Tag Archives: security

Cybersecurity plan

Posted on by

White House eyes overhaul of cybersecurity plan

The Office of the National Cyber Director has begun developing a new strategy to address threats from China and other adversaries. The strategy will involve collaborating with the private sector, focusing on harmonizing regulations and setting minimum cybersecurity standards, said Director Sean Cairncross who has cited the need for a clear message to deter attacks. Full Story: Federal News Network/WFED-AM (Washington, D.C.) (10/31)

This new strategy may eventually be adopted on a Global scale, as we follow the goings on around the World.

cloud save

Posted on by

Microsoft Word now autosaves new documents to the cloud

Microsoft is updating Word for Windows to automatically save new documents to the cloud, eliminating the need for users to enable AutoSave manually. While users can set default cloud locations or disable the feature, some have expressed frustration over the added steps to save files locally. Full Story: PCWorld (8/28)

In my opinion this is a really sad state of affairs, not giving people a choice, is an infringement of our rights.

Disable Excel workbook links 

Posted on by

Microsoft to disable Excel workbook links to blocked file types

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026.

After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not limited to, phishing attacks that utilize workbooks to redirect targets to malicious payloads.

This change is being introduced as a new FileBlockExternalLinks group policy, which expands File Block Settings to include external workbook links.

Read the full article: Microsoft to disable Excel workbook links to blocked file types

Authenticator

Posted on by

Microsoft to rid Authenticator of password management

Microsoft will end support for password management in its Authenticator app at the end of July as part of a broader move toward passwordless authentication methods such as passkeys and FIDO2. Microsoft suggests users who continue to use passwords to use dedicated password managers such as Microsoft Edge or Google Password Manager.

Full Story: The Hacker News (India) (7/1) 

SolarWinds Backdoor

Posted on by

What They’re Not Telling You About SolarWinds: It Wasn’t a Breach — It Was the Backdoor

In December 2020, the world was told a Russian “Hack” hit U.S. federal networks through SolarWinds.

Wrong.

It wasn’t a foreign op.

It was a white hat takeover of the digital command grid.

Let me show you.

1. What Was SolarWinds?

A Texas-based IT company that pushed software updates to:

  • Pentagon
  • DHS
  • State Department
  • Treasury
  • NSA
  • Big Tech (Microsoft, Cisco)
  • Even Dominion Voting Systems
  • The update included a hidden “Sunburst” backdoor.

What they called a vulnerability…

…was actually a legal foothold.

2. EO 13848 Was Already Active

Trump had already signed Executive Order 13848 in 2018:

Declaring election interference a national emergency.

By 2020, SolarWinds gave federal intel teams lawful access to:

  • Servers
  • Email traffic
  • Internal communications
  • Contract records
  • Voting infrastructure

Under 13848, they didn’t need permission.

They needed access.

SolarWinds was access.

3. What Came Next?

  1. 2021: Microsoft, FireEye, and CISA all “confirm breach”
  2. 2021–2022: Mass resignations in Big Tech, banking, and military
  3. 2022–2023: SCOTUS shadow docket rulings + Roe overturned
  4. 2023–2024: NGO purges, media collapses, asset seizures escalate
  5. 2025: One Big Beautiful Bill → AI firewall codified

You’re watching a multi-year digital sting operation unfold in quarters.

4. SolarWinds + EO 13961 = Continuity Killbox

EO 13961 (Mission Continuity Strategy, Dec 2020):

Federalizes critical mission systems across all agencies.

Now link the pieces:

  • SolarWinds → digital access
  • EO 13848 → legal seizure authority
  • EO 13961 → control continuity
  • 2025 AI Clause → shields enforcement from state interference

This isn’t cleanup. It’s activation.

5. The Real Operation

SolarWinds wasn’t a failure.

It was the launchpad for:

  1. Asset tracing
  2. Intel extraction
  3. Sting AI deployment
  4. Legal lockdown of Deep State infrastructure

Total ops handoff to Continuity teams (Guard/Marines/Coast Guard)

The Great Reset isn’t theirs.

It’s ours.

Bottom Line:

  • SolarWinds was the moment they got the keys.
  • Every laptop seized…
  • Every NGO collapsed…
  • Every offshore trust exposed…
  • It all ties back to December 2020.
  • And now in July 2025, they’ve made it permanent.

New exploit

Posted on by

FileFix can make Windows File Explorer an attack vector

A cybersecurity researcher known as mr.d0x has built FileFix, a variant of the ClickFix social engineering attack that uses the Windows File Explorer address bar to execute malicious commands. The researcher explains that the method could be used by threat actors due to its simplicity and familiarity to users and serves as an example of how phishing attacks can evolve to exploit more user-friendly environments.

Full Story: BleepingComputer (6/24) 

WIFI password

Posted on by

Recovering a WIFI password.

You need to be logged in to get to the password information.

To access the control panel network connections use the ncpa.cpl tool by selecting the Windows +r keys, type in the “ncpa.cpl” and select run.

Ncpa.cpl is a file associated with the Network Connections control panel in Windows, which allows users to manage network adapters and settings.468 It can be accessed by typing “ncpa.cpl” in the Run dialog box (Windows + R) or by navigating to the Control Panel and opening Network Connections.46 The file is safe and should not be considered a threat to your computer.2

The acronym “NCPA” stands for Network Connections Properties and Adapters.3 This tool is particularly useful for network administrators and users who frequently need to adjust network settings.

Right Click the desired Wireless Network connection from the list.

Select Status from the dropdown list.

Select Wireless Properties

On the “Wireless Network Properties” open the Security tab

On the Security tab, select “Show characters”.

Have fun!

password or phrase

Posted on by

Best Passphrase Use

A passphrase is best used to enhance security by providing a longer and more memorable alternative to traditional passwords. Passphrases are typically longer than passwords, often consisting of four or more words, which makes them harder to crack through brute force attacks. They are easier to remember than random strings of characters, reducing the likelihood that users will write them down or use simple, easily guessed phrases.

To create a strong passphrase, follow these guidelines:

  • Use at least four words, each with four or more letters.
  • Include spaces between words to increase complexity.
  • Consider using a mix of uppercase and lowercase letters, numbers, and special characters to add complexity.
  • Avoid common phrases, song lyrics, or easily guessed sequences.
  • Use a passphrase generator or a method like diceware to ensure randomness (in my view not recommended as you could leave a trace of the phrase online).
  • Store your passphrases securely using a password manager.

For example, a passphrase like “flew cat book through there!” is easier to remember and harder to crack than a complex password like “p%9y#k&yFm?”.

Using a passphrase can significantly improve security, especially when combined with multi-factor authentication something that we are no longer able to bypass. This combination provides an additional layer of protection, making it even more difficult for unauthorized users to access your accounts.

By following these best practices, you could effectively leverage passphrases to help protect your online accounts and data.

From the table above, you can see that to be safe we need a password of complexity with at least 10 characters, this will give a 5 year safety margin and by that time I presume that the data will be out dated and of little value. This table however does not tell the full story as we move into the next generation of computing, Quantum computing will drastically shorten these times. To ensure we stay relevant, I recommend anything above 13 characters with complexity.

New research

Posted on by

Could handwriting help you remember more?

In the digital age, it’s easy to default to typing—but research shows that handwriting might be the better choice if you want to retain information. A new neuroscience study reveals that putting pen to paper activates more brain regions and improves memory formation than typing.

Whether you’re taking notes in a meeting or jotting down a to-do list, the act of handwriting could give your brain a helpful boost. So, how often do you still write things down by hand? Rectangle: Rounded Corners: Do you write?

This research tells me one thing that I have been saying for decades “use it or loose it”. If we continually use a computer or some smart device we will eventually loose the use of that thing that we call a brain.

In my opinion, I have held to the story, that those that keep using or adding supplements to their diet will loose the function of allowing the body to produce these chemicals and or heal itself due to this lost functionality. It is the same with these devices that we use on a daily basis. We use a digital calculator every time we need to add or manipulate numbers, we are starting to no longer remember telephone numbers as we have a list of contacts on our phones, more and more people have stopped using a keyboard and are verbally interacting with their devices, treating them as friends.

What is this world really coming to? We are heading headlong into a world that is totally alien to what we are used to and will soon be the slaves to a digital world.

Zero Day

Posted on by

Microsoft patches zero-day, other vulnerabilities

Microsoft patches zero-day, other vulnerabilities

Microsoft issued 71 patches for December Patch Tuesday to address vulnerabilities including a zero-day bug in the Windows Common Log File System, which is under active exploit and could enable system-level privileges. Other critical vulnerabilities include a remote code execution flaw in Windows Lightweight Directory Access Protocol and one in Hyper-V that could allow code execution on the host operating system.

Full Story: Dark Reading (12/10)