April Fools 2018

So this year, April Fools Day was on a Sunday. Easter Sunday no less. So some of us may have missed some of the jokes on the Internet. Here are a few you might have missed.

From Google Israel:
This one is about Hummus API – groundbreaking technology!

Here is the Bad Joke Detector:
Clean your device of bad jokes.

From Google Japan:
Gboard – a keyboard you can use in different ways (subtitled)

From ThinkGeek:
A Rick and Morty Screaming Sun Alarm Clock (rather annoying)

From DuoLingo:
Brewolingo – learn a new language while you drink

http://brewolingo.duolingo.com/

Standing Desks

So you’ve probably heard about standing desks and the benefits of using them. New studies now show they may actually be detrimental. They are said to increase pain and slow down mental ability. They are thought to increase awareness of being sedentary but are causing other problems. Certainly sitting most of your day isn’t goo either.

In the study they found that standing for two hours increased lower back and leg pain, and also that it can cause swelling of veins. Also after standing about an hour and fifteen minutes, mental reactiveness slowed down but creative decision making marginally improved.

So what should you do? Try to make a conscience effort to get up more if you sit for a while – go make a cup of tea. Stand for shorter periods at a time and alternate sitting and standing. Try to get in exercise before or after work.

Source

Cryptocurrency Mining

Cryptocurrency is the term given to currency such as bitcoin, ether, or any of the other digital currencies out there. So how does this work?

Cryptocurrency runs on what is called a blockchain, a ledger or document that is duplicated over networks of computers. As this is updated, it is made available to the holder of cryptocurrency. Every transaction is recorded of every cryptocurrency. The blockchain is run by miners. Their computers tally up the transactions. They update the transactions and also make sure of the authenticity of the information received. In payment, miners are paid fees for each transaction. The buyers and sellers agree on the value of the cryptocurrency as it fluctuates.

The transactions are made peer-to-peer without a mediator like a bank. The buyer and seller do not know who the other is, but everyone in the blockchain knows about the transaction as they are made public.

If I wanted to buy something that costs $10,000, and find a seller that accepts cryptocurrency, I would try to find out the current exchange rate get the public cryptocurrency address, say bitcoin, and we would stay anonymous to each other. I would then have my Bitcoin installed to his computer, say 10 bitcoins rated at $1000 each. My bitcoin client would sign the transaction with his private key. The transaction would be verified and transferred and recorded.

Cryptocurrency mining includes adding transaction to the blockchain and releasing new currency. They use special computers, hardware and software, to do this. Lately they’ve taken to using browsers and apps for cryptomining. There is a javascript that they can add to your website. Sometimes they will let you know they are using this, sometimes not. When it was first used it didn’t generate that much money for the miners but now that bitcoin rates have increased, it seems there has been another surge with it.

Coinhive is an alternative to browser ad revenue. They have a javascript for people to put on their website. They are using your computer to mine the bitcoin. Mining takes a lot of power so they look for other ways to use it. A good ad blocker can prevent you from using some of these types of sites. I just got the message from my adblocker when trying to get to coinhive.com. It is used to mine a cryptocurrency called Monero. The owners of the site get 70% of the currency and Coinhive gets the rest. You may never even know it is taking place if you visit a site using this, except maybe your computer runs a little slower. Users with WordPress can even get a plugin for using Coinhive.

One month last year, Malwarebytes blocked 248 million attempts to borrow resources from the Coinhive script. Many of the sites using Coinhive are porn sites or heavily covered with ads anyway. A good antivirus or ad blockers can help. You can also turn off javascript from your browser. Download and use Opera which will block cryptocurrencies.

Coinhive cryptomining scripts were found recently in 19 apps in the Google Playstore. One of the apps had over 100,000 users. They have since been removed from the store.

Here are some of our source articles to find out more:
https://www.benzinga.com/
https://www.symantec.com/
https://www.pcmag.com/
https://www.bleepingcomputer.com/
https://thenextweb.com/

Google Chrome and Ads

Starting February 15, 2018, Google Chrome has begun some ad-filtering. They won’t be blocking all ads but the ones that do not pass the standards set by the Coalition for Better Ads. They are targeting the most intrusive ads like the full page ads that block you from seeing the page content and flashing animated ads. In other words, they aren’t out to remove all ads but just the most annoying ones. They are also looking at the number of ads on a page.

