TYWKIWDBI continues to support The Guardian

Try it.

Uncommonly persistent spam from deltrino.duckdns.org

 
My personal email (not the one associated with this blog) has been swamped in recent weeks by a torrent of spammy emails.  Nothing dangerous or ominous as far as I can see.

All of them come from a single source: deltrino.duckdns.org, and for reasons I don't understand my Earthlink system does not allow emails from this source to be flagged as spam.

Obviously my email address got into this company's database.  IIRC, the same thing happened to me many years ago and I was able to escape, but I don't remember how.

Have any readers experienced the same problem?  Can anyone offer a suggested remedy?

You're not as crazy as this person

Via Le Café Witteveen

You can't even trust a connecting cable

As reported by Vice:

But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.

"It looks like a legitimate cable and works just like one. Not even your computer will notice a
difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.

One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.

MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

More at the link.

The "aluminum foil in the keyboard" trick

This morning my wireless keyboard (Apple 2007) died.  I checked the batteries - they were good.  Not only did the iMac not "find" the keyboard, but the green light in the upper right corner didn't light up when the button at the end of the board was pressed.  That meant that the problem was with the keyboard itself, not with the computer.  The batteries were not making proper contact with the circuit; various styles of shaking and bumping and banging the keyboard didn't resolve the problem.

I searched online, finding several recommendations for ways to clean the battery channel, and finally found a suggestion to try wadding up a small piece of aluminum foil and inserting that into the channel before reinserting the batteries.  Nothing to lose, so I tried - and it worked!  The green light smiled at me, and the iMac found the keyboard.  [the piece I inserted was smaller than the one I placed on top for the photo].

You learn something every day.

Robocall blockers

The Washington Post Consumer Tech column has an article about apps for blocking robocalls.

By several estimates, Americans got more than 5.2 billion automated calls in March...

I discovered no service could flag more than two-thirds of the calls on my list, in part because so many robocalls spoof their identities. Those are the calls that look conspicuously similar to your number, or that copy the caller ID of some poor soul who gets lots of angry return calls...

It comes down to how much effort you want to put into battling robocalls and how much personal information you’re willing to share to make it happen. Just adding numbers to your phone’s individual block list won’t get you very far, but there are a few simple steps from which everyone can benefit... 

Discussion and recommendations at the link.  I have been delighted with the efficacy of Nomorobo our our landline, but I haven't yet decided what to do re the cellphone.  I'd be glad to hear suggestions.

Image credit.

Ransomware erases medical records

A computer virus recently injected itself into the electronic medical record system of Brookside ENT & Hearing Services and ruined the business.

The two-doctor medical practice in Michigan has apparently become the first health care provider in the nation to shut its doors for good because of a ransomware attack, according to half a dozen cybersecurity experts contacted in the past week. Hackers are targeting Minnesota hospitals and clinics at an escalating pace, including four breaches involving patient files already reported in 2019, though any interruptions of work have been temporary...

At Brookside ENT in Battle Creek, Mich., the ransomware virus started by deleting and overwriting every medical record, bill and appointment, including the backups. The virus left behind a duplicate of the deleted files, which could be unlocked with a password that the attacker promised to provide for $6,500 in U.S. currency wired to an account, doctors at the clinic said.

The practice’s two ENT surgeons — Dr. William Scalf, 64, and Michigan state senator Dr. John Bizon, 66 — refused to pay the attacker’s ransom...

More at the StarTribune.  But notice the absence of an air gap between the computer and the backup files.

Why is stuff like this allowed to exist ?

Good day to you.

My name is [redacted], a renowned Togo based lawyer. I am writing in connection to your late relative who died along with his wife and only Son in an auto accident.

I have contacted you for the repartration of his money valued at sixteen million five hundred thousand dollars and the also the claiming of his estate. Get back to me for more clarification; Looking forward to hearing from you

Yours faithfully, [redacted]. 

I redacted the name in order to not give the scammer any publicity. We have all received emails like this, and any sensible person recognizes it as fake.  In fact my understanding is that scams like this are intentionally written in this floridly bogus style so as not to accidentally entrap any sophisticated computer users, their targets being only the totally naive internet users and those with mental impairments.

As the son of an elderly mother who had advanced dementia, it annoys me that this type of material continues to exist.  I understand that much of it arises overseas in places beyond the jurisdiction of the American court system, but I can't believe that no mechanism exists to shut it down or punish the malefactors. 

Why comments on TYWKIWDBI are curated

About a year ago I changed the format of the blog to require all comments to be screened and approved by me.  Some readers may find it annoying to realize that their comment has to be approved before it appears online, but I had to do it because of all the crap illustrated above (from the past 2-3 days).  I realize this curation slows down inter-reader dialogue, but it's necessary to preserve the quality of the blog - and my own sanity.

And now we are eleven

Last week TYWKIWDBI quietly celebrated its eleventh "blogiversary."  I used this occasion to look at some of the metrics for the blog.  The map above is an enlargement of the one embedded in the right sidebar, showing the general distribution of the 815,000 visits in the past year.  The dots are not proportional to size (the Madrid dot is 500, the Barcelona one 5000).  For more detailed information I access Quantcast, which has pull-down menus like the one below, which shows for example that readers in Spain came from 203 locations, not the four or five dots on the little map.

The biggest "user" was in Mountain View, California (38,000 visits).  His name is Mr. Google.

When graphed on a monthly basis, there has been slight downward trend over the past two years, probably reflecting my gradually declining output.

The profile of readers of this blog is above.  Nothing surprising, really.

BoingBoing heads the list of the other websites you like to visit, followed by Digg and Neatorama (#4 Linkwithin places the little images at the bottom of each post that tempt you to visit my old posts).

So, as the Fabulous Furry Freak Brothers once said, another year passes like nothing.

I'd like to close with something more profound than these frankly meaningless numbers.  The most thought-provoking video I've ever watched was one that explained the Hubble Deep Field.   That was followed by the Hubble Ultra Deep Field and the Hubble eXtreme Deep Field.  I'll let someone else explain:

YouTube link.

Obviously best viewed in fullscreen mode.  I can't wrap my mind around the concept that what appear to be stars are actually galaxies, each composed of billions of stars.  And there are a hundred billion galaxies.

Is your phone unlocked by your fingerprint?

If so, it can be unlocked by fake fingerprints, as explained in Vice's Motherboard:

Known as DeepMasterPrints, these artificially generated fingerprints are similar to the master key for a building. To create a master fingerprint the researchers fed an artificial neural network—a type of computing architecture loosely modeled on the human brain that “learns” based on input data—the real fingerprints from over 6,000 individuals. Although the researchers were not the first to consider creating master fingerprints, they were the first to use a machine learning algorithm to create working master prints...

The master prints generated by the researchers were specifically designed to target the type of fingerprint sensors found in most modern smartphones. These capacitive fingerprints scanners usually only take partial readings of fingerprints when they are placed on the sensor. This is mostly for convenience since it would be impractical to require a user to place their finger on the sensor the exact same way each time they scan their print. The convenience of partial fingerprint readings comes at the cost of security, which is convenient for a sneaky AI. 

So, basically, just assume that nothing you ever do is secure.  Ever.

Via Neatorama.

"Pocket lint" screwed up my iPhone

Wherein an English major confronts a problem with modern technology and shares the solution with his readers.

I selected the iPhone SE for its smaller and more convenient size and (relative) affordability.   I was totally pleased with it until the phone began developing battery problems, about the same time in 2017 that Apple announced the implementation of a discounted battery replacement program that included the SE.

What I noticed was that my phone occasionally had problems charging.  Sometimes when I plugged in the lightning-to-USB cable I would return to find the battery charge level unchanged (or lower).  I switched from charging it off the iMac USB port to charging it off a wall outlet via an adapter.  Sometimes the phone charged, sometimes it didn't.

So in I went to the Apple store earlier this summer, where the a staff member ran full diagnostics on the battery.  "Nothing wrong with your battery."  All of the diagnostics accessible via the Settings>Battery>Battery Health menu (maximum capacity, peak performance capability) were within normal limits - as were all of the additional parameters that the technician was able to measure with their in-house proprietary program.

