Log4j continued

Merry Christmas.

CISA “published an emergency directive on Friday urging all government agencies to immediately ‘patch’ computer systems to address the Log4j flaw. ‘The Log4j vulnerability is the most serious vulnerability that I have seen in my decades-long career,’ CISA Director Jen Easterly.”

“Even the Microsoft-owned online video game Minecraft has been affected. Some hackers were apparently able to breach victims by typing a single line of code into the game’s chat box, according to Wired. Microsoft says it has since fixed the issue and is urging players to update their Minecraft software.”

Why is the Log4j cybersecurity flaw the ‘most serious’ in decades? (nypost.com)

 

Gadgets 12/18/2021: Galaxy Z Flip 3, Tiles, Portable power station, camping solar panels, Galaxy Tab A7, Surface Pro 8, Ear buds

Want.
https://www.amazon.com/dp/B097CNP994/ref=asc_df_B097CNP9941639738800000

I bought some of these for my mom, but nope, didn’t last long. I’m not one who loses their stuff, but I recommend this one if you do.
https://www.amazon.com/Tile-RE-20002-Pro-2-Pack/dp/B07W73NGMW

Sweet power source Batman!
https://www.amazon.com/Jackery-Portable-Power-Station-Generator/dp/B07D29QNMJ

Also for camping, but I had a small solar panel and it was not impressive.
https://www.amazon.com/Jackery-SolarSaga-Explorer-Portable-Generator/dp/B07PGS2WN8

I do need a new tablet. (I have an old, unused iPad.)
https://www.walmart.com/ip/SAMSUNG-Galaxy-Tab-A7-32GB-10-4-Wi-Fi-Gray-SM-T500NZABXAR/882296471

But if I were to get a Surface…This one is $200 off.
https://www.microsoft.com/en-us/d/surface-pro-8/8qwcrtq8v8xg?icid=deals-page_Store_COUNTDOWN22_R1_CP4_SurfacePro8_121721&activetab=pivot%3aoverviewtab

And if you like ear buds
https://www.walmart.com/ip/Google-Pixel-Buds-A-Series-Truly-Wireless-Earbuds-Audio-Headphones-with-Bluetooth-White/620970985

——

Wired has this story about how Macy’s, Target, Bloomingdales, The North Face, Old Navy and other retailers are on the heels of Amazon with free shipping and 25% off.
https://www.wired.com/story/move-over-amazon-catching-up-macys-target

log4j vuln hits millions of devices

UPDATE 12/15/2021: A second vuln in log4j (patch for the first vulnerability was “incomplete.”) It’s been exploited in the wild.

As Daniel Miessler says “Analysis: What’s so remarkable about this vulnerability is not just its criticality or reach—but the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. What we should be thinking about isn’t just log4j. What we should be thinking about is how many other projects are out there that have similar characteristics:

  1. The project is maintained by very few people in their spare time for no money, and
  2. If the project had a major issue it would disrupt the entire internet.We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they’re creating from a security standpoint.”

Cybersecurity official warns software vulnerability could affect millions of devices (msn.com)

WordPress: A History of Dev Rollbacks

So I had a hard-learned lesson with WordPress history in Elementor. If you want to review or roll back to a prior version of the site as you work on it, remember to select the starred revision, or other revision you would like to save, before you close it! Specifically:

At right at the bottom, you can see the history button, which is the circle with arrow denoting time rotating counterclockwise. Select that and you see the Actions and Revisions tabs.

Actions is only the history of your current session, which is erased at end of your session.

Revisions are steps that have been saved either manually in your session or automatically at the end of your editing session.

Again, when you are finished viewing the revision make sure you select the correct version you would like WordPress to keep upon saving. It’s really sad when you lose everything after your work of X number of days.

Editing Responsive Views in WordPress

A neat little thing I learned in WordPress is custom responsive styles in the Elementor editor.

If you make a change and then switch to tablet or mobile view and make changes there, you will also change the regular desktop view. (See wrong button at bottom of image with red ‘X’ at right.)

Instead you have to change each style setting using the little device icons next to each setting. See examples right.

Just make sure to check each layout before publishing!

WordPress development 101

Just dipping into WordPress the last few days and after the client installed the subdomain, the rest of the site is having issues relating to (perhaps) DNS or a missing SSL certificate.

I have primarily worked with Drupal (and more recently Wix), but there are some similarities (e.g. PHP) and this is a great learning experience. The community seems to answer faster than Drupal.org. They’re on Stack, so that’s good.

Social Security scam and protection recommendations

If you receive a call, text, or email that says one of the following, it’s a scam:

* Threatens to suspend your Social Security number, even if they have part or all of your Social Security number
* Warns of arrest of legal action
* Demands or requests immediate payment
* Requires payment by gift card, prepaid debit card, internet currency, or by mailing cash
* Pressures you for personal information
* Requests secrecy
* Threatens to seize your bank account
* Promises to increase your Social Security benefit
* Tries to gain your trust by providing fake “documentation,” false “evidence,” or the name of a real government official Continue reading “Social Security scam and protection recommendations”

A Happy Thanksgiving

I was thinking about politics in regard to TG Day. It’s a series of memes. So my sister and her bf are coming to have dinner tomorrow and they’re also bringing their dog Oliver and my pup Jax back. They both differ in their politics from my mother and me, but are decent.

And if my brother were here? Not a guarantee of peace.

So I think there’s some humor in how the past and current presidents had their positive memorable phrases or slogans:

Reagan – A shining city on a hill
GHW Bush – A thousand points of light
Clinton – Don’t stop thinking about tomorrow
GW Bush – Compassionate conservatism and mission accomplished
Obama – Yes we can
Trump – Make America great again
Biden – I have no idea

That last one could be enough of a jump off point to a shallow argument. But slogans do not make the man. They do make for good argument material though. Why someone could not just keep their mouth shut and love their family is beyond me.

So I wish you all a Happy Thanksgiving and drop a note to say what you’re doing. Blessings!

Black Friday Deals #1!

Things I saw that are kewl.

Must have for the geek who needs everything 8^)
https://www.gamestop.com/gift-cards/gaming-gift-cards/products/valve-steam-wallet-card-50/215601.html

As I consider my game play, I may want to reconsider my dusty headset
https://www.microsoft.com/en-us/d/kingston-hyperx-cloud-stinger-gaming-headset/92bvltvkq9f1

I have my old Beats, but this – PuroQuiets Active Noise Cancelling Headphone w/Built in Mic
https://www.amazon.com/dp/B08JPLG65P

Continue reading “Black Friday Deals #1!”

The Press shows not what could be, but what is in the state of journalism

Objective journalism is all but dying (dead?) here, but it’s been dead for a while in the U.K., the difference overseas now is that “activist journalism” is understood. The editor-in-chief in BBC’s “The Press,” Duncan Allen (played by Ben Chaplin) is the ruthless stereotype of what is, in today’s journalism.

Ironically, while trying to expose corruption, he too is exposed for his sordid private life. So it’s anti-climactic when he reveals his ideas to change society.  Why shouldn’t it be that they create horrible news stories to create change? There is not even a mention here of objectivity. (Hence the disappearing difference between the U.K. and the U.S.)

Journalism was comedic with His Girl Friday and Switching Channels, tragic in Citizen Kane, and disconcerting in The Press. But taking part in the story you’re writing should not be part of your reporting. That means taking part by putting your opinions in as well.

Can change happen without this in real life? I hope so.

From brandished swords to cyberspies

This is some gall and ominous.  But the news today is about China warning about Taiwan. So far, I have little faith in what our administration is doing.
China builds mockups of U.S. Navy ships in area used for missile target practice | Reuters

Their inroads are significant. But the big problem is that they are graduating tens of thousands into cybersecurity and IT.

China’s next generation of hackers won’t be criminals. That’s a problem. | TechCrunch

H/T Daniel Miessler

macOS zero day on watering hole

Another macOS zero-day giving root access, Google warns hackers used macOS zero-day flaw, could capture keystrokes, screengrabs | ZDNet also on iPhones. A watering hole attack relies on profiles of a website’s typical visitors to create the attack. For companies, note the websites of your industry’s conferences, standards bodies, and vendors.

Pretty sophisticated code I guess because analysts were looking at the quality as being like that of dev team: “…[u]sual-suspect traits of malware built for spying on a target, including device fingerprint, screen captures, the ability to upload and download files, as well as execute terminal commands…also record audio and log keystrokes.”

Just be wary where you are following the same sites as co-workers. Beware email lures. Get secure email and malware solutions for your business.