All posts by Phil

Support for TLS 1.0 encryption ending

Did you know that support for TLS 1.0 encryption (which dates from 1990) ends this month, and Office 2010 doesn’t support anything later?
 
Why does this matter? It matters because there are several known exploits for this old encryption standard, which means that a determined hacker could “sniff” your login passwords. And a hacked email account can be used to reset the password on other online accounts, so there is a strong financial incentive for hackers.
 
The solution, as always, is to keep your software updated and make sure you have good backups.
 

Don’t panic about GDPR and make it worse

Customers are asking me whether they need to do anything about the new GDPR regulations. They want me to tell them that either they don’t need to worry because they don’t have a mailing list, or they just need to send everyone their privacy policy and everything will be fine. It’s not as simple as that because data can be stored in many ways and for many reasons – you need to actually read the guidelines to decide what applies to you.
 
The best explanation I’ve seen is here so take a few minutes to read that. In particular, you may have “legitimate interests” for storing personal data even if you can’t demonstrate consent.
 
Don’t just email all your contacts “to be safe” as everyone seems to be doing this week. That in itself may be illegal and make the problem worse. But that doesn’t mean you have to wipe your address book either. The following link has more details:
 

Stable patches for the “Spectre” vulnerabilities

Stable patches for the “Spectre” vulnerabilities are beginning to appear at last. If your computer is only a couple of years old you should check for a BIOS update. They’ll slow down your machine a bit but running unpatched for too long is asking for trouble.
 
It’s pretty scandalous that these bugs (Spectre and Meltdown) were released in the first place, even more scandalous that they went unreported for years and disastrous that for many people the only way to fix them now is to throw away every device that contains one of the affected processors (pretty much anything that connects to the internet) and buy new ones. I hope the CPU manufacturers are ashamed.
 

Quick guide to speeding up a laptop

It’s really easy to speed up most laptops. Dramatically.

1.   Kill most background programs

On Windows 10, press Ctrl + Alt + Del then Task Manager and select the Start-up tab. Disable all non-essential programs one by one. You may have to log in as an administrator if the button is greyed out.

Startup window

Then go to Settings > Privacy > Background apps and disable most of those. (On Windows 7 search for the command “msconfig” instead.)

On Mac OSX, go to System Preferences then Users & Groups then Login Items and click the minus button to disable each non-essential program.

OSX Login items

2.   Nix the antivirus

Believe it or not, most commercial antivirus programs do more harm than good. Uninstall them! On Windows 10 the built-in Defender will automatically activate and is just as effective with far fewer problems. (For Windows 7 search Microsoft.com for free “Security Essentials” which does the same thing.) Mac OSX also comes with enough built-in protection these days.  Now reboot your laptop and notice how quickly it starts up!

3.   Check the performance monitor

On Windows 10, open the Task Manager again but this time select the Performance tab. The graphs of CPU, Memory, Disk and Ethernet should all be pretty low now. If not, click the Processes tab to find the culprit.

Windows performance monitor

On Mac OSX, go to Finder then Go then Utilities and select Activity Monitor.

If Memory usage is high, adding some RAM is often a quick and cheap (less than £50) solution. If Disk usage is high, changing your hard drive to an SSD (solid state drive) is also cheap now and very effective – and will save battery life. We can help you buy the right ones and fit them. If CPU usage is high, fix the other two first.

OSX activity monitor

4.   Check for malware

Computers are sometimes slow due to malware. Here’s a really quick way to check if a Windows laptop is infected. Download “Process Explorer” from https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer. Extract the files (right click, extract all) then run procexp.exe. You will see a list of processes running on your computer (make sure all your usual programs are started – this test won’t check dormant programs on your hard disk).

Now click Options then VirusTotal.com and select “Check VirusTotal.com”. After a short delay this free service will check your computer memory against over 50 different virus checkers and report the results as a column of blue figures at the right. The number indicates how many virus checkers reported a warning (a few false alarms is normal) and the second number is the total number of checks.

