Hope everyone is getting ready for the upcoming holidays and has a great list of Xbox games they hope to receive! Xbox Live Sessions is back this week with Nolan Gould, widely recognized for his role as Luke Dunphy on “Modern Family.” He’ll join the interactive livestream hosted on the Mixer Xbox Channel on Thursday, December 21 at 7 p.m. PT to take on Fortnite Battle Royale.
Nolan loves gaming and he can’t wait to play Fortnite Battle Royale, the free 100-player PvP mode of Fortnite that drops players on a giant map where the last one standing wins. It combines Fortnite’s unique building gameplay and intense PvP combat for a totally unique and fast-paced battle royale experience. Be sure to tune into the livestream for the chance to submit questions to Nolan as well as win special prizes. This episode of Xbox Live Sessions will be hosted by Microsoft Studios Community Manager, Rukari Austin.
Don’t forget to tune in Thursday, December 21 at 7 p.m. PT on Mixer and keep it locked to Xbox Wire for news on future episodes of Xbox Live Sessions. Happy holidays to all!
Rick Kamal prefaced a list of cybersecurity tips with some advice from the annals of history. Ancient history.
The CTO at Harvard Business School invoked Galen, the Greek physician of the second century. Galen served as the personal doctor to several Roman emperors, and his discoveries influenced medicine, physiology and anatomy for 1,500 years. His teaching about maintaining good health was simple: A little prevention goes a long way, Kamal explained to an audience of IT executives.
“Yes, you can treat an ailment, but the most powerful thing to do is have good hygiene and do the right things: Exercise, eat well, avoid intoxicants, have friends and family,” Kamal said at the Argyle 2017 Information Technology and Security Forum in Boston on Thursday. “And if you do something like that, your quality of life, instead of starting a steady decline after the age of 40, is pretty good till about your 80s — and then you get a sudden decline, and you’re dead.”
Through a burst of laughter, Kamal kept a straight face. The reality is, he said, most people don’t follow Galen’s common-sense advice on health. Similarly, organizations don’t take measures that are within their control to ensure better cybersecurity: Massive data breaches at Yahoo and credit-reporting agency Equifax and the covered-up hack at Uber a year ago were all preventable, Kamal said. He enumerated a list of cyberattack prevention tips that can help organizations eliminate most threats.
“There are a lot of products, a lot of solutions out there in the security space — I’m not saying don’t look at them,” he said. “Before you go for some nichey, interesting, shiny-penny solution, first address prevention. It will get you 99 out of 100 miles there.”
A little work, a lot of benefit
The first measure companies need to take to protect their data from malicious, prying eyes is “trivial,” Kamal said: Upgrade and patch your OS. So is the second, upgrade and patch your applications.
He recounted the reasons for this year’s Equifax data breach. The point of entry for hackers was Apache Struts, open source software for developing web applications. The Struts team uncovered the vulnerability, released a patch and advised users of the software to apply it. Equifax didn’t — and they aren’t alone in neglecting to follow such simple advice.
“I’m sure many of us may not be doing it on a very deliberate and diligent basis,” Kamal said. By upgrading and patching systems, “you’ve gotten rid of about 60% to 70% of vulnerabilities.”
Next, whitelist applications, Kamal advised — to make known the ones that should run on your servers. Many organizations install virus and malware detection software, and that’s good, Kamal said. But that’s a “blacklist approach”: A compromise is identified, quarantined and then deleted. Whitelisting is different.
“It’s where in the operating system you say, ‘This is my server — I only expect applications X, Y, Z to run and processes A, B and C to run,” Kamal said. “If anything else tries to run, it just can’t.”
Applying this approach, he said, would essentially head off every ransomware and malware attack possible.
Keep it complicated
Kamal then flashed what looked like a toddler’s jabber on a screen: “dadada.”
“That’s somebody’s password. Can you guess whose password that is? Any guesses?” Kamal asked. “Actually, it was Mark Zuckerberg.”
The Facebook co-founder and CEO coined the password after he became a father and used it on several social media sites, including Twitter and Pinterest, which were breached last year.
Lots of people less technically inclined than Zuckerberg use weak passwords. In fact, some of the top used passwords of 2016 were “123456,” “qwerty” and “111111,” according to an analysis done by password management company Keeper Security. And as Zuckerberg did, many people use the same passwords to unlock accounts on multiple sites, as an analysis of the 2014 Sony Pictures hack showed.
“Now think about this: Your employees, who are accessing your sensitive systems, are doing the same thing,” Kamal said.
