MS Paint

Remember Microsoft Paint? Usually it is disparaged by people, especially those who have access to something more powerful like Photoshop.

Microsoft has added some new features to MS Paint that are to be included in the Windows 10 May 2019 update. The most key new feature is that the keyboard will be used as the primary input. This will give users the added ability to draw only with their keyboard.

In keeping with the accessibility features, they have also improved the way Paint interacts with screen readers like Windows Narrator.

See more information along with the keyboard shortcuts illustrated.

Car Hacking

The Victor crew has written about car hacking before. It seems to have escalated to apps being used to hack some cars now. Breaking into certain GPS Tracking apps, the hacker claims to have the ability to even stop engines, as reported by MotherBoard.

The apps he has hacked, called iTrack and ProTrack, are two apps where companies can monitor and manage their fleet vehicles. The hacker found that the apps have default password of 123456 when they sign up. The hacker said he was trying to target the companies, not the users.

Both apps are made in China.

Zero-Day Internet Explorer Vulnerability

First of all – what does zero-day mean? It is the day a vulnerability was found. If a bug was around for 10 days it would be a 10-day vulnerability. Usually a fix will be developed in the form of a patch or workaround.

A zero-day exploit means an attack takes place the day a vulnerability is discovered.

On March 30, 2019, two zero-day vulnerabilities were discovered in Microsoft EDGE and Internet Explorer. Without getting too technical, the behind the scenes code of the browser can occur when you visit a malicious site and some of the same origin policy code allows other sites to intervene. When working correctly, it would prevent other sites from accessing your information.

Another vulnerability is related to MHT files. Internet Explorer can still read MHT files. If you are using Outlook, you may see this above an email: “If there are problems with how this message is displayed, click here to view it in a web browser.” It will then open in IE even if you are using Windows 10 with Edge. If the MHT file is infected you will have problems.

To prevent programs from opening IE, you can go into “Programs and Features” in Control Panel and then to “Turn Windows features on or off” and uncheck Internet Explorer 11. Restart your computer.

Trend Micro Blog

April Fools Day 2019

So where are all the jokes? It seems there haven’t been as many jokes this year. However, here are some places you can find some jokes that have been aggregated from around the web:

DIGG
April Fools Day on the Web
Snopes
Tech Crunch

Some of the jokes include Google Files screen cleaner, Hasbro ditching Mr Potato Head for Mr Avo Head (avocado), the OnePlus warp car, and 450 pound dog to name a few.

A lot of Australian people were bummed this wasn’t a real thing:

Facebook, Instagram and WhatsApp Outage

Last Wednesday, Facebook, Instagram, and WhatsApp were down for many users around the globe. It turned out to be the longest outage they ever had. As a Twitter user, I saw many people complaining on that platform. In fact, we saw a few people had even just signed up for Twitter so they could complain about Facebook or Instagram.

Facebook even took to Twitter to let people know what was going on. At 1:49 pm, they acknowledged they were having problems. At 3:03 pm, they confirmed that it was not a DDoS attack. On Thursday afternoon, they said the problems was due to a server configuration change that caused the problem.

Facebook Outage

Many people took to complaining on some sites that report outages, sometimes even showing a map so you can see how widespread the problem is.
You can check which sites are down at these places:
https://downdetector.com/
https://www.isitdownrightnow.com/

Happy Pi Day!

Pi Day is coming up this week. The date is 3/14 and happens every year. Some places even offer Pi Day deals. People celebrate it in various ways. Maybe they will make a pie with the pi symbol on top; perhaps they will go out for pizza pie; maybe even participate in pie throwing contests.

Pi Day was founded in 1988 by Larry Shaw, a physicist. Why 3/14? Well, duh – Pi is approximately 3.14159… It also happens that it is the birthday of Albert Einstein. Pi is a number that is used in calculating the circumference of a circle.

Sources:
https://www.piday.org/
https://www.history.com/news/where-did-pi-day-come-from

Future Microsoft Excel Feature

Ever wish you could more easily put a table in Microsoft Excel instead of typing all those fields or trying to copy and paste? If you have Microsoft 365, you are in luck. Over the next few months, they will be rolling out a new feature that allows you to insert data from a picture.

You will open the Excel app on your phone or tablet, and tap the “Insert data from picture” button to start. Then you would capture the data you want to import within the box borders shown and you can change the size around the image to make sure you get it all. Using its AI engine, Excel will convert it to a table. You can correct the data by tapping on Edit or continue by tapping Ignore if it detects errors. You can then Insert the data. Excel will convert the data to the spread sheet.

Source

Gmail

If you have a gmail account, did you know that your email address can also have dots in it and you’ll still get it? For example, if your address johndoe@gmail.com, it won’t matter if you send to john.doe@gmail.com. You can even send it to j.o.h.n.d.o.e@gmail.com and still get it. Most mail systems do not allow this. Apparently this has been like this for some time.

We found out recently when we saw an article from ZDNet about how scammers are exploiting this by registering for different websites under your email but adding the dots. It may be sites like Netflix, Amazon.com, or eBay. They would see the dotted account email as a different one.

One group has used a variation to obtain credit cards. They have filed tax returns, registered for trial accounts, USPS change address requests, collecting Social Security benefits, apply for unemployment benefits, and apply for FEMA disaster relief.

The article brought out two other things that could be exploited. First, Google allows + signs – you can send email to johndoe+someword@gmail.com and johndoe@gmail.com will get it. Second, before gmail.com it was googlemail.com and if you use johndoe@googlemail.com, johndoe@gmail.com will still get it. Yes this has been tested and confirmed.

Collection #2-5 Breach

Just a couple weeks after Collection #1 Breach was identified, there come Collection #2-5 Breaches. There are an estimated 2.2 billion unique accounts compromised in this breach.

The site we usually check for breaches (HaveIBeenPwned.com) has not been updated yet. In the meantime, you can use the Hasso-Plattner Institute’s tool to check. When you enter your email into this tool, it will email you a report of what has been found in a breach.

Once again, we want to stress that you use a password manager, use hard to type or guess passwords, use 2FA where available.

Gone Phishing

Phishing Quiz
You’ve gotten those emails asking to click on something. It could be to learn how to make more money, or maybe someone has your information, or something that really looks legitimate. They prey on people hoping to get more of your personal information.

Google’s Jigsaw unit has a phishing quiz. The Victor crew suggests you take it to see if you can spot some phishing emails/sites. It is only 8 questions long but it may help you be on the ball. You start out by making up a name and email for the quiz. Some are phishing and some are legitimate. See if you can spot the imposters:

Take the quiz

Source: Google Blog

Microsoft Edge Browser

Last week we posted about some different browsers out there. It seems Microsoft has been actively trying to embrace the open source software community. They recently bought GitHub, a repository used for years by people to store their open source projects.

Last month, they decided to adopt the Chromium open source project to re-develop their Microsoft Edge browser. Many browsers are already built on Chromium, such as Chrome, Opera, Brave, Vivaldi, and Yandex just to name a few.

Some of their reasons make sense. One is web compatibility. When developing websites, developers have to check their sites in at least four browsers to make sure they look right in all of them. This will make it easier by removing one that is often difficult.

Sources
Windows Blog

MakeUseOf.com

Why NORAD tracks Santa

We already knew that NORAD would track Santa every year but didn’t know the story behind the “why”.

It seems back in 1955, Sears and Roebuck printed an ad but had an incorrect phone number in the ad asking kids to call Santa direct. When children called in, the number rang to a secret red phone on the desk of Colonel Harry Shoup of the Continental Air Defense Command, which has since been renamed to NORAD. Only a four-star general and Colonel Shoup had this number. They were afraid of something dire when that phone rang.

Colonel Shoup thought the call to be a prank when a child asked to speak to Santa, but then when the child that called started to cry, he realized there may be an issue. The child’s mother came to the phone to straighten it out. It has become a tradition and now NORAD tracks Santa and keeps track as Santa delivers every Christmas. You can get an app to track him or do it through the website: https://www.noradsanta.org.

Why NORAD Tracks Santa.jpg
By NORAD Public Affairs, Bob Jones – http://www.noradsanta.org/en/whytrack.html, Public Domain, Link

MERRY CHRISTMAS FROM THE VICTOR CREW!

Gift Idea: DNA Testing

This may sound a little weird but there are a lot of people getting/giving DNA testing for Christmas to find out their heritage. There are a few to choose from.

The two most popular that come to mind are AncestryDNA and 23andMe. Other brands are Family Tree DNA, MyHeritage DNA, Helix, and Living DNA. They generally range from $69-$199.

Caveats: Your ancestry may be revealed to third parties by any or some of these brands. Some hidden family secrets may be revealed. This site gives some odd happenings over 23andMe testing.

Where do you learn how to?

Be it tying a tie, making a turkey, or learning a knitting technique, there are are many places to learn things. Many people go to YouTube to learn things while they do them like a new recipe or that tie or knitting technique. Even if you do a general web search, you are bound to find some videos showing you how to “do” it. According to Pew Research Center, about half of the people that go to YouTube do so to learn how to do something.

With Thanksgiving Day arriving this week, the top search showing as you type would be “how to cook a turkey”. There are many variations of like “how to brine a turkey” for example.

Google Search

There are other places to learn things like wikiHow. You just put in your search and it will show you some choices. Instead of videos you may find nice large pictorial steps telling you what to do for each step. On this site you can even ask questions.

If you have questions related to technology, there’s always How-To Geek website. From choosing a device to setting it up, they have suggestions for you.

Wi-Fi 6

We talked about Wi-Fi a couple weeks ago. Let’s expand on that. Now they have given Wi-Fi version numbers for the different protocol types identified by the letter suffix on 802.11. Let’s start with 802.11 and what it is.

The 802.11 protocol is set forth by the IEEE (Institute of Electrical and Electronics Engineers, Inc.) They are the ones who set the standards of what is under each protocol, specifically the IEEE 802.11™ Wireless Local Area Networks, the working group for WLAN standards. They have regular sessions and presentations about 802.11 protocol. There is one being held right now in Bangkok, Thailand.

The Wi-Fi Alliance® has now assigned version numbers to different Wi-Fi protocols.

  • Wi-Fi 6, which will be available next year will be 802.11ax standard.
  • Wi-Fi 5 is the 802.11ac standard
  • Wi-Fi 4 is the 802.11n standard

Older standards are not being given a version number because they are not widely used anymore.

Wi-Fi Certified WiGig™ will bring bands of 60 GHz with multi-gigabit speeds, suitable for virtual reality and HD streaming. Wi-Fi security WPA3™ will have increased crytographic strengths.

Sources and Further Reading:
http://www.ieee802.org/11/
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-6
https://www.wi-fi.org/discover-wi-fi/wi-fi-6
https://www.wi-fi.org/discover-wi-fi/next-generation-wi-fi

Atlas Robot

Boston Dynamics has a few projects they are working on in robotics. Boston Dynamics was founded in 1992 by MIT. In 2013, they were acquired by Google X which later became Alphabet, Inc. In 2017, Boston Dynamics was sold to SoftBank (remember Pepper?). We have previously discussed Spot also developed by Boston Dynamics.

Atlas is a 6-foot robot that is more humanoid with 2 legs. It was unveiled to the public in 2013. It has slowly been evolving. It now can do parkour (similar to military obstacle course training):

Logging into any Google service logs you into Chrome

As of version 69, the Chrome browser will log you in and sync when you visit any Google site like Gmail, YouTube, Google Docs, Google Maps, etc. For whatever reason, you may not want to be logged in, or you may not want them to keep track of everything you do. They are not giving you that choice anymore.

There was a discussion on Twitter about it with Adrienne Porter Felt, a Chrome engineer and manager.

Apparently after these discussions and feedback, Google is going to back down and make some changes come version 70 coming out in mid-October. They will allow sign-in without syncing. If you want to sync between devices, you will need to turn sync on. Signing into a Google owned website will not sign them into Chrome at the same time.

Facebook Breach

By now you’ve heard about last week’s Facebook breach in which 50 million user’s accounts were impacted. This time, attackers had the ability to directly take over user accounts. Facebook logged out 90 million users from their accounts – the 50 million affected and 40 million more that may have been. They also announced that other sites could be affected if you use your Facebook credentials to log into them.

The persons responsible, who haven’t been found yet, were able to get to the access tokens, kind of like session hijacking. The problem was found in the video uploader page. Find out more about it from How-to Geek.

Get Ready for Windows 10 October 2018 Update

In October, Microsoft will be rolling out a major Fall update. With the update rolling out in the next few weeks, you may need to do some preparing for the update. According to some rumors from some different places, it will require anywhere from 10 to 20GB free space. If you do not have enough space, the update will fail.

