Last week, I put out a story about why you should never use your ISP’s hardware. And I explained a few ways of ensuring that you are not locked in by using your ISP’s hardware. But there’s another thing from your ISP that you should never use. And that thing is their email service.
Now every ISP has an email service as part of their offering. For example Bell and Rogers here in Canada both have email that ends in bell.ca or Rogers.com respectively. But that is only useful while you are with the ISP in question. The second that you leave that ISP for another one, that email address, and all the email in that account will disappear. Given that email addresses are like phone numbers, that’s bad as it would take a lot of effort to let your family, friends, and others know that you’ve changed email addresses. And losing the email in that email account could be catastrophic for some.
So how do you avoid this? I have two suggestions:
- Use a “free” email service: Services like Microsoft Outlook and Gmail are “free” email services that you can use instead of your ISP’s email service. I say “free” because in the case of Gmail, it trolls your email to show you advertisements that are relevant to you. Other “free” email providers may do the same thing. Which is another example of if the product is free, then you are the product. Despite that, they do work well and allow you to access your email on a variety of devices as well as on the web. And they are easy to implement.
- Register your own domain and set up your own email service: This is a bit more complicated, but still doable by most people. Using my wife and I as an example, we registered our own domain and set up our own email server. We did that when we got married in 1997 and have never looked back. The path of least resistance is to use a provider like GoDaddy, Rebel, HostGator, or Network Solutions that allows you to register a domain (mycooldomain.com for example) and set up an email server with a few clicks. To make things easier, some of these providers like Rebel or GoDaddy have people who will assist you with setting this up. Thus you may want to find a provider with that service if you are not all that technical. There are two downsides to going this route. One is cost. Registering a domain is a cost at about $20 or less a year. And then there’s the cost of hosting which varies based on provider and the quality of email hosting that you want. But it can be as low as $70 or as high as $200 a year. The second downside is that by having your own domain, you will be subject to more and more spam the longer that you have it as you’re basically a stationary target for spammers. You can mitigate this by tweaking the spam settings in the email service that your provider has. But it won’t go away. Thus you have to accept that.
By having control of your email, rather than your ISP having control of your email, you avoid being locked into your ISP and can freely switch ISP’s if the need arises. If you have any questions about, leave a comment or email and I will do my best to answer them.
Zoom Is In Trouble Again…. This Time They Have Security Issues With Their Update Process For Mac
Posted in Commentary with tags Zoom on August 14, 2022 by itnerdZoom seems to be a company that can’t stay out of trouble. This time well known security researcher Patrick Wardle has disclosed a trio of vulnerabilities in Zoom’s update process. Two have been patched, but one is unpatched and Wired has the details:
During his talk at DefCon, though, Wardle announced another Mac vulnerability he discovered in the installer itself. Zoom now conducts its signature check securely, and the company plugged the downgrade attack opportunity. But Wardle noticed that there is a moment after the installer verifies the software package—but before the package installs it—when an attacker could inject their own malicious software into the Zoom update, retaining all the privileges and checks that the update already has. Under normal circumstances, an attacker would be able to grab this opportunity only when a user is installing a Zoom update anyway, but Wardle found a way to trick Zoom into reinstalling its own current version. The attacker can then have as many opportunities as they want to attempt to insert their malicious code and gain the Zoom automatic update installer’s root access to the victim device.
“The main reason I looked at this is that Zoom is running on my own computer,” Wardle says. “There’s always a potential tradeoff between usability and security, and it’s important for users to install updates for sure. But if it’s opening this broad attack surface that could be exploited, that’s less than ideal.”
To exploit any of these flaws, an attacker would need to already have an initial foothold in a target’s device, so you’re not in imminent danger of having your Zoom remotely attacked. But Wardle’s findings are an important reminder to keep updating—automatically or not.
The bigger problem with this is that yet again, Zoom has been caught with its pants down so to speak. They keep having security issue after security issue to the point where I wonder if they are playing “whack a mole” when it comes to fixing issues with their applications. At this point one has to wonder if the company takes security seriously or not. Having said that, be sure to update when a fix for this latest security issue appears.
1 Comment »