Those practices allow for credential stuffing, a type of cyberattack that starts with a stolen username and password — think the Yahoo data breach of 3 billion email accounts. It unleashes bots on a slew of websites and tries to log in, testing thousands of combinations.
“They only have a 0.1% hit rate,” Kamal said. “But guess what? Point zero percent of a billion is a million.”
The moral of this story? Use strong passwords, Kamal said. And use password vaults, or password managers, software or services that generate, store and access hard-to-crack passwords. And IT leaders will bolster cybersecurity by encouraging the use of multifactor authentication, which requires users to provide several pieces of identifiable information to prove they have authorization for a site or service.
Then, encrypt your data, Kamal said — encode text that others may find and use into an unreadable format. A lot of the data made away with in the Equifax breach was either encrypted poorly or not encrypted at all. “And it was sensitive information,” he said.
All it takes is a simple configuration or a little bit of work to encrypt data, Kamal said. But if using encryption keys — bits of code designed to scramble and unscramble information — practice proper key management. “Do not put the keys right next to the data on the same server.”
And also encrypt your keys so if someone finds them, they can’t be put to use.
Finally, secure points of entry. Ports on servers that aren’t being used should be closed to prevent unwelcome visitors. Many don’t do it, Kamal said, citing a recent analysis that found more than 80% of major organizations have open ports, “which is like leaving windows and doors open for folks to come and start poking at you,” Kamal said.
Jeffrey Cunningham, director of enterprise architecture at Thomson Reuters in Boston, said following Kamal’s advice depends partly on the amount of technical debt an organization is dealing with. An example, Cunningham said, are legacy applications at companies that have grown through acquisition, as Thomson Reuters has.
“It’s more, How do you implement it? How much tech debt do you have that prevents you from doing those things?” Cunningham said. The advice itself, he noted, is common sense. “Everyone needs to be self-aware. I mean, you need to be aware of what you’re doing and not get yourself in trouble.”
I’m going through all of the laptops which I have sitting in storage at home. This is the list so far but some other models will be added soon.
They will all come with a freshly installed copy of Windows 10 Home 1709, some will be licensed and I’ll note that next to them.
I’m giving them a once over as well to check for issues, any I find I’ll list. They are used laptops however so will have the odd mark.
All will come with their power bricks.
Price do not include P+P!
Lenovo G505s (model 20255) – £150 AMD A10-5750M 8GB RAM Radeon HD 8650G 120GB SSD Windows 10 Home (licensed)
All seems fine, no keyboard or track pad issues and screen is good.
Toshiba Satellite S50D-A-10G – £130 AMD A10-5747M 2.10Ghz 8GB RAM Radeon HD 8500M and Radeon HD866120G 1TB Hard disk Windows 10 Home (licensed)
The following keys do not work or you have to really hit the key hard to make it register – G, 5, B, T. Replacement keyboards are around £20 on eBay. The track pad is also not great, but I dont think its faulty, rather just generally bad.
Dell Vostro 1710 – £50 Intel Core 2 Duo T8100 4GB RAM Nvidia GeForce 8600M GS 256GB Hard disk Windows 10 Home (no license)
All seems fine, no keyboard or track pad issues and screen is good.
Have you ever wondered whether it is possible to add your own custom images to the list of available VMs for Quick Create?
The answer is: Yes, you can!
Since quite a few people have been asking us, this post will give you a quick example to get started and add your own custom image while we’re working on the official documentation. The following two steps will be described in this blog post:
Create JSON document describing your image
Add this JSON document to the list of galleries to include
Step 1: Create JSON document describing your image
The first thing you will need is a JSON document which describes the image you want to have showing up in quick create. The following snippet is a sample JSON document which you can adapt to your own needs. We will publish more documentation on this including a JSON schema to run validation as soon as it is ready.
To calculate the SHA256 hashes for the linked files you can use different tools. Since it is already available on Windows 10 machines, I like to use a quick PowerShell call: Get-FileHash -Path .contoso_logo.png -Algorithm SHA256 The values for logo, symbol, and thumbnail are optional, so if there are no images at hand, you can just remove these values from the JSON document.
Step 2: Add this JSON document to the list of galleries to include
To have your custom gallery image show up on a Windows 10 client, you need to set the GalleryLocations registry value under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionVirtualization. There are multiple ways to achieve this, you can adapt the following PowerShell snippet to set the value:
If you don’t want to include the official Windows 10 developer evaluation images, just remove the fwlink from the GalleryLocations value.
Have fun creating your own VM galleries and stay tuned for our official documentation. We’re looking forward to see what you create!