go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



Why it’s Time to Switch from Facebook Login to a Password Manager

Hello folks,

In the continuing of catching up of news, Trend Micro has an interesting article dealing with Face Book, and its log in capabilities. We use whats called facebook connect to get connected to other apps and services. I’ve used it, but we now know that it isn’t the best thing we can do today.

Recently, Facebook disclosed a potential issue where data was exposed, because of the access to other apps, and this is done through their API and key system.

The article Why it’s Time to Switch from Facebook Login to a Password Manager talks about this more.

Whether you use Trend Micro’s solution, Lastpass, One Password, KeyPass, or another solution developed in the future, I know now that it isn’t a good idea to use facebook for my log in needs.

I decided with Dice World to go ahead and do that, but that was at a time when it wasn’t that big of a deal. I’m not going to change that now, but I won’t do it for anything else unless it recognizes where I am, like a game I’ve not talked about called Game World, by the same folks that make Dice World.

What do you guys think of this?

Comments Off on Why it’s Time to Switch from Facebook Login to a Password Manager

Why are building systems connected to the Internet?

I have a question to start this post off. Why are building systems connected to the Internet, and what is their purpose? I’ve never heard of this until I heard it mentioned I believe near the end of Security Now’s recent podcasts. The article I found on this subject is called FBI warns industry that hackers could probe vulnerable connections in building systems which was published on the 21st of December, 2018. Here is a section, talking a particular port, that is wide open.

Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the
bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet
that could be of use to hackers.

“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against
known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.”

You’re welcome to check out this article in full, but I’ve never heard of this before. Is this the future of hacks? This can’t be good overall.

Comments Off on Why are building systems connected to the Internet?

Lets start the new year with more good news

Hello everyone,

Lets start the new year with some good news, although we all know that this is only a stepping stone. DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy was written on Cyber Scoop on the 20th of December, last year.

We all know that China is one of the forces, they targeted practically everyone with no mercy with their attacks.

The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S.
Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information
of over 100,000 Navy personnel, U.S. officials said.

This is just a highlight and this is only the beginning. Have you seen this?

Comments Off on Lets start the new year with more good news

BevMo payment breach affects thousands, with researchers pointing to Magecart

Happy New Year,

I’m trying to catch up on 2018 news, and I found this article entitled BevMo payment breach affects thousands, with researchers pointing to Magecart and between BevMo and NCR, the companies could do no harm. The group behind this is known as Mage Cart, a loose hacking group looking for payment systems to target. The article has this as one word, but for ease of reading, I’m putting it as two words. NCR notified the BevMo company of the breach, they fixed the issue, and BevMo put out a release. While 14,500 plus is a small number, the company operates in three states, and sends to 8 others including Washington D.C. in the United States. Under the circumstances, both companies did the best they could, and I bet that we should see this type of response in the future.

What do you think? I’ll leave my thoughts on the podcast which will be number 302 in our series, and you can comment here or in my email box. Hope this partnership continues, this was the best under the circumstances.

Comments Off on BevMo payment breach affects thousands, with researchers pointing to Magecart

Tech podcast 301

On this extended edition, the podcast has some lengthy segments. We ask you what we should cover. Question, are you keeping up with your finances? News notes, what else did we miss? The San Diego school District got breached, the tech blog links to the breach via an article. Finally, our predictions and how things have changed through the years. Contact information is available at the end of the podcast, and the podcast is extended running an hour and 40 minutes (100 minutes) long. Thanks for listening!

RSS
Mix Cloud

Comments Off on Tech podcast 301

Happy New Year from the Jared Rimer network

As the new year is starting, I’m interested in hearing your predictions. So far, my prediction on Philmore Productions has been wrong, but I feel with the many mistakes this company has made, its just a matter of time. You can’t be in business with as many mistakes including trash talking this company has done.
The landscape discussed in podcast 300 has changed, both for assistive tech as well as security and other aspects of life. I’m curious on what thoughts you have on what might change. Main Menu a program as part of ACB Radio’s channels, had a show for year end. The whole team was a part of it, and it will be on the RSS feed as part of their podcast feeds.

In podcast 300, I covered the last several years of content, and how we’re trying to branch our content out to cover lots of stuff. I’m curious on what content you’d like to see?

My predictions:

We may see breaches that could effect one country as a whole, if other breaches has not shown that to possibly be the case.

