I’ve always found a good hack fascinating (remember reading 2600?) but while it can be scary, understanding how a good hack works can help you avoid being a victim. This interesting hack against Office 365 accounts uses a few new tricks. One is to embed malicious links in attachments (the attachment itself is safe and the email security tool only scans the embedded URLs), the next is to use the attachment to launch a man-in-the-middle attack to capture a session token when a user goes to the legit Microsoft site to be authenticated. See in the case of MFA, the username and password by themselves aren’t useful without the additional factor, but once you have a token they can access the account until it expires (default 90 days). Anyways, evidently these tactics and more have been in use for years. It’s worth your time to read the whole thing at Bleeping Computer.
TLDR: don’t open attachments or click on links you aren’t expecting, better to call your contact and ask them if they actually meant to send it to you.
How attackers can bypass Office 365 MFA
September 6th, 2023Pax8 Marketplace will send leads to MSPs
June 14th, 2023
The key to any great business — in my mind — is finding as many Win/Win scenarios as possible. The revamp of the Pax8 cloud marketplace does that by enabling customers searching for solutions on SaaS providers websites to automatically get matched up with MSPs who can support that product. The SaaS provider wins because they sell software, Pax8 wins because they get to resale said software and provide more value to cloud marketplace customers. The MSP wins because they get qualified leads from interested buyers. Finally, the customer wins because they can easily find an MSP to support the software they found doing their own research. Of course time will tell how well it all works, but so far it seems like another example of why an MSP and a SaaS provider should do business with Pax8.
Via CRN
Another Fortinet vulnerability requiring immediate action
June 12th, 2023
This was already beyond being old after the last one, but here we go again with Fortinet CVE-2023-27997 requiring immediate action. Who knows how many thousands of Fortigate firewalls are out, they’re deployed by MSPs to protect their client’s, are now a major attack vector that requires everyone to stop what they are doing to mitigate. This is about the 4th in the last year, for those counting (CVE-2022-42475, CVE-2022-40684, CVE-2023-25610). Sure hope you have an automated way to address this, if not, now maybe it’s time to start searching an alternative for your standard technology platform.
I’m back
June 12th, 2023Yeah, so it’s been a minute (about 5 mil actually) since I posted here. I’ve been missing writing for years, but you know how it goes. The world has changed a lot in the past 10 years and while my old pastime of HDTVs is officially boring now, my passion technology hasn’t waned at all. One thing I miss about the old web is how brief blog posts used to be — ahh the 150 words or less Engadget posts. Anyways, my only promise to those who take the time to read what I wrote is that I’ll keep it succinct.
How to Ustream with a Co-host on a Mac
August 13th, 2013On the Engadget HD Podcast, we started streaming the show live some time ago. Over the years I’ve struggled to ensure the quality of the podcast was on par, while at the same time, stream the show live via Ustream. For the most part I’ve relied on the Mega Mix feature of Audio Hijack Pro to grab the audio from Skype. This is the method you’ll find on numerous tutorials online, but one with a huge limitation; you can’t easily control the crossfade (the ability to balance the volume of you and your co-host). This isn’t a problem for the podcast itself, because we do a double ender (Richard and I both record our own audio and Joe muxes it together in post, adjusting the levels then). But this has caused lots of problems for the Ustream listeners because one of us is significantly louder than the other. The other problem I had to solve is that my USB pre-amp (Lexicon Alpha) delivers mono audio, while Skype outputs in stereo — again, easily fixed in post for the podcast. So after the break I’ll explain how I configured Audio Hijack Pro in such a way to allow me to control the crossfade between Skype and my mic, monomize it and finally feed it to Ustream Producer. Read the rest of this entry »
How do you clean your screens? Here’s how I do it
April 14th, 2013Between TVs, computers, tablets and phones, we spend a lot of our days looking at screens. And I can’t tolerate staring at a dirty screen. While glass touchscreen devices are the easiest to clean, usually getting away with a quick rub on your pants or shirt, laptops and TVs can be very tricky. Of course the best way is to not get it dirty in the first place, but between kids, sneezes and rude-screen-touchers, it happens. Here’s how I clean mine.
I start with two lint-free microfiber cleaning cloths; one damp one dry. First I wipe in circular motion with the damp cloth until I’m confident that I’ve removed all the grime and fingerprints. Then I quickly follow up and dry it with the dry one. On large screens like a TV, it can be necessary to use both cloths at the same time, else parts of the screen might air dry before you get to it, which will leave water spots.
