TechByter Worldwide

Speak softly and carry a large microphone

 

May 29, 2016

Flashing Forward to a Flashless Future

It's time for Flash to fade. Flash used to nearly universal, but Apple stopped supporting it years ago. Few, if any, smart phones or tablets support it. Support continues to dwindle because of its ongoing status as a security disaster so you can see why it might be on the way out. Today we'll look at how you can disable it if you want to.

Press ESC to close.But that raises a problem for me. TechByter Worldwide has used a Flash audio player for many years. I had already planned to switch to a native HTML5 player in 2017, but now I've accelerated the schedule. Starting today, you'll see the old Flash player, the MP3 link that I added a few years ago to accommodate devices that don't support Flash, and the new HTML5 audio player.

On a smart phone (Android or IOS), Flash doesn't work.

One problem with the native HTML player is that it supports 3 audio formats and until recently it was necessary to produce audio in at least 2 of those formats (MP3 and OGG) to provide support for all browsers. Now all of the modern browsers support MP3, so only a single format is required. But there's still a problem: This is an HTML5 function and browsers that don't support the HTML5 audio element won't be able to play the audio.

Fortunately, browsers that don't support HTML5 are becoming hard to find. Internet Explorer was the last browser to provide support, starting with version 9. So all current browsers but one support HTML5 audio. IE, Edge, Firefox, Chrome, Safari, Opera, IOS Safari, Android Browser, Blackberry Browser, Opera Mobile, Chrome for Android, Firefox for Android, IE Mobile, and the UC Browser for Android support HTML5 audio. Only Opera Mini does not and, for technical reasons, probably never will.

So it's time for Flash to go. Flash has changed little in the past 15 years and that's part of the problem. Besides the security problems, Flash is a closed proprietary system. The Web is based on open systems and the advent of HTML5, CSS3, and other technologies allow native browser functions to replace what Flash used to provide.

In the past year, Adobe has made an effort to harden Flash against attackers, but it's too little and too late. It's time for Flash to go.

Here's How

Press ESC to close.Microsoft bundles a Flash plug-in with Windows. This started with Windows 8. To disable Flash, Open Internet Explorer (it's still there, even on Windows 10), click the gear icon and choose Manage Add-ons. Make sure All add-ons is selected in the Show box and then find the Shockwave Flash Object. Select it and click Disable in the lower right corner.

Press ESC to close.Microsoft Edge includes a built-in Flash plug-in, too. To disable it, click the Menu button (the one near the far right that looks like ellipses points), choose Settings, scroll to the bottom, and click Show Advanced Settings. Find Use Adobe Flash Player and turn it off.

To make the process a bit more complicated, Adobe offers three Flash player plug-ins for Windows: An ActiveX plug-in for Internet Explorer, an Netscape Plug-in Application Programming Interface (NPAPI) plug-in for Firefox, and a Pepper Plug-in API (PPAPI) for Opera and Chromium.

Press ESC to close.For Firefox, choose Tools, Add-ons from the menu. Select Plug-ins on the side menu. Select Shockwave Flash. You can then change Always Activate to either Never Activate or Ask to Activate. I like the second option because it means that I can leave Flash enabled for sites that still need it. If you want to eliminate Flash entirely, click the Options button and clear the check mark from the Enable option.

Press ESC to close.For Chrome, start by typing "chrome://plugins/" in the address bar. Find Adobe Flash Player and disable it.

Google has disabled support for NPAPI, which means that plug-ins such as Silverlight, Java, and Unity, won't work. Google still provides support for the Pepper API (PPAPI), which is more secure. Additionally, Chrome automatically updates any PPAPI plug-ins when the browser itself updates.

What You'll See on TechByter Worldwide

Press ESC to close.There are now 3 audio options, but this will soon revert to 2.

If Flash is enabled, you'll see the familiar Flash player near the top of the right column; if you've disabled Flash or you're using a device that doesn't support Flash, you'll see a broken link or a notice that you need to enable Flash.

By the way, what would be the right column on a large screen will appear below the main content on a smart phone and some tablets.

Below the Flash player, you'll find the direct MP3 link that I've provided for several years.

And below that you'll see the HTML5 player. Its appearance differers quite a bit from one browser (and one platform) to another, but it should appear on all modern browsers on all platforms. If you don't see the HTML5 player, please let me know what browser and operating system you're using.

We're Losing the Tech Race to Fraudsters

Accounting firm KPMG says that few frauds are detected using data analytics, but technology significantly enables nearly 1/3 of perpetrators. The fraudsters -- both internal and external -- are getting better, while protection lags. This is not exactly an encouraging report.

Some examples I've seen in just the past week:

Press ESC to close.This "contact me" message is so amateurish that it's laughable. Some security experts believe that these utterly unbelievable claims are an advantage for crooks who want to separate members of the expanding idiocracy from their money. Only a truly stupid person would fall for a message that promises to transfer 21 million 410 thousand dollars to you.

Press ESC to close.The second example is somewhat more believable. It's a variant of the secret shopper scam. Generally these require the mark to make the purchase with his or her own money and then send the purchased goods to the scammer. In this case, they promise payment and say that besides being paid, you get to keep the products.

I didn't click the link, so it's unclear whether the site you would be taken to would try to steal your identity or plant malware on your computer. What's certain is this: The payoff wouldn't be anything you would find enjoyable.

