I'm uh, still reading about it, and even just as I was reading and trying to find out which version I have - without actually opening the program because holy crappola - Windows Defender displayed behind-the-scenes scan results saying it found an infection...in CCleaner. I'm not sure what to tell anyone as far as "what to do" because I don't know the answer to that.
ETA, 9-20-17: Current recommendations are to either use System Restore to roll back your system to a time before CCleaner 5.33 (32-bit) was installed, or else to "refresh" (Windows 10) or completely re-install your copy of Windows.
It's a backdoor called Backdoor:Win32/Floxif that's been in the wild since CCleaner v.5.33 released in August of 2017. ETA, 9-20-17: But it affects 32-bit versions of CCleaner only. You can tell which version you have by opening CCleaner and looking in the top left corner, where it will say if it's 32-bit or 64-bit.
Time to reinstall my OS, if the fucking backdoor hasn't already destroyed our ability to do so...ETA, 9-20-17: and I did just that. It didn't destroy our ability to do so, at least not as far as I can tell.
Amount of posts to add new image links to: 89 (some of these are imgur photo swaps because I don't trust them, either, and some are to edit out links to an image because it was lost or is no longer being made available) so say there are still around 80 posts to swap Photobucket images out of.
Dreamwidth's uploader lets you beam the server as many images as you like, so I fed it a bit north of 260 of them. At once. After deleting under 20 images and noting that another 20 won't be included in my posts, that still leaves about 220 image links to replace across 80 entries I've written.
And it's taken me the better part of a few weeks just to get this far because a) I don't feel like it, b) I got too busy on eBay up until I had to end all my sales early because of the fucking storm, 3) the storm, plus d) see a).
We don't have a link rewriter to automate this mess, so before I do anything I might campaign for it via Support request*, after checking to see if anyone else put in for one besides Steve from LJ (whose request was summarily rejected a few months ago), then check the web for any scripts that might help me get anything done here.
*ETA, 9-15-17: I put this into a Suggestion rather than a support request, since Support isn't set up to handle feature requests, and that's all this really is.
ETA2, 9-16-17: I've since posted two more (closely related) Suggestions. Considering the parent suggestion's topic matter, if one gets tossed they probably all will, yippee.
ETA3, 9-16-17: I've been trying (as I mentioned in my last Suggestion) to find a screen scraper to grab links to images I downloaded from Photobucket and uploaded last night to Dreamwidth, but there's not a one that's gonna work, or at least not without getting me ToSed, mostly because Dreamwidth doesn't make a public-facing, per-user image directory available for this (or any other) purpose. I'd almost hire someone to do what I'll have to do instead, but 1) my privacy and 2) that'd probably also get me ToSed. I just aaaarrggh.
ETA4, 9-16-17: Minutes after my last ETAs it hit me why, above all, I can't use Dreamwidth to host my Photobucket images: because DW changes the original file name on every image to a random number, so there's no pattern-matching/find-and-replace to either find the image in Dreamwidth's Manage Images interface nor to easily find its match to swap out with in the entry. So I'll just upload my Photobucket album to Anti-AOL on Wordpress (my Plan B to begin with) and do this whole thing from there.
Because I've got to get it done.
I could post yet another Suggestion at this point saying more or less, "Oh and btw can DW plz stop swapping out image names for like, random numbers because it's messing up my project" but it's too late now (for me, not for others who might be affected by this issue in the future) plus I think I've about used up my Suggestion-fu for the
month week day. I need to just get my ransomed images fixed already, then maybe...
ETA5, 9-16-17: after taking a break to make tuna pasta salad from scratch, because yum, I decided to roll "don't rename image files" - along with "add a search box" - into an existing Suggestion (my second one, with a request my rewrite be released from queue instead of its predecessor). And I'm not trying to stay up all night (yeah, for once, right) so I'll pick up again on this tomorrow, maybe.
In retrospect, I'm sort of glad I waited this long to look into moving my images, because I either never had the time or else the presence of mind before to dive this deep into why DW's image hosting is or isn't workable for moving images from another host. It really isn't, but it seems most of its issues could easily be remedied...problem is, there are so many ways to fix various issues or shortcomings in the service I really had a hard time choosing which to give preference to, so I just submitted all of them. :/
I can't imagine how else they'll sell the base on auditing everyone eligible for the EITC (Earned Income Tax Credit) except to tell them:
"There they are, cruising 'round in their Cadillacs with those heavy Gucci bags back to their McMansions to rest on their big, fancy couches with their 104 inch, 4000K TVs blasting away in their faces, eating some crab legs. Meanwhile, hard-working people like YOU are just scraping by!"
I could see this as the thing that makes the plug-and-play "base" stomp and howl and chant, "Lock 'em up!" at Trumpanado's next barnstorming. Of course, half the people at the rally would have be locked up, too, but whatever; never let facts get in the way of a good hate-in, is what I say.
Before anyone asks, it rained for about 14 hours. We're at a slight elevation so it wasn't too bad. Wind held steady between "blowing branches off trees" and "knocking them over" (including one down the road that took our power out around 6:30am, so at least it wasn't like we were in the pitch black dark while debris made terrifying landings on the roof all night). I jammed earplugs in and slept through most of it, because I didn't want to know.
