The ESS Bulletin

November totals: QNI 301, per session 10.0 (Oct 11.4); QSP 35, per session 1.2 (Oct 1.2). Checkins are down, but the roster has expanded. Help Wanted Dept: The Sunday NCS slot remains open. VE3FAS (with health issues) and N2TQT (otherwise QRL) are helping out, but we really need new blood; time was when ESS also had an alternate-NCS roster, and running a slow-speed net is not exactly brain surgery. Congratulations and thanks for their support to this month's net-certificate recipients—WB2GTG, WB2YOR and VE3NUL. The sole requirement for an ESS net certificate is 80 points in a calendar year. You earn one point each time you check in, and a bonus point for serving as net control (scheduled or fill-in); a couple of checkins a week is all it takes. Matt, K2EAG, emailed the Western District Net .io group that he and Angela (N3QRB) will be part of a 13-ham February POTA DXpedition to Dry Tortugas National Park in Florida; details are at https://www.qrz.com/db/N4T . The ARRL's December NTS Letter (tnx N2PEZ) highlights the continuing integration of RRI and the league with a long-overdue update to their radiogram handling instructions; the updated lists are at https://radiorelay.org/new-handling-instructions-and-arl-numbered-radiogram-texts/ and https://nts2.arrl.org/hx-handling-instructions/ (click to download the full list). HXA (authorizing collect-call delivery) has been replaced with "Delivery by email and/or text message preferred", and the HXD (documenting every link in a relay chain) is less cumbersome with the new ARL NINETY FOUR. Birthdays: December—K1SEI 29. January—VE3NUL 7, WA2YOW 18 and WI2G (who always loves to see more traffic) 30. Additions and corrections, preferably by radiogram, are always welcome!

It was a good Thanksgiving here, but busy--dinner for 11, including our daughter and her family from North Carolina. They left yesterday (November 28th) after a four-day visit, and I was wearily catching up on computer stuff when I saw an email from someone I've known for a long time notifying me of a file available for download on the ESS .io group. I clicked on a download link in the email (which even I know you're not supposed to do), and was taken to an (apparent) Windows installer package. I was going "hmm" but hey, it looked radio-related (despite text with a slight, but perceptible, ChatGPT odor) and was from someone I knew. The download and installation seemed slow, so I emailed the (purported) sender. You probably know by now where this is going; they quickly got back to me to say they'd been hacked, and had backed out of groups.io (hence no notification there). KD2YMM also alerted me of trouble in paradise, and K2EAG and I alerted the group. A full virus scan yielded nothing (I uninstalled two new CoreConnect programs, locking the barn after the horse had gone), and I was cautiously optimistic until the arrival of emails from Google and one of our banks saying that…er, stuff had happened. Pets get sick and banking problems arise during the weekend, but I did what I could—changing passwords was job one—and am waiting for the rest until Monday morning's call to a local human being.

I've been lucky with computer stuff until now; my Yahoo Mail account was hacked a number of years ago (which sent me to Gmail), but that's been about it. I know the basics about online security, and have learned the hard way how easy it is to do the Wrong Thing when you're tired and off-guard. My first mistake was to assume that the sender of the email was indeed who they seemed to be. The second mistake was not hovering over the download link before clicking on it; if I had, I would've seen that the link domain was sketchy (and probably contained a phony root certificate; I'm grateful to Wikipedia for the tutorial). But the coup de grace was clicking "yes" on the familiar do-you-want-this-to-change-your-computer popup. I've done that many times when updating software from trusted providers, and thought that something-or-other.msi was some kind of homebrew thing. The rest is infamy.

Like most learning experiences, this one has been miserable. The bank stuff has been most frightening, but I think I got rid of Zelle (which was set up yesterday) and its accompanying attempted wire transfer was mercifully declined. A text, ostensibly from a bank we no longer use, was from an odd-looking phone number and duly reported. My spoof stuff all seemed to have six-digit numbers to input (probably mimicking two-factor authentication), which I'm filing away for the future as a big, fat red flag. Mike, my long-suffering computer mensch, told me that the computer popups I'd become accustomed to okaying trigger .exe files and should never, under any circumstances, be approved without absolute certainty—a lesson I will never forget.

I'm recounting this tale of woe to prevent further suffering. My putative sender said that their other .io groups had become problematic (triggering their exodus from the platform), and KA2GJV confirmed that groups.io security is subpar. Wish I'd known that before, but groups.yahoo.com is (I believe) even worse and I don't know of another alternative. At least for now, though, I'm treating the ESS group (and .io in general) with caution.

We've long been encouraging a dear friend who is housebound to get a computer, but I shudder to think about how poor Ruth and her failing eyesight would cope with such a disruption. We Luddites may be better off. Firefox is my browser and I'm pleased with it, though, except for one default setting—"Allow Firefox to automatically trust third-party root certificates you install" (in Privacy & Security) should be off, not on, to protect idiots like me; I now think of it as the safety on a gun!

I'm no longer an ARRL member (long story), but our webmaster N2PEZ is good enough to forward the league's NTS Letter to me. The ARRL/RRI numbered-radiogram-text list has been augmented with several new texts, available at https://nts2.arrl.org/numbered-texts/ and on the Radio Relay International website.