Yet another reason (as if you needed any more) to keep your anti-virus and anti-malware programs up-to-date.

Even mainstream websites can (indirectly) be a source for malware and “drive-by” attacks, when the ad service includes an advertisement with malware attached.

See the article on, My browser visited and all I got was this lousy malware for more details.

Millions of people visiting,,, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.

Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don’t click on links.

Note, too, the closing sentence in that article:

There’s no indication the attacks were exploiting vulnerabilities in fully patched software. That underscores the importance of installing security updates as soon as they become available.


One of the new features in Windows 10 is called “Wi-Fi Sense“, which is supposed to simplify access to Wi-Fi hot spots.

At first, this sounds like a good idea… when there is an open Wi-Fi hot spot visible, it will simply connect to it, no fuss, no muss.

However, there is another feature, where you can be automatically connected to password-protected Wi-Fi networks, if any of your “friends” have connected to it in the past.  Convenient?  Perhaps.  Security risk?  Definitely.  After all, the sharing works both ways.

That is, if a computer with Wi-Fi Sense enabled connects to your password-protected network, your password will be shared with all of that computer’s “friends”.

Here’s an article on “Ask Leo” that explains things further.

So, make sure not to share networks with your friends, and if you ever put your network password in for someone else’s computer, follow the directions in the above articles to make sure that they don’t share your network with their “friends”.

With the release of Windows 10, which fixes many of the complaints people have had about Windows 8 and 8.1, Microsoft has also changed the default privacy settings to the least private possible.  It also allows Microsoft to use your computer (and Internet connection) as a way to distribute Windows 10 to others.

Rather than go through all of the settings here, I will simply link to an article on Slate which takes you step-by-step how to restore some privacy to your data.  Click here to read the article.

With the Boston Marathon bombing, and the fertilizer plant explosion in Texas, there’s been an upswing in spam with eye-catching headlines like:

Video of Explosion at the Boston Marathon
Boston Explosion caught on Video
Texas Explosion Injures Dozens
Fertilizer plant explosion near Waco, Texas

What they all have in common is the e-mail contains just a single web page address, such as:

Continue reading ‘Don’t fall for those “important news” e-mails’ »

Okay, so the site hasn’t been updated for some time now. I know that. Sometimes, life just gets in the way, and things just need to take a back seat.

If you look over in the “Blogroll” (usually right over there in the upper-right corner of this page), you’ll find a link to, among others, “Ask Leo”, one of my regularly-read tech blogs. Leo recently took a sabbatical from his blog, and is now back. (You can read his blog post about it here.)  I’ve decided that I should use this opportunity to “reboot” this blog, and get it going again.

I have numerous items I put aside in a “RunOnFriday ideas” folder.  I guess it’s time to start using them.

And, for those of you who found this blog due to Leo’s pointer to it (BTW — thanks!), welcome.  I hope you find it useful.

If you ever need a good resource about spam — what it is, why it’s bad, and what you can do about it — check out  It only takes 15 minutes to read the entire site, and it’s well worth the effort.  (So much so, in fact, that I’ve added a permanent link to it on this blog’s sidebar.)

The Spam Primer started in 1996 as a way to help people deal with a new problem: spam. Even then, author Randy Cassingham realized spam would become a huge problem for everyone who depends on e-mail (and it has: it’s estimated that about 90 percent of all e-mail traffic is spam, which makes it difficult for legitimate e-mail to get through, and to find it among all the garbage!)

The next time you hear someone say “what’s the big deal, just delete it” (or worse, “just click the unsubscribe link”), send them to

I’ve been getting a flood of phishing attempts, supposedly for a “failed ACH payment”.  In fact, there are times when, in the time it takes me to delete the ones that made it past my filters and into my inbox, a dozen more show up.  Out of curiosity, I checked my spam filter, and found this:

Continue reading ‘Spammers are nothing if not persistent’ »

Here’s a question for you.  If you wanted to create some piece of malware that would survive replacing the hard drive, flashing the BIOS, and reinstalling the O/S from a clean set of disks, and with no network connection, how would you do it?  Seems impossible, doesn’t it?  How could an infection get back in without any way for the infection to have survived the “wipe and start over” process?

Well, a well-known hacker named Charlie Miller found a way… the battery.

Continue reading ‘Latest security risk — your laptop’s battery’ »

(By Leo A. Notenboom of Ask Leo!)

Have you ever had a new toolbar suddenly “appear” in your browser? Although it might not seem like you agreed to install it, the likelihood is that you did.

Continue reading ‘Say No Thank You to New Toolbar – Opt Out During the Installation Process’ »

For those of us who follow our BlogTalkRadio show, you may have noticed we haven’t had one for a few weeks.  It’s just the usual end-of-summer/back-to-school rush at the end of August that’s been keeping us too busy.  We plan on resuming our show soon, though we will probably be mid-week rather than Sunday.

BTW, I wanted to post this on our BTR blog, but they have removed that feature.  (Existing posts remain, but you can’t add or change posts.)  So much for the “B”.