go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu

Do we know how tech savy our leaders are?

Some days ago, I read about a very interesting topic. How Internet Savvy are Your Leaders? is the question, and I’m interested in your thoughts. I believe that some people in government really try to understand what is out there, and question what is really happening. One person I keep seeing mentioned in articles is Ron Widen (not sure on spelling) and he has some great questions and writings that he’s sent to different folks depending on the situation. I think government is trying, however, I think we need to have more people asking questions if they don’t understand. I know I do. I also don’t claim to know everything, and don’t guess but could give you a thought on something with the understanding that I’m unsure. Your thoughts are welcome.

Comments (0)

Fake Voice Apps on Google Play, Botnet Likely in Development

Trend Micro has this article entitled Fake Voice Apps on Google Play, Botnet Likely in Development which I’ve read. There may be people who may be interested in this, because the apps which are out there could be of value if you want to use them. The problem is that there are apps that could be a problem, and thats what this post is covering that we’re linking here. There are apps like Google Voice that can allow you to use voice to call or hangouts for video etc. and even Skype is out there too. I’m not saying that every app is terrible, however, Android has had an opportunity to clean things up and better secure their store the best they can, but seeing this, I wonder if they’re doing enough. I don’t know this for sure, but this is something that we should wonder and ponder. Thoughts?

Comments (0)

Australia passes world’s first law authorizing encryption backdoors

When I read Australia passes world’s first law authorizing encryption backdoors I just had to think about this a minute. If we start allowing back doors, did Austrailia think about whether or not this would have an impact on people who would use this type of loophole within the law to do damage? I’m not trying to bash the idea that law enforcement need some way to lawfully get at data that would help cases. I think this could work if the law only allows police to do this to discover what they need in their specific cases, and there is no other way to do this. Apple makes it clear that they comply to court orders where it is lawful to do so, but they don’t respond to every single request as they would like proof of an investigation going on and the reasoning to why they should comply. I’m not sure what Google or the Android community does, but this is something we need to figure out. What are your thoughts? Please let me know.

Comments (0)

Jared, Kay Jewelers Parent Fixes Data Leak

I just read this article entitled Jared, Kay Jewelers Parent Fixes Data Leak within the past week, and this is some good news that a data leak was fixed. Mistakes in programming is going to occur, and responsible disclosure is the key when it comes to this type of thing. While it was someone who meant well, I was impressed in the fact that this was fixed and no harm was done by this. As far as we know, there was no harm done, and we believe the issue is fixed. I’ve thought about this article since I read it, but I think this type of thing was done correctly. What are your thoughts?

Comments (0)

Its phishing season, but is every day phishing season?

Lastpass has an article out that talks about phishing season. Its got basic tips to keep us all safe. It’s Phishing Season: 5 Tips to Prevent Phishing Scams was posted on the 27th of November, right after Thanksgiving. Can I just ask a question? The question is: Is every day phishing season? You always get various email, and curious minds always want to click. Some are obvious, others are not. Sometimes, the clicking could get you in to trouble, others it can’t. Sometimes opening an email can land you in trouble, most don’t.

The first tip is education. Learn what companies who send you mail is supposed to look like, most of all. Educate yourself on how people will write you on a regular basis, and if opening attachments, whether they will tell you what is attached to the message.

Step 2 is to investigate the source. Look at the email address. I’ve been getting email claiming to be from someone I’ve had contact with, but the email address isn’t theirs, it is a totally different address. This would be a sign that something isn’t right. The link in question looked suspicious and it didn’t tell me why the link was sent to begin with.

Don’t provide your personal information is tip three. Companies usually have you sign up over the phone or through a web site, not by email. I did have that practice when I started my business, but I did put in there that if you did not feel comfortable, to let me know and I would do it over the phone. Its too risky now to send information like that over email. I did it once with a company, but I knew that it would get there, even though it was risky. I only did it once.

The fourth tip is to have a plan for when something does go wrong. Its called a Remediation plan. I’ve taken steps like making sure I back up my important files to dropbox, or another service if you don’t have dropbox.

The fifth step is to leverage a password manager. Since this is a lastpass blog article, of course they’re going to say to use them. Any password manager is capable of saving information including passwords, notes, credit card information, and other notes that are sensitive in to a vault to which you can open with one password. Whether you use lastpass, or choose another one, now we need to have this in our toolkit.

Do you have any other tips? Please share.

Comments (0)

The breaches continue, what else is new?

This week has spawned some very interesting news that I’ve been meaning to pass along. There are several articles in regards to one, and one of which I’ve only found one article on.

Lets get started on my thoughts.

The Mariot baught out starwood Hotels, and now they have reported a breach. Cyberscoop and Krebs On Security are two sources that have articles that I have access too. Armando from Northern California also sent me one from Action News Now which talks about what to do. The numbers can be anywhere from 370,000 up to 500,000 if not more when all said and done. I think this is the most in everything we’ve covered and sadly, this has been going on for some time now, at least 4 years.
According to Krebs on Security, this whole thing started in 2015 when Starwood initially reported a breach which was already a year old. Now, this is 4 years old, and we’re only learning about what is actually happening, and the investigation is still in process. Check out the various articles to find out more, and of course, form your own opinions.

Next, the United States Postal Service is in the news This Krebs on Security article talks about this one. The number on this one is 60 million, and that may not include duplicates if multiple people signed up for the service at the same address. For example, two people would be effected if dad and I signed up using the same address. This can’t be good, but we’ll have to see over time.

Finally, Trend Micro has a very interesting article which would be timely about now. Today’s Data Breach Environment: An Overview is the name of this article, and I can’t find a better time to cover this one, because of how timely it is in regards to the other articles in here. Some of the top threats include ransomware, cryptomining, and tec and email scams. Megabreaches are on the rise, according to this article and there is no reason for it to slow down. Data indicates that it takes 191 days to detect a breach, and that is about 6 months, – a very long time – don’t you think? There is also a 16 percent increase inmega breaches from 2017 numbers. So far, 259 megabreaches in 2018 and only 224 during the same period of reporting last year. Hacking or malware is not the overall reason for the breaches which may be good news, but this is not good overall.

The article covers much more and goes in to more detail on the three points of compromise mentioned above.

I hope that this article may be of interest to my readers, and feel free to read more by clicking through to the links. Thanks for listening to the podcast and reading the blog.

Comments (0)

Is it time for some good news? Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

In the better late than never department, I read way back when some good news I thought I’d share since I’ve thought about it again. Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison and that is definitely some good news knowing he won’t hurt anyone else like he did before this case came to be. This is the same man who was featured on my podcast as well as on several articles on Krebs and other news networks for the Kansas case that killed an innocent man. I knew I wanted to cover this one, but I have been engrosed in other things and forgot it until now. I think its worth the read, and feel free to comment!

Comments (0)

Should we be telling people to look for the lock symbol or the HTTPS in URLS? Articles say no

Hi all, I was doing some reading on my RSS feeds, and came across a few items that may be good for some discussion. To start, we’ve advised in various circles to look (if visual) or determine (if blind) if the site was secure either by a lock symbol in your tool bar or the HTTPS in the URL to symbolize the URL is safe. According to Krebs On Security, an article that is entitled Half of all Phishing Sites Now Have the Padlock and this can’t be good. This article talks about something called Unicode, and the domain system is allowing this. Firefox is the only browser that will happily go to these pages and will convert these in to characters it understands. What jumps out at me is the fact that we’re going secure, and the people who pedle these wares know this. To seem legitiment, they will of course get their site secure. With services like Lets Encrypt, it is now free to encrypt any domain as long as it is hosted somewhere.

The other article which is not too late to post, talks about shopping online. This article was posted the 23rd, and it has some great tips. While Amazon is mostly safe, there are people who could come on to their platform to sell things, or compromise an existing merchant account with Amazon. While Amazon refunded the money in this instant, checking the who is directory is a great idea if you know where to look.

I did have two sites in my bookmarks, but it seems like I’m having trouble with these particular URL’s. <a href=”http://www.ultrahost.usUltrahost has a domain lookup tool, which works quite well. The first box is for the portion of the domain, the second is a combo box asking for the top level (tld) such as .com, .org, .net, etc. How to Shop Online Like a Security Pro is the article that I read in regards to checking domains as well as making sure you’re on a reputable site.

The reason Brian indicates to look at the registry is simple. New sellers will have their domain up within recent months. If you’ve been around selling things awhile, your domain will show this, as it records when the domain was first baught, and when it is set to expire.

My web site for example, was baught in 2008, and white cane travel in 2014. While neither of my sites sell anything, I’m using them as reference points so you understand how valuable this could be.

Most people may not go through this trouble, but as has been demonstrated, your common merchant could be compromised, although it has happened in store, and not necessarily online. The point here is to be as careful as possible, and trust your gut.

Please have a happy and safe shopping season, and thanks for reading the blog!

Comments (0)

Is facebook in trouble again? This article may let you think so

Well, I was going through twitter, and I found this article about Facebook and some documents that may implicate them in something they say they’ve never done. Parliament seizes cache of Facebook internal papers is the name of the article and it was interesting.

Comments (0)

How important is cyber securty training for employees? I think its very important

I recently read an article by Trend Micro on their blog about cyber security for employees. I believe that it is very important. The Importance of Employee Cybersecurity Training: Top Strategies and Best Practices is the article from Trend Micro.

I don’t want to say that all employees are security problems, but one of the headings in the article talks about the fact that employees may be the weakest link between your data that should not get out, and hackers. It only takes one employee to start the chain of a much bigger problem in your company.

What do you think of this? I’d love to hear whether you agree or not. Please participate and lets discuss how we can change the culture of security.

Comments (0)

Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books

I remember reading books by this company, Blind bargains has a post up Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books and time is running out. They posted this yesterday, and while I wish I could give asan adult, I do remember reading some of their books they produced. Good books too.

Comments Off on Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books

Cooking and technology

Hi all,

Did you ever think you can use technology to cook? Microwave Cooking Just Got Easier with AmazonBasics and Alexa and GE and Alexa Work Together to Create a Voice-Controlled Microwave with Scan to Cook Technology are two articles from Blind Bargains that talk about this possibility. I honestly think that this is going to get rather interesting, and only time will tell what could happen. Since the product won’t ship till mid November, I’m curious on thoughts on what you think whether it could work for us. I have high hopes.

Comments Off on Cooking and technology

How do you stop a multibillion dollar problem?

Hi all,

The topic of cyber attacks costing billions of dollars comes across my desk as an article from Trend Micro. Thoughts are in place on how to stop this global problem. Cyber-Attacks: How to Stop a Multibillion-Dollar Problem is the article. I have a thought. I don’t know how successful it’ll be, but if we start by figuring out who the purps are in the particular crime, and we have laws in place that will curtail the continuation of such a crime, we can start with that. It, at least, is a start. Its not going to be perfect, but definitely something that could be interesting. Check out the article, and let me know if something pops at you.

Comments Off on How do you stop a multibillion dollar problem?

Which Threats had the Most Impact During the First Half of 2018? –

Hi all, Which Threats had the Most Impact During the First Half of 2018? This is the big question, and there are some big names including the two biggest from this year that may still be becoming a problem, although when discussed at the beginning of the year, the threat was just a concept. We’ve got plenty of gifts that just give, don’t we?

In the ransomware section, I can’t help but quote this section, because we’ve discussed that it is on the decline, but in all actuality, it is just recycling what works, just nothing new.

“Ransomware: No end in sight

For years, ransomware infections have been a formidable threat to organizations within every industry, and the first half of 2018 saw no change in this
trend. Researchers again identified an increase in ransomware infection activity – 3 percent. While this may seem small, the current rate at which ransomware
attacks take place make this rise significant.

At the same time, Trend Micro discovered a 26 percent decrease in new ransomware families. This means that while hackers are continuing to leverage this
attack style to extort money from victims, they are utilizing existing, standby ransomware samples, creating fewer opportunities for zero-day ransomware

One of the other big things is megabreaches. This is defined as a breach that is outreached to a million or more effected. We’ve had plenty of these.

Thoughts? Please feel free to contribute.

Read the full article, and let me know what you think.

Comments Off on Which Threats had the Most Impact During the First Half of 2018? –

Spam campaign targets Exodus Mac Users

Hi all, I don’t come across Mac user news much, and this one caught my attention. Spam campaign targets Exodus Mac Users and it comes from F-Secure. This article is interesting, because it utalizes the same type of method, spam, that Windows threats utalized. If I remember correctly, this particular one has both components, and that makes it quite dangerous. Have you seen this?

Comments Off on Spam campaign targets Exodus Mac Users

Radisson discloses data breach impacting rewards customers

No particular industry is immune to breaches, and this article I found through my reading Radisson discloses data breach impacting rewards customers is no exception. CyberScoop does a great job in detailing what happened, and if you’ve spent time at this hotel, it will be important to check this out if you are effected.

I’ve personally not been to a hotel in awhile, but I always keep up the best I can with things of this nature so I’m aware whats out there.

Have you been effected? How did you find out if you were?

Lets discuss.

Comments Off on Radisson discloses data breach impacting rewards customers

Trickbot Shows Off New Trick: Password Grabber Module

I’m covering this on my podcast, Trickbot Shows Off New Trick: Password Grabber Module and it comes from Trend Micro. I believe I’ve covered this on my podcast when I first heard of this, however, its been quite awhile. While Haloween is over, you can’t be tricked on any of this. This is something that you should need to be aware of. Have you been tricked?

Comments Off on Trickbot Shows Off New Trick: Password Grabber Module

SMS Phishing + Cardless ATM = Profit

I read this article entitled: SMS Phishing + Cardless ATM = Profit and Brian really has something here. I’ve seem SMS messages saying they are some person wanting me to collect money or some sort. I didn’t respond, and this goes to show what SMS is doing now, becoming a bit of a problem. If you’ve gotten suspicious SMS messages, I’d be curious on the types you’ve gotten and what you did with them. Where you tricked by any of them?

Comments Off on SMS Phishing + Cardless ATM = Profit

Equifax Has Chosen Experian. Wait, What?

What? What did this article say? Equifax Has Chosen Experian. Wait, What? is its title and this can’t be funny. I can’t imagine what equifax is doing, giving another company for services, data that may or may not be stolen, I just can’t imagine what they’re doing here. I know I’ve been effected by breaches and have been offered monitoring services, but Equifax, transfering your data to Trans Union? Trans Union, probably has all of the data anyway. Oh boy.

Comments Off on Equifax Has Chosen Experian. Wait, What?

30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges

I read this article entitled 30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges and I definitely found this of interest. One man, program released, getting loose, and him getting in to trouble. Granted, back in the mid 80’s, this was never heard of, but this is something that definitely is now a problem. This is how the Denial of Service attacks started, according to the article. Let me know what you think.

Comments Off on 30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges

Older Posts »

go to sections menu

navigation menu

go to sections menu