You can also install ad blockers in your browser or visit YourAdChoices to optout of ads from the Digital Advertising Alliance.

Difference between Office 365 and Standalone Office Program

You can purchase Office [Year] as a standalone program or purchase a subscription service to Office 365.

Office 2016 (current edition) will run $149.99 and licenses one user on one PC. It includes Word, Excel, PowerPoint, and OneNote.

Office 365 Home or Personal will include Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access. It also includes 1TB of OneDrive cloud storage space and 60 minutes per month of Skype calls per user. This will run $99.99/year (or $9.99/month) for Home and $69.99/year (or $6.99/month) for Personal. Personal is for 1 user only. Home is for up to 5 users. It also includes apps for devices (including Apple products).

When you have Office 365, you also get the latest Office software. It also has automatic billing so you won’t ever run out. With Office 365, you also get support for any issues.

When Office 2019 is available later this year, it will require you to have Windows 10.

Sources:
Office Support
Microsoft Blog

Living in “Gatesville”

In case you haven’t heard about it yet, Bill Gates bought land in Arizona to build a smart city. He has invested $80 million already in a high-tech planned area near Phoenix of almost 25,000 acres.

Actually called Belmont, it will be designed to have high-speed Internet networks, self-driving vehicles, data centers, and new technologies for manufacturing. Building it from scratch, he is hoping to make it more cost-efficient rather than trying to redo an existing area.

Jody Victor crew learns about Amazon Go

Imagine you are in a rush and need to go to the grocery store. With Amazon Go, you can walk in, get your stuff and walk out. In fact, they call it their Just Walk Out Shopping experience or Just Walk Out Technology.

When you walk in, you use the app to check in (kind of like when boarding a plane) and then do your shopping. Forget your bag? There are plenty of reusable bags for purchase. You will also need an Amazon account.

They offer many ready-to-eat meals and snacks. They want to focus on making healthful meals.

They currently only have one store open to the public in Seattle, WA open 7am-9pm M-F. They do have people in the store to help you, stock shelves, etc. The store was opened last year for its Seattle employees while testing. It just opened to the public recently.

Learn more.

Has this ever happened to you?

You are browsing the Internet and maybe you look at some items and then it seems every where you go you are seeing the same things or related items that you just looked at. Maybe you abandoned a shopping cart or changed your mind about the purchase. Maybe you started filling out a form and stopped in the middle of it. They can’t possibly know what you typed, right? Or can they?

In an article by Motherboard.com, they cite a study done by Princeton University about boundaries. Or rather “No Boundaries.” How do you think Pinterest or Facebook or other social media sites get the information? There are sites such as FullStory that allow website owners to capture every keystroke a user makes. They use “session replay” scripts to capture what the customers are doing on their sites. You can see some of the major companies who use fullstory.com here.

Now more than ever it is important to read websites’ terms and conditions. They may collect things like medical conditions, personal data, credit card info. Passwords may even be “accidently” included in the data.

So what can you do? Run AdBlock Plus in your browser. According to the Princeton study, AdBlock has been updated to block all these scripts, thanks to the study.

This video shows FullStory capturing a user’s data as it is being entered into a form.

CES 2018

CES 2018
The Consumer Technology Association has an annual exhibit called CES (Consumer Electronic Show) that is taking place right now. Actually, it started yesterday January 7 and continues to until Friday the 12th. It is taking place in Las Vegas, NV.

There are many conferences that cover gaming, home electronics, robotics, cars, and sports technology to name a few. There are many exhibits from big tech to startups. This week we may be hearing of more and more tech that is either in the works or coming soon.

Over 20,000 new products will be exhibited, over 900 startups, 2.75 net sq. ft. of exhibit space, many big name innovators. They expect over 170,000 attendees over the next few days. They are even live-streaming on their website. They even have an app to assist you in navigating this huge event.

Go to CES.tech for more info.

Distracted Walking Laws

So various places are adding “Distracted Walking” laws to try to prevent people from texting or just reading their phones while walking.

The latest place to pass this law was Honolulu. They have started passing out tickets to those distracted while walking in a crosswalk. They are the first major city in the U.S. to pass such a law. Minimum fines will be $15 but repeat offenders can look at $75-$99. (Even higher rates of $100 for first, $200 for second, and $500 for third offenses were previously considered.)

The Mayor of Honolulu says that they had more pedestrians hit in crosswalks than almost anywhere else.

