“Looking Out on the Morning Rain,” I See More Tumult and Change Coming

by Leave a Comment

All IT providers, from the Systems Administrators at Fortune 500 companies to Managed Services Providers (like me) who help small business owners, have a competing set of objectives. One is to satisfy the technological and business requirements of their clients. The other is to work within the constraints (sometimes edicts) of the vendors they use to provide and build those business solutions.

The most significant “elephant in the room” is inevitably Microsoft. Just when everyone took time over the recent year-end holidays to relax after the massive effort to migrate from Windows 10 to 11, the calendar page flipped to 2026, and the meme associated with the phrase, “objects in mirror are closer than they appear,” took on new meaning.

Microsoft identifies dates well in advance for the end of support (or end of life, EOL). In the coming year, several significant events are scheduled for October. The first is that Office 2021 will reach EOL. This stalwart is the one-time installation software that has been available as a long-term license (rather than subscription). It has been superseded by Office 2024.

And within the Office family, Microsoft has also issued a death knell for Publisher. This product is no longer available in the Office 2024 edition, and Microsoft will remove it from all Office 365 subscriptions (in which it still exists) in October 2026. I hate that decision because I create all of my client-facing documents in Publisher, including this newsletter. There are very few alternatives I need to investigate (and learn), but more on that next month.

Also, in October, Microsoft will end support for Windows 11 version 24H2. I will ensure that all clients running this version of the operating system receive the recently released 25H2 update in late August or early September to maintain support and security (including monthly updates).

The subsequent entry on a longer-term calendar is the January 2027 end-of-life for Windows Server 2016. What I learned from a recent event (Windows Server 2012 went EOL in October 2023) is that many organizations — more than I ever expected — held on to ancient hardware for as long as possible, even if it slowed down their entire operations.

I understand trying to wring the last vestige of usefulness out of a hardware device that initially cost thousands of dollars. But the cost was amortized, and the device was fully paid off long ago. And yet, when it comes time now to replace a Windows Server 2016 with a new server, with the rapidly rising price of memory (RAM), business owners are going to be shocked out of their chaise by the prices of new Windows Servers.

While I do not like churn (of either hardware or software) for its own sake, in most cases, new hardware performs significantly better than older hardware — even if the old hardware has not broken. Similarly, newer software — despite the incessant push to include AI — offers features and benefits for anyone interested in taking advantage of them.

If all you use is a web browser to read your email and go to websites, you can use your phone. But if you have a line-of-business application that is still server-based, you will need new hardware. Dell is pricing its Windows Servers at astronomical prices, and things are going wild!

In a recent Reddit post, another MSP stated that on Wednesday, their Dell representative could not honor a Monday quote for a pre-configured server. He was questioning the community to see if this is “real or Memorex.”

The first response came from someone in the industry, who said, “I quoted [a] customer yesterday about 900 USD per 64GB RAM stick. Today, new pricing came in… 1600 USD per stick. Our quotes are valid for a day, it’s so crazy atm” [atm means “at the moment”].

Can you imagine seeing a nearly 80% price increase in something within one or two days? That is the current — and rather unfortunate — state of the world.

Having said that, I am thrilled that I was able to upgrade more than 95% of my clients’ computers to Windows 11 machines last year. Those who must upgrade this year — due to age or lack of warranty — I’m warning you now, you will pay significantly more.

What Not to Do When You Have a Data Breach

Sax LLP (“Sax”), also known as Sax Advisory Group, disclosed a 2024 data breach in December 2025 that affected its systems. Yes, more than a year and a half after the “unusual network activity” in August 2024, the firm notified almost a quarter of a million individuals that their information was exposed. Compromised information included name, date of birth, Social Security number, driver’s license information, and passport number.

I don’t think anyone affected is feeling very good about this. If I were a victim, I’d be screaming to the heavens about why it took so long between identifying the breach and notifying those affected — especially given the range of information that was exfiltrated. This breach is an awful case where identity theft could run rampant for these victims.

Thanks, and safe computing!

Microsoft Ignite – All About Agentic AI for Windows

by Leave a Comment

Microsoft Ignite is the annual partner conference that the Redmond-based software company hosts. The mid-November 2025 conference exceeded 20,000 attendees, while estimates are that more than 10 times that many registered for online sessions (including yours truly). This event focused on demonstrating how Microsoft is implementing AI and its cloud platforms now.

The central theme with respect to Windows was Microsoft’s push towards an “Agentic OS,” in which it would gradually integrate AI agents into the taskbar and OS for proactive assistance.

Let me take a step back from all that geeky jargon and explain some things. First and foremost, OS stands for operating system – and that is all Windows is: an OS. Other operating systems include Linux and Google Chrome (on specifically built devices). AI stands for artificial intelligence. In this instance, it is the code Microsoft links to for specific questions and answers (basically the rules by which things should happen), based on their LLM (large language model) and a ton of code. Agentic is a trickier word. Most often, it refers to systems that can plan multi-step actions and adapt to changing circumstances independently. The simplest way to explain this is to remember the ESP-like qualities of Radar O’Reilly in the old MAS*H TV episodes, where he would automatically know – and state out loud – what his commander wanted done before it was even uttered.

Let’s put these various fragments together so they make some sense. Having an “agentic OS” means that Windows would know what you want to do and either help you or do it for you. I’ve worked with technology for a very long time, and I’m a child of the 1950s. Let’s go back 30 years (using the WABAC Machine – a Rocky and Bullwinkle reference) to recall that Microsoft gave us Office 97 and Clippy, a verbose (frequently maligned) assistant to help us work with Word and Excel. No one liked it!

Well, now, Microsoft plans to have a Copilot for Windows that will help you navigate settings and Windows updates and attempt to solve problems (some of which you might not even realize you have) to “fix” or “optimize” your computer.

Look, this is all really terrific, and quite frankly amazing, stuff. But most of what Microsoft is building is geared toward business users in large enterprises. When it comes to small- to medium-sized businesses and consumers, they’re implementing this stuff, and it is going to confuse the heck out of the “end users.” After an initial outcry, Microsoft agreed that it would not automatically turn on this AI support tool and would let it be up to the computer’s owner to say, “Yes, I want to let Microsoft know even more about how I use my computer, what files I have on it, who I communicate with over email, and what websites I visit.”

Ah, yes, the privacy issues. If you have an active AI agent running 24/7 on your computer as you do whatever it is you do, looking at all those activities, you’d have to be incredibly naïve to believe that you still retain your privacy. Microsoft will tell you they won’t use the data they are scooping up by the petabytes, but that’s not at all reassuring. I’m still waiting to see all the settings I must turn OFF to ensure client safety in future Windows releases.

Thanks, and safe computing!

NetDiligence Issues 15th Annual Cyber Claims Study

by Leave a Comment

Recently, NetDiligence (a company that provides cyber risk management and data breach services to cyber insurance professionals and their policyholders) issued its 15th annual Cyber Claims Study. This report is based on the statistical analysis of more than 10,000 cyber claims for insurance incidents that occurred between 2020 and 2024.

Among the key findings, ransomware and business email compromise were the two leading causes of loss. Specifically:

  • 2,675 claims were due to ransomware, with 41% of these occurring between 2022 and 2024.
  • 1,864 claims were because of business email compromise; 58% of which occurred between 2022 and 2024.

The overall average cost of an incident for small to medium-sized businesses was $264,000. That is a significant increase from last year’s $205,000. Similarly, the average payout rose from $167,000 to $183,000. The difference between the cost and the payout averaged $81,000 last year. That out-of-pocket expense means that some businesses were adversely affected by having to absorb that on their own.

The top four causes of loss were:


Ransomware
Business Email Compromise (BEC)
Hackers
Wire Transfer Fraud
The losses in these four categories accounted for 72% of claims and 85% of the total incident cost ($2 billion).
The number of ransomware incidents reported decreased from 757 in 2020 to 397 in 2024; however, the amounts and total incident cost have increased dramatically over the same time.
The five top affected business sectors included:

  • Professional Services
  • Manufacturing
  • Healthcare
  • Retail
  • Financial Services

What amazes me is that last year, 4,000 new claims were submitted, bringing the total to 10,000. As a result, NetDiligence reports that total incident costs at SMBs are up in almost every category. The 30% increase in the five-year average cost came as a shock to the report writers.

And no insurance claims-related report can escape mentioning AI and its implications. Noted was the malicious use of AI, which has resulted in the explosive growth of criminal attacks on corporate networks. Credential phishing attacks increased by over 700% in the latter half of 2024, with more than 80% of phishing email messages utilizing AI technology. And yet, only a third of companies are using AI to fight fraud.

The report concludes that companies need to recognize that no defense is 100% secure and must increase their focus on being proactive and responsive. They urge companies to develop and regularly update an Incident Response Plan (IRP) to reflect current threats. The IRP should include specific playbooks for each of the four major types highlighted in this report, and it should be walked through so that everyone in the company who plays a role can respond effectively when (not if) a malicious incident occurs.

As is the case in almost every report, it ends by stating that cyber insurance should be a key consideration, but only as a safety net, not as a substitute for good security practices.

Thanks, and safe computing!

The 2025 ITRC Consumer Impact Report Tells A Very Scary Story

by Leave a Comment

The Identity Theft Resource Center (ITRC) supports victims of identity theft, fraud, and scams and offers identity protection education. Each year, they publish a report that summarizes the responses to the questionnaire they send to their constituents. In 2025, they aimed for a broader coterie of consumers and have collated those responses in a report that has me extremely concerned.

To clarify, the individuals who contact the ITRC are not merely victims of a credit card scam or phishing attack. They are individuals whose identity records have been hijacked by criminals — sometimes repeatedly — and who invariably undertake long-term processes to regain their financial stability. Let’s go through some of the findings.

The 2025 ITRC report shows that many of the victims they serve are more security-conscious before their victimization. Yet, they suffer catastrophic financial losses and face a grueling, frequently unresolved recovery process. Their experience fosters a deep skepticism of technological solutions, but they develop a sophisticated system-level understanding of the identity crime ecosystem.

For the general population included in the 2025 report, the primary form of attack is increasingly the compromise of their digital social lives. In contrast, the lives of ITRC victims are dominated by more complex and often financially oriented crimes.

ITRC victims reported that before their compromise, more than 50% used multi-factor authentication, more than 45% had already frozen their credit, and at least 30% did not reuse passwords across different accounts. Those statistics, to me, are shockingly high, and above what I consider “main stream.”
The fact that such a significant portion of this group was already employing strong security measures underscores the sophistication of the attacks they faced. These were not crimes of simple opportunity, but often targeted efforts capable of bypassing standard defenses.

By way of comparison, the general population reported lower adoption rates for the same critical defenses. The ITRC analysts believe that the decline in the use of basic protections may point to a growing “security fatigue” or a false sense of security among the public, thus creating a wider pool of vulnerable targets at a time when criminal attacks are becoming more sophisticated.

Any time someone becomes a victim of a fraud, phishing attack, or identity crime, it is a painful experience. Most people will use the event as a starting point for behavioral change, but “most” isn’t everyone. The ITRC analysts think the intensity of the victim’s response is directly proportional to the severity of the trauma experience. In other words, a less complex incident may prompt a password reset or update, whereas systemic financial fraud forces a complete and lasting re-evaluation of one’s entire digital footprint.

When it came time to quantify the economic impact that crime victims faced, the numbers ran through an entire spectrum. Nearly 20% of both ITRC victims and the general population got “hit” for less than $500. However, the ITRC reported receiving reports of victims who lost funds up to and exceeding one million dollars.

Because the ITRC case load is skewed to helping erase these life-altering financial events, the year-over-year increase in high-value losses across both sets of victims is a critical finding. Analysts suggest that criminals are becoming increasingly adept at monetizing stolen identities and successfully extracting larger sums from victims across the board — regardless of the initial point of compromise.

How confident are these people when it comes to trusting artificial intelligence (AI) to protect them? Actual ITRC victims — having been failed by existing security systems — are profoundly skeptical of this supposed technological silver bullet. In the general population, while most are cautious, they show a greater willingness to place faith in AI solutions. This belief may stem from a less severe breach of their personal sense of security. It may not have exposed them to the systemic, multi-layered failures that ITRC victims often endure during their protracted recovery efforts.

And why is that? Because in both this year’s and last year’s reports, nearly 50% of victims had cases that remained unsolved. Many cases that get resolved take months or even years of persistent effort.

What does this mean for the victims of identity theft? They cannot lease or purchase a car. Their credit (as reported by the three major companies) is in a shambles. They often struggle to rent an apartment or buy a new home. In many cases, they are emotionally detached, and (new to this report’s findings) more than 20% are thinking in terms of self-harm.

Still think you are cyber safe? If you’ve been reading my newsletters, you know I have harped (ad nauseum) about being careful and how you can use best practices to improve your online security and reduce your risk. The ITRC recently created a quick quiz for everyone to test their knowledge by answering a few questions. You’ll even be able to download a PDF version of your results. If you’d like to send me your report, I’ll take the time to provide comments.

You can find the quiz here: https://www.idtheftcenter.org/are-you-cyber-safe/

Thanks, and safe computing!

Windows 10 End-of-Life Countdown

by Leave a Comment

In a little more than one year from now, Microsoft will end support for Windows 10. The operating system has been on sale for nine years. It currently accounts for approximately 65% of desktop market share.

As I have written, the security and hardware requirements for Windows 11 mean I cannot upgrade most older computers, and you will need to purchase a new computer. Some new computers may require additional memory. In all cases, I will contact you after I run a detailed Windows 11 readiness check and schedule a preliminary review of your requirements before next year’s deadline.

Now, if you see a screen like the one below, please stop what you are doing. Please DO NOT CLICK the Get it button, and call me. You should NOT see this screen — unless Microsoft changes the code in the background in the upcoming months. If you do see this screen, something is wrong, and I would like to learn what it is and how to correct it.

Thanks, and safe computing!

Why There Was Such a Huge Problem with CrowdStrike

by Leave a Comment

Microsoft has been the subject of many jokes about the security of its Windows operating system for decades. Some criticism is warranted; however, the Redmond, Washington-based organization has maintained a steady cadence of stating they will improve Windows and deliver something that approximates the management objective.

All that increased security in Windows made resolving the problem that the failed definition files CrowdStrike released much more difficult. Let me explain.

CrowdStrike offers a security product called Falcon. Its job is to protect an enterprise computer from being taken over by malicious software. One set of files deployed globally on July 18, 2024, were corrupt. When Windows performed normal operations, several elements failed, and the operating system gave up, resulting in what is known in the IT industry as a BSOD – or Blue Screen of Death.

The instructions CrowdStrike eventually provided to systems administrators after they recognized the problem was to boot the failed computer into Safe Mode, delete the bad files, and reboot the computer. That way, when the computer resumed regular operation, it would obtain a clean set of files from CrowdStrike and behave normally.

So, what’s the big deal? These steps — at least at first glance — seem elementary. Well, there are some problems with this approach.

Safe Mode

Microsoft introduced Safe Mode as a mechanism to let people resolve problems in a stripped-down form of the operating system. When you start Windows in Safe Mode, the operating system does not load start-up programs or third-party applications and drivers. Only the most essential device drivers and files necessary to run the operating system are activated.

You could access Safe Mode shortly after starting your computer by repeatedly pressing the F8 key. This process worked for generations of operating systems, from Windows 95 through Windows 7.

The mechanism to access Safe Mode changed, starting with Windows 8 and continuing with Windows 10 and 11, which Microsoft touts as more secure operating systems. Most people need to access Safe Mode because the operating system won’t start properly, so the fact that Microsoft provides two very different ways to access it from within Windows indicates that someone wasn’t thinking about actual problems faced by the masses.

To access Safe Mode from a “cold start” means turning on the computer and immediately holding down the power button so the start-up is interrupted and the computer shuts down. Do these steps two more times, and you should see a pop-up with the words Startup Repair. You then must select Advanced Options, Troubleshoot, Advanced Options, Start Up Settings, Restart, and then choose from the available Safe Mode options.

It seems as if Microsoft developers designed this process to prevent anyone from accessing Safe Mode. And yes, that means that technicians had to jump through these hoops just to get started to fix the CrowdStrike problem.

But that wasn’t all that stood in the way of quickly resolving the issue.

BitLocker

BitLocker is a Windows security feature that will encrypt the contents of the hard drive on which the operating system is installed. This advanced functionality mitigates unauthorized access to a computer’s operating system drive. By password-encrypting a computer’s operating system drive, you can keep your files (and personal information) secure and protected from unwanted access.

When you activate BitLocker, Windows creates a recovery key for your hard drive so that each time you start your computer, you must provide a PIN to gain access. In an enterprise environment, that recovery key is stored in the site’s Windows Server Active Directory. And therein lies the problem.

To gain access to any device with a BSOD, a technician requires the 16-digit BitLocker key. The problem is that most of those keys are securely stored in Windows Servers, which were likely unavailable because they also experienced a BSOD. Even after technicians restored those servers, a corporate environment has hundreds or thousands of computers, and no script can automate the entry of a device’s BitLocker key – the work must be done manually.

And that is why the CrowdStrike problem was so challenging and time-consuming to resolve. The requirement to increase Windows’ security prevented a simple fix. Teams of IT specialists worked throughout the weekend to attempt to recover their company’s computers by repeatedly — and manually — going to Safe Boot, entering the BitLocker key, deleting files, and rebooting.

Several pundits have commented that CrowdStrike Falcon’s use of definition files is no better than Norton Antivirus and its signature files. As many of you know, I have stressed the need for a more thorough and heuristic approach to computer security, and using definition files is not the way to handle this.

I am incredibly proud that my choice of security vendor, SentinelOne, does not use any form of definition file. For years, it has been fantastic at keeping all my clients’ computers and servers safe. Having dodged a significant bullet, I don’t want to jinx things by saying nothing bad will ever happen. Ultimately, we all want a secure Windows operating experience and do not have to go through an unexpected nightmare.

Thanks, and safe computing!

US Government Bans Kaspersky Antivirus Sales and Software Updates

by Leave a Comment

US government officials have placed a deadline of September 29, 2024, for all users of Kaspersky software to find an alternative before a ban occurs.

Here’s why this is important. Kaspersky uses signature files to identify threats. In 100 days, they will no longer be updated. As bad actors continue to evolve their threats, the software will not be able to keep up. In effect, it will become useless. Computer users running Kaspersky antivirus will no longer be protected.

As a Managed Services Provider, I have never suggested or promoted using Kaspersky as an antivirus or internet security product. I recognize it comes preinstalled on many computers sold by big box stores (e.g., Staples, Best Buy). Starting a subscription to a product that came with your computer is much easier than figuring out a new or different one.

However, the latest generation of threat protection doesn’t use signature files. It uses artificial intelligence to recognize valid programs from rogue software. These security products view the totality of your computer’s operations to determine if something unusual is occurring (like encrypting files or contacting a foreign command and control center) and stop that activity.

As you know, I have evaluated many security products over the years and rely on SentinelOne and Huntress as the most practical combination to protect computers in a home and business environment. These products take unique approaches to identify and eliminate threats without using old-fashioned signature updates. SentinelOne uses the activity of known programs to identify those operating in an aberrant or unsafe manner. Similarly, Huntress will quash any activity that appears to be suspicious.

If you know anyone who has Kaspersky installed on a home computer, I suggest you tell them to take the following actions:

  • Access your Kaspersky portal and stop auto-renewal and auto-payment on your credit card.
  • Uninstall the Kaspersky software using the Windows Control Panel > Programs > Uninstall a program function. This action should automatically re-enable Microsoft’s built-in Defender application.
  • Go to the Windows Security Center, ensure Microsoft Defender is activated and updated, and scan your computer. Defender, while it uses signature updates, gets those automatically from Microsoft.

If you know of any small business owners that have Kaspersky installed on their office computers, please ask them to get in touch with me immediately. When they sign up for a SentinelOne and Huntress subscription between now and September 29, I will waive the $95 implementation fee!

Thanks, and safe computing!

Looking 18 Months Into the Future (Thanks Microsoft!)

by Leave a Comment

In mid-March 2024 I landed in a quandary.  There are 18 months until Microsoft ends support for Windows 10 in October 2025.  Until now, I have planned to migrate my clients’ computers to Windows 11 because that is a standard industry approach.

In addition, Microsoft stated that Office 2016 and 2019 would also go out of support in October 2025.  Without a long-term replacement (e.g., Office 2024), Microsoft has forced me to consider establishing a Microsoft 365 subscription for every client requiring any Office application because there is no alternative.

Well, call me gob-smacked when I learned that Microsoft is planning a Windows 12 announcement by mid-2025 and the probability of a non-subscription version of Office 2024 before the end of this year.

Unfortunately, I did not obtain this information directly from Redmond-based Microsoft.  Instead, I read about these offerings in various blog posts and Reddit forums.  And – I’ve got to admit – that is NOT how I want to operate my business.

I will convey what I know about this situation as clearly as possible.

In October 2025, Windows 10 will no longer receive any further updates, and I will no longer support computers with that operating system.  If I can upgrade your computer’s Windows 10 operating system to Windows 11, I will discuss the implications of performing that upgrade with you.  If your computer cannot run Windows 11 (mainly because it is too old), I will discuss replacing it with new hardware, possibly a new monitor, and even a new printer.

In the past, I was strict about replacing your computers when they reached the end of their five-year warranty.  However, I have been lax about upgrading your hardware for the past few years.  Because of the pandemic’s effect on the global supply chain and the resulting lack of computer components, I give most clients an extra year’s grace on replacement.  Sometimes, I let things go out for a full seven years.  But, as I have regrettably learned, when a computer breaks now — and is required immediately — getting a replacement when you don’t have a warranty can cost more than six times the cost of an extended warranty.

Microsoft isn’t planning to announce Windows 12 until mid-2025; therefore, I will not consider that option for any client.  As I see it, this will be an offering I could only recommend well into 2026 — after I put it through at least six months of testing on my lab computer.

As far as Microsoft Office is concerned, I will have to hold my breath, and I hope you will join me on a small adventure.  The retail price of the home user version of Office 2021 is $150, and the retail price of the business edition is $250.  A one-year subscription to Microsoft 365 is $70 for home users and $150 (at a minimum) for business users.  I’m asking you to throw that money away in October 2025 and then purchase the Office 2024 version.  According to all accounts, the price for each version will be approximately 10% higher.

Of course, I would prefer you to spend a one-time charge for up to five (or more) years of software use than to subscribe to an annual reliance.  However, if you must purchase a new Windows 11 computer, I will work with you to obtain a solution that best fits your needs and keeps your expenses within reason.

If you do not have a fierce requirement for a Microsoft product, I will point out that the free LibreOffice product suite will let you work with your Office files with close to 100% fidelity.  I will also let you know there is a learning curve, so if you don’t like change, stay with what works for you.

Thanks, and safe computing!

End of Year Musings About How Things Might Change

by Leave a Comment

We are coming up to the end of 2023. During the past year, only one product has been released in the computing environment that I think will change our future: ChatGPT, the artificial intelligence (AI) bot released by OpenAI. It is now in its fourth iteration from its original release in November of 2022. Yes, you can prank ChatGPT by asking repetitive questions. Yes, it still has hallucinations and will give incorrect answers. Yes, you are only now getting recent data in responses (rather than the outdated original data set). And yet, people are using it in myriad ways.

Microsoft has already spent $13 billion to provide OpenAI with the resources needed to build the product. I believe that amount will likely double in the next two years. Satya Nadella, CEO of Microsoft, is “all in” on AI because he knows the more you and I use bots to help us operate our computers, the fewer people will be required to do more work. If someone can document a process and then have the AI read all the documentation associated with a topic (e.g., how to fix the problem when your computer can’t print on your wireless printer), then you don’t need a human being at a call center in India or the Philippines.

You can have a computer user open a Windows 11 CoPilot application, type their question, and engage in a question-and-answer session. The cloud-based software will walk that person through all the known steps to fix the problem. Am I worried about my job because of this? No, because despite the computer-provided hand-holding, sometimes you need a human being who has experienced “real world” problems to ask questions no one asked the AI bot. As I have seen in many demonstrations, when ChatGPT doesn’t know an answer, it cannot even say, “I don’t know,” so it provides incorrect or misleading information. That is a significant problem that still consumes the minds of the data scientists who build these models. And it is why I think we are far from having AI “take over” things.

In the same way, businesses will create AI-based products for more and more fields. Do you need an insurance quote? Of course, the preliminary questions and responses you receive will be from an AI bot. You’ve all seen the silly commercials for “Limu Emu and Doug.” After all, Liberty Mutual extols the virtues of customizing insurance so “you only pay for what you need.” How do you think they are going to handle that soon? It is simple: they will develop an AI bot to work with you. For instance, you’re a young married couple in Livingston, NJ. You own an $875,000 house with 25 years on your mortgage. You have two kids (ages 9 and 6) and lease a Tesla Model 3 and a Toyota RAV 4. Liberty Mutual will have loaded all of the ISO (Insurance Services Office) documents into their LLM (large language model) and all the appropriate New Jersey amendments. One, two, three, and you’ll have your quote. I’m not sure you will need an insurance broker until the end of the chat session (and probably only as a matter of law — which the insurance companies will try to change). Of course, a human being may find a different rate structure based on their industry knowledge — but who will you ask to qualify which one is appropriate, correct, or even valid?

Likewise, calls you would make to your primary care physician about your existing health conditions might soon be answered by a “MedChat” AI bot. Need help from Spectrum or Verizon for a problem with your TV, phone, or internet? First stop an AI bot. (I didn’t think anything could be more annoying than the IVR Spectrum has now — but that will change.) Do you need to get a mortgage from your bank? Yes, there’s going to be a bot for that. The list of applications with generalized artificial intelligence will be extensive and pervasive, so much so that some speculate that AI modeling and development will become a $63 billion industry in the next year, growing into the trillions within a decade. And what about those people who looked forward to getting call center jobs to raise themselves out of poverty? They will need to pursue completely different career paths. There is no “next level” for many of these people because building the bots is so complex they won’t have the skills necessary to get hired.

Let’s take a moment to discuss what AI will do in the education field. It isn’t going to be pretty. That’s because what you “feed” the artificial intelligence engine is what provides the basis of responses. Currently, in the United States, high school history textbooks in California contain vastly different explanations of events than those in Texas. This linked article from the New York Times is a few years old but depicts the massive “disconnect” in the study of US history. Guess what? Those same divergent viewpoints will arrive in AI history bots. Will we have a uniformly educated America? No, in fact, it will become even more divergent (and undoubtedly more strident) because some communities will not accept any artificial intelligence software in their educational system.

Two years from now, Windows 10 will go out of service. Microsoft claims that CoPilot applications will be available for Office 365 users for an extra $30 per month. Redmond has designed these apps to help businesses by reading through emails, Word documents, Excel spreadsheets, and PowerPoint presentations. The AI bots will perform data mining of a company’s internal resources to provide additional insight and — they hope — business opportunities and streamline business deals. As an aside, I upgraded my laptop to the latest version of Windows 11 23H2 and saw that CoPilot is in beta mode on my Taskbar. I will report the results of testing in a few months. Having seen this latest change, I realize that all new Windows 11 computers require more memory than I had planned (i.e., 16 GB of RAM instead of 8 GB).

For all we know, Windows 12 will be a cloud-based AI-based agent that allows you to run Windows in any browser on any platform you want. The monthly subscription will probably put off mass adoption — because we know that the folks at Redmond are greedy. But after a while, with appropriate discounts, mass uptake will undoubtedly occur. Then, you can use an AI bot to browse your email, view websites recommended by your reading profile, and work with documents that “understand” who you are.

Yep, that’s pretty freakin’ scary stuff. I’m going to continue to guide you through this huge transition.

Thanks, and safe computing!

Breaches at Password Manager LastPass Cause Concern

by Leave a Comment

Password managers are programs that let you store an ever-growing list of online credentials in a safe location. These programs remove the need to record this information insecurely, such as by emailing them and writing Post-it Notes.

Many security experts advise clients to use these programs as part of best security practices because they also let you create strong and unique passwords for each online account you have. Additionally, some programs alert you if you duplicate a password across different accounts and can notify you if your password has appeared in a known data breach.

However, if your program’s secure vault is compromised, it potentially puts every one of your online accounts at risk of compromise. This issue drew my attention following last year’s extensive LastPass breach incident.

In 2022, there were multiple breaches at LastPass. In addition to putting the response and actions of LastPass under the spotlight, the incidents have raised questions over the safety of storing multiple login credentials on password managers altogether.

LastPass announced in late August 2022 that “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.” This enabled the attacker to take portions of source code and some proprietary LastPass technical information.

After conducting an investigation and forensic review, LastPass said it found no further evidence of activity from the threat actor. The unauthorized access was limited to its development system, which is “physically separated” from its production environment.

At the end of November, they made another announcement that an unauthorized party had gained access to a third-party cloud storage device. This new breach was enabled by the information gained by the attacker during the original August incident.

And a few days before Christmas, the firm informed users that attackers had accessed encrypted customer data (username, password, and notes) and unencrypted data (the website addresses of customers’ online accounts).

Do I believe you should keep your LastPass account following this last episode? No, but the damage has already been done. There is a high likelihood that your account may have been compromised. But if you want to continue to use LastPass, there are three things you must do to continue using the service.

  • First, you must strengthen your master password and ensure it is unique, long, and complex.
  • Second, as an extra security precaution, you should change the passwords for the websites you have stored in the service.
  • Third, you should be on the lookout for targeted phishing attempts in the coming months, with the attackers accessing your unencrypted contact information and websites.

I have reviewed these services over the years and have not found one I have felt entirely comfortable using – and I have not only my accounts to manage but many of my client’s accounts. I hate to say it, but the safest and most secure way of managing your passwords is to use a notebook and write them down.

If you use a document or spreadsheet and your computer is ever compromised, you will lose that information, and bad actors will use it against you.

What is the best way to implement this Luddite approach? Have one page per account, and write the name and website address at the top. Have a one-line entry per password, preferably with the date you first used it. If you must change a password, cross out that line, and write a new one along with the date, you created it.

The more complex we have made our lives by thinking that computers would make things easier for us, the more I think we need to use simple methods to maintain our security.