by Paul Arnote (parnote)
The War On Your Privacy: Monthly Update
THE FBI, IN CONJUNCTION WITH CYBER COMMAND, THE U.S. SECRET SERVICE, AND OTHER LIKE MINDED COUNTRIES, took down (or at least dealt a serious blow to) the REvil hacker/ransomware network, according to an exclusive article from Reuters (and subsequently picked up by other news outlets). It isn't very often we get to write up something positive that happens in the realm of privacy attacks. To refresh, REvil was the Russian hacker group that took the Colonial Pipeline down with ransomware in May 2021, causing widespread gasoline shortages all along the U.S. eastern seaboard. They are also responsible for attacks on the large meat packing company JBS in June 2021, as well as the enterprise IT firm Kaseya. The July 2021 attack on Kaseya affected all of Kaseya's customers simultaneously, many of them involved in the U.S. supply chain. Officials managed to compromise and take control of key servers in the REvil network, effectively cutting their activities off at the knees. Cyberinvestigators also got their hands on a universal decryption key that allowed Kaseya's customers to recover their files without paying a ransom. As a result, the REvil network has been effectively disbanded, and its leader, O_neday, has gone into hiding once he discovered that law enforcement officials were searching for him.
THE HACKER COLLECTIVE KNOWN AS ANONYMOUS HAS RELEASED "PART B" OF THE HACK OF THE CONSERVATIVE WEB HOSTING COMPANY KNOWN AS EPIK, according to an article on DailyDot (and subsequently reported on by others in the media). In early September, Anonymous released a 180GiB file full of domain name registrar data, exposing those behind many controversial right-wing websites. But apparently, that wasn't the end of it. In late September, Anonymous dumped another 70GiB of data from the Epik servers, which are actually disk images of each entity that used the Epik service. That's right. You can run each of them individually. The Anonymous press release says, ""[Y]ou didn't think we completely dominated Epik and merely ran off with some databases and a system folder or two, did you? We are Anonymous. Flexing as hard as we can is how we do a barrel roll (Press Z or R twice!)." The latest data leak from the Epik servers represents Epik's server infrastructure, and expands to approximately 300GiB of data.
THE PANDORA PAPERS ARE MILLIONS OF DOCUMENTS REVEALING THE OFFSHORE DEALS AND ASSETS of more than 100 billionaires, more than 30 world leaders, and more than 300 public officials. It is being called the biggest leak of the financial secrets of the rich and powerful, according to The Guardian. The documents expose the secret offshore affairs of 35 world leaders, including current and former presidents, prime ministers and heads of state. The billionaire class includes celebrities, rock stars and business leaders. The public officials class includes government ministers, judges, mayors and military generals in more than 90 countries. Imagine the fallout besetting heads of states who have millions of dollars worth of offshore assets while their fellow countrymen live in abject poverty. According to the article on The Guardian, "the files were leaked to the International Consortium of Investigative Journalists (ICIJ) in Washington. It shared access to the leaked data with select media partners including the Guardian, BBC Panorama, Le Monde and the Washington Post. More than 600 journalists have sifted through the files as part of a massive global investigation."
In the "as if you needed another reason to avoid using Google" department, Forbes magazine reported that THE U.S. GOVERNMENT IS FORCING GOOGLE TO REVEAL USERS WHO ARE SEARCHING FOR SPECIFIC KEYWORDS OR VICTIM NAMES. Called "keyword warrants," they are on dubious legal grounds, and amount to a fishing expedition by law enforcement agencies to make a list of suspects in a criminal case. This is only the third keyword warrant that has been made public, and in this case, it was only because a court order was mistakenly ordered unsealed. According to the Forbes article, "As with all law enforcement requests, we have a rigorous process that is designed to protect the privacy of our users while supporting the important work of law enforcement," a Google spokesperson said. Sure! I believe that about as much as I believe that I can buy Google (Alphabet) stock for $1 per share! The article is a good example of the volume of information Google collects and saves on each user, and is a good read.
