go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Confucius is now back, did you think it was dead?

In an article entitled Confucius Update: New Tools and Techniques, Further Connections with Patchwork – TrendLabs Security Intelligence Blog and this is quite interesting. This is the beginning I think of a bigger problem we’ll have to fight.

Comments Off on Confucius is now back, did you think it was dead?

Running a government site? You should be ashamed of yourself for this: especially if you’re the pentagon

So I recently read an article on Cyberscoop that talks about the government, more specifically, the pentagon. You’d think that security is important when it comes with the government, however, they have proven not to care that much. Pentagon’s websites need better security, Wyden says is the name of the article, and this can’t be a good sign. Self signed certs is not the way to go now a days. You need an authority to sign certs. Check the article out, let me know your thoughts.

Comments Off on Running a government site? You should be ashamed of yourself for this: especially if you’re the pentagon

If you live in California, you’ll want to read this

Hi all,

While perusing the tech news of the feeds I subscribe to, Cyberscoop was the one that wrote up a story dealing with a California Breach. The article Hackers steal PII and payment info of thousands of California residents in company breach was posted May 21, 2018 and its something we Californians need to be aware of. This can’t be good. I have a very bad hunch that this is only going to get worse, and sadly, there is nothing we can do as a whole to stop it except to not do business online. Sometimes, thats the best thing, because we want services only available online. I’m not saying that we should completely stop, but with all the breaches coming, how can we learn how to protect ourselves? This is not going to be good, but I hope that we can find a solution. Thoughts?

Comments Off on If you live in California, you’ll want to read this

IOS and Mac updtates now ou

Hi all,

This blog post from Apple Vis indicates that there are IOS and Mac updates. Mainly security patches, but nothing huge if you’re running a 7 or below. The fixes for IOS is dealing with iphone 8 specifics.

Comments Off on IOS and Mac updtates now ou

Here’s some of what I’ve been reading of late

hi all,

Here’s what I’ve been reading of late that people might find of interest.

  • Financial Cyber Threat Sharing Group Phished (Krebs on Security) This article was of interest because the financial industry has control of our money and allows us to either spend what we have, or go broke, depending on our own financial situation. They don’t have a say so on how we spend our money, but money is printed and the whole bit so we have it available. The fact that anyone in any sector can be phished shows how vulnerable the human mind is. It just takes one mistake to have an issue.
  • Nuance Communications says NotPetya attack has cost it $92 million since June (Cyberscoop) I selected this one for the blog because we all know who Nuance Communications is. They are the ones who gave us some voices for our access technology and other products. The fact they’re in other businessesdoesn’t surprise me. The fact they got hit with ransomware or malware doesn’t necessarily surprise me either, because we just don’t know who will get hit with these things today. What gets me is the amount of money lost by such an attack. 92 million dollars to lose is a big amount for a company and the original story before I read it had a figure of almost 100 million. My only questions is how they come up with these numbers. I’m not saying they’re wrong, but I’m asking how they can figure out that it is 92 million, 98 million, or even 100 million if thats what they could’ve lost. If they spent that much, I could see that in records, but I believe the number was 92 million lost in potential sales, and that, I’m wondering about.
  • Android still has issues, and this Cyberscoop article might be of interest to you. New Android malware steals user data, records audio and incurs phone charges is the article, and is something to be aware of.
  • In the what the hell department, I saw this article from Cyberscoop entitled Big banks want to weaken the internet’s underlying security protocol and I was like what the hell? What are they thinking? Read this and submit your comments.
  • Trust certificates is the way SSL works. In a very shocking article, Cyber Scoop is reporting that 23,000 certs were recently revoked in an article Trustico revokes 23,000 SSL certificates due to compromise and I just had to shake my head.

There’s plenty more on my twitter feed that might catch your attention. Let me know your thoughts.

Comments (1)

The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

Oh boy. Here we go. What do you all think?

Sources say iPhone X and iPhone 8 can already be unlocked via Israeli company Cellebrite, one of America’s favorite contractors.

Source: The Feds Can Now (Probably) Unlock Every iPhone Model In Existence

Comments (3)

Mandatory data breach reporting starts for small business

Just read this article entitled Mandatory data breach reporting starts for small business and I want to make sure that users who come across this blog are aware of the new changes. One of the things that it says that is of importance deals with fines after a breach if notification is not made. One number that comes out is 360,000 and the other is 1.8 million dollars respectively.

Don’t get caught in this. I try to make sure people have their information protected the best I can. I’m based in the United States, and we don’t have a say so when our information gets taken. I think this should be something adopted no matter where you live, as it can be something we can all learn from what Australia is doing.

Here is a portion that might be of use from this article:


“Severe consequences

Small businesses have been warned the consequences of a data breach can be severe; from financial to brand and reputational damage, Paul Gracey, director
of printing systems for HP South Pacific says.

“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and
unfortunately printing and imaging devices are overlooked and left exposed.”

Security blind spots threaten to unhinge small business owners, such as visual hacking (where confidential data is read directly from a device’s screen
without permission), he says.

