go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Hard to swallow: 17m user details stolen in Zomato security breach

Oh boy. I just tweeted this for several users, and if this is true, we are definitely lucky in one aspect, but not in the other.

This is 17 million more people who have been breached. The good news is that they used what security experts call salt to add to the hash which from what I understand makes it more difficult to crack the password.

The company is also lucky in that they got the hacker to not sell it, and that they will create a program to better fix the issues that may have been found. Check this article out.

Zomato has become the latest victim of a massive cyberattack, as the details of 17m users are stolen, including email addresses.

Source: Hard to swallow: 17m user details stolen in Zomato security breach

Comments (0)

Serotek’s Position on Microsoft Edge | Serotek

Hi folks, I agree with this, although I’m not a Cerotek customer. I don’t believe that anyone is really supporting Edge, even Window-Eyes, which stopped development, doesn’t work with it as far as I know. I’m also not a 10 user, but this should be shared.

Source: Serotek’s Position on Microsoft Edge | Serotek

Comments (0)

WannaCry, What Is It?

Hi folks, my article WannaCry, What Is It? is now published on Vocal. It even has a world map as of last tuesday of the infection rate. Luckily, the attack has slowed down for now, but we do know there will be copycat variants, and the fact that it has been named means its out there somewhere. I published about that one the other day on the blog. You may find my preliminary thoughts on wannacry on this blog. Vocal has my longer thought process with resources at the end for you to read. I hope you enjoy it!

Comments (0)

Ethics of Self-Driving Cars

This is a very interesting article I found on omni.media, one of many vocal related sites. While looking to see the status of something i published, I came across this. It raises some questions that I think we should discuss. As people with disabilities, what would be some of these answers?

Putting AI behind the wheel raises many questions and concerns, and on the verge of this becoming our reality, we must examine the ethics of self-driving cars.

Source: Ethics of Self-Driving Cars

Comments (0)

The Impact of Ransomware on Non-Profit Organisations

This is a great article in regards to what ransomware is, what you should do, and how to protect yourself. Its a bit lengthy, but not technical at all. If nothing else, people should read this article. Well done.

Source: The Impact of Ransomware on Non-Profit Organisations

Comments (0)

And Now a Ransomware Tool That Charges Based On Where You Live

OK, Here’s something for you all on this blog. Not sure now what to think. If this is the case, my conversation yesterday with someone will make us doomed.

Malware is designed to charge more for victims in countries with a higher cost of living, Recorded Future says.

Source: And Now a Ransomware Tool That Charges Based On Where You Live

Comments (0)

After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

OK folks, welcome to another post here on the blog. As Trend Micro predicted, we have a new ransomware based on wannaCry. After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit is the name of the article. It does follow suit by having the same type of thing where ms17-10 is concerned, if they didn’t find anything else. Here is a portion of that article in which it explains a little bit of what this is.

“Contrary to recent news citing UIWIX as WannaCry’s new—even evolved—version, our ongoing analysis indicates it’s a new family that uses the same Server Message Block (SMB) vulnerabilities (MS17-010, code named EternalBlue upon its public disclosure by Shadow Brokers) that WannaCry exploits to infect systems, propagate within networks and scan the internet to infect more victims.

So how is UIWIX different? It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don’t entail writing actual files/components to the computer’s disks, which greatly reduces its footprint and in turn makes detection trickier.

UIWIX is also stealthier, opting to terminate itself if it detects the presence of a virtual machine (VM) or sandbox. Based on UIWIX’s code strings, it appears to have routines capable of gathering the infected system’s browser login, File Transfer Protocol (FTP), email, and messenger credentials.”

I’m still unsure really about this server message block and what it does, but criminals are going to take advantage of this for some time to come. Why? Because, as we’ve learned, patching is not as easy as it seems to be. We can tell people to patch, but patching can take anywhere from a month, to 6 months.

I really think that is too long, and even we were surprised on the fact that Windows XP and server 2003 were even patched, from this last outbreak, but Microsoft thought it to be a good idea because of how wide spread this problem is.

I’m not going to dwell on this issue, as patching should be a first resort on fixing a vulnerability once a patch is successfully created and made available, but systems as we learned must go through testing in the larger world, and if programs break that run on these systems, then the system can’t be patched.

According to Ransomware: What Are the Bad Guys After and How Do I Stop Them? they want to cause as much damage as possible, whether it is monitary, or whether it is physical. They want to hurt you at the worst possible time, when files matter to you. Backing up is the first step, and making sure your stuff is backed up on a regular basis.

e article WannaCry & The Reality Of Patching will go in to detail on why patching is becoming a problem today.

I’ll have my longer article out, but wanted to get some more information out now while it is still fresh.

Thoughts? Please give us a holler on the comment boards.

Comments (0)

A new ransomware wannacry

Hello folks,

I don’t know how I can turn this in to a longer article, so I’ll post it to my blog and leave it at that. I joined the Sans group with a webbinar in regards to this new threat called Wanna Cry. This article from Krebs on security entitled U.K. Hospitals Hit in Widespread Ransomware Attack was posted on the 12th of May. As Brian covered, he mentioned what this was, and the fact that not only were the hospitals hit with this, but so was a telephone company. Sans’s webbinar last night said there were at least 56,000 different infections at one point, just by doing scans, nothing more. They made it clear that they never accessed any machines, just did scans.

Sans indicates that while this was bad, its only going to get worse. USCERT has a writeup entitled Indicators Associated With WannaCry Ransomware which was posted yesterday as well. The SMB system I’m not too familiar with, but this can hit even with patched systems. We’ll keep our eyes and ears open for more.

Comments (4)

How Can We Defend Against Ransomware?

My article on Vocal How Can We Defend Against Ransomware? has been published. On this article, I talk about two different articles and the big uptick in ransomware cases, and there is no sign of slowing down. Criminals find this lucritive, because you need your files, and most people don’t back up, or if they do, it isn’t on a regular basis. The human element must have a part in this, it has to start with it. Please discuss your thoughts.

Comments (0)

Patch Tuesday is here

Hi all,

Brian Krebs has posted like he usually does, and Sans is also covering the microsoft bug that was patched out of cycle to fix some things with their removal tool. I’m sure that Trend Micro will also come out with a post, unless I missed it. Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday is the article for now.

I’m about to publish a great ransomware piece on a side note, and it should be available tomorrow. Hopefully we’re all patched soon, and we can continue to stay as safe as possible. This article I wrote which I’ll cover once posted could be part of why we need to continue to patch where we can because if it gets through some newly developed way besides E-mail, you could be protected. For now, it is delivered by E-mail, but who knows what the future holds. Thats why i mention this article on passing here, as if we were patched, and it was delivered through a bug of some sort on a piece of software, then we could be doomed. Maybe I’m thinking ahead here, but thoughts are welcome.

Comments (0)

Google and authentication

Hello everyone,

I saw a few articles this morning on an issue in regards to Google and authentication. One was from Trend Micro, the other from my favorite writers at Trend Micro. The long of the short of it is that Google was made aware of an issue where you were sent an E-mail to your google account. If you clicked on the E-mail link, it would ask you for permission to access your account to view the document in docs through the protocol o-auth. If granted, the person in question had complete access to your entire account. Trend Micro indicates that if you just go to the profile page, and remove the access, no further access is granted. Google has pushed a fix so nobody else can be infected by this, but if you have, just remove the access within your account. Clever.

Thanks for reading, and stay safe. As a side note, any link to google docs etc. if signed in, should already connect you through their interface, not through o-auth.

Comments (0)

Trying a new site for publishing to a wider audience

Hi all,

I’ve always tried to write about various types of technology, and even when I’ve gotten articles out, I’ve not had a lock on them. Part of that trouble is my plug in I think, where it isn’t tweeting anymore. The other aspect is, that this site, Vocal allows me to branch out and cover a wide variety of topics all on the same platform. I know it is accessible, however, they need images. They helped me publish a longer piece I wrote based off of this blog post and while I did a great job with this one, they wanted me to expand. I should’ve expanded and talked here more about what ATPC is. While I’m not going to full out blog here about it, but I wanted to share my longer piece entitled: “ATPC Hit with Ransomware, Does Not Pay” with you. It shows I have no biography, but I do. I know they’re making some changes, and I want people to know I’m still going to blog here. I also know I’ve not done a lot of reading as of late, and there’s a lot I need to read. I’m hoping Vocal will take off, and allow me to branch out in to other categories, and eventually, get paid.

It isn’t going to be a fast process, nor is it going to be easy, but I’m up for the challenge. I’m still going to blog here, and if I find something good, I’ll be sure to blog about it. The thing about this site and Vocal, is Vocal needs to be your own content. You can link to others, however, they want it to really be your own. I hope you’ll enjoy the article I published over there, and I’ll publish links to those articles once they get approved, if they are tech related for everyone who may not be familiar with them, to see what else I’m writing. Hope everyone is enjoying their stay here, and please feel free to check out check out Vocal to see if it is a viable solution to what you’d like to do in reaching a wider audience.

Make it a great day! See you all soon.

Comments (2)

Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

OK, is this how security products are supposed to be made? If Samsung did have a part in this, they should be ashamed with themselves. Check this one out.

Source: Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

Comments Off on Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

Patch tuesday

Hi all, its that time of month again, the time where we must reboot our PC’s to allow for updates to take effect. Starting this month, Microsoft has discontinued issuing bulletines on what the updates covered. April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks from Trend Micro and Critical Security Updates from Adobe, Microsoft from Krebs on Security will give you varying views on whats up. This Networkworld article entitled Microsoft kicks security bulletins to the curb in favor of security update guide may go in to further detail on why they did this. This is in the better late than never department, so i hope you’ll enjoy taking a look at these things as we continue to fight the security battle.

Comments Off on Patch tuesday

Lessons from IBM InterConnect – Disruption is Inevitable

Herbie sent me this article Lessons from IBM InterConnect – Disruption is Inevitable and I found it interesting. We know Watson beat everyone on Jeopardy for a time, and he’s fed tons of data. I’d be interested on your thoughts on this.

Comments Off on Lessons from IBM InterConnect – Disruption is Inevitable

Things I’ve been reading for the past while

Hi folks,

I know I’m probably so late with some of these, its been busy with my schedule. I want to post the things I think people should check out for the last few days. Please feel free to check out my twitter feed to see what I tweet, maybe something will be of interest that I post after I read it. For other social media options, Go to my network home page and select the heading for social media. Thanks for reading!

  • From hackers’ point of views: New study exposes their strategies Trend Micro This article I just read today. It was interesting to hear what they’re after and maybe a little on how things are done. Forward thinking on maybe how to prottect ourselves a bit? Not sure, but the thought of this was interesting.
  • How Mobile Phones Turn Into A Corporate Threat Trend Micro We use mobile phones now more than ever. I went in kicking and screaming about the iphone, and in some ways, I’m happy I have mine. It has helped me when I’ve gotten lost, and it helps me know when the MTA bus comes so I can plan my trip. It also gets me off the bus, when the AVA (automated voice announcement) system does not call stops. Now, they can connect to E-mail through the various gateways, and we can be productive while not at a computer. With this convenience, this causes risks, and some of them can be prevented such as not opening attachments because there is malware being developed for the phone, and that can be transmitted in to the corporate environment, for example. This one should be checked out if nothing else.
  • 3 overlooked endpoints for cyber attacks and how to protect them Trend Micro This has three bullet points and links to other information for further reading. If you care about such things, this article is a must read.
  • 5 ways machine learning can be used for security today Trend Micro this article talks about how machine learning can help with protection. Next Generation scanners are coming, and Trend Micro has been doing this type of work for many years.
  • Cerber Starts Evading Machine Learning Trend Micro this article talks about Cerber, a worm, that is being trained to evade detection from the above machine learning technique, so it can stay around. Very clever stuff.
  • How and Why the Phishing Threat Landscape Has Changed A forward looking blog post talking about the real world risks of the phishing landscape and what we should expect now. This is real world information, and something that people should check out.
  • In a bit of good news, Krebs On Security gives us an article I thought was worth tweeting about. Alleged vDOS Owners Poised to Stand Trial is the article. We’ve covered this operation on the blog before, and this is good reporting here by Brian. Now, people are being caught, and we can’t hide, even if we did use a VPN as someone can always know who we are.
  • Last Pass has been busy as of late, and Security Update for the LastPass Extension from Last Pass talks about the latest. Security Now has been covering the various bugs that Google’s Tavis Ormondy has been finding, and these are big things which Lastpass has been right on top of. These guys are very serious on their work, and I don’t see any change in that, even though, I believe they were baught out, by another company if I remember right. Maybe I’m wrong, but I thought I saw that one somewhere.
  • CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino Trend Micro This article is better late than never. This talks about a bug which was fixed which exploit kits have been taking advantage of.
  • Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important Trend Micro talks about the patch Tuesday which was this past March’s list of changes. No reason really on why Microsoft delayed February, so we got a bunch.

There is more that you could read, but this will keep you busy for awhile. I’ll try to get more articles out on a timely manner with in a day of me reading stuff so that I can talk about them more. Any thoughts on this list? Do let me know your thoughts.

Comments Off on Things I’ve been reading for the past while

Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

Hi folks,

Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:


Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck


I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.

Comments Off on Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live

Hi folks, I just read this article sent to me entitled 14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live and this can’t be good. First, lets say I’m in California, which I am. Next, lets say that the person that is doing something is in another state, lets say New York. Lets say I know them. Lets say I pick up the phone and dial 911 which the article is saying to do. I tell the dispatcher that I’m seeing a crime of some sort live on facebook. I get them the URL. Now, my question for discussion is this: will the police forward this on to the proper authorities in which the crime is taking place? I’m not sure how the multi agency stuff works, but I don’t know if 911 is used for such things. This is where you come in, and you can let me know your thoughts.

Comments Off on 14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live

IOS 10.3 has been out

Hi all,

In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.

Comments Off on IOS 10.3 has been out

FBI: Attackers Targeting Anonymous FTP Servers in Healthcare

Hello folks, this article came across my desk through a newsletter I’m subscribed to. The article is entitled: FBI: Attackers Targeting Anonymous FTP Servers in Healthcare and I do not believe that our FTP allows anonymous access even if we turn it on now a days. I really think we need to be aware of this, and pass it along to our dentist and health care people that we know. This couldn’t get worse, can it?

Comments (1)

Older Posts »

go to sections menu


navigation menu

go to sections menu