Microsoft is Throttling Some 365 Services Due to High Demand

Office 365YouTube isn’t the only service that is trying to cut their use of Internet bandwidth to maintain their service levels. Microsoft Office 365 is being throttled as well. I expect that the strain of so many people working from home, and trying to keep up with the news is causing many services to adjust to the increased usage.

Slashdot – “Microsoft Throttles Some Office 365 Services To Continue To Meet Demand

In response to high demand as a result of the COVID-19 coronavirus pandemic, Microsoft has started taking action to preserve overall performance by throttling some services. ZDNet reports:

On March 16, Microsoft posted to Microsoft 365/Office 365 admin dashboards a warning about ‘temporary feature adjustments’ that it might take. That warning told customers that Microsoft was ‘making temporary adjustments to select non-essential capabilities.’ Officials said they did not expect these changes to have significant impact on users’ experiences. Among the examples of the types of changes Microsoft might take would be things like how often its services check for presence; intervals in which other parties typing are displayed; and video resolution. Today, March 24, Microsoft started cautioning Microsoft 365/Office 365 commercial users of some other ‘temporary changes’ they should expect. The list:

OneNote:
– OneNote in Teams will be read-only for commercial tenants, excluding EDU. Users can go to OneNote for the web for editing.
– Download size and sync frequency of file attachments has been changed.
– You can find details on these and other OneNote related updates at http://aka.ms/notesupdates.

SharePoint:
– We are rescheduling specific backend operations to regional evening and weekend business hours. Impacted capabilities include migration, DLP and delays in file management after uploading a new file, video or image.
– Reduced video resolution for playback videos

Stream:
– People timeline has been disabled for newly uploaded videos. Pre-existing videos will not be impacted.”

Rise in Zoom Conferencing Opens Up Security Issues

Zoom ConferencingDue to working from home, a LOT of folks are using Zoom for conferencing, as well as “FreeConferenceCall”… there are security issues you need to be aware of! One really embarrassing issue is called “Zoom Bombing.” This is a take on “Photo Bombing.” Since attendees can show any video from their computer, people have taken to acquiring conference keys, connecting, and then showing porn during a conference. Since everyone in the conference then sees it, it usually “takes down” the whole conference! This happened to Chick-Fil-A recently!

Using Zoom? Here are the privacy issues you need to be aware of

Protonmail – By: Richie Koch – “Zoom has seen a flood of new users as the COVID-19 outbreak forces more and more employees to transition to working from home. Zoom’s big selling point is its near-frictionless video calls.

However, new users should be aware of the company’s privacy practices. By looking through its privacy policy and some of its support documents, you quickly discover that Zoom allows your boss to track your attention during calls, shares the copious amounts of data it collects with third parties, and has already had a major security vulnerability.

We believe it’s important for our community who may be switching to Zoom in their workplace during the coronavirus outbreak to be aware of these issues, and this post looks at each of them in detail. At the end, we’ll offer some suggestions for what you can do to protect yourself while using Zoom.

Zoom knows if you are paying attention to the call

Whenever you host a call, you have the option to activate Zoom’s attendee attention tracking feature. This feature alerts the call’s host anytime someone on the call ‘does not have Zoom Desktop Client or Mobile App in focus for more than 30 seconds.’ In other words, if you are on a Zoom call and you click away from Zoom, the host of the call will be notified after 30 seconds, regardless of whether you minimized Zoom to take notes, check your email, or respond to a question on another app.

This feature only works if someone on the call is sharing their screen. It is unclear whether the attendees of a call are notified if attention tracking is being used on a call. When we tested it, the attendees did not receive any indication that their attention was being tracked.

Of course, just because you are not viewing the Zoom screen does not mean you are not paying attention or doing work. Furthermore, this feature cannot always reliably gauge if you have clicked away from the call. It only works on version 4.0 or later of Zoom apps and is not as reliable if you attend a Zoom call through your web browser rather than an app.

You should also be aware that if a host decides to record the call so it can be played later, Zoom saves a TXT file of the chat messages from the meeting and shares it with your boss. According to its support page on the subject, ‘the saved chat will only include messages from the host and panelists to all participants.’ However, it does not clarify what will happen to direct messages between attendees.

Zoom not only tracks your attention, it tracks you.

According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any ‘information you upload, provide, or create while using the service.’

Some of this data you enter yourself when you are signing in (for example, to join a call online, you must give your email) but much of it is collected automatically by the Zoom app.

In its privacy policy, under the entry ‘Does Zoom sell Personal Data?’ the policy says, ‘Depends what you mean by ‘sell.” To summarize Zoom’s policy, they say they don’t sell personal data for money to third parties, but it does share personal data with third parties for those companies’ ‘business purposes.’ And that may include passing your personal information to Google.

The camera hacking bug

Last year, security consultant Johnathan Leitschuch discovered that Zoom set up a local web server on a user’s Mac device that allowed Zoom to bypass security features in Safari 12. This web server was not mentioned in any of Zoom’s official documentation. It was used to bypass a pop-up window that Safari 12 would show before it turned on your device’s camera.

However, this remote web server was also not adequately secured. Pretty much any website could interact with it. The result was that Zoom allowed malicious websites to take over your Mac’s camera without ever alerting you.

This led Electronic Privacy Information Center to file an FTC complaint against Zoom, alleging that Zoom ‘intentionally designed its web conferencing service to bypass browser security settings and remotely enable a user’s web camera without the knowledge or consent of the user.’

While Zoom has since removed these remote web servers, its cavalier approach to getting user permission and its disregard for security and privacy concerns in the pursuit of convenience raise serious questions about trust.

How you can protect your data

As Zoom becomes the standard video conferencing tool, there are some steps you can take to keep your data safe.

  • Use two devices during Zoom calls: If you are attending a Zoom call on your computer, use your phone to check your email or chat with other call attendees. This way you will not trigger the attention tracking alert.
  • Do not use Facebook to sign in: It might save time, but it is a poor security practice and dramatically increases the amount of personal data Zoom has access to.
  • Keep your Zoom app updated: Zoom removed the remote web server from the latest versions of its apps. If you recently downloaded Zoom, there’s no need to be concerned about this specific vulnerability.

We recognize that working from home is going to require a reconfiguring of how companies, offices, and employees work. However, workers’ personal privacy should not be sacrificed in this transition.

Now that offices are closed, it is more important than ever that workers remember security guidelines. We have resources that can help you stay safe. Our IT security ebook, with its email security and IT security best practices lists, can help employees maintain their security and privacy while working from home.”

YouTube Cuts Streaming Quality During Coronavirus Crisis

YouTubeRight when we need it most?! Sigh!

YouTube Will Limit Streaming Quality for Users Worldwide

Cord Cutters News – By: Jess Barnes – “YouTube will begin limiting the streaming quality of videos for users worldwide, beginning today. Bloomberg first reported the news that YouTube will have videos default to standard definition for a month, following efforts to ease internet traffic that has increased with the coronavirus outbreak.

YouTube already committed to reducing streaming quality in Europe, along with Netflix, Amazon, and others. “We are making a commitment to temporarily switch all traffic in the EU to standard definition by default,” the company said in a statement at that time.

Now, the plan will expand worldwide. Users will now see videos in standard definition by default. However, videos can be viewed in high definition if the user chooses that setting from the menu on the individual video.

Bloomberg reports, ‘YouTube already limits the quality of video based on the strength of a user’s internet connection. YouTube doesn’t believe the world will run out of internet bandwidth any time soon, but is taking a preemptive measure given growing concerns at the government level.’

‘We continue to work closely with governments and network operators around the globe to do our part to minimize stress on the system during this unprecedented situation,’ Google said in a statement.”

Why Hoard Toilet Paper?

Toilet PaperIf it is a respiratory disease, why is everyone hoarding toilet paper like it causes diarrhea? “Because they are crazy!?” Yep… pretty much!

This is why everyone is hoarding toilet paper

Ars Technica – By: Kiona N. Smith – “The world was a strange place even before the COVID-19 pandemic, but it has gotten stranger still. One of the oddest things about this socially distanced new world is that a respiratory disease has made toilet paper worth its weight in gold. Why is everyone scrambling for toilet paper all of a sudden? Consumer behavior researcher Kit Yarrow suggests it’s a case of our social primate brains reacting to newsfeeds full of striking but sometimes disorienting visual cues.

Retail therapy on overdrive
Panic-buying during a crisis is nothing new. Midwesterners joke about everyone making Apocalypse French Toast before a blizzard, because store shelves mysteriously empty of bread, eggs, and milk. On the coast, peanut butter is the must-have item every hurricane season. In part, it’s reasonable to want to be prepared, says Yarrow. But panic-buying is partly an attempt to gain a sense of control when the world feels uncertain and dangerous.

‘When we feel anxious, which I think all of us do right now—it would be sort of abnormal to not feel a little anxious—the antidote to anxiety is always control,’ said Yarrow. ‘And since we can’t really control the track of this disease, we turn to what we can control, and that’s why people are shopping. It’s like, ‘well, I feel like I’m doing something, I feel like I’m preparing. I feel like I’m taking control of the thing I can control, which is stocking up.’

‘Some of the people that are doing the hoarding, they’re not bad people and they’re not selfish people. They’re just scared people, and I think that if they thought about their connection to others and their responsibility to the community, they probably wouldn’t do it,’ Yarrow told Ars.

It’s easy to see the logic—even if it’s irrational—behind frantic stashing of soap or hand sanitizer. But why toilet paper?

Yarrow says that is a bit unusual. ‘I don’t think most people think about toilet paper during panic-buying times like hurricanes and so on. This is kind of a first,’ she told Ars. The run on toilet paper (sorry, not sorry) is what happens when social media-driven communication meets human instinct in the middle of a crisis.

The optical illusion of a shortage
‘We’re social animals,’ Yarrow told Ars. ‘In times that are really kind of unprecedented and uncertain, we do look to other people for cues about what to do. Unfortunately, other people are doing kind of crazy things, so it makes us feel like we should do it too.’

And today, most of us find out what our fellow humans are doing through social media, or through news reports filled with images and video. So the cues we’re getting are very visual, which affects how we process certain information. Big, bulky items like toilet paper leave more noticeable, visible gaps on store shelves than smaller items like canned tuna—especially when toilet paper takes up most of an aisle in its own right, while tuna may take up just a few feet of shelf space.

‘A picture of an empty toilet paper shelf is really a lot more dramatic than an empty tuna shelf, and a picture of somebody walking out of the store with two big things of toilet paper is a more dramatic picture than a picture of somebody walking out with a bag of tuna,’ Yarrow told Ars. ‘Toilet paper sort of became the thing that the media in particular was really focused on, and that then cued people into thinking about [it].’

Don’t stockpile the Charmin
So what should be we be doing instead of building toilet-paper forts?

‘I’m not going to tell people to not be prepared, because I think that there’s so many ways that that’s satisfying to them, both practically—I think people need to be prepared—but also emotionally. It feels really good to prepare,’ said Yarrow.

But once people have what they actually need, it’s time to look for other ways to gain a sense of control in an uncertain world.

‘Keep in mind that what we want to do is feel like we’re being productive and in control in this weird, open, loose space of uncertainty that we’re in, so control what you can control,’ Yarrow suggested.

Assert some control over your socially distanced days by scheduling and establishing a routine; assert some control over your environment by cleaning or organizing. And seek out as much human connection as possible within the bounds of social distancing: video chats, walks at the park, or phone calls.”

Firefox Browser to Remove FTP

FirefoxAccording to Slashdot: “Mozilla has announced plans to remove support for the FTP protocol from Firefox. Going forward, users won’t be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser. From a report:

“We’re doing this for security reasons,” said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. “FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” he said. “Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.” Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.”

Evil Coronovirus Malware!

MalwareBeware of sites and emails directing you to ‘Coronavirus Maps’ or maps that are supposed to show the progression of COVID-19. Turns out, it’s a malware infecting PCs to steal passwords from unsuspecting folks afraid of what’s going on! The “bad guys” re not above using opportunities like this to overcome your good sense and make you click on unknown links!

Chrome Extensions That Have Been Removed by Google From Google Play

Removing Chrome ExtensionsThink carefully about those Chrome extensions in the Google Play store!

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

The Hacker News – By: Ravie Lakshmanan – “Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.

These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.

The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.

Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated.

‘The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,’ said Kaya and Duo Security’s Jacob Rickerd in the report.

A Well-Concealed Malvertising Campaign

Using Duo Security’s Chrome extension security assessment tool — called CRXcavator — the researchers were able to ascertain that the browser plugins operated by surreptitiously connecting the browser clients to an attacker-controlled command-and-control (C2) server that made it possible to exfiltrate private browsing data without the users’ knowledge.

The extensions, which functioned under the guise of promotions and advertising services, had near-identical source code but differed in the names of the functions, thereby evading Chrome Web Store detection mechanisms.

In addition to requesting extensive permissions that granted the plugins access to clipboard and all the cookies stored locally in the browser, they periodically connected to a domain that shared the same name as the plugin (e.g., Mapstrekcom, ArcadeYumcom) to check for instructions on getting themselves uninstalled from the browser.

Upon making initial contact with the site, the plugins subsequently established contact with a hard-coded C2 domain — e.g., DTSINCEcom — to await further commands, the locations to upload user data, and receive updated lists of malicious ads and redirect domains, which subsequently redirected users’ browsing sessions to a mix of legitimate and phishing sites.

‘A large portion of these are benign ad streams, leading to ads such as Macy’s, Dell, or Best Buy,’ the report found. ‘Some of these ads could be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.’

Beware of Data-Stealing Browser Extensions

This is not the first time data-stealing extensions have been discovered on the Chrome browser. Last July, security researcher Sam Jadali and The Washington Post uncovered a massive data leak called DataSpii (pronounced data-spy) perpetrated by shady Chrome and Firefox extensions installed on as many four million users’ browsers.

These add-ons collected browsing activity — including personally identifiable information — and shared it with an unnamed third-party data broker that passed it on to an analytics firm called Nacho Analytics (now shut down), which then sold the collected data to its subscription members in near real-time.

In response, Google began requiring extensions to only request access to the ‘least amount of data’ starting October 15, 2019, banning any extensions that don’t have a privacy policy and gather data on users’ browsing habits.

For now, the same rule of caution applies: review your extension permissions, consider uninstalling extensions you rarely use or switch to other software alternatives that don’t require invasive access to your browser activity.”

I Found the Fix for My Problem in OBS!

OBS FixI mentioned on the show that I couldn’t get my Camlink to work. That is a waaay oversimplification. It DID work, it is just that the video looked TERRIBLE It looked like the issue was due to really bad interlacing. I looked at the OBS deinterlacing settings, and it set to disable. I assume that this is the default. So, I played around with it, and viola’! I found a setting that works perfectly FOR ME! I emphasis FOR ME, because your mileage, as they say, may vary! Experiment! Find YOUR sweet spot! But, hey, now it works great! My “sweet spot” was “Yadif 2X.” Dewd! I love it when things just work!

To set this, go into OBS, under “Sources” locate your video device, select “Deinterlacing” from the menu, and set it as shown in the image at the left of this text.

Then, drop me an email and let me know if this tip helped you with your OBS usage!

We geeks need to stick together!

1 2 3 224