Over half of the respondents flagged ‘‘employee carelessness’’ as a significant security threat to their business, with concerns not just over the behaviour
of staff when outside the office, but external threats such as visual hacking, Gracey says.

“Think about the number of times you’ve opened your work laptop on the train or bus, only to catch someone looking over your shoulder.”

Visual hacking is a problem for small business. figure
Visual hacking is a problem for small business.
Visual hacking is a problem for small business. figure end

The not-so-humble printer is increasingly becoming the entry point of choice for hackers, and as SMBs remain focused on security software, hackers are
looking to printers as the easy way into a business.

Gracey explains that smart printers can retain sensitive information and are often excluded from risk assessments. “Small businesses need to ask what data
they have, where it’s kept and where it is being used,” he says.”


If nothing else, we know no matter the business, nobody is prepared. Lets have a discussion on what we can do to start the process of doing the best we can, even though a lot of it is out of out of our hands.

Comments Off on Mandatory data breach reporting starts for small business

More Russia news in regards to metaling in our election

Hi all,

On an earlier post, we linked to a news article with a link to news in regards to Russia’s involvement in the United States Election. I’d like to take this opportunity to give you a couple of more articles that may be better to read.

I hope that these articles may help to shed the light on the serious problem that we had in the elections. We’ll of course keep you up to date when we learn more, as social media, and other aspects of technology was used.

Comments Off on More Russia news in regards to metaling in our election

Robert Mueller charges 13 and one company for interfeerence

Read Robert Mueller’s indictment of 13 Russian nationals for election meddling is the story dealing with the potential issue of the elections and how they were messed with. It does link to another page, and the article here is quite short. I downloaded the video that was found on you tube, and you can get to Special Counsel Mueller’s video by using this link to go there. Thanks so much for listening and participating.

Comments Off on Robert Mueller charges 13 and one company for interfeerence

Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc • The Register

This is the update on the equifax deal that has been going on. I saw a retweet but this comes from Sans via the registor in the UK.

Pwned credit-score biz quietly admits more info lost

Source: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc • The Register

Comments Off on Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc • The Register

First ‘Jackpotting’ Attacks Hit U.S. ATMs

I read this one entitled First ‘Jackpotting’ Attacks Hit U.S. ATMs and I thought this was very clever. I’ve never heard of this being done until I saw this. The next article here talks about an arrest from this, so we’re starting to see that crime does not pay just like the shadow says.

Comments Off on First ‘Jackpotting’ Attacks Hit U.S. ATMs

Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US

In the great news department, we get two things in one. Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US is the name of the article by Brian Krebs. In it, Brian talks about an arrest after someone had ATM’s delivered to his home, as well as when he got picked up, he had drugs too. Nice combination. Brian goes in to detail about this one. Nice going, here’s your sign. Hope you have a good time telling everyone what you did.

Comments Off on Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US

Have you started the process of filing taxes? Do it soon for 2018

Just saw this article from Krebs entitled File Your Taxes Before Scammers Do It For You which was dated today. Have you started to do your taxes and get them ready for filing? If not, do look to see if you’re ready to do so. The criminals are waiting or not waiting for you. Thanks for reading.

Comments Off on Have you started the process of filing taxes? Do it soon for 2018

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

I also came across some good news, something we need to pass along in this crazy world. I don’t remember news this good coming at the beginning of the year. In the wake of all of the news on the two major tech issues effecting different computer chips, we come across the great news in Canada. Canadian Police Charge Operator of Hacked Password Service Leakedsource.com which got a comment on a quoted tweet saying “oh boy.”

At the time of posting, this web site, hosted through cloudflare networks, indicate that the DNS can’t be resolved in an error message I’ve never seen: error 1016.

Since the operator has been arrested, we know that this can’t be good as this site, according to the article, had the ability of telling you whether your email address was part of a potential breach. Helpful, definitely, but to get the password associated with any breach, you needed to pay.

This is how someone can get caught, no? The guy involved was using PayPal for his payment gateway, and they have to follow the laws in each country in which they operate to turn over info if requested for investigation.

If I see any other news on this one, I’ll be sure to pass it along.

Comments Off on Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter

This was posted on the 15th from Krebs oon Security, and I saw it on the 17th. The article is entitled Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter. I just had a hunch that his comments in Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes which was posted on Krebs on the 2nd of January would come and bite him. He said that bombing would be better than the full swat. The book has been thrown at this guy with invluntary manslaughter.

“Involuntary manslaughter usually refers to an unintentional killing that results from recklessness or criminal negligence, or from an unlawful act that
is a misdemeanor or low-level felony (such as a DUI).”

findlaw.com

I blieve but don’t remember correctly at the moment, but the article mentions an 11 year sentence if convicted. Wonder if this guy had any idea he was going to get caught? Technology companies that provide services to spoof your number are compeled to comply with an order for information, especially when someone gets hurt, or in this case, accidentally killed.

This guy will join the ranks of the people who think they can’t get caught. They think they won’t get caught.

I hope you’ve got some time to think about this one, and may you learn a lesson about human life and what it means to be one.

Comments Off on Serial SWATter Tyler “SWAuTistic” Barriss Charged with Involuntary Manslaughter

UK Conviction Arises out of Trend Micro and NCA Partnership

I read this morning an article entitled UK Conviction Arises out of Trend Micro and NCA Partnership and I always love stories like this. It proves that crime does not pay, even if it crosses borders which the Internet does. Krebs also writes articles detailing arrests as well, but I’ll cover that separately after its read. Thanks for checking out the blog, and for participating in the podcast if you chose to download it and write comments.

Comments Off on UK Conviction Arises out of Trend Micro and NCA Partnership

Patch Tuesday is here

Patch Tuesday is here, and so are articles in regards to what is in them. This Trend Micro article entitled January’s Patch Tuesday Fixes 56 Security Issues, Including Meltdown and Spectre tells us about some of the issues and describes the two biggest bugs talked about now. Of course, we can’t forget the Krebs coverage of patch tuesday with his article this month entitled Microsoft’s Jan. 2018 Patch Tuesday Lowdown iws just that, a rundown, including links to other coverage on the blog. On the 3rd of January, our contributer, Shaun Everess, sent me this PC World article entitled Meltdown and Spectre FAQ: How the critical CPU flaws affect PCs and Macs and it does go in to some detail on the latest two major issues. I’m still confused about these two flaws, but it doesn’t appear to just be an Intel issue from what I’m hearing. This article from F-Secure which I read did help some. Some Notes On Meltdown And Spectre is the article from these guys. Trend Micro also has an article entitled When Speculation Is Risky: Understanding Meltdown and Spectre – TrendLabs Security Intelligence Blog and thats the first article I read on this issue. We’ll continue to monitor this one, and any other issues that we have been made aware of.

Comments Off on Patch Tuesday is here

Why Amazon’s Alexa Is ‘Life Changing’ for the Blind

Why Amazon’s Alexa Is ‘Life Changing’ for the Blind was sent to me by my dad. I could see the benefits of this device and have played with the one at my home a little bit. I do have the app on my phone, but I haven’t really played with it. This was an interesting story, hope you all read it.

Comments Off on Why Amazon’s Alexa Is ‘Life Changing’ for the Blind

Swatting, is this a big problem?E

Hi all,

I want to go more in depth with the following, but would like to post this for now. There are two articles through Krebs on Security, and even the news has covered this. First article is Kansas Man Killed In ‘SWATting’ Attack and the second is <a href=”Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes. I’m a little surprised that this type of activity is still going on today, especially with all of what is happening with the big time breaches.

KNX even mentioned this in a news story through a segment during the 1 PM PT hour in a segment called More In Depth. Suspect In Fatal Swatting Hoax Appears In LA Court, Will Not Fight Extradition so this means he’ll go to Kansas to be charged with murder or another crime depending on what they want to do.

Swatting is not normal, and I mixed up my words this evening talking to someone that lives here, and I am not going to mix it up for the article. Here is what Wikipedia says about Swatting. In the KNX report I heard this afternoon during the news segment I told you about above, the gentleman involved had a way to have his number look like he was in the state. Then he called someone and reported the incident. This whole thing started in an online forum, and another gentleman was giving the one who did it the wrong adress. The gentleman who did this feels bad a guy died, and said he’d rather do bomb threats instead of direct swatting.

Krebs on Security did a great job covering this in both stories I’ve linked above.

The KNX segment was also interesting, the news anchor asked what can be done. The guy interviewed did say that this was tricky, because you don’t nbecessarily call 911, they just call the emergency number and use a service to make it look like you’re in the state. Here are my thoughts.

First, get the telephone number of the caller. I’m not sure what number this guy gave, but when getting the number, call the number back if possible. The reason for the number being called back is simple. If someone other than the original caller answers, you know there is nothing up. In a real emergency, you’d be able to hear something going on. With the callback method in a non-emergency situation, you have time to figure out if this is real or fake. Seeing that the caller gave a number in the area, and not his own, you’d either get a disconnected number or you’d get someone else.

If the gentleman called 911 from a state bound number, than you can’t call back, you’d have your tools handy to tell where the call was coming from. You could use that data, and background noise, to determine if something was going on. If there was a hostage situation, you definitely in my opinion not be calm like the reports indicate.

Always make sure that the information you are given is correct. I’m sure emergency services already does this, but it isn’t a bad idea to say so here.

Do you, the reader, have any thoughts on this? Do report your thoughts.

Comments Off on Swatting, is this a big problem?E

With 1.4 Billion Stolen Log-Ins on the Dark Web, it’s Time to Take Password Management Seriously –

On December 21, 2017: I read this article entitled: With 1.4 Billion Stolen Log-Ins on the Dark Web, it’s Time to Take Password Management Seriously – and it is definitely concerting. I’m wondering if this is going to be part of the bigger picture of predictions of 2018? I’ll write a post, and publish it when its ready. I just don’t think its going to get any better, but only time will tell.

Comments Off on With 1.4 Billion Stolen Log-Ins on the Dark Web, it’s Time to Take Password Management Seriously –

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu