go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



And Now a Ransomware Tool That Charges Based On Where You Live

OK, Here’s something for you all on this blog. Not sure now what to think. If this is the case, my conversation yesterday with someone will make us doomed.

Malware is designed to charge more for victims in countries with a higher cost of living, Recorded Future says.

Source: And Now a Ransomware Tool That Charges Based On Where You Live

Comments Off on And Now a Ransomware Tool That Charges Based On Where You Live

IOS 10.3.2 is now out

Hi all,

We’ve been talking about security lately. I heard during Security Now that IOS 10.3.2 was released along with other apple releases. They fix some bugs. If I can find some more information in the coming day, I’ll make sure to post more. I’m going to update my phone to it now, and we’ll be in touch.

Comments Off on IOS 10.3.2 is now out

After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

OK folks, welcome to another post here on the blog. As Trend Micro predicted, we have a new ransomware based on wannaCry. After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit is the name of the article. It does follow suit by having the same type of thing where ms17-10 is concerned, if they didn’t find anything else. Here is a portion of that article in which it explains a little bit of what this is.

“Contrary to recent news citing UIWIX as WannaCry’s new—even evolved—version, our ongoing analysis indicates it’s a new family that uses the same Server Message Block (SMB) vulnerabilities (MS17-010, code named EternalBlue upon its public disclosure by Shadow Brokers) that WannaCry exploits to infect systems, propagate within networks and scan the internet to infect more victims.

So how is UIWIX different? It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don’t entail writing actual files/components to the computer’s disks, which greatly reduces its footprint and in turn makes detection trickier.

UIWIX is also stealthier, opting to terminate itself if it detects the presence of a virtual machine (VM) or sandbox. Based on UIWIX’s code strings, it appears to have routines capable of gathering the infected system’s browser login, File Transfer Protocol (FTP), email, and messenger credentials.”

I’m still unsure really about this server message block and what it does, but criminals are going to take advantage of this for some time to come. Why? Because, as we’ve learned, patching is not as easy as it seems to be. We can tell people to patch, but patching can take anywhere from a month, to 6 months.

I really think that is too long, and even we were surprised on the fact that Windows XP and server 2003 were even patched, from this last outbreak, but Microsoft thought it to be a good idea because of how wide spread this problem is.

I’m not going to dwell on this issue, as patching should be a first resort on fixing a vulnerability once a patch is successfully created and made available, but systems as we learned must go through testing in the larger world, and if programs break that run on these systems, then the system can’t be patched.

According to Ransomware: What Are the Bad Guys After and How Do I Stop Them? they want to cause as much damage as possible, whether it is monitary, or whether it is physical. They want to hurt you at the worst possible time, when files matter to you. Backing up is the first step, and making sure your stuff is backed up on a regular basis.

e article WannaCry & The Reality Of Patching will go in to detail on why patching is becoming a problem today.

I’ll have my longer article out, but wanted to get some more information out now while it is still fresh.

Thoughts? Please give us a holler on the comment boards.

Comments Off on After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit

showdan, what part does it have?

So I know its a little late to add it to the article being worked on with images and the like, but I did find something interesting out in regards to Wannacry that I thought was interesting. There is a search engine out there called shodan, and I’m not even sure of its spelling. From what I understand of this site, it is similar to Google, but yet, it populates all of the machines with open ports, among other things. Whatever this site is, it also does port scanning, where you can ask it who has a certain port open. Instead of phishing, I saw something that said the people involved searched for machines with port 445 open, and infected that way. I’m still thinking the possibility of a phish is still there, but anything is possible.

shodan

Comments Off on showdan, what part does it have?

Wannacry, an update

Hi folks,

I’m here to give everyone an update, although i just wrote a longer article linking to sources and other thoughts in regards to this big time ransomware, Wannacry. I didn’t cover everything, because I still want to see what Security Now has to say although I caught part of it. I’ve seen reports like North Korea having a part in this, and we know that Microsoft now patched XP and other operating systems that were vulnerable which they normally wouldn’t, but this was bad. As soon as the article is done and posted, you’ll get a link, as if I gave it now, its in rough draft form now and links wouldn’t work unless I took the painful time to do this. For now, there’s tons of media coverage on this, maybe some speculation, but we definitely know more than we did on Friday. I’m still in shock.

Comments Off on Wannacry, an update

Window-Eyes to JFW path plan

I’m saddened by the news of Window-Eyes closing. This is official word from former GW Micro Employee Aaron Smith.


Thank you for being a valued member of the GW Micro and Window-Eyes family. We regret to announce that sales of Window-Eyes have ended in the United States and Canada. Users outside of the United States and Canada should contact their local distributor for options. We are committed to our customers and will honor existing product purchases and software maintenance agreements, and we will continue to provide technical support to end users that have purchased Window-Eyes or a support package.

All users who are currently using Window-Eyes can continue to use the software indefinitely; however, as the Windows® operating system and/or applications change over time, Window-Eyes may not function adequately for your needs.

We understand how important a screen reader is to you and are offering JAWS® for Windows 18 as a replacement. We are committed to providing a smooth transition and will honor existing Window-Eyes product purchases and software maintenance agreements (SMA), as follows.

· End users that paid for and are current with Window-Eyes 9.x will be converted to JAWS 18 at no charge.

· If you are using an earlier version of Window-Eyes, you can purchase an upgrade to JAWS 18.

· If you are using the free version of Window-Eyes you can continue to use it. While there is not an upgrade path from the free version, if you are interested in purchasing JAWS, please contact our sales team at 800-444-4443.

· Existing Window-Eyes SMAs will be rolled into the JAWS SMA program for end users that migrate to JAWS.

Learn more about the migration options and pricing by visiting http://www.gwmicro.com/window-eyes/migrate.

To make this process as easy as possible, we ask you to complete a simple web form that will go directly to our sales team, who will then contact you with an authorization code for JAWS 18, or request additional information if necessary.

Requests for upgrades must be submitted at http://www.gwmicro.com/window-eyes/migrateform or by phone at 800-444-4443 by July 31, 2017.

Note, the free Window-Eyes Offer for Users of Microsoft Office version is not part of the conversion program.

If you have any questions please call us at 800-444-4443 or email us at orders@vfogroup.com.

Aaron Smith

VFO™ | Enterprise Compliance

11800 31st Court North, St. Petersburg, FL 33716

T 727-803-8000 x 6208 F 727-803-8001

ajsmith@vfogroup.com

www.vfogroup.com

VFO Logo, Innovating in Accessibility Our Brands, Ai Squared, Freedom Scientific and Optelec

The information contained in this communication is confidential, may constitute inside information, and is intended only for the use of the addressee. It is the property of VFO™. Unauthorized use, disclosure or copying of this communication or any part thereof is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by return email, and destroy this communication and all copies thereof, including all attachments.


For membership options, visit http://lists.window-eyes.com/options.cgi/news-window-eyes.com/jrimer2002%40sbcglobal.net.
For subscription options, visit http://lists.window-eyes.com/listinfo.cgi/news-window-eyes.com
List archives can be found at http://lists.window-eyes.com/private.cgi/news-window-eyes.com

Comments Off on Window-Eyes to JFW path plan

I published pod 257, it seems to have gone missing

Hi all,

I did some checking, and I remember putting together a podcast numbered 257. Somehow, it never made it up on the site. I apologize about it, and I’ve uploaded it on the RSS feed. I could’ve sworn I uploaded within a day of me me putting it places. Here are the notes about that cast.


On this podcast, we talk about a variety of stuff including ransomware, and I have some segments asking for comment on what we should cover. Hope to hear from you!


I wonder if it got removed somehow during a time where issues were occuring on the network? Its possible, so I’ll just rerelease it and sorry for the trouble!

Comments Off on I published pod 257, it seems to have gone missing

Podcast 258 is finally here

OK, podcast 258 is finally here. RSS is here.


Hello folks, welcome to the tech podcast. I’m Jared Rimer, and its been busy. I started writing for a site called Vocal, and wrote two tech specific articles for the site. The first is: How Can We Defend Against Ransomware? Omni.media May 10, 2017 aand the second is ATPC Hit with Ransomware, Does Not Pay omni.media April 25, 2017 which got a ton of hits. I’ve also been busy writing short things for the blog here and the one I’m focusing on right now which is generating some interesting comments is A new ransomware wannacry (wanna cry) which is generating comments on how to solve this problem. Its not easy to fix, and we may never fix it, but that post is generating some interesting thoughts. One article I want to bring to your attention as it could be interesting for tech is Bullying, Is This Just a Disability Problem? longevity.media May 2, 2017 because it does talk about a couple of books that I had read, in regards to this issue. First, is this a disability problem? What can we do to curb this? Ransomware has a segment on this podcast too. Hope you’ll enjoy the show, and we’ll have another cast soon.


The podcast is about an hour. Some of the articles and things may be of interest, but the ransomware topic is definitely becoming big now. Hope to have more podcasts out soon.

Comments Off on Podcast 258 is finally here

Window-Eyes potentially going away, again?

Hey folks,

I’m seeing tweets again about Window-Eyes going away, again. I checked some sources like AI squared’s site, even Freedom Scientific’s site, as I saw something saying that the product guy from FS is saying they’re killing it. In my article giving out accurate information I want to make sure I receive it from the right channels. Twitter can be good for news, but anyone can tweet saying things such as Window-Eyes isn’t being developed, JFW will be given to over 400 of us who have been long time Window-Eyes users for free, the whole bit.

I highly doubt that VFO will give all of us JFW if Window-Eyes were to go away. I don’t know where someone is getting that information, JFW is very expensive.

As I notated back in that article which delbt with the AI certificate issue, the cert is good for a long time yet, so why kill Window-Eyes and leave people paying for another reader they have never used?

I personally have used Jaws, my opinion of it doesn’t matt4er. I know how to use it, and I have used it. I grew up with Window-Eyes and products from GW Micro for many many years.

I go so far back, they even developed a program called word and braille talk for the apple I believe it was. I’m not against JFW at all, it just isn’t something I would prefer to use on a daily basis unless of course my job, or my change of operating system or something else unforseen moves me away from Window-Eyes and to another product.

I am hoping to hear more, and when I do, I’ll be sure to publish the release like i’ve been known to do.

Comments (6)

A new ransomware wannacry

Hello folks,

I don’t know how I can turn this in to a longer article, so I’ll post it to my blog and leave it at that. I joined the Sans group with a webbinar in regards to this new threat called Wanna Cry. This article from Krebs on security entitled U.K. Hospitals Hit in Widespread Ransomware Attack was posted on the 12th of May. As Brian covered, he mentioned what this was, and the fact that not only were the hospitals hit with this, but so was a telephone company. Sans’s webbinar last night said there were at least 56,000 different infections at one point, just by doing scans, nothing more. They made it clear that they never accessed any machines, just did scans.

Sans indicates that while this was bad, its only going to get worse. USCERT has a writeup entitled Indicators Associated With WannaCry Ransomware which was posted yesterday as well. The SMB system I’m not too familiar with, but this can hit even with patched systems. We’ll keep our eyes and ears open for more.

Comments (4)

May 9ths Security Now program

Here we are again, another Security now episode which will air on the mix and I feel ashamed for being so behind. I’ve got plenty to listen to for my ride home tomorrow as I have other comitments to attend to. You may listen tomorrow at 5 central in the afternoon through the mix, or go to the security Now feed to pick up your copy.


SN 611: Go FCC Yourself May 9, 2017, 7:11 PM
Security Now (MP3)
This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft’s built-in malware scanning technology, Patch Tuesday, Google’s Android patches, SMS 2-factor authentication breached, Google goes phishing, the emergence of ultrasonic device tracking, lots of additional privacy news, some errata and miscellany, actions US citizens can take to express their dismay over recent Net Neutrality legislation, and some quick closing the loop feedback from our terrific listeners.


