Tuesday, December 19, 2017

Get a Text Browser for Window 7, 10 Working

Goal: Surf the web with no ads. 
Solution: Get a working Text Browser for Windows; 
  • Emacs which is well supported for all platforms comes with a web browser ! 
  • tried Lynx browser but could not get it to work. 
Side Benefit: Easter egg - add to comments below if you know what it is.

The Emacs Web Browser (Eww) is a very basic and fast text/image browser. Flash and Javascript are not supported which gets rid of ads. Emacs Web Browser original instructions herewarning very sparse.


Emacs Web Browser surfing http://www.google.ca/
Source:

Get latest version GNU EMACS 26.0.90 for Windows

http://alpha.gnu.org/gnu/emacs/pretest/windows/

How to get EMACS Web Browser to work

  1. Unzip emacs-26.0.90-x86_64-with-deps.zip - Depends library
  2. Unzip emacs-26.0.90-x86_64.zip - Compiled Emacs editor with browser
  3. Copy Compiled sub-directories to Depends sub-directories;
        bin -> bin
        lib -> lib
        libexe -> libexe
        share -> share - you can say NO to copy overwriting info and man directories.
  4. Run EMACS by clicking runemacs.exe in Depends bin directory
  5. In EMACS, choose Tools -> Browse the Web -> Enter your URL or Keywords: 
  6. Voila! it works!
Trivia



  1. EWW, the Emacs Web Wowser, is a web browser package for Emacs.
  2. Download is huge at 716Mb combined, but running takes a scant 45 Mb of RAM.
  3. If you just use emacs-26.0.90-x86_64.zip it will complain about not loading LIBXML2.dll.
  4. You can download that here http://xmlsoft.org/sources/win32/, but then complains about gnutls not being installed, then we are into dependency hell. Hours later....

Monday, December 18, 2017

Canadian / American Spelling Differences - What lingo does your blog speak?






















Canadian / American Spelling Differences - What does lingo does your blog speak?


For a complete description of language difference see Canadian Gov. Translation Bureau:  https://www.btb.termiumplus.gc.ca/tcdnstyl-chap?lang=eng&lettr=chapsect3&info0=3#zz3

Canada
United States
abridgementabridgment
acknowledgementacknowledgment
amoebaameba
analyseanalyze
anaesthesiaanesthesia
arbourarbor
axeax
barrelledbarreled
behaviourbehavior
belabourbelabor
brunettebrunet
calibrecaliber
cataloguecatalog
cancelledcanceled
candourcandor
centrecenter
centimetrecentimeter
chequecheck
colourcolor
counsellorcounselor
clamourclamor
crystallinecrystaline
cruellercruelest
crystallizecrystalize
defencedefense
dialoguedialog
aeoneon
favourfavor
favouritefavorite
fervourfervor
fibrefiber
flavourflavor
fuelledfueled
fulfilfulfill
funnelledfunneled
gaugegage
goitregoiter
greygray
gruellinggrueling
harbourharbor
honourhonor
humourhumor
jewellerjeweler
instalmentinstallment
imperilledimperiled
kilometrekilometer
labourlabor
labelledlabeled
labourlabor
levelledleveled
licencelicense
litreliter
louvrelouver
lustreluster
macabremacaber
manoeuvremaneuver
marvellousmarvelous
mattematt
medallistmedalist
meagremeager
metremeter
millimetremillimeter
mitremiter
modelledmodeled
mouldmold
moultmolt
moustachemustache
neighbourneighbor
paeanpean
paleolothicpalaeolothic
panelled/panellingpaneled/paneling
parlourparlor
practice, practisepractice
pummelledpummeled
pyjamaspajamas
odourodor
rancourrancor
raquetracket
reconnoitrereconnoiter
saleablesalable
savoursavor
sceptrescepter
smouldersmolder
sombresomber
sulphatesulfate
sulphursulfur
tonneton
totalledtotaled
tranquillizetranquilize
tumourtumor
travellertraveler
tunnelledtunneled
theatretheater
vicevise
valourvalor
vapourvapor
vigourvigor
wilfulwillful
worshippedworshiped
queueingqueuing

Friday, December 15, 2017

What is blockchain?

Simple marketing explanation



More detailed explanation


What's a blockchain smart contract ? The future of payment, no middle man.


What is Bitcoin's Lightning Network? Current transaction limits is the problem.


Tuesday, December 12, 2017

Visual Studio Code Blank/Empty Screen Fix for Windows

Visual Studio Code 1.18 (8 November 2017) Blank Screen still persists


























How to fix Visual Studio Code Blank/Empty Screen on Windows

Right-click on Shortcut and add --disable-gpu to Target: 

"C:\Program Files\Microsoft VS Code\Code.exe" --disable-gpu




Tue 13-Feb-18 1:17pm  - Update : Still an issue on version 1.20.0


Monday, December 11, 2017

HP Synaptics driver for touchpad and keyboard hides a Key-Logger found in over 400 models


HP release a shame fix for their Synaptics touchpad drivers, fix number HPSBHF03564 rev 1 - Synaptics Touchpad Driver Potential, Local Loss of Confidentiality

A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.

The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.

"The logging was disabled by default but could be enabled by setting a registry value," said Michael Myng, the security researcher who discovered the flaw earlier this year.
That registry key is:


HKLM\Software\Synaptics\%ProductName% 
HKLM\Software\Synaptics\%ProductName%\Default
%ProductName% might be “SynTP” or “PointerPort”. The value type is DWORD.

See my post on Windows 10 opt out on spying telemetry

This will affect IBM Thinkpads as well, even though not yet announced.

