go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Roger talk: What we’ve been up to: Project Fika

Hello folks, I was tipped off to this Roger posting entitled What we’ve been up to: Project Fika and it talks about Rogertalk closing March 15, 2017 in exchange for a business platform called Fika. I know from reading the release here that it will include video and other business related things to get things done, similar to whats already out there. Sometimes, companies need to focus their attention to things that make money, as they need to stay afloat.

I liked roger for its security aspect within the app. While I was told they use straight mp3 files when using something like IFTT, the app itself was garnered very secure, and this is because no telephone numbers were ever needed. The thing I don’t like about whats app is the fact you need to associate your number, and unless the number is in everyone’s contacts, everyone sees this information. I do not personally want to give my cell phone number out publically, although i have done it occasionally for people having whats app, I only announced it once, and left it at that.

This must have been a hard decision for the company, although, people may have complained too much about things the blocking feature should’ve taken care of, so they got tired of it. The blind community wine too much when we have something good a company is offering, but it would not surprise me if it was both, a company decision, driven by false abuse compalints solved by people complaining aabout name calling, etc. which people are doing in this community.

Roger, you’ll be missed. Sorry to see you go.

Comments (0)

News notes for this week

Some of the articles are already here, but here are some of the other things I’ve read as of late.

  • This site as I was just curious what was there now, says it is down for maintenance or unavailable. I read Kreb’s article earlier on Feb 15, and it is a good one. I didn’t cover this in news notes, for the next upcoming podcast, however, Krebs always does a good job with these. Guess we’ll find out more later.
  • Unix: A Game Changer in the Ransomware Landscape? Trend Micro Intellegance blog February 13, 2017
    • This article caught my attention because it talks about web hosting services, and a number of places that have unix as a platform and how actors can take advantage of things to do a number of things to the computer including making it useless for its task.
  • What’s In Shodan? Analyzing Exposed Cyber Assets in the United States Trend Micro February 15, 2017 and Devices Exposing Critical Industries and U.S. Cities Trend Micro February 15, 2017
    • These two articles talk about the same thing, and i cover this in my news notes for the upcoming podcast. This is definitely of interest because of the fact that a huge number of devices can be potentially targeted because some aspects of the devices are public facing either by design, or by mistake. For those who don’t know, Shodan is a site similar to google, but they analyse ports and whats out there, where Google indexes web sites in general. The research is interesting, and an eye opener.
  • CERBER Changes Course, Triple Checks for Security Software Trend Micro February 14, 2017
    • This is a big ransomware headache, and what I read today from this article absolutely scares me. Two things stick out in regards to this article. First, it says it doesn’t toucch the program data, it only encrypts your files. It also says it checks three times for antivirus software. From my understand of reading these articles, ransomware won’t let you do anything else until you pay up, so your antivirus or other security software is useless. I wonder why they did this?
  • Brute Force RDP Attacks Plant CRYSIS Ransomware Trend Micro February 9, 2017
    • RDP was talked about on Security Now, I don’t remember exactly what it does, but this definitely sounds bad. Are there better things to do?
  • Mirai Widens Distribution with New Trojan that Scans More Ports Trend Micro Feb 13, 2017
    • Finally, as we haven’t had enough with this ransomware, and now that the code is out, its only going to get worse. This is the next thing coming, where it can plant more stuff to worry about. This can’t get worse, can it?

    If you have any comments on these, fire away. I’ll have more later.

    Comments (0)

    Mirai Widens Distribution with New Trojan that Scans More Ports

    I read today an article entitled Mirai Widens Distribution with New Trojan that Scans More Ports and it was very interesting how this bot has just morphed in to something that can just cause havoc. Sometimes, releasing source code can be a good thing, but in this case, it is for all bad. This is something probably good for the security community at the time it was done, but now, who knows what else can happen. If we were to defend from this, how would we be doing this successfully?

    Comments (0)

    Top 10 Spammer Indicted for Wire Fraud

    On the 6th of February, Top 10 Spammer Indicted for Wire Fraud was published, and I always love covering news that is great. We need good news after reading about really bad breaches we have no control over. Check out the good news here.

    Comments (0)

    Fast Food Chain Arby’s Acknowledges Breach

    Hello folks, on February 9th, I saw this post from Krebs on Security entitled Fast Food Chain Arby’s Acknowledges Breach but I honestly don’t remember ever reading anything initial from the blog talking about it. I can’t blame myself because i read so much stuff. There are links to other similar breaches including Wendies which then confirmed the breach two months later. I don’t remember ever eating at the chain called Arby’s, but it would be comparable to something like subway from what I know of it, or similar to a delli.

    In any case, this can’t be good for consumers, as if you went back after getting your card replaced, the cycle starts all over again. We know this happened after the target and wendies breaches. It would have been more on wendies than target, but it is still a problem today. As consumers, we need to figure out how we can hold companies accountable for these types of activities. If you have constructive thoughts, I’d love to hear from you.

    Comments (0)

    InterContinental Confirms Breach at 12 Hotels

    On the 6th of February, I saw this article entitled InterContinental Confirms Breach at 12 Hotels which reminds me of the multiple trump hotel breaches. While this story indicates that trump hotels acknowledged the breaches, I honestly don’t remember this as part of reading them back then. Here is the first story and here is the second one. If you read that there was confirmation, please let me know, as I don’t remember reading that they confirmed anything.

    This story also has stories dealing with other breaches the blog covered from the past year. This hopefully will slow down, at least I hope they do, as there are better things to do than cover breaches which is why the podcast slowed down, but since it picked up, we need to be vigelant about this.

    This story goes in to detail on what happens, so please take a look.

    Comments (0)

    Fashion company’s rude response shock s job applicant

    Shaun sent this article entitled Fashion company’s rude response shock s job applicant on the 27th of January. I’m getting a chance to read this, but there is a difference between a breach and a hack. The fact that the company apologized is a first step on fixing something which should never happen in the first place when looking for a mjob. The applicant, according to the article, had plenty of experience and a finished schooling and deploma to top it all off. That is definitely going to be a public nightmare for this company.

    Comments (0)

    How Google Took on Mirai, KrebsOnSecurity

    In the catching up department, I remember this story well, in fact, this was one of these stories where great thought was put in to this from what i can tell. How Google Took on Mirai, KrebsOnSecurity goes in to the detail on how this great resource that has tipped me off in to the enourmous breaches we’ve been seeing lately and how i was made aware of them thanks to Krebs. The botnet in question has been covered in great length by Security Now as well as Kreb’s blog. Check out this one.

    Comments (0)

    Hacker Selling 126 Million Cell Phone Details of “U.S. Cellular” Customers

    Hacker Selling 126 Million Cell Phone Details of “U.S. Cellular” Customers is an interesting story. The update at the bottom says that it isn’t U.S. Cellular data, but if you read it closely, it could be. I’m not going to pay the 500 plus dollars to find out, but it is scary just the same. Wonder if it could be former data, meaning the data comes from customers who may have left for any reason?

    Comments (0)

    TEXAS COPS LOSE EVIDENCE GOING BACK EIGHT YEARS IN RANSOMWARE ATTACK

    TEXAS COPS LOSE EVIDENCE GOING BACK EIGHT YEARS IN RANSOMWARE ATTACK is a week old, but yet we still have cases out there and we will continue to have them. The fact that they thought they had backups but found them to be encrypted mean that they didn’t do a good job. I personally feel that if you think you’ll get your files back, pay, then learn to do more to protect yourself. If you feel that you may not get your stuff, then don’t pay.

    This reminds me of the school case at the beginning of the year I reported. In that case, they felt that they had a shot of getting their stuff back. The article indicates that that they were told they didn[‘t have a shot. Wonder what the difference between this and the other case besides of the fact it deals with police departments and a server holding evidence?

    Comments (0)

    Apple releases IOS 10.2.1

    Hello folks,

    Apple released IOS 10.2.1 fixing a bunch of stuff. This wired article and this Apple Vis blog update for blind users are articles to read. Apple Vis says that some braille is fixed, but they can’t keep track of everything. Wired indicates we should update as soon as we can.

    Comments (0)

    Securing Our Smart Cities: Why We All Need to Be Aware of the Threats Out There

    Securing Our Smart Cities: Why We All Need to Be Aware of the Threats Out There was posted about from trend micro on January 17th. It was an interesting read as this has never crossed my radar. I wonder if there are parts of everywhere that are part of something that can be controled smartly. For example, Los Angeles was making all their traffic lights syncronized so traffic can flow easier. I think there are still issues, however, I know they’re working on it. What do you guys think?

    Comments (0)

    Two articles in which Criminals are being arrested in

    Hi folks,

    As part of the podcast which was released number 254, we briefly talk about two articles in passing Uncovering the Inner Workings of EyePyramid and Not so Limitless after all: Trend Micro FTR Assists in the Arrest of Limitless Author as they have some great news I always like to publish when i ever get the chance to do so. This is always great news when we see this, and while it is several days old, my buddy Richard has always said thanks for sending these. I always like publishing about good news as well as the bad. If you see the show notes, you may want to see this one as well, as it will link to these. For the Saturday Afternoon Hangout, Go to the mix and find in our podcast directory. Enjoy some great news!

    Comments (0)

    What can people expect from cybercriminals in 2017? It varies

    OK folks,

    How are you? I think this article entitled What can people expect from cybercriminals in 2017? It varies is a great article to read from Trend Micro. It is very eye opening, and who knows, maybe some of these things are true and will continue to be true.

    • Do you think Ransomware will be so big that we can’t fight it?
    • Phishing attacks, same old tricks, human element being a problem?
    • Attachments and links still being prevelant?
    • Mobile being more of a threat since we can bring them in to the workplace?

    I’d read this article, and I’d make my own opinion on what you think. Please read the article before you write, lets discuss your thoughts.

    Comments (0)

    EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

    Hello fellow passengers. Welcome to college accademics, and today, you need to at least read this PSA entitled E MPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT IC3 January 18, 2017

    because while it was covered in 2014, I feel that as the new year turns and tracks along, this will be more prevelant as you are traversing the job market. I am, but yet I don’t use my college account as I did take a class. I’m suspicious of quite a bit of things, and I know that a job is not to ask for money from you. They don’t provide money to you to supply yourself equipment, they supply you with the equipment. Please take this read while you’re traversing this flight today, and do stay safe.

    Sincerely,
    Your captain

    Comments Off on EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

    Noun: Sockpuppet

    Just saw this article or maybe a dictionary entry for Noun: Sockpuppet and it is an interesting read.

    According to the article, it says in part: “An Internet sockpuppet, according to Google, is “a false online identity, typically created by a person or group in order to promote their own opinions or views.”” Sockpuppet is linked to Wikipedia in this article and I’ll link it too.

    This may become a big deal later on, but lets make this an educational post for now.

    Comments Off on Noun: Sockpuppet

    3 Simple Steps To Disrupt Ransomware

    This article entitled 3 Simple Steps To Disrupt Ransomware could not come at a better time.

    • Backup, backup, backup
    • Patch ASAP
    • Key security controls

      :#1 Backup, Backup, Backup p
      Ransomware is often compared to physical crime. It’s easier to understand the underlying concept that way. But there is a fundamental difference that you have to remember: digital data can be copied easily for little to no expense.
      That can change the dynamics of the crime. In the physical real world, if criminals steal an object to hold for ransom, you no longer have the that object. If you pay up the might return it or they might simply take the money and run.”

      This is good in the fact that we can preach this all day long, but we just need to do it today. There’s more for this, but I think this quote can be left for you guys to digest.

      “#2 Patch ASAP
      Software is inherently complex. Mistakes will be made and updates will be available. These updates usually contain important security updates that patch the very vulnerabilities that criminals take advantage of.”

      This is becoming easier, but still a chore. Turning on auto update can be a blessing or a curse, depending on how you view it. From an accessibility standpoint, we can say that fixed software is not always better. I can agree with that in some cases where developers have definitely broke things and they had to go back and fix it. For the most part, upgrading should not break the chore functionality of what is known as the main program. What I hate are those developers who change the menu interface of what we’ve learned, thinking it is better. We have to learn it all over again. That can be a curse for someone who is disabled. There’s more to this one as well.

      “#3 Key Security Controls
      Even with a strong backup strategy and patching immediately, there is still a strong possibility that your systems remain partially exposed. This is where 3rd party security controls come into play.”

      There is more to this but this may be the hardest part of our job as disabled people. We may not be able to use these third party applications which are designed to help us because they don’t work with any type of access technology. I’d love to use a leading AntiVirus program, however, the leaders are not accessible. AntiVirus is only part of what we should use, and again, the newer programs aren’t always the ones we should use.

      Part of our problem is that we are small compared to the mass market. We somehow need to get our voices heard to where accessibility can be included so we can be part of the solution.

    • Stop incoming attacks using an intrusion prevention system
    • Try to stop infections from taking root by using anti-malware software
    • Block outbound connections to attackers infrastructure using outbound filtering

    Is any of this stuff accessible to those with disabilities? I doubt it.

    Also, as stated before, everyone is telling us not to pay the money as that is the motivation to their antics. In certain cases, it may be the only option, and that, i understand. Here is what Mark has to say.

    “I agree with that position but also understand the difficult nature of the position you might be in after an attack of this nature.
    That’s why it’s critical that you make a small investment now to ensure that you have backups in place, patch regularly, and have basic security controls to help stop any attack being they lock up your data.”

    Mark recommends if anyone is interested in reading more, read the no more ransomware project. I’ve not looked at it yet, but I plan to take a look.

    Comments Off on 3 Simple Steps To Disrupt Ransomware

    Heliohost, is it worth it?

    Before I go on with this post, let me make it clear that they are trying the best they can, with what resources they have. I am writing this post more to just inform the user, not to bash the company. The opinions are my own, and i don’t work for this company. I do wish them the best of luck in their current situation, and I will continue to monitor the forums to see what happens with the two servers.

    I decided to try Heliohost for an off site project that I needed to host off site from the rest of the network. I had heard of the company, and thought it would be nice to just have a free option for a very small site with one mailing list, I now decided that one E-mail address although I’ll more than likely use the default one and not create another one, and possibly a blog, but hadn’t really decided that as of yet.

    When I first signed up for Heliohost, things went well, although slow. First, it signed up for the wrong server, and that was my fault. Then I signed up for the correct server, and things were going well.

    I was using the list as intended, and things were going well. I didn’t mind getting support through the forum or messenger on facebook, as iut just worked and it wasn’t a big deal until I went to post to my list and found that it sent me a message saying that the domain couldn’t be found.

    I thought this was strange, as I parked the domain as i was instructed and it had been working. I am not too happy of their 30 day notice where the account would be suspended after 30 days of no activity, but in discussion, i told them that most people would not log in unless they needed to, and to leave it up unless a deletion request was needed. To compensate, I suggest 60 to 90 days would be adequit.

    That was one issue i had, but i had set a reminder to compensate for the fact i needed to follow the rule. Hopefully they will change it.

    On their forum, i saw that the server I was hosted on had an issue, and so I decided to coorespond with the company to determine what the next steps were. They had said thjat I aught to sign up with another server. At the time, I thought, OK, maybe this is a one time thing, so I’ll sign up, release my info, and sign up.

    This went well for about a few days. Once I reset up everyone, the list, the site, and was sure things were fine, I go to the site as someone was having issues going to menvi’s site, and was going to have them fill out a form that was on this site. I could not go there.

    Going to the forum indicated two things.

    • First, the one server had such a hard drive issue, that they weren’t sure if backups they provided were adequit for customers.I saw that before this second server crashed.
    • Second, the server I had just signed up with had the same issue as the other.
    • Third, they are asking for money from the community since they now have to replace two servers, and they indicate that we should sign up yet for another server.
    • If we don’t donate, the business could go under, and they continue to boast about being the best free hosting around.

    You guys just lost me. I signed up, you can’t restore my account, I have to sign up, because the restoration doesn’t allow me to restore my mailing list which I need.

    I’m sorry, but this isn’t going to fly for me. I understand an occasional issue where we may need to move. I didn’t mind signing up for the second server. Once it crashed, I realized that this is not the provider that this site should be using. This site needs to be up as much as possible, and the last two months, it has been down but about a week if that.

    If you are a provider of web hosting, is it not your responsibility to have systems in place to notify you before the hard drive or components completely fail so you can back up data, and move accounts to a new server?

    The fact we need to sign up for the new server means they aren’t able to move our existing accounts we have taken time to build, and in my case, maintain, and that my mailing list means nothing to them.

    The control panel was full of adds, making it difficult and slow to get anything done. I was not impressed with that, but with free, you have to compensate somehow, so that didn’t bother me too much. They y also changed the time of signing up from midnight pacific time to midnight UTC. If you weren’t there right then signing up, kiss your chance goodbye. Not much time at all, and I am not willing to donate knowing that my data isn’t cared for, even on this 5k site. It is just as important as my big sites like MENVI, jaredrimer.net, and others.

    I am not going to tell you who to use or not use. I have had good conversations with the people running the operation, but when i indicated that i was not impressed with moving again, and the fact it kept recommending the one server which is not taking signups right now, and the only way i could sign up was to check other options, they said nothing.

    If this is what you want for a web host, feel free to use them. They are good for up to 500mb per account, and forum support.

    I’ve moved my site elsewhere, where I’m set up and my list is now up and operating. I plan to make some modifications to the site, but after that, I can stay out of the control panel until I need it again.

    Have you had any success with this company better than mine? If so, please let me know.

    Comments Off on Heliohost, is it worth it?

    Everyone Is $$$ To Cybercriminals Using Ransomware

    Hello folks, the three $$$ are dollar signs in this article entitled Everyone Is $$$ To Cybercriminals Using Ransomware and I found it facinating. As I predicted, Security Now briefly discussed the school in question paying $28,000 and my prediction was Leo saying that they should have backed up. Sometimes, even if you have a backup, the data is more important at that time, and it may be days before they came back online even if they did. I still think that if you can restore from backups, do that. This article says that because people are paying, the people behind this know this, and they will continue to do it. If we do not give them money, than they have nothing to stand on and they’ll go elsewhere. Your thoughts?

    Comments Off on Everyone Is $$$ To Cybercriminals Using Ransomware

    Mikko Hypponen: ‘Data is the New Oil’

    I read this article via F-Secure entitled Mikko Hypponen: ‘Data is the New Oil’ and this is making complete sense since we’ve been dealing with big time breaches lately. Mikko has had tons of talks, some of which I’ve republished on this podcast because they are so good. He’s been in this industry of viruses, trojans, and malware for over 20 years, and this article is one I think you should read if nothing else. This really hits home on whats happening now, and well in to the future unless something changes. Thoughts?

    Comments Off on Mikko Hypponen: ‘Data is the New Oil’

    Older Posts »

    go to sections menu


    navigation menu

    go to sections menu