by Paul Arnote (parnote)
Monthly Update: Assault On Your Privacy
TechRepublic reports on a new phishing technique, where the scammers use a chat bot to gain the trust of the victim, and then convince them to hand over private data.
The New York Post reported that a new malware that attacks Android users, dubbed ERMAC 2.0, is active. It's set up to steal users' credentials and bank information.
In another TechRepublic article, cybercriminals are using an automated bot to bypass 2FA (two factor authentication) on a large scale. By circumventing 2FA safeguards, cybercriminals can gain access to personal/private/privileged information about the victim.
An article on the Malwarebytes Labs website lists four new vulnerabilities in the Google Chrome web browser (CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, and CVE-2022-2011). If you haven't already done so, the best protection is to update to the latest version of Google Chrome as soon as you can.
A joint Cybersecurity Advisory from the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI warns about threat actors exploiting known vulnerabilities to target public and private sector organizations worldwide, including in the United States. This report is built on previous NSA, CISA and FBI reporting about notable cybersecurity trends and persistent tactics, techniques and procedures.
In a PIXM Security blog entry, they detail how a threat actor stole one million credentials over four months using phishing tactics.
From an article on The Register, if you own certain Cisco routers, you might want to use them for target practice, go "Office Space" on them, or otherwise take them out of service. In a pair of vulnerabilities with a CVSS (Common Vulnerability Scoring System) score of 9.8 out of 10, Cisco is NOT releasing a fix for them. Four other vulnerabilities of a medium level of concern were also noted with some Cisco routers.
Widely covered by multiple media outlets (here's one from Reuters), Google is being sued by Texas Attorney General Ken Paxton for misleading users into thinking Google Chrome's "Incognito" private browsing is truly anonymous, when in fact, it collects boatloads of personal data.
Mozilla Works To Bring Manifest V3 Support To Firefox By Late 2022
Anyone who follows web browser development even a little has heard of Google's push for the adoption of Manifest V3 and the havoc it is anticipated to bring to many web browser extensions. Most significantly, Manifest V3 eliminates Web Request API, and replaces it with Declarative Net Request API. This change will seriously cripple many ad blocker extensions, which rely on the Web Request API to effectively block unwanted ads on websites visited by the end user. Currently, no new Chrome extensions are being accepted that are based on Manifest V2, which features the Web Request API.
Starting in June 2023, Google will no longer allow extensions based on Manifest V2 to continue to run, replacing Manifest V2 with Manifest V3. Mozilla, on the other hand, plans to start implementing Manifest V3 in late 2022. But, Mozilla also plans to maintain support for the Web Request API from Manifest V2, allowing ad blocking browser extensions to continue to work.
If you are a Chromium user (or the user of any browser based on it, such as Google Chrome, Opera, Brave, etc.), the implementation of Manifest V3 has already begun. When fully implemented, expect your ad blockers to either cease functioning or to be severely crippled under Chromium-based browsers.
It makes sense that Google would want to cripple ad blockers. Consider that the vast majority of Google's fortunes are made from selling advertising, especially advertising that is targeted at individual users. If an ad is blocked, it's not viewed by the end user, and Google gets no money when you cannot view it. Also, when you can't view it, you can't click through the ad to visit the advertiser's website. Those "click counts" are important, especially if you own the website on the other end, or if you sell advertising based on click counts.
Developers of web browser extensions – especially ad blocker extensions – have been very vocal about the implementation of Manifest V3. None have been more vocal than Raymond Hill, the creator of the uBlock Origin ad and content blocker.
Hang on to your seats, gang. This is going to be one rocky, bumpy, crater-filled ride for the next year or so. If you abhor ads on your web pages (like most people do), prepare for the terrifying reality that you can no longer hide them or prevent them from appearing. But then again, there's always Firefox. It makes me glad to be a Firefox user.
GMail Trick Reveals Who Is Selling Your Data
Let's see a show of hands. Who out there has signed up to a mailing list, but then found their inbox inundated with emails from a large number of "related" senders? Trust me, you're not alone.
Let's say you want to sign up to Polly's Widgets mailing list to get early notifications of Polly's next groundbreaking widget. You sign up, using your regular GMail account. The next thing you know, your inbox is being flooded with offers from many of Polly's Widgets "partners." Yep. They sold your email address (and probably a list of your interests) to their "partners."
What many people don't know is that you can have as many GMail accounts as you want. Simply place a "+" and then a word after the first part of your GMail address, and the GMail server will ignore the "+" and everything after it, but still deliver the email to your email account's inbox. So, email@example.com might become firstname.lastname@example.org. You have to either set your account up with this email address, or edit your existing email address on your existing accounts. Now, when you start getting emails from Polly's Widgets partners, you will immediately know exactly who sold your email address.
Once you know, it's an easy matter to block those emails from ever coming into your inbox, or to filter them so they immediately go to your spam or trash email boxes, or to a special folder where you can weed through them at a later time.
IPv4 Tweak Could Free Up 100's Of Millions Of IPv4 Addresses
Seth Schoen, a former senior staff technologist at EFF and co-founder of Let's Encrypt, has proposed some changes to IPv4 which, if implemented, could free up hundreds of millions of additional IPv4 addresses that were previously "reserved" for special use, according to an article on The Register.
The thing is, most of those addresses were never used for their intended uses, and sat/sit unused since the adoption of the IPv4 standard. So, even though it has been nearly three years since all the available IPv4 addresses have been officially exhausted, Shoen's proposal would breathe new life into the older addressing scheme, at least for a while.
However, due to the wide proliferation of the IPv4 addressing standard, making the proposed changes could prove to be a much larger undertaking than just forcing users to switch to IPv6, which replaced the IPv4 standard. The current IPv4 standard, agreed upon in the 1980s, is nearly universally used and adopted, so changing the "rules" now may end up creating more confusion and interoperability headaches than the benefits produce from the freeing up of additional address spaces.
New Browser Extension Lets You Remove Specific Sites From Search Results
A new browser extension, named uBlackList, allows users to remove specific sites from appearing in search results from Google, DuckDuckGo, Bing, StartPage, and others. Upon installation, it's set up "out of the box" for blocking Google search results, but users can easily add additional search engines via options for the extension.
While it's easy enough to block certain websites from appearing in certain search pages (I use DuckDuckGo, which uses the "-name_a_site" search tag), results sometimes include those pages anyway. Instead, you can configure uBlackList to exclude those websites from your search results.
When you bring up the options for the extension, you can enter the sites you want to block from your search results. So, let's say you want to eliminate search results from Pinterest from appearing in your search queries. You would enter *//:*.pinterest.com/* to block any sites from Pinterest from appearing in your search results. Similarly, you would enter *//:*.facebook.com/* to block all sites from Facebook from appearing in your search results.
The extension is available for Google Chrome (or Chrome based browsers) and Firefox.
PCLinuxOS Magazine Short Topix Roundup
According to an article on TechRadar, a new Google Chrome update is poised to crackdown on the number of notifications users receive from certain websites. If Chrome identifies a website as being "disruptive," it will block notifications, as well as attempts to ask for permissions in the future.
There may be a new replacement for GIF 3D, according to an article on The Verge. The company, Looking Glass, is hoping to make holographic displays as common as … well, any other graphics file. Specifically called Looking Glass Blocks, you just swipe your mouse across the image and you are presented with a VERY COOL looking 3D holographic image. You can view some samples of it just by visiting the article on The Verge.
Igus, a German company, has developed an urban bike made from 100% recycled plastic, according to an article on GearJunkie. Yes, the bike is made from 100% recycled plastic … even the gears. No part of the bike will rust or corrode. Frank Blase, the CEO of Igus, says "the plastic in dumps worldwide is becoming a valuable resource." Using recycled plastics, Igus keeps mounds of otherwise plastic waste out of landfills. "Lightweight, lubrication-free high-performance plastics are used in all parts of the bicycle, from two-component ball bearings in the wheel bearings to plain bearings in the seat post, brake levers, and pedals," explained Blase. "All of these components have integrated solid lubricants and ensure low-friction dry operation, without a single drop of lubricating oil. [So that] sand, dust, and dirt cannot accumulate."
The James A. Webb Space Telescope suffered a larger-than-expected micrometeorite strike at the end of May, according to an article on The Verge. NASA officials said that the revolutionary, state-of-the-art space telescope is still performing at levels that exceed all mission requirements. NASA officials also say that they can correct for the aberrations in the space telescope's images.
Samples from Ryugu, an asteroid made famous in 2018 when Japan landed a spaceship on it, has revealed the presence of more than 20 amino acids, according to an article on LiveScience.
Australian scientists have discovered that the larvae of Zophobas morio, a species of beetle, can not only eat but thrive by eating a steady diet of polystyrene plastic, according to an article on The Guardian. You are probably more familiar with polystyrene plastic as the lightweight foam carryout containers and drink containers.
Every. Single. Patient. enrolled in a small rectal cancer trial saw their tumors disappear, and required no further treatment via chemotherapy or radiation therapy, according to an article on Science Alert. The trial is still ongoing, as only 12 of a planned 30 patients have completed the treatment and the six month followup. The results are unprecedented in cancer research.
Researchers have succeeded in creating plastic-based CPUs, according to an article on the Hackaday website. They produced 4-bit and 8-bit processors using indium gallium zinc oxide semiconductor technology attached to a plastic substrate. The processors can even be bent around a small radius, and continue to work.
Researchers at Rutgers University and Harvard have created a spray on plant-based coating that could replace plastic wrap, according to an article on Engadget. The new process sprays a biopolymer and saccharide based coating on produce that helps protect from bruising and spoilage, is easily biodegradable, and has antimicrobial properties. As a result, it outperforms the traditional plastic wrap commonly used for packaging. In early tests, it extended the shelf life of avocados by 50 percent, is biodegradable in about three days, and can simply be washed off of the produce under running water. Such an advancement could help keep untold amounts of plastic waste out of landfills.