Sources:

  1. https://www.computerworld.com/article/3238512/microsoft-windows/hp-stealthily-installs-new-spyware-called-hp-touchpoint-analytics-client.html
  2. https://www.bleepingcomputer.com/news/hardware/keylogger-found-in-hp-notebook-keyboard-driver/

Friday, December 8, 2017

How to install GNU EMACS Text Web Browser on Windows 10

Goal: Surf the web with no ads and paywalls.
Solution: Use a Text Browser;  

  • tried Lynx browser but could not get it to work. 
  • Emacs which is well supported for all platforms comes with a web browser ! 

The Emacs Web Browser (Eww) is a very basic and fast text/image browser. Flash and Javascript are not supported which gets rid of ads. Emacs Web Browser original instructions herewarning very sparse.

Emacs Web Browser surfing http://www.google.ca/

Source:

Get latest version GNU EMACS 26.0.90 for Windows

http://alpha.gnu.org/gnu/emacs/pretest/windows/

Update 2020:

Get https://metadataconsulting.blogspot.com/2020/04/How-to-get-a-Text-Browser-for-Windows-7-10-Surf-the-web-in-text-only-no-ads.html

How to get EMACS Web Browser to work

  1. Unzip emacs-26.0.90-x86_64-with-deps.zip - Depends
  2. Unzip emacs-26.0.90-x86_64.zip - Compiled
  3. Copy Compiled sub-directories to Depends sub-directories;
        bin -> bin
        lib -> lib
        libexe -> libexe
        share -> share - you can say NO to copy overwriting info and man directories.
  4. Run EMACS by clicking runemacs.exe in Depends bin directory
  5. In EMACS, choose Tools -> Browse the Web -> Enter your URL or Keywords: 
  6. Voila! it works!
Trivia

  1. EWW, the Emacs Web Wowser, is a web browser package for Emacs.
  2. If you just use emacs-26.0.90-x86_64.zip it will complain about not loading LIBXML2.dll.
  3. You can download that here http://xmlsoft.org/sources/win32/, but then complains about gnutls not being installed, then we are into dependency hell. Hours later....

Thursday, December 7, 2017

Apple Phishing Email - Payment Confirmation for Order No. 6881237774449 App Store - Mobile Legend: Bang Bang on App Store

For the record, this is an Apple phishing email attempt that is recently going around. What to do?  Report them, goto bottom of page.


From : AppStore Order Receipt <nnnnnnnnnnnnnnn@mobilelegend-bangbang.net>

Subject
Payment Confirmation for Order No. 6881237774449 App Store
       
         
         
          Thanks for your purchase

Dear Client,

You’ve purchased a product from Mobile Legend: Bang Bang on App Store.
This is receipt your payment from YoungJoy Technology Limited.
Document ID Date Confirmed Status
6881237774449 Thursday, December 07, 2017 SUCCESSFUL
Mobile Legend: Bang Bang 1000 Diamonds
Type: Purchase in App 
Qty: 1 
Price: $29.99 
VIEW RECEIPT


VIEW RECEIPT points to evil link....
https://t.co/PxDb9TPL1A   which decompresses to
https://appleid.service-kopla.ga/



Didn't authorized this transaction?
Visit the App Store help center to dispute this transaction.

If you have any questions about this information, you can visit App Store help Center
Learn how to manage account preferences for iTunes, iBooks, and App Store Purchases
Help & Contact | Security | Privacy & Policy 

© 2017 All Right Resrved. Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.


Here's how the phishing site looks


How to tell this is a Phishing email ?


  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Report phishing emails to Apple 

Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.

Tuesday, December 5, 2017

Mailsploit Lets Attackers Send Spoofed Emails on popular email clients and servers










The main reason for SPAM 

Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Email Servers, therefore circumventing spoofing protection mechanisms SPAM filters.

Bugs were found in over 30 applications, including prominent ones like Apple Mail (MacOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.

In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.


How Mailsploit works

Attacker can create a valid email address whose username is actually an RFC-1342-encoded string:

From: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Decoded this becomes which contains null-byte (\0):


potus@whitehouse.gov\0(gov@whitehouse.gov)@mailsploit.com

The problem is most mail systems will ignore everything after null-byte (\0). 


Thus potus@whitehouse.gov would be scanned ignoring the real exploit domain @mailsploit.com.  

Thus when you reply to this email, it would choose first email. 

Reply-To: potus@whitehouse.gov

Who does this affect ?

Mail Clients affected (see full actively maintained spreadsheet


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Mozilla Thunderbird ≤ 52.5.0 / SeaMonkey ≤ 2.4.8 MACOS WINDOWS
Mail for Windows 10 WINDOWS
Microsoft Outlook 2016 MACOS WINDOWS
Yahoo! Mail IOS
Yahoo! Mail ANDROID
[A bug bounty program that does not allow disclosure yet] ANDROID
[A bug bounty program that does not allow disclosure yet] IOS
Spark ≤ 1.4.1.392 MACOS
Spark IOS
ProtonMail ANDROID IOS
Polymail MACOS
Airmail ≤ 3.3.3 MACOS
BlueMail ≤ 1.9.2.62 ANDROID
TypeApp ANDROID IOS
AquaMail ANDROID
Opera Mail MACOS WINDOWS
Postbox ≤ 5.0.18 MACOS WINDOWS
Newton ANDROID MACOS WINDOWS
Guerrilla Mail ANDROID
Email Exchange + by MailWise ANDROID
AOL Mail ANDROID
TouchMail WINDOWS
Mailbird WINDOWS

Source
https://www.mailsploit.com/index