A USER OF A "POPULAR" HACKING FORUM HAS POSTED DATA FROM 1.5 BILLION FACEBOOK USERS for sale, according to an article on Privacy Affairs. The seller claims to represent a group that spent four years gathering the data. That data includes name, email address, location, gender, phone number, and user ID. The group claims to have scraped the data from public-facing Facebook pages. While not particularly sensitive data (and no accounts have been compromised), it could expose users to unscrupulous internet marketers and cybercriminals. So what's the going price for such data? According to the article, the data was being offered up for $5,000 (U.S.) for 1 million records. The users could buy all or part of the data. That amounts to right at 1/2 of 1 cent per record. That's not very much, especially compared to how much havoc the sale of that information could have on your digital life.
It's easy to forget that, even with all of its convenience, AMAZON COLLECTS A TON OF DATA ON ITS USERS. Forgive me if you are not surprised. Well, one woman (a TikTok user) discovered just how much data Amazon collects, according to an article from the New York Post. She requested all of the data that Amazon had stored about her. She has two Amazon Dot smart speakers, one Amazon Echo smart device, and multiple "smart light bulbs." She downloaded the ZIP files and extracted them. There were many folders of data that were extracted. Some of those folders contained thousands of audio files. Those audio files were short voice clips that Amazon had collected from her smart speakers. She also was sent a "Contacts" file. The contents were a full list of contacts from her smartphone, and she doesn't remember syncing them with Amazon. They also had her location data stored. Another file knew the EXACT location of where every one of her Alexa smart speakers were located. Now who, just who, thinks that one of those "smart" devices doesn't listen in on EVERY. LITTLE. THING. YOU. SAY? Especially when you consider that "Alexa" won't even answer if "she" sends data to the CIA or NSA. It's not about whether you have anything to hide or not. It's about YOUR privacy, and companies RESPECTING your privacy by NOT collecting it in a wholesale manner!
FINALLY ... (sorry, but there's been a LOT of hacks and attacks in the past month), CHICAGO-BASED CANDY COMPANY FERRARA WAS HACKED, according to an article on the Gizmodo website. You are sure to have seen some of the multitude of brands Ferrara makes, including Brach's candy. Well, just in time for Halloween, the prolific manufacturer of the fall favorite candy corn (seven billion pieces per year!), experienced an attack that resulted in some of their systems becoming encrypted. Upon discovery, they immediately took steps to secure all of their systems. Is nothing so sacred as Halloween to escape the wrath of some moron sitting behind a keyboard miles and miles away in another country?
Password Security Revisited
With October being CyberSecurity Month, you might imagine that password security was on the minds of many cybersecurity experts all across the web. Among the many, many "celebrations" of CyberSecurity Month, I came across one article from WeLiveSecurity that put password security into perfect perspective. Do you reuse or recycle passwords among different sites? If so, you need to read this article. Are you divulging too much information on your social media pages? If so, you need to read this article. Are you using simplistic passwords, thinking no one would ever guess something so simple or obvious? If so, you need to read this article. Do you have any questions or doubts about password security? If so, you need to read this article. I think you get the idea ... you need to read this article.
We have covered passwords, password security, password methods, and password management more times in The PCLinuxOS Magazine than even I can count. But, you can search the magazine site from here, where we search for the phrase "password." Your data and your information deserve all the protection you can afford to give them, and a secure and unique password for each site you visit is the first -- and best -- step you can to securing your data and information.
Google Chrome Could Break Ad Blockers (And Other News)
Current extensions to the Google Chrome browser use the Manifest V2 framework. Starting January 17, 2022, no new extensions utilizing Manifest V2 will be accepted in the Chrome Web Store, according to an article on TechSpot. Then, one year later in January 2023, all Manifest V2 extensions will cease working. In the interim, Google will release Manifest V3, which has been "in the works" for years. While Manifest V2 could be exploited to create malware and retrieve sensitive data, Manifest V3 addresses security and performance concerns of V2.
One side effect of the switch to Manifest V3 is that most current ad blockers will cease to function, or at best, be seriously crippled. Most ad blockers rely on intercepting or blocking the webRequest API. Manifest V3 replaces access to the webRequest API with declarativeNetRequest (DNR, which in medical terms means Do Not Resuscitate). For comparison, Mozilla has stated that they will mostly adapt Manifest V3, but they will not replace webRequest API with Google's new declarative NetRequest.
Google is an advertising company. As such, they lose BILLIONS of dollars in advertising revenue from users utilizing ad blockers. Citing privacy and security concerns, Google thinks it can fool developers and users into supporting their move to Manifest V3 and blocking access to the webRequest API. But anyone who is potty trained will realize that it's all about money.
Last month, we told you about some security vulnerabilities in the Google Chrome browser. Well, this month, there were additional security vulnerabilities discovered. They are as follows:
[$20000] High CVE-2021-37974 : Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-01
[$TBD] High CVE-2021-37975 : Use after free in V8. Reported by Anonymous on 2021-09-24
[$NA] Medium CVE-2021-37976 : Information leak in core. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21
You can read more about the "latest" Google Chrome security issues on the Google blog page. Meanwhile, if you haven't updated to the latest Google Chrome browser, now may be a good time to do so.
Reddit User Has Perfect Comeback For Boss
No one can argue that the pandemic has been horrible. But one thing that has happened is that it has caused a shift in people's priorities and in workplace dynamics. No longer are workers willing to work in low paying, mind-numbing jobs for tyrannical bosses. Somewhere among it all, workers have figured out that there is more to life, and they deserve to be paid a living wage and deserve to be respected. It has switched the power paradigm from the employers to the employees and job seekers. One Reddit user, who goes by hestolemysmile, posted his perfect comeback and conversation with his overbearing boss.
From the conversation posted on Reddit (shown in the image above), it seems that the overbearing and tyrannical boss in this particular case monitors his workers with cameras.
Just in case you're having trouble reading it from the image, here's a transcript of the conversation:
[BOSS]: Good evening, [Reddit User]. I was reviewing the cameras from our shift today and noticed that you were sitting on a stool for the majority of your shift. This is completely unacceptable behavior and we will be discussing it tomorrow before shift.
[Reddit User]: I cleared it with [Lead]. I have 2 broken bones in my left foot (doctor documented).
Aside from that -- I packed 240+UPH for the entirety of my shift, 12 hours. I'm not sure if you're aware, but we do have a ranked list for packaging displayed directly above our stations. My efforts earned me first place today.
So, just to be clear -- my impressive performance was overshadowed by the fact that I wasn't uncomfortable enough while doing it?
[BOSS]: I'm really not appreciating your attitude. You could have just said the first part where it was cleared with another lead instead of being disrespectful. This type of behavior isn't going to get you anywhere here.
[Reddit User]: Hey, thanks for wasting my precious off time with some garbage you didn't bother to investigate beforehand.
Seriously -- 240+ UPH -- what you claim to be the pinnacle of performance there, I achieved it, and I get grief because I was sitting while doing it. You guys need to get your priorities straight. It is no wonder that you have such difficulties retaining staff.
I am not concerned with going "anywhere" there. It is a toxic environment with ignorant people at the helm. I won't be in tomorrow or ever again.
[BOSS]: We don't need to rush to you leaving. Let's talk about this in the morning and we can sort this out.
[Reddit User]: No thanks. Have a good life.
As you might imagine, the post received mostly positive feedback from other Redditors. The very next day, hestolemysmile posted a follow up:
I'm going to say it's impossible for me to answer all the comments, so I'm going to try and shed a little light here.
I was working for a healthy living fulfillment warehouse (I'm not going to be specific because I value mine and my families privacy). I packed orders, just as simple as that. Pay was ok for the area (16/hr), although the COL is fairly high here.
I'm done being bullied by anyone. I went through horrid abuse as a child and adult (plenty of that on my profile so I'm not getting into it here). People that want you to be a part of their organization or family will treat you accordingly. People like my former boss and family treat people like they own them, and it's our responsibility to show them that they absolutely do not.
My immediate family has had a hard couple years, but we are ok now. We live in a converted 5th wheel that we remodeled ourselves, and we trimmed our monthly expenses so that we didn't need to make tons of money to survive. We saved enough to go without working for a couple months just in case something happened. It's not a ton, but food will be on the table and our utilities will stay on.
I applied to several places yesterday. But I think I'm going to take a week off. The park near our house has a lot of garbage and I've wished that I had more time to clean it up a little as our kids love it there, so that's how ill spend my week before getting back to the grind. I just want to give something back.
