Refer previous posts:
Just when I almost weakened and set up a PassKey for at least one account (Google), I heard this on Windows Weekly Ep 944. https://www.youtube.com/watch?v=KcvuD36zQbo
About 1 hr 54 minutes (start of section talking about authenticator Apps –10 minutes approx.) Towards the end of the segment they talk about ongoing problems with PassKeys even when stored in your Password Manager. When I am sure that all issues have been sorted out, I will consider.
SECURITY NOW EPISODE No 1022
Refer “Security Now” Ep 1022 issued on 23/4/25.
About 1 Hr 32 Mins to 1Hr 51 Min
SUMMARY OF THE CHANGES
The maximum lifetime period for SSL/TLS certificates is currently 398 days. However, the people who control the issue as well as major browsers, are gradually reducing this to 47 days by March 2029. All major browsers (from Apple, Google, Mozilla, and Microsoft) are going to enforce the new rules, and the reason is to increase security by reducing the risk of compromised certificates.
A summary of the changes:
It just so happens that I got an email from my web hosting company that I did not fully understand – but now all is clear.
Steve Gibson, the host of the podcast “Security Now,” is not happy and I am also not happy. I hope that web hosting companies will provide some sort of automation to make the process easier.
Refer previous posts
I have been keeping an eye on PassKeys and even though you can use most password managers for PassKeys, there are still questions remaining mainly about agreed upon standards.
In particular, there and problems with issues like migration and syncing between devices and services.
As stated previously, my password manager affords an easy solution for long and unique passwords and combined with 2FA, provides sufficient security for my needs.
Password Manager support for PassKeys negates the concerns about per device isolation and the ease with which you can log into a particular device using a four number Pin. But problems with standards on migration between password managers and syncing remain troublesome. I am still considering PassKeys but will continue to wait until all the bugs are resolved.
IP – Internet Protocol (IP) address is the identifying number assigned to every device connected to the internet.
Domain Name – A domain name is text that links to an IP address. It is used to access a website. A domain name is the name that a user types into a browser to reach a website. The domain name for Google is ‘google.com’.
DNS – The Domain Name System (DNS) is like a phonebook for the Internet. It enables Domain Names to be converted to IP addresses.
ISP – Internet Service Provider. The company you get your internet from. In Australia, Telstra, Optus, Vodaphone, TPG, Aussie Broadband etc.
Email Spoofing -sending email messages with a fake sender address. In cases where you have and email address issued on your Domain Name, Email Spoofing involves someone other than the Domain Name owner sending out fake emails under that name.
Recently, I had a number of non-delivery notices from emails I had sent from my email address on my Domain – Whysun.com.
I have several security measures in place to stop Email Spoofing and they depend on quoting the correct IP.
As soon as I started receiving the non-delivery notices, I assumed that my ISP had changed my IP. When you “get the internet” from an ISP, you are in fact buying one IP address and you use your router to link that one IP address to your various devices either by Wi-Fi or Ethernet (cord).
Most ISPs in Australia offer Dynamic IP addresses. In other words, the ISP can change the IP address at any time. You can buy a Static (fixed) IP address, but the ISP does not usually change the IP address all that often. Unless you have a reason for a static IP, it does not matter if the IP changes. Most people just accept a Dynamic IP as they have no reason for a static IP. In cases where you might have a reason to have a static IP, many people (including myself) just accept a Dynamic IP instead of paying extra for a fixed IP as the changes are infrequent.
As soon as I saw the non-delivery notices, I immediately checked my IP/DNS and, sure enough, my ISP had changed my IP address.
It took only a few minutes to fix it. Instead of buying a static IP address, I will regularly send a test email from my domain email to one of the emails I have on Outlook or Google.
My ISP charges AUD$10 per month for a static IP address. I’ll consider paying for this service if changes occur more frequently than just once in a blue moon.
Windows Live Writer was an excellent Blog Publishing Tool. Unfortunately, it was discontinued and has not been available since 2017.
I then started to use Open Live Writer which was a free open-source fork of Windows Live Writer.
But the last time I used it, it would not publish to my WordPress blog. After spending a few minutes playing around with it, I decided to uninstall and re-install. But it was no longer in the App store. I am certain I would have downloaded it from the MS store.
But it appears that you have download the installer from the website.
This the web site https://openlivewriter.com/
I downloaded the installer and attempted to run it. However, when I got to the part where you input the log in details for the blog, it came up with the same message as before – it could not locate the blog. I had disabled the relative plugin preventing this.
So, it looks like I can no longer use this app and I will have to go back to using the new post tool on WordPress.
Refer previous post 11th April 2024 https://whysun.com/computers-and-the-internet/windows-10-end-of-support/
THIS IS A REMINDER TO THOSE PEOPLE STILL RUNNING WINDOWS 10 THAT SUPPORT EXPIRES IN ABOUT A YEAR.
The post referred to above has full details.
Refer previous post.
Google Chrome browser has been warning users of uBlock Origin that it will soon be disabled. The reason is that Chrome (and other browsers based on Chromium like Edge) will be moving from existing standard “Manifest v2” to a new standard “Manifest v3”. The creator/maintainer of uBlock Origin, has indicated that he will not be adapting uBlock Origin to Manifest v3.
Chrome is suggesting that you will have to find an alternative ad blocker before Google Chrome disables it for good. A suggested alternative is uBlock Origin Lite – a “fork” of the original. It is a content-blocking extension that functions on the upcoming Manifest v3 system but lacks some features of the original.
uBlock Origin still works on Firefox and I have switched to that browser for watching YouTube videos. Edge is still my default browser and I will still also continue to use Chrome.
I installed uBlock Origin Lite on Chrome and it blocked the pre-roll ads on YouTube. However, like the ad blocker I use on my Apple iPad, it produces a black screen for a few seconds in place of the pre-roll ads. I am not sure about the annoying ads that interrupt the video. They have not appeared so far, and I will update this post if they do appear – or a blank screen appears.
My Ad Blocker of choice is UBlock Origin, but it no longer works on Chrome when accessing YouTube.
In fact, Google says it will disable UBlock Origin on Chrome this year. This is the message when you click Manage Extension for UBlock Origin on Chrome:
This extension may soon no longer be supported
Remove or replace it with similar extensions from the Chrome Web Store
It continues to work fully on Firefox and Edge** so I guess I will start viewing YouTube on Firefox. those browsers.** YouTube is almost un-watchable with ads interrupting at various random times. I don’t mind the pre-roll ads, but it is the abrupt interruptions that annoy me.
I will stop using Chrome if it becomes necessary.
The podcast SECURITY NOW Ep 986 mentioned this subject, and it is not known yet if UBlock Origin will update its Chrome Extension to comply with the new Chrome policy.
This is the entry for UBlock Origin on Wikipedia https://en.wikipedia.org/wiki/UBlock_Origin
UBlock Origin is the pick of the Ad Blockers, and I intend to continue using for as long as I can, if necessary, by not using browsers that block it. So far, Chrome is only blocking it on YouTube, but they have stated that they will fully block it this year.
As I have previously stated, I leave the default browser/search engines in place. That means, with Windows PCs the default browser is Edge with Bing as the search engine. I also use 2 other browsers – Firefox / DuckDuckGo and Chrome / Google.
** UPDATE MICROSOFT EDGE
A similar situation exists with Edge and YouTube (which is not surprising now that Edge is based on Chromium)
My iPod Nano has, after many years, finally died. The battery was still ok, but the internal memory was showing signs of trouble. It finally stopped working.
Apple stopped making the Nano in July 2017 and I bought mine well before that. (I don’t recall when I bought it, but it would be more than 5 years before 2017.) So, my Nano would be well over 12 years old – more like 15 years.
When I heard that Apple had stopped manufacturing them, I bought a spare and put it in storage for this day. Unfortunately, a friend who also used a Nano for running/hiking broke hers, so I gave her my spare.
I mainly listen to podcasts on my Nano so I guess I will now have to use the Podcast App on my phone.
The nano was a great little device. It was tiny and ideal for running/ hiking / walking or for most types of exercise. I used to have an iPod Shuffle. However, the Nano was better. It was a bit bigger, but not by that much and, most importantly, it had a screen (unlike the Shuffle).
Sony has a similar sized 8GB MP3 player called a “Walkman NWZE394B” for about AUD$200. This device is not compatible with iTunes but you can drag and drop iTunes files from computer to the Walkman.
I think I will just use my iPhone.
UPDATE – MY NANO IS WORKING AGAIN
I just remembered – iTunes has a “Restore” function. I ran it for my Nano and it is working again.
The podcast – Security Now No 972 – contains important information about Passkeys.
It is interesting to note that the host, Steve Gibson, does not use Passkeys. (At about One hour 57 minutes into the Podcast on YouTube – see following link).
This is the YouTube of the podcast – https://www.youtube.com/watch?v=fSNcUKphUtw&list=PLdPwyUeH0mS566Y0YZ7oAGghzMgRlWTBf
The part about Passkeys starts at about One hour 19 mins and continues until the end.
The latest William Brown Blog referred to can be found here https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
Although, it appears that you can store the Passkeys code on a Password Manager such as Bitwarden, there are other issues apart from the ones I was concerned about (see https://whysun.com/computers-and-the-internet/passkeys/ )
I am glad I decided to wait.
