News of the Week

Here’s the latest consumer tech news for this week & info we think you should know (updated continuously).

eternalrocks-smb-worm-image-from-ibtimesdotcodotukHot Flash: Ransomware round 2 coming There’s a new ransomware attack starting to spread, this one called “EternalRocks” that purports to use 7 different hacking tools that were leaked from the US NSA trove. This one aims to be much more potent than WannaCry, and has a better chance of remaining undetectable until it strikes and locks up your computer. Currently spreading with a less-harmful payload of simply spreading malware, it is considered much more dangerous since it can stealthily open a path to the more harmful types of payload with a 2-stage infection process. First, it infects your computer, downloads the TOR browser and starts broadcasting itself to the dark web. After 24-hours, the 2nd stage kicks in when the dark web responds and starts depositing malware on your computer. All this while avoiding detection. One big difference from WannaCry: there is no kill switch, and EternalRocks can be easily weaponized with ransomware and other threats. Like WannaCry, the best avoidance defense is to update your operating system, avoid clicking on email links and attachments, and avoiding dodgy websites. The best protection also remains to have a recent backup of your system offline and ready to use in case your computer gets locked up by ransomware (instead of paying the ransom).

wannacry-screenshotHot Flash: Ransomware takes the planet by storm Use Microsoft Windows? Update your system right now. I’ll wait. Ok good. The latest ransomware infection, dubbed WannaCry, takes advantage of a vulnerability in Windows that surfaced a few months ago when NSA hacking tools were released on the internet. Microsoft patched that vulnerability awhile ago, but millions of Windows computers haven’t been updated and are still vulnerable. This particular variant surfs the internet looking for vulnerable computers and infects them – you don’t even need to click a link to get infected and your personal files encrypted. So far, the infection has spread to 100 countries, over 75 thousand computers and it’s still spreading. Any unpatched Windows computer is at risk, and any network such computers are connected to as well.

amazon-echo-apps-image-from-amazondotcomSenior Moment: Alexa learns a new trick The popular Amazon Echo has a new capability in 2-way communication: Alexa can have speakerphone-like conversations with other Echo, Dot and Tap owners. You can also send voicemail messages! Anyone with an Amazon account and the free Alexa app can use these features. This is particularly useful for low-vision & elderly folks to whom dialing a telephone is a challenge. Since this new capability makes use of VOIP (think Vonage and other IP telephony), I think it’s going to be just a short reach for Alexa to be able to replace your landline with a voice-activated and voice-controlled telephone system. Here’s hoping that’s sooner than later! Oh, and Amazon has announced the impending release of a new, clunky-looking box with speakers and a screen that works in the Echo, Dot and Tap world. Two such devices could engage in video teleconferencing.

ms-surface-laptop-2017-image-from-microsoftdotcomSenior Moment: New Microsoft Laptops with Windows 10S In what looks like direction answer to Apple Macbooks (not really to Google’s Chromebooks), Microsoft announced they’re selling new ‘personal’ laptops that run a variant of Windows 10, with the “S” designation. These are touted to be more secure and give better performance. The critical thing about these new laptops: The default browser is Edge and the default search engine is Bing and you can’t change this, even if you install another web browser (Chrome, Firefox, Opera). Purportedly these new laptops will come with a free-through-2017 upgrade to the regular Windows 10, but I’ll bet a number of buyers will neglect to do this before the free upgrade expires. They start at $999 which puts them at about three times the cost of a Chromebook, and about $300 less than a baseline new Macbook.

web-browser-logosSenior Moment: Old vulnerability-new attempt If you’ve never heard of Punycode, it’s a way of using alphabet characters from other languages in the URL of a website. Abuse of this is possible with some web browsers (I’m looking at you Google Chrome, Mozilla Firefox and Opera) Punycode uses ‘unicode’ characters and makes it possible to register domain names with foreign characters. For example, it’s possible to register domains such as “xn--pple-43d.com”, which is equivalent to “аpple.com”. So you may see a trusted web address in your browser’s URL bar, but you’re really at another website. See https://www.xudongz.com/blog/2017/idn-phishing/ for a fuller description and a proof-of-concept link. For Google Chrome users, Google has already fixed this problem in Chrome version 58 (click the ellipsis for settings and choose Help > About Google Chrome to verify and/or get the latest version). Mozilla has their head in the sand on this, and Opera is just looking at it now that Xudong Zheng has posted about the problem. Until Mozilla fixes Firefox, you should use a different web browser.