We’ll see at some point, a shift in the way assistive tech works with the computers of the future. We’ll probably have a bigger threat landscape, and the assistive tech companies, no matter which one, will have to double their efforts to make sure our data is as secure as possible, and the software we use is patched from any potential vulnerabilities. If it wasn’t known, GW Micro had a main script that was changed and it caused a big issue on who did it, and I don’t know if we ever found out. Since GW Micro’s closing, people may try to go after JFW or NVDA in the same way, figuring out how to push an update that could do something we as users don’t want. We’ve got to figure out how these things can be prevented.

I’m curious on your thoughts, so please post those comments.

Comments (2)

Hacker steals 10 years worth of data from San Diego school district | ZDNet

Officials said the hacker made off with the personal information of over 500,000 student and staff.

Source: Hacker steals 10 years worth of data from San Diego school district | ZDNet

This can’t be good. I saw this in San News Bites, and now children are effected by this, and I’m sure that this will effect these kids for years to come if they are targeted in the future.

Comments Off on Hacker steals 10 years worth of data from San Diego school district | ZDNet

There’s an 18 year old implant still out there? Oh my

I read today an article from Trend Micro entitled Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak and I found it of interest. It was originally posted at the 13th of December. While I have read it late, it may still be of value to you. Let me know what you think.

Comments Off on There’s an 18 year old implant still out there? Oh my

6 year old girl opens phone, types in credit card to shop

Hi all, I am looking at twitter, and I just saw the following retweet by one of my followers:


Kevin Jones, RT @squidslippers: i went to a christmas party with my parents’ rich friends and their families where i witnessed a 6-year-old girl use her iphone x to type in her father’s credit card information FROM MEMORY to buy herself some makeup. i haven’t stopped thinking about it since 14 hours ago, Twitterrific for Mac


This little girl used an iphone to type in a credit card by memory, which is great for security, but do we know if any of the parents were there to supervise this transaction and approve it? If not, I would be scared too, just like the person who tweeted this which caused the retweet. Welcome to the new age of technology. Wow!

Comments Off on 6 year old girl opens phone, types in credit card to shop

Security Now, podcast 695 for Christmas Day

SN 695: Our Best of 2018
Tuesday, December 25, 2018, 1:00 PM

Security Now (Audio)

The Best of Security Now from 2018!

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sponsor:

list of 1 items
• securitynow.cachefly.com
list end
Media files
sn0695.mp3
(audio/mpeg, 82.9 MB)

RSS

Comments Off on Security Now, podcast 695 for Christmas Day

What I’ve read as of late

This post covers December 11-26, 2018. I’ll try to make this a regular habit.


Hello everyone, you may find the following of value worth reading, and I’ve already read it. I’m not necessarily going to comment on anything here, and it may be included in the next or any upcoming podcast.

There’s a lot here, and I know that some of it we’ve talked about. I’ve meant to post a lot of this earlier, but neglected to do so because I’ve been sick, although I’ve been better as of late.

I’ll try to post articles that I read each day on the blog for you to chew on some of what I’ve found of interest. I may not post every one I tweet, but I’ll pick some, and although this is all of what I’ve tweeted lately, I normally tweet those that are of interest.

Found something you want discussed? Please let me know.

Comments Off on What I’ve read as of late

Merryy Christmas from the technology blog and podcast

Hi all, its Christmas time, and people will be opening presents today. Please share what you got in regards to tech presents this year. I’d love to hear what you got.

Comments Off on Merryy Christmas from the technology blog and podcast

Tech podcast 300: lots of short items

RSS and Mixcloud have the podcast.

Meet a bomb threat person who also does Denial of Service attacks as the first segment talks about an article entitled Bomb Threat Hoaxer, DDos Boss Gets 3 Years which comes from Krebs on Security. We also have a braille transcription update in regards to my grade on lesson 7. I also have a landscape for the podcast, recapping the last several years, how things haven’t changed, but yet, we must press on talking about the things that must get out including breaches, and my thoughts on those too. All of this on a packed podcast. This is tentitively the last podcast of the year, unless something breaks where we need to get the info out. Until the next podcast, make it a great day.

Comments Off on Tech podcast 300: lots of short items

Do we know how tech savy our leaders are?

