Friday, March 19, 2021

RCR Wireless: FCC continues its robocall fight with fines, warnings and a new response team

No comments:
FCC continues its robocall fight with fines, warnings and a new response team
By Kelly Hill on

The Federal Communications Commission this week levied its largest-ever fine against a robocalling operation: $225 million, against two companies which the agency says transmitted around 1 billion robocalls shilling short-term health insurance.

The FCC said that many of the calls made in the first half of 2019 by John C. Spiller and Jakob A. Mears (who used business names including Rising Eagle and JSquared Telecom) were illegally spoofed, and that the companies lied to consumers, falsely claiming to offer health insurance plans from companies such as Blue Cross Blue Shield and Cigna. In at least one case, the agency added, the spoofing led to an unassociated company being overwhelmed with call-backs from angry customers.

“Mr. Spiller admitted to the USTelecom Industry Traceback Group that he made millions of spoofed calls per day and knowingly called consumers on the Do Not Call list as he believed that it was more profitable to target these consumers. Rising Eagle made the calls on behalf of clients, the largest of which, Health Advisors of America, was sued by the Missouri Attorney General for telemarketing violations in February 2019,” the FCC added.

“The individuals involved didn’t just lie about who they were when they made their calls—they said they were calling on behalf of well-known health insurance companies on more than a billion calls. That’s fraud on an enormous scale,” said Acting Chairwoman Jessica Rosenworcel.

These people don't just need a fine. They need their entire corporation to be shut down with all the assets confiscated and all the responsible individuals sentenced to years in prison.

Friday, March 12, 2021

Thank you, Internet Archive

No comments:
When I upgraded my Mac last October, Apple's Migration Assistant utility migrated most of my applications to the new computer. As I wrote in December, the various applications all migrated with differing degrees of success.dfsdfgsdfg

One application where I spoke too soon was Snapz Pro X. Despite MacWorld's lackluster review of version 2.5.1, it is still a very good screen capture utility that I consider superior in many ways to the one built-in to macOS.

When I wrote my review in December, I didn't really test Snapz Pro X. I launched it, saw that the menu appeared, then I quit it and assumed that it worked. I was wrong.

Wednesday, March 03, 2021

Tip: Remote login to recover from missing display

No comments:

This morning, I found that my Mac’s screen wouldn’t wake up. The computer runs 24x7, with the screen blanking after a few hours of idle time. Nearly all of the time, I just tap a key on the keyboard to wake the screen when I want to use it.

This morning, that didn’t work. The screen remained asleep. I tried obvious things like hot-plugging the display and hot-plugging the keyboard, but no luck.

Wednesday, February 17, 2021

RIP, Rush Limbaugh

Rush Limbaugh, Radio Legend, Dies at 70.
The National Pulse, February 17, 2021

One of the world’s most studious and influential broadcast personalities that has ever lived – Rush Limbaugh – has passed away aged 70.

Love him or hate him, all can agree that Rush almost single-handedly defined modern conservative talk radio. My lunch-time radio listening will forever be less interesting without his voice giving me his opinions and analysis of current events.

Thursday, February 11, 2021

Bleeping Computer: Researcher hacks over 35 tech firms in novel supply chain attack

No comments:
Researcher hacks over 35 tech firms in novel supply chain attack
By Ax Sharma. February 9, 2021, 01:04 PM

A researcher managed to breach over 35 major companies' internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack.

The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company's internal applications.

Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

This is because the attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion.

For his ethical research efforts, the researcher has earned well over $130,000 in bug bounties.

A remarkably simple attack revealing serious problems in corporations' open source package distribution systems.

Like most companies using open source software, they develop applications containing both public packages (which come from well-known and trusted Internet repositories) and private packages (developed in-house). In order to maximize reuse of private packages, they are deployed using an internal repository system, which automatically installs and an application's dependent packages, regardless of where they come from.

The problem happens because the internal repository system doesn't seem to distinguish between private and public packages. So if your application is using a private package, and later one a public repository adds a new package with the same name, the system may end up replacing your internal package with the one from the public server. And because automatic updates are common (in order to quickly incorporate bug fixes and security patches), these replacement packages may automatically get installed into publicly accessible applications.

Well that's not right.

Fortunately, this test was from a security researcher, who promptly reported the bugs, but this could just as easily been malware.

I don't think this should be hard to fix. Internal package management systems need to distinguish between public and private packages. When a given package name exists as both a public and a private package, the system *must* always give priority to the private package. It must also alert administrators and owners of affected applications to alert them to the conflics, so appropriate action may be taken. This action may be one or more of:

  • Block the public package
  • Rename the private package and update all applications using it so they use the renamed package
  • Allow application developers to explicitly state in their package manifests if they want to use the public or the private version

Thursday, January 28, 2021

Upgrading A Mac System, part 4: Peripheral Hardware

No comments:

Photo credit: Derorgmas
Wikimedia Commons, CC BY-SA 4.0

The Upgrading A Mac System series:

In part 3 of this article series, I described my application migration story. In this part, I'm (finally) finishing up the tale by talking about my various pieces of hardware that either worked or needed to be replaced. All of the work I'm describing here was actually done in October and November, but I'm just getting around to writing about it now.

Ideally, I would like to just swap the computer and leave everything else unchanged. But life is not ideal. Over the years, Apple has changed the port configuration of the Mac mini, so not everything can just plug in. At least not without some adapters. And some devices that were perfectly great 9 years ago are old and slow by today's standards. So it's time to change up several peripherals.

Friday, December 18, 2020

The Federalist: Ring In Your Holidays By Buying All The Australian Wines The Chinese Won’t

No comments:
Ring In Your Holidays By Buying All The Australian Wines The Chinese Won’t
By Sumantra Maitra, December 18, 2020

In an escalating dispute, Australian Trade Minister Simon Birmingham is taking his nation’s quarrel with China to the World Trade Organization for its tariffs on Australian products.
Something else started it all. China, an imperial power throughout nearly its entire history, has finally realized that Australia is fit to be an outpost. The stubborn Aussie refusal to cave to China on all regional concerns eventually led to a crushing tariff over Australian wines.

I'm doing my part. My usual Shabbos wine is Teal Lake Shiraz.

Thursday, December 10, 2020

Upgrading A Mac System, part 3: Apps

1 comment:

In part 2 of this article series, I described the migration process to move all my stuff to the new computer. In this article, I want to share my experiences with application support. What just worked, what didn't work and what was easy and hard to make work.

As you probably know, the latest versions of macOS, starting from version 10.15 (Catalina), do not support 32-bit applications. No 32-bit application will work unless you run it on an older version of macOS (e.g. via a virtual machine). Apple has supported 64-bit applications for a very long time, and they have always been supported on Intel processors. Nevertheless, quite a lot of Mac apps in my possession were 32-bit. I'm not sure why, since 64-bit compilers were available on the Intel Mac platform since day-one.

Tuesday, November 10, 2020

Krebs on Security: Ransomware Group Turns to Facebook Ads

No comments:
Ransomware Group Turns to Facebook Ads
Brian Krebs. November 10, 2020

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Just when you thought Facebook had hit rock bottom. Now their adware network is being used for criminal extortion. And they're not even refunding the money to the victims who had their accounts hijacked in the process.

So glad I drop-kicked them to the curb many years ago.

Monday, November 02, 2020

Upgrading A Mac System, part 2: Migration

No comments:

Photo credit: Derorgmas
Wikimedia Commons, CC BY-SA 4.0

The Upgrading A Mac System series:

In part 1 of this article series, I explained why I needed to upgrade my old Mac, what I bought, and the shipping process.

Now that the computer had arrived, the next step was to move all of my data from the old computer to the new one. In the past, I did this the hard way - I manually created user accounts (an administrator, my personal account, and accounts for my wife and daughter). I then copied all of our documents over the LAN, manually installed all the software I require, ending up with a working system. The whole process usually takes a week or two, plus all the time needed to configure my preferences in everything.

This time, I decided to use Apple's Migration Assistant utility to speed up the process. This, as it turns out, was a mixed bag. Some parts of the migration worked flawlessly, and other parts made a mess I had to clean up after.