Although I’m happy with the results, I’m curious if I’m doing it the hard way. So how do you clean your screens?
Ultra HD: minmum viewing distance isn’t the same as optimal viewing distance
January 18th, 2013There’s something I’ve been saying for years, but I now don’t believe it’s true. It isn’t just me, there are plenty of other experts who are still saying that if you don’t sit pretty close enough to a display, you can’t appreciate the higher resolution — this was big debate in the 720p vs 1080p days. But now I believe that the distance between you and a 50-inch Ultra HD TV, before you would be just as well off with a 1080p, is so far that your living room probably isn’t big enough to ever worry about it — if you have a huge living room, you probably have room for an 84-inch TV anyways.
The first chink came way back around the time Blu-ray won the format war. Panasonic had a in-dash 720p 7-inch display at the BDA’s CES booth. It was right next to a typical standard definition display, and I still remember being surprised how much better the HD display looked, even on such a small screen from so far away. Then, Apple released the iPhone 4 with retina display and again, you didn’t have to be right on top of it to instantly notice the difference. But then CES 2013 brought a bunch of Ultra HD TVs and a number of side-by-side upconversion demos. In the Toshiba booth, I was trying to capture a picture with my 50mm prime and had to step way back to get the two 84-inch TVs into the shot and noticed how dramatic the difference between the two TVs was, even from over 10-feet away — and this wasn’t even native 4K content!
All of these firsthand impressions started stacking up and then we had a representative from Sharp on the Engadget HD podcast and he indicated that displays have a minimal viewing distance, but this isn’t necessarily the optimal viewing distance. And then it hit me, seeing the pixels is a bad thing. Duh. The rules for sitting too close to a TV are to avoid being able to distinguished the pixels, and thus ruining the experience. And while it is true that if you step back far enough, you won’t be able to tell the difference, that distance is far from the same as the minimal viewing distance. So before you post that I’m out of my mind, please go and grab two displays (one high resolution and one low) and keep stepping back and see how far you have to move back before they start to look the same. I think you’ll be amazed at how far back you can get.
Where are the TV apps for Windows 8 and the Xbox?
October 27th, 2012Windows 8 and the new Xbox Dashboard are officially available and Microsoft is giving Windows Media Center to Windows 8 Pro customers for the next few months. But the more I think of it, the more I wonder if Microsoft could really be willing to let all the work it put into Media Center go to waste. I say this because I’m reminded of all the Windows 7 commercials that mentioned its ability to watch TV — was there even one that didn’t. Windows 8 and Xbox apps from Netflix, Hulu and others add obvious value to the new Windows ecosystem, but so does real TV. It seems to me — famous last words from a non-developer — that it would be trivial for Microsoft to develop and release Modern UI apps for TV. Recorded TV, Guide and Live TV tiles could be pulled over from the deprecated Media Center experience. Ported to feel right at home in the new Windows world.
These simple apps would put a new face on the years of work and that so many love. The apps would run on Windows PCs, the Xbox, Windows Phones and maybe even 3rd party devices like Roku. They would rely on the core of Media Center to schedule, record and playback premium HD obtained from your cable TV subscription via great CableCARD hardware. What they wouldn’t be is the answer for pure HTPC fans as the Modern UI is not a 10-foot interface, it’s a touchscreen interface, but that’s fine. I said it some time ago, and I still believe it, the HTPC is dead. But just because the age of connecting your PC to your TV is a dead-end, it doesn’t mean that there isn’t a place for tuners in Microsoft’s ecosystem.
What I don’t understand is, if Microsoft was going to do this, why not do it at launch? Assuming this is all a pipe dream, I wonder if it would be possible for 3rd parties to do it? Are there documented API’s for Media Center that would enable enough access to the tuners? Can 3rd party apps leverage the Windows 8 PlayReady components that unlock protected CableCARD content?
I realize some believe that Microsoft will not invest another nickel into anything that involves broadcast TV, but I just can’t believe they are that hubris. Sure, the future is on-demand IP delivered content, but the reality today is that the majority of content is still delivered via RF broadcast. And even when the day does come where more content is on-demand than linear, it still won’t make sense to ditch broadcast completely as there is no more efficient way to deliver events like the Super Bowl to 30 million people, at the same time, than to broadcast it — do you really believe that enabling multicast throughout the internet is more plausible than just continuing to use RF broadcasts?
The state of personal finance software on the Mac is terrible
June 16th, 2012I switched to a Mac in early 2005 and although I don’t see myself ever willingly going back to Windows at home (I use it at work), the one area that makes me wish I was on a PC is personal finance software. I’ve been a Quicken user since 2000 and have enjoyed the benefits of easily tracking my spending, budgeting, online bill pay and cash flow forecasting for almost all of my adult life. I can still remember pondering the switch to Mac and thinking, “oh great, they have Quicken for Mac.” But that was the last time I thought of a product from Intuit in a positive light. Converting from Quicken for PC to Mac was one of the most difficult software migrations I’ve ever done — and I do them for a living. I spent countless hours on the phone with support trying to figure out why my registrars didn’t balance when I imported my qif files — no, Intuit doesn’t support a direct import, but rather you export everything and import it back in. In the end I made the transition and missed the superior PC version of Quicken, holding my breath as Intuit released paid upgrades to its Mac product, only to realize none of my beefs were addressed.
But hey, at least it worked and it had many of the same features I had in the PC world, that was until Lion came along. Faced with the choice to upgrade to Quicken Essentials or to not upgrade to Lion, I bit the bullet and hoped for the best. That hope was unfounded as I lost access to one of my favorite features, online bill pay. For the past 10 years I’ve entered a transaction into Quicken and had it paid by my bank automatically, but not anymore. Now I have to enter the transaction into my bank’s website and then enter it again into Quicken — if I wait for the transaction to clear, which will enter it automatically, I don’t have the ability to forecast my cash flow. That is bad enough, but the budget tool in Quicken Essentials does not work, I won’t go over the details here, but the issues are well documented in the Intuit community forums.
And so last month I decided to get serious about budgeting and while a spreadsheet does a pretty decent job at a high level, tracking my day-to-day spending against the budget on a spreadsheet is anything but workable. At first I tried HomeBudget for the iPhone and while it was ok, I found it tedious to enter each transaction manually since it doesn’t link to my bank account. Then there was the Mint upgrade this month, which added budget features, so I figured now was a time to try it again. Mint is actually pretty good at keeping tracking of spending with a great iPhone app and website. I can quickly open it on the go and categorize my spending and see how I’m doing vs my goals in that category. I haven’t tried it a whole month yet, but I’m hopeful it’ll fit this specific need. The problem is, it only fits this one need, and not all my needs as it doesn’t do cash flow forecasting, at all, or bill pay. I can’t even work on a budget until the month begins — typically I like to get it worked out at least a few days in advanced.
So here I am over two years after Quicken Essentials was released realizing that Intuit is never going to fix it, never going to add online bill pay and never going to add an iPhone app that syncs automatically. So instead I’m using four applications to do what I used to do with a single app (bank site for bill pay, Quicken Essentials for cash flow forecasting and reconciliation, Mint to track day-to-day spending, and Google Docs for my monthly budget).
There is no “Blu-ray industry”
March 25th, 2012So I ran across this article on AmandTech by Ganesh T S that was one of the best I’ve seen in regards to a technical explanation of the DRM used on Blu-ray — especially around the new Cinavia audio watermark. But it’s also a perfect example of a highly technical geek writing an article without understanding the business driving the technology. He speaks of the “Blu-ray industry” which just doesn’t exist. Blu-ray is part of the Home Media business, which also includes Vudu, Netflix and every other video on demand service. The players in the Home Media industry couldn’t care less about any one particular part of their business, instead worrying about the bottom line. There goal is to get consumers to spend more money this year then they did last year on enjoying content at home, and at the same time drive costs down in order to generate more profit. It’s no different from most’s personal goals, which is to get a raise every year. How long would you stay at a job that decreased your salary year after year?
The total revenue number in Home Media has been going down year over year as long as I’ve been watching it (according to the Digital Entertainment Group), and Blu-ray was just one of many attempts to stop the bleeding (down 2% in 2011 compared to 2010). The reality is the total spending on digital in 2011 was about a third of that spent on buying discs. The bottom line is that Hollywood doesn’t care if you prefer Blu-ray or anything else, just so long as you spend more money (which means it prefers you buy a movie for $20 vs. rent one for $1) watching movies at home.