I’ll be looking forward in checking out this program. I know I’m behind, and probably a lot to talk about. I have been working on a cast after awhile of not doing one, but I really need to publish podcasts more regularly like i used to. This podcast could definitely give me stuff to talk about. See you all soon.

Comments Off on May 9ths Security Now program

How Can We Defend Against Ransomware?

My article on Vocal How Can We Defend Against Ransomware? has been published. On this article, I talk about two different articles and the big uptick in ransomware cases, and there is no sign of slowing down. Criminals find this lucritive, because you need your files, and most people don’t back up, or if they do, it isn’t on a regular basis. The human element must have a part in this, it has to start with it. Please discuss your thoughts.

Comments Off on How Can We Defend Against Ransomware?

Got phished? I got a call, but knew better

Hey folks,

Here is another one of the true stories about phishing. I got a call from a toll-free number at 4 this afternoon. They claimed they were from apple and the person’s name was Jennifer. They said there was suspicious activity on my account. My options were to press 1 to speak to someone, or 2 to hang up.

First, the apple rep I talked to says that they will not call you if there is something wrong, you have to call in first, and only then do they call out.

Next, the apple rep said people may get calls from Texas or California area codes, not from a toll-free number. Also, they would identify themselves as apple.

I didn’t get phished as I knew my account had two-factor turned on, and I even envited the representative to look at my account if they wanted to verify that no suspicious activity took place.

Comments Off on Got phished? I got a call, but knew better

Patch Tuesday is here

Hi all,

Brian Krebs has posted like he usually does, and Sans is also covering the microsoft bug that was patched out of cycle to fix some things with their removal tool. I’m sure that Trend Micro will also come out with a post, unless I missed it. Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday is the article for now.

I’m about to publish a great ransomware piece on a side note, and it should be available tomorrow. Hopefully we’re all patched soon, and we can continue to stay as safe as possible. This article I wrote which I’ll cover once posted could be part of why we need to continue to patch where we can because if it gets through some newly developed way besides E-mail, you could be protected. For now, it is delivered by E-mail, but who knows what the future holds. Thats why i mention this article on passing here, as if we were patched, and it was delivered through a bug of some sort on a piece of software, then we could be doomed. Maybe I’m thinking ahead here, but thoughts are welcome.

Comments Off on Patch Tuesday is here

Google and authentication

Hello everyone,

I saw a few articles this morning on an issue in regards to Google and authentication. One was from Trend Micro, the other from my favorite writers at Trend Micro. The long of the short of it is that Google was made aware of an issue where you were sent an E-mail to your google account. If you clicked on the E-mail link, it would ask you for permission to access your account to view the document in docs through the protocol o-auth. If granted, the person in question had complete access to your entire account. Trend Micro indicates that if you just go to the profile page, and remove the access, no further access is granted. Google has pushed a fix so nobody else can be infected by this, but if you have, just remove the access within your account. Clever.

Thanks for reading, and stay safe. As a side note, any link to google docs etc. if signed in, should already connect you through their interface, not through o-auth.

Comments Off on Google and authentication

Some recent issues, they are being investigated

Hello to all subscribers and readers.

I’m Jared Rimer, I’m the main one who writes here on the technology blog and podcast. While I’ve not written much lately, I want to come in here today because there have been some downtime on this and my other blog, but this one is the most written on right now.

Recently, my moderator, Shaun Everess, E-mailed me this morning pacific time, to let me know of a blog outage. I was able to confirm and open a ticket within the hour of me being notified. This blog came back up within the half hour of me writing the ticket.

Let me explain what is going on here.

  • Our control panel checks for updates each day at midnight.
  • We are not sure, but some component somewhere is having a hard time, and thats what is being investigated.
  • I am not completely sure, but the component may have something to do with database connections, so anything needing a database connection is effected.
  • The good news is that the provider was called early this morning. Due to the time, the provider was not in a position to deal with it then, so it was delbt with as quickly as possible.
  • I can’t guarantee anything right now, but i can tell you that this is being monitored to figure out whats happening. Thanks for your continued support, and the JRN apologizes for any inconvenience this causes you.

    The last time we had an outage, it was after an upgrade, but I can’t prove that because it wasn’t just this blog, and multiple accounts were effected. We’ll continue to keep you posted as soon as we know something. Thanks for your continued support, and Thanks Shaun for getting us alerted. Without you, I don’t think I’d notice a lot of the issues. Thanks bud for all your support.

    Comments (1)

    This week’s Security Now program

    Hello everyone,

    This week, Security Now is going to be packed as usual. If you aren’t subscribed to it, please do so by going to this RSS feed. Here are those show notes on whats coming up this week. This program is 1 hour 57 minutes long.


    SN 609: The Double Pulsar April 25, 2017, 6:35 PM
    Security Now (MP3)
    This week Steve and Leo discuss how one of the NSA’s Vault7 vulnerabilities has gotten loose, a clever hacker removes Microsoft deliberate (and apparently unnecessary) block on Win7/8.1 updates for newer processors, Microsoft refactors multifactor authentication, Google to add native ad-blocking to Chrome… and what exactly are abusive ads?, Mastercard to build a questionable fingerprint sensor into their cards, are Bose headphones spying on their listeners? 10 worrisome security holes discovered in Linksys routers, MIT cashes out half of its IPv4 space, and the return of two meaner BrickerBots. Then some Errata, a bit of Miscellany, and, time permitting, some “Closing the Loop” feedback from our podcast’s terrific listeners.

    We are allowed to air it as long as we leave everything in tact, so join the mix on Thursday at 5 CT, 3 PT for the airing. Hope to see you there!

    Comments Off on This week’s Security Now program

    Trying a new site for publishing to a wider audience

    Hi all,

    I’ve always tried to write about various types of technology, and even when I’ve gotten articles out, I’ve not had a lock on them. Part of that trouble is my plug in I think, where it isn’t tweeting anymore. The other aspect is, that this site, Vocal allows me to branch out and cover a wide variety of topics all on the same platform. I know it is accessible, however, they need images. They helped me publish a longer piece I wrote based off of this blog post and while I did a great job with this one, they wanted me to expand. I should’ve expanded and talked here more about what ATPC is. While I’m not going to full out blog here about it, but I wanted to share my longer piece entitled: “ATPC Hit with Ransomware, Does Not Pay” with you. It shows I have no biography, but I do. I know they’re making some changes, and I want people to know I’m still going to blog here. I also know I’ve not done a lot of reading as of late, and there’s a lot I need to read. I’m hoping Vocal will take off, and allow me to branch out in to other categories, and eventually, get paid.

    It isn’t going to be a fast process, nor is it going to be easy, but I’m up for the challenge. I’m still going to blog here, and if I find something good, I’ll be sure to blog about it. The thing about this site and Vocal, is Vocal needs to be your own content. You can link to others, however, they want it to really be your own. I hope you’ll enjoy the article I published over there, and I’ll publish links to those articles once they get approved, if they are tech related for everyone who may not be familiar with them, to see what else I’m writing. Hope everyone is enjoying their stay here, and please feel free to check out check out Vocal to see if it is a viable solution to what you’d like to do in reaching a wider audience.

    Make it a great day! See you all soon.

    Comments (2)

    Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    OK, is this how security products are supposed to be made? If Samsung did have a part in this, they should be ashamed with themselves. Check this one out.

    Source: Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    Comments Off on Samsung’s Tizen is riddled with security flaws, amateurishly written | Ars Technica

    Patch tuesday

    Hi all, its that time of month again, the time where we must reboot our PC’s to allow for updates to take effect. Starting this month, Microsoft has discontinued issuing bulletines on what the updates covered. April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks from Trend Micro and Critical Security Updates from Adobe, Microsoft from Krebs on Security will give you varying views on whats up. This Networkworld article entitled Microsoft kicks security bulletins to the curb in favor of security update guide may go in to further detail on why they did this. This is in the better late than never department, so i hope you’ll enjoy taking a look at these things as we continue to fight the security battle.

    Comments Off on Patch tuesday

    « Newer PostsOlder Posts »

    go to sections menu


    navigation menu

    go to sections menu