go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: June 2019

Go to Homepage [0], contents or to navigation menu



What to do if your email gets hacked

Hi all, I recently read an article about 5 signs that email gets hacked. They advise on what we should do in this article. I tried to help someone in a simular situation about one account on a domain I host here on the network, and I asked if the email was sent from our server and showed them how to check the sent items. Thats one thing we can do. Lastpass has a bunch of other stuff we can try, so 5 Signs Your Email Was Hacked – and What to Do About It  is the article.

I hope you enjoy it as much as I have reading it.

Comments (1)

Here’s something to ponder: Should User Passwords Expire? Microsoft Ends its Policy

hHere’s an article entitled Should User Passwords Expire? Microsoft Ends its Policy and it really makes you think. Here’s what I’m talking about under the heading “Password Requirements Misused” which talks about the misuse of what might be a bad practice.

It’s time to create a new password. Your system requires the password to be eight characters long, use one special character, and at least one number.
So what does the user put in place? Software Engineer Joshua Temple says it comes down to users going the easy route:

“Users don’t understand the concept of a secure password – if you can remember it, it isn’t secure. Most websites say ‘Must use one capital letter, special
character and a number, and be eight characters long and do a little jingle’, which then, typical user uses Somewords1234! instead of 71bzcWcN^BJ91*uMO”

Temple suggests that if a user falls into the above category, it is a safe assumption they do not subscribe to the concept of two factor authentication,
and even worse, there is a high likelihood this individual is reusing said poor practices across multiple services. So, even if on the off chance they
use a different password for a sensitive account, in some shape or form, it is associated to a poorly secured account. One breach of an account owned by
this ‘type’ of user, leads to a waterfall of compromised services. Changing passwords on a routine basis is a great practice, but it is only as secure
of a practice as the password itself.

This is a lot to think about, correct? I try not to use the same passwords, even if I generate it myself. I want to remember it and not use Lastpass for everything, so I’ve tried to change a combbination I can remember and come up with a very interesting pattern. I somehow can’t remember it, and maybe I should get rid of that practice. The heading that got my attention talks about not using your brain. The heading is: “Stop Using Your Brain” within the article.

For most organizations there is a balance between ease of use and security, a hypothetical seesaw, which takes us to our final point of view, our IT lead,
Shelby Baylis. While users may want to fly through logins and have everything easily accessible, organizations need to decide which end of the seesaw should
hold the most weight. For a company like ours, Baylis posits that our organization should always tip on the side of stronger security.

Because of this, Baylis feels that means regardless of Microsoft’s shift in policy, that organizations should still use time-based prompts to force users
to reset their passwords.

“Many will assume that a complex, memorable password is preferable to a regular interval. The solution is neither. Stop using your brains to create a password.
Use a password manager whether it is a local one like KeePass or a cloud-based one like LastPass. Let them generate a 20+ character password for you and
you just rely on your brain to change your master password on a regular basis.”

This is sound advice from someone who has to put up with actual users in a highly secure environment. Of course our other engineer still holds a valid
point regarding mass adoption from consumers, that enterprise organizations should draw a line in the sand and enforce whatever policy makes the most sense
for their needs.

“A regular interval for a password change is important because if your account is ever compromised in a breach and we hear about it until after the fact,
which is the case for most breaches, it is of no consequence because that password expired oodles ago since we have a password expiration policy. Stop
trying to use your brain on generating passwords. Use the password manager and its built in generator,” said Baylis.

They aren’t wrong. Now is the time that it is too dangerous for us as individuals to use our brains. They’ve got great things in this article, and I’ve only quoted two sections. I’m saddened that we really need to do this, as trying to find patterns we can remember should be a lot easier. It is time for us to stop this practice, and it should be changed, and its something I’ll continue to fix in my password practice.

One thing I tried to do was a pass phraise. If my pass phraise said: “Rusty is a good dog” I tried to make it secure by changing characters and even went so far as to put in a number like 1987. Of course, this might end up working if it is something you can remember, but I put this phraise as a note for one of my accounts, and last I knew I couldn’t get in to the thing as I had two of these types of phraises. I’m wondering if it is time to give this up and just use a manager such as lastpass, Trend Micro, Key Pass, One Password, or another not known to me or not mentioned? Its something we must think about, and we need to think about it really soon. Thoughts are welcome.

Comments (0)

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

Here’s an article about our favorite aspect of our lives, Mirai. Its up to some very new dangerous tricks. I think this is the most dangerous piece of malware out there. I just can’t imagine the type of things it can do now of days, and the article goes in to great detail on the latest happenings.

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

Comments (0)

Jaws gets an update, fixes major Adobe bug: other fixes too

Hi all,

Jaws has released their June 2019 update. In it, they fixed a major adobe issue in the reader product where MSAA mode would be on where it reads PDF files to you using this mode. I reported it, and was able to send a smaller file instead of the one I intended to send. This happened with every single PDF file.

In the release notes issued for this update, they talk about fixing this bug where the virtual buffer (MSAA) was not being loaded with the content, even when we tell Adobe that we’re using assistive technology.

Thank you VFO, for fixing this issue. For those who primarily use Jaws, the fix is welcome. Luckily, I was able to save the file and get a text representation, now, I can go back to reading PDF’s as intended.

There are also a bunch of other fixes between the April and June releases, and you can read them from this Freedom Scientific page for your convenience. Thanks for reading!

Comments (0)

Microsoft patches, we should too

Hi all,

I’ve not done one of these posts in awhile. Krebs on Security is one source where you can get information about the patches. Trend Micro is another source where you can go to read.

I’m sure that we’ll be updated over all too, as it sometimes can take time to push the updates out to everyone. Be on the lookout!

Comments (0)

A 2.274 update with lots of changes

Hi all,

I’ve been through some updates of Braille 2000 lately, and want to highlight some of the changes made.

  • There was a table fix which I’ve not experienced, where the table went over to a second page and didn’t work correctly.
  • Another beta tester requested knowing what was being read when read to end is envoked.
  • We’ve got in one version highlighting on by default, which caused double reading in JFW.
  • We compromised to have scrolling with no highlighting by default, so an options dialogue box was created as part of the speech settings. By default, Braille 2000 will scroll the screen as it reads, and the cursor will be where it is reading at the top of each paragraph.
  • I had some confusion over changing the setting to braille view and it telling me the change. It does this when info messages are on. It works as described. You can also intarigate the document data option to get the information an as needed basis. This may cause double reading in Jaws and NVDA, I’m not sure why.
  • There is an option to get document information such as the file name, path of the file, and the page size. The page size deals with how many cells per line, and how many lines the page is.
  • We’ve also fine tuned the reading where the document reading process tells you you’ve reached the end, as well as telling you in a blank document that the document is empty.

    The issues where reading line, paragraph, field, etc. all report if there is content, or not.

    The next project for Braille 2000 as a whole is to work on full math support. Bob indicates that this needs an overhall, and honestly, its not accessible to the blind as of yet. There is a full panel of stuff that the sighted transcriber can utalize to get proper braille. While I’ve typed up assignment 14, aspects of the course material needed to be in sim braille. Sim braille, (otherwise known as simulated braille) is basically braille dots on the page, but yet, we enter this data using ascii characters such as a for 1 when followed by the number sign or the number character in print. Braille 2000 properly lets us know the dot patterns of the simulated braille during reading of lines, paragraphs, or read to end. This has been working now for a few versions of the 2.274 beta cycle.

    If you have any comments, or find a bug during the beta process contact Braille 2000 so they may investigate. We look forward to getting the next release out to the public very soon. I think we’re getting very close. Math is the biggest thing now, and hopefully it’ll develop in to something very useful very soon.

    Comments (0)

    Braille 2000 is getting closer: still a bit of work to do

    Well, it is time to do another write up of the Braille 2000 beta testing process. For the most part, things are getting in to shape. There are a few things, one of them I’ve questioned, and it was fixed, as well as some loose ends.

    • When Braille 2000 was launched with the latest release, it did not tell you that it was launching by telling you the program, version number, and the fact it was the talking edition. I would personally feel better hearing it twice, as each screen reader is different on how that initial screen is interacted with. We’re reverting this change to do that, as now it does it when announcements for info messages is checked in the speech settings.
    • When I turned on info messages, it told me the version info as well as that the file was open. While I liked that idea, I honestly don’t need to know if a file is open successfully, and I can get that feedback by asking JFW or NVDA for that matter to read the title bar. I can also query the current line I’m on with the on demand speaking if I really want to know.
    • We’ve added the mute option instead of speak nothing. for the voice nothing option. When activated, Braille 2000 will not speak, but it will also say mute on. When Braille 2000 launches, it’ll tell you that speech is muted. To not speak unless you want it to for on demand or otherwise, uncheck all options in the speech settings.

    Question: right now, if there is no file open, querying line, paragraph, or read to end has no speech, should it say file is blank, blank, leave it at nothing? If you’re on a blank line with a file open, JFW at least will read the file name to you, but the on demand speaking says nothing. I will be running this by Bob for the thoughts on how we should andle this if you are one that relies on the full on demand speaking of the talking edition.

    We’re also adding the capability of reading field data while in a table using Braille 2000. Telling the field data while using the arrow keys should yield in a future release if it doesn’t work already, should stay silent when in the same field. When it changes, it’ll tell you. Right now, I can’t get this to work, but the option for field is in the menus for tell, so I’ll also run this by Bob.

    Is there anything else that you think we’re missing? Have you tested the beta? Please advise me on what else you’d like to see.

    contacting us

    To get your copy of the BETA., please contact Braille 2000 and contact me through my web site if you have any questions, comments, or concerns.

    Bob and I would like to thank every one of you for your interest in our project. We hope to have this out of beta really soon.

    The Braille 2000 team

    Comments (0)

    WWDC, IOS, Mac, and More

    Hello all,

    WWDC was on June 3rd, and Apple Vis has several posts in which there is covere in regards to the Mac, IOS, the watch, and even some accessibility news in regards to these platforms.

    I got a chance to review the WWDC post, and some of the accessibility post for myself. For those who don’t know about these posts, I’ll supply the links.

    One user who talked about WWDC with me indicated that they watched it. I did not, but I read the majority of these posts I’m linking. The podcast links to an audio file which is podcast 1242 in the series. The articles are broken in to headings where appropriate.

    Did you watch WWDC and if so, what did you think? One person said it was a waste of their 2 hours of time it took to watch it. I personally didn’t see it, so I’ve got no comment. Let me know in the comments.

    Comments (0)

    Capital one fixes major accessibility bug in app

    Hi all,

    In an earlier post we reported a major accessibility bug in the way Capital One gave us information after doubletapping on your card name. A customer notified this network of the updated app released on June 4th which addressed this bug.

    We, the blind community, commend Capital One for their fast action fixing this critical bug to the available credit aspect of their app.

    I can confirm that one of the people did leave feedback for Capital One, and I had planned to do it and just didn’t get around to it. Thanks so much for your continued support, Capital One, you are committted to this community, and we should applaud you.

    Comments (0)

    I just love these fake emails

    So, I’ve been going through my email on White Cane Travel. I’ve not checked that account in awhile, and decided to pay it a visit. I just love these emails that claim I’m hacked, and that if I don’t pay a ransom, that my information will be given out to all my contacts. Its too bad that nobody has contacted me, now hasn’t it?

    Here’s one such email.

    White Cane Travel’s contact form for a comment or question
    Below is the result of your feedback form. It was submitted by
    (
    martinhennef@aol.com)
    on Monday, May 27, 2019 at 12:04:15
    —————————————————————————
    name: RobertFex
    phone: 88357582874
    method: Phone
    to: Jared Rimer
    bug: No
    additional_bug_info: Your computer, email and smartphone are hacked. We have all your photos, personal correspondence and access to bank accounts.
    On June 3, we will post on the Internet and send to all people who you have in contacts and social networks all your photos, correspondence, access to
    bank accounts and payment systems.
    You will be sued and the police will be interested in your person.
    A ransom is worth 1 Bitcoin.
    Pay 1 BTC until June 3 to our bitcoin wallet: 1LNcUGLunEpDMo4sxNAgAKAGk8eAddTGW
    comment_or_question: Your computer, email and smartphone are hacked. We have all your photos, personal correspondence and access to bank accounts.
    On June 3, we will post on the Internet and send to all people who you have in contacts and social networks all your photos, correspondence, access to
    bank accounts and payment systems.
    You will be sued and the police will be interested in your person.
    A ransom is worth 1 Bitcoin.
    Pay 1 BTC until June 3 to our bitcoin wallet: 1LNcUGLunEpDMo4sxNAgAKAGk8eAddTGW
    —————————————————————————

    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51
    REMOTE_ADDR: 31.13.191.107

    Notice that they put the same message in the bug reporting portion and the comment section? This isn’t the only email. 6 out of the 8 emails I checked through the account indicate that I should be paying ransom. One of the other emails is saying I can earn bitcoin as shown below.

    White Cane Travel’s contact form for a comment or question
    Below is the result of your feedback form. It was submitted by
    (
    ramn_12@hotmail.com)
    on Monday, June 03, 2019 at 04:03:47
    —————————————————————————
    name: Marlonjurgy
    phone: 86116487977
    method: Phone
    to: Jared Rimer
    bug: No
    additional_bug_info: Forex 1000 To 1 Million вРâ Turning $10,000 into $1 Million in Forex:
    http://box9.ru/get-35-btc/?p=31574

    comment_or_question: Forex 1000 To 1 Million вРâ Turning $10,000 into $1 Million in Forex:
    http://box9.ru/get-35-btc/?p=31574

    —————————————————————————

    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99
    REMOTE_ADDR: 185.112.82.237

    Here’s the one that really gets me out of all of the ones I’ve seen.

    White Cane Travel’s contact form for a comment or question
    Below is the result of your feedback form. It was submitted by
    (
    eugdf@uhfeif.com)
    on Monday, June 03, 2019 at 04:03:47
    —————————————————————————
    name: Williamadara
    phone: 89552811158
    method: Phone
    to: Jared Rimer
    bug: No
    additional_bug_info: Hey. Soon your hosting account and your domain whitecanetravel.com will be blocked forever, and you will receive tens of thousands
    of negative feedback from angry people.

    Here is a list of what you get if you donâ t follow my requirements:
    + abuse spamhouse for aggressive web spam
    + tens of thousands of negative reviews about you and your website from angry people for aggressive web and email spam
    + lifetime blocking of your hosting account for aggressive web and email spam
    + lifetime blocking of your domain for aggressive web and email spam
    + Thousands of angry complaints from angry people will come to your mail and messengers for sending you a lot of spam
    + complete destruction of your reputation and loss of clients forever
    + for a full recovery from the damage you need tens of thousands of dollars

    Do you want this?

    If you do not want the above problems, then before June 1, 2019, you need to send me 0.3 BTC to my Bitcoin wallet: 19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL

    How do I do all this to get this result:
    1. I will send 30 messages to 13 000 000 sites with contact forms with offensive messages with the address of your site, that is, in this situation, you
    and the spammer and insult people. And everyone will not care that it is not you.
    2. Iâ ll send 300 messages to 9,000,000 email addresses and very intrusive advertisements for making money and offer a free iPhone with your website address
    whitecanetravel.com and your contact details. And then send out abusive messages with the address of your site.
    3. I will do aggressive spam on blogs, forums and other sites (in my database there are 35 978 370 sites and 315900 sites from which you will definitely
    get a huge amount of abuse) of your site whitecanetravel.com. After such spam, the spamhouse will turn its attention
    on you and after several abuses your host will be forced to block your account for life. Your domain registrar will also block your domain permanently.

    My bitcoin wallet:19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL

    I have a lot of experience. Here are just getting blocking and angry letters my sites that I tried to promote, now it’s time to earn on the skill of blocking
    sites))
    If before June 1, 2019 you do not send 0.3 BTC, I will start a massive aggressive spam of your site for tens of millions of other sites and email addresses
    and your site will be definitely blocked and will receive a lot of negative reviews.
    Transfer 0.3 BTC to my wallet and sleep peacefully without worrying about your site.

    My bitcoin wallet:19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL
    comment_or_question: Hey. Soon your hosting account and your domain whitecanetravel.com will be blocked forever, and you will receive tens of thousands
    of negative feedback from angry people.

    Here is a list of what you get if you donâ t follow my requirements:
    + abuse spamhouse for aggressive web spam
    + tens of thousands of negative reviews about you and your website from angry people for aggressive web and email spam
    + lifetime blocking of your hosting account for aggressive web and email spam
    + lifetime blocking of your domain for aggressive web and email spam
    + Thousands of angry complaints from angry people will come to your mail and messengers for sending you a lot of spam
    + complete destruction of your reputation and loss of clients forever
    + for a full recovery from the damage you need tens of thousands of dollars

    Do you want this?

    If you do not want the above problems, then before June 1, 2019, you need to send me 0.3 BTC to my Bitcoin wallet: 19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL

    How do I do all this to get this result:
    1. I will send 30 messages to 13 000 000 sites with contact forms with offensive messages with the address of your site, that is, in this situation, you
    and the spammer and insult people. And everyone will not care that it is not you.
    2. Iâ ll send 300 messages to 9,000,000 email addresses and very intrusive advertisements for making money and offer a free iPhone with your website address
    whitecanetravel.com and your contact details. And then send out abusive messages with the address of your site.
    3. I will do aggressive spam on blogs, forums and other sites (in my database there are 35 978 370 sites and 315900 sites from which you will definitely
    get a huge amount of abuse) of your site whitecanetravel.com. After such spam, the spamhouse will turn its attention
    on you and after several abuses your host will be forced to block your account for life. Your domain registrar will also block your domain permanently.

    My bitcoin wallet:19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL

    I have a lot of experience. Here are just getting blocking and angry letters my sites that I tried to promote, now it’s time to earn on the skill of blocking
    sites))
    If before June 1, 2019 you do not send 0.3 BTC, I will start a massive aggressive spam of your site for tens of millions of other sites and email addresses
    and your site will be definitely blocked and will receive a lot of negative reviews.
    Transfer 0.3 BTC to my wallet and sleep peacefully without worrying about your site.

    My bitcoin wallet:19ckouUP2E22aJR5BPFdf7jP2oNXR3bezL
    —————————————————————————

    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36
    REMOTE_ADDR: 185.104.217.66

    This character indicates that he’ll get the domain closed if I don’t pay ransom as well as the fact they will spam millions of people pointing them to my site where I don’t sell any iphones. Hey! If he wants to claim I sell iphones, and I get email, then I can tell them that I don’t sell iphones, and I can thank them for visiting. I hope that his visitors to my site read what its about before sending angry email. Its also well known that the several emails I’ve given you as samples of what I’m getting are fake names, and probably fake phone numbers.

    By the way, I am making it very clear that I do not have any bitcoin, nor am I interested in having any. I now have to buy it, and its expensive. Should’ve gotten in many years ago. Sorry guys, you lose.

    I would report all of these things, but honestly, I know it won’t go away. I think there are sites out there that can tell me who owns an IP, and where to send reports, but these types of messages are more annoying, although I’d love to turn these people in. I tried to block IP’s from visiting the site, but thats of no value. What ideas do you have to get these people not to use the forms for spam?

    I’ve even gotten email claiming I could go to a site, fill out some details, and my message could be sent to millions even while solving captchas just like they did with mine. Pay $49 instead of $99 for this service.

    All of these have fake names. No wonder I’ve not bitten on any of these. Have fun reading this post.

    Comments (0)

    go to sections menu


    navigation menu

    go to sections menu