go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



Antivirus and the disabled computer user

Hello folks,

I really need some help, and it deals with AntiVirus and security. I’ve been using Microsoft Security Essentials, but have found in my opinion that it doesn’t work as advertised. I saw an article online about creating a file, with some code. The antivirus should pick it up while saving the file. Its not harmful, but it is a test of sorts that checks the antivirus. Its called eicar and you can google it.

MSE did not pick up this file while saving, and saving the file and scanning it showed that it was fine. I wrote an E-mail list with Jaws users on it, and someone recommended Sophos home free which i downloaded. Someone else just said that it was not accessible, and that I’m better off with MSE.

The problem we’re running in to is that we need antivirus now more than ever. Even if we’re careful, things can be downloaded that are not wanted, even when visiting a site we intend to visit. With all the breaches, something is better than nothing, but in my opinion, security essentials is not cutting it.

I do not want to install something that is not accessible, although i want something where I can set some options, and forget it unless something comes up.

It should be able to scan as something is downloaded, notify the user if something is not right about the file, and do daily updates and weekly scans.

If anyone that reads this comes up with something accessible that is free or low cost, I would be greatful.

We should not live without something that can protect our PC’s. Just because we don’t browse much, doesn’t mean that sites we do could become a problem. Its sad that antivirus has become such a problem with companies, that they make it useless to us.

We use a computer just like everyone else, and I hope to publish a series on screen reader usage. Two articles are written, and I am hoping to start a third. I know these developers are aware of access tech, as we once had the access to a lot of the products out there, but as I said, MSE is just seemingly to just pick things up at random, and it doesn’t pick up something that is tested to make sure the program runs as it should.

What are you using? How does it work?
I do not want people responding who don’t use antivirus. That will not be helpful to me.

Thanks for your time.

Comments (2)

IOS 10.3.2 is now out

Hi all,

We’ve been talking about security lately. I heard during Security Now that IOS 10.3.2 was released along with other apple releases. They fix some bugs. If I can find some more information in the coming day, I’ll make sure to post more. I’m going to update my phone to it now, and we’ll be in touch.

Comments Off on IOS 10.3.2 is now out

showdan, what part does it have?

So I know its a little late to add it to the article being worked on with images and the like, but I did find something interesting out in regards to Wannacry that I thought was interesting. There is a search engine out there called shodan, and I’m not even sure of its spelling. From what I understand of this site, it is similar to Google, but yet, it populates all of the machines with open ports, among other things. Whatever this site is, it also does port scanning, where you can ask it who has a certain port open. Instead of phishing, I saw something that said the people involved searched for machines with port 445 open, and infected that way. I’m still thinking the possibility of a phish is still there, but anything is possible.

shodan

Comments Off on showdan, what part does it have?

Wannacry, an update

Hi folks,

I’m here to give everyone an update, although i just wrote a longer article linking to sources and other thoughts in regards to this big time ransomware, Wannacry. I didn’t cover everything, because I still want to see what Security Now has to say although I caught part of it. I’ve seen reports like North Korea having a part in this, and we know that Microsoft now patched XP and other operating systems that were vulnerable which they normally wouldn’t, but this was bad. As soon as the article is done and posted, you’ll get a link, as if I gave it now, its in rough draft form now and links wouldn’t work unless I took the painful time to do this. For now, there’s tons of media coverage on this, maybe some speculation, but we definitely know more than we did on Friday. I’m still in shock.

Comments Off on Wannacry, an update

May 9ths Security Now program

Here we are again, another Security now episode which will air on the mix and I feel ashamed for being so behind. I’ve got plenty to listen to for my ride home tomorrow as I have other comitments to attend to. You may listen tomorrow at 5 central in the afternoon through the mix, or go to the security Now feed to pick up your copy.


SN 611: Go FCC Yourself May 9, 2017, 7:11 PM
Security Now (MP3)
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft’s built-in malware scanning technology, Patch Tuesday, Google’s Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.


I’ll be looking forward in checking out this program. I know I’m behind, and probably a lot to talk about. I have been working on a cast after awhile of not doing one, but I really need to publish podcasts more regularly like i used to. This podcast could definitely give me stuff to talk about. See you all soon.

Comments Off on May 9ths Security Now program

Got phished? I got a call, but knew better

Hey folks,

Here is another one of the true stories about phishing. I got a call from a toll-free number at 4 this afternoon. They claimed they were from apple and the person’s name was Jennifer. They said there was suspicious activity on my account. My options were to press 1 to speak to someone, or 2 to hang up.

