevada USA. Don’t miss it!
Also be sure to check out Redmond Channel Partner’s calendar of upcoming Microsoft conferences for partners, IT pros and developers!
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Meet the Editors!
MITCH TULLOCH is Senior Editor of WServerNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of WServerNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
IT Workshop – tools, whitepapers and more
Got a product or solution or some other resource you’d like to tell our readers about? Email us!
Our TOOL OF THE WEEK is VirtualBox, a powerful community-developed virtualization product backed by Oracle for enterprise as well as home use. Version 6.1.34 of VirtualBox has just been released and a description of the bug fixes and improvements can be found in this post on Born’s Tech and Windows World blog. See also this TechGenix article on how to fix an error message when creating a virtual machine using VirtualBox on macOS for the first time.
If you need a secure instant messaging app you may want to consider Speek.Chat, free open-source software that uses the Tor network. More info in this article from the UbuntuHandbook.
ADMX – Version 2.0 of the Administrative Templates (.admx files) for Windows 10 November 2021 Update (21H2) are now available on the Microsoft Download Center.
Group Policy – Version 2.0 of the Group Policy Settings Reference Spreadsheet for Windows 10 November 2021 Update (21H2) are also available on the Microsoft Download Center.
Tips and Tutorials
Include two TG links
Ready or not, Windows Autopatch is coming soon to help customers having Windows Enterprise E3 subscriptions automatically keep Windows and Office software on enrolled endpoints up to date. Will this be a good or bad idea, given the problems that bad patches recently have caused some customers? Who knows! But it’s probably a good idea to learn everything you can about Autopatch before it gets released later this summer. Here are the top resources we’ve seen so far:
- Get current and stay current with Windows Autopatch (Windows IT Pro Blog)
- Windows Autopatch FAQ (Windows IT Pro Blog)
- Windows Autopatch is coming soon. Here’s what you need to know (ZDNet)
My take from reading these articles:
- Yes this *can* make your life as an admin easier since it means you won’t have to worry anymore about downloading and packaging updates or about deploying service stack updates before cumulative updates.
- *But* Autopatch is cloud-only, so if you’re an on-premise shop it’s a no go, which may be good or bad news depending on your viewpoint.
- At root however this feature is probably marketing-driven i.e. to drive Microsoft customers towards upping their subscription to E3 by offering a simpler way to keep endpoints updated. But with any licensing change you should cost it out carefully before diving in.
- This *may* be a good idea for orgs that have lots of users working remotely which is pretty much the norm nowadays since workers who have been on “pandemic home leave” are pushing back against returning to the office.
What’s *your* take on Autopatch? Email me!
Freebies!!
Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!
You may not want this but you might one day need it. Born City reports that Kaspersky has released a free decryptor for Yanlouwang ransomware. Let’s hope you never have to use it!
BleepingComputer has a list of free cybersecurity training courses you might be interested in if you’re thinking of beefing up your expertise in this critical area for IT pros today.
Bitdefender has released Bitdefender Antivirus Free for Windows their new re-architected free antivirus product that offers enhanced features, functionality, and improved user experience compared to their previous free version.
Free ebook! The State of Cybersecurity in 2022 – Available from The Hacker News.
IT Bookshelf: Cybersecurity: Ethics, Legal, Risks, and Policies
Cybersecurity: Ethics, Legal, Risks, and Policies (Apple Academic Press, 2022) is a useful resource for IT decision-makers concerned about the ethical and legal aspects of cybersecurity. The book is divided into two parts. The first part starts by providing a brief introduction to various ethical issues involved in cybersecurity. The authors then proceed to describe different kinds of cyber laws followed by an extensive description of the current state of cyber laws in the United States. I found this section the most helpful and illuminating as I never imagined there were so many laws that U.S. businesses and organizations had to ensure they comply with in this area! Most of the cyber laws referenced are described only briefly, but it does provide a good starting point for identifying which laws might be most relevant to your organization in order to launch you into doing further research concerning these laws.
The second part of the book deals broadly with cyber risks and cybersecurity policies. Various risk identification methodologies are described in some detail including SWOT analysis, the Delphi Technique, SWIFT analysis, bow-tie analysis, probability/consequence matrix, and so on. It’s a good idea for C-level individuals responsible for cybersecurity to have at least an overview knowledge of these different risk analysis methods. This is followed by a chapter on cyber insurance, and here the level of detail can be very helpful for cybersecurity decision-makers. I could recommend obtaining the book simply to have access to this particular topic that it covers. The final chapter of the book deals with cybersecurity policies, and here most interested readers will probably already know most of the basics. What some readers may not be familiar with however are certain cybersecurity frameworks like the NIST CSF, IASME, ICASA’s COBIT, the PCI DSS framework of the payment card industry, the different ISO/IEC 27000 standards, and so on. Again, it’s good to have at least a basic understanding of these different frameworks, and the chapter will be sufficient for most readers in this regard.
Apple Academic Press exclusively co-publishes with CRC Press and is an imprint of Taylor & Francis Group, LLC. You can purchase this book in Hardcover or Kindle format on Amazon.
Factoid: I’d rather trust a fake!
Here is this week’s factoid:
Fact: Humans Find AI-Generated Faces More Trustworthy Than the Real Thing (Scientific Americn)
Question: Deepfakes and AI-generated images of people are not only a big concern nowadays but also big business—why pay someone to model your new clothing line if you can generate a fake image of a model wearing items from your line? How concerned are you about how “real” AI-generated photos and videos of people doing stuff are becoming? Email us your answer and we’ll include it in our next issue!
And Finally
The odd, the stupid and the remarkable. More fun than Jeopardy and Trivial Pursuit!
AI suggested 40,000 new possible chemical weapons in just six hours (The Verge)
https://www.theverge.com/2022/3/17/22983197/ai-new-possible-chemical-weapons-generative-models-vx
[In other news, I’ve just generated 75,000 new macaroni recipes I can post on my foodie blog!]
Famous Navy UFO Video Was Actually Camera Glare, Evidence Suggests (PetaPixel)
https://petapixel.com/2022/03/14/famous-navy-ufo-video-was-actually-camera-glare-evidence-suggests/
[Yeah but I’ll be it was an alien mind control beam that made me point my camera in that direction right at that moment.]
Cities are switching to “smart” rat control (Axios)
[Will it catch dumb rats?]
Simple electrical circuit learns on its own—with no help from a computer (Science)
https://www.science.org/content/article/simple-electrical-circuit-learns-its-own-no-help-computer
[And it offered no resistance when we told it to learn.]
Sleeping with the light on may be harmful to you (MSN)
https://www.msn.com/en-us/health/medical/sleeping-with-the-light-on-may-be-harmful-to-you/ar-AAVhLKb
[Walking around in pitch darkness can also be hazardous]
Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, Good grief!”, “Gaaahh!!” and so on. Thanks!
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!