November 2024

Download

Reminder: We recommend not installing Windows 11 24H2 yet unless one of the new features directly affects you. Let others work out the bugs. There are some serious issues after upgrading.

Support for Windows 10 will end on October 14th, 2025. Microsoft will charge consumers $30 for a year of Extended Security Updates (ESU) for Windows 10. Businesses will be charged $61 for the first year of ESU per computer and $122 for the second year.

Microsoft delays the Windows 11 Recall feature again.

Office 2024

The new single-purchase, non-subscription version of Microsoft Office is a replacement for Office 2021 and Office 2019. Office 2021 has two more years of support, and Office 2019 has another year of support life.

Beware: On Amazon and elsewhere, there’s a product called “Truly Office 2024” with “Truly” in deceptively small letters. Don’t fall for it because it’s not “truly” Microsoft Office 2024.

Windows Server 2025 was released on Nov. 1. We recommend waiting to install.

Known issues. More.

More trouble with the new Outlook app.

Microsoft is making IPV6 the primary method of Exchange email delivery. This may affect some customers’ whitelists and mail delivery. Check with us if you would like assistance.

Apple announcements: a refreshed iMac with an M4 chip and new color options, an updated keyboard, mouse, and trackpad with USB-C ports; A redesigned Mac Mini with the M4 Pro chip; Updated  MacBook Pro with M4 chips; Increased base RAM in the MacBook Air to 16GB.

Users of iOS 18 have complained about the changes to the photo app.

New Amazon Kindle models are out.

Audible is offering three months for $3 in an early Black Friday deal for new users. If you haven’t tried Audible books, I recommend it.

Race Communications will provide high-speed fiber-optic networking in Porterville in 2025.

unWired broadband plans to bring NextGen fiber internet to Parlier and Coalinga.

Recruiters and companies are posting non-existent “ghost” jobs to lure candidates for other purposes.

AI

Apple Intelligence is now available. It is supported on an iPhone 15 Pro or iPhone 16, iPadPro M1 or later, and Macbook with M1 or later.

If you want to try Apple Intelligence, you must get on a waitlist.

To join the waitlist after you’ve updated to iOS 18.1, go to Settings, then “Apple Intelligence & Siri,” and then tap the “Join the Apple Intelligence Waitlist” option.

Apple says  Apple Intelligence is “usually available for activation within a few hours of joining the waitlist.”  It’s not so intelligent yet.

NewsGuard reveals damage from AI bot-generated material.

More than 1,000 bogus “news” sites that are entirely bot-generated and unreliable — running with little or no human oversight — have been identified by NewsGuard to date.

Popular chatbot systems readily spread misinformation. When leading chatbots were subjected to red-teaming (i.e., systematic testing), the systems would merrily repeat false claims in 80% to 98% of the cases, according to a 2023 NewsGuard study (PDF).

Russia, Iran, China, and other nation states are increasingly incorporating AI-generated or enhanced content into their influence operations in search of greater productivity, efficiency, and audience engagement. This clickbait is not limited to the election. Be skeptical whenever there is any sort of trending national or international news story. If there is a means for the attackers to gain an advantage or gain more money from influencing a topic, you can pretty much guarantee they will.

SECURITY

New guidelines for logins and passwords from NIST.

  • Passwords must be at least 8 characters long, and it’s recommended to require at least 15 characters.
  • Allow a maximum length of at least 64 characters.
  • Passwords should allow printable ASCII and Unicode characters.
  • Do not use password complexity rules.
  • Do not require scheduled password changes. Password policies should only require a change if a credential may have been compromised.
  • Do not require the use of knowledge questions (“What was the make and model of your first car?”)
  • Check suggested passwords against a list of known bad passwords (including dictionary words and previously cracked passwords).

Microsoft’s recent Digital Defense report:

Microsoft Entra data shows that password-based attacks make up over 99% of the 600 million daily identity attacks. Over the past year, Microsoft blocked 7,000 password attacks per second, highlighting the persistent and pervasive nature of these threats.

We strongly recommend using two-factor authentication to protect yourself better.

If you have the correct MS 365 license, you can see Microsoft’s security articles here: https://security.microsoft.com/intel-explorer

Booking.com Phishing. Beware of calls asking for banking info to confirm your reservation.

A phishing-as-a-service (PhaaS) platform called Mamba 2FA targets Microsoft 365 accounts using well-crafted login pages. Don’t click on MS 365 links sent to you in email or Teams unless you know the sender. Look carefully when authenticating to Microsoft to be sure you are actually on their site (microsoftonline.com).

Mamba 2FA is currently sold to cybercriminals for $250/month.

The Internet Archive (history of all Internet web pages) was under attack, with a breach revealing info for 31 million accounts. It is now mostly back online.

Google’s reCAPTCHA is used in sophisticated phishing attacks.

Your robot vacuum cleaner might be spying on you.

Robot vacuums are using photos and audio to train their AI.

Nearly anyone can use your phone to track you using location data used for advertising.

Babel Street’s LocateX platform also allows customers to track individual mobile users using their Mobile Advertising ID or MAID. MAID — the unique alphanumeric identifier assigned to each mobile device — was originally envisioned as a way to distinguish individual mobile customers without relying on personally identifiable information such as phone numbers or email addresses.

Some sources of MAID data can be apps on your phone such as AccuWeather, GasBuddy, Grindr, and MyFitnessPal that collect your MAID and location and sell that to brokers.

A user’s MAID profile and location data are commonly shared as a consequence of simply using a smartphone to visit a web page that features ads.

Android users can permanently delete their ad ID by opening the Settings app and navigating to Privacy > Ads. Tap “Delete advertising ID,” then tap it again on the next page to confirm.

Google’s documentation on this is here.

Apple’s iOS requires apps to ask permission before accessing your device’s IDFA (Identifier for Advertisers). Apple users can also set the “Allow apps to request to track” switch to the “off” position, blocking apps from asking to track you.

FTC opened an investigation into commercial phone-tracking firm Venntel.

Change Healthcare Breach Hits 100M Americans. You may have already gotten a letter.

It would be prudent to place a security freeze on your credit file and on that of your family members if you haven’t already done so. Change’s parent firm, United Health Group, has incurred $1.521 billion in direct breach response costs so far.

The National Public Data breach exposed 270 million users. The company has filed for bankruptcy.

HUMOR

We are excited to be moving to HALOPSA ticket tracking software in January. This will allow improvements in invoicing as well as a customer portal for submitting and tracking tickets and paying bills.

Tim Torian

Torian, Group, Inc.

Newsletter Sign-Up

The Torian Group Times Newsletter is a service to our clients, and anyone who finds it useful. Topics include security updates; known problems with recent patches; new and upcoming software and hardware that might affect your business; and information about technology in the Visalia area.  It is free to anyone who wishes to subscribe by providing their name and email address. We will not do anything with this information other than sending the newsletter – no unsolicited marketing of any kind.

Subscribe to our Newsletters