In case you didn’t know, it will be easy to rid your machine of unnecessary files if you previously received the April 2018 update. Here is what you do: Go to Settings >> System >> Storage. Under Storage Sense, you can click the link that says “Free up space now”. Once you click it you will see a list of files you can clean up such as Windows upgrade log files, Windows update cleanup, thumbnails, temporary files, temporary internet files, your recycle bin, and a few others.

Rare Apple-1 Computer up for auction this month

This is your chance to own an original Apple-1 computer from 1976. It was restored in June and is up for auction. Steve Jobs and Steve Wozniak made 200 of these computers.

The auction will be held by RR Auction where you can register to bid on this item. The auction begins September 25, 2018 at 1:00 PM ET. You can bid by phone or online at https://www.invaluable.com/

Traveling this summer?

If you have spent anytime in an airport, you see many people congregating by the outlets so they can charge their devices. Well, there seems to be some new pranks going around airports this year. People are putting fake outlet stickers in various places around the airport. Some of these outlet stickers even have a worn-out look to them.

Some people go even farther and put in fake outlet covers with double-stick tape.

You can see some people’s reactions to them on twitter.
Mashable has an article about it

Here is a YouTube video of a fake outlet for April Fools day

Here is one with fake outlet stickers:

Does Google know more than you want them to know?

Google services on Android or iPhones can store your location data, even when you try to prevent it through your device settings.

Google Maps can make a timeline of your movements, for example. It works so well that last year a warrant was served by police in North Carolina to Google to find devices near a murder scene. You can turn off your location history so the places you go will not be stored.

If you are logged into Google, go to https://www.google.com/maps/timeline?pb to see your timeline or whether it is even on. You can turn the tracking of your history on or off here: https://myaccount.google.com/activitycontrols/location?hl=en&gl=US

This may not keep Google from tracking your movements through nearby towers but it is something more you can do to make it a little more difficult for them.

Source

Vertical Videos

In the past, if you uploaded a video to YouTube with a video taken from your phone, you would see the black bars on either side of it with the video in the center, tall and slim. YouTube has conceded that vertical videos are here to stay and have adapted their site to accomodate them.

YouTube makes this move on the heels of Instagram introducing IGTV, a longer form of video you can create through Instagram or with their standalone app, IGTV. Instagram itself limits you to just one minute but IGTV allows you to make a video up to an hour long. Initially that will only be available to popular uploaders but will be rolled out to evveryone eventually.

Sources:
https://www.makeuseof.com
https://productforums.google.com/forum/

Keyboard fixes for MacBook and MacBook Pro

A few weeks ago, Apple announced it is finally offering to repair MacBook keyboards … for free. The problems they say they will cover are:
when letters or characters repeat unexpectedly
when letters or characters don’t appear
or when keys feel sticky and do not respond consistently

After examining the keyboard, the service type will be determined and they may replace a key, keys, or the entire keyboard.

Eligible models are MacBook 12-inch 2015, 2016, and 2017; MacBook Pro 13-inch 2016, 2017 with two Thunderbolt 3 ports; MacBook Pro 13-inch 2016, 2017 with four Thunderbolt 3 ports; MacBook Pro 15-inch 2016, 2017. No other MacBooks are part of this service program.

If you have this problem, you can find an Apple Authorized Service Provider, make an appointment at an Apple Retail Store, or mail your device to the Apple Repair Center. Be sure to back up all your data before you take any of these steps.

If you have previously paid to have this problem fixed and want a refund, you can contact Apple for a refund.

Here is a funny video about the problem:

Pepper the Robot

Pepper is a humanoid robot. It is able to recognize emotions and interact with you. Pepper can move around, recognize your face, speak to you conversationally. Whether you dance or chat, Pepper is ready for you. Pepper is 1.2 meters tall.

Pepper is capable of performing customer service. He can interact with customers, help with appointments, direct to where they need to go.

Pepper is a product of SoftBank Robotics. He says she was born in Paris. SoftBank Robotics has offices in Paris, Tokyo, San Francisco and Shanghai. They also have previously developed a smaller robot called NAO about 58cm high.

With its open SDK you can enhance him as well.

Here is Tech Insider’s experience with him:

Here is SoftBank’s promo:

Find out more