Some days ago, I read about a very interesting topic. How Internet Savvy are Your Leaders? is the question, and I’m interested in your thoughts. I believe that some people in government really try to understand what is out there, and question what is really happening. One person I keep seeing mentioned in articles is Ron Widen (not sure on spelling) and he has some great questions and writings that he’s sent to different folks depending on the situation. I think government is trying, however, I think we need to have more people asking questions if they don’t understand. I know I do. I also don’t claim to know everything, and don’t guess but could give you a thought on something with the understanding that I’m unsure. Your thoughts are welcome.

Comments Off on Do we know how tech savy our leaders are?

This week’s patch tuesday articles

Hello to everyone, I’m here to pass along a couple of articles per usual in regards to Patch Tuesday. For those who don’t know, patch Tuesday was developed in the security industry as a day where people doing the work to fix computer bugs have a day where they can release patches, and IT people can have a day where they can test out the patch to see if it will cause any type of problems before they deploy the patch company wide. Krebs On Security and Trend Micro have respective articles on the subject. Trend Micro has more detail because they have the technology and resources to have to go more in depth, however, both articles are good and well written. Krebs On Security hhas one post covering the basics since Adobe started papatch Tuesday some time ago, and 2020 can’t come soon enough for Flash. Trend Micro stays on the Windows side, but yet, the article is detailed and linked to CVE’s for people who want that info. The ZDI is also part of their toolkit, and they talk about that if my memory is not failing me.

I hope that the article here is of value, and thanks for reading!

Comments Off on This week’s patch tuesday articles

Security Now, podcast 693

Security Now, podcast 693 is out. Here are the notations.


SN 693: Internal Bug Discovery
Tuesday, December 11, 2018, 6:56 PM

Security Now (Audio)

list of 8 items
• Australia’s recently passed anti-encryption legislation
• Details of a couple more mega-breaches including a bit of Marriott follow-up
• A welcome call for legislation from Microsoft
• A new twist on online advertising click fraud
• The DHS is interested in deanonymizing cryptocurrencies beyond Bitcoin
• The changing landscape of TOR funding
• An entirely foreseeable disaster with a new Internet IoT-oriented protocol
• Google finds bugs in Google+ and acts responsibly — again — what that suggests for everyone else
list end

We invite you to read our
show notes.

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sponsors:

list of 3 items
• ITPro.TV/securitynow – use code: SN30
• expressvpn.com/securitynow
• canary.tools/twit – use code: TWIT
list end


RSS for security now

Comments Off on Security Now, podcast 693

Hanukkah is ending, what did you get for tech presents this year?

Hi all,

As Hanukkah comes to a close, I’m curious if you celebrated it, what you got? Since this blog and podcast is a tech related podcast, you’re welcome to feel free to submit demonstrations of your tech that you’ve gotten. Please feel free to email me, and we’ll make arrangements for delivering the file to me. I hope you’ll enjoy the tech you’ve gotten

Comments Off on Hanukkah is ending, what did you get for tech presents this year?

Fake Voice Apps on Google Play, Botnet Likely in Development

Trend Micro has this article entitled Fake Voice Apps on Google Play, Botnet Likely in Development which I’ve read. There may be people who may be interested in this, because the apps which are out there could be of value if you want to use them. The problem is that there are apps that could be a problem, and thats what this post is covering that we’re linking here. There are apps like Google Voice that can allow you to use voice to call or hangouts for video etc. and even Skype is out there too. I’m not saying that every app is terrible, however, Android has had an opportunity to clean things up and better secure their store the best they can, but seeing this, I wonder if they’re doing enough. I don’t know this for sure, but this is something that we should wonder and ponder. Thoughts?

Comments Off on Fake Voice Apps on Google Play, Botnet Likely in Development

Comments on the last article

Hi.
Well in theory, if there are issues with say a criminal, and the government/ the law want to look at it I have no issue with them doing so.
I don’t have anything to hide.
Backdoors in software and hardware though, not sure if you want that to be a thing as such.
Secure accounts in all things so the government can look if they need or a way maybe then.
But firstly can you trust the government to be secure.
There have been a lot of breaches in some of our government’s systems, especially under high load where the system has spewed the wrong data to someone else.
Next, there are governments in general, look at china, even if this is not fully true.
How do you trust the government to handle it if they need your data for something and not just get it and use it for no reason what so ever.
Case in point, an article in the local paper, had some government worker get access to someone’s data or files for something.
Not content to read it, he put all sorts of garbage in the files, crimes that the person hadn’t done, etc, he was caught of course.
But there are governments that are not as transparent as ours, that could do a lot of dammage.
Next, while I am happy for the government to get access to my data when they wish they sort of do it to bits of that anyway, are they secure.
In fact, taking out all the internal issues, if I were a hacker I’d go after the governmental databases so I could pull their backdoor passwords and use them.
Especially if they had to have them stored somewhere well.
I think the only way this would work at all, was if there was a definite reason to do so.
When that eventuated, a temperary account or whatever was created.
There would have to be limits on that, when it was destroyed, it wouldn’t last for ever, if there was nothing to answer for that was destroyed immediately.
But never saved and only certain people had access.
Even if a hacker got access to it, they couldn’t or shouldn’t have the ability to change the account passwords, or even delete the account that would be done somewhere else.
You would only have access to what you needed.
Could someone do something within the loophole created.
If there were procedures on what happened and when, then there probably wouldn’t be one of those.
But its all how they are structured.
Becides all this though articles have proven that big companies like facebook and maybe others are selling the data you have put up there.
I’d imagine that government backdoors could become a valuable asset.
It wouldn’t surprise me if we get more security things to fix after supposed government servers got hacked.
The only reason most of us normal people are safe is we don’t have that much cash, hackers want businesses mainly not us.
But governments start doing that sort of thing they will be targets.
It may work, lets hope it does.
I have had various issues along the lines where government access is concerned, even though I allowed it.
Things like trying to change something with an inaccessible website, only toh ave to use the phone to make that info.
After doing so messing it up and correcting it over the phone.
The data mysteriously vanishing as well as my call to fix it.
The issues not being fixed, and its happened before.
This time, what was worse the government decided to cut off funding for me because of something.
There is a process to follow to get things back but they wanted to get me to proove myself and try to screw me over.
Luckily I was able to get some help and they decided to not persue doing that as I was over my head at that point.
It would be nice if a system like this worked to the bennifit of all consumers and governments.
But the governments rarely have a straight road on any of this.
Excluding issues inside, breaches and the like, people can make mistakes.
In my case, I allowed access to my data, it was secured it was fine.
But no one on the desk either the support switchboard and the level2 case support seemed to know much over guidelines.
Sadly thats as far as I was ever able to get to.
And while yes things got reported, no communication that anything was done.
And while I do need to give access for that data, its obvious thatcustomer service is not on the piority for those that troubleshoot.
The fact is, people want to know why you need access, then its usually ok.
Governments don’t seem to want to communicate or some of them don’t or at least clearly and regularly.
In fact, while my issues were small in comparison to if I had committed an actual offence, there have been articles again in the local paper where someone has a problem, they try to get it fixed, and the government get nasty and screw them over.
It concerns me that even with best intentions, even with the most secured vetted environment and workforce and all that we will still have issues.
Thats fine, but how many issues can the government or service handle without it overwhelming them.
Then you ask why are the government spying on everyone for no good reason.
At which point you start losing trust big time.
For me while I havn’t lost all the trust I have in the income service part of the government, I am now inclined to not take them as seriously as I once would have.
I know that they don’t want to solve issues I report to them and if things get bad, its my fault not them.
So while I will report what I must within law, its not going to be something I will do because I want to.
There are so many fishing mails, you would never know what is truth.

Comments Off on Comments on the last article

Australia passes world’s first law authorizing encryption backdoors

When I read Australia passes world’s first law authorizing encryption backdoors I just had to think about this a minute. If we start allowing back doors, did Austrailia think about whether or not this would have an impact on people who would use this type of loophole within the law to do damage? I’m not trying to bash the idea that law enforcement need some way to lawfully get at data that would help cases. I think this could work if the law only allows police to do this to discover what they need in their specific cases, and there is no other way to do this. Apple makes it clear that they comply to court orders where it is lawful to do so, but they don’t respond to every single request as they would like proof of an investigation going on and the reasoning to why they should comply. I’m not sure what Google or the Android community does, but this is something we need to figure out. What are your thoughts? Please let me know.

Comments Off on Australia passes world’s first law authorizing encryption backdoors

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu