go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Password Manager Users Exposed After Privacy Snafu

If you are a user of this service, it is important that you see this. I’m going through twitter, and saw this. I’ve never heard of the service, so I can’t comment on its use, but boy, this can’t be good.

Albine admits millions of Blur customers may have been affected

Source: Password Manager Users Exposed After Privacy Snafu

Comments Off on Password Manager Users Exposed After Privacy Snafu

What I’ve read the last little bit

Here’s what I’ve read in the last little bit.

Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes other countries need to learn what to look for so they aren’t bit, not saying that the United States doesn’t, but this article is targeting others outside the U.S. and we should teach tmem what they should look for.

In case you missed it, so I didn’t post this, DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy is the article.

Find anything that I’ve missed? Send it and lets talk.

Comments Off on What I’ve read the last little bit

Why it’s Time to Switch from Facebook Login to a Password Manager

Hello folks,

In the continuing of catching up of news, Trend Micro has an interesting article dealing with Face Book, and its log in capabilities. We use whats called facebook connect to get connected to other apps and services. I’ve used it, but we now know that it isn’t the best thing we can do today.

Recently, Facebook disclosed a potential issue where data was exposed, because of the access to other apps, and this is done through their API and key system.

The article Why it’s Time to Switch from Facebook Login to a Password Manager talks about this more.

Whether you use Trend Micro’s solution, Lastpass, One Password, KeyPass, or another solution developed in the future, I know now that it isn’t a good idea to use facebook for my log in needs.

I decided with Dice World to go ahead and do that, but that was at a time when it wasn’t that big of a deal. I’m not going to change that now, but I won’t do it for anything else unless it recognizes where I am, like a game I’ve not talked about called Game World, by the same folks that make Dice World.

What do you guys think of this?

Comments Off on Why it’s Time to Switch from Facebook Login to a Password Manager

Why are building systems connected to the Internet?

I have a question to start this post off. Why are building systems connected to the Internet, and what is their purpose? I’ve never heard of this until I heard it mentioned I believe near the end of Security Now’s recent podcasts. The article I found on this subject is called FBI warns industry that hackers could probe vulnerable connections in building systems which was published on the 21st of December, 2018. Here is a section, talking a particular port, that is wide open.

Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the
bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet
that could be of use to hackers.

“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against
known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.”

You’re welcome to check out this article in full, but I’ve never heard of this before. Is this the future of hacks? This can’t be good overall.

Comments Off on Why are building systems connected to the Internet?

Lets start the new year with more good news

Hello everyone,

Lets start the new year with some good news, although we all know that this is only a stepping stone. DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy was written on Cyber Scoop on the 20th of December, last year.

We all know that China is one of the forces, they targeted practically everyone with no mercy with their attacks.

The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S.
Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information
of over 100,000 Navy personnel, U.S. officials said.

This is just a highlight and this is only the beginning. Have you seen this?

Comments Off on Lets start the new year with more good news

BevMo payment breach affects thousands, with researchers pointing to Magecart

Happy New Year,

I’m trying to catch up on 2018 news, and I found this article entitled BevMo payment breach affects thousands, with researchers pointing to Magecart and between BevMo and NCR, the companies could do no harm. The group behind this is known as Mage Cart, a loose hacking group looking for payment systems to target. The article has this as one word, but for ease of reading, I’m putting it as two words. NCR notified the BevMo company of the breach, they fixed the issue, and BevMo put out a release. While 14,500 plus is a small number, the company operates in three states, and sends to 8 others including Washington D.C. in the United States. Under the circumstances, both companies did the best they could, and I bet that we should see this type of response in the future.

What do you think? I’ll leave my thoughts on the podcast which will be number 302 in our series, and you can comment here or in my email box. Hope this partnership continues, this was the best under the circumstances.

Comments Off on BevMo payment breach affects thousands, with researchers pointing to Magecart

Hacker steals 10 years worth of data from San Diego school district | ZDNet

Officials said the hacker made off with the personal information of over 500,000 student and staff.

Source: Hacker steals 10 years worth of data from San Diego school district | ZDNet

This can’t be good. I saw this in San News Bites, and now children are effected by this, and I’m sure that this will effect these kids for years to come if they are targeted in the future.

Comments Off on Hacker steals 10 years worth of data from San Diego school district | ZDNet

There’s an 18 year old implant still out there? Oh my

I read today an article from Trend Micro entitled Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak and I found it of interest. It was originally posted at the 13th of December. While I have read it late, it may still be of value to you. Let me know what you think.

Comments Off on There’s an 18 year old implant still out there? Oh my

What I’ve read as of late

This post covers December 11-26, 2018. I’ll try to make this a regular habit.


Hello everyone, you may find the following of value worth reading, and I’ve already read it. I’m not necessarily going to comment on anything here, and it may be included in the next or any upcoming podcast.

There’s a lot here, and I know that some of it we’ve talked about. I’ve meant to post a lot of this earlier, but neglected to do so because I’ve been sick, although I’ve been better as of late.

I’ll try to post articles that I read each day on the blog for you to chew on some of what I’ve found of interest. I may not post every one I tweet, but I’ll pick some, and although this is all of what I’ve tweeted lately, I normally tweet those that are of interest.

Found something you want discussed? Please let me know.

Comments Off on What I’ve read as of late

Do we know how tech savy our leaders are?

Some days ago, I read about a very interesting topic. How Internet Savvy are Your Leaders? is the question, and I’m interested in your thoughts. I believe that some people in government really try to understand what is out there, and question what is really happening. One person I keep seeing mentioned in articles is Ron Widen (not sure on spelling) and he has some great questions and writings that he’s sent to different folks depending on the situation. I think government is trying, however, I think we need to have more people asking questions if they don’t understand. I know I do. I also don’t claim to know everything, and don’t guess but could give you a thought on something with the understanding that I’m unsure. Your thoughts are welcome.

Comments Off on Do we know how tech savy our leaders are?

Fake Voice Apps on Google Play, Botnet Likely in Development

Trend Micro has this article entitled Fake Voice Apps on Google Play, Botnet Likely in Development which I’ve read. There may be people who may be interested in this, because the apps which are out there could be of value if you want to use them. The problem is that there are apps that could be a problem, and thats what this post is covering that we’re linking here. There are apps like Google Voice that can allow you to use voice to call or hangouts for video etc. and even Skype is out there too. I’m not saying that every app is terrible, however, Android has had an opportunity to clean things up and better secure their store the best they can, but seeing this, I wonder if they’re doing enough. I don’t know this for sure, but this is something that we should wonder and ponder. Thoughts?

Comments Off on Fake Voice Apps on Google Play, Botnet Likely in Development

Australia passes world’s first law authorizing encryption backdoors

When I read Australia passes world’s first law authorizing encryption backdoors I just had to think about this a minute. If we start allowing back doors, did Austrailia think about whether or not this would have an impact on people who would use this type of loophole within the law to do damage? I’m not trying to bash the idea that law enforcement need some way to lawfully get at data that would help cases. I think this could work if the law only allows police to do this to discover what they need in their specific cases, and there is no other way to do this. Apple makes it clear that they comply to court orders where it is lawful to do so, but they don’t respond to every single request as they would like proof of an investigation going on and the reasoning to why they should comply. I’m not sure what Google or the Android community does, but this is something we need to figure out. What are your thoughts? Please let me know.

Comments Off on Australia passes world’s first law authorizing encryption backdoors

Jared, Kay Jewelers Parent Fixes Data Leak

I just read this article entitled Jared, Kay Jewelers Parent Fixes Data Leak within the past week, and this is some good news that a data leak was fixed. Mistakes in programming is going to occur, and responsible disclosure is the key when it comes to this type of thing. While it was someone who meant well, I was impressed in the fact that this was fixed and no harm was done by this. As far as we know, there was no harm done, and we believe the issue is fixed. I’ve thought about this article since I read it, but I think this type of thing was done correctly. What are your thoughts?

Comments Off on Jared, Kay Jewelers Parent Fixes Data Leak

Its phishing season, but is every day phishing season?

Lastpass has an article out that talks about phishing season. Its got basic tips to keep us all safe. It’s Phishing Season: 5 Tips to Prevent Phishing Scams was posted on the 27th of November, right after Thanksgiving. Can I just ask a question? The question is: Is every day phishing season? You always get various email, and curious minds always want to click. Some are obvious, others are not. Sometimes, the clicking could get you in to trouble, others it can’t. Sometimes opening an email can land you in trouble, most don’t.

The first tip is education. Learn what companies who send you mail is supposed to look like, most of all. Educate yourself on how people will write you on a regular basis, and if opening attachments, whether they will tell you what is attached to the message.

Step 2 is to investigate the source. Look at the email address. I’ve been getting email claiming to be from someone I’ve had contact with, but the email address isn’t theirs, it is a totally different address. This would be a sign that something isn’t right. The link in question looked suspicious and it didn’t tell me why the link was sent to begin with.

Don’t provide your personal information is tip three. Companies usually have you sign up over the phone or through a web site, not by email. I did have that practice when I started my business, but I did put in there that if you did not feel comfortable, to let me know and I would do it over the phone. Its too risky now to send information like that over email. I did it once with a company, but I knew that it would get there, even though it was risky. I only did it once.

The fourth tip is to have a plan for when something does go wrong. Its called a Remediation plan. I’ve taken steps like making sure I back up my important files to dropbox, or another service if you don’t have dropbox.

The fifth step is to leverage a password manager. Since this is a lastpass blog article, of course they’re going to say to use them. Any password manager is capable of saving information including passwords, notes, credit card information, and other notes that are sensitive in to a vault to which you can open with one password. Whether you use lastpass, or choose another one, now we need to have this in our toolkit.

Do you have any other tips? Please share.

Comments Off on Its phishing season, but is every day phishing season?

The breaches continue, what else is new?

This week has spawned some very interesting news that I’ve been meaning to pass along. There are several articles in regards to one, and one of which I’ve only found one article on.

Lets get started on my thoughts.

The Mariot baught out starwood Hotels, and now they have reported a breach. Cyberscoop and Krebs On Security are two sources that have articles that I have access too. Armando from Northern California also sent me one from Action News Now which talks about what to do. The numbers can be anywhere from 370,000 up to 500,000 if not more when all said and done. I think this is the most in everything we’ve covered and sadly, this has been going on for some time now, at least 4 years.
According to Krebs on Security, this whole thing started in 2015 when Starwood initially reported a breach which was already a year old. Now, this is 4 years old, and we’re only learning about what is actually happening, and the investigation is still in process. Check out the various articles to find out more, and of course, form your own opinions.

Next, the United States Postal Service is in the news This Krebs on Security article talks about this one. The number on this one is 60 million, and that may not include duplicates if multiple people signed up for the service at the same address. For example, two people would be effected if dad and I signed up using the same address. This can’t be good, but we’ll have to see over time.

Finally, Trend Micro has a very interesting article which would be timely about now. Today’s Data Breach Environment: An Overview is the name of this article, and I can’t find a better time to cover this one, because of how timely it is in regards to the other articles in here. Some of the top threats include ransomware, cryptomining, and tec and email scams. Megabreaches are on the rise, according to this article and there is no reason for it to slow down. Data indicates that it takes 191 days to detect a breach, and that is about 6 months, – a very long time – don’t you think? There is also a 16 percent increase inmega breaches from 2017 numbers. So far, 259 megabreaches in 2018 and only 224 during the same period of reporting last year. Hacking or malware is not the overall reason for the breaches which may be good news, but this is not good overall.

The article covers much more and goes in to more detail on the three points of compromise mentioned above.

I hope that this article may be of interest to my readers, and feel free to read more by clicking through to the links. Thanks for listening to the podcast and reading the blog.

Comments Off on The breaches continue, what else is new?

Is it time for some good news? Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

In the better late than never department, I read way back when some good news I thought I’d share since I’ve thought about it again. Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison and that is definitely some good news knowing he won’t hurt anyone else like he did before this case came to be. This is the same man who was featured on my podcast as well as on several articles on Krebs and other news networks for the Kansas case that killed an innocent man. I knew I wanted to cover this one, but I have been engrosed in other things and forgot it until now. I think its worth the read, and feel free to comment!

Comments Off on Is it time for some good news? Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Should we be telling people to look for the lock symbol or the HTTPS in URLS? Articles say no

Hi all, I was doing some reading on my RSS feeds, and came across a few items that may be good for some discussion. To start, we’ve advised in various circles to look (if visual) or determine (if blind) if the site was secure either by a lock symbol in your tool bar or the HTTPS in the URL to symbolize the URL is safe. According to Krebs On Security, an article that is entitled Half of all Phishing Sites Now Have the Padlock and this can’t be good. This article talks about something called Unicode, and the domain system is allowing this. Firefox is the only browser that will happily go to these pages and will convert these in to characters it understands. What jumps out at me is the fact that we’re going secure, and the people who pedle these wares know this. To seem legitiment, they will of course get their site secure. With services like Lets Encrypt, it is now free to encrypt any domain as long as it is hosted somewhere.

The other article which is not too late to post, talks about shopping online. This article was posted the 23rd, and it has some great tips. While Amazon is mostly safe, there are people who could come on to their platform to sell things, or compromise an existing merchant account with Amazon. While Amazon refunded the money in this instant, checking the who is directory is a great idea if you know where to look.

I did have two sites in my bookmarks, but it seems like I’m having trouble with these particular URL’s. <a href=”http://www.ultrahost.usUltrahost has a domain lookup tool, which works quite well. The first box is for the portion of the domain, the second is a combo box asking for the top level (tld) such as .com, .org, .net, etc. How to Shop Online Like a Security Pro is the article that I read in regards to checking domains as well as making sure you’re on a reputable site.

The reason Brian indicates to look at the registry is simple. New sellers will have their domain up within recent months. If you’ve been around selling things awhile, your domain will show this, as it records when the domain was first baught, and when it is set to expire.

My web site for example, was baught in 2008, and white cane travel in 2014. While neither of my sites sell anything, I’m using them as reference points so you understand how valuable this could be.

Most people may not go through this trouble, but as has been demonstrated, your common merchant could be compromised, although it has happened in store, and not necessarily online. The point here is to be as careful as possible, and trust your gut.

Please have a happy and safe shopping season, and thanks for reading the blog!

Comments Off on Should we be telling people to look for the lock symbol or the HTTPS in URLS? Articles say no

Is facebook in trouble again? This article may let you think so

Well, I was going through twitter, and I found this article about Facebook and some documents that may implicate them in something they say they’ve never done. Parliament seizes cache of Facebook internal papers is the name of the article and it was interesting.

Comments Off on Is facebook in trouble again? This article may let you think so

How important is cyber securty training for employees? I think its very important

I recently read an article by Trend Micro on their blog about cyber security for employees. I believe that it is very important. The Importance of Employee Cybersecurity Training: Top Strategies and Best Practices is the article from Trend Micro.

I don’t want to say that all employees are security problems, but one of the headings in the article talks about the fact that employees may be the weakest link between your data that should not get out, and hackers. It only takes one employee to start the chain of a much bigger problem in your company.

What do you think of this? I’d love to hear whether you agree or not. Please participate and lets discuss how we can change the culture of security.

Comments Off on How important is cyber securty training for employees? I think its very important

Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books

I remember reading books by this company, Blind bargains has a post up Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books and time is running out. They posted this yesterday, and while I wish I could give asan adult, I do remember reading some of their books they produced. Good books too.

Comments Off on Seedlings Offers over 350 items in Online Auction to Raise Money for Braille Books

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu