go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu

Phishing with Wildcard DNS Attacks and Pharming

On the 3rd of March, this article entitled Phishing with Wildcard DNS Attacks and Pharming was posted. This was interesting because of the fact that we are learning a new term. According to Wikipedia: Pharming is the deceit of a web site where a cyber attack is done to make the site go somewhere else. Here is the paragraphs talking directly about Pharming from Wikipedia. To learn more, please click through.

“Pharming[a] is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as “poisoned”. Pharming requires unprotected access to target a computer, such as altering a customer’s home computer, rather than a corporate business server.

The term “pharming” is a neologism based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.”

If this is true, what type of things can we as citizens do to be able to protect ourselves from this new threat? We’re going to have to explore this together and see what types of things we can do.

  • While this isn’t fullproof, make sure you’re on the site you want to be on before entering any type of data. If you want to go to PayPal, make sure PayPal is in its URL, and not redirected to somewhere else.
  • If the site is supposed to be secure, make sure the URL says htttps and not http. Especially when logging in to sensitive places.
  • Make sure you know if the web site is to go somewhere else by a redirect. Most sites don’t redirect to offsite URL’s.

On that last point, I have a redirector for a sub domain to point directly to an HTML site on the same site. I also had a sub domain pointing directly to my blog at livejournal, but i show you where it is going, instead of hiding that fact. This way, the user can question me about that, and I can tell them its safe.

What other thoughts do you have? Get in touch.

Comments (0)

comments for today

Hi jared.
Hmm ransomware, yeah anyone can make it, sad but true.
Companies will do anything to get their data back, sad but true.
They should have backups but a lot I know don’t have adiquit backups.
Kids and the net.
You know my feelings on the issues, kids shouldn’t have any access to the net, a mobile phone, etc till they are 13 or maybe older I never got mine till I was 20.
Failing that, kids need to have the net restricted for them before they get on it.
Ie no access to facebook, no way to tweat, no way to do anything bar what is safe.
Soon enough they will figure out how to get through controls you put in place.
The net needs to be portrayed as a emulation of the real world.
Its a good place to find info, buy things etc, but as in the real world there are dangers and these are mirrored on the net a lot more than you think.
Some scientists have found out that the digital data we put out can be used to profile us humans, and without the offline limitations we usually associate with normal laws online, we reveal our true selves.
This in itselves is scary in deed.
I am usually myself online though I know my temper can get a bit hyped at times.
So we need to be ourselves where ever we go.
Kids are smart they will eventually break any blockers you chuck at them.
Its also known that they can change their profiles on social networks so they are above the restricted age.
The net should be discussed as an extention to the real world its just more of the real world with 0 travel time.
Sadly I have seen extremes on each end.
I do not know about the non safe end as such but I do know about the super safe end.
If you are to safe and you don’t risk then you are to protected and this is not good either.
I have family with a religious type of thing going on.
Their children for a while got restricted tv, restricted net in fact no net, no phones, etc because they were full of evil.
They rebelled.
Whenever at a tv they all watched it 24-7.
One of them grew up eventually pirating software and loading cracks and doing things she shouldn’t because she was denyed the risk.
I have seen worse, people that will simply crack things because the net is to dangerous to buy stuff from.
People that will simply not buy anything online or worse will just not do things that are conciddered dangerous.
I worked for a school who had some serious issues with their system.
Holes where while secure, things just didn’t work right.
They restricted some sites sure, but while trying to report an access issue I inadvertantly opened a staff email account I shouldn’t have access to.
I reported it immediately ofcause.
Their responce was to say I hacked their net and a lot of other lies and to fire me.
I assume therefor that this is how they handle all their security.
Gettring rid of the visible issue and not fixing things.

