go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



A new ransomware wannacry

Hello folks,

I don’t know how I can turn this in to a longer article, so I’ll post it to my blog and leave it at that. I joined the Sans group with a webbinar in regards to this new threat called Wanna Cry. This article from Krebs on security entitled U.K. Hospitals Hit in Widespread Ransomware Attack was posted on the 12th of May. As Brian covered, he mentioned what this was, and the fact that not only were the hospitals hit with this, but so was a telephone company. Sans’s webbinar last night said there were at least 56,000 different infections at one point, just by doing scans, nothing more. They made it clear that they never accessed any machines, just did scans.

Sans indicates that while this was bad, its only going to get worse. USCERT has a writeup entitled Indicators Associated With WannaCry Ransomware which was posted yesterday as well. The SMB system I’m not too familiar with, but this can hit even with patched systems. We’ll keep our eyes and ears open for more.

Comments (4)

May 9ths Security Now program

Here we are again, another Security now episode which will air on the mix and I feel ashamed for being so behind. I’ve got plenty to listen to for my ride home tomorrow as I have other comitments to attend to. You may listen tomorrow at 5 central in the afternoon through the mix, or go to the security Now feed to pick up your copy.


SN 611: Go FCC Yourself May 9, 2017, 7:11 PM
Security Now (MP3)
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft’s built-in malware scanning technology, Patch Tuesday, Google’s Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.


I’ll be looking forward in checking out this program. I know I’m behind, and probably a lot to talk about. I have been working on a cast after awhile of not doing one, but I really need to publish podcasts more regularly like i used to. This podcast could definitely give me stuff to talk about. See you all soon.

Comments Off on May 9ths Security Now program

How Can We Defend Against Ransomware?

My article on Vocal How Can We Defend Against Ransomware? has been published. On this article, I talk about two different articles and the big uptick in ransomware cases, and there is no sign of slowing down. Criminals find this lucritive, because you need your files, and most people don’t back up, or if they do, it isn’t on a regular basis. The human element must have a part in this, it has to start with it. Please discuss your thoughts.

Comments Off on How Can We Defend Against Ransomware?

Got phished? I got a call, but knew better

Hey folks,

Here is another one of the true stories about phishing. I got a call from a toll-free number at 4 this afternoon. They claimed they were from apple and the person’s name was Jennifer. They said there was suspicious activity on my account. My options were to press 1 to speak to someone, or 2 to hang up.

First, the apple rep I talked to says that they will not call you if there is something wrong, you have to call in first, and only then do they call out.

Next, the apple rep said people may get calls from Texas or California area codes, not from a toll-free number. Also, they would identify themselves as apple.

I didn’t get phished as I knew my account had two-factor turned on, and I even envited the representative to look at my account if they wanted to verify that no suspicious activity took place.

Comments Off on Got phished? I got a call, but knew better

Patch Tuesday is here

Hi all,

Brian Krebs has posted like he usually does, and Sans is also covering the microsoft bug that was patched out of cycle to fix some things with their removal tool. I’m sure that Trend Micro will also come out with a post, unless I missed it. Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday is the article for now.

I’m about to publish a great ransomware piece on a side note, and it should be available tomorrow. Hopefully we’re all patched soon, and we can continue to stay as safe as possible. This article I wrote which I’ll cover once posted could be part of why we need to continue to patch where we can because if it gets through some newly developed way besides E-mail, you could be protected. For now, it is delivered by E-mail, but who knows what the future holds. Thats why i mention this article on passing here, as if we were patched, and it was delivered through a bug of some sort on a piece of software, then we could be doomed. Maybe I’m thinking ahead here, but thoughts are welcome.

Comments Off on Patch Tuesday is here

Google and authentication

Hello everyone,

I saw a few articles this morning on an issue in regards to Google and authentication. One was from Trend Micro, the other from my favorite writers at Trend Micro. The long of the short of it is that Google was made aware of an issue where you were sent an E-mail to your google account. If you clicked on the E-mail link, it would ask you for permission to access your account to view the document in docs through the protocol o-auth. If granted, the person in question had complete access to your entire account. Trend Micro indicates that if you just go to the profile page, and remove the access, no further access is granted. Google has pushed a fix so nobody else can be infected by this, but if you have, just remove the access within your account. Clever.

Thanks for reading, and stay safe. As a side note, any link to google docs etc. if signed in, should already connect you through their interface, not through o-auth.

Comments Off on Google and authentication

Some recent issues, they are being investigated

Hello to all subscribers and readers.

I’m Jared Rimer, I’m the main one who writes here on the technology blog and podcast. While I’ve not written much lately, I want to come in here today because there have been some downtime on this and my other blog, but this one is the most written on right now.

Recently, my moderator, Shaun Everess, E-mailed me this morning pacific time, to let me know of a blog outage. I was able to confirm and open a ticket within the hour of me being notified. This blog came back up within the half hour of me writing the ticket.

Let me explain what is going on here.

  • Our control panel checks for updates each day at midnight.
  • We are not sure, but some component somewhere is having a hard time, and thats what is being investigated.
  • I am not completely sure, but the component may have something to do with database connections, so anything needing a database connection is effected.
  • The good news is that the provider was called early this morning. Due to the time, the provider was not in a position to deal with it then, so it was delbt with as quickly as possible.
  • I can’t guarantee anything right now, but i can tell you that this is being monitored to figure out whats happening. Thanks for your continued support, and the JRN apologizes for any inconvenience this causes you.

    The last time we had an outage, it was after an upgrade, but I can’t prove that because it wasn’t just this blog, and multiple accounts were effected. We’ll continue to keep you posted as soon as we know something. Thanks for your continued support, and Thanks Shaun for getting us alerted. Without you, I don’t think I’d notice a lot of the issues. Thanks bud for all your support.

    Comments (1)

    This week’s Security Now program

    Hello everyone,

    This week, Security Now is going to be packed as usual. If you aren’t subscribed to it, please do so by going to this RSS feed. Here are those show notes on whats coming up this week. This program is 1 hour 57 minutes long.


    SN 609: The Double Pulsar April 25, 2017, 6:35 PM
    Security Now (MP3)
    This week Steve and Leo discuss how one of the NSA’s Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly are abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some “Closing the Loop” feedback from our podcast’s terrific listeners.

    We are allowed to air it as long as we leave everything in tact, so join the mix on Thursday at 5 CT, 3 PT for the airing. Hope to see you there!

    Comments Off on This week’s Security Now program

    Trying a new site for publishing to a wider audience

    Hi all,

    I’ve always tried to write about various types of technology, and even when I’ve gotten articles out, I’ve not had a lock on them. Part of that trouble is my plug in I think, where it isn’t tweeting anymore. The other aspect is, that this site, Vocal allows me to branch out and cover a wide variety of topics all on the same platform. I know it is accessible, however, they need images. They helped me publish a longer piece I wrote based off of this blog post and while I did a great job with this one, they wanted me to expand. I should’ve expanded and talked here more about what ATPC is. While I’m not going to full out blog here about it, but I wanted to share my longer piece entitled: “ATPC Hit with Ransomware, Does Not Pay” with you. It shows I have no biography, but I do. I know they’re making some changes, and I want people to know I’m still going to blog here. I also know I’ve not done a lot of reading as of late, and there’s a lot I need to read. I’m hoping Vocal will take off, and allow me to branch out in to other categories, and eventually, get paid.

    It isn’t going to be a fast process, nor is it going to be easy, but I’m up for the challenge. I’m still going to blog here, and if I find something good, I’ll be sure to blog about it. The thing about this site and Vocal, is Vocal needs to be your own content. You can link to others, however, they want it to really be your own. I hope you’ll enjoy the article I published over there, and I’ll publish links to those articles once they get approved, if they are tech related for everyone who may not be familiar with them, to see what else I’m writing. Hope everyone is enjoying their stay here, and please feel free to check out check out Vocal to see if it is a viable solution to what you’d like to do in reaching a wider audience.

    Make it a great day! See you all soon.

    Comments (2)

    Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    OK, is this how security products are supposed to be made? If Samsung did have a part in this, they should be ashamed with themselves. Check this one out.

    Source: Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    Comments Off on Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    Patch tuesday

    Hi all, its that time of month again, the time where we must reboot our PC’s to allow for updates to take effect. Starting this month, Microsoft has discontinued issuing bulletines on what the updates covered. April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks from Trend Micro and Critical Security Updates from Adobe, Microsoft from Krebs on Security will give you varying views on whats up. This Networkworld article entitled Microsoft kicks security bulletins to the curb in favor of security update guide may go in to further detail on why they did this. This is in the better late than never department, so i hope you’ll enjoy taking a look at these things as we continue to fight the security battle.