I thought perhaps my charging cable was defective, so I bought another one.  Sometimes when I charged the phone in an upright position, with its weight on the connector the charging "took," which made the cable-port connection more suspicious.  Also, sometimes when I plugged it in, the phone would blink "on" with the icon, then go quiet, then blink "on" again in a repeating cycle.  This would stop if I wiggled the cable just right.

So back I went this week, taking the charging cable with me.  The young lady who helped me solved the problem in five minutes.  First she checked the metrics, which were all normal.  Then when I suggested maybe the port needed to be replaced, she said looked at my cable-phone connection and announced "it's much easier than that."  She pointed out that the plastic "collar" at the end of the cable was not flush with the body of the phone when it was plugged in.

That was the key observation.  I had noticed some "play" in that connection and had wondered if the port was damaged.  The solution was way simpler than that.  She reached in her pocket, pulled out what looked like an otoscope, and peered into the port.  "It's pocket lint.  We'll fix it right here."  She then took out a short handled, soft-bristled brush and began poking away at the port, stopping at intervals to blow dust off the bristles.

The problem of course was that lint from my pants pocket had slowly accumulated in the port.  Each time I plugged the lightning-to-USB cable into the phone, I was gradually packing that lint into the base of the port, eventually disrupting the electrical connection.  Two minutes of vigorous brushing solved the problem: the cable connected with click, totally flush with the phone. 

I decided to write this up for the blog because I suspect some readers may encounter a similar situation (and this probably goes cross-platform to phones other than iPhones.)  To prepare the post I searched for "pocket lint" plus iPhone and immediately found an article that describes the problem and the solution.

On my iPhone 5, I noticed it “chirped” that it was plugged in while already plugged in. After narrowing down the possible maneuver to cause this to happen, I noticed that my Lightning cable had a bit of play in it, but only going to the right. If pushed right, it would stop charging, pushed back it would resume charging...

In the past with my iPods and iPhones, there was a bit of lint build up, but it often fell out. It seems with the Lightning Connector, plugging a cable in smashes the lint even deeper in the phone and I had some nasty buildup. I’ve used compressed air before, but it didn’t seem to really remove much. I used an unbent small paperclip to carefully scrape the inside of the port, avoiding the actual pins (do this at your own risk), and was amazed the amount of things that I was able to pull out.

I had asked the Apple tech about using compressed air at home, as I do with the keyboard, but she suggested a brush tends to work better.  My search also revealed that "dust plugs" are available.

In retrospect, the reason I didn't find the solution the many times I searched for "battery problems" is that this wasn't a battery problem.  So I thought I'd post the problem and solution here today for the benefit of those readers who may also be non-techy English majors.

Just get a new one

Posted because last night one of my bluetooth mice became inoperable, and I was reminded of this xkcd cartoon.

Bodycams worn by police can be hacked

Josh Mitchell, a consultant at the security firm Nuix, analyzed five body camera models from five different companies: Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc. The companies all market their devices to law enforcement groups around the US...

In all but the Digital Ally device, the vulnerabilities would allow an attacker to download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change. Or an attacker could simply delete footage they don't want law enforcement to have...

Additionally, Mitchell says that some of the more sophisticated models, which contain radios for Bluetooth or cellular data connectivity, also have vulnerabilities that can be exploited to remotely stream live footage off the cameras, or to modify, add, and delete the footage stored on the devices...

Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everything down, a worm that infiltrates the department's evidence servers and deletes everything, or even cryptojacking software to mine cryptocurrency using police computing resources...

"These are full-feature computers walking around on your chest, and they have all of the issues that go along with that."

Via BoingBoing.

Voting-machine vendor admits some machines have remote-access software

Excerpts from a stunning article at Vice's Motherboard:

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters...

ES&S is the top voting machine maker in the country, a position it held in the years 2000-2006 when it was installing pcAnywhere on its systems. The company's machines were used statewide in a number of states, and at least 60 percent of ballots cast in the US in 2006 were tabulated on ES&S election-management systems...

Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines...

But election-management systems and voting machines are supposed to be air-gapped for security reasons—that is, disconnected from the internet and from any other systems that are connected to the internet. ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential port of entry for hackers as well...

Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”
In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier...

He notes that election officials who purchased the systems likely were not aware of the potential risks they were taking in allowing this and didn’t understand the threat landscape to make intelligent decisions about installing such software.