Another thing to notice.
If your kids grow and get more familiar with the net they may eventually outgrow things.
Eventually every one of your kids will need their device and you will loose control at that point.
I have various people I help, those that will respond to a virus installing every program to secure their system only to give it to me unworking and slow.
I have had to basically pull out all the security programs and reinstall everything so its working right.
Then there is the secured person which is uncertain what is or isn’t.
Ie, those boxes on the internet saying you are insecure must be lagit but are the program icons on the system tray lagit?
Should I ask the admin, no he’ll think I am a total dumbass, I better not.
As you realise, the ones he should have looked at are the ones in systray by the clock but if you havn’t used it before it can be a strange place to look at stuff if you expect it to appear in front of you.
While it was a headake for me to clear it, it can be a issue for users that do not use all their desktop all the time or their icons.
Its a lot better to be happy that your users are secure but I do get called about icons, what do they mean, or my system is secure but how do I get this function or this data.
So things do happen a lot.
Most of the time, what does this button do.
Ie, there is a web icon on your brouser saying things are not secure.
There is an icon in the notification ariea but its saying something else and you are not sure what both are.
In this case the icon on the tray was wrongly being reported because of an error in the program the icon in the brouser was fake but a user wouldn’t know what was safe even adults do it.
It maybe therefore a bit hard to secure your child totally.
They will learn as they want.
The only thing I guess is to show them what is safe and what is not.
On that note, safe is one term they may have to find out for themselves.
Generational safety will change from time to time, general safety can be taught but the rest well it will depend on what is needed.

Comments (0)

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

I know I may be posting things that were posted in the past, but I found this article entitled Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows that was sent in a newsletter that I’m subscribed to. The library should be commended to the fact that they did not pay the demands of the hackers, and were able to get their data back from backups. I believe this is how it should go. I’m curioius on your thoughts on this one, even though its older, its still relivant.

Comments (0)

Kids and Internet Safety: How Parents Should Have ‘The Conversation’

I read this article entitled Kids and Internet Safety: How Parents Should Have ‘The Conversation’ and there are some takeaways here.

“Threats are everywhere
U.S. households are filled with more devices than ever before. Recent research conducted by Trend Micro found that nearly 30 percent have three or more smartphones, around a third have two or more tablets and close to half have two or more computers in their household. These are your gateway to the internet. But they can also be a doorway for malicious attackers to enter your virtual world, and that of your children.

Why is this important? Because you are ultimately responsible for your child’s safety online, just as you are in the real world. And those cyber threats aren’t going away anytime soon. In fact, we found that two-thirds (65 percent) of American families have had their home PCs infected with a virus or piece of malware. Over a third (36 percent) have lost files or had them damaged, and 13 percent have had passwords stolen. The repercussions are potentially serious, ranging from identity and financial fraud to ransomware which can lock the entire family out of their devices and render all your personal data useless.
What’s more, there are specific online threats to children to be mindful of. Over a third (34 percent) of U.S. respondents claimed their children have viewed inappropriate content online. And 8 percent said they kids had suffered at the hands of cyberbullies. Unfortunately, bullying is as old as mankind, but in the cyber world taunts and threats can be far worse as the offenders feel they are hidden by a blanket of online anonymity. That 8 percent figure is likely to be far higher in reality, as many victims will choose not to report cyberbullying.”

There’s more to this article, but this needs to be talked about. Even the kids I know are starting to have time restrictions placed on the use of devices. Check this article out.

Comments (0)

Ransomware for Dummies: Anyone Can Do It

I read this article entitled Ransomware for Dummies: Anyone Can Do It and this is so true. I’ve never got in to bitcoin at all, and honestly, I don’t know how accessible it would be, but seeing that bitcoin is even hard to buy, I’m surprised how lucritive this actually is. I still remember the story I heard on NPR I believe it was, where someone was forced to travel 200 miles in a storm to get money to pay to get their files back. While they missed their deadline, the people said they paid, and released their files. This definitely should be something to read. Thoughts?

Comments (0)

Freedom Scientific® Introduces ElBraille

Freedom Scientific

Media Contact: Richard Tapping
800-444-4443 or 727-803-8000
Sales: info@vfogroup.com

Freedom Scientific® Introduces ElBraille

A cutting-edge, extremely portable Braille computer

(St. Petersburg, Florida – March 01, 2017)

Freedom Scientific® today introduced ElBraille, running Microsoft Windows® 10 and JAWS 18, the ElBraille is the newest portable computing solution for the blind and the logical next step in notetaker development. The ElBraille-14 and ElBraille-40 use JAWS® 18 to provide speech and braille output and JAWS’ BrailleIn feature to allow complete control of the ElBraille computer from the Perkins-style, braille keyboard. The Windows ® operating environment is the standard in education and professional settings. Run Windows applications such as the Microsoft Office suite or Adobe Reader for complete access to all mainstream document and file types. Use accessibility applications and accessories such as OpenBook® (printed text to speech and braille software) with the PEARL® Camera to immediately read classroom texts or meeting and lecture handouts.

Running the latest Windows operating system on an Intel Atom quad core processor, with 160 GB of internal memory and 2 GB RAM, and incorporating either the Focus 14 or 40 Blue Braille Display, and JAWS 18, the ElBraille is the logical choice for anyone who wants to raise notetaking and portable, accessible computing to the highest level.

“It makes sense to use a device which completely supports mainstream applications, such as Microsoft Word, Excel, PowerPoint and Outlook,” says Brad Davis, Vice President of Hardware Product Management at Freedom Scientific. “Adding Wi-Fi, Bluetooth, and cellular connectivity with up to 20 hours battery life makes the ElBraille a real productivity powerhouse,” says Brad Davis.

The ElBraille-14 is scheduled to go on sale in the US and Canada in the second quarter of 2017 with the ElBraille-40 following soon after.

About VFO™ and Freedom Scientific®

VFO™ is a leading global assistive technology provider for the visually impaired. The VFO™ brands have a long history of developing and providing innovative solutions for blind and low vision individuals, helping them to reach their full potential.

Freedom Scientific®, one of the VFO™ brands, is the leading worldwide provider of assistive technology products for those with vision impairments. The Company sells its products worldwide and has offices in Florida and Switzerland. The Company’s products have been translated into 24 languages and are available in 55 countries. Freedom Scientific® also has a line of software products for those with learning disabilities.

Freedom Scientific® and JAWS® are registered trademarks in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

We invite you to like us on Facebook and follow us on Twitter.

VFO™, 11800 31st Court North, St. Petersburg, FL 33716-1805

Comments (0)

Cloud Flare in trouble?

Hi folks,

I saw two articles from Last Pass recently, and it seems as though the bug is repaired. Two Security Bulletins: SHA-1 Collision Attack and Cloudflare Incident posted on the 24th and Alerts for Cloudflare Sites in LastPass Security Challenge which was posted on the 27th of this month. Lastpass can be trusted on getting this type of information out accurately, and I trust that the issue has been fixed and nothing is at risk unless it is cached. Check these out.

Update: Fixed a broken link for the first story. Also, this was discussed on SN 601. Sorry about that!

Comments (0)

The world’s first braille smartwatch is on its way to buyers

I saw this article on Herbie’s facebook. The world’s first braille smartwatch is on its way to buyers is the name of the article. According to Herbie, its about $300 and this does sound interesting. Check this one out.

Comments (0)

How To Avoid Becoming the Next Big Phishing Headline

I saved a link to a video, which unfortunately, I can’t download. How To Avoid Becoming the Next Big Phishing Headline is the article, and it should be checked out. The video is free to watch.

Comments (0)

Some of what I’ve been reading this week

This is only some of what I’ve been reading in the tech world this past week.

How to Bury a Major Breach Notification February 21, 2017 Krebs On Security
The Healthcare Underground: Electronic Health Records for Sale February 21, 2017 Trend Micro
RAMNIT: The Comeback Story of 2016 February 20, 2017 trend micro
Shooting Gallery: A Breakdown of Phishing Targets in 2016 February 21, 2017 Phishlabs
Fake apps, fake games: An update on gaming malware February 23, 2017 Trend Micro

Hope you’ll find something of interest to read.

Comments (0)

Technology podcast 256 is now up!

On our RSS feed, you’ll find the podcast. Its numbered 256. Here’s the show notes on it, and I hope you enjoy the show! See you next time.

Welcome to the technology blog and podcast, this is podcast 256. On this podcast, we have 7 different segments for you including vocal thoughts on the AI squared issue, which one of my helpers of the blog sent an E-mail on. Be sure to read my post before podcast 255’s release entitled Making sure we give out accurate information for the reading of my thoughts. The Transit App has a function where you can put in intersections. I demonstrate that as part of segment 2. Segments 3 and 4 introduce and talk about a video where someone talks about the top ten tweets that could get you fired from your job. Segment 5 was quite interesting as I demonstrate a game Super Tile Smash app directory entry (apple vis) and they are listening. They posted a thread on Apple vis entitled: Our new game Super Tile Smash Forum post (apple Vis) ofr you to comment on. Segment 6 is news notes where i have some quick mention on what is on the blog that might be of interest. Since I haden’t posted in awhile, I even have some news notes from the prior week where I find after the fact some articles I’ve already commented on. Finally, a segment with some additional comments made to me in regards to Super Tile Smash via E-mail and contact information. I hope you’ll enjoy the program as much as I have putting it together for you. The program is an hour and a half long, and I’ll definitely see you on another edition of the podcast. See you soon!

Comments Off on Technology podcast 256 is now up!

Roger talk: What we’ve been up to: Project Fika

Hello folks, I was tipped off to this Roger posting entitled What we’ve been up to: Project Fika and it talks about Rogertalk closing March 15, 2017 in exchange for a business platform called Fika. I know from reading the release here that it will include video and other business related things to get things done, similar to whats already out there. Sometimes, companies need to focus their attention to things that make money, as they need to stay afloat.

I liked roger for its security aspect within the app. While I was told they use straight mp3 files when using something like IFTT, the app itself was garnered very secure, and this is because no telephone numbers were ever needed. The thing I don’t like about whats app is the fact you need to associate your number, and unless the number is in everyone’s contacts, everyone sees this information. I do not personally want to give my cell phone number out publically, although i have done it occasionally for people having whats app, I only announced it once, and left it at that.

This must have been a hard decision for the company, although, people may have complained too much about things the blocking feature should’ve taken care of, so they got tired of it. The blind community wine too much when we have something good a company is offering, but it would not surprise me if it was both, a company decision, driven by false abuse compalints solved by people complaining aabout name calling, etc. which people are doing in this community.

Roger, you’ll be missed. Sorry to see you go.

Comments Off on Roger talk: What we’ve been up to: Project Fika

News notes for this week

Some of the articles are already here, but here are some of the other things I’ve read as of late.

  • This site as I was just curious what was there now, says it is down for maintenance or unavailable. I read Kreb’s article earlier on Feb 15, and it is a good one. I didn’t cover this in news notes, for the next upcoming podcast, however, Krebs always does a good job with these. Guess we’ll find out more later.
  • Unix: A Game Changer in the Ransomware Landscape? Trend Micro Intellegance blog February 13, 2017
    • This article caught my attention because it talks about web hosting services, and a number of places that have unix as a platform and how actors can take advantage of things to do a number of things to the computer including making it useless for its task.
  • What’s In Shodan? Analyzing Exposed Cyber Assets in the United States Trend Micro February 15, 2017 and Devices Exposing Critical Industries and U.S. Cities Trend Micro February 15, 2017
    • These two articles talk about the same thing, and i cover this in my news notes for the upcoming podcast. This is definitely of interest because of the fact that a huge number of devices can be potentially targeted because some aspects of the devices are public facing either by design, or by mistake. For those who don’t know, Shodan is a site similar to google, but they analyse ports and whats out there, where Google indexes web sites in general. The research is interesting, and an eye opener.
  • CERBER Changes Course, Triple Checks for Security Software Trend Micro February 14, 2017
    • This is a big ransomware headache, and what I read today from this article absolutely scares me. Two things stick out in regards to this article. First, it says it doesn’t toucch the program data, it only encrypts your files. It also says it checks three times for antivirus software. From my understand of reading these articles, ransomware won’t let you do anything else until you pay up, so your antivirus or other security software is useless. I wonder why they did this?
  • Brute Force RDP Attacks Plant CRYSIS Ransomware Trend Micro February 9, 2017
    • RDP was talked about on Security Now, I don’t remember exactly what it does, but this definitely sounds bad. Are there better things to do?
  • Mirai Widens Distribution with New Trojan that Scans More Ports Trend Micro Feb 13, 2017
    • Finally, as we haven’t had enough with this ransomware, and now that the code is out, its only going to get worse. This is the next thing coming, where it can plant more stuff to worry about. This can’t get worse, can it?

    If you have any comments on these, fire away. I’ll have more later.

    Comments Off on News notes for this week

    Mirai Widens Distribution with New Trojan that Scans More Ports

    I read today an article entitled Mirai Widens Distribution with New Trojan that Scans More Ports and it was very interesting how this bot has just morphed in to something that can just cause havoc. Sometimes, releasing source code can be a good thing, but in this case, it is for all bad. This is something probably good for the security community at the time it was done, but now, who knows what else can happen. If we were to defend from this, how would we be doing this successfully?

    Comments Off on Mirai Widens Distribution with New Trojan that Scans More Ports

    Top 10 Spammer Indicted for Wire Fraud

    On the 6th of February, Top 10 Spammer Indicted for Wire Fraud was published, and I always love covering news that is great. We need good news after reading about really bad breaches we have no control over. Check out the good news here.

    Comments Off on Top 10 Spammer Indicted for Wire Fraud

    Fast Food Chain Arby’s Acknowledges Breach

    Hello folks, on February 9th, I saw this post from Krebs on Security entitled Fast Food Chain Arby’s Acknowledges Breach but I honestly don’t remember ever reading anything initial from the blog talking about it. I can’t blame myself because i read so much stuff. There are links to other similar breaches including Wendies which then confirmed the breach two months later. I don’t remember ever eating at the chain called Arby’s, but it would be comparable to something like subway from what I know of it, or similar to a delli.

    In any case, this can’t be good for consumers, as if you went back after getting your card replaced, the cycle starts all over again. We know this happened after the target and wendies breaches. It would have been more on wendies than target, but it is still a problem today. As consumers, we need to figure out how we can hold companies accountable for these types of activities. If you have constructive thoughts, I’d love to hear from you.

    Comments Off on Fast Food Chain Arby’s Acknowledges Breach

    InterContinental Confirms Breach at 12 Hotels

    On the 6th of February, I saw this article entitled InterContinental Confirms Breach at 12 Hotels which reminds me of the multiple trump hotel breaches. While this story indicates that trump hotels acknowledged the breaches, I honestly don’t remember this as part of reading them back then. Here is the first story and here is the second one. If you read that there was confirmation, please let me know, as I don’t remember reading that they confirmed anything.

    This story also has stories dealing with other breaches the blog covered from the past year. This hopefully will slow down, at least I hope they do, as there are better things to do than cover breaches which is why the podcast slowed down, but since it picked up, we need to be vigelant about this.

    This story goes in to detail on what happens, so please take a look.

    Comments Off on InterContinental Confirms Breach at 12 Hotels

    Fashion company’s rude response shock s job applicant

    Shaun sent this article entitled Fashion company’s rude response shock s job applicant on the 27th of January. I’m getting a chance to read this, but there is a difference between a breach and a hack. The fact that the company apologized is a first step on fixing something which should never happen in the first place when looking for a mjob. The applicant, according to the article, had plenty of experience and a finished schooling and deploma to top it all off. That is definitely going to be a public nightmare for this company.

    Comments Off on Fashion company’s rude response shock s job applicant

    How Google Took on Mirai, KrebsOnSecurity

    In the catching up department, I remember this story well, in fact, this was one of these stories where great thought was put in to this from what i can tell. How Google Took on Mirai, KrebsOnSecurity goes in to the detail on how this great resource that has tipped me off in to the enourmous breaches we’ve been seeing lately and how i was made aware of them thanks to Krebs. The botnet in question has been covered in great length by Security Now as well as Kreb’s blog. Check out this one.

    Comments Off on How Google Took on Mirai, KrebsOnSecurity

    Extremely dissatisfied with the developers of tweetbot in regards to accessibility improvement promises

    Hi folks, in the Mac world, accessibility is still a concern just as in the windows world. While I’m not a full time mac user, and I’ve dabbled in this world a little bit, I came across this apple vis post from a mac user about an app which is accessible for the most part. Contacting the developer yielded mixed results and comments are asking for far and wide coverage of the fact the developer doesn’t seem to care about whether their app works. Why would an app be accessible but yet it can’t read the names of the people tweeting? The windows apps I’ve used have done this, so I know its possible. Please contact this developer if you use the app and let them know your concerns. This is not acceptable, and if I used an app that way, I’d write them just like the folks in this thread have done.

    Comments Off on Extremely dissatisfied with the developers of tweetbot in regards to accessibility improvement promises

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu