The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
I’ve always tried to write about various types of technology, and even when I’ve gotten articles out, I’ve not had a lock on them. Part of that trouble is my plug in I think, where it isn’t tweeting anymore. The other aspect is, that this site, Vocal allows me to branch out and cover a wide variety of topics all on the same platform. I know it is accessible, however, they need images. They helped me publish a longer piece I wrote based off of this blog post and while I did a great job with this one, they wanted me to expand. I should’ve expanded and talked here more about what ATPC is. While I’m not going to full out blog here about it, but I wanted to share my longer piece entitled: “ATPC Hit with Ransomware, Does Not Pay” with you. It shows I have no biography, but I do. I know they’re making some changes, and I want people to know I’m still going to blog here. I also know I’ve not done a lot of reading as of late, and there’s a lot I need to read. I’m hoping Vocal will take off, and allow me to branch out in to other categories, and eventually, get paid.
It isn’t going to be a fast process, nor is it going to be easy, but I’m up for the challenge. I’m still going to blog here, and if I find something good, I’ll be sure to blog about it. The thing about this site and Vocal, is Vocal needs to be your own content. You can link to others, however, they want it to really be your own. I hope you’ll enjoy the article I published over there, and I’ll publish links to those articles once they get approved, if they are tech related for everyone who may not be familiar with them, to see what else I’m writing. Hope everyone is enjoying their stay here, and please feel free to check out check out Vocal to see if it is a viable solution to what you’d like to do in reaching a wider audience.
Make it a great day! See you all soon.
OK, is this how security products are supposed to be made? If Samsung did have a part in this, they should be ashamed with themselves. Check this one out.
Hi all, its that time of month again, the time where we must reboot our PC’s to allow for updates to take effect. Starting this month, Microsoft has discontinued issuing bulletines on what the updates covered. April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks from Trend Micro and Critical Security Updates from Adobe, Microsoft from Krebs on Security will give you varying views on whats up. This Networkworld article entitled Microsoft kicks security bulletins to the curb in favor of security update guide may go in to further detail on why they did this. This is in the better late than never department, so i hope you’ll enjoy taking a look at these things as we continue to fight the security battle.
Herbie sent me this article Lessons from IBM InterConnect – Disruption is Inevitable and I found it interesting. We know Watson beat everyone on Jeopardy for a time, and he’s fed tons of data. I’d be interested on your thoughts on this.
I know I’m probably so late with some of these, its been busy with my schedule. I want to post the things I think people should check out for the last few days. Please feel free to check out my twitter feed to see what I tweet, maybe something will be of interest that I post after I read it. For other social media options, Go to my network home page and select the heading for social media. Thanks for reading!
- From hackers’ point of views: New study exposes their strategies Trend Micro This article I just read today. It was interesting to hear what they’re after and maybe a little on how things are done. Forward thinking on maybe how to prottect ourselves a bit? Not sure, but the thought of this was interesting.
- How Mobile Phones Turn Into A Corporate Threat Trend Micro We use mobile phones now more than ever. I went in kicking and screaming about the iphone, and in some ways, I’m happy I have mine. It has helped me when I’ve gotten lost, and it helps me know when the MTA bus comes so I can plan my trip. It also gets me off the bus, when the AVA (automated voice announcement) system does not call stops. Now, they can connect to E-mail through the various gateways, and we can be productive while not at a computer. With this convenience, this causes risks, and some of them can be prevented such as not opening attachments because there is malware being developed for the phone, and that can be transmitted in to the corporate environment, for example. This one should be checked out if nothing else.
- 3 overlooked endpoints for cyber attacks and how to protect them Trend Micro This has three bullet points and links to other information for further reading. If you care about such things, this article is a must read.
- 5 ways machine learning can be used for security today Trend Micro this article talks about how machine learning can help with protection. Next Generation scanners are coming, and Trend Micro has been doing this type of work for many years.
- Cerber Starts Evading Machine Learning Trend Micro this article talks about Cerber, a worm, that is being trained to evade detection from the above machine learning technique, so it can stay around. Very clever stuff.
- How and Why the Phishing Threat Landscape Has Changed A forward looking blog post talking about the real world risks of the phishing landscape and what we should expect now. This is real world information, and something that people should check out.
- In a bit of good news, Krebs On Security gives us an article I thought was worth tweeting about. Alleged vDOS Owners Poised to Stand Trial is the article. We’ve covered this operation on the blog before, and this is good reporting here by Brian. Now, people are being caught, and we can’t hide, even if we did use a VPN as someone can always know who we are.
- Last Pass has been busy as of late, and Security Update for the LastPass Extension from Last Pass talks about the latest. Security Now has been covering the various bugs that Google’s Tavis Ormondy has been finding, and these are big things which Lastpass has been right on top of. These guys are very serious on their work, and I don’t see any change in that, even though, I believe they were baught out, by another company if I remember right. Maybe I’m wrong, but I thought I saw that one somewhere.
- CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino Trend Micro This article is better late than never. This talks about a bug which was fixed which exploit kits have been taking advantage of.
- Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important Trend Micro talks about the patch Tuesday which was this past March’s list of changes. No reason really on why Microsoft delayed February, so we got a bunch.
There is more that you could read, but this will keep you busy for awhile. I’ll try to get more articles out on a timely manner with in a day of me reading stuff so that I can talk about them more. Any thoughts on this list? Do let me know your thoughts.
Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:
Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck
I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.
Hi folks, I just read this article sent to me entitled 14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live and this can’t be good. First, lets say I’m in California, which I am. Next, lets say that the person that is doing something is in another state, lets say New York. Lets say I know them. Lets say I pick up the phone and dial 911 which the article is saying to do. I tell the dispatcher that I’m seeing a crime of some sort live on facebook. I get them the URL. Now, my question for discussion is this: will the police forward this on to the proper authorities in which the crime is taking place? I’m not sure how the multi agency stuff works, but I don’t know if 911 is used for such things. This is where you come in, and you can let me know your thoughts.
In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.
Hello folks, this article came across my desk through a newsletter I’m subscribed to. The article is entitled: FBI: Attackers Targeting Anonymous FTP Servers in Healthcare and I do not believe that our FTP allows anonymous access even if we turn it on now a days. I really think we need to be aware of this, and pass it along to our dentist and health care people that we know. This couldn’t get worse, can it?
This goes in to the oh boy category. Do we have one?
In the same newsletter, one article calls it a dishwasher, the other a washing machine, but this can’t be any worse can it? Hackable IoT washing machine provides channel for breaching hospital IT and Dishwasher has directory traversal bug g
Thanks a Miele-on for making everything dangerous, Internet of Things firmware slackers are two articles out of several here in this list. We definitely have something going on here, and it can’t get better when you see this. The reason why I went after the second, was because I heard parts of Security Now which taped on Tuesday afternoon, and it is discussed there. Steve couldn’t believe it, I forget what he says, but this is definitely bad. I just wonder what else we can see if we’ve practically seen it all. Oh boy.
I saw this article in the Sans security newsletter about this guy who supposedly sent a tweet with an image to cause a seizure. This is fucked up. US man held for sending flashing tweet to epileptic writer is the article. This is absolutely rediculous for someone who is a writer to send someone else a writer something you know can cause irrepairable damage. I don’t understand why you would knowingly do this. 10 years in jail? This can’t be enough to repair any damage this guy dhas to go through to get his life back especially if the seizure left him in a state where he needs more help than normal. Wow.
On February 15, 2017: a company called ATPC (the Alternate Text Production Center) was hit with a ransomware strain. The E-mail that was sent to me indicated multiple things that I would like to highlight in this ever important effort on continuing education on the epidemic.
- First, they had backups of everything that was currently set to be produced. While clients uploaded files through a protocol called FTP, the company did have a policy in place about this access they needed to change after this epidemic.
- Next, the notice was very straight forward in what happened, steps they took to mitigate the attack, and what they were doing to make sure that it didn’t impact them like this again.
Here is a baseline of what they said.
- The FTP server had files up there, and the policy indicated that it was for short term storage. These files are small, even though they were books to be sent in braille or electronically to customers.
- They made sure all files were backed up in multiple locations so if a file they needed to send either in braille or electronically was infected, they had clean copies. This was the most important step in this process. If you have read Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows you will know that most companies have no choice. Just look at this LAVC update that I posted after my first post on that which asks Are schools next in the cyber race? I really think this step was important.
- They sent out a notice to their customers. This is very important as you want them to know that you know about the issue, and what you’re doing about it. They don’t want to find out after the fact. LAVC called and E-mailed us, and even braught in experts which advised they should pay. LAVC is a lot larger than ATPC, but ATPC notified their customers and prevented that whole mess.
The points I’ve made and links to the articles should highlight that ATPC has done the right thing, and they are a small business. I don’t think there is any other way of doing this without having to pay like LAVC did, and that took out their Internet and phone systems. While a few files were lost, they were easily retrieved elsewhere. This is a perfect case of something that went wrong, and the perfect solution to a very complex systematic problem of keeping us safe.
Each ransomware case is different, but hopefully, we can learn from this textbook case. Thoughts? Get in touch.
More information: Alternate Text Production Center
I’ve just gotten a chance to read this article from Sans E-mail that talks about whether or not we understand a lot of whats going on today and how to protect ourselves. While I believe education is the key, constant understanding and reading of articles like the one show here will keep you in tact. Check this one out.
