go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



More Russia news in regards to metaling in our election

Hi all,

On an earlier post, we linked to a news article with a link to news in regards to Russia’s involvement in the United States Election. I’d like to take this opportunity to give you a couple of more articles that may be better to read.

I hope that these articles may help to shed the light on the serious problem that we had in the elections. We’ll of course keep you up to date when we learn more, as social media, and other aspects of technology was used.

Comments (0)

Robert Mueller charges 13 and one company for interfeerence

Read Robert Mueller’s indictment of 13 Russian nationals for election meddling is the story dealing with the potential issue of the elections and how they were messed with. It does link to another page, and the article here is quite short. I downloaded the video that was found on you tube, and you can get to Special Counsel Mueller’s video by using this link to go there. Thanks so much for listening and participating.

Comments (0)

Have you started the process of filing taxes? Do it soon for 2018

Just saw this article from Krebs entitled File Your Taxes Before Scammers Do It For You which was dated today. Have you started to do your taxes and get them ready for filing? If not, do look to see if you’re ready to do so. The criminals are waiting or not waiting for you. Thanks for reading.

Comments (0)

New years predictions for tech

Hi all,

I’ve been thinking about this and wanted a post done and posted when the new year happened. I ended up changing my mind about that, because I didn’t quite think thi over very well. My thoughts kept changing, and it wasn’t making sense. Here are some things that come to mind we may see this year as it will probably be another mega breach year for us.

  • We will see a potential breach somewhere, where personal information of the disabled will be taken.
  • The health industry isn’t done yet, I think we’ll see something bigger than the blue cross 80 million this year.
  • Government will have a bigger problem keeping their sites updated, and time only tells us how secure they really are.
  • As we continue to test self driving cars, my hunch indicates that hackers may get in to the testing frey as well. If successful, these test cars will feel the brunt of a successful hack attack. It may be on the low side, and the attack won’t be big, but it’ll be eye opening.

There may be more major stories that I haven’t thought of as of yet, but this may give us a start to discuss activity for the coming year. Leave those thoughts.

Comments Off on New years predictions for tech

This can’t be good: Equifax or Equiphish?

I just read this article entitled Equifax or Equiphish? and I’m personally not convinced that a freeze is the answer to all of these issues with Equafax and its continuing issues on letting us know about their breach. The more I read about what they’re doing, the more I don’t want any of what they’re offering.

  • Charging consumers to put a freeze on their file because they didn’t update their software
  • Having everyone sign up for credit monitoring which is fine, but then saying you’re not effected
  • When the breach first occurred, telling people to come back at a certain date but the site doesn’t work
  • Having Experian which I understand they control being part of the data breach problem as they had their own issues

When I first got the letter from the OPM breach, and entered my information that I was given, I talked to an agent. The agent was very nice, and explained who they were, as I had no idea. I know that fingerprints are needed as part of getting a job in some cases, but we do not have any idea on who is offering the service for the company. I’m really wondering if we’re losing control of our information. There will be no way for us to have control of it come the next 5 to 10 years.

Have thoughts? Please feel free to sound off in the comments, and let us know how you have credit checked if you apply for a credit card or loan. This can’t be good.

Comments (2)

Security Now 629 is up

Hi ll,

On security now 629, it will bring out something Shaun sent me something about via Email. Here are the show notes for this particular episode.


This week Padre and Steve discuss what was up with Security Now’s recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on
forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when 2-factor is not 2-factor, the CCleaner breach and
what it means, a new Bluetooth-based attack, an incredibly welcome and brilliant cookie privacy feature in iOS 11, and a heads-up caution about the volatility
of Google’s Android smartphone cloud backups.


To get to security now, go to its show page on twit or its RSS feed. You can also see a complete index of shows through GRC’s Security Now page where you can also find transcripts.

Thanks for your continued support.

Comments Off on Security Now 629 is up

The article on Vocal: my thoughts on the Equafax breach

Hi all,

I posted the article and the sub title reads: Why You Should Be Worried After the Latest Breach. It posts all of the articles and my thoughts from the last few days, as well as some updates from two new articles, one of which I have posted. The site that it is on is called 01.media. That is where their technology articles are going, although some of my other work was moved to futurism, which was rebranded from omni.media’s branch. The article was updated before publication with two new articles in the same fassion I wrote it in. I’d like to thank my editor at vocal.media for her work with this article, and for getting it out quickly. I have others in the works, one will now be worked on, and so I’m happy for that. Thanks for your continued support of my work.

Comments Off on The article on Vocal: my thoughts on the Equafax breach

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Just read this article today entitled: Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop and I just have a funny feeling that this is going to be much bigger than we think. Vocal is going to put the article out I submitted and I also sent them the article I’m linking here to include within my piece. Once published, I’ll continue to update with new info here, or talk about the specific things in future articles. This can’t go well, and when I went to the web site linked, it said I wasn’t impacted, however, something tells me that this is not necessarily the case. I’ll watch for official word in the mail.

Comments Off on Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

The Equafax breach

Folks,

I’ve been very busy, and I’ve not even had time for podcasts. Last Friday, I was tipped off in regards to the biggest breach we’ve had in history. Here are some of the articles I’ve spotted, I’m sure one of them I’ve not read as of yet. Sadly, this was not a password breach, but something completely different. The number is staggering at 143 million plus. Information is still coming through in regards to this developing story. I’m publishing a longer piece for Vocal’s futurism.media site which was formerly omni.media. In the meantime, I’m going to leave you with some articles for you to read from Krebs on Security and Trend Micro, and Last Pass.

Breach at Equifax May Impact 143M Americans September 7, 2017

Equifax Breach Response Turns Dumpster Fire Sep 8, 2017

What the Equifax Breach Means for You

The Equifax Breach: What You Should Know September 11, 2017

Ayuda! (Help!) Equifax Has My Data! September 12, 2017

http://blog.trendmicro.com/equifax-breach-example-good-communications/
Equifax Breach – an Example of Good Communications

Comments Off on The Equafax breach

Antivirus and the disabled computer user

Hello folks,

I really need some help, and it deals with AntiVirus and security. I’ve been using Microsoft Security Essentials, but have found in my opinion that it doesn’t work as advertised. I saw an article online about creating a file, with some code. The antivirus should pick it up while saving the file. Its not harmful, but it is a test of sorts that checks the antivirus. Its called eicar and you can google it.

MSE did not pick up this file while saving, and saving the file and scanning it showed that it was fine. I wrote an E-mail list with Jaws users on it, and someone recommended Sophos home free which i downloaded. Someone else just said that it was not accessible, and that I’m better off with MSE.

The problem we’re running in to is that we need antivirus now more than ever. Even if we’re careful, things can be downloaded that are not wanted, even when visiting a site we intend to visit. With all the breaches, something is better than nothing, but in my opinion, security essentials is not cutting it.

I do not want to install something that is not accessible, although i want something where I can set some options, and forget it unless something comes up.

It should be able to scan as something is downloaded, notify the user if something is not right about the file, and do daily updates and weekly scans.

If anyone that reads this comes up with something accessible that is free or low cost, I would be greatful.

We should not live without something that can protect our PC’s. Just because we don’t browse much, doesn’t mean that sites we do could become a problem. Its sad that antivirus has become such a problem with companies, that they make it useless to us.

We use a computer just like everyone else, and I hope to publish a series on screen reader usage. Two articles are written, and I am hoping to start a third. I know these developers are aware of access tech, as we once had the access to a lot of the products out there, but as I said, MSE is just seemingly to just pick things up at random, and it doesn’t pick up something that is tested to make sure the program runs as it should.

What are you using? How does it work?
I do not want people responding who don’t use antivirus. That will not be helpful to me.

Thanks for your time.

Comments (2)

IOS 10.3.2 is now out

Hi all,

We’ve been talking about security lately. I heard during Security Now that IOS 10.3.2 was released along with other apple releases. They fix some bugs. If I can find some more information in the coming day, I’ll make sure to post more. I’m going to update my phone to it now, and we’ll be in touch.

Comments Off on IOS 10.3.2 is now out

showdan, what part does it have?

So I know its a little late to add it to the article being worked on with images and the like, but I did find something interesting out in regards to Wannacry that I thought was interesting. There is a search engine out there called shodan, and I’m not even sure of its spelling. From what I understand of this site, it is similar to Google, but yet, it populates all of the machines with open ports, among other things. Whatever this site is, it also does port scanning, where you can ask it who has a certain port open. Instead of phishing, I saw something that said the people involved searched for machines with port 445 open, and infected that way. I’m still thinking the possibility of a phish is still there, but anything is possible.

shodan

Comments Off on showdan, what part does it have?

Wannacry, an update

Hi folks,

I’m here to give everyone an update, although i just wrote a longer article linking to sources and other thoughts in regards to this big time ransomware, Wannacry. I didn’t cover everything, because I still want to see what Security Now has to say although I caught part of it. I’ve seen reports like North Korea having a part in this, and we know that Microsoft now patched XP and other operating systems that were vulnerable which they normally wouldn’t, but this was bad. As soon as the article is done and posted, you’ll get a link, as if I gave it now, its in rough draft form now and links wouldn’t work unless I took the painful time to do this. For now, there’s tons of media coverage on this, maybe some speculation, but we definitely know more than we did on Friday. I’m still in shock.

Comments Off on Wannacry, an update

May 9ths Security Now program

Here we are again, another Security now episode which will air on the mix and I feel ashamed for being so behind. I’ve got plenty to listen to for my ride home tomorrow as I have other comitments to attend to. You may listen tomorrow at 5 central in the afternoon through the mix, or go to the security Now feed to pick up your copy.


SN 611: Go FCC Yourself May 9, 2017, 7:11 PM
Security Now (MP3)
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft’s built-in malware scanning technology, Patch Tuesday, Google’s Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.


I’ll be looking forward in checking out this program. I know I’m behind, and probably a lot to talk about. I have been working on a cast after awhile of not doing one, but I really need to publish podcasts more regularly like i used to. This podcast could definitely give me stuff to talk about. See you all soon.

Comments Off on May 9ths Security Now program

Got phished? I got a call, but knew better

Hey folks,

Here is another one of the true stories about phishing. I got a call from a toll-free number at 4 this afternoon. They claimed they were from apple and the person’s name was Jennifer. They said there was suspicious activity on my account. My options were to press 1 to speak to someone, or 2 to hang up.

First, the apple rep I talked to says that they will not call you if there is something wrong, you have to call in first, and only then do they call out.

Next, the apple rep said people may get calls from Texas or California area codes, not from a toll-free number. Also, they would identify themselves as apple.

I didn’t get phished as I knew my account had two-factor turned on, and I even envited the representative to look at my account if they wanted to verify that no suspicious activity took place.

Comments Off on Got phished? I got a call, but knew better

This week’s Security Now program

Hello everyone,

This week, Security Now is going to be packed as usual. If you aren’t subscribed to it, please do so by going to this RSS feed. Here are those show notes on whats coming up this week. This program is 1 hour 57 minutes long.


SN 609: The Double Pulsar April 25, 2017, 6:35 PM
Security Now (MP3)
This week Steve and Leo discuss how one of the NSA’s Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly are abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some “Closing the Loop” feedback from our podcast’s terrific listeners.

We are allowed to air it as long as we leave everything in tact, so join the mix on Thursday at 5 CT, 3 PT for the airing. Hope to see you there!

Comments Off on This week’s Security Now program

Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

Hi folks,

Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:


Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck


I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.

Comments Off on Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

IOS 10.3 has been out

Hi all,

In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.

Comments Off on IOS 10.3 has been out

EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Hello fellow passengers. Welcome to college accademics, and today, you need to at least read this PSA entitled E MPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT IC3 January 18, 2017

because while it was covered in 2014, I feel that as the new year turns and tracks along, this will be more prevelant as you are traversing the job market. I am, but yet I don’t use my college account as I did take a class. I’m suspicious of quite a bit of things, and I know that a job is not to ask for money from you. They don’t provide money to you to supply yourself equipment, they supply you with the equipment. Please take this read while you’re traversing this flight today, and do stay safe.

Sincerely,
Your captain

Comments Off on EMPLOYMENT SCAM TARGETING COLLEGE STUDENTS REMAINS PREVALENT

Are schools next in the cyber race?

Hi folks,

Happy new year, and thanks for checking out the blog. My goal during Christmas break was to release a podcast, but I’ve been ill. Hopefully, the podcasts will return soon.

The reason why I’m writing today, is to talk about something I’ve thought about for awhile, but sadly, the 4th day of January, we’re already seeing.

I’m going to be careful, and indicate that I got an E-mail from a school I’ve attended talking about how they are investigating reports of a possible attack.

According to the E-mail, it looks like one campus of the network of various schools around the LosAngeles county was targeted.

Computers and voice mail systems, according to the E-mail and attached PDF, are effected, and no voice mail can be left at the school at this time.

School is going on as normal, and recently started its winter session which started on January 3rd.

As a precaution, the E-mail notifies us that computer experts have gotten involved and will be checking out the entire network to determine what is happening.

They are advising that many computers are possibly infected with ransomware. If you are not aware and you’re coming to the blog for the first time, ransomware is a big time problem, and it locks up your files until you pay money.

Many experts are telling people not to pay unless you have no other choice. I agree with the assessments, I know i wouldn’t pay money to someone who may or may not give me my files back.

According to the attached PDF linked, this detection and investigation started on the 31st of December, and only time will tell on what exactly happened.

I had thought about this as part of my predictions for 2017, which I never wrote because I’ve been sick. It saddens me that we’re starting out the new year on such a note like this. It does not surprise me anymore in regards to things like this.

Do I think other schools are going to be impacted? As large of a network as the school has that I got notified from, it would be possible for other large networks to be impacted at some point.

Hospitals, and other businesses have already felt the brunt of ransomware. Trend Micro has already predicted that ransomware will be a bigger threat as it becomes more prevelant as a weapon for people to be making money.

Do you think your school, or a school you’ve attended will be a target? Why or why not? Please sound off in the comments, and lets discuss this big threat of ransomware.

Hope to have a podcast real soon, thanks for reading!

Comments Off on Are schools next in the cyber race?

Older Posts »

go to sections menu


navigation menu

go to sections menu