First of all – what does zero-day mean? It is the day a vulnerability was found. If a bug was around for 10 days it would be a 10-day vulnerability. Usually a fix will be developed in the form of a patch or workaround.
A zero-day exploit means an attack takes place the day a vulnerability is discovered.
On March 30, 2019, two zero-day vulnerabilities were discovered in Microsoft EDGE and Internet Explorer. Without getting too technical, the behind the scenes code of the browser can occur when you visit a malicious site and some of the same origin policy code allows other sites to intervene. When working correctly, it would prevent other sites from accessing your information.
Another vulnerability is related to MHT files. Internet Explorer can still read MHT files. If you are using Outlook, you may see this above an email: “If there are problems with how this message is displayed, click here to view it in a web browser.” It will then open in IE even if you are using Windows 10 with Edge. If the MHT file is infected you will have problems.
To prevent programs from opening IE, you can go into “Programs and Features” in Control Panel and then to “Turn Windows features on or off” and uncheck Internet Explorer 11. Restart your computer.
Once upon a time back in the beginning of HTML and website coding, there was blinking code and marquee code and a lot of other things that have gone by the wayside and become obsolete.
At one time you would just put around the code you wanted to show blinking and blink away it would.
There is a little “easter egg” in google search that can bring a little bit of it back in the search results. Just type in “blink html” in the search box and you will see all result words “html” and “blink” actually blinking.
We were curious of what other “easter eggs” we could find. One said to type “askew” in the search box. We found a link to https://elgoog.im/tilt/ which showed a tilted google page. When we entered a search term, it showed a mirror image of google results with it going from right to left.
Another said to type in “recursion” and the only thing we found is “Did you mean: recursion” which I guess in itself is a recursion. If you type “anagram” it will say “Did you mean nag a ram”.
Not the mammal. The robot mop and vacuum. What sets this apart from other robotic floor cleaners is that it is self cleaning. It has Lidar Navigation Technology to map your floorplan. You can use the app to schedule and customize your cleanings. When it is done cleaning your floor, it will return to its base and clean the mops and dry them.
It has capacity enough to clean a 3200 sq ft floor. Right now it is still in KickStarter – it now has far outreached its goal. You can still sign up for the early bird version.
Some of us may have purchased a Chromebook. It may have been out of curiosity or maybe you just wanted a lightweight “laptop” to just scan your email and surf the Internet. There really isn’t much more you can do with it. If you are “techie” you can install a flavor of Linux to run along with the Chrome OS. The thing about a Chromebook is that the OS is Chromium.
When you do anything on a Chromebook, it is all in the cloud – nothing is on the computer. Now, when it updates, you just get a little message that says to push a button to restart and it comes right back, you log into Chrome again and it’s updated very quickly.
There are limitations on what you can do with them. For instance, I can stream Netflix through the Chrome browser on it, but Prime Video won’t play. The only place you can save files is in your Google Drive.
Google has an Auto Update Policy about their updates. As technology advances and hardware becomes old or outdated, they cannot guarantee the software updates will run any longer. With that in mind, they have set a time limit on updates for Chromebooks. If you have a Chromebook, you can check the date here. It has a list by Manufacturer then Model. I happen to have an HP Chromebook 14, which looks like I cannot get updates past June this year. If it still runs, then that’s fine. If not, I can always install Linux over it and see if that will run.
Last Wednesday, Facebook, Instagram, and WhatsApp were down for many users around the globe. It turned out to be the longest outage they ever had. As a Twitter user, I saw many people complaining on that platform. In fact, we saw a few people had even just signed up for Twitter so they could complain about Facebook or Instagram.
Facebook even took to Twitter to let people know what was going on. At 1:49 pm, they acknowledged they were having problems. At 3:03 pm, they confirmed that it was not a DDoS attack. On Thursday afternoon, they said the problems was due to a server configuration change that caused the problem.
Pi Day is coming up this week. The date is 3/14 and happens every year. Some places even offer Pi Day deals. People celebrate it in various ways. Maybe they will make a pie with the pi symbol on top; perhaps they will go out for pizza pie; maybe even participate in pie throwing contests.
Pi Day was founded in 1988 by Larry Shaw, a physicist. Why 3/14? Well, duh – Pi is approximately 3.14159… It also happens that it is the birthday of Albert Einstein. Pi is a number that is used in calculating the circumference of a circle.
Ever wish you could more easily put a table in Microsoft Excel instead of typing all those fields or trying to copy and paste? If you have Microsoft 365, you are in luck. Over the next few months, they will be rolling out a new feature that allows you to insert data from a picture.
You will open the Excel app on your phone or tablet, and tap the “Insert data from picture” button to start. Then you would capture the data you want to import within the box borders shown and you can change the size around the image to make sure you get it all. Using its AI engine, Excel will convert it to a table. You can correct the data by tapping on Edit or continue by tapping Ignore if it detects errors. You can then Insert the data. Excel will convert the data to the spread sheet.
In the past week, the Gmail app has been updating across all platforms. It went to Android users first and just rolled out for iOS users. It will take a little getting used to.
As a heavy Gmail user, I currently have 3 accounts on my device. I used to touch the hamburger menu icon (the three bars) to open up the side panel and see all my labels and switch accounts. Instead, they have added the icon for the account you are currently in at the top with the “Search mail” box above the messages list panel on the left.
The entire app looks more “white” as well. There are three list densities to choose from: Default, Comfortable, and Compact. Default will show who it’s from, a small logo on the left, subject and the first part of the email and show if there are attachments. Comfortable will remove the attachments from the list view. Compact will only show who it’s from and the subject line (no logo, but it will show a checkbox to allow you to move or delete). You may need to play with it to look the way you want.
To compose a new email, you will see a colorful plus sign over the message list. Even though the app had updated, I had to hard close the current app and reopen in order to get the new one.
There are a few newer features added to Gmail in the past year or so that can be annoying to some, helpful to others.
One newer feature is called Nudges. Do you forget to answer emails? Gmail can nudge you now to answer the email. I had noticed there was an older email (4 days old) that I wanted to wait to answer. All of a sudden the email was at the top again. In the subject line there was orange print that said “Received 4 days ago. Reply?” You can choose to reply or even “snooze” the email. If you snooze it, it will go into a new folder called “Snoozed”. This can be enabled or disabled in Settings.
“Smart Reply” is another newer feature. The first time I saw it, I was a little confused because I hadn’t read anything about it. These are the words that show up at the bottom of an email that allow you to choose a canned response. For instance, based on words in the email (yes that’s creepy), I’m looking an email that ends “How’s that sound?” and the canned response choices are: “Sounds good to me.”, “Sounds like a plan.”, and “Sounds great!” So I could choose any one of these quick replies. I can usually tell when I’ve gotten one of these from somebody. These Smart Replies can be enabled or disabled in Settings. This picture shows the instructions for disabled from your iOS device.
Another newer feature is the “Hover Actions” where you can hover over the email list and delete or label while in the list. This action can be enabled or disabled in Settings.
You can now add a split view to Gmail where you can see the list of mail on the site and a pane with email to the side or top of it (horizontal split or vertical split). If you have a wide screen, it makes it nice to work with.
If you have a gmail account, did you know that your email address can also have dots in it and you’ll still get it? For example, if your address email@example.com, it won’t matter if you send to firstname.lastname@example.org. You can even send it to email@example.com and still get it. Most mail systems do not allow this. Apparently this has been like this for some time.
We found out recently when we saw an article from ZDNet about how scammers are exploiting this by registering for different websites under your email but adding the dots. It may be sites like Netflix, Amazon.com, or eBay. They would see the dotted account email as a different one.
One group has used a variation to obtain credit cards. They have filed tax returns, registered for trial accounts, USPS change address requests, collecting Social Security benefits, apply for unemployment benefits, and apply for FEMA disaster relief.
The article brought out two other things that could be exploited. First, Google allows + signs – you can send email to firstname.lastname@example.org and email@example.com will get it. Second, before gmail.com it was googlemail.com and if you use firstname.lastname@example.org, email@example.com will still get it. Yes this has been tested and confirmed.
Just a couple weeks after Collection #1 Breach was identified, there come Collection #2-5 Breaches. There are an estimated 2.2 billion unique accounts compromised in this breach.
The site we usually check for breaches (HaveIBeenPwned.com) has not been updated yet. In the meantime, you can use the Hasso-Plattner Institute’s tool to check. When you enter your email into this tool, it will email you a report of what has been found in a breach.
Once again, we want to stress that you use a password manager, use hard to type or guess passwords, use 2FA where available.
You’ve gotten those emails asking to click on something. It could be to learn how to make more money, or maybe someone has your information, or something that really looks legitimate. They prey on people hoping to get more of your personal information.