Comments Off on Americans ignorant on cybersecurity, Pew poll shows
On the 3rd of March, this article entitled Phishing with Wildcard DNS Attacks and Pharming was posted. This was interesting because of the fact that we are learning a new term. According to Wikipedia: Pharming is the deceit of a web site where a cyber attack is done to make the site go somewhere else. Here is the paragraphs talking directly about Pharming from Wikipedia. To learn more, please click through.
“Pharming[a] is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as “poisoned”. Pharming requires unprotected access to target a computer, such as altering a customer’s home computer, rather than a corporate business server.
The term “pharming” is a neologism based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.”
If this is true, what type of things can we as citizens do to be able to protect ourselves from this new threat? We’re going to have to explore this together and see what types of things we can do.
- While this isn’t fullproof, make sure you’re on the site you want to be on before entering any type of data. If you want to go to PayPal, make sure PayPal is in its URL, and not redirected to somewhere else.
- If the site is supposed to be secure, make sure the URL says htttps and not http. Especially when logging in to sensitive places.
- Make sure you know if the web site is to go somewhere else by a redirect. Most sites don’t redirect to offsite URL’s.
On that last point, I have a redirector for a sub domain to point directly to an HTML site on the same site. I also had a sub domain pointing directly to my blog at livejournal, but i show you where it is going, instead of hiding that fact. This way, the user can question me about that, and I can tell them its safe.
What other thoughts do you have? Get in touch.
Comments Off on Phishing with Wildcard DNS Attacks and Pharming
I know I may be posting things that were posted in the past, but I found this article entitled Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows that was sent in a newsletter that I’m subscribed to. The library should be commended to the fact that they did not pay the demands of the hackers, and were able to get their data back from backups. I believe this is how it should go. I’m curioius on your thoughts on this one, even though its older, its still relivant.
Comments Off on Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows
I read this article entitled Kids and Internet Safety: How Parents Should Have ‘The Conversation’ and there are some takeaways here.
“Threats are everywhere
U.S. households are filled with more devices than ever before. Recent research conducted by Trend Micro found that nearly 30 percent have three or more smartphones, around a third have two or more tablets and close to half have two or more computers in their household. These are your gateway to the internet. But they can also be a doorway for malicious attackers to enter your virtual world, and that of your children.
Why is this important? Because you are ultimately responsible for your child’s safety online, just as you are in the real world. And those cyber threats aren’t going away anytime soon. In fact, we found that two-thirds (65 percent) of American families have had their home PCs infected with a virus or piece of malware. Over a third (36 percent) have lost files or had them damaged, and 13 percent have had passwords stolen. The repercussions are potentially serious, ranging from identity and financial fraud to ransomware which can lock the entire family out of their devices and render all your personal data useless.
What’s more, there are specific online threats to children to be mindful of. Over a third (34 percent) of U.S. respondents claimed their children have viewed inappropriate content online. And 8 percent said they kids had suffered at the hands of cyberbullies. Unfortunately, bullying is as old as mankind, but in the cyber world taunts and threats can be far worse as the offenders feel they are hidden by a blanket of online anonymity. That 8 percent figure is likely to be far higher in reality, as many victims will choose not to report cyberbullying.”
There’s more to this article, but this needs to be talked about. Even the kids I know are starting to have time restrictions placed on the use of devices. Check this article out.
Comments Off on Kids and Internet Safety: How Parents Should Have ‘The Conversation’
I read this article entitled Ransomware for Dummies: Anyone Can Do It and this is so true. I’ve never got in to bitcoin at all, and honestly, I don’t know how accessible it would be, but seeing that bitcoin is even hard to buy, I’m surprised how lucritive this actually is. I still remember the story I heard on NPR I believe it was, where someone was forced to travel 200 miles in a storm to get money to pay to get their files back. While they missed their deadline, the people said they paid, and released their files. This definitely should be something to read. Thoughts?
Comments Off on Ransomware for Dummies: Anyone Can Do It
I saw two articles from Last Pass recently, and it seems as though the bug is repaired. Two Security Bulletins: SHA-1 Collision Attack and Cloudflare Incident posted on the 24th and Alerts for Cloudflare Sites in LastPass Security Challenge which was posted on the 27th of this month. Lastpass can be trusted on getting this type of information out accurately, and I trust that the issue has been fixed and nothing is at risk unless it is cached. Check these out.
Update: Fixed a broken link for the first story. Also, this was discussed on SN 601. Sorry about that!
Comments Off on Cloud Flare in trouble?
I saw this article on Herbie’s facebook. The world’s first braille smartwatch is on its way to buyers is the name of the article. According to Herbie, its about $300 and this does sound interesting. Check this one out.
Comments Off on The world’s first braille smartwatch is on its way to buyers
I saved a link to a video, which unfortunately, I can’t download. How To Avoid Becoming the Next Big Phishing Headline is the article, and it should be checked out. The video is free to watch.
Comments Off on How To Avoid Becoming the Next Big Phishing Headline
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
- The tech blog’s pages