Lime VPN Hacked

In years past, when we traveled, and I was using any public wifi, I'd use a VPN for extra security against hackers 'listening' in to my internet connection. Although all VPN's promise security and no logging of confidential info on a user of the VPN, one must take these promises with a huge grain of salt, as the following story so well illustrates. I hadn't used or ever heard of Lime VPN, and thank goodness for that.

I just took a look at the Lime VPN website, and they clearly state 'no logging of info'. Hmmm? What, then, are the hackers of Lime VPN trying to sell for $13 million, do you suppose?.

Jim Hamm

A hacker just took down LimeVPN’s website, stole over 69,400 sensitive user logs, and is looking to sell them for a $400 Bitcoin payment on a hacker forum. While breaches like this are increasingly commonplace, the real news is how the hacker got the logs since LimeVPN says it is a no-log service.

LimeVPN confirmed that its backup server is what got hacked. PrivacySharks, who initially reported the breach, talked with the alleged hacker who then confirmed that they were able to gain access to the site and shut it down through a security hole.

That backup server contained a database filled with sensitive user account data like email addresses, passwords, and payment information from its WHMCS billing system. The hacker also claims to be in possession of every user’s private key, meaning they are potentially able to decrypt any traffic passing through the VPN service. And now, that hacker is attempting to sell this information to the highest bidder on a renowned hacker forum. They are asking for $400 Bitcoin, which is roughly $13.4 million.

After touting on its website that it didn’t keep logs, LimeVPN is certainly under suspicion now since the hacker was able to jump in and scrape its entire database. Its customers were under the impression that none of their information or activity would be stored on the company’s server and are now the ones having to pay for LimeVPN doing so anyway.

Unfortunately, there isn’t much LimeVPN users can do at this point to stop the breach. However, just to be safe, we recommend users of the service stop using it immediately, take action to protect payment information (like order a new credit card), change the passwords of any sites visited while using the VPN, and watch out for potential identity theft.

The breach serves as a reminder that the vast majority of VPNs are not trustworthy. Most lure customers in with cheap prices and hollow promises of security and privacy without actually being able to back them up. If you’re looking for a (new) VPN service we recommend taking a look at our best VPN services, especially our best overall pick, ExpressPVN. This service regularly undergoes independent security audits to back up its no-log policy.

iO App Store

Apple recently released a 'white paper' on their position regarding their tight control of iOS apps, which can be somewhat summarized in the following quote:

"Apple’s white paper proposes that, were iOS to allow the sideloading of apps, users’ iPhones would be subjected to a relentless onslaught of scams and security exploits, rendering all of their sensitive personal data subject to invasive collection from malicious actors. The paper suggests that a shadowy army of security exploiters and hackers is drooling over the opportunity to invade the 1 billion iPhones that are currently active, and all that is keeping them at bay, currently, is the App Store’s position as the sole legitimate distribution point for apps on iOS devices."

Should you have an interest in reading it, the following article from the TidBITS newsletter discusses this in some detail.

Jim Hamm

https://tidbits.com/2021/07/02/apple-justifies-ios-app-stores-tight-control-in-white-paper/

Apple's M1 Chip

The following Macworld article gives a good summary of probably everything you'd want to know about Apple's new "System on a Chip", also known as the M1 chip. Although the new chip has mostly favorable attributes, it is limited to 16GB of RAM, which apparently is of some concern to some users, who want more RAM. The article mentions that a revised design of the M1 chip might have 64GB of RAM, available by the end of next year. The article also speculates that all Macs will have the M1 chip in about two years.

Jim Hamm

https://www.macworld.com/article/234860/apple-silicon-m1-system-on-chip-macbook-air-macbook-pro-mac-mini-imac-m1x-specs-features-intel-apps-rosetta-2.html

SSD in macOS X

In the past, I have mentioned that enabling TRIM in the OS should not be done if the SSD in question is from Crucial. I contacted Crucial support today to confirm this because I see a lot of articles on how to enable TRIM in a Linux OS and also configure several options to reduce the number of read-write cycles to an SSD. The purpose in reducing the read-write cycles to increase the life span of the SSD.

Recent articles on read-write cycles of an SSD have given rise to a concern that the way Apple has implemented SSDs in computers is going to substantially reduce the life span of the SSD. The culmination of all the articles seems to allay the concerns somewhat by indicating that even under heavy use an SSD will outlast the usable life of the computer.

Here are two short articles provided to me by Crucial:

https://www.crucial.com/support/articles-faq-ssd/trim-and-os-x-operating-systems

https://www.crucial.com/support/articles-faq-ssd/trim-and-ssd-performance-importance

What must be kept in mind regarding SSDs installed in any computer is that in order for either TRIM or Crucial’s Active Garbage Collection to work at all, the computer must be turned on and be left idle for enough time to allow the operation to actually complete the task of garbage collection. The suggestion is to leave the computer turned on and not allowed to go to sleep, either overnight or during the day for several hours. Using the computer and then turning it off or putting it to sleep right away actually prevents garbage collection from happening. Sitting idle for a few minutes at a time might not help either. There is no data on how long a computer must be left idle for garbage collection to work since the factors include computer speed, the size of the SSD, and how much data has to be managed. And herein lies the importance of leaving a minimum of 20% free space in an SSD - to allow garbage collection to properly manage the storage.

With the advent of the M1 (Apple Silicon on a Chip), memory is now embedded in the same chip as the CPU. That memory operates in the same manner as a solid state drive. TRIM is enabled by default. Here’s a system report of my M1 found under NVMExpress:
APPLE SSD AP0512Q:
Capacity: 500.28 GB (500,277,792,768 bytes) TRIM Support: Yes Model: APPLE SSD AP0512Q
For any external SSD, be sure to find one that has garbage collection built in, like the Crucial SSD. If you install an SSD that doesn’t have an internal garbage collection routine, you will need to enable TRIM in the OS (“sudo trimforce enable” which is a command executed in Terminal). Enabling TRIM in the OS does not affect any garbage collection routine built into an SSD.

John R. Carter, Sr.



iPhone/iPad Tip

Here's a tip on how to easily check the temp and air quality index (AQI) on your iPhone or iPad. I just tried it on my iPhone, and it's pretty slick, I must say. I didn't know this prior to reading the article. I opened Apple Maps and there in the lower right corner was the temp and AQI -- 109 and 41, respectively..

Jim Hamm

What To Do When Software Stops Working

The article in the following link is worth reading. As the author says, do not get carried away with the details of his specific problem. What is being shared is a process.
https://askleo.com/what-i-do-when-software-stops-working/

But what I see missing are the fundamental questions one should be asking themselves and others when a problem, any problem, arises.

  1. What can you see that causes you to think there's a problem?

  2. Where is it happening?

  3. How is it happening?

  4. When is it happening?

  5. With whom is it happening? (HINT: Don't jump to "Who is causing the problem?" When we're stressed, blaming is often one of our first reactions. To be an effective manager, you need to address issues more than people.)

  6. Why is it happening? (Now that’s an interesting question. If you knew, you might be able to solve the problem, right?)

  7. Write down a five-sentence description of the problem in terms of "The following should be happening, but isn't ..." or "The following is happening and should be: ..." As much as possible, be specific in your description, including what is happening, where, how, with whom and why. (It may be helpful at this point to use a variety of research methods.

To understand more about “Problem Solving and Decision Making,” see:

https://managementhelp.org/personalproductivity/problem-solving.htm

In addition, when asking others for help, the following information should be included:

  1. What I did (Include name of app: Finder, Safari, Mail, Notes, etc.)

  2. What happened

  3. What I expected to happen

  4. Error messages or a screenshot

  5. Current OS version

  6. Current app version

  7. Computer make/model

  8. Installed memory size

  9. Available storage space and type of storage (HD or SSD)


That information is especially important when asking Apple Support for help. And they will also want to know the serial number of your computer.


In some cases, it might require a detailed step-by-step notation of the actions involved, such as when attempting a complex set of actions that then results in the error condition. If you can successfully repeat the steps and always get the same result, then someone else should also be able to reproduce the problem.

John R. Carter, Sr.

ACR (Automatic Content Recognition)

Regarding “smart TVs,” they come from the factory with ACR (automatic content recognition) which collects viewing information for more targeted ads.

Here’s how to opt out:
https://www.consumerreports.org/privacy/how-to-turn-off-smart-tv-snooping-features/

Here’s another similar article.

https://www.zdnet.com/article/how-to-keep-your-smart-tv-from-spying-on-you/

The best way to prevent this is to disable the smart TV features entirely - or don’t get a smart TV. Why pay extra to be part of some marketing scheme? And watch out for those streaming devices like Roku, Firestick, and Chromecast, because they do the same thing.


John R Carter Sr



An Un-hackable Computer?

Here is quite an article discussing a computer processor that thwarts hackers by randomly changing its microarchitecture every few milliseconds. Read about the testing it went through against potential hackers, and successfully. The one downside, it appears, is this process slows the processing down about 10%, which seems to be a small price to pay. Let’s see what develops out of this.

Jim Hamm

https://newatlas.com/computers/morpheus-processor-secure-darpa-hackers/

Google Photos

If you use Google Photos to store your photos, their free, unlimited storage ends at the end of May. This article discusses some alternatives you might consider. If you're already an Amazon Prime subscriber, it looks like this is a great alternative, but other options are available.

Jim Hamm

MeVe vs FaceBook


MeWe is a secure alternative to Facebook. No ads - no spyware - your life isn’t 4-sale.

So they say.

One review compares FaceBook with the older MySpace - for the older generation only. And further suggests that MeWe is the younger generation replacement for FaceBook, with the hopes that the older generation won’t take it over, while ignoring the fact that the younger generation always becomes the next older generation.

Another review simply declares MeWe as the clear winner over FaceBook for being secure and having no ads and not stomping on your posts. Something like what Parler is touted to be as a replacement for Twitter.

So if you want to be part of the “don’t tread on me” group, then MeWe might be what you are looking for. And be prepared for flame wars.


John Carter Sr.

Security Researcher recommends Against LastPass

A security researcher is recommending against LastPass password manager after detailing seven trackers found in the Android app, The Register reports. Although there is no suggestion that the trackers, which were analyzed by researcher Mike Kuketz, are transferring a user’s actual passwords or usernames, Kuketz says their presence is bad practice for a security-critical app handling such sensitive information.


https://www.theverge.com/2021/2/26/22302709/lastpass-android-app-trackers-security-research-privacy

Responding to the report, a spokesperson from LastPass says the company gathers limited data “about how LastPass is used” to help it “improve and optimize the product.” Importantly, LastPass tells The Register that “no sensitive personally identifiable user data or vault activity could be passed through these trackers.” They added that users can opt out of the analytics. On the LastPass web interface the option is located in the LastPass Privacy settings, accessible via “Account Settings > Show Advanced Settings > Privacy,” the spokesperson said.

LastPass was acquired by LogMeIn in October 2015. LogMeIn was sold in August 2020 to Francisco Partners and Evergreen Coast Capital Corp., which is a private equity affiliate of Elliot Management Corp, one of the largest activist funds in the world.

John Carter Sr.