Press ESC to close.The winner is this message from the "County Court". Note that it doesn't say which county. There are a few telltale indications that this is not a message from a native speaker of English, but overall it's reasonably convincing. They have my first name, so that makes it seem somewhat legitimate.

But look at the date. It's a Saturday and few courts hear cases on the weekend. Few (if any) courts do business this way. If you're required to appear in court, you'll generally receive a hand-delivered summons or at least a registered letter -- not an e-mail. If any legal jurisdiction does send e-mail notices, those notices would include a case number and, more importantly, a time and location for the hearing. This message had neither.

The attachment (which I did not open) is almost certainly laden with malware.

Outside and Inside

The KPMG report says that technology significantly enabled 29% of the 110 fraudsters analyzed in North America and 24% of the 750 fraudsters analyzed worldwide. Disturbingly, the report says that proactive data analytics was not the primary means of detection in any North American frauds and organizations used data analytics to detect only 3% of fraudsters worldwide.

North American frauds were most often detected by tip offs and complaints. Consider that for a moment. Tip offs and complaints. In other words, nobody and nothing at the company noticed. And it gets worse. The second most common ways frauds were detected involved management review, accidental discovery, and internal audits.

The KPMG account reflects both fraudulent transactions created by outsiders and those created by insiders. In instances where fraudsters used technology to perpetrate frauds in North America, 35% included creation of false or misleading information in accounting records; 29% involved providing false or misleading information via email or another messaging platform; and 21% involved abusing permissible access to computer systems.

Some 25% of frauds enabled by technology were detected by accident. KPMG says the primary problem is weak controls. Fraud is less likely to occur in companies that monitor for unusual transactions using analytical automated processes. Despite the increasing threat of newer types of frauds, such as cyber fraud, the report says that companies are not focusing on strengthening controls.

What Else You Might Want to Know

  • Men are more likely to collude on frauds than women at 66% versus 45% worldwide, respectively, but women are catching up. Nearly half of fraudster groups included both men and women, up from 34% in 2010.
  • In North America, 43% of the frauds involving collusion cost the victim company over $1 million. Only 22% of fraudsters that acted alone inflicted a cost of over $1 million.
  • Slightly more than half (56%) of fraudsters in North America were employed by the company and more than half of those were executives or managers.
  • About 65% of fraudsters are between ages 36 and 55.
  • More than one third of fraudsters have worked for the victim organization for more than 6 years and most were in operations, finance, or office of the chief executive.

The full report is available on the KPMG website.

Short Circuits

You May Call, But Microsoft Won't Answer

In a surprise to approximately nobody, Microsoft is all but exiting the phone business and eliminating another 1800 jobs. Microsoft phones never really caught on and the business has been fading since the company acquired Nokia for $7.2 billion in 2014.

Last year, Microsoft wrote off $7.6 billion (yes, that's more than they paid for the business) and cut 7800 jobs. Now they're writing off another $950 million and plan to cut 1850 jobs, most of them in Finland.

Most former Nokia employees are also former Microsoft employees. The remainder or the job cuts will happen before the end of the year, but a few employees will remain in research and development. One might wonder what they're researching and developing.

Two years ago, Microsoft hired 25 thousand Nokia employees. Everything that's left is going to FIH Mobile. The Foxconn subsidiary will pay $350 million for it.

Microsoft CEO Satya Nadella says it's not the end and the head of Windows devices, Terry Meyerson says that Microsoft is "scaling back, but we're not out."

By not being out, Meyerson might be referring to rumored plans to release a new phone with the Surface brand in 2017. Microsoft has been working the project for a while. The Surface brand has a strong following in tablets and notebooks, so the popularity might translate to phones.

In other words, it's not the end.

Internet, You're No Longer Special

The Associated Press is now recommending "internet" instead of "Internet" and the New York Times has agreed to go along. Oh, no!

"Internet" has been capitalized since the beginning because it's considered to be a proper noun (like "Tom", "Dick", or "Mary"). After all, it's THE network of interconnected networks, isn't it? THE network. Ah, well. So it's internet, not Internet. It's hard for me to type "internet" without capitalizing the first letter.

But maybe it's time.

"E-mail" has become "email" (no hyphen) and "World Wide Web" has become "world wide web" although I've continued to use the hyphen in e-mail and to capitalize "World Wide Web". Sigh. Things change.

The New York Times announced this week that it will follow The Associated Press recommendation to lowercase the name of the internet. The changes go into effect for the AP and the newspaper on June first. As an article in the newspaper noted, this "explains the incongruity of 'Internet' being capitalized throughout this article."

Copy desk manager Jill Taylor is quoted as saying "It will probably take a while to get shift-I out of our muscle memory."

The AP announced the change in April and the Times quoted the AP's standards editor, Thomas Kent, as noting that the change mirrored the way the word is used in dictionaries, newspapers, tech publications, and everyday life. "In our view, it's become wholly generic, like 'electricity' or the 'telephone'." The Times continued to quote Kent in justifying the change: "It was never trademarked. It's not based on any proper noun. The best reason for capitalizing it in the past may have been that the word was new. But at one point, I've heard, 'phonograph' was capitalized."

OK, so effective now, TechByter Worldwide will try to remember to type "internet" instead of "Internet".