All of this raises questions about how many counties across the US had remote-access software installed—in addition to ES&S customers—and whether intruders had ever leveraged it to subvert elections...

Wyden says he’s still waiting for ES&S to respond to the outstanding questions he sent the company in March. “ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks,” he told Motherboard. “When a corporation that makes half of America’s voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding.”

Support your favorite websites

This is my approximately-annual reminder to readers to support your favorite websites.  I'm not pimping the Guardian here - just using the screencap as a generic image for this PSA-type post.  My understanding from recent exchanges of emails with friends is that some old-timey blogs and news sites continue to be under financial stress.  The proliferation and efficacy of adblockers has made passive support by simple browsing less effective, and the profusion of alternate sites makes webusers less likely to bother getting past even the simplest and cheapest firewalls.  Not all blogs are created/maintained as hobbies, so please when you visit a favorite, consider buying a subscription, responding to fund drives, purchasing a t-shirt or coffee cup, or donating to a tip jar. 'Nuff said.

How businesses deal with hackers

More Dilberts here.

The first use of "O.M.G." was in 1917

Credit to Anorak at Flashbak for finding a letter from Lord Fisher to Winston Churchill, written in 1917.

Via Smithsonian.  Image cropped for size and contrast-enhanced from the original.

TYWKIWDBI is down - again (updated) [returning Friday, see Addendum]

Yesterday when my iMac started up, the usual "susumi" sound was absent and the screen opened up dark instead of grey.  The Apple logo appeared, along with the expected progress bar.

The progress bar evolved way too slowly, then stopped.  After an hour it was still frozen at about 95% complete.  I restarted while zapping the parameter RAM; that accomplished nothing.  And rebooting in the Safe mode (shift key down) didn't help.

So I went to my old Mac to look for help online.  When I rebooted in Recovery mode (command-R), I at least got a response:

I had already been to multiple other help sites, several of which suggested that the frozen progress bar at the end of the startup process probably indicated a problem with "permissions," which should be fixable using Disk Utility.  So I opened it...

... and clicked on the First Aid logo...

... and ran First Aid, hoping to repair permissions.  First Aid ran successfully...

... but after clicking "Done" the iMac still wouldn't complete the rebooting process.

On my old Mac (the one I'm using right now to access the blog) (running OSX Yosemite 10.10.5), the First Aid program presents the  option of repairing permissions:

But this new, crashed, iMac running OSX 10.13.something doesn't seem to offer that option.  ???

Of course, his may not be a permissions problem at all.  Does anyone know what might be causing this?

Of possible note, I did try to option of seeking help online at Apple, and the frozen computer did connect me, so much of its guts, including web access, appears to be functional, but I just can't access stored material.

My next option is to restore using a Time Machine backup.  Here's where I have to offer a "mea culpa" and admit that I don't keep the Time Machine constantly attached to the Mac because my desk is so full of gadgets (printers/scanners, digital microscope, USB extender, lamp, SAD light etc.  So my last complete backup was in mid-February.  I can restore from there, losing a couple months of bookmarks for the blog (many hundreds of them) and various Word documents and uploaded photos.

More importantly, restoring to February status will lose my entire Turbotax tax return, which I had joyfully completed yesterday.  Today was to be the day to file online and submit payment.  I don't know if I can retrieve the entered data from Turbotax online on this old computer or whether it's only stored on the crashed hard disk.

So I am frantically looking for some way to revive the Mac with the frozen progress bar.  I'll be seeking help from Apple online and perhaps over the phone.  In the meantime I'm seeking help from readers who might have any suggestions for me.

This isn't the end of Life As We Know It, but absent a satisfactory recovery, especially of my tax data, I'm just not going to have time to blog for at least several weeks.

Nighttime Addendum:

You learn something every day.  Reader Charlie has introduced me to rebooting in Verbose mode (command-V).  I just did so, and the screen lit up with line after line of TMI-for-an-English-major:

Eventually it settled in to a mantra of "too many corpses" -

That continued past the 300th iteration before I finally had mercy on it and powered it down for the night.

Charlie, there may be a clarification of what's going on earlier in the readout, but I couldn't find a way to scroll up to get closeup photos.  Tomorrow after the Mac and I both get some rest, I'll try another Verbose boot with camera in hand.

If I ever start a band, "Too Many Corpses" might be an interesting name.  I've appended it to the title of this post for now...

Addendum #2

Excellent information at Robin Monks for any reader experiencing the same problem.

Addendum #3

Oh joy !!!

It looks like we are back in business, boys and girls.  TLDR: I reinstalled the operating system.  I don't THINK I lost anything, but I'm not touching anything right now until Time Machine is finished making a complete backup of whatever's there.

I'll leave some notes in the comment thread for those interested in the technical aspect of the problem and its solution.

Best case scenario I'll still be busy tonight and tomorrow with taxes and eBay and stuff.  TYWKIWDBI should reanimate Wednesday or Thursday.

Addendum #4: problem recurs

Gloom returns the next morning -

When I pushed the start button and heard no susumi chime and the screen started to open black instead of grey I had a sinking feeling.  The progress bar has been frozen at 99% for half an hour.

Thankfully I did get my taxes finished and e-filed just before midnight last night.

Now to resume troubleshooting.  Apparently reinstalling the OS was a workaround rather than a fix.  Whatever gremlin is doing this is still in there.  I'll be rebooting in various modes and probably ordering a USB-to-Thunderbolt or Firewire-to-Thunderbolt connector from Amazon, or else I'll just haul the iMac over to the Apple store.

So, no blogging for a while.  *sigh*

Addendum #5: problem gone (for the moment)

The sequence of events is getting a bit fragmented between the text of this post itself and the ever-enlarging Comment thread below.  I don't have time to "optimize" the narrative, but I'll summarize with another addendum -

When the frozen progress bar first appeared, rebooting in Safe mode (space bar) didn't help.  After I used the Recovery mode reboot (R) to reinstall the operating system (which incidentally also updated from OSX 10.13.3 to 10.13.4) I was able to access the desktop.

Then the problem recurred.  But this time (with new operating system in place) I was able to access the desktop via a Safe mode reboot.  I read (or one of the readers told me) that if the problem can be bypassed by a Safe mode reboot, then the problem probably lies in the login or startup files because the Safe mode deactivates login items.

So I restarted Safe mode, got to the desktop and went to System Preferences > Users and Groups to see what my "Login items" are. There were 6 of them: System Events, iAntiVirus, Microsoft AU Daemon, Adobe Resource Synchronizer, Dropbox, and SMART reporter.

I started looking some of them up to see what I could maybe do without.  Never did find exactly was "System Events" was.  The Microsoft "AU Daemon" is an AutoUpdater for Microsoft Office.  Dropbox and SMART reporter I remember as being add-ons that I never have used directly.

I couldn't find a way to "turn them off and back on" so it was late in the evening and I said (literally) WTF I'm just going to delete them.  Did so, pulled down the Restart command - and the iMac opened to the desktop !!  I was so happy I went directly to Civilization V and finished my Genghis Khan campaign.

This morning was the acid test.  Would I need a Safe Mode reboot?  Nope.  Started up fine.f

I don't know if the problem is fixed or dormant.  I could have an occult malignancy somewhere in the computer, but I'm guessing (it's only that) that one of the startup items caused a conflict with some other item that had been updated, or it became corrupted/went insane.  It would be ironic if the glitch that I was calling a "gremlin" turns out to be Microsoft's "Daemon."

If this problem stays fixed with this relatively simple intervention that can be performed by any elderly English major, I should probably revise the title of this post with some keywords that would be useful to others searching the same problem.

So, things are working and I have a current TimeMachine backup.  I also have dozens of new links for the blog that I bookmarked on my old iMac.  Eventually I should probably run some diagnostics.  But first, real life calls.  We're getting yet another snowstorm and I have some paperwork to attend to.

Barring surprises, I should be able to resume blogging on Friday.

TYWKIWDBI supports The Guardian

The Guardian does not have a paywall.  Instead, they simply (and politely) request that visitors make a contribution - which I occasionally do.

I'm not asking readers of TYWKIWDBI to support the Guardian, but I do strongly suggest that when you find an interesting and useful website, that you make a donation - however small - both as a simple "thank you" and as an investment in our collective future.