go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



This can’t be good: Equifax or Equiphish?

I just read this article entitled Equifax or Equiphish? and I’m personally not convinced that a freeze is the answer to all of these issues with Equafax and its continuing issues on letting us know about their breach. The more I read about what they’re doing, the more I don’t want any of what they’re offering.

  • Charging consumers to put a freeze on their file because they didn’t update their software
  • Having everyone sign up for credit monitoring which is fine, but then saying you’re not effected
  • When the breach first occurred, telling people to come back at a certain date but the site doesn’t work
  • Having Experian which I understand they control being part of the data breach problem as they had their own issues

When I first got the letter from the OPM breach, and entered my information that I was given, I talked to an agent. The agent was very nice, and explained who they were, as I had no idea. I know that fingerprints are needed as part of getting a job in some cases, but we do not have any idea on who is offering the service for the company. I’m really wondering if we’re losing control of our information. There will be no way for us to have control of it come the next 5 to 10 years.

Have thoughts? Please feel free to sound off in the comments, and let us know how you have credit checked if you apply for a credit card or loan. This can’t be good.

Comments (2)

Security Now 629 is up

Hi ll,

On security now 629, it will bring out something Shaun sent me something about via Email. Here are the show notes for this particular episode.


This week Padre and Steve discuss what was up with Security Now’s recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on
forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when 2-factor is not 2-factor, the CCleaner breach and
what it means, a new Bluetooth-based attack, an incredibly welcome and brilliant cookie privacy feature in iOS 11, and a heads-up caution about the volatility
of Google’s Android smartphone cloud backups.


To get to security now, go to its show page on twit or its RSS feed. You can also see a complete index of shows through GRC’s Security Now page where you can also find transcripts.

Thanks for your continued support.

Comments Off on Security Now 629 is up

The article on Vocal: my thoughts on the Equafax breach

Hi all,

I posted the article and the sub title reads: Why You Should Be Worried After the Latest Breach. It posts all of the articles and my thoughts from the last few days, as well as some updates from two new articles, one of which I have posted. The site that it is on is called 01.media. That is where their technology articles are going, although some of my other work was moved to futurism, which was rebranded from omni.media’s branch. The article was updated before publication with two new articles in the same fassion I wrote it in. I’d like to thank my editor at vocal.media for her work with this article, and for getting it out quickly. I have others in the works, one will now be worked on, and so I’m happy for that. Thanks for your continued support of my work.

Comments Off on The article on Vocal: my thoughts on the Equafax breach

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Just read this article today entitled: Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop and I just have a funny feeling that this is going to be much bigger than we think. Vocal is going to put the article out I submitted and I also sent them the article I’m linking here to include within my piece. Once published, I’ll continue to update with new info here, or talk about the specific things in future articles. This can’t go well, and when I went to the web site linked, it said I wasn’t impacted, however, something tells me that this is not necessarily the case. I’ll watch for official word in the mail.

Comments Off on Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

The Equafax breach

Folks,

I’ve been very busy, and I’ve not even had time for podcasts. Last Friday, I was tipped off in regards to the biggest breach we’ve had in history. Here are some of the articles I’ve spotted, I’m sure one of them I’ve not read as of yet. Sadly, this was not a password breach, but something completely different. The number is staggering at 143 million plus. Information is still coming through in regards to this developing story. I’m publishing a longer piece for Vocal’s futurism.media site which was formerly omni.media. In the meantime, I’m going to leave you with some articles for you to read from Krebs on Security and Trend Micro, and Last Pass.

Breach at Equifax May Impact 143M Americans September 7, 2017

Equifax Breach Response Turns Dumpster Fire Sep 8, 2017

What the Equifax Breach Means for You

The Equifax Breach: What You Should Know September 11, 2017

Ayuda! (Help!) Equifax Has My Data! September 12, 2017

http://blog.trendmicro.com/equifax-breach-example-good-communications/
Equifax Breach – an Example of Good Communications

Comments Off on The Equafax breach

Antivirus and the disabled computer user

Hello folks,

I really need some help, and it deals with AntiVirus and security. I’ve been using Microsoft Security Essentials, but have found in my opinion that it doesn’t work as advertised. I saw an article online about creating a file, with some code. The antivirus should pick it up while saving the file. Its not harmful, but it is a test of sorts that checks the antivirus. Its called eicar and you can google it.

MSE did not pick up this file while saving, and saving the file and scanning it showed that it was fine. I wrote an E-mail list with Jaws users on it, and someone recommended Sophos home free which i downloaded. Someone else just said that it was not accessible, and that I’m better off with MSE.

The problem we’re running in to is that we need antivirus now more than ever. Even if we’re careful, things can be downloaded that are not wanted, even when visiting a site we intend to visit. With all the breaches, something is better than nothing, but in my opinion, security essentials is not cutting it.

I do not want to install something that is not accessible, although i want something where I can set some options, and forget it unless something comes up.

It should be able to scan as something is downloaded, notify the user if something is not right about the file, and do daily updates and weekly scans.

If anyone that reads this comes up with something accessible that is free or low cost, I would be greatful.

We should not live without something that can protect our PC’s. Just because we don’t browse much, doesn’t mean that sites we do could become a problem. Its sad that antivirus has become such a problem with companies, that they make it useless to us.

We use a computer just like everyone else, and I hope to publish a series on screen reader usage. Two articles are written, and I am hoping to start a third. I know these developers are aware of access tech, as we once had the access to a lot of the products out there, but as I said, MSE is just seemingly to just pick things up at random, and it doesn’t pick up something that is tested to make sure the program runs as it should.

What are you using? How does it work?
I do not want people responding who don’t use antivirus. That will not be helpful to me.

Thanks for your time.

Comments (2)

IOS 10.3.2 is now out

Hi all,

We’ve been talking about security lately. I heard during Security Now that IOS 10.3.2 was released along with other apple releases. They fix some bugs. If I can find some more information in the coming day, I’ll make sure to post more. I’m going to update my phone to it now, and we’ll be in touch.

Comments Off on IOS 10.3.2 is now out

showdan, what part does it have?

So I know its a little late to add it to the article being worked on with images and the like, but I did find something interesting out in regards to Wannacry that I thought was interesting. There is a search engine out there called shodan, and I’m not even sure of its spelling. From what I understand of this site, it is similar to Google, but yet, it populates all of the machines with open ports, among other things. Whatever this site is, it also does port scanning, where you can ask it who has a certain port open. Instead of phishing, I saw something that said the people involved searched for machines with port 445 open, and infected that way. I’m still thinking the possibility of a phish is still there, but anything is possible.

shodan

Comments Off on showdan, what part does it have?

Wannacry, an update

Hi folks,

I’m here to give everyone an update, although i just wrote a longer article linking to sources and other thoughts in regards to this big time ransomware, Wannacry. I didn’t cover everything, because I still want to see what Security Now has to say although I caught part of it. I’ve seen reports like North Korea having a part in this, and we know that Microsoft now patched XP and other operating systems that were vulnerable which they normally wouldn’t, but this was bad. As soon as the article is done and posted, you’ll get a link, as if I gave it now, its in rough draft form now and links wouldn’t work unless I took the painful time to do this. For now, there’s tons of media coverage on this, maybe some speculation, but we definitely know more than we did on Friday. I’m still in shock.

Comments Off on Wannacry, an update

May 9ths Security Now program

Here we are again, another Security now episode which will air on the mix and I feel ashamed for being so behind. I’ve got plenty to listen to for my ride home tomorrow as I have other comitments to attend to. You may listen tomorrow at 5 central in the afternoon through the mix, or go to the security Now feed to pick up your copy.


SN 611: Go FCC Yourself May 9, 2017, 7:11 PM
Security Now (MP3)
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft’s built-in malware scanning technology, Patch Tuesday, Google’s Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.


I’ll be looking forward in checking out this program. I know I’m behind, and probably a lot to talk about. I have been working on a cast after awhile of not doing one, but I really need to publish podcasts more regularly like i used to. This podcast could definitely give me stuff to talk about. See you all soon.

Comments Off on May 9ths Security Now program

Got phished? I got a call, but knew better

Hey folks,

Here is another one of the true stories about phishing. I got a call from a toll-free number at 4 this afternoon. They claimed they were from apple and the person’s name was Jennifer. They said there was suspicious activity on my account. My options were to press 1 to speak to someone, or 2 to hang up.

First, the apple rep I talked to says that they will not call you if there is something wrong, you have to call in first, and only then do they call out.

Next, the apple rep said people may get calls from Texas or California area codes, not from a toll-free number. Also, they would identify themselves as apple.

I didn’t get phished as I knew my account had two-factor turned on, and I even envited the representative to look at my account if they wanted to verify that no suspicious activity took place.

Comments Off on Got phished? I got a call, but knew better

This week’s Security Now program

Hello everyone,

This week, Security Now is going to be packed as usual. If you aren’t subscribed to it, please do so by going to this RSS feed. Here are those show notes on whats coming up this week. This program is 1 hour 57 minutes long.


SN 609: The Double Pulsar April 25, 2017, 6:35 PM
Security Now (MP3)
This week Steve and Leo discuss how one of the NSA’s Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly are abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some “Closing the Loop” feedback from our podcast’s terrific listeners.

We are allowed to air it as long as we leave everything in tact, so join the mix on Thursday at 5 CT, 3 PT for the airing. Hope to see you there!

Comments Off on This week’s Security Now program

Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

Hi folks,

Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:


Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck


I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.

Comments Off on Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

IOS 10.3 has been out

Hi all,

In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.

Comments Off on IOS 10.3 has been out

EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Hello fellow passengers. Welcome to college accademics, and today, you need to at least read this PSA entitled E MPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT IC3 January 18, 2017

because while it was covered in 2014, I feel that as the new year turns and tracks along, this will be more prevelant as you are traversing the job market. I am, but yet I don’t use my college account as I did take a class. I’m suspicious of quite a bit of things, and I know that a job is not to ask for money from you. They don’t provide money to you to supply yourself equipment, they supply you with the equipment. Please take this read while you’re traversing this flight today, and do stay safe.

Sincerely,
Your captain

Comments Off on EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Are schools next in the cyber race?

Hi folks,

Happy new year, and thanks for checking out the blog. My goal during Christmas break was to release a podcast, but I’ve been ill. Hopefully, the podcasts will return soon.

The reason why I’m writing today, is to talk about something I’ve thought about for awhile, but sadly, the 4th day of January, we’re already seeing.

I’m going to be careful, and indicate that I got an E-mail from a school I’ve attended talking about how they are investigating reports of a possible attack.

According to the E-mail, it looks like one campus of the network of various schools around the LosAngeles county was targeted.

Computers and voice mail systems, according to the E-mail and attached PDF, are effected, and no voice mail can be left at the school at this time.

School is going on as normal, and recently started its winter session which started on January 3rd.

As a precaution, the E-mail notifies us that computer experts have gotten involved and will be checking out the entire network to determine what is happening.

They are advising that many computers are possibly infected with ransomware. If you are not aware and you’re coming to the blog for the first time, ransomware is a big time problem, and it locks up your files until you pay money.

Many experts are telling people not to pay unless you have no other choice. I agree with the assessments, I know i wouldn’t pay money to someone who may or may not give me my files back.

According to the attached PDF linked, this detection and investigation started on the 31st of December, and only time will tell on what exactly happened.

I had thought about this as part of my predictions for 2017, which I never wrote because I’ve been sick. It saddens me that we’re starting out the new year on such a note like this. It does not surprise me anymore in regards to things like this.

Do I think other schools are going to be impacted? As large of a network as the school has that I got notified from, it would be possible for other large networks to be impacted at some point.

Hospitals, and other businesses have already felt the brunt of ransomware. Trend Micro has already predicted that ransomware will be a bigger threat as it becomes more prevelant as a weapon for people to be making money.

Do you think your school, or a school you’ve attended will be a target? Why or why not? Please sound off in the comments, and lets discuss this big threat of ransomware.

Hope to have a podcast real soon, thanks for reading!

Comments Off on Are schools next in the cyber race?

The Yahoo Breach, am I effected?

I was so doing my best and not talking the Yahoo! breach that recently made news in december 2016 and this evening, I get an E-mail which is looking very legitament and comes from a yahoo address for communications. While I’m not going to share the E-mail in detail, this is definitely time that we say goodbye to Yahoo! mail. Once I get stuff transfered over to jaredrimer.net that I want, I’ll be removing the account from my PC. I never put it on my phone, and now, I will personally not use the account after I verify that I have everything transfered over that I want.

I had a hunch when I was made aware of another potential breach through my network, and I have some suspicions. The person indicated they did not get an E-mail, but someone else I know did. If I got one, I’m sure they will if their account was a potential target.

This is not the first time I’ve been targeted in one way or another. Remember this article I posted when I was dealing with some serious issues along the network? While indirectly effecting me, it does effect the provider which is me, and the provider I pay which is Ultrahost.

I believe Ultrahost is doing much better in detecting and eraticating issues much quicker than before, and for that I’m happy to see. Sadly, not all providers are aware of the dangers, and as the E-mail sent, more people are being notified. Yahoo has to notify at least a billion users. Thats a lot of users, and its going to take time. Here’s what I wrote about Yahoo! when i saw the news the first time. I didn’t think it was the end. To top it all off, this story delbt with the blind in general as we learned about a hotel chain which blind individuals had visited for the convention. I’m sure if you search hacked or breach on this blog, you’ll find a lot more out there, and we should be aware of whats out there.

If you are unaware of the use of Yahoo! which providers like .co.nz, ATT’s SBC Yahoo! and others, you may want to consider if it is practical ditching the account and service altogether. I’ll be happy to help where I can, please reach out.

Have you been effected? Please sound off in the comments. The boards await you.

Here’s one from the past that may recellect your memory. Have fun digesting this.

Comments (2)

Yahoo and their big breach

Hi folks,

I want to give my thoughts in regards to Yahoo and their biggest breach of many millions of Yahoo accounts. While I’ve read the blogs from my RSS feeds talking about it, and also heard Steve Gibson on a recent Security Now, I left Yahoo a long time ago. While SBC let me link to my Yahoo account years ago, the things on my SBC Yahoo account are staying, but I haven’t really used that address for communication purposes in years.

Ever since I got jaredrimer.net, I slowly got things away from SBC. There are a few lists I’m on with Yahoo and SBC, one is an oldies list I look at occasionally, NBP’s E-mail list, the Clippers E-mail list, and the Los Angeles Kings E-mail list. I’ve moved everyone else over to my domain for contact.

This was done because I’m not at home checking E-mail, and SBC was not one of the addresses by choice I did not put on my phone. There are several addresses I have not put on my phone, but the important ones I have.

This was a decision i had made long before news of the Yahoo breach ever came to lite. Its recommended to abandon the account, and for the most part, I have, except for these E-mail lists which people can have.

What will the Yahoo breach do to people? Yahoo hasn’t been doing much as far as I’m aware for years. Yahoo news is still around, but even KNX has changed the way their site runs with a blog format and other video and app options through CBS.

What is really sad about this breach is that it is a two year old breach now coming to lite. If I can, I’m going to try and get these newsletters on my lists account over on jaredrimer.net and forget SBC Yahoo altogether. Next time newsletters come around, I’m going to start changing things around here.

I know that Yahoo doesn’t just power SBC global, what are other providers doing that can link their addresses to Yahoo? What are you doing with your yahoo account now?

Please sound off in the comments. The boards await you.

Comments Off on Yahoo and their big breach

IOS 9.3.5

Apple Vis posted news about IOS 9.3.5 being released today. It has security fixes for three zero-day vulnerabilities. Steve Gibson also posted a tweet.

Here are two tweets.


Steve Gibson: Apple recently pushed an “emergency” update for all iOS devices. It has been used against “targeted victims”, but could see wider use now. 3 hours ago from TweetDeck
Steve Gibson: Anyone seeking background info about the Apple 0-day patches before next week’s Security Now! podcast, please see: http://bit.ly/2bsgUTC 2 hours ago from TweetDeck


Stay safe.

Comments Off on IOS 9.3.5

Patch Tuesday

Shaun did a good job on posting about Patch Tuesday, but there are two articles that I saw in regards to the subject. Got Microsoft? Time to Patch Your Windows is the first, and Brian gives some basics. The second, August Patch Tuesday: Nine Bulletins, Five Rated Critical from Trend Micro. Both bhave good points, and both should be read. Your thoughts are welcome.

Comments Off on Patch Tuesday

Older Posts »

go to sections menu


navigation menu

go to sections menu