I made my own ice blocks using gallon ziploc bags the day before, and today we found a store with some ice, then the power cut back on a few hours later, so food loss was pretty minimal.
The hardest part was not knowing: as of 9pm last night Irma was supposed to hit as a Cat 3 or 4, so I was fairly anxious, even apologizing to Bowie, who's even more terrified of debris hitting the roof than I am, which by then it already was.
But Irma was downgraded via push notification to a tropical storm shortly thereafter. I could not believe my eyes, so I spent another hour checking my radar app, my news app, NOAA, weather.gov, the latest on the Post, the Times and the local news, then, satisfied this was probably not End Times In My Neighborhood, just tried to get some sleep.
The Equifax data breach is turning into a complete disaster because the very thing they're offering to "protect" us - free credit monitoring for one year - has so many "gotchas" built in you might be better off not signing up, or even using their website to check if you were affected by the breach.
For starters, checking your name for breach status or signing up for Equifax's credit monitoring could prevent you from joining the class action lawsuit which arose from it.
ETA, 9-12-17: Not to mention the website appears to be broken, which sounds about right, because the first time I checked I got no answer on whether I was "impacted" or not, while the second time (same session, same cookies) I was told I was "impacted" and encouraged to sign up for free credit monitoring - after I already had.
And opting out by snail mail from the arbitration clause which prevents you from joining requires submitting an "Equifax User ID" that people who merely check their status or sign up for protection will not have, so opt-out for us isn't actually possible.
But signing up for "free-for-now" monitoring will result in getting billed for service after just one year if you don't cancel ahead of time (just like AOL's so-called "free" trial, if you do nothing they'll start charging for service whether you like it or not). Signing up also requires internet access and a credit or debit card because of course it does, so your connectionless grandma who still uses a landline, has no credit or debit card, does everything by snail mail and just writes checks for whatever she wants is SOL, because Equifax has to minimize their losses, somehow.
If all of this isn't bad enough, it's been said that:
- Kaspersky Antivirus flags Equifax's breach-status website as a "phishing site"
- Entering Qwerty as your last name and 12-3456 as the last six of your Social indicates your information was stolen
- Equifax insiders sold off stocks before the breach was announced - but they've known about it since May, so obviously they were locking in profit ahead of the stock collapsing
I still feel "hackers gonna hack" and haven't wanted to hold Equifax responsible, but it's getting increasingly difficult to maintain that position when Equifax is doing nothing to show they're being "responsible" or "transparent" about this, or to adequately compensate anyone who might be affected (which, let's be honest, could be almost all of us).
ETA2, 9-12-17: since posting it's become not just "increasingly difficult" but impossible to sympathize when it's not a case of hackers finding a novel way around their backend security, but their own failure to patch an Apache Struts vulnerability that they've been able to fix since last March. So they're as at fault as they could possibly be for this entire mess.
She called herself a master negotiator and "worth the trouble" when the Democratic Party tried with all its might to pitch her overboard, preferably head-first.
Nancy Pelosi, hell to the...
ETA, 9-9-17 PLEASE READ FIRST: Things got hairy here real fast: a class action was recently filed against Equifax (which I didn't learn of until shortly after posting) and signing up at Equifax for credit protection (or even entering your name to check if you were affected by this breach) using the steps below could legally prevent you from becoming a member.
I'd signed up before writing this, but because I don't hold Equifax responsible (hackers gonna hack, and they're getting sort of good at it, lemme tell you!) I'm not worried about joining. It would be nice if I could, especially if this breach winds up costing me money and/or my privacy down the road, but if I can't I can't.
I just wish I'd known of the lawsuit before signing up for protection. In light of that, I want others to be aware of any possible trade-offs they'll be making.
The Verge reports on what to do if you've already entered your name or signed up for protection (emphasis mine):
For now, the one existing loophole is Equifax’s opt-out provision — another common element of arbitration clauses. Within 30 days of agreeing to the terms of the enrollment, you can deliver a written notice to this address:
Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out P.O. Box 105496
Atlanta, GA 30348
It needs to include your name, address, and Equifax User ID, as well as “a clear statement that you do not wish to resolve disputes with Equifax through arbitration.”
ETA2: the above opt-out information is useless for anyone who isn't a paying Equifax customer, as the rest of us didn't get "Equifax User IDs" just by checking our names on the website or signing up for credit protection.
ETA3: More updates are in a separate post.
It's been a banner week for this sort of thing, hasn't it? And I'm in the affected users pile, so I'll be signing up for protection (they put you on a waiting list because apparently they wish to not imitate healthcare.gov with a disastrous rollout, so signup looks to be ongoing in slow waves).
In five steps, because apparently they feel a bit awkward about putting us through all this
- Read the blah blah blah
- Click here, more blah blah blah. Now click the button (it takes you here: Check Potential Impact)
- See if you were in the affected user pile by typing your last name and last six numbers of your Social Security number into boxes on this screen
- Take the "I'm not a robot" vision tests (I hate these fucking things; anyone else?)
- Sign up for protection