    Comments Off on Patch tuesday

    Lessons from IBM InterConnect – Disruption is Inevitable

    Herbie sent me this article Lessons from IBM InterConnect – Disruption is Inevitable and I found it interesting. We know Watson beat everyone on Jeopardy for a time, and he’s fed tons of data. I’d be interested on your thoughts on this.

    Comments Off on Lessons from IBM InterConnect – Disruption is Inevitable

    Things I’ve been reading for the past while

    Hi folks,

    I know I’m probably so late with some of these, its been busy with my schedule. I want to post the things I think people should check out for the last few days. Please feel free to check out my twitter feed to see what I tweet, maybe something will be of interest that I post after I read it. For other social media options, Go to my network home page and select the heading for social media. Thanks for reading!

    • From hackers’ point of views: New study exposes their strategies Trend Micro This article I just read today. It was interesting to hear what they’re after and maybe a little on how things are done. Forward thinking on maybe how to prottect ourselves a bit? Not sure, but the thought of this was interesting.
    • How Mobile Phones Turn Into A Corporate Threat Trend Micro We use mobile phones now more than ever. I went in kicking and screaming about the iphone, and in some ways, I’m happy I have mine. It has helped me when I’ve gotten lost, and it helps me know when the MTA bus comes so I can plan my trip. It also gets me off the bus, when the AVA (automated voice announcement) system does not call stops. Now, they can connect to E-mail through the various gateways, and we can be productive while not at a computer. With this convenience, this causes risks, and some of them can be prevented such as not opening attachments because there is malware being developed for the phone, and that can be transmitted in to the corporate environment, for example. This one should be checked out if nothing else.
    • 3 overlooked endpoints for cyber attacks and how to protect them Trend Micro This has three bullet points and links to other information for further reading. If you care about such things, this article is a must read.
    • 5 ways machine learning can be used for security today Trend Micro this article talks about how machine learning can help with protection. Next Generation scanners are coming, and Trend Micro has been doing this type of work for many years.
    • Cerber Starts Evading Machine Learning Trend Micro this article talks about Cerber, a worm, that is being trained to evade detection from the above machine learning technique, so it can stay around. Very clever stuff.
    • How and Why the Phishing Threat Landscape Has Changed A forward looking blog post talking about the real world risks of the phishing landscape and what we should expect now. This is real world information, and something that people should check out.
    • In a bit of good news, Krebs On Security gives us an article I thought was worth tweeting about. Alleged vDOS Owners Poised to Stand Trial is the article. We’ve covered this operation on the blog before, and this is good reporting here by Brian. Now, people are being caught, and we can’t hide, even if we did use a VPN as someone can always know who we are.
    • Last Pass has been busy as of late, and Security Update for the LastPass Extension from Last Pass talks about the latest. Security Now has been covering the various bugs that Google’s Tavis Ormondy has been finding, and these are big things which Lastpass has been right on top of. These guys are very serious on their work, and I don’t see any change in that, even though, I believe they were baught out, by another company if I remember right. Maybe I’m wrong, but I thought I saw that one somewhere.
    • CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino Trend Micro This article is better late than never. This talks about a bug which was fixed which exploit kits have been taking advantage of.
    • Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important Trend Micro talks about the patch Tuesday which was this past March’s list of changes. No reason really on why Microsoft delayed February, so we got a bunch.

    There is more that you could read, but this will keep you busy for awhile. I’ll try to get more articles out on a timely manner with in a day of me reading stuff so that I can talk about them more. Any thoughts on this list? Do let me know your thoughts.

    Comments Off on Things I’ve been reading for the past while

    Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

    Hi folks,

    Apple Vis is letting us know that IOS 10.3.1 is out. Read the blog post here. This afternoon, Steve Gibon tweeted:


    Steve Gibson: iOS users: Time to update (again). Last week’s update left a worrisome (bad) remote WiFi attack possible. Grab v10.3.1 when you can. /Steve. 1 hour ago from TweetDeck


    I’m sure the next security Now program will have information on this one, and I’ll try to catch it live so I can blog about my thoughts on it. I’m glad they were able to find it and get it fixed as quickly as possible, whatever this means. Stay safe.

    Comments Off on Apple Releases iOS 10.3.1 with Bug Fixes and Security Improvements

    14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live

    Hi folks, I just read this article sent to me entitled 14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live and this can’t be good. First, lets say I’m in California, which I am. Next, lets say that the person that is doing something is in another state, lets say New York. Lets say I know them. Lets say I pick up the phone and dial 911 which the article is saying to do. I tell the dispatcher that I’m seeing a crime of some sort live on facebook. I get them the URL. Now, my question for discussion is this: will the police forward this on to the proper authorities in which the crime is taking place? I’m not sure how the multi agency stuff works, but I don’t know if 911 is used for such things. This is where you come in, and you can let me know your thoughts.

    Comments Off on 14-Year-Old Charged In Sexual Assault Broadcast On Facebook Live

    Technology podcast 257 is now out!

    Hi folks,

    I’ve not released a podcast since 256 in mid February. I’ve put together some segments, then wanted to cover one particular segment and decided to put it on our mix show, the Saturday Afternoon Hangout. I’m trying to find things that might be of interest, but yet, different than other casts. I hope you’ll enjoy the podcast.

    RSS feed where you can get your copy.


    Show notes


    On this podcast, we talk about a variety of stuff including ransomware, and I have some segments asking for comment on what we should cover. Hope to hear from you!


    I hope you will enjoy the show as much as i have putting it together!

    I’ll continue to post articles of interest, and if I want to put it in to audio, I’ll do that too. I’ll be trying to get casts out quicker, but it all deopends on time.

    Comments Off on Technology podcast 257 is now out!

    IOS 10.3 has been out

    Hi all,

    In the better late than never department, IOS 10.3 is out. I’ve neglected to post about the other IOS releases since 10.1, but Apple Vis has a blog post of their own dealing with changes and regresions we must be aware of. Please feel free to read it and update when you get a chance. Security Now has covered 10.3’s release but I’m not sure if I remember on what episode. Here is Security Now’s RSS feed which is hosted on twit.

    Comments Off on IOS 10.3 has been out

    FBI: Attackers Targeting Anonymous FTP Servers in Healthcare

    Hello folks, this article came across my desk through a newsletter I’m subscribed to. The article is entitled: FBI: Attackers Targeting Anonymous FTP Servers in Healthcare and I do not believe that our FTP allows anonymous access even if we turn it on now a days. I really think we need to be aware of this, and pass it along to our dentist and health care people that we know. This couldn’t get worse, can it?

    Comments (1)

    march’s updates

    Hi.
    Well I have been busy this month but thought I’d put out all the updates since no more have come.
    Amd drivers, and others.
    Windows 7 monthly and preview monthly.
    adobe flash, and adobe acrobat update services.
    Dropbox, skype all have new versions.
    codecguide 13 is out.
    Windows10 cumulative for march is out.
    Well technically 3 versions came out one you had to manually download from the catalog.
    The first version was the big update including february’s update.
    The second versions fixed issues with the first.
    The third fixed issues with the second ie it broke windows store.
    Office recieved 2 updates one minor today.
    Itunes has an update.
    Garmin devices had one of their updaters depricated and another released, tomtom has a new update for its home suite.
    Thats that for this month.
    Next month is windows 10 creaters.
    Interestingly if we use old termonaligy we have win10 then win10 a.
    Now we get win 10 c where is win10 b?
    And where did windows 9 go by the way.
    Intel also has a driver updater update to 2.72.
    More next month.

    Comments Off on march’s updates

    Dishwashers, washing machines, connecting to the net and having issues?

    This goes in to the oh boy category. Do we have one?

    In the same newsletter, one article calls it a dishwasher, the other a washing machine, but this can’t be any worse can it? Hackable IoT washing machine provides channel for breaching hospital IT and Dishwasher has directory traversal bug g
    Thanks a Miele-on for making everything dangerous, Internet of Things firmware slackers
    are two articles out of several here in this list. We definitely have something going on here, and it can’t get better when you see this. The reason why I went after the second, was because I heard parts of Security Now which taped on Tuesday afternoon, and it is discussed there. Steve couldn’t believe it, I forget what he says, but this is definitely bad. I just wonder what else we can see if we’ve practically seen it all. Oh boy.

    Comments (2)

    « Newer PostsOlder Posts »

    go to sections menu


    navigation menu

    go to sections menu