Ontario Canada is looking to pass a “Phones Down, Heads Up Act” as well to make it illegal to cross a street while using a phone.

npr.com
treehugger.com

Whaling Attacks

We recently came across the term “whaling” so of course, we needed to know more about it. Here is what the Victor crew found out. It is a form of phishing aimed at high-profile business executives, managers, CEOs, etc. They are going after the “big fish.” The emails sent to them are more official looking and target a particular person. A regular phishing attack usually goes out to a lot of people trying to lure anyone. Whaling is also considered “spear phishing” where it is an attempt to target an individual person or company.

As with phishing, whaling is used to get a person to reveal sensitive information, such as login credentials, to an account. They do this by trying to scare the individual into giving this information up.

Whaling goes so far as to make a web page or email that looks like the legitimate one. You may even be enticed into downloading a program in order to view a page or to get your information. It may come in the form of a false subpoena, message from the FBI, or some kind of legal complaint against you.

Be aware of what you are clicking. If you can, hover over the link and see where it is taking you. Try putting the URL in an analyzer, such as VirusTotal or TrendMicro to see if it is safe. If in doubt, don’t click or download anything you are unsure of.

Your Wi-Fi is probably vulnerable

It has recently been found that WPA2 protocol is vulnerable to hacking. They are known as Krack Attacks (Key Reinstallation AttaCKS) and there is a website where you can learn more about it. It is found that Android and Linux are most vulnerable to this exploit. They can be tricked into reinstalling an encryption key with all 0s that will allow them to enter your network and then get to sites you visit and capture your login credentials.

If you watch the video below you will see it is a rather involved process to actually crack into the network but that doesn’t stop someone who is intent on getting into your network.

There isn’t a whole lot you can do because this vulnerability bypasses any security measures. Some of the more simple things you can do is not use unsecure Wi-Fi. Ever. Keep your firmware to your router updated. Do not downgrade to even more insecure protocols like WPA or WEP.

A new way to call

Last week, Amazon announced new devices. Among the new devices are the Echo Show, costing $229.99. This is a more triangular device with a screen. It allows you to make video calls as well. They are offering $100 off if you buy 2 devices with code SHOW2PACK. You can actually watch flash news briefings, see lyrics of songs, security cameras, just to name a few.

Other new devices are a shorter new Echo, the Echo Plus and the 4K Fire TV device. Also announced was the Echo Connect, Echo Buttons, and BMW partnership. The Echo Connect is an accessory to link Echo to home phone line. It costs $35 and is coming later in the year.

If you already own an Echo, Echo Dot, or Echo Show, effective immediately you can make phone calls. It is supposed to work with your land line or your mobile phone.

Echo Show at Amazon.com

Equifax Breach – What you can do

By now you’ve heard about the Equifax breach. Something you may want to do by November 21 is put a security freeze on your account. Until then, they are waiving fees to do this.

A security freeze is supposed to block outsiders from opening an account in your name. This is different from a fraud alert which will only notify you if someone opens an account in your name (even you).

A security freeze has you adding a PIN in order to make any changes. The three major credit monitors are TransUnion, Experian, and Equifax.
Right now you can only put the freeze on Equifax for free. TransUnion and Experian will charge $10 for each. Currently there is legislation pending on making this free. If you are planning to buy a car or house you don’t want to freeze your credit just yet.

Equifax will not be calling you so if you get a call saying it is from them, it is most likely a scam.

If you enroll in their monitoring program, you would waive rights to sue if you are impacted by the breach.

Here are some links:
Equifax blog with explanation of the problem
How to put on and remove a freeze from your account
Form to fill out to get a PIN to freeze account

Other Uses for Social Media

Maybe you love, maybe you hate it but social media is here to stay. Many people used it as their lifeline during the past storm in Texas, known as Harvey. Many used Twitter or Facebook or Instagram to let people know they were in stuck and needed to be rescued. Still others used social media to let people know they were able to help.

The U.S. Coast Guard preferred for people to call them or 911 but people had trouble getting through. People even turned to Airbnb to offer their homes as shelters for those in need. The Hurricane Harvey Texas Rescue Facebook group offered ways to help those trapped or in need of rescue.

“Farm Fresh” Amazon

The Amazon and Whole Foods deal going through today is leaving its mark in a lot of different ways. Whole Foods prices are going down on a lot of items in an effort to allow more people to enjoy the benefits of organic foods. You may start seeing some Amazon devices on Whole Food shelves and Whole Food items on Amazon’s website.

Prices have been slashed on many items already. For example in New York it was reported that organic fuji apples went from $3.49/lb to $1.99/lb, avocados dropped $0.80 per lb, organic rotisserie chicken dropped $4.00/lb, and organic bananas went from $0.99 to $0.69 per lb.

The Amazon devices like Echo and Echo dot found in the Whole Foods stores are the same discounted prices found on their website right now.

The Victor crew plans to shop at one later this week and will report back any other findings.

Bloomberg
TechCrunch

Robotics

Robots

See SpotMini run! In this TedTalk by Marc Raibert of BostonDynamics gives a demo of how far robotics have come. He talks about dynamic mobility, balance, and mobile manipulation. He has a few demonstrations on video and live to show some things they have done to meet the goals of using robots.

In one demonstration, they show some examples of what might challenge the robots if faced with some obstacles keeping them from what they are trying to do. For his live demonstration he shows the different movements of SpotMini – a dog-like robot. He shows on the screen what the dog robot is seeing and how the robot plans where and how it will step.

Keep your browser extensions updated!

It is important to keep all software you use up to date. There are updates for a reason – most likely some of the code used was found to be vulnerable to attacks.

This past week, a popular extension was hijacked. The developer of the Web Developer for Chrome extension had his own account hijacked. The hijackers phished his Google account, then modified the code in his account and pushed it out to users. The version of Web Developer for Chrome that was pushed out is 0.4.9. You need to make sure you have the updated version 0.5 installed NOW!

The version the hijackers uploaded can force ads on pages, capture passwords, or other unreported problems. Consider changing passwords to pages visited during the time of the compromise. The date was August 2. The developer himself admits he fell for a phishing attack that started this. This effected over one million users.

The developer details the events in his blog. The bottom line is anyone can click on a bad link and it is important to have two-factor verification in place.

iPhone Smuggling

iPhones bring many people joy. Their prices vary in different regions. They happen to be cheaper in Hong Kong than mainland China, due to taxes and levies, so people try to get them there. A woman was recently caught by customs trying to smuggle in 102 iPhones strapped to her body. She was also smuggling 15 luxury watches. The added weight came to about 44 pounds.

Unsure of what types she was carrying, if they all were the iPhone 7 Plus, she would have had over $78,438 in USD at the very least. For the full capacity iPhone 7 Plus, it would have come to $98,838 at $969 each.

It seems this is an ongoing thing in China. In January 2015, a man was arrested at customs for smuggling 94 iPhones. Just two months later in March 2015, another man was caught trying to smuggle 146 iPhones. Most people are caught with up to a dozen or so. Sometimes they are caught with more, but this number made international news. It’s easier to smuggle in colder weather because they can wear heavier jackets.

Sources:
Chinese smuggler caught with 102 iPhones strapped to her body, doesn’t beat the record …
Chinese iPhone smuggler caught with 94 iPhones strapped to his body
http://kotaku.com/smuggling-146-iphones-looks-difficult-1690990925

Fireworks of the Future

Imagine your sitting on a blanket on the grass with your family nearby. You get ready to watch the Fourth of July drones? Ha! So some are re-imagining see the Fourth of July with drones. So what’s the upside of this? No smoke. No explosions. No air pollution. Maybe you can hear the music they could be flying to. May be even cheaper to run drones than to blow up 30 tons of fireworks for an eighteen minute display. The drones can be choreographed into amazing displays.

Now maybe instead of “Intel Inside” we can see “Intel Outside” as they develop this. Find out more.

The Price to say “Buh-Bye Ads!”

Don’t you just love it when you go to a website and you have all these things pop up, music blaring, or you’re reading something and along comes an annoying ad blocking you. There are two sides to this. Some people make their living from these ads. But for the user, it’s no picnic.

Google has joined the Coalition for Better Ads. This coalition has guidelines that should be followed when designing ads for a website. They plan on building a new Chrome browser with this ad-blocking built in. It won’t block all ads and you may only get the most annoying ads from showing.

The up side: maybe you will see fewer annoying ads.
The down side: someone will be making money from this. On the Google post, they mention Funding Choices where publishers can show a customized messages to people who are using ad blockers on their browsers. They can either enable ads or pay for removing the ads on that site through a new Google Contributor program.

So how does Google Contributor work? You buy a $5 pass for a particular website. The site has a per-page fee of their choosing (some are $0.01 per page, some $0.03 per page.) Every time you visit a page without ads, it deducts from the pass. You can add or remove sites from your pass at any time. This is still in beta at this time. They plan the rollout some time in 2018.

Google Post about Ad Blocking
Google Contributor

Windows 10 Creators Update

When the Victor crew was notified of the Windows 10 Creators Update, we scratched our heads. What in the world is that? Why would I need it?

There is a new Gaming category in Settings. When in game mode it will make the experience smoother.

You can use the new Paint 3D app to make 3D drawings along with 360 degree view.

There is feature that allows you keep open tabs by setting them aside so you don’t have to favorite them but put them aside for small projects you may be working on.

Microsoft Edge becomes the default eBook reader. You can customize the eBook as you are reading it, highlight parts, set bookmarks. You can also change the screen for night use.

There is a setting for Mixed Reality that works with HoloLens VR headsets.

Plan and measure trips on Maps. You can share them with others.

There’s a new privacy dashboard to allow you to set your own security settings.

Mini View allows you to keep a video in a small window.

The first of these updates were rolled out April 11, 2017.

Source:
https://blogs.windows.com/windowsexperience/2017/04/11/whats-new-in-the-windows-10-creators-update/#lTLvawf2Zc4QtKJx.97

Ransomware

The Victor crew has heard a lot of news lately about a cyber attack nicknamed WannaCry using ransomware. Ransomware is holds an infected computer hostage until a ransom is paid, usually in bitcoin, money that is virtually untraceable. This latest attack has caused global problems. In the UK, hospitals have been attacked. In the US, FedEx fell victim. If you use a Macintosh computer you are most likely safe as these attacks are targeted at PC users. If you are still running Windows XP you are even more vulnerable as there are no more patches being made for these systems.

Here are some things you can to do to prevent this from happening to you:

Keep your computer up to date. Do the patches for your operating system.
Make sure to do security updates for your security service.
Only open attachments from the person you know and trust.
Be careful of programs or other items you may want to download.
Back up your computer to an external hard drive.
Keep copies of your files on cloud services.

If you do get infected and don’t want to pay the ransom, which has been about $300-$600, you will have to flatten your machine (reinstall your OS). If you have kept your files on a cloud service or on an external hard drive, you will have defeated them. You will need to reinstall all your programs if you haven’t backed up the entire system.

The predictions are that today there will be even more as people turn on their computers if they haven’t been kept up to date.

Sources:
http://www.foxnews.com/tech/2017/05/15/ransomware-how-to-protect-yourself.html
http://abcnews.go.com/US/simple-things-protect-ransomware-attacks/story?id=47410339

Rogue Science: Outlaw Tech

If you get the Science Channel, you might already know about the Outlaw Tech program. They explore the different ways tech is used to commit crimes. Be it heists sort of like Ocean’s Eleven, counterfeiting, or identity theft, they may cover it.

They have six hour-long episodes showing how banks, museums, casinos can be hacked. During the episodes, they show how people have defeated have cracked sensors, codes, ATMs, and computers to get what they want.

You can find out more here.

Why it’s important to keep doing your updates

The Jody Victor crew ran across an article that is truly disturbing.

A flaw in Microsoft Office given the ID CVE-2017-0199 has quite a history. This vulnerability allowed remote attackers to use Microsoft products to execute arbitrary code and take over computers. Ryan Hanson found the flaw last year. He spent some time to see if it could be made more deadly before contacting Microsoft in October 2016. Microsoft did not patch this right away. If they told people of a change in Word settings that would fix the flaw, then word would be out that there was a flaw with more ramifications.

They decided to release a fix in a later update. However, they sat on it and took their time. They started working on a solution in January but attacks had already begun. Through links in email, computers were infected with software that allowed eavesdropping. McAfee saw some attacks on April 6 of this year and blogged about it April 7. April 9, a program was for sale underground for hackers to exploit the flaw. On Tuesday, April 11, the flaw was finally patched in an update.

They don’t know how many computers were hacked or how much money was stolen before this exploit was patched. If you don’t automatically patch your PC, please do so now!

Source:
http://www.reuters.com/article/us-microsoft-cyber-idUSKBN17S32G