win-10-creators-update-presentation-by-microsoftApps We Like: Windows 10 Creators Update Coming soon to your PC, the latest major update to Windows 10 will be rolling out to computers over the next few months. The initial release is April 11th, and early adopters are already starting to post their experiences. For most consumers, you should wait till your PC tells you the update is available. As soon as I have some good intel, I’ll post an article on do’s and don’ts, gotchas, and happy thoughts. What’s coming includes significant improvements to the Edge browser, Cortana improvements, better Windows Defender security, and improved privacy controls, among a host of other new features and feature updates.

iphone-6-versus-5-image-from-appledotcomSenior Moment: Another Apple iOS update, 10.3.1 and forthcoming updates Quickly on the heels of the major 10.3 update, Apple has released version 10.3.1 of the iOS operating system for iPhones and iPads. It’s a small, quick and minor update but you shouldn’t put it off because it fixes a critical vulnerability, specifically closing a hole for a Wi-Fi exploit to take control of your device. This update is for all iPhones from the 5 and newer, iPads from the 4th gen. and newer, iPad minis from the 2 and newer. One thing that’s on the horizon is iOS 11 which we should see in the fall of 2017 – that should complete the switch-over to solely 64-bit architecture for iOS devices, which means that the sun will have set for all 32-bit versions including the iPhone 5 and 5c, the iPad 4th gen. and older, the iPad Mini 3 and older, and the iPod Touch 5G and older. If you’re keeping those older iOS devices around, 2017 is the year to finally upgrade to more modern technology. Given that the iPhone 5 came out in 2013, it’s about time.

ios-10point3-update-screenshotHot Flash: Apple Updates all their OSs iOS 10.3, WatchOS 3.2, tvOS 10.2, and MacOS 10.12.4 are now the current versions. I’ve updated an iPhone 6, an iPhone 5, my 1st generation Apple Watch, an iPad mini and an iPad 4th gen with no problems. These updates are generally required for everyone, since they contain a bunch of bug fixes and other fixes to Apple’s operating system security. For folks with an iPhone that only has 16gb of storage, you may need to connect physically to iTunes to update your smartphone. Wary consumers may decide to wait a few days and see what upgrade complaints arise as everyone goes through their own experience. iOS 10.3 can go on iPhones back to the iPhone 5, and on iPads back to the iPad Air and Mini 2. tvOS 10.2 is not available for 3rd gen or older Apple TVs.

man-looking-at-laptop-with-security-concerns-image-from-shutterstockSenior Moment: Americans, your Senators voted to let your ISP sell your personal information without asking you While it still has a way to go, your privacy online is quickly losing the last vestiges of security. Worse, they also voted to prohibit the FCC from ever again being able to enact similar consumer protections. Once this gets through the House and Executive Branch, your ISP will be able to (without notifying you or getting your permission) sell your browsing history, location past and present, your financial information as well as personal tracking not just on you, but on each member of your family (by analyzing browsing habits to differentiate users). Perhaps you don’t care about this. If you do, it’s time to start researching VPNs and truly anonymous use of the internet.

graphic-of-information-leaving-smartphone-image-from-shutterstockSenior Moment: Wells Fargo Smartphone ATM No, your smartphone won’t start spitting out cash, but Wells Fargo will let you access their ATMs without needing your card, only your smartphone with the Wells Fargo app. Oh, and a one-time-use, 8-digit code that you must request in advance from the bank. This is meant to be for emergency use when you forgot your wallet, although I can’t figure out how you’d manage to forget your wallet (with drivers license and credit cards) when you went out. This new utility won’t open security doors that protect access to some ATMs, for that you’ll still need the bank card. All in all, this sounds like a feature in search of a use-case.

Senior Moment: Yahoo Hacks – recap Yahoo is back in the news, in part due to the sale of a big chunk to Verizon, and in part because the US Dept. of Justice filed criminal charges against four Russian hackers/spies. Turns out the hackers focused on a) spying on US corporate executives, b) operating a spam-distribution platform, c) marketing erectile dysfunction drugs, and d) using hacked Yahoo accounts to gain access to other online services. The DoJ’s indictment charges two Russian members of the FSB (Russia’s intelligence agency), and two hackers hired by the FSB. One of the hackers has been arrested (in Canada), the others are likely to remain at large as Russia has no extradition agreement with the US.

Google-ChromeHot Flash: Google Chrome 57 Update Google has released their latest version of the Chrome web browser, and everybody should update asap. The latest version starts to remove some of the bloat that has made Chrome more and more like its rivals, and now offers a valuable bonus. That is an improvement on how background tabs are handled. Formerly, background tabs chewed up a lot of memory because their processes kept running. Now most processes are suspended till you click on the tab to make it active. This doesn’t include things like audio/video playback. What it will do for your smartphone is reduce the amount of power that Chrome uses, saving battery life.

