go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Anthem reports 18,500 members involved in new data breach

Continue: ‘Anthem reports 18,500 members involved in new data breach’

Comments (0)

Screen reader usage, part 4 is now up

After a long break due to me changing editors, I’m now presenting part 4 of my screen reader usage series. Go get the article by going to this link. Instead of trying to gague keystrokes that I honestly don’t remember, I took a different approach to this article. I talked about how the keystrokes are completely different, and how, when using multiple technologies such as Windows, IOS, Mac, and the various readers, how keeping all of this remembered is the key. I didn’t do any keystroke posting here, as I don’t use the mac on a regular basis. I’m hopeful that people will be finding this article of interest. Thanks for reading, and I’m sure I’ll have more soon.

Comments (0)

This month’s patch Tuesday

This month’s windows updates

Hello all, this month has seen quite a number of fixes, and if you’ve not been around, this is definitely something to read. Trend Micro of course has a great roundup entitled July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens which was an interesting read. I did not know much about this product, but there is other stuff besides that one. Of course, we can’t forget about Kreb’s coverage with Adobe, Microsoft Push Critical Security Fixes which is a good read as well. Lets stay as safe as possible.

Comments Off on This month’s patch Tuesday

Microsoft’s New iPhone App Helps Blind People ‘See’ | Time.com

Continue: ‘Microsoft’s New iPhone App Helps Blind People ‘See’ | Time.com’

Comments Off on Microsoft’s New iPhone App Helps Blind People ‘See’ | Time.com

Screen reader series

Hello folks,

Its been quite a busy time of me writing lately. It didn’t help that the person that helps me was away, but things are back on track. I’m curious on your thoughts on my screen reader series. I’ve had the first two published on omni. Part 1 was published on the 8th of June, and part 2 was published on the 9th. I hope you all enjoy the articles.

Comments Off on Screen reader series

Android Overlay and Accessibility Features Leave Millions at Risk

OK, this is as bad as it gets for Android, right? While reading the sans newsletter I talked about in my first article for today, I came across this. Sent this to Security Now, and someone else who uses Android that i know. All I can say is that I hope that nobody who is disabled who relies on the disability features like talkback’s screen reader, or any magnification program that might be available got hit with this. This sounds bad. Really bad if someone who is disabled got hit with this.

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

Source: Android Overlay and Accessibility Features Leave Millions at Risk

Comments Off on Android Overlay and Accessibility Features Leave Millions at Risk

WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows

Hi folks,

This is quite interesting. I’ve published several longer posts on ransomware through my Vocal posts on this blog, and while I’d love to write about this one, it is definitely something that can speak for itself. We’ve definitely learned quite a lot since last week’s publishing of my longer piece on Vocal. Like I’ve said before, we’ve got to use our heads, as this has to start somewhere, probably with a phish. I don’t believe this was started by someone using Shodan from that location, and spewing the net with port 445 scans and infecting all of that. Luckily, very little was spent on notes although $110,000 is nothing to sneeze at. The article also continues to say that only 250,000 machines and 150 countries. This thing could’ve been worse.

Before I give you the article, Security Now reported that someone was looking to take the domain offline, unleashing this thing to cause more havoc. Not sure if it was successful, but something to keep in mind.

Now, to the article and its link.

But a Chinese-language link doesn’t shoot down theories of the North Korean Lazarus Group’s involvement in the ransomware worm attacks, say language experts at Flashpoint.

Source: WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows

Comments Off on WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows

Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls

Continue: ‘Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls’

Comments Off on Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls

Hard to swallow: 17m user details stolen in Zomato security breach

Oh boy. I just tweeted this for several users, and if this is true, we are definitely lucky in one aspect, but not in the other.

This is 17 million more people who have been breached. The good news is that they used what security experts call salt to add to the hash which from what I understand makes it more difficult to crack the password.

The company is also lucky in that they got the hacker to not sell it, and that they will create a program to better fix the issues that may have been found. Check this article out.

Zomato has become the latest victim of a massive cyberattack, as the details of 17m users are stolen, including email addresses.

Source: Hard to swallow: 17m user details stolen in Zomato security breach

Comments (1)

Serotek’s Position on Microsoft Edge | Serotek

Hi folks, I agree with this, although I’m not a Cerotek customer. I don’t believe that anyone is really supporting Edge, even Window-Eyes, which stopped development, doesn’t work with it as far as I know. I’m also not a 10 user, but this should be shared.

Source: Serotek’s Position on Microsoft Edge | Serotek

Comments (1)

WannaCry, What Is It?

Hi folks, my article WannaCry, What Is It? is now published on Vocal. It even has a world map as of last tuesday of the infection rate. Luckily, the attack has slowed down for now, but we do know there will be copycat variants, and the fact that it has been named means its out there somewhere. I published about that one the other day on the blog. You may find my preliminary thoughts on wannacry on this blog. Vocal has my longer thought process with resources at the end for you to read. I hope you enjoy it!

Comments Off on WannaCry, What Is It?

Ethics of Self-Driving Cars

This is a very interesting article I found on omni.media, one of many vocal related sites. While looking to see the status of something i published, I came across this. It raises some questions that I think we should discuss. As people with disabilities, what would be some of these answers?

Putting AI behind the wheel raises many questions and concerns, and on the verge of this becoming our reality, we must examine the ethics of self-driving cars.

Source: Ethics of Self-Driving Cars

Comments (1)

The Impact of Ransomware on Non-Profit Organisations

This is a great article in regards to what ransomware is, what you should do, and how to protect yourself. Its a bit lengthy, but not technical at all. If nothing else, people should read this article. Well done.

Source: The Impact of Ransomware on Non-Profit Organisations

Comments Off on The Impact of Ransomware on Non-Profit Organisations

And Now a Ransomware Tool That Charges Based On Where You Live

OK, Here’s something for you all on this blog. Not sure now what to think. If this is the case, my conversation yesterday with someone will make us doomed.

Malware is designed to charge more for victims in countries with a higher cost of living, Recorded Future says.

Source: And Now a Ransomware Tool That Charges Based On Where You Live

Comments Off on And Now a Ransomware Tool That Charges Based On Where You Live

After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

OK folks, welcome to another post here on the blog. As Trend Micro predicted, we have a new ransomware based on wannaCry. After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit is the name of the article. It does follow suit by having the same type of thing where ms17-10 is concerned, if they didn’t find anything else. Here is a portion of that article in which it explains a little bit of what this is.

“Contrary to recent news citing UIWIX as WannaCry’s new—even evolved—version, our ongoing analysis indicates it’s a new family that uses the same Server Message Block (SMB) vulnerabilities (MS17-010, code named EternalBlue upon its public disclosure by Shadow Brokers) that WannaCry exploits to infect systems, propagate within networks and scan the internet to infect more victims.

So how is UIWIX different? It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don’t entail writing actual files/components to the computer’s disks, which greatly reduces its footprint and in turn makes detection trickier.

UIWIX is also stealthier, opting to terminate itself if it detects the presence of a virtual machine (VM) or sandbox. Based on UIWIX’s code strings, it appears to have routines capable of gathering the infected system’s browser login, File Transfer Protocol (FTP), email, and messenger credentials.”

I’m still unsure really about this server message block and what it does, but criminals are going to take advantage of this for some time to come. Why? Because, as we’ve learned, patching is not as easy as it seems to be. We can tell people to patch, but patching can take anywhere from a month, to 6 months.

I really think that is too long, and even we were surprised on the fact that Windows XP and server 2003 were even patched, from this last outbreak, but Microsoft thought it to be a good idea because of how wide spread this problem is.

I’m not going to dwell on this issue, as patching should be a first resort on fixing a vulnerability once a patch is successfully created and made available, but systems as we learned must go through testing in the larger world, and if programs break that run on these systems, then the system can’t be patched.

According to Ransomware: What Are the Bad Guys After and How Do I Stop Them? they want to cause as much damage as possible, whether it is monitary, or whether it is physical. They want to hurt you at the worst possible time, when files matter to you. Backing up is the first step, and making sure your stuff is backed up on a regular basis.

e article WannaCry & The Reality Of Patching will go in to detail on why patching is becoming a problem today.

I’ll have my longer article out, but wanted to get some more information out now while it is still fresh.

Thoughts? Please give us a holler on the comment boards.

Comments Off on After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

A new ransomware wannacry

Hello folks,

I don’t know how I can turn this in to a longer article, so I’ll post it to my blog and leave it at that. I joined the Sans group with a webbinar in regards to this new threat called Wanna Cry. This article from Krebs on security entitled U.K. Hospitals Hit in Widespread Ransomware Attack was posted on the 12th of May. As Brian covered, he mentioned what this was, and the fact that not only were the hospitals hit with this, but so was a telephone company. Sans’s webbinar last night said there were at least 56,000 different infections at one point, just by doing scans, nothing more. They made it clear that they never accessed any machines, just did scans.

Sans indicates that while this was bad, its only going to get worse. USCERT has a writeup entitled Indicators Associated With WannaCry Ransomware which was posted yesterday as well. The SMB system I’m not too familiar with, but this can hit even with patched systems. We’ll keep our eyes and ears open for more.

Comments (4)

How Can We Defend Against Ransomware?

My article on Vocal How Can We Defend Against Ransomware? has been published. On this article, I talk about two different articles and the big uptick in ransomware cases, and there is no sign of slowing down. Criminals find this lucritive, because you need your files, and most people don’t back up, or if they do, it isn’t on a regular basis. The human element must have a part in this, it has to start with it. Please discuss your thoughts.

Comments Off on How Can We Defend Against Ransomware?

Patch Tuesday is here

Hi all,

Brian Krebs has posted like he usually does, and Sans is also covering the microsoft bug that was patched out of cycle to fix some things with their removal tool. I’m sure that Trend Micro will also come out with a post, unless I missed it. Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday is the article for now.

I’m about to publish a great ransomware piece on a side note, and it should be available tomorrow. Hopefully we’re all patched soon, and we can continue to stay as safe as possible. This article I wrote which I’ll cover once posted could be part of why we need to continue to patch where we can because if it gets through some newly developed way besides E-mail, you could be protected. For now, it is delivered by E-mail, but who knows what the future holds. Thats why i mention this article on passing here, as if we were patched, and it was delivered through a bug of some sort on a piece of software, then we could be doomed. Maybe I’m thinking ahead here, but thoughts are welcome.

Comments Off on Patch Tuesday is here

Google and authentication

Hello everyone,

I saw a few articles this morning on an issue in regards to Google and authentication. One was from Trend Micro, the other from my favorite writers at Trend Micro. The long of the short of it is that Google was made aware of an issue where you were sent an E-mail to your google account. If you clicked on the E-mail link, it would ask you for permission to access your account to view the document in docs through the protocol o-auth. If granted, the person in question had complete access to your entire account. Trend Micro indicates that if you just go to the profile page, and remove the access, no further access is granted. Google has pushed a fix so nobody else can be infected by this, but if you have, just remove the access within your account. Clever.

Thanks for reading, and stay safe. As a side note, any link to google docs etc. if signed in, should already connect you through their interface, not through o-auth.

Comments Off on Google and authentication

Trying a new site for publishing to a wider audience

Hi all,

I’ve always tried to write about various types of technology, and even when I’ve gotten articles out, I’ve not had a lock on them. Part of that trouble is my plug in I think, where it isn’t tweeting anymore. The other aspect is, that this site, Vocal allows me to branch out and cover a wide variety of topics all on the same platform. I know it is accessible, however, they need images. They helped me publish a longer piece I wrote based off of this blog post and while I did a great job with this one, they wanted me to expand. I should’ve expanded and talked here more about what ATPC is. While I’m not going to full out blog here about it, but I wanted to share my longer piece entitled: “ATPC Hit with Ransomware, Does Not Pay” with you. It shows I have no biography, but I do. I know they’re making some changes, and I want people to know I’m still going to blog here. I also know I’ve not done a lot of reading as of late, and there’s a lot I need to read. I’m hoping Vocal will take off, and allow me to branch out in to other categories, and eventually, get paid.

It isn’t going to be a fast process, nor is it going to be easy, but I’m up for the challenge. I’m still going to blog here, and if I find something good, I’ll be sure to blog about it. The thing about this site and Vocal, is Vocal needs to be your own content. You can link to others, however, they want it to really be your own. I hope you’ll enjoy the article I published over there, and I’ll publish links to those articles once they get approved, if they are tech related for everyone who may not be familiar with them, to see what else I’m writing. Hope everyone is enjoying their stay here, and please feel free to check out check out Vocal to see if it is a viable solution to what you’d like to do in reaching a wider audience.

Make it a great day! See you all soon.

Comments (2)

Older Posts »

go to sections menu


navigation menu

go to sections menu