go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



February Ouch newsletter

Sans does a newsletter called Ouch. In February’s issue, they touch on Scams, and one of them talked about in this newsletter I’ve seen multiple copies of. They claim that they hacked my computer, turned on my web cam, and they’d send the video unless I didn’t pay. Problem was, I know i have no web camera on this computer, so good luck with a blank video of whatever you’ve got.

OUCH! Newsletter: Personalized Scams

Comments (0)

December Ouch! December 2018 Newsletter

Hi all, I know I’m late with this, and I’ve got some time to look at some email. I recently came across the December 2018 Ouch! newsletter. This newsletter is entitled Yes, You Are a Target. This is very interesting, because it talks about how criminals can get at you even though they don’t want you

A lot of what the article here I’ll be linking to talks about common sense. Antivirus isn’t necessarily ruled out, however, it is not going to protect you from every single thing.

OUCH! Newsletter: Yes, You Are a Target

Comments (0)

Alert (AA19-024A)

AA19024a is from the USCERT in regards to the DNS system and how it can be hijacked without your knowledge. This starts with creds stealing, and then moves on to takeover of the domain. This should be checked out, and steps should be taken where appropriate.

Comments (0)

Here’s a change: change in court decisions

According to a recent article from Krebs on Security, it is looking like courts in different parts will be handing down harsher sentences for people who do denial of service attacks. Could this be a good thing? I really like the end of the article: “If you can’t do the time, than don’t do the crime.” I don’t remember at this moment if that is the exact quote at the end of the article, but it is going to fit.

According to the article, there are a lot of people who do this type of crime, and the consequences are not enough. They think that the crime should be punished harder because of the impact it has on business and the internet as a whole.

I’d invite you to read the article in full. The article is entitled: Courts Hand Down Hard Jail Time for DDoS and it was written on the 14th of January.

Comments Off on Here’s a change: change in court decisions

Recent articles I’ve read, thoughts are welcome

Hello everyone,

Here are some of the items that I’ve read as of late that may be of interest to readers.

Two articles are of interest to me in regards to Germany. Seems as though they have a massive problem keeping data secure on people who are in Government. I’m hoping that this was a one time thing, and they’ve fixed the issues raised.

The other major article that interested me was the Apple Tech Support scam article that Krebs on Security had. written at the beginning of the year. If you’ve found anything of interest from this list, please feel free to let me know in the comments, or by sending me an email.

Comments Off on Recent articles I’ve read, thoughts are welcome

Facebook cybersecurity exec victim of swatting call | ZDNet

Hello folks, here’s something that I spotted while looking at twitter. It talks about another case of swatting, good thing nobody was killed in this incident. It links to other cases including Brian Krebs whom we talked about on our own podcast. This is scary, but yet real.

Prankster claimed exec had shot his wife, tied up his kids, and planted pipe bombs around the house.

Source: Facebook cybersecurity exec victim of swatting call | ZDNet

Comments Off on Facebook cybersecurity exec victim of swatting call | ZDNet

Password Manager Users Exposed After Privacy Snafu

If you are a user of this service, it is important that you see this. I’m going through twitter, and saw this. I’ve never heard of the service, so I can’t comment on its use, but boy, this can’t be good.

Albine admits millions of Blur customers may have been affected

Source: Password Manager Users Exposed After Privacy Snafu

Comments Off on Password Manager Users Exposed After Privacy Snafu

What I’ve read the last little bit

Here’s what I’ve read in the last little bit.

Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes other countries need to learn what to look for so they aren’t bit, not saying that the United States doesn’t, but this article is targeting others outside the U.S. and we should teach tmem what they should look for.

In case you missed it, so I didn’t post this, DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy is the article.

Find anything that I’ve missed? Send it and lets talk.

Comments Off on What I’ve read the last little bit

Why it’s Time to Switch from Facebook Login to a Password Manager

Hello folks,

In the continuing of catching up of news, Trend Micro has an interesting article dealing with Face Book, and its log in capabilities. We use whats called facebook connect to get connected to other apps and services. I’ve used it, but we now know that it isn’t the best thing we can do today.

Recently, Facebook disclosed a potential issue where data was exposed, because of the access to other apps, and this is done through their API and key system.

The article Why it’s Time to Switch from Facebook Login to a Password Manager talks about this more.

Whether you use Trend Micro’s solution, Lastpass, One Password, KeyPass, or another solution developed in the future, I know now that it isn’t a good idea to use facebook for my log in needs.

I decided with Dice World to go ahead and do that, but that was at a time when it wasn’t that big of a deal. I’m not going to change that now, but I won’t do it for anything else unless it recognizes where I am, like a game I’ve not talked about called Game World, by the same folks that make Dice World.

What do you guys think of this?

Comments Off on Why it’s Time to Switch from Facebook Login to a Password Manager

Why are building systems connected to the Internet?

I have a question to start this post off. Why are building systems connected to the Internet, and what is their purpose? I’ve never heard of this until I heard it mentioned I believe near the end of Security Now’s recent podcasts. The article I found on this subject is called FBI warns industry that hackers could probe vulnerable connections in building systems which was published on the 21st of December, 2018. Here is a section, talking a particular port, that is wide open.

Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the
bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet
that could be of use to hackers.

“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against
known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.”

You’re welcome to check out this article in full, but I’ve never heard of this before. Is this the future of hacks? This can’t be good overall.

Comments Off on Why are building systems connected to the Internet?

Lets start the new year with more good news

Hello everyone,

Lets start the new year with some good news, although we all know that this is only a stepping stone. DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy was written on Cyber Scoop on the 20th of December, last year.

We all know that China is one of the forces, they targeted practically everyone with no mercy with their attacks.

The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S.
Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information
of over 100,000 Navy personnel, U.S. officials said.

This is just a highlight and this is only the beginning. Have you seen this?

Comments Off on Lets start the new year with more good news

BevMo payment breach affects thousands, with researchers pointing to Magecart

Happy New Year,

I’m trying to catch up on 2018 news, and I found this article entitled BevMo payment breach affects thousands, with researchers pointing to Magecart and between BevMo and NCR, the companies could do no harm. The group behind this is known as Mage Cart, a loose hacking group looking for payment systems to target. The article has this as one word, but for ease of reading, I’m putting it as two words. NCR notified the BevMo company of the breach, they fixed the issue, and BevMo put out a release. While 14,500 plus is a small number, the company operates in three states, and sends to 8 others including Washington D.C. in the United States. Under the circumstances, both companies did the best they could, and I bet that we should see this type of response in the future.

What do you think? I’ll leave my thoughts on the podcast which will be number 302 in our series, and you can comment here or in my email box. Hope this partnership continues, this was the best under the circumstances.

Comments Off on BevMo payment breach affects thousands, with researchers pointing to Magecart

Hacker steals 10 years worth of data from San Diego school district | ZDNet

Officials said the hacker made off with the personal information of over 500,000 student and staff.

Source: Hacker steals 10 years worth of data from San Diego school district | ZDNet

This can’t be good. I saw this in San News Bites, and now children are effected by this, and I’m sure that this will effect these kids for years to come if they are targeted in the future.

Comments Off on Hacker steals 10 years worth of data from San Diego school district | ZDNet

There’s an 18 year old implant still out there? Oh my

I read today an article from Trend Micro entitled Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak and I found it of interest. It was originally posted at the 13th of December. While I have read it late, it may still be of value to you. Let me know what you think.

Comments Off on There’s an 18 year old implant still out there? Oh my

What I’ve read as of late

This post covers December 11-26, 2018. I’ll try to make this a regular habit.


Hello everyone, you may find the following of value worth reading, and I’ve already read it. I’m not necessarily going to comment on anything here, and it may be included in the next or any upcoming podcast.

There’s a lot here, and I know that some of it we’ve talked about. I’ve meant to post a lot of this earlier, but neglected to do so because I’ve been sick, although I’ve been better as of late.

I’ll try to post articles that I read each day on the blog for you to chew on some of what I’ve found of interest. I may not post every one I tweet, but I’ll pick some, and although this is all of what I’ve tweeted lately, I normally tweet those that are of interest.

Found something you want discussed? Please let me know.

Comments Off on What I’ve read as of late

Do we know how tech savy our leaders are?

Some days ago, I read about a very interesting topic. How Internet Savvy are Your Leaders? is the question, and I’m interested in your thoughts. I believe that some people in government really try to understand what is out there, and question what is really happening. One person I keep seeing mentioned in articles is Ron Widen (not sure on spelling) and he has some great questions and writings that he’s sent to different folks depending on the situation. I think government is trying, however, I think we need to have more people asking questions if they don’t understand. I know I do. I also don’t claim to know everything, and don’t guess but could give you a thought on something with the understanding that I’m unsure. Your thoughts are welcome.

Comments Off on Do we know how tech savy our leaders are?

Fake Voice Apps on Google Play, Botnet Likely in Development

Trend Micro has this article entitled Fake Voice Apps on Google Play, Botnet Likely in Development which I’ve read. There may be people who may be interested in this, because the apps which are out there could be of value if you want to use them. The problem is that there are apps that could be a problem, and thats what this post is covering that we’re linking here. There are apps like Google Voice that can allow you to use voice to call or hangouts for video etc. and even Skype is out there too. I’m not saying that every app is terrible, however, Android has had an opportunity to clean things up and better secure their store the best they can, but seeing this, I wonder if they’re doing enough. I don’t know this for sure, but this is something that we should wonder and ponder. Thoughts?

Comments Off on Fake Voice Apps on Google Play, Botnet Likely in Development

Australia passes world’s first law authorizing encryption backdoors

When I read Australia passes world’s first law authorizing encryption backdoors I just had to think about this a minute. If we start allowing back doors, did Austrailia think about whether or not this would have an impact on people who would use this type of loophole within the law to do damage? I’m not trying to bash the idea that law enforcement need some way to lawfully get at data that would help cases. I think this could work if the law only allows police to do this to discover what they need in their specific cases, and there is no other way to do this. Apple makes it clear that they comply to court orders where it is lawful to do so, but they don’t respond to every single request as they would like proof of an investigation going on and the reasoning to why they should comply. I’m not sure what Google or the Android community does, but this is something we need to figure out. What are your thoughts? Please let me know.

Comments Off on Australia passes world’s first law authorizing encryption backdoors

Jared, Kay Jewelers Parent Fixes Data Leak

I just read this article entitled Jared, Kay Jewelers Parent Fixes Data Leak within the past week, and this is some good news that a data leak was fixed. Mistakes in programming is going to occur, and responsible disclosure is the key when it comes to this type of thing. While it was someone who meant well, I was impressed in the fact that this was fixed and no harm was done by this. As far as we know, there was no harm done, and we believe the issue is fixed. I’ve thought about this article since I read it, but I think this type of thing was done correctly. What are your thoughts?

Comments Off on Jared, Kay Jewelers Parent Fixes Data Leak

Its phishing season, but is every day phishing season?

Lastpass has an article out that talks about phishing season. Its got basic tips to keep us all safe. It’s Phishing Season: 5 Tips to Prevent Phishing Scams was posted on the 27th of November, right after Thanksgiving. Can I just ask a question? The question is: Is every day phishing season? You always get various email, and curious minds always want to click. Some are obvious, others are not. Sometimes, the clicking could get you in to trouble, others it can’t. Sometimes opening an email can land you in trouble, most don’t.

The first tip is education. Learn what companies who send you mail is supposed to look like, most of all. Educate yourself on how people will write you on a regular basis, and if opening attachments, whether they will tell you what is attached to the message.

Step 2 is to investigate the source. Look at the email address. I’ve been getting email claiming to be from someone I’ve had contact with, but the email address isn’t theirs, it is a totally different address. This would be a sign that something isn’t right. The link in question looked suspicious and it didn’t tell me why the link was sent to begin with.

Don’t provide your personal information is tip three. Companies usually have you sign up over the phone or through a web site, not by email. I did have that practice when I started my business, but I did put in there that if you did not feel comfortable, to let me know and I would do it over the phone. Its too risky now to send information like that over email. I did it once with a company, but I knew that it would get there, even though it was risky. I only did it once.

The fourth tip is to have a plan for when something does go wrong. Its called a Remediation plan. I’ve taken steps like making sure I back up my important files to dropbox, or another service if you don’t have dropbox.

The fifth step is to leverage a password manager. Since this is a lastpass blog article, of course they’re going to say to use them. Any password manager is capable of saving information including passwords, notes, credit card information, and other notes that are sensitive in to a vault to which you can open with one password. Whether you use lastpass, or choose another one, now we need to have this in our toolkit.

Do you have any other tips? Please share.

Comments Off on Its phishing season, but is every day phishing season?

Older Posts »

go to sections menu


navigation menu

go to sections menu