Verizon-logoHot Flash: Verizon Swapping Email Services It appears that Verizon is pulling a fast one on its customers. You may remember over the last few years as Verizon sold off some customers to Frontier Communications – they offered to switch folks with a @verizon.net or @verizon.com email address to AOL (which happens to be owned by Verizon). Now, folks who aren’t being switched from Verizon are starting to get notified that their verizon email services will be terminated soon. They’re being offered to be switched to AOL as well – if they choose this option, Verizon will automatically transfer all their saved emails and folders, contacts etc. to AOL. They can even keep their same Verizon email address. But instead of going to webmail.verizon.net to check their email, they’ll go to mail.aol.com. I think Verizon is doing this to cut down on support costs, but they could be a little more transparent about it. There’s no announcement from Verizon, nothing to warn customers until they try to log into their webmail account and get a warning. Verizon appears to be rolling this out in small batches. If you’re a Verizon customer and use your @verizon.com or @verizon.net email, then be ready to be forced into a move. If you don’t like AOL, you can switch to another service like Gmail, but you’ll have to manage the transfer of all your email files yourself.

cloudbleed-logo-image-from-gizmododotcomHot Flash: Your website hacked-TWO Hot on the heels of the WordPress vulnerability, there’s a new bug in Cloudflare’s code that could leak all sorts of information all over the internet. Dubbed CloudBleed, this vulnerability was quickly patched by Cloudflare (a huge internet security company). But the vulnerability was only recently discovered, and existed for months before someone noticed, possibly as early as September 2016. Not all websites were affected, just those who were served by Cloudflare’s content delivery services. Of course you can’t know which websites are customers of Cloudflare and which aren’t, but some of their highest visibility sites include Uber, OKCupid, 1Password and FitBit. Since Cloudflare is such a huge player in content delivery for websites, your safest bet is to change all your passwords. I should note that my favorite password manager LastPass does not use Cloudflare, so is not affected by this vulnerability. If you use 1Password, consider making a change (after changing all your passwords of course!).

Advertisement

WordPress LogoHot Flash: Your website hacked If your website is powered by WordPress, then go straight to the control panel and make sure your site is running the latest version of WordPress (currently version 4.7.2). The Upgrade page will show if you need to install it, and what version you’re currently running. In late January 2017, WordPress.org discovered a serious vulnerability in the code that, if exploited, would give hackers easy access to your website controls. To their credit, WordPress.org quickly issued the 4.7.2 update and patched the “zero-day vulnerability”, but the sad fact is that thousands of WordPress site administrators neglected to manually update their websites and had turned off the automatic update feature. So of course, the hackers had a field day and compromised/defaced/ruined thousands of websites. All website owners who use WordPress should always keep their sites up-to-date, and I recommend you have and use two plugins, one for security (like iThemes Security), and one for backup (like BackupBuddy).

malwarebytes-logoHot Flash: Malwarebytes Upgrade The new Malwarebytes 3.0 has a new version available, 3.0.6. As always, you should update your protection programs immediately when a new version is presented. That’s because commercially available security programs are routinely bought by hackers who reverse-engineer them to figure out how to defeat them. If you’re using an older version of Malwarebytes, it’s time to upgrade to 3.0, which offers significantly superior protection. With Malwarebytes 3.0 working for you, you can even use the Windows 10 built-in antivirus program and still be well-protected from threats.

ios-1021-update-screenshotHot Flash: Apple OS Updates Get ’em quick as they fix a number of security vulnerabilities. iOS 10.2.1 is available now, as is WatchOS 3.1.3, MacOS 10.12.3, and tvOS 10.1.1. The update details are on the update screen along with a link to the security aspects of the update. You can also visit https://support.apple.com/en-us/HT201222 and learn about all the Apple updates in one fell swoop. These updates are considered critical as they fix some serious vulnerabilities of the Apple ecosphere.

gmail-2-step-verification-logoHot Flash: Gmail Users Beware There’s a new, sophisticated ‘phishing’ attack going around to Gmail users. It’s even fooling savvy netizens who are security-conscious. The way this works is that you get an email with an attachment. Click on it and it opens a new browser window with a (fake) Gmail login screen. If you log in, the attacker gets your Gmail credentials. There are two defenses – first, you shouldn’t be opening file attachments, right? Even if they’re coming from someone you know (who already fell for this attack), you shouldn’t be opening file attachments or clicking links on emails unless you’ve previously arranged for a file transfer. Second, you should’ve enabled 2-factor authentication on your Google accounts, so that nobody can access your account without having a code (which Google texts to you, or you get from the Google Authenticator app on your smartphone). If you fell for it, the attackers logged into your Gmail account immediately and sent an email (from you) to all your contacts to spread this attack. The attackers will go so far as to peruse through your Gmail folders/labels so they can quickly craft a believable-looking email from you. If you haven’t already, turn on 2-step verification on your Google account.

just-the-right-answer-graphic-image-from-shutterstockSenior Moment: New Year, New Tech Apparently Santa had an extensive ‘nice’ list as so many of you got new consumer technology that I’m getting swamped with questions. Please know that I’m working as fast as I can and your answer will show up in the library soon. Getting the right answer takes time. I’m getting a whole lot of questions about the Amazon Firestick, so a new article will be coming out soon with some updated tips. Till then, check out Firestick Theater (which has a ton of comments Q&A). The shortest answer to your questions is that older Home Theater receivers may not be able to deal with the Firestick, so you have to use something else (your TV or a switcher box) to connect components. Your TV will only work if you have a digital audio cable from the TV out to the receiver in. Also, you may have to make a setting change in the Firestick controls to get audio to output correctly.

Senior Moment: Yahoo gets hacked – just about every account it has If anyone is still using Yahoo for email, it’s time to make the switch. After suffering a hack where half a billion Yahoo accounts got stolen in September 2016, only 3 months later and another billion accounts got hacked. So I think that puts Yahoo at the top of the list of companies who through lax security allowed their users account data to be stolen. Clearly there’s nobody at that company taking security seriously. Yahoo says the hack actually happened back in August, and is a separate hack from the one they disclosed in September. Clearly, if you’re not going to abandon your Yahoo account (you should), you need to change your account password. Hopefully Yahoo has advised affected users (everyone) and is forcing the password change.

ios10point2-screenshotSenior Moment: Apple updates iOS once again, no word on battery fixes iOS 10.2 has dropped for iPhones and iPads, and it offers a lot of new features, like emojis, a TV app, and some new effects in iMessage. A number of (what I consider lower priority) fixes were made, such as Mail malfunctions, Accessibility issues, & Music app controls. Nothing on the 800-lb gorilla of problems – battery life. Of course, Apple is mum, not even acknowledging a problem (except with a limited set of iPhone 6s models) that affects a wide swath of users across all their handsets and tablets. No word on if or when they will address this issue – this is becoming a sad refrain as Apple tips over the curve of greatness and heads into decline (just my opinion).

popcorn-time-ransomware-malwareHot Flash: New Ransomware Called “Popcorn Time”, this offers victims free removal if they get two other people to install a link and play (get infected and their computers locked up). Makes dodgy online frenemies more likely to turn on you. When your computer is infected with this ransomware, your computer’s files and operating system are locked up and you can unlock them by paying a ransom (usually one bitcoin), or by passing on the link to others. It’s in development now, but expect this to be hitting personal computers and organizations in short order.

checkpoint-gooligan-checker-logoHot Flash: Androids hit by Gooligan Malware is hitting millions of Android smartphones and tablets. Gooligan works a little different, it appears to be simply installing other apps on your device to generate ad revenue. The potential is there for malicious apps that do worse to your device, but so far it’s just apps that have ads. Gooligan is part of a new class of malware called Ghost Push which loads your Android-powered device with apps you didn’t install. Google says it has removed malicious apps from the Google Play Store, but you might want to check if your device is infected – CheckPoint has a quick check-up service at https://gooligan.checkpoint.com/. It’s free but you have to give your email address.

collage-of-snapshot-photos-image-from-shutterstockHot Flash: Don’t Download fb files Those creative hackers are constantly looking for new ways to hack into your computer. Yesterday a new hack was reported using social media image files (particularly Facebook and LinkedIn). Checkpoint discovered that Locky (a variant of ransomware) is getting on people’s computers as they download image files from the social media networks. Hackers are adding malicious code to image files which hijacks your computer when you download the photo. Your computer is locked up and a ransom is demanded. What makes this insidious is that most security apps automatically trust social networks. Facebook responded by saying “wrong” and blaming incidents on bad Google Chrome extensions. Until the dust settles, it might be just safer to avoid downloading images from social networks to your computer.

iphone-6-rose-goldSenior Moment: Apple offering to replace iPhone 6s & 6s Plus batteries Apple, acknowledging a problem with some iPhones, is now going to replace the defective batteries for free. A small number of iPhone 6s and 6s Plus models are experiencing intermittent shutdown problems. If you’re experiencing this, you should contact Apple Support (start at https://getsupport.apple.com). Or call 800–275–2273 if you are in the US (find your non-US number at https://support.apple.com/en-us/HT201232). Apple will check your iPhone’s serial number against their database and if your smartphone qualifies, you’ll get a free battery replacement. Get your serial number from Settings > General > About (scroll down).

woman-wearing-airpods-image-from-appledotcomSenior Moment: Apple needs more time for AirPods Apple’s not saying much as usual, but have delayed the release of their AirPods wireless earbuds, possibly till sometime in 2017 (early, we hope). Since they released the iPhone 7 without a dedicated earphone jack, everyone’s been champing at the bit to get their hands on the wireless earbuds that will work well with iOS. Apple is famous for being cagey about release dates, and for waiting to release a product until it’s as perfect as they can make it. I actually think that’s a good thing. If you can’t wait for wireless earbuds, you can buy The Dash from Bragi ($300 or less, available at Bragi.com, Brookstone, or even Amazon.com).

friendfindernetwork-screenshotHot Flash: Looking for… Hack Following in the footsteps of AshleyMadison.com, now FriendFinder Networks has been hacked, with over 400 million users’ passwords and such stolen. For singles looking for a partner, it’s getting tougher online. And certainly for not-so-singles sneaking around – the hack is a potential expose of supposedly hidden activities. Cheaters can’t catch a break. FriendFinder Networks is “investigating”, but anyone using that website should be going about changing their passwords everywhere else online that they used the same password.

bug-behind-apple-logo-bug-image-from-shutterstockHot Flash: Apple iOS update problem, take 2 Recently, Apple released a minor update to IOS 10, 10.1.1. Ostensibly, this was to fix some things that the last update (10.1) didn’t, and to fix some things that 10.1 broke. It’s a worthwhile update, but methinks Apple isn’t done, by a long shot. Some folks on 10.1.1 are reporting that their battery indicator is going wacky, going from decent (25-60% remaining), to 1-4%, and giving indication that the battery is about to run dry. After doing some testing, I think this is a problem with the battery indicator, not the battery life itself. Just for fun, I tried using my iPhone without plugging in even after the battery indicator showed it was nearly empty. I could use my iPhone for hours without problem. So I expect a 10.1.2 to show up in the next week or so to fix that.

microsoft-surface-studio-image-from-microsoftdotcomSenior Moment: Most everybody agrees, Microsoft ate Apple’s lunch The recent releases of new consumer technology by Microsoft (new Surface Book and new Surface Studio desktop All-in-One) and Apple (new Macbook Pros and an Apple TV app), make it look like Microsoft is the cool innovator and Apple is the stodgy plodder, to both Apple fanboys and to various tech journalists. I for one was anxiously awaiting the new Macbook Pro, but was very much underwhelmed with what pittance Apple offered after the Macbook Pro languished for 2 years. I get that Apple wants to only release polished products, but the fancy new TouchBar seems to have taken all the innovation blood away from other potential improvements (think the latest processor & more RAM options to start). Microsoft wowed everyone with the new Surface Studio which aspires to be a creative designer’s dream machine. I think Apple has some ground to make up in 2017…

new-macbook-pro-touch-bar-image-from-bbcdotcomHot Flash: New Apple Macbook Pro In a relatively short announcement, the new Macbook Pro was announced. Sporting a new control bar (“Touch Bar”) where the F-keys used to be the new model is lighter and thinner and more powerful (but no Kaby Lake processor) than the old. Apple also announced a new TV app for the Apple TV that just missed being a complete hub for all TV watching (missing both Netflix and Amazon Prime Video apps integration). That doesn’t really come till December, although the new Macbook Pros are available for pre-order now. Also notably missing is any refresh of the Macbook Air line – it appears that line is being discontinued and Apple is simplifying its Macbook line. Macbooks with a Touch Bar are several hundred dollars more than those without, so it looks like Apple is focusing on the higher-end of the notebook market. Oh, and the new Macbook Pro line has a double-sized, Force Touchpad, Touch ID, and improved keyboard operation, not to mention faster processor, faster SSD and better/faster RAM, and a new AMD graphics adapter with Polaris technology.

Looking for older news? Check out: Archive News of the Week and experience history in consumer technology!

One Comment

  1. Pingback: WordPress Zero-Day Incident - the flaw that was, then wasn't, then was, then wasn't - Baker Marketing

Leave a Comment

Your email address will not be published. Required fields are marked *

Copyright ©2017 Practical Help for Your Digital Life®. All Rights Reserved. Your use of this website implies that you agree to PosiTek.net® Terms of Service and Privacy Notice policies