go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: September 2016

Go to Homepage [0], contents or to navigation menu



What have I read the past few days?

Hi folks,

Here is some of what I’ve read the past 4 to 5 days.

It looks ,like Yahoo is at it with the biggest breach we’ve ever seem. First, from Trend Micro Think changing your Yahoo password is enough? Think again is the first article from Trend Micro. Then, we have Yahoo Breach: It’s Time to Keep Those Password Safe but both articles are needing to be read and I personally don’t think that it matters the order.

Ransomware is back in the news. This time, its a 172 percent rise as we learn How to Protect Yourself Against Ransomware – Part 1 and it is a great read. Goes back to the prior articles I’ve posted including phishing in the E-mail, and other odds and ends.

Next, in the business E-mail compromise department, we have the biggest heist I’ve ever seen in this article from trend micro Yet another company lost $6M to #BEC, and it could be a result of poorly implemented security protocol. and I don’t see this going away any time soon. If I were you, I’d search out these articles so you can learn how to protect your self and your business, especially if you’re a small business. BEC scams are not picky.

We even have more from the POS department, the same payment systems we use every day and had malware which captured credit cards and other data. This time: PoS Malware: Old Dog Learns New Tricks and it can’t be good.

In the hospital field, some 4 days ago or so, I read something about pagers and hospitals and the types of issues that can be found with that technology today. This article entitled Leaking Beeps: Here’s A Reason to Kick Pagers out of Hospitals and this one practically scared me. I wonder what the data was that was being transmitted, and what they’ll have to use next? What about the fax machines they use?

In the sex department, where sex and tech meet, sadly not in a good way with this article, Kids as young as 10 caught sending nude photos in #sexting scandal and some disgression should be taken when reading this one.

I think this is it for now, went several days back. Come and comment if you wish.

Comments Off on What have I read the past few days?

a quicky for this week

Hi all.
This week’s update is short and sweet.
For all users of office 2016 there is another update package today.
I don’t know what it does its not breaking office which is good.
On the other side, msse has a update, note, on at least 1 win7 system that I tried, the update crashed out during install and there was 2 icons left in taskbar I can only surmise that that is the case.
I ran the install withe try button and it worked.
And thats that.

Comments Off on a quicky for this week

as if we don’t have enough to worry about

Hi all.
This is a quick post to say there is another new virus going round.
It is not targeted at the pc market, we are the target in fact.
I refer to articles that have been going round, you can search for this but aparently some joker has it in his head or maybe his non head to make a video saying you can “put a new 3.5 inch jack in your iphone by drilling one”
This is obviously a prank but it fooled many people into destroying their devices.
Youtube is a good source of entertainment but now we have to worry about the fake youtube videos.
The fake vid plays on users wanting something badly in this case the phone jack.
It then gives a solution.
And then it says it works.
Instructions are made simple and straight foreward and then executed.
The payload a dead phone results from this.
What scares me is this is exactly how a scam or any malware or virus works.
There is not any security software for our minds, some of us shouldn’t be that gullable.
If you do fall victum to this malware video you will have to replace your phone, attempting to comment will not garner sympathy from the origional prankster either just more sarchasm.
While most of us were wised up to this obvious joke a lot were not.over 8 million listened to this.
If we fall for this destructive video then no security software or protection will help us if we are that dumb!
Maybe there are just more dumb people than we will ever know.
It saddens me that this even happens.
On the other side, while there were troubles with office yesterday, a download of a new update package and subsiquent program reconfig on the particular workstation has resulted in no destruction of any files.

Comments Off on as if we don’t have enough to worry about

From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments

On Friday, I saw this article entitled and it talks about what I’ve been saying for awhile now. Ransomware is starting to come in with E-mail attachments from places you might expect shipping notifications from. You know what gets me about this? I know when I’m expecting a package, and usually I will either ask it to E-mail or text me, and it is from trhe site I’m expecting it to come from. These say something like UPS, and it’ll tell you that it couldn’t be delivered. The actor wants you to open the attachment for details. If there was a problem, it would be logged with the shipping company so when you called by phone, they could tell you what happened and you can reschedule it, or have it directed somewhere else. This reminds me of this article I talked about entitled Why Some Phishing Emails Will Always Get Through Your Spam Filter and these are some that will get through because it looks credible.

Why does it look credible?

  • You may at the time of the E-mail be expecting a package.
  • When you look at the E-mail, it might sound plausable seeing that it has been several days since you got a notice if you’ve requested one.
  • The from says UPS/Fedex/DHL or other shipping company.
  • The E-mail is signed by a supposed manager.

In the tech blogs post of phishing being a problem by coming in to your inbox, I posted such an E-mail i got saying the exact thing. I was not expecting any type of delivery, I looked at the E-mail address and it didn’t match any type of shipping company address.

Each shipping company has a typical pattern of shipping confirmation and tracking number. For example, the E-mail will greet you a certain way, UPS for example has shipping confirmations starting with 1z, and other characteristics that you need to be aware of if you receive packages in a regular basis.

While I’m not sure about other carriors, I know that Amazon will use their own, which an app like Delivered will not track.

If you have thoughts, please feel free to share them, we’re continuing to track this as a problem, and I at least, want to pass my experience on. I hope this helps.

Comments Off on From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments

office updates

Hi all.
A quick note to say that I recieved some updates to office this week.
Found them by accident on windows update twitter feed.
There are more accessibility improvements now so that works.
The only thing to tell all of you is continue what you are doing.
On a security note, I recieved messages from a friend that got ransomware.
I do think we need a refresher course.
There are several reasons you get ransomware.
1. you click links on dodgy websites, click links in fishing email, or spam or visit dodgy sites.
2. you download pirated software or fake software and don’t check it, antimalware stuff should pick some of this up but don’t tempt it man.
3. answer one of those automated or otherwise cold spam calls, don’t do that.
You shouldn’t click links you don’t know either.
If your friend sends you something to share scan it before you use.

You could be unlucky, but its almost impossible to get ransomware unless you are that unlucky.
But what happens if you have got some.
If you have been reading the blog or the net you will know how much dammage both physically and finantialy this thing effects everything else.
So what do you do.
1. reformat all your computers, and restore from backup.
Reupload all your files you want to your cloud accounts, change all your passwords and bank accounts and other things if you think they could be effected especially with scam calls.
Tell your friends about your loss and get them to make sure all their stuff is ok and give them a heads up.
Thats if you are lucky.
If not, in addition you will need to reformat your computer, your family’s computers, your friends computers, delete all your cloud accounts or clear them out and change passwords, destroy your backups, smash your computers and replace them, and probably not use the net.
I can’t stress this enough, there is no cure for ransomware bar to ditch everything and start fresh and hope you don’t screw up again.
Or you could pay the bad guys if you want.
Security stats show they tend to go away after you pay them and leave your stuff alone to.
The message to this scarey article is don’t catch this thing.
If you do you are screwed and so is evrything you own and everything your friends and family own if they have shared with you in the past.
There is supposed to be antiransomware software in the works from companies like malwarebytes but its not out just yet.

Comments Off on office updates

Tech podcast 250 is now out

On the RSS feed, tech 250 is finally released after a month.


Hello folks, welcome to the podcast, its been awhile. We’ve been busy making sure we’re following the Childrens Online Protection Privacy Act (FTC) and making sure MENVI’s web site is efficiently covered. I talked briefly about this, and the link here will give you more information. We also had some other issues with a few sites which I needed to be involved in as well. We have an interesting talk in this podcast about security and other odds and ends in regards to workflow, and we have a 2nd part dealing with the Lastpass authenticator. I hope you’ll enjoy the podcast as much as I have putting it together for you.


RSS

Comments Off on Tech podcast 250 is now out

DDoS Mitigation Firm Has History of Hijacks

OK, this article was interesting. It talks about this company who apparently operated on both sides, protecting people, as well as being a part of the problem. DDoS Mitigation Firm Has History of Hijacks is the name of the article. and its a great read. I think we should all read it. Check it out.

Comments Off on DDoS Mitigation Firm Has History of Hijacks

updates for this week

Hi.
Firstly fully agree with the photos article just posted.
We humans need to realise that when we store something online its hard to kill.
So posting stupidly weather it be a prank, picture, or stupid video with you in the nood is probably not the best thing to post if you don’t want it in your face later on.
We know that courts can use as evedence our online profiles so as I have been saying for ages, we should treat the internet to as much as we can as if its an offline thing.
I know thats hard text brings up a lot of things, you decide from a person’s name who he or she, it is and in fact it is an it.
Gender is not the net’s middle name.
We are all its, we don’t have any names, no identities, we aren’t even human at least on the serfice.
Its only after you audio with someone or chat and know them that you can identify them etc.
When you use text you set a profile and most of the time what you think isn’t the real truth it almost never is.

Now on to this load of updates.
The first is a timezone update for windows.
Next are 2 updates, a role up for windows 7 itself, and another one to fix what it broke with system file checker.
Next is a dotnet reliability update.
Last on the list will please users that havn’t jumped to 10 yet.
Microsoft! is! fucking! leaving us alone!!!
Thats right, one of the updates is instructed to clear the windows 10 gwx program and all gwx related updates and spyware off our systems.
I assume therefor that the gwx app and all other updates are now no longer part of microsoft.
At least we know ms stuck to their guns.
For those of us getting nagged that stopps.
For me even with gwx removed I have noticed the system drives processing a lot of data somewhere, this has stopped.
If we want win10 we can get it.
If we want it for free and you have a screen reader go get it that way.
If you want the upgrade, then install nvda which is free and upgrade, you can probably kill that later once you are upgraded if you so wish.
I don’t suggest normals get it but ms has not restricted it your access tech needs to be install does not need to be running maybe it does.
Ms took a year and a month with several modifications to the gwx to try to get us to go to 10 and they have now given up on those that don’t want to go.
The only thing you will have to download after you restart is a stack update to windows for stability that is not on the update list but will appear.
My suspician is that its probably to replace some dammaged files or something.
While the updates are mostly fixing what was broken its good to see ms releasing features again.
In the last few weeks even before ms shut down xp and even after doing so for a while features were output to the os.

Comments Off on updates for this week

Congressional Report Slams OPM on Data Breach

I’ve been going back and I remember reading this article entitled Congressional Report Slams OPM on Data Breach from Brian. I don’t think I posted this, but OPM should be ashamed of its actions that lead to the biggest breach I’ve ever witnessed besides the Target one of course. I do not think that it is going to get better, and this is going to just absolutely not be good. If the company knew about someone for example, getting in to their network, and it took awhile to get them out, and they leave someone else alone, then you’re going to get owned. I just don’t know what the solution is, but the article will talk more about this. Enjoy!

Comments Off on Congressional Report Slams OPM on Data Breach

Alleged vDOS Proprietors Arrested in Israel

OK, some days ago, I read this article entitled Alleged vDOS Proprietors Arrested in Israel which got paid based on the amount of damage they could do to various networks. Brian covers this well, in fact, I was going through to see what else I have missed that should be covered here and this one is it. They would not target their own country, but they would target the rest of the world. According to the article, this company made $600,000 and there was no financial data or if it was provided, several years were deleted. Brian thinks it was in the millions, and it was around from 2012 from what I remember of this article? I think this one should be read, glad these guys are caught, and may they think about how to be in a legit business.

Comments Off on Alleged vDOS Proprietors Arrested in Israel

Linux Security: A Closer Look at the Latest Linux Threats

Wow, here we go. I was not aware Linux was effected as much as macs or PC’s but here is an article entitled Linux Security: A Closer Look at the Latest Linux Threats and its from Trend Micro. I don’t know if I’m on this particular blog, but if I am not, I need to be. As I check, I’m not, and I should. I’ll see if I can get an RSS to this particular blog because it would be more in my security bag I can share and possibly talk about. I’ll be sure to look this up as if this gets big, we really need to harden defenses. Your thoughts on this Linux article are welcome.

Comments Off on Linux Security: A Closer Look at the Latest Linux Threats

The Darker Side of Posting Your Baby’s Pics on #SocialMedia

OK folks, I read an interesting article which is a tech related article. Someone whom I follow talks and writes and shares about protecting children and cyberbullying and other topics. This time, we learn about The Darker Side of Posting Your Baby’s Pics on #SocialMedia and it is something to think about.

The article talks about an 18-year-old suing their parents about their pictures online when they were young. These types of pictures can be anything from sleeping, to anything else. These photos apparently are on facebookk, or other social media.

“They knew no shame and no limits,” the anonymous woman said to the Austrian newspaper
The Local
. “They didn’t care if I was sitting on the toilet or lying naked in the cot, every moment was photographed and made public.” The case will be taken to court in November, and will likely stir up a dialogue: When is it — and isn’t it — appropriate to post photos of your kids on Facebook?”

There are links within this and it is something to talk about. Since I don’t care much about pictures, I know i would not be taking pictures of my kids, no matter what they were doing.

I think now a days, we are needing to think about whether our kids should have their pictures taken, no matter what. In today’s world, anything can be published, so maybe I’d think twice about having pictures taken, even in the yearbook, unless I had a talk to the school about privacy and their intent with the pictures.

When we grew up, digital media was not around, even saving pictures on the phone was large files that couldn’t easily be put somewhere else. Now, it can be done, and this should be the topic. Thoughts?

Comments (1)

Google Moves To Protect Online Credit Card Users

Hello folks,

In the better security department, i came across this article entitled Google Moves To Protect Online Credit Card Users and I’m not really sure what to think. Part of me thinks its a good idea, only because change needs to happen somehow, and Google has a good way of forcing change. As I told Steve Gibson, who plans to talk about it at some point, Google has the mustard to make change. While Most users use Chrome according to the article, I know it isn’t accessible in Windows, unless that has changed.

I have played with it on a mac, and I’ve gotten it to work, but never personally tried chrome on the PC side.

I find that it is a good idea to be under SSL/TLS when sending credit cards, and I don’t ask for that via E-mail anyway.

Your thoughts are welcome in the comments.

Comments Off on Google Moves To Protect Online Credit Card Users

Comments on the latest posts

Hi.
Jared, every system can get infected.
Windows is the target, the mac can get infected so can linux.
Anything with access to the net can get violated.
Fishing, yeah if we used less security software that caused so much issues and used our brains the majority of viruses etc wouldn’t be a problem but we seldom do.
Even if we do we can get caught out.
A lot of updates for the last year are for people running infected code or email attachments and its a race betweene the hackers, the manufacturers and the stupid users.
Google protecting peoples stuff online yeah that is a good move though by using something like paypal for logins, pluss whatever site you have login access with plus if you need to your google site is quite secure in itself.

Comments Off on Comments on the latest posts

Google Moves To Protect Online Credit Card Users

Hi folks,

Just read this article I think people using Chrome should see. Google Moves To Protect Online Credit Card Users I’m not sure about firefox, think we get warnings already about insecure content. Your thoughts on this article are welcome.

Comments Off on Google Moves To Protect Online Credit Card Users

Yelp not liable for allegedly defamatory customer reviews blog.internetcases.com/2016/09/14/yel

On the 14th of this month, I read an article by Internet Cases Even Brown who used to be on This Week in Law. I still read his blog because I find it interesting. It talks about a court case where someone sued Yelp, the company that gets reviews about places around the world, in regards to some type of issue that someone had. The article is entitled Yelp not liable for allegedly defamatory customer reviews blog.internetcases.com/2016/09/14/yel and it was a good one. A good reason why yelp won because the person didn’t have much ground according to this. I find stuff like this interesting. What are your thoughts?

Comments Off on Yelp not liable for allegedly defamatory customer reviews blog.internetcases.com/2016/09/14/yel

Why Some Phishing Emails Will Always Get Through Your Spam Filter

I read a few days ago an article entitled Why Some Phishing Emails Will Always Get Through Your Spam Filter and I can see how we need to be more proactive. This is very important now a days where it comes down to securing our identities or other business transactions unlike how it was before. This does not matter what type of operating system you use. This is a full on problem humans can solve by understanding what they’re reading. For example, I got the following in my inbox just today:


Dear Jared,

Your parcel has arrived at September 17. Courier was unable to deliver the parcel to you.
Delivery Label is attached to this email.

Warm regards,
Willie Bradshaw,
FedEx Delivery Agent.


I knew this was a form of phishing, although it contains an attachment, and I’m not expecting any attachments at all. Here are my thoughts on the above E-mail.

First of all, Fed-ex or any place that sends deliveries to you will not E-mail you with a problem, it’ll be tracked, and you’ll be notified by the company doing the delivery. I’m sure they will not send a zip file such as 00000231244.zip and when you look at the zip file, you’ll find it has an executable instead of an invoice. Also, I just looked at the E-mail address, and I’m sure it won’t ever come from “FedEx 2Day A.M.” <willie.bradshaw@getaquote.com.sg telling me that its from fed-ex.

I aught to know when I’m receiving a package, and it takes the human mind to know whether you are receiving a package, and what web site it may come from. When I received my amazon package, I knew my tracking app delivered wouldn’t track it, so Amazon tracked it for me, and i relied on it for updates, not some E-mail like this.

Fed-ex, UPS, and a bunch of other services uses delivered which is an app that accepts its tracking number and I can track it through it instead of getting E-mail or texts from the site directly. There are other tracking apps around, but that is just one of them.

When I received the E-mail, I was on teamtalk asking what this is about, as I’m not receiving any packages, and none are on the way.

Does this make sense on why this E-mail, although it isn’t phishing, would trigger someone to open its attachment?

Phishing works a little bit different, where someone targets the person by claiming some sort of winnings, or some sort of reason to click on a link in most cases, not attachments. They still can be very harmful, and this is something you need to be aware of.

Lets all stay safe, check out the article, and be prepared to use the human mind.

Comments Off on Why Some Phishing Emails Will Always Get Through Your Spam Filter

This months security patches

Hi all,

I know its a bit on the late side for me to post about this months patches from the various companies, but it has been very busy around here, which is why I’ve also not posted my series of what I’ve been reading lately.

I find this article September Patch Tuesday: Browser, Exchange, Office Bugs Dominate more comprehensive, although I can’t knock Adobe, Microsoft Push Critical Updates down on coverage either. Both articles have their points on whats up, one goes in to more detail than the other, and I’ll publish both of them so you can decide which article you’d like to read. Lets be as safe as we can.

Comments Off on This months security patches

Is the Mac as safe as people think?

A few days ago, Trend Micro wrote an interesting article which came across my RSS feed talking about the Mac and its recent virus issues as of late. Windows is still the target, but the Mac does have some targets that this article talks about. The targets are the form of ransomware. The article is entitled: Ransomware is a growing risk on Macs and this is just as dangerous as the PC. With the recent articles dealing with Ransomware that I’ve been reading such as Businesses beware: New open source ransomware threatens the enterprise community it wouldn’t surprise me if Macs are being braught in to the workplace because people think they are safer.

In a future podcast, I am going to go ahead and write about my experience learning a mac, as I needed to, because the agency I’m with was using macs and we were needing to use them. Now, I don’t know how I’m going to hold that knowledge, however, I’m glad I learned it. It was eye opening.

Do you have any thoughts on this article as it relates to the mac? Sound off in the comments.

Comments Off on Is the Mac as safe as people think?

flash dieing

Hi all.
Distribution of flash goes away at the end of this month.
You can still get flash with all its spyware and badness on get.adobe.com
However adobe aparently according to some news sources is actually closing down flash due to its insecure nature and that its not the best technology anymore.
html5 seems to be the thing out, I am not sure about flash based games, but I guess they will have to eventually go html5 to.

Comments Off on flash dieing

Older Posts »

go to sections menu


navigation menu

go to sections menu