Fake Recall Notice

I just got a news brief notification on my phone. It read, “about 2.2 million vehicles” and “nearly all Tesla EV models”… I wonder if they know of other Tesla models that are not EV?

https://www.foxbusiness.com/fox-news-auto/tesla-recalls-2-million-vehicles-us-warning-lights-issue – Elon Musk, chief executive officer of Tesla Inc., during a fireside discussion on artificial intelligence risks with Rishi Sunak, UK prime minister, not pictured, in London, UK, on Thursday, Nov. 2, 2023. (Tolga Akmen/EPA/Bloomberg via Getty Images / Getty Images)

CLICK BAIT, Thanks Fox Business and really any news publication that just released this story.

If a car or any electronic has the ability to push ‘OTA’ (Over-The-Air) updates via Wi-Fi or Cellular, then is it really considered a ‘recall’? They may have been forced to do it by the NTSB but a recall implies action on the end user to do something.

When I got a recall on my baby car seat, I was contacted by the manufacturer, I sent them a picture, my address, and a quick form and was sent a new base with the issue resolved. Arguably, a new component cost the company much more money then some code edits. I am not saying a Software Developer’s time is not valuable. I am saying it cost a company far more money to manufacture and ship a piece of hardware versus the time to code some software and push it out to all impacted users.

As my friend pointed out, if a software update was considered a recall then my iPhone and Microsoft Windows computer gets ‘RECALLED’ at least once a month…

https://www.foxbusiness.com/fox-news-auto/tesla-recalls-2-million-vehicles-us-warning-lights-issue

Outlook vs OWA

I am defining Microsoft 365 Outlook app on your computer vs Outlook Web Access via https://outlook.office.com/mail/.

Here is a side-by-side comparison and I bet you can’t tell which is which? There are only subtle differences. This is a screenshot from my 2 24″ monitors and on my work account with Microsoft E3 license with Office build version 2311.

It’s pretty easy to see that Microsoft is wanting no difference between your installed app and your web app versions. I can bet this is for easier development. I can also bet you that the install outlook is actually running on some emulated html code unlike other actually installed apps. You can tell this when it loads and also the settings page.

There is one way to tell which screenshot is which but I don’t want to spoil the fun of you guessing. And no, I am not using some special version of Microsoft insider preview build.

Leave a comment below with your guess on which is the Desktop App or the Online Version?

It it’s not tied down…

This just just shows that the bad guys are only getting better. No matter how much security we think we have, we need to constantly test ourselves. “…attacks always get better, they never get worse…” #BruceSchneier

Given enough time, the bad guys will find a way. It’s unfortunate, but true. The bad guys are highly motivated by money. There is a LOT of money in being bad. There’s not enough monetary motivation to being a good guy. You just have to want to do it for moral reasons. On a recent #SecurityNow podcast, Steve Gibson laid out all the millions of dollars that were gained by the top recent attacks and the company behind those attacks.

If you are responsible for your company’s security then you need to educate your users regularly on security measures and best practices. If you are a human and have any username/password combination then you MUST use MFA when you can, or when offered. Time-based is way more secure than SMS. You MUST use a reliable password manager because you MUST NOT use the same passwords on different accounts. Help yourself stay secure because the bad guys will help themselves to your data. I PROMISE YOU!

#security #data #motivation #podcast

Courtesy: Steve Gibson from #SecurityNow Podcast – grc.com/sn/sn-928-notes.pdf

Secure Password is not Secure

You’ve seen it, “Enter your new password, it has to be this long with these character types…” BLAH BLAH BLAH. You enter your regular password of Monkey123 (Yes, monkey is always among the most popular passwords found on the internet.)

https://wpengine.com/resources/passwords-unmasked-infographic/
(indecent passwords are blacked out)

I like sites that allow you to add multiple symbols. I also like sites that allow you to set VERY LONG passwords. I personally use passwords that have UPPER, lower, numbers 123, and symbols !@#$%^&*()_+-={}|[]\:”;'<>?,./ that are super long. I also use a password manager so I don’t have to remember my passwords. See LastPass. LastPass is not a sponsor. I have used them as a paid subscriber for 10+ years.

I was setting up a password for 8×8 which is a VoIP phone provider and I used my random password generator from LastPass and 8×8 told me my password was not secure.

Here is an example of a password that I use for my accounts. You can see 50 characters that have upper, lower, numbers, and symbols. A password like this 50 character length has 1606 bits of entropy.

4.53*10^94 is the total number of passwords
94 characters on the keyboard, 50 digits = 94^50
THAT IS slightly more than “FOUR AND ONE HALF HUNDRED UNTRIGINTILLION.”

BUT, 8×8 limits you to no more than 25 characters. That’s half of the total possible combinations at 2.1291E+49 (or 2.13*10^49 or 20 QUINDECILLION.

I don’t know about you but I am not comfortable with only 20 quindecillion possibilities for my password and a brute force attack. Now a days computers can guess about 1,000,000 guesses per second.

SINCE they limit the types of characters to just ~!@#$%^&*()_+-=;:,.?<> AND a-z, A-Z, 0-1 which equals 58 character types and max of 25 digits (58^25) = 1.21815E+44 (or 1.22 Hundred Tredecillion or 1.22 * 10^44 or 121,814,739,012,626,000,000,000,000,000,000,000,000,000)

IN CLOSING, a site that requires password should never limit the number of digits and should allow for all possible character types. If they are storing your password securely with a salted hash then the length and type does NOT matter to the database.

Have a nice (and secure) day!

Is It Down?

Yesterday there was an outage of 8×8 (eight by eight) which is a VoIP (Voice Over Internet Protocol) Phone Provider. I didn’t know if it was that site’s internet or specific to their account or the whole system. I came across two things that I thought I would share.

First, if you rely on a service for your business you should always know of their status page for their service. Comment below if you have others you would like me to add.

8x8-logo - ACP CreativIT
8X8 – https://status.8×8.com/
Microsoft to end device limits for consumer Office 365 subscribers |  Computerworld
Office 365 – https://status.office.com/

Zoom – https://status.zoom.us/



Google – https://status.cloud.google.com/

Second, there is a website, iOS and Android app for Downdetector which is user submitted outages for a plethora of service providers. Check it out!

Pin on IPHONEOS 14

https://apps.apple.com/us/app/downdetector/id816223770

Google Play Store picks up a new icon and notifications - TalkAndroid.com

https://play.google.com/store/apps/details?id=com.serinus42.downdetector&hl=en_US&gl=US

HP 3 Monitor Daisy Chain

Specs HP Z24f G3 60,5 cm (23.8") 1920 x 1080 pixels Full HD Silver Computer  Monitors (3G828AA)

While it is not a new concept, I just had the pleasure of setting up 3 monitors via DisplayPort daisy chaining. Using a Lenovo ThinkCentre M92g and two HP z24frg3 monitors plus another HP monitor, I was able to connect DP out from desktop to 1st monitor, DP out from that to 2nd monitor, DP out to a 3rd monitor. Windows 10 automatically handled the screen extension just fine and dandy. We did try a 4th monitor but the video card wouldn’t pick it up. STILL 3 monitors using daisy chaining is a HUGE benefit for cable management and port savings. You can see on this picture below the DP in and DP out. This monitor is about $250 each.
https://www.hp.com/us-en/shop/pdp/hp-z24f-g3-fhd-display

Do Not Do This

Pssssn
Photo Credit: https://howtoremove.guide/p-s-s-s-s-n-wireless-network/

Do NOT join this network if you see it. Once you do it will brick your iPhone and will need a Reset Network Settings to fix. iOS Settings > General > Reset > Reset Network Settings.
(NOTE: if you need to click ‘Reset Network Settings” you won’t lose any data or files on your phone except you will lose any saved Wi-Fi networks and passwords.)

Photo Credit: Jason Lamb

There is a bug in the text parser in iOS that tries to interpret the % as an escape character. %20 is often used in URLs and JavaScript to identify space between words. You can see a full list of URL encodes here: https://www.w3schools.com/tags/ref_urlencode.ASP

You can play with this 074%097%115%111%110%032%076%097%109%098%032%105%115%032%065%087%069%083%079%077%069%033 and decode it here: http://www.unit-conversion.info/texttools/ascii/

Start this video at 22:58 to hear Steve talk about this vulnerability.

You can check out Steve Gibson’s show notes from this episode here: https://www.grc.com/sn/sn-824-notes.pdf or the written transcript of that episode here: https://www.grc.com/sn/sn-824.htm

Also read: https://howtoremove.guide/p-s-s-s-s-n-wireless-network/

nar·cis·sis·tic

…Speaking of Narcissism, check out my About page

numerous app is gone

UPDATE: The Numerous Blog (and iOS app) that I reference below is officially gone. 


I wrote this on Facebook. To save time and not have to repeat my words I am going to copy and paste it here:

I think I have a serious problem when people have a problem with Facebook. I think I take it personal, truly. Once upon a time, before Facebook, I created my own website to keep in touch with friends and family. You may have heard of it (indycrewworld . com) which was quickly turned into icwnow.com because 14 characters was too long to type. I now mostly focus on myself [at] jasonlamb.me because I am narcissistic, at least that is what I am told. Long story short, facebook is my touch to many people in my life and when you leave it you are in a sense leaving my contact with you….to be continued.

This is the continuation…

pay phone still exists?
narcissistic

I don’t think I am narcissistic but then again people with problems rarely think they have a problem. Google defines it as:  “having an excessive or erotic interest in oneself and one’s physical appearance“. Merriam-Webster says: “love of or sexual desire for one’s own body“. I surely don’t “love” my body. I don’t hate it but am not in love with my body. This picture from a year ago, well, ok…maybe I do look good. But who doesn’t look good talking on a public pay phone that doesn’t work any more outside a Chinese restaurant in Chinatown, Los Angeles, CA? I digress. My mother would argue in favor of my narcissistic behavior because I may or may not have taken a ton of selfies as a kid back when disposable cameras we a big hit. For each camera roll I had at least one selfie. I even did a project last year that I took a selfie a day to show my beard growth.

facebook friends
screen shot from my numerous app

I have an app called Numerous that keeps track of how many friends I have on Facebook. Not that I want a big number I just want to know when I lose a friend. Right now I am at 421fb friends 421and on my birthday I had 426. I don’t want or need a large number of friends. I think quality over quantity is the key. I just wonder who it is when I that number drops. Is that somebody un-friending me or are they deactivating their account? I will truly not know. The app doesn’t tell me who I lost, just that the number dropped.

Now that I re-read this whole mumbo jumbo I am not sure that me worrying about my number of friends is so much the same as being narcissistic.

Side note: The Numerous app is shutting down its services on May 1st, 2016 due to lack of funding. So no more Facebook friends tracker.

mumbo jumbo
Mumbo Jumbo

Side side note: ‘mumbo” is not a valid word according to my spell check. But according to a Google search it is a cool looking character.

I don’t think I am quite done pondering this topic.

I do want to give a shout out to my anonymous friend who has silently encouraged me to start writing on my blog more. Thanks Friend.