Month: December 2021

Packages and Rescue Packages: Online Consumerism Shields a Brewing Storm

UPDATE 01/03/22  Evergrande stock: China’s property developer suspends trading in Hong Kong – CNN

While we’re shopping from Amazon (or at the mall?), ominous events are taking place in the investment world: China’s largest real estate company, Evergrande—with 200,000 employees and more than 1,300 developments in more than 280 cities–has defaulted on its $300 billion debt. This despite having real estate sales of $110 billion last year. Why is this significant? Never mind the awful consequences of our complete social shutdown—depression, suicide, drinking and drug use, reckless Covid relief and stimulus—the U.S. pension system and insurance funds are heavily invested in the collapsing Chinese real estate bubble and consequently, have lost billions. Other Western nations are in a similar bind. Continue reading “Packages and Rescue Packages: Online Consumerism Shields a Brewing Storm”

Americans lost $148 million to gift card scams this year

Gift cards should never be used to pay bills or the government for taxes, etc. Gift cards should always be used to buy gifts.

This goes to show you the wisdom of the elders: if something sounds too good to be true, it probably is. Don’t let your guard down.

Report Gift Cards Used in a Scam | Federal Trade Commission – YouTube

Reminder: Phishing still way up there in terms of compromise

Reminder: Phishing is still the method of compromise most widely used. 91% of cyberattacks use phishing emails. With ransomware, the number is about 70%.

Phishing is really sophisticated sometimes. You may get phishing emails that look exactly like the real thing and the sites they lead to can have images and layouts stolen from the mimicked website.

Spearphishing is a targeted attack against certain individuals at an organization. Whaling is directed at big names at an org, typically a CEO or CFO–or someone with purchasing power since money transfers are the goal.

Smishing uses SMS (text) messages to get you to click and vishing uses phone calls or voice messages to get a target to do something the threat actor wants.

Don’t click. Don’t open attachments. Don’t even respond.

Merry Christmas!

It’s the calm of the storm, before the relatives get here. The little Xmas mice are diligently working making the cheese plates. The presents (yes there are presents for adults this year) are scintillating in the white light of the Christmas tree. I pull out my pipe and sit in my leather chair drinking Christmas whisky. Piles of books I have not yet read. Homemade mince tarts. Peace and grace.

Encrypted messaging apps mostly keep your privacy

Overall, these services – iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr do indeed keep your content encrypted–unless you are using WeChat IN China.
 

Log4j continued

Merry Christmas.

CISA “published an emergency directive on Friday urging all government agencies to immediately ‘patch’ computer systems to address the Log4j flaw. ‘The Log4j vulnerability is the most serious vulnerability that I have seen in my decades-long career,’ CISA Director Jen Easterly.”

“Even the Microsoft-owned online video game Minecraft has been affected. Some hackers were apparently able to breach victims by typing a single line of code into the game’s chat box, according to Wired. Microsoft says it has since fixed the issue and is urging players to update their Minecraft software.”

Why is the Log4j cybersecurity flaw the ‘most serious’ in decades? (nypost.com)

 

Gadgets 12/18/2021: Galaxy Z Flip 3, Tiles, Portable power station, camping solar panels, Galaxy Tab A7, Surface Pro 8, Ear buds

Want.
https://www.amazon.com/dp/B097CNP994/ref=asc_df_B097CNP9941639738800000

I bought some of these for my mom, but nope, didn’t last long. I’m not one who loses their stuff, but I recommend this one if you do.
https://www.amazon.com/Tile-RE-20002-Pro-2-Pack/dp/B07W73NGMW

Sweet power source Batman!
https://www.amazon.com/Jackery-Portable-Power-Station-Generator/dp/B07D29QNMJ

Also for camping, but I had a small solar panel and it was not impressive.
https://www.amazon.com/Jackery-SolarSaga-Explorer-Portable-Generator/dp/B07PGS2WN8

I do need a new tablet. (I have an old, unused iPad.)
https://www.walmart.com/ip/SAMSUNG-Galaxy-Tab-A7-32GB-10-4-Wi-Fi-Gray-SM-T500NZABXAR/882296471

But if I were to get a Surface…This one is $200 off.
https://www.microsoft.com/en-us/d/surface-pro-8/8qwcrtq8v8xg?icid=deals-page_Store_COUNTDOWN22_R1_CP4_SurfacePro8_121721&activetab=pivot%3aoverviewtab

And if you like ear buds
https://www.walmart.com/ip/Google-Pixel-Buds-A-Series-Truly-Wireless-Earbuds-Audio-Headphones-with-Bluetooth-White/620970985

——

Wired has this story about how Macy’s, Target, Bloomingdales, The North Face, Old Navy and other retailers are on the heels of Amazon with free shipping and 25% off.
https://www.wired.com/story/move-over-amazon-catching-up-macys-target

log4j vuln hits millions of devices

UPDATE 12/15/2021: A second vuln in log4j (patch for the first vulnerability was “incomplete.”) It’s been exploited in the wild.

As Daniel Miessler says “Analysis: What’s so remarkable about this vulnerability is not just its criticality or reach—but the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. What we should be thinking about isn’t just log4j. What we should be thinking about is how many other projects are out there that have similar characteristics:

  1. The project is maintained by very few people in their spare time for no money, and
  2. If the project had a major issue it would disrupt the entire internet.We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they’re creating from a security standpoint.”

Cybersecurity official warns software vulnerability could affect millions of devices (msn.com)

WordPress: A History of Dev Rollbacks

So I had a hard-learned lesson with WordPress history in Elementor. If you want to review or roll back to a prior version of the site as you work on it, remember to select the starred revision, or other revision you would like to save, before you close it! Specifically:

At right at the bottom, you can see the history button, which is the circle with arrow denoting time rotating counterclockwise. Select that and you see the Actions and Revisions tabs.

Actions is only the history of your current session, which is erased at end of your session.

Revisions are steps that have been saved either manually in your session or automatically at the end of your editing session.

Again, when you are finished viewing the revision make sure you select the correct version you would like WordPress to keep upon saving. It’s really sad when you lose everything after your work of X number of days.

Editing Responsive Views in WordPress

A neat little thing I learned in WordPress is custom responsive styles in the Elementor editor.

If you make a change and then switch to tablet or mobile view and make changes there, you will also change the regular desktop view. (See wrong button at bottom of image with red ‘X’ at right.)

Instead you have to change each style setting using the little device icons next to each setting. See examples right.

Just make sure to check each layout before publishing!

WordPress development 101

Just dipping into WordPress the last few days and after the client installed the subdomain, the rest of the site is having issues relating to (perhaps) DNS or a missing SSL certificate.

I have primarily worked with Drupal (and more recently Wix), but there are some similarities (e.g. PHP) and this is a great learning experience. The community seems to answer faster than Drupal.org. They’re on Stack, so that’s good.