I'm overwhelmed at the support from y'all. F***ing incredible. I opened up my app last night and wow o wow I've never seen so many awards on a post (guys, I'm incredibly thankful, but please save your money, this is just too much). The really big thing is so many people reaching out to me about finding a job. There are offers from everywhere and I'm hoping to find one close to us. Would be nice to work somewhere that really gets it.
There are opportunities out there. Don't settle for being treated as less than human. We are better than that. We are what makes the world go round. It doesn't matter what they are selling if there is no one to man the stores, answer the phones, or take out the garbage. Their dreams hinge on us more so than ours do on them.
Thank you, reddit. Thank you so much for the support. I will be replying to the DMs I was sent because they are just more manageable.
You guys are incredible. I reached out almost two years ago for support and 1000s of strangers grabbed my hands and told me it would be ok. Y'all were right. I'm ok enough to know my worth again. I am living as my best self, for my family. Thank you for being here for us, I can't express how much it means.
J -- whoever you are -- you are an inspiration for every downtrodden, abused, underpaid worker who has ever worked for a boss or organization or company where the workers feel unappreciated and undervalued.
A Different Take On Harnessing Power From Wind
Decreasing dependence on fossil fuels seems to be all the rage right now, and rightfully so. Fossil fuels are a finite resource that require extensive man hours to extract and produce. The byproducts from their consumption are a troublesome problem we have to deal with. "Alternative" power sources, such as harnessing the sun and wind to generate power, are gaining in popularity. That increased popularity is related to the production of "clean energy" without the byproducts from their consumption polluting the planet. The manufacturing of devices to harness solar and wind power is labor intensive, but usually much less so than the extraction of fossil fuels. With "alternative" power sources still in their relative infancy compared to fossil fuels, there is the yet untold problem of disposing of the clean power generating devices once they reach the end of their productive life cycle.
Harnessing the wind to generate power has become one main way to reduce the dependence on fossil fuels. Wind farms have sprung up all across the landscape, usually in rural areas or in large off-shore installations. But not every location is suited for the massive windmills that make up power generating wind farms. For example, many large metropolitan areas simply don't have space to install the massive windmills. That is, until now.
One enterprising inventor, Joe Doucet, has invented a 8 foot by 25 foot wall, composed of many small wind turbines, according to an article on FastCompany. One panel can generate up to 10,000 KWh of electricity per year, which is about what one average home in the U.S. uses for electrical power in a year. The panel could be installed as part of a privacy fence, passively generating power throughout the year. Even more, the panels could be attached enmasse to the sides of tall buildings in downtown areas, or even placed sporadically along highways to generate additional electrical power. In the latter example, passing vehicles could help generate power by the wind generated from the vehicles slicing through the air.
The size of the panels can be scaled up or down, depending on the power need or depending on how much electrical energy is desired or needed. The panel exists only as a prototype at this point, and Doucet is in talks with multiple manufacturers to help him bring the panels to market.
Before long, you could find arrays of these wind turbine panels helping to provide the electricity to your home.
The PCLinuxOS Magazine Short Topix Roundup
ARE YOU PLANNING TO INSTALL THE NEW WINDOWS 11, BUT FEARFUL THAT YOUR COMPUTER ISN'T QUITE UP TO THE "REQUIREMENTS" TO RUN IT? Particularly, the TPM 2.0 requirement has a lot of users unsure if they meet that particular requirement. Well, never fear. Many have come forward with several ways to "defeat" the TPM 2.0 requirement to run Windows 11. Even Microsoft fessed up and told users how to upgrade while circumventing the TPM 2.0 requirement. That upgrade "hack" was revealed in an article on PCGamer. All it requires is a simple registry hack.
A NEW SIGNAL-BLOCKING SMARTPHONE POUCH now allows you to literally drop off the digital map, just by placing your phone inside it, according to an article on Wired. Placed inside the Faraday pouch, no one can track you or your movements via your smartphone. In fact, your smartphone won't even get a signal.
FIREFOX AND BRAVE WILL NOW INTERCEPT MICROSOFT "EDGE-ONLY" LINKS DESIGNED TO ONLY BE OPENED IN MICROSOFT EDGE. Everyone knows how "sneaky" Microsoft can be. To ensure that certain links were opened ONLY in Microsoft edge, they quietly made links that, instead of being prefaced by "https," are prefaced by "microsoft-edge," according to an article on the CTRL Blog. Simply changing the "microsoft-edge" preface to "https" will allow those links to open in ANY browser. The Brave browser developers have already encoded the automatic recognition of those "Microsoft Edge only" links into its browser, starting with version 1.30.86. Firefox users can install the "EdgeDeflector" extension, at least until Firefox does the same as the Brave developers. Don't worry. That piece of coding has already been written, and it's currently undergoing review at Mozilla.
Everyone who hasn't lived for the past month or two shipwrecked on a deserted island has certainly heard about the FACEBOOK WHISTLEBLOWER WHO TESTIFIED IN FRONT OF CONGRESS, and who is now giving testimony in Europe about how Facebook has gone about censoring certain segments of users, and how they peddle their influence. An article on The Verge illustrates how, in response to the whistleblowing and leaking of internal documents, Facebook has embarked on a campaign of publicly smearing the whistleblower, Frances Haugan, in an effort to discredit her. Instead of taking the high road, Facebook decided to steal a page from the official coward's play book. How classy is that!
Speaking of Facebook, THEY ARE REBRANDING UNDER THE NAME META. Widely reported across all media outlets, Facebook will still be Facebook, and you'll still launch Facebook from the Facebook app. But the corporate umbrella of Meta will arch over Facebook, Instagram, and the rest of their acquisitions. Zuckerberg asserts that Facebook is poised to become the hinge pin of a new "metaverse" where you can do multiple functions through one portal, hence the new name Meta. I tend to think it's more a reflection of all of the metadata Facebook collects on users and non-users across the web. When the news broke earlier in the month that Facebook was going to rebrand itself, the suggestions coming in via Twitter and Buzzfeed were awesome. The suggestions included Facebonk, BookFace, MySpace, Facey McBookface, Definitely NOT Facebook, Hellsite, Oops We Facilitated Genocide, The Good And Nice Company, Not At All Evil, Face, Finsta, Big Brother, and Phillip Morris.
In even MORE Facebook news, FACEBOOK EXPERIENCED IT'S LONGEST OUTAGE SINCE 2008, when on October 4, 2021, Facebook, Instagram, WhatsApp and Messenger all went offline for about seven hours. The outage was due to some configuration changes to some routers that form part of the backbone of the Facebook servers. While many prayed for the outage to be permanent (yours truly included), Zuckerberg posted a little after 7 p.m. Eastern Time that "Facebook, Instagram, WhatsApp and Messenger are coming back online now." He added, "Sorry for the disruption today -- I know how much you rely on our services to stay connected with the people you care about." Back in 2008, Facebook went offline for about a day, affecting approximately 80 million users. Today, the platform has over 3 billion users.
CANON USA IS BEING SUED FOR NOT ALLOWING OWNERS OF MULTIFUNCTION PRINTERS TO CONTINUE TO USE THE FAX AND SCANNING PORTIONS OF THE DEVICE when the printer portion of the device runs out of ink, according to an article at BleepingComputer. The class action lawsuit alleges deceptive marketing and unjust enrichment by the company. Canon claims that the device must have ink cartridges with ink in them installed in order to send a fax or to use the scanner. This is a first. I never knew you had to have an ink cartridge installed to scan an image or to send a fax.
JAPANESE SCIENTISTS ARE CLOSE TO DEVELOPING A SINGLE VACCINE AGAINST ALL CORONAVIRUSES, according to an article from The National News. Experts at Osaka University say they engineered antibodies that prevented Sars-CoV-2, Sars-CoV-1, and three coronaviruses found in pangolins and bats.
I know we've ALL done it. We go looking for information, but eventually find it locked behind a paywall. Well, Lifehacker has written an excellent article on how to BYPASS THE PAYWALLS. The article has a LOT of tips, including browser add-ons and extensions that help circumvent paywalled sites.
GOOGLE HAS ANNOUNCED THAT BY THE END OF THE YEAR (2021), it will force 150 million more users to use 2FA (two factor authentication ... Google calls it 2SV, or two step verification ... it's the same thing) to log into their Google accounts. Will you be one of the lucky ones chosen? Google plans to make 2FA required across the board for all accounts, in an effort to bolster account security. No timeline was offered, other than the word "soon," for all Google account users to use 2FA.