Lightning Strikes

It happens all across central Florida this time of year,  the day after a giant thunder storm you try to turn on your computer only to find it’s dead.  It’s just part of life in the lightning capital of the world.  Many people make the mistake of thinking the computer is going, destroyed, not worth fixing.  This could not be further from the truth.  Often the damage from lightning strikes is minimal and easy to fix in under an hour.  We have all the parts needed to repair most computers after a lightning strike on hand and waiting to fix your computer. 

24 people have now been sentenced in India-based phone-scam case

From ARS:

A total of 24 people who pleaded guilty to their involvement in a massive years-long phone scam often involving fake Internal Revenue Service and United States Citizenship and Immigration Services officials have now been given prison sentencesfrom four to 20 years.The indictment was originally filed in October 2016 against 61 people and includes charges of conspiracy to commit identity theft, impersonation of an officer of the United States, wire fraud, and money laundering.

If victims didn’t pay up, callers threatened arrest, deportation, or heavier fines. There were also related scams involving fake payday loans and bogus US government grants, according to the criminal complaint.

The lead defendant was Miteshkumar Patel, who was given 20 years.

According to the Department of Justice, Patel was the manager of a Chicago team of “runners” that helped receive and launder the proceeds of their fraud scheme.

Patel was part of a new group of 21 defendants that were sentenced last week in federal court in Houston.

“The stiff sentences imposed this week represent the culmination of the first-ever large scale, multi-jurisdiction prosecution targeting the India call center scam industry,” Attorney General Jeff Sessions said in a statement issued last week, shortly after the new sentences were handed down.

“This case represents one of the most significant victories to date in our continuing efforts to combat elder fraud and the victimization of the most vulnerable members of the US public.”

The Department of Justice has set up a website to provide information about the case to already identified and potential victims, and the public.

Anyone who believes they may be a victim of fraud or identity theft in relation to this investigation or other telefraud scam phone calls may contact the Federal Trade Commission via this website.


A surge of sites and apps are exhausting your CPU to mine cryptocurrency

From ARS

The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.

The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App.

Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms—including Magento, Joomla, and Drupal—are also being hacked in large numbers to run the Coinhive programming interface.

Earlier this month, political fact-checking site was found hosting Coinhive scripts in a way that exhausted 100 percent of visitors computing resources. A PolitiFact official told Ars the incident occurred when “an unidentified hacker attached a crypto mining script to the PolitiFact code base being stored on a cloud-based server.” The code has since been removed and was active only when people had a window open in their browser.

Don’t look, don’t tell

Coinhive presents its service as a way end users can support sites without viewing online ads, which are often criticized for containing malware that surreptitiously infects visitors with ransomware, password stealers, and other malicious wares. And in fairness, the service only consumes 100 percent of a visitor’s computing resources when the Coinhive’s interfaces are being abused. Still, Coinhive doesn’t require third-party sites to tell visitors their computers and electricity are being consumed in exchange for visiting the site. Coinhive has also done nothing to prevent sites from abusing its programming interface in a way that completely drains visitors’ resources.

Ad blocker AdGuard recently reported that 220 sites on the Alexa top 100,000 list serve crypto mining scripts to more than 500 million people. In three weeks, AdGuard estimated, the sites generated a collective $43,000. Both AdGuard, antimalware provider Malwarebytes, and a variety of their peers have recently started blocking or restricting access to Coinhive crypto mining. Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote:

The reason we block Coinhive is because there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems. A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl.

Coinhive’s massive Web audience isn’t lost on other companies. Collin Mulliner, a security researcher and developer of TelStop, said he recently received an e-mail from a startup called Medsweb inviting him to integrate a Monero miner into his creation. “If your app is deployed on thousands/millions of devices, you can monetize it with monero mining and earn really huge income,” the unsolicited e-mail stated. “We manage all the complexity of backend servers and mining operations and you get a really simple control panel to monitor your hashrate and earnings.”

Malwarebytes noted that Coinhive recently introduced, a service that requires third-party sites received explicit permission of end users before using their computers to mine digital coins. But the antimalware provider went on to point out that remains active and continues to require no end-user notice at all. As the recent discovery of the Android apps and the more than 500 hacked websites makes clear, Coinhive continues to turn a blind eye to the abuse of its service in much the way adware providers did in the early 2000s.

Windows 10 will try to combat ransomware by locking up your data

From ARS

The latest Windows 10 build, today’s 16232, contains a few new security features. In addition to the richer control over exploit mitigation that Microsoft announced earlier this week, the new build also includes a trial of a new anti-ransomware capability.

The long-standing approach that operating systems have used to protect files is a mix of file ownership and permissions. On multi-user systems, this is broadly effective: it stops one user from reading or altering files owned by other users of the same system. The long-standing approach is also reasonably effective at protecting the operating system itself from users. But the rise of ransomware has changed the threats to data. The risk with ransomware comes not with another user changing all your files (by encrypting them); rather, the danger is that a program operating under a given user’s identity will modify all the data files accessible to that user identity.

In other words, if you can read and write your own documents, so can any ransomware that you run.

Microsoft’s attempt to combat this is called “Controlled folder access,” and it’s part of Windows Defender. With Controlled folder access, certain directories can be designated as being “protected,” with certain locations, such as Documents, being compulsorily protected. Protected folders can only be accessed by apps on a whitelist; in theory, any attempt to access a Protected folder will be blocked by Defender. To reduce the maintenance overhead, certain applications will be whitelisted automatically. Microsoft doesn’t exactly specify which applications, but we imagine that apps from the Store would automatically be allowed access, for example.

In principle, this should impede the ability of ransomware to encrypt user data. In practice, we’ll have to see just how robust Controlled folder access is. To be effective, such a safeguard would need, for example, to prevent malicious Word macros from accessing a Protected folder, even though Word itself should be allowed to read and write to the Documents directory. If ransomware can readily get a trusted application to do its dirty work for it, the protection will likely be circumvented sooner rather than later.

In the new build, Application Guard for Edge—the new system for running Edge in a special virtual machine to protect the operating system from browser-based flaws—also takes a big step forward in usability. Previously, these virtualized Edge sessions were ephemeral, with no ability to, for example, store cookies or passwords or create bookmarks. This was useful for visiting highly suspect sites, but it made the feature less than practical for routine browsing.

In today’s Windows build, a separate set of persistent data is now maintained for the virtualized browser sessions. This allows a much more normal browsing experience while still offering the safeguards that virtualization provides

Cable TV “failing” as a business, cable industry lobbyist says

I see more people cutting the cable now than I ever imagined would. 

From ARS

The cable TV business is in trouble—in fact, it is “failing” as a business due to rising programming costs and consumers switching from traditional TV subscriptions to online video streaming, according to a cable lobbyist group.

“As a business, it is failing,” said Matthew Polka, CEO of the American Cable Association (ACA). “It is very, very difficult for a cable operator in many cases to even break even on the cable side of the business, which is why broadband is so important, giving consumers more of a choice that we can’t give them on cable [TV].”

Polka made his comments in an episode of C-SPAN Communicators that is airing this week, though it was recorded in April. Video is available here.

The ACA represents about 750 small and mid-sized cable operators who serve about seven million customers throughout the US. The ACA has also been one of the primary groups fighting broadband regulations, such as net neutrality and online privacy rules, and a now-dead set-top box proposal that would have helped cable TV subscribers watch the channels they subscribe to without a rented set-top box.

Cable “isn’t what it used to be”

“The cable business isn’t what it used to be because of the high costs,” Polka said, pointing to the amount cable TV companies pay programmers for sports, broadcast programming via retransmission consent fees, and other programming.

When asked about cord cutting, Polka said, “it’s the video issue of our time as consumers learn they have choice” from services like Netflix, Hulu, and Amazon Prime.

“It gives consumers more choice, something that they’ve wanted for a long time, more control from the bundle of cable linear programming,” Polka said. “Our members, however, I think are very aggressive in how they are trying to provide consumers that they serve with more choice through on-demand [channels], through availability of over-the-top services, making sure that their broadband plan is fast enough to support a consumer’s video habits. So, yes, it’s a thing that’s happening today, cord cutting, cord shaving. But as an industry, our members are well primed to be able to serve their customers with their broadband service that allows them to consume the video they want.”

Video is “certainly our worst product”

That’s one reason cable companies in the ACA see broadband as “their future,” Polka said.

A cable company executive who appeared alongside Polka on the C-SPAN show echoed those comments.

Video is “certainly our worst product,” said Tom Larsen, senior VP of government and public relations for cable company Mediacom. “It makes the least amount of money.”

Larsen is also an ACA board member. Mediacom is the US’ fifth biggest cable company, though its 832,000 video subscribers are a fraction of Comcast’s 22.5 million. “We used to be the eighth biggest [cable company in the US], but because of all these mergers and acquisitions we keep moving up without doing anything,” Larsen said.

The pay-TV market lost about 410,000 subscribers in Q1 2017, “the first time that the industry has ever had net subscriber losses in the first quarter of a year,” Leichtman Research Group reported last month. The top pay-TV companies across the cable, satellite, and telco industries still account for 93.3 million video subscribers.

While broadband subscriptions are growing, video customers are leaving because of rising prices and online video competition, Larsen said. But historically, video has “always been a big revenue driver for us” and has “paid in a lot of ways for the network that is able today to deliver broadband. So we’re not ready to abandon it yet.”

High prices, low customer satisfaction

Basic-cable TV prices have been rising faster than inflation for 20 years, according to Federal Communications Commission data. The fact that cable companies rarely compete against each other directly in cities and towns helps them keep prices high, and customers have begun filing lawsuits over “broadcast TV” and “regional sports” fees that push cable prices above the advertised rates.

Pay-TV and Internet service providers rank last among 43 industries tracked by the American Customer Satisfaction Index (ACSI), suggesting widespread consumer dissatisfaction.

Even the biggest cable companies complain about programming costs. But Polka said it’s “very fair” to say that, because of economies of scale, Comcast and Charter can deliver programming more cheaply than the small cable companies in the ACA. (Comcast also owns much of the programming it delivers over its cable TV system, such as NBC and various regional sports networks, and it charges other cable operators for the right to air that programming.)

Cord-cutting has also hurt programmers such as ESPN, which has lost millions of subscribers and is laying off many on-air personalities.

TV blackouts

The ACA has complained repeatedly about broadcasters demanding higher retransmission consent fees from small cable companies than from big ones. TV channels are often blacked out when cable companies refuse to pay the broadcasters’ price (even though they’re available for free with an antenna). Last year, the Federal Communications Commission decided not to step up its oversight of contract disputes that sometimes take these channels off cable systems.

“What happens in the video marketplace is the big [cable companies] get the best prices and the programmers look to the littlest guys to make up the difference, so our price will disproportionately get higher,” Larsen said. “So the markets we serve, which are traditionally small, rural markets, will pay more than an urban market. It’s kind of a different digital divide. It’s a pricing divide.”

In negotiations, broadcasters “pretty much have the leverage because they can simply black out their stations,” Larsen said.

Larsen and Polka both praised the FCC’s new Republican leadership for taking a deregulatory approach to broadband. But Larsen said he doesn’t expect the FCC to take any major action on TV blackouts. “I think, short of some major marketplace event, I don’t see the new chairman doing anything about that issue,” Larsen said.

The National Association of Broadcasters argues that cable companies “are simply attempting to avoid fairly compensating broadcasters, who produce the highest-rated content on television.” The association says the government shouldn’t intervene in contract disputes.