Saturday, October 09, 2021

Apple rejects some https certificates that Windows 10 accepts


my new shoulder

One of my 4 Wordpress blogs with https is accepted on Windows but gives a “this connection is not private on iphone and both Macs, all browsers.

Apple seems to be stricter with security certificates, link. .

Tuesday, September 14, 2021

Chrome updated for zero-day vulnerabilities discovered by "ethical" hackers


Amtrak Philadelphia 2021-6

Now Thomas Brewster of Forbes warns of zero-day vulnerabilities in Google Chrome, story. 

Here are Google’s instructions for updating your browser.  According to these, mine got updated when I did a restart today (for a monthly Microsoft update).  In the past, there have been browser hijacks with scareware ("System warning" in red) when misspelling a website (like typing "nbcbews"), which would be fixed by restarting the computer (Microsoft Windows any).  

Monday, September 13, 2021

Apple suddenly releases emergency security fix, ios 14.8, shortly before ios 15 comes out of Beta


Apple update preparation

Apple has suddenly released an emergency security fix, 14.8, just days before IOS 15, in beta, might be offered.

Forbes explains in an article by David Phelan. 

The risk was surveillance, although the practical risk may have been remote.

But users may be reluctant to get updates with features they don’t need that offer any threat to stability.

Thursday, September 02, 2021

Electronic Frontier Foundation looks critically at vaccine passport apps


Mayo Beach, MD, 2021-9

Electronic Frontier Foundation has a paper by Alexis Hancock, Adam Schwartz and Jon Callas, “Vaccine passport mistakes we must not repeat”, link

EFF seems to accept the pubic health arguments that could necessitate them, but fears they can be used for general surveillance, particularly if predicated on mandatory smart phone apps. 

It wants open source for the apps, and wants people to be allowed to use paper records or their own photos.

There could be problems with vaccination schedules with irregularities, like mine where the second Pfizer shot was taken two days early because of a website problem at the health department at the time.

Saturday, August 28, 2021

Fake vaccine cards are becoming a serious problem for public health


Herndon VA vaccination location 2021-3

Fake COVID vaccination cards are becoming a bigger problem, confounding small businesses and bars that want to keep their customers as safe as possible.

Previously they were available only on the “dark web” but more recently they have become more available through Telegram and only a little cryptocurrency or sometimes conventional financial sources.

I would expect PayPal and visa/MC to crack down on misuse for this purpose, soon, however.

CBS News has an important story Aug. 19, 202, by Dan Patterson. 

CBS links itself to another story on what to with your legal CDC vaccine card, which is unsettled.

Eventually I would expect an app, bar-coded, recording vaccination dates and vaccine id and place.

I actually could have a problem with that.  I got my first shot February 27 at George Mason University.  I got the second one on March 18, at a Fairfax County pharmacy, livestreamed on a local TV station (yes, I consented).  That was two days early.  This happened because of difficulties with the health department website at the time, long since resolved, as these were the early days when getting appointments was tricky.  But it is theoretically possible that an automated app would not consider me vaccinated until I get a third shot.  That could become a problem for me in going places.  But I do expect a third shot to be available sooner than later. 

Security experts do advise against posting your card on social media since it has name and birthdate, which can encourage identity theft.

Sunday, August 01, 2021

"Free" videos and VLC media players; "print vulnerability" on all Microsoft Windows platforms



There seems to have been vulnerabilities in VLC media players which can exploit computers playing “free” videos.  The video below demonstrates the problem with Windows 10.

ZDnet had also explained this in 2019, link.  

I also want to share a brief video on fixing the "PrintNightmare" vulnerability on all Windows systems, here

Also note this bizarre phishing attempt from Germany about “Bank of the West” (picture).

Wednesday, July 21, 2021

Can ordinary cars be hacked? Is this a practical concern?


405 in Los Angeles 2012-5

While I wait to hear a diagnosis on my car in the shop with sudden breakdown, I do wonder of the control modules in your car (PCM, ECM, BDM) can be hacked.

That is, by others if you aren’t there.

Other than keyless cars, it looks like it’s pretty unlikely without the vehicle being turned on.

Here’s the easiest article to follow.

Various prepper articles warn that cars could be susceptible to EMP and even local magnetic flux attacks, but I don't know if the latter has actually happened. 

But note the video (from 2015, apparently shot in St Louis).