Sunday, June 28, 2020

The (Intel) Sky Is Falling

Clickbait drives me crazy. So much of the press grabs a quote and makes a story out of it where there really isn't any meat to it.

A recent example is a WIRED story with the headline:
Security News This Week: An Unfixable Flaw Threatens 5 Years of Intel Chips

Doesn't that scare you? 5 YEARS OF INTEL CHIPS ARE THREATENED!

WIRED refers to a blog post that says:
The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.
OMG! The world is ending. The "chain of trust" is DESTROYED!

In a headline ArsTechnica called this flaw:
...a concerning flaw that’s unfixable
Finally (and ironically) The Register brings some sanity to this discussion.
Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away
Whew! I think we're safe.

Intel said that "an attack would require local access, specialized gear, and a high level of skill, making it relatively impractical in the real world."

reddit posted a link to the WIRED article and one of the comments gave some really good advice.
Guess I'll stop inviting Russians over for dinner.
Yeah, me too.

Sunday, June 21, 2020

GroupMe

GroupMe is a free group messaging service offered by Microsoft. It supports groups of up to 500 users across iOS, Android, Windows 10, the web and SMS. Microsoft's introductory page is here.


It’s simple to add anyone to a group using their phone number or their email address. If they're new to GroupMe, there’s no need to download an app right away. They can start messaging over SMS immediately.

You can even use GroupMe to hold a conference call or conduct polls.

Many organizations such as schools and churches have used GroupMe for communication.

For myself, I use the SMS delivery so the messages show up in my phone's text messaging app. I change the text tone to differentiate GroupMe messages from other text messages.

Under the covers, GroupMe is pretty clever. Each GroupMe group is assigned a phone #. This is how the SMS and conference call features work.

Sunday, June 14, 2020

Chrome Scroll to Text Fragment

Google's Chrome 80 introduced a new deep linking feature called "Scroll To Text Fragment." That description struggles to describe what it does.

Basically, it lets you specify a link that will position a web page at a string that you choose.

Here's a screen shot that doesn't use it.


Here's a screen shot that scrolls to "Beat".


Notice that the requested string is highlighted.

Now for the bad news. It's really hard to use.

Here's the URL that I used in the above example.
https://techcrunch.com/2020/03/20/psa-yes-you-can-join-a-zoom-meeting-in-the-browser/#:~:text=Beat
And I can't find a tool that lets you easily construct that URL. I use Notepad.

How-To Geek has an article on it.

Sunday, June 07, 2020

So You Think Your Backups Are Safe

I always beat the drum about making (and testing) backups.

But there's a story that goes back to the 70's. One of my former co-workers used to talk about the best way to damage an enterprise. He said to cause the organization's backups to be corrupted. Then when all their backups had been corrupted, delete the live versions and they wouldn't be able to restore.

He was way ahead of his time.

ZDNet had an article about ransomware attacks corrupting/encrypting backups because they were online when the attack occurred.


Don't forget my admonition.
Backup, Restore, Test
Do it. Do it again. Worry about it.

Now I'm going to add one.
Take the backup copies offline
Do it. Do it again. Worry about it.

I use Macrium Reflect and then keep the USB drive in my trunk.

And as usual I use belt, suspenders, and raincoat. Both Crashplan and Zoolz have built-in ransomeware protection.

I still worry.