Google’s Jigsaw unit has a phishing quiz. The Victor crew suggests you take it to see if you can spot some phishing emails/sites. It is only 8 questions long but it may help you be on the ball. You start out by making up a name and email for the quiz. Some are phishing and some are legitimate. See if you can spot the imposters:
There was a new breach found last week and reported by Troy Hunt on January 17, 2019. This one is a massive breach where a collection of emails and passwords of over 2.5 billion rows of combinations. There were over 1.1 billion of these as unique combinations found possibly due to emails being in both upper case and lowercase. There were a total of of over 700 million unique email address with passwords.
Perhaps you are no longer using a particular email that was found in the breach. Or maybe your password has been changed. Chances are you are or were a little lax about your passwords and re-used them on different sites.
We recommend you use a password manager and let it generate secure passwords for you. You would only have to remember that one password and can have access to all your passwords and sync them to your devices. Some managers even offer storage of sensitive documents.
Last week we posted about some different browsers out there. It seems Microsoft has been actively trying to embrace the open source software community. They recently bought GitHub, a repository used for years by people to store their open source projects.
Last month, they decided to adopt the Chromium open source project to re-develop their Microsoft Edge browser. Many browsers are already built on Chromium, such as Chrome, Opera, Brave, Vivaldi, and Yandex just to name a few.
Some of their reasons make sense. One is web compatibility. When developing websites, developers have to check their sites in at least four browsers to make sure they look right in all of them. This will make it easier by removing one that is often difficult.
My mind is like my Internet browser – at least 19 tabs are open, 3 of them are frozen, and I have no idea where the music is coming from.
What browser do you use? Do you use the default browser that comes with your computer? Or do you immediately download your favorite browser and use that? If you have a Mac, you get Safari browser. If you get a PC, you get (these days) Microsoft Edge. Many people use Chrome or Firefox in addition to the default browser. Did you know there are many more browsers out there?
At one time, many used Netscape or Lynx – Lynx was the first browser. Netscape went away in 2008. Other defunct browsers were Chimera which became Camino, Mozilla, which became SeaMonkey, Phoenix, which became Firebird.
There are some lesser known browsers as well like Brave; Vivaldi; Dillo; Konqueror; Epiphany, the Gnome web browser for Linux; Midori; K-Meleon; Pale Moon, forked from Firefox; AdBlock has their own browser; and you can also browse within some applications on your mobile device like in LastPass.
Lynx has been around since 1993 and Opera since 1994. IE came out in 1995. In 1996, Mac came with Mac IE. Firefox has been around since 2002. Chrome came about in 2008.
It seems back in 1955, Sears and Roebuck printed an ad but had an incorrect phone number in the ad asking kids to call Santa direct. When children called in, the number rang to a secret red phone on the desk of Colonel Harry Shoup of the Continental Air Defense Command, which has since been renamed to NORAD. Only a four-star general and Colonel Shoup had this number. They were afraid of something dire when that phone rang.
Colonel Shoup thought the call to be a prank when a child asked to speak to Santa, but then when the child that called started to cry, he realized there may be an issue. The child’s mother came to the phone to straighten it out. It has become a tradition and now NORAD tracks Santa and keeps track as Santa delivers every Christmas. You can get an app to track him or do it through the website: https://www.noradsanta.org.
The other day I was in a Best Buy store and came across a salesperson with Oculus Go. I was curious. After talking to salesman about how it works, I had to give my name and email (of course) in order to try it out. So what is it? It’s a standalone VR headset. Standalone in that you don’t need to hook up your phone or a computer to see the content and can take just the headset with you. It fits right over eyeglasses. There are built-in speakers. It has a 2560 x 1400 p screen. It comes in 2 models: 32GB ($199) and 64GB ($249). It only comes in a light gray. The company is owned by Facebook.
So here I am in the middle of the store holding the controller with my arms outstretched playing demo games and watching demo movies. You can see above you, behind you, and all around. I got to see a demo short of Jurassic Park Blue. It was like the dinos were right in front of me. I played a game that was a lot of fun called Fail Factory. I must have been moving around too much because the sales person had to move me back. They do suggest you use this sitting down for that reason. It was a lot of fun and I am contemplating getting one.
Some caveats – rechargeable battery life is only about 2 hours gaming and 2 1/2 hours watching movies so you can’t plan on it for an entire flight if your flight is over that. There is only 3 degrees of freedom rather than 6 in most VR sets. Case is sold separately (unless you find a deal that includes the case). 32GB will hold about 3 HD movies, 10 games, and 20 apps. 64 GB will hold about 7 HD movies, 20 games, and 40 apps.
By now you must have heard of the Instant Pot. This is one pot with many functions. It is a slow cooker, a pressure cooker, a rice cooker, a yogurt maker, it steams, it sears, and a few more things. I’ve seen many recipes on Pinterest for the Instant Pot. I understand you can purchase other items that will fit in it, such as a small cheesecake pan. So should you get one? That’s still up for debate.