First, the apple rep I talked to says that they will not call you if there is something wrong, you have to call in first, and only then do they call out.

Next, the apple rep said people may get calls from Texas or California area codes, not from a toll-free number. Also, they would identify themselves as apple.

I didn’t get phished as I knew my account had two-factor turned on, and I even envited the representative to look at my account if they wanted to verify that no suspicious activity took place.

Comments Off on Got phished? I got a call, but knew better

This week’s Security Now program

Hello everyone,

This week, Security Now is going to be packed as usual. If you aren’t subscribed to it, please do so by going to this RSS feed. Here are those show notes on whats coming up this week. This program is 1 hour 57 minutes long.


SN 609: The Double Pulsar April 25, 2017, 6:35 PM
Security Now (MP3)
This week Steve and Leo discuss how one of the NSA’s Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly are abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some “Closing the Loop” feedback from our podcast’s terrific listeners.

We are allowed to air it as long as we leave everything in tact, so join the mix on Thursday at 5 CT, 3 PT for the airing. Hope to see you there!

Comments Off on This week’s Security Now program

Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

Hi folks,

Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:


Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck


I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.

Comments Off on Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

IOS 10.3 has been out

Hi all,

In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.

Comments Off on IOS 10.3 has been out

EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Hello fellow passengers. Welcome to college accademics, and today, you need to at least read this PSA entitled E MPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT IC3 January 18, 2017

because while it was covered in 2014, I feel that as the new year turns and tracks along, this will be more prevelant as you are traversing the job market. I am, but yet I don’t use my college account as I did take a class. I’m suspicious of quite a bit of things, and I know that a job is not to ask for money from you. They don’t provide money to you to supply yourself equipment, they supply you with the equipment. Please take this read while you’re traversing this flight today, and do stay safe.

Sincerely,
Your captain

Comments Off on EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Are schools next in the cyber race?

Hi folks,

Happy new year, and thanks for checking out the blog. My goal during Christmas break was to release a podcast, but I’ve been ill. Hopefully, the podcasts will return soon.

The reason why I’m writing today, is to talk about something I’ve thought about for awhile, but sadly, the 4th day of January, we’re already seeing.

I’m going to be careful, and indicate that I got an E-mail from a school I’ve attended talking about how they are investigating reports of a possible attack.

According to the E-mail, it looks like one campus of the network of various schools around the LosAngeles county was targeted.

Computers and voice mail systems, according to the E-mail and attached PDF, are effected, and no voice mail can be left at the school at this time.

School is going on as normal, and recently started its winter session which started on January 3rd.

As a precaution, the E-mail notifies us that computer experts have gotten involved and will be checking out the entire network to determine what is happening.

They are advising that many computers are possibly infected with ransomware. If you are not aware and you’re coming to the blog for the first time, ransomware is a big time problem, and it locks up your files until you pay money.

Many experts are telling people not to pay unless you have no other choice. I agree with the assessments, I know i wouldn’t pay money to someone who may or may not give me my files back.

According to the attached PDF linked, this detection and investigation started on the 31st of December, and only time will tell on what exactly happened.

I had thought about this as part of my predictions for 2017, which I never wrote because I’ve been sick. It saddens me that we’re starting out the new year on such a note like this. It does not surprise me anymore in regards to things like this.

Do I think other schools are going to be impacted? As large of a network as the school has that I got notified from, it would be possible for other large networks to be impacted at some point.

Hospitals, and other businesses have already felt the brunt of ransomware. Trend Micro has already predicted that ransomware will be a bigger threat as it becomes more prevelant as a weapon for people to be making money.

Do you think your school, or a school you’ve attended will be a target? Why or why not? Please sound off in the comments, and lets discuss this big threat of ransomware.

Hope to have a podcast real soon, thanks for reading!

Comments Off on Are schools next in the cyber race?

The Yahoo Breach, am I effected?

I was so doing my best and not talking the Yahoo! breach that recently made news in december 2016 and this evening, I get an E-mail which is looking very legitament and comes from a yahoo address for communications. While I’m not going to share the E-mail in detail, this is definitely time that we say goodbye to Yahoo! mail. Once I get stuff transfered over to jaredrimer.net that I want, I’ll be removing the account from my PC. I never put it on my phone, and now, I will personally not use the account after I verify that I have everything transfered over that I want.

I had a hunch when I was made aware of another potential breach through my network, and I have some suspicions. The person indicated they did not get an E-mail, but someone else I know did. If I got one, I’m sure they will if their account was a potential target.

This is not the first time I’ve been targeted in one way or another. Remember this article I posted when I was dealing with some serious issues along the network? While indirectly effecting me, it does effect the provider which is me, and the provider I pay which is Ultrahost.

I believe Ultrahost is doing much better in detecting and eraticating issues much quicker than before, and for that I’m happy to see. Sadly, not all providers are aware of the dangers, and as the E-mail sent, more people are being notified. Yahoo has to notify at least a billion users. Thats a lot of users, and its going to take time. Here’s what I wrote about Yahoo! when i saw the news the first time. I didn’t think it was the end. To top it all off, this story delbt with the blind in general as we learned about a hotel chain which blind individuals had visited for the convention. I’m sure if you search hacked or breach on this blog, you’ll find a lot more out there, and we should be aware of whats out there.

If you are unaware of the use of Yahoo! which providers like .co.nz, ATT’s SBC Yahoo! and others, you may want to consider if it is practical ditching the account and service altogether. I’ll be happy to help where I can, please reach out.

Have you been effected? Please sound off in the comments. The boards await you.

Here’s one from the past that may recellect your memory. Have fun digesting this.

Comments (2)

Yahoo and their big breach

Hi folks,

I want to give my thoughts in regards to Yahoo and their biggest breach of many millions of Yahoo accounts. While I’ve read the blogs from my RSS feeds talking about it, and also heard Steve Gibson on a recent Security Now, I left Yahoo a long time ago. While SBC let me link to my Yahoo account years ago, the things on my SBC Yahoo account are staying, but I haven’t really used that address for communication purposes in years.

Ever since I got jaredrimer.net, I slowly got things away from SBC. There are a few lists I’m on with Yahoo and SBC, one is an oldies list I look at occasionally, NBP’s E-mail list, the Clippers E-mail list, and the Los Angeles Kings E-mail list. I’ve moved everyone else over to my domain for contact.

This was done because I’m not at home checking E-mail, and SBC was not one of the addresses by choice I did not put on my phone. There are several addresses I have not put on my phone, but the important ones I have.

This was a decision i had made long before news of the Yahoo breach ever came to lite. Its recommended to abandon the account, and for the most part, I have, except for these E-mail lists which people can have.

What will the Yahoo breach do to people? Yahoo hasn’t been doing much as far as I’m aware for years. Yahoo news is still around, but even KNX has changed the way their site runs with a blog format and other video and app options through CBS.

What is really sad about this breach is that it is a two year old breach now coming to lite. If I can, I’m going to try and get these newsletters on my lists account over on jaredrimer.net and forget SBC Yahoo altogether. Next time newsletters come around, I’m going to start changing things around here.

I know that Yahoo doesn’t just power SBC global, what are other providers doing that can link their addresses to Yahoo? What are you doing with your yahoo account now?

Please sound off in the comments. The boards await you.

Comments Off on Yahoo and their big breach

IOS 9.3.5

Apple Vis posted news about IOS 9.3.5 being released today. It has security fixes for three zero-day vulnerabilities. Steve Gibson also posted a tweet.

Here are two tweets.


Steve Gibson: Apple recently pushed an “emergency” update for all iOS devices. It has been used against “targeted victims”, but could see wider use now. 3 hours ago from TweetDeck
Steve Gibson: Anyone seeking background info about the Apple 0-day patches before next week’s Security Now! podcast, please see: http://bit.ly/2bsgUTC 2 hours ago from TweetDeck


Stay safe.

Comments Off on IOS 9.3.5

Patch Tuesday

Shaun did a good job on posting about Patch Tuesday, but there are two articles that I saw in regards to the subject. Got Microsoft? Time to Patch Your Windows is the first, and Brian gives some basics. The second, August Patch Tuesday: Nine Bulletins, Five Rated Critical from Trend Micro. Both bhave good points, and both should be read. Your thoughts are welcome.

Comments Off on Patch Tuesday

Targeted, now what?

Hello folks,

Disclaimer: I thought I’d take this opportunity to talk about something that happened, but yet, users have seen this type of thing before. If this doesn’t interest you, you may skip it. It

may be technical, but yet, people might be interested in this.

You’ve probably gotten warnings from your browser that the site you’re trying to visit may not be safe. This is a true story, and one that happens all the time. Do you really know what the behind

the scenes things go on so if it is something not supposed to be there, you can meraculously come back to the site after some time?

My provider E-mailed with some information that needed immediate attention across the network. I usually make sure the accounts have good passwords that match the password generator scale and I

always try to advise that the passwords on the accounts at the meter’s score of 100. I forwarded the report to someone who can handle what it had to say, because I personally did not maintain

this domain.

At the same time, a company entitled phishlabs contacted the individual with simular reports, and the person had no idea what was happening.

Without going into detail on the report, the average user needs to know that web browsers today, especially chrome and firefox, have mechanisms in place to let the user know if a website is

phished, hacked, or taken over.

>What is Phishing? Webopedia Definition (Accessed August 4, 2016) The page describes the act of sending an E-mail falsly claiming to be

an established entity who’s soul purpose is to scam the user. The user would be directed to a site, usually by E-mail, to get information to be used in identity theft, or other type of criminal

activity the scammer wishes to use it for. For more information, please click through for the full definition word for word.

The Jared Rimer network can’t confirm if any type of E-mail was ever sent to the potential page or pages that the report found, and it was interesting what the report had to say. Both Firefox and

Chrome reported mid week of the particular week in question the site being a problem, even after the webmaster cleaned the server of the offending information.

Look at this as cleaning your computer of unwanted programs or data you no longer need. Webmasters need to follow these reports if gotten, to make sure their site is clean for visitors like you

who come to it to get information, purchase things, or seek information that you may want that the site offers.

What was interesting about this whole thing, the control panel was also flagged, and to this day, I am baffled why a control panel, which a website operator has access to, would be flagged. The

control panel is similar to the Windows control panel where you have various options to set up various items such as accessibility controls, displays, and other aspects of the operating system.

The web site panel has options to set up and maintain various aspects of the site such as blogs, E-mail, and maybe a shopping cart platform. Each site is going to be set up differently, and that

makes it unique.

From what I am able to understand, the control panel was flagged based on the IP address, but once things got cleaned, that warning was removed.

According to the ticket created with us: along with giving us effected URL’s, talked about safe browsing. The safe browsing

initiative is Google’s project and I think it is a good one today. The URL talks more about the project and how things have grown. I do like the idea of what they are doing, even if it is

intrusive, it is helpful in the end.

That portion of the E-mail as part of the ticket says: “Safe Browsing is a service provided by Google that enables applications to check URLs against Google’s constantly updated lists of suspected

phishing and malware pages.

Google uses automatic algorithms and user feedback to compile lists of sites that may be dangerous. The two major types of dangerous pages on their lists are phishing pages and malware pages.

You are required to respond to this ticket, however your great source of assistance at this point would be Google themselves. We encourage you to obtain a Google Webmaster Tools so you can manage

your sites there. You may obtain this account at the following URL by clicking the red “SIGN UP”
link at the top right. ”

The account holder in question saw the same thing, but how did they get there? The site in question did not have any type of PHP file, and so, just like cleaning your computer by removing files,

we removed the offending files.

Sometimes, at least in the old days, files would not be deleted unless the machine was rebooted. Viruses were left in memory on the PC, so cleaning them with antivirus needed a reboot. Just like

the home computer, a web server has for its user, an antivirus program. I am personally not familiar with the web server version, but it was not giving us much help in identifying any issue,

although I bet if we ran it, it may have.

There have been dodgy hosts who would leave sites up, even after getting complaints of such content on them. Several recent aarticles I’ve read indicate that Phishing is on the rise, and it does

not matter if you’re large or small. One such article is entitled: The Reincarnation of a Bulletproof Hoster

(aug 3, 2016) which talks about how a hosting provider practically did nothing about any reports it got and their eventual shut down. The provider in question than changed names, and even they

went so far as to have different names under their identity, thinking they couldn’t be tracked.

One of the things I usually do is to ask my users what they’re going to have on their sites before I sign them up and give them an account. Its always a good idea to clean your computer once in

awhile, and for us webmasters, a good idea to check on sites and make sure they’re behaving themselves.

One thing we did on the effected account was to change the password on it. My question would be, how did the files come back online if the password was changed? Could they have gotten in another

way? I don’t think we’ll know, although someone is still looking for things that are well long gone.

The reason why I had asked was because after we changed the password, I was alerted to the files being back on our server. A virus could do the same thing, put things back for it to run after it

was cleaned. It does this by knowing what was deleted and it went to get what was missing again. After some further discussion, we think we were doing it the wrong way. There should be a

specific way to do this type of clean up.

This is what I sent my client. I removed the site name as it doesn’t matter. “We have a security alert in regards to (site removed) that needs immediate attention.  The 4th through 6th links in

the report, followed by the 9th through 12th.  You may need google webmaster tools to help you.  Please let me know when this is resolved. ”

I took the time to be specific on what URL’s where the issue was. They were strange files, not ones that I’ve ever seen on any site, and on top of it, the report came in that a brand new site

along the network was also targeted with the same material. I’m quite confused.

What should we do?

First, as an internet user, be careful when you see these warnings. You definitely don’t want to get infected with whatever the browser may be telling you. If you know the person who runs the

site, I would contact them by phone if possible to let them know of the issue. There may be an address they can give you to send an E-mnail of the page in question you’re seeing. If you proceed

with caution, look for things that are familiar such as a contact form to send an E-mail. Chances are, the provider has contacted them and they may have delbt with it, and if so, they’ll tell you

to tell the browser its safe. That sends a report off to Google or Mozilla who will reinvestigate the page and make the correction accordingly.

If you’re visiting the site for the first time, and you see it, there are a couple of things. First, you could have mistyped the URL, doublecheck that and try again. If you still see the message,

you can proceed with causion, or you may chose to leave it alone and possibly come back later. The who is directory can have information on who to contact if the registrant allows that to be

public.

Webmasters, I would take these reports seriously. According to the initiative’s page, Google will mark pages in search results that it is not safe, which could hurt you. Be vigilant in your site

by making sure you go up to the computer hosting it and looking from time to time to see if something doesn’t belong. That is usually your first clue. I would also get a Google Webmaster tools account and put all the sites you run on it. Then, if you are attacked, they’ll be E-mailing you and you’ll know whats up.

The Google Webmaster tools will have you put up a file which is pretty much harmless, but they need it for verification only. You upload this file to the root of your directory and forget about

it.

The various tabs of the google webmasters panel will show you errors, security alerts, and other things that might be of interest to fix.

Questions? Please feel free to reach out via E-mail or comment. I hope that this has been of use to you, and maybe you’ll find it of interest.

Comments (2)

Pokemon Go

Hello folks,
Apple Vis has an app directory entry for Pokemon Go which they put as inaccessible. I totally get the reason for putting apps on their site that isn’t accessible so that the community who searches or finds it is aware of the fact the app will not work for those of us who are high partials, or rely on voiceover as a whole. I like the fact they are doing this work. In the comments, they mention that they have contactd the developers to include us as disabled people within their app, and I like this idea as well. Don’t get me wrong, the fact that this work to include us is great. The thing that bothers me about this game is the real world issues that the sighted community have had.

According to what I have heard on Security Now, although I have not heard the whole episode, Pokemon Go had some permission issues which got corrected. If that isn’t bad enough, Pokemon Go, Real World Risks of Apps (Trend Micro) (July 11, 2016) and I wanna be the very best, that no one ever was, (Los Angeles Metro’s the Source) (July 12, 2016) which raises some concerns. If this is true, and people can be around people’s protperty, and they see one of these things as they’re walking around, they go in to someone’s yard, or other parts of the property they aren’t supposed to be, this can be a big problem. While us disabled people wouldn’t necessarily be doing that, the fact we use devices to help us walk, and detect things, as well as other odds and ends, pose a bigger problem. Using a cane, and a phone, the way I understand it needing to be, may pose other issues for the disabled population.

I do not know if it is a good idea for this particular game to be accessible. To be fair, I do think if possible, all games should be accessible and those who want to play it will. I have not really gotten in to pokemon, but I am understanding the work that people should do if they would like to play it, and I’m sure some disabled people including some blind people would love to play this game. I’m curious on what others may think about this topic. The blogs are open. Thanks for reading!

Comments Off on Pokemon Go

Rosen Credit Card Breach May Affect Attendees of Recent NFB Conventions

Hi folks,
Here we go in the breach department, this one courtesy of Blind Bargains. They are reporting a chain of hotels which have been hosting the NFB convention reported a breach. Rosen Credit Card Breach May Affect Attendees of Recent NFB Conventions (Blind Bargains March 15, 2016) is the item you need to read. There is a link to a statement from the company in this article. Since this effects quite a lot of blind people, I think this will be posted to multiple categories within this blog. Please take this seriously, even though you may not have been effected.

Comments Off on Rosen Credit Card Breach May Affect Attendees of Recent NFB Conventions

Philmore is at it, again

Well, it seems as though Philmore Productions, the makers of Philmore Voice mail, and the depleted Net by phone are at it again.  Apparently, on December 29, 2015: the company apparently put out personal information about a customer which included how many messages in one box, billing dates, when they paid, and who knows what else.  While billing dates and messages in ones box may not be considered personal information, add it all up, and you have something you can use to harm someone by reminding them they don't do this timely, or that timely, and make them miserable.  We've talked about this often on our blog and podcast on keeping information private.  

We already know that Philmore  productions can't seem to  keep their database in control of their network.  Now, the revelation of the company now giving out information about things most companies wouldn't talk about is coming to light.  You think by now that Philmore Productions would not want to be part of the problem, and the JRN was looking to get a box to put our podcast up specifically, but now, we won't be doing any such thing.  

Whatever happened to the customers Philmore was going to get after he saw that mytelespace was offline?  Did they not go over there? Why? Because mytelespace administration does not divulge anyone's personal information.  One admin may do a show and do what he wants on his show, but he does not give out personal information on his show since taking this role.  This is the last straw, and people should wonder what other info this company may put out about people.  

You'll ask "I didn't hear anything, so why should i care?"  You have a great question.  You should care because the info may be yours, because he holds on to info long after you have left as a customer.  Philmore Productions does not recycle data like most companies do when customers leave.  When I signed up for a box some years ago, he still had my credit card info, and i haden't been there for years.  Now, it'll be some more years before i ever decide to go back. 

A user did confirm to the network that this took place and it was a couple of Philmore Productions customers.  We are not going to divulge who, but it is now confirmed as of the late evening of the 31st.  The Jared Rimer network is saddened by this and was hooping for a turnaround.  Philmore has a lot to say for themselves, and we are not picking sides.  This is not right, and needs to change immediately.  What other security issues are there we don't know about?   What should we expect out of this small company in the accompanying year?  I expect users are going to get breached big time this year over there, and the company will have to pay.  They will pay big time this next year.  

Do you have any thoughts?  Feel free to comment here.  

Comments Off on Philmore is at it, again

2015 Year in Review

Hi folks,
As 2016 has gotten started, I read before the new year an article entitled year in review and it is quite interesting. I am wondering what you think will be the big issues of 2016. Here is mine in no particular order.

  • We will see more targeted breaches where people will have to do something to have something done. E-mail will be sent, and phishers may just send them to their own bank page to enter the info with the web site of the bank compromised. The bank doesn’t know this, and everyone who uses the web may be compromised. It’ll start slow, but I think phishers know they can probably pull this off.
  • We’ll see lots more spam than we ever have before. We’ll get so much spam with stuff we didn’t ask for, even trying to get ourselves removed from said lists will be a bigger problem. These spam messages may ask for info to get us removed more than an E-mail address.
  • As blog posts across the blog have said, I think we will be hit with more apps we can’t trust. I don’t download every app I see, and if I don’t go looking for it, I definitely don’t download it. You just don’t know what you’re going to get.
  • SMS is going to pick up. Recently, got a message through e-mail to SMS saying something about money to paypal or other bank, and it was laced with HTML code to make it look like it would be displayed in a browser. I didnt respond, but we’ll be inidated with those and claiming to click on links which could infect our phones.
  • I continue to watch the breach aspect, and small businesses will be targeted this year as indicated by other predictions. We will be asked for more personal info to do basic tasks in the coming years, and people will hand it over.

Maybe my predictions are way out there, but I’m basing it off of what I read, and my thoughts. Maybe the major breaches will be all, and nothing else, but I will put it out there so people can comment on them and let me know their thoughts. Please use the comment system if you can, so we can have a dialogue. You can also E-mail me, and who knows, we may talk about your comments on the podcast. Thoughts?

Comments Off on 2015 Year in Review

Older Posts »

go to sections menu


navigation menu

go to sections menu