Virus Total results

5.   Install an Ad blocker

This tip is specifically for browsing the internet. Most web browsers now include a “pop up” blocker by default, but you have to install a “plugin” or “extension” if you want them to block advertisements. Popular ad blockers include “AdBlock” and “Adblock Plus” – they’re very similar and easily installed, for example from https://chrome.google.com/webstore for Chrome, https://addons.mozilla.org for Firefox or https://www.microsoftstore.com for Edge (unfortunately not available for Internet Explorer, Safari or phones).

Advertisements quite often contain malware so it’s a good idea to block them for security reasons as well as for speed. Some sites rely on ads for income and won’t load unless you make an exception for them, but I still encourage you to try out an adblocker, it saves a lot of time and aggravation.

6.   Install security updates automatically

This last tip is more about security than speed, but it will save you time by installing important security patches automatically, not to mention time spent recovering from an infection. Windows will automatically update itself and Microsoft Office, but what about all your other programs? ? One answer is a free program called Patch My PC that you can download from https://patchmypc.net/.  Mac OSX users don’t need this because the App Store controls all updates.

Enjoy your fast laptop and tell your friends!

How to send something confidential by email.

Wax sealHow do you send confidential information to someone over the internet, so that only the intended recipient can read it? It’s a simple question, with a simple answer (encrypt it) that is easier said than done. When you think about it many of the emails we send could be embarrassing or worse in the wrong hands, so take a moment to find out how.

The easiest solution for most people is probably to use a trusted provider to do it all for you, rather than go through the pain of exchanging keys with all your correspondents.

  • Gmail
    The good news is Gmail already (since 2014) encrypts all messages between Gmail accounts provided you use the official Google apps or a web browser, so a lot of people are actually using encrypted email without realising it. Similarly, Skype and WhatsApp already encrypt all their communications. If you and the person you’re corresponding with both have access to Gmail accounts, use those.
  • Protonmail
    For everyone else a free Protonmail account is probably the simplest answer. You can use a web browser or their phone app to send and receive messages for free, or pay €4/month to get access to IMAP (and other extra features).

It’s up to geeks like us to help people with technology. So the next time someone emails you something confidential in plaintext that really should be encrypted, gently remind them by giving them your protonmail address or a public key with some instructions like these http://www.techadvisor.co.uk/how-to/…tmail-3636950/

Before you ask, I’m phil.mckerracher@protonmail.com

Exchanging documents that are too large to send as an email attachment is also a problem. Again, the easiest solution is probably a trusted cloud provider like Google Drive, Dropbox or OneDrive. Using 7-zip to compress the document with a password is better than nothing.

How to fix incoming email delays

Waiting for computer

Do your incoming emails sometimes arrive late, delayed by minutes or even hours? I found it really annoying when it happened to me, especially when trying to sign up to websites that required a response to confirmation emails before letting me in. I’ve even travelled to a cancelled meeting because of email delays.

Here are the most common causes, and what to do about them.

POP3 connection

If you retrieve your email the traditional way using the “POP” or “POP3” protocol, your mail program probably only checks for new messages every 30 minutes or so. This is called “polling” or “pull” email. It introduces a variable delay, often up to an hour.

How to tell if you’re affected: Check your mail program settings to see what protocol it’s using. Also, if clicking a “Send/Receive” or a “Refresh” button causes delayed messages to instantly appear, this is a likely cause.

What to do about it:  Change to use the more modern “IMAP” protocol (or Microsoft Exchange) instead of “POP”, if possible. As well as effectively giving you instant “push” email delivery, this allows you to synchronise mail between different devices, organise messages into folders, train your spam filters and gives you a backup.

If  your mail provider doesn’t offer IMAP, you may be able set up a simple forwarder to send all your incoming messages to a provider who does (e.g. a free Gmail account).  It’s also possible to change your DNS settings (specifically your “MX” records) to reroute your mail without an extra forwarding step, but that usually requires a subscription to a service (for example, G Suite).

If that isn’t possible, try setting the delay to a shorter value in your mail program settings. Check with your mail host first though, because some will block you if you poll too frequently.

Greylisting

Greylisting is a simple and effective anti-spam technique that works by initially refusing incoming mail from unrecognised sources and waiting for a redelivery attempt. The problem is, it introduces unpredictable delays in the process, which can occasionally be severe (a day or more).

How to tell if you’re affected: Ask your email provider if they use greylisting.  You can also examine timestamps in your email headers to deduce where delays are happening if you know how.

What to do about it: Ask your email provider to disable greylisting, or do it yourself if you have access to a hosting control panel. You will probably have to enable an alternative spam filter or forward your mail to a different account with a filter, otherwise you will be flooded with spam.

Misconfiguration

Incorrect DNS settings are a frequent cause of mail delays, in my experience. In particular, “MX” settings typically point to a different host or IP address than the “A”, “AAAA” or “CNAME” records for a domain, which is confusing. Even worse, once such a mistake is corrected, it can take many hours for the DNS changes to propagate and even longer for email senders to attempt redelivery, which means you may continue to see random delays for a couple of days.

It’s also really easy to misconfigure a mail server or client, resulting in a “forwarding loop”, “open relay” refused delivery or other problems that cause mail senders to blacklist you for a while. A simple change like setting an out-of-office notification can trigger a problem that may not be immediately apparent, and may take days to fully resolve once fixed.

How to tell if you’re affected:  Send test messages to yourself from another mail account and check for bounce messages. If you don’t understand them, forward the bounce messages to someone knowledgeable using “forward as attachment”. You can also test your mail settings using MX Toolbox.

What to do about it: If you have recently changed your DNS or mail settings, get someone to check them. Otherwise, contact support at your mail hosting provider. Be patient once problems are corrected to allow fixes to take effect.

Does your browser sometimes show you the wrong website? Fix it quickly!

Do you sometimes click on a link in your web browser and find that the site you are taken to is completely different from the one you expected? It can happen quite innocently if a site has moved to a new address, perhaps due to a company takeover. It can also simply mean the old site has gone and the domain has been bought by a squatter, in which case you may see a page full of advertisements. More worryingly, it could mean that your internet router has been hacked – try swapping the router. But the problem I’m talking about here is a known limitation of old browsers on encrypted connections.

Green padlockYou may have noticed that many websites now make you use a secure connection  – with a green padlock, and https instead of http in the address.

The reason is simple – without encryption, anyone can snoop on your connection and see your passwords, which is disastrous if you’re shopping online or even just checking your email. Worse still, hackers can redirect your connection to a convincing “phishing” site without your knowledge. Encrypted connections prevent that.

The problem was, until recently every secure website needed its own separate IP address and security certificate, which was expensive and difficult to set up (IPv4 addresses are in short supply). That all changed in 2016 because Microsoft finally retired the old versions of Internet Explorer that required separate IP addresses, and because an organisation called Let’s Encrypt started offering free automated certificates. Problem solved.

Except that a lot of people are still hanging on to Windows XP (unwisely, because it’s now very insecure and a big target for hackers). Internet Explorer on Windows XP can’t handle secure sites on shared addresses (it doesn’t support “SNI“) which means it will show you completely the wrong site.

Solution

The solution is simple – use Chrome or Firefox (or even Microsoft Edge) instead of Internet Explorer. As a bonus, modern browsers allow you to install an Ad Blocker to make your browsing much more pleasant. Since ads can contain malware your browsing will be more secure (and faster) as well.

Update: There’s a useful article about migrating WordPress sites to SSL on the cloudliving blog.

Getting a Sony Vaio laptop working on Windows 10

Kudos to user “paloseco” for his very helpful post on the NotebookReview forum about upgrading a Sony Vaio Z series laptop to Windows 10. Also to users “ComputerCowboy”, “Treofred”, “psyq321” and others for the related instructions for hacking the BIOS and INF files. How did we survive before the internet allowed sharing of information like this?

Negative kudos to Sony for shamefully not supporting a laptop that is only (gasp!) 6 years old, effectively forcing most users to use insecure software.