I myself have bought one three times – all as gifts. Right now I don’t feel I need one because I have a slow cooker, a pressure cooker, and a yogurt maker. All are in good shape and don’t need replacement any time soon. The people I’ve gotten the Instant Pot for didn’t have any of the appliances in the list so this would be a first for them.
Its name can be misleading as nothing is really instant. I believe the name focuses on the pressure cooking part of it because a pressure cooker does cook much faster than standard methods. For instance I can cook a 3+ lb chuck roast to make pot roast in about 45 minutes as opposed to about 2.5 hours on the stove or in the over or even longer in a slow cooker. What these times don’t include for the pressure cooker is the start up time to build up the steam or the time it takes for the pressure to release.
If the person you are buying for hasn’t done much cooking, I understand it may take a while to learn to do all the things that the appliance is capable of. You would have to read the manual and follow the directions.
Some more pluses are you can brown your meat and cook in same pot unlike using a slow cooker. You can start with your meat frozen and still cook in about the same amount of time.
With Christmas coming we will try to find some gift ideas for the next few weeks. This would be something we see, but may not necessarily buy for ourselves but know someone who might like it.
First off, lets start with the PowerPic from Twelve South.
This is a picture in a frame with a hidden phone charger. Only works with iPhone 8 and up, Pixel, Galaxy, or any Qi-enabled smartphone. It is a pine frame that you plug in. It has a hidden Qi charger to wirelessly charge your phone. You can choose from black or white frame. It works even with your case on your phone. When you put your phone on the frame, it completes the picture. You can download the frame pictures and phone pictures from their website. This will set you back $79.99.
Be it tying a tie, making a turkey, or learning a knitting technique, there are are many places to learn things. Many people go to YouTube to learn things while they do them like a new recipe or that tie or knitting technique. Even if you do a general web search, you are bound to find some videos showing you how to “do” it. According to Pew Research Center, about half of the people that go to YouTube do so to learn how to do something.
With Thanksgiving Day arriving this week, the top search showing as you type would be “how to cook a turkey”. There are many variations of like “how to brine a turkey” for example.
There are other places to learn things like wikiHow. You just put in your search and it will show you some choices. Instead of videos you may find nice large pictorial steps telling you what to do for each step. On this site you can even ask questions.
If you have questions related to technology, there’s always How-To Geek website. From choosing a device to setting it up, they have suggestions for you.
We talked about Wi-Fi a couple weeks ago. Let’s expand on that. Now they have given Wi-Fi version numbers for the different protocol types identified by the letter suffix on 802.11. Let’s start with 802.11 and what it is.
The 802.11 protocol is set forth by the IEEE (Institute of Electrical and Electronics Engineers, Inc.) They are the ones who set the standards of what is under each protocol, specifically the IEEE 802.11™ Wireless Local Area Networks, the working group for WLAN standards. They have regular sessions and presentations about 802.11 protocol. There is one being held right now in Bangkok, Thailand.
The Wi-Fi Alliance® has now assigned version numbers to different Wi-Fi protocols.
Wi-Fi 6, which will be available next year will be 802.11ax standard.
Wi-Fi 5 is the 802.11ac standard
Wi-Fi 4 is the 802.11n standard
Older standards are not being given a version number because they are not widely used anymore.
Wi-Fi Certified WiGig™ will bring bands of 60 GHz with multi-gigabit speeds, suitable for virtual reality and HD streaming. Wi-Fi security WPA3™ will have increased crytographic strengths.
Have you joined nextdoor.com yet? We received a postcard in the mail about it, so we joined. The call themselves “The private social network for your neighborhood.” They have a website and an app. “When neighbors start talking, good things happen.”
Some of the posts we’ve seen are things like “does anyone have a recommendation for a ___” (fill in the blank). It could be a painter, a handyman, a babysitter, etc. You can see local events, yard sales, people can post things to sell, and a host of other things like lost pets, pets for adoption, elderly asking for help with yard work.
Some of the posts are a little more serious, like reporting breakins or robberies. Of course there are also ads.
On a lighter note, it is fun to see of the more obnoxious posts. Like “Crazies on motorcycles” or “Blue heron eating pond fish”. If you really want to have fun with it, you can follow @bestofnextdoor on twitter.com. They have culled some of the more outlandish posts from around the country and posted them for people to see. You will see some posts with added phrases such as “This is not a dating app” or “Nextdoor is twitter for old people”. Have fun.