The Technology blog and podcast

Google gives the boot on Zoom, tells Google Employees no Zoom on their work PC’s

In an effort to combat Zoom’s insecurities, Google today gave Zoom the boot. To be fair, Google haden’t vetted Zoom, and Google only lets employees use approved software on their corporate machines.

Be that as it may, the article in question indicates that this has been Google’s policy, and that makes sense to me. The article links to other aspects of Zoom’s insecurities, which you can read on your own time.

Thank you Armando for sending me this.

Google bans its employees from using Zoom over security concerns is the article, and worth the read if you know of Google People who are employed who may not have yet gotten ahold of the announcement.

Comments (0)

Conspiracy theories on the novel corona virus make me wonder

Michael in Tennessee gave me an interesting audio which may be played on a future podcast talking about the novel Corona Virus and how it supposedly started. Apparently, this video was originally posted to Face Book, then got sent around the Internet. While this isn’t necessarily a bad thing, I believe that this particular video leaves more questions than answers.

For example, how can something like 5G have this wide an effect? My understanding is that we don’t have 5G yet. If 5G is being rolled out, it isn’t going to be so global yet, they want to test it and see how it works.

The guy in the video said that since there is such power in this network, that it is killing everyone in contact with this power. My hunch is that if that were the case, the death toll would be higher than the 5 percent we’re currently looking at.

According to Michael in Tennessee, my point of contact for this, 5G has not really been tested widely, and it is not well-known. According to what he told me over the telephone, Twit’s main guy, Leo, said that not much is known, and we must be practically on top of a tower to have any effect from what we understand.

If you can find the vdeo, listen to it yourself. Determine what you think of it. I’m curious on what other people think of this, I think its completely off base.

Comments (0)

Covid-19 the government has a great read on this one

Hello folks,

In my email, I found a combined note from DHS and the UK version NCSC. This joint collaberation release talks about the trends both agencies have seen throughout this trying time.

It can’t be stated enough to know where your email is coming from. As I posted before, MENVI has been getting Email from Microsoft and the links in question don’t even point to the proper place. While those emails are not harmful when clicking on links, others may.

The alert covers Zoom problems just like other articles like the one linked within this pargraph. Lots of security people have talked about locking Zoom down, nd some even moving away from Zoom altogether. If they do move away from Zoom and go to Microsoft Teams for example, than Teams may, from what I’ve heard and read, be targeted next.

The Term Zoom Bombing has been coined after the actors decided to target the platform people think is the easiest to use, and it is. Its got different risks that you must be aware of. Each person is going to have to figure out what works for them, and there are lots of solutions to meet people’s needs.

I recently attended a webinar done by Mikko Hypponen who has been around as long as Jon Clay. We can’t forget the aspect of the U.S. giving bad advise to boot, so seeing this joint release may be a step in the right direction for people to read.

It falls along the line of the webinar by Mikko and even this webinar by Mr. Clay which talks about this in light differently.

If you search webinar on the blog, you’ve got lots of different webinars to look at. It can’t be stated enough that these are teaching tools, and that you need to understand the threat landscape a little bit and understand what to look for.

This article from the government: Alert (AA20-099A) COVID-19 Exploited by Malicious Cyber Actors should be read and the webinars should be checked out.

I’ll be releasing the webinar by Mikko for my next podcast, I’ve been holding off to give people a chance to watch it first. Do leave thoughts on this, and we’ll be in touch soon.

Stay safe!

Comments (0)

Apple helping independents? This is a nice thing to see

Hey all,

This is quite interesting. Herbie sent me this article that took me a bit to understand how to find. According to the article, Apple will advance a 50 million dollar pool of money to labels and other places to pay their artists. Apple Insider: Apple Music to make $50M fund available to indie labels, distributors is the article.

Comments (0)

Apple Releases iOS 13.4.1 and iPadOS 13.4.1 With FaceTime and Bluetooth Bug Fixes

Today, Apple has released IOS 13.4.1 bringing a few fixes. From what I’m hearing on twitter, there may also be some voice over fixes as well. This apple vis post Apple Releases iOS 13.4.1 and iPadOS 13.4.1 With FaceTime and Bluetooth Bug Fixes goes in to more detail.

I can’t vouch for what is fixed or regressed. Go through and see what you think.

I’m just passing it along.

Comments (0)

This week in security news, the week ending April 4, 2020

Welcome to another blog post for my take on this week in security news. We link to Trend Micro’s blog post, but I’m going to mention what seems to have caught my attention this time.

The biggest thing this week are articles about the Covid19 working from home and security practices, Zoom and its issues, and a very staggering article I read in regards to redis instances and how open they are to the public internet.

We’ve also got vulnerable VPN appliances if thats not bad enough.

If you’ve found something that has caught your attention, I’d love to hear from you. The comment boards await.

The last biggest thing I saw was something I covered on this blog covering Russia and them picking up a bunch of people for cybercrime activity. That, in itself, is a once in a lifetime activity if you think so.

Article: This Week in Security News: More Than 8,000 Unsecured Redis Instances Found in the Cloud and Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Comments (0)

Microsoft sending email account problems? Better check that URL!

In the following example I’m describing, it leads to a web site which I do not want you to visit.

I’ve gotten now a second email from Microsoft.

Here is the latest one:

---

Unusual Sign-in activity

We detected something unusual about a recent sign-in to Microsoft account

Sign-in details

Country/region: Unted State
IP address: 107.170.166.118
Platform: Mac OS
Browser: Chrome

Please go your recent activity page to let us know whether or not this was you . If this wasn’t you. we’ll help you secure your account. we’ll trust similar activity in the future.

Review recent activity

The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved © 2020

---

The view account information leads to http://office365-online.myvnc.com/cutomer/portal/ Don’t go here!

Firefox reports:

---

Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing.

---

I was curious, as the email address apparently said or a similar address, but we know that this can’t be the case.

The email does look very authentic, and this is what will get people. As someone who is curious on what the trend is, I only click to look, nothing more. Having Firefox on your side is great, as they may see this and mark it bad as Google does, through their safe browsing feature. Thats awesome, Google!

Make sure to check your links.This email and another one came to us through our contact at menvi.org’s email address.

Here are the headers:

---

imap://menvi-webmaster%40menvi%:143/fetch%3EUID%3E.INBOX%3E43967
Return-Path: <>
Received: from cp1-benor.nocwest.net
by cp1-benor.nocwest.net with LMTP
id Nbd7Bi3Yh159JwAAIyXCCQ
(envelope-from <>); Fri, 03 Apr 2020 20:43:25 -0400
Return-path: <>
Envelope-to:
Delivery-date: Fri, 03 Apr 2020 20:43:25 -0400
Received: from static.26.106.130.94.clients.your-server.de ([94.130.106.26]:33651 helo=thindra1.info)
by cp1-benor.nocwest.net with esmtp (Exim 4.93)
id 1jKWuB-0002bW-1m
for ; Fri, 03 Apr 2020 20:43:25 -0400
Subject: Microsoft account unusual sign-in activity
From: Microsoft account teamno-reply@microsoft.com
Reply-to: no-reply@microsoft.com
To:
Content-Type: text/html; charset=us-ascii; boundary=CMF8FBR06Z2XNQEBJOR4.1200369.CMF8FBR06Z2XNQEBJOR4

---

Nice going guys, wanna try something I’ve not seen? Problems with an account that is a forwarder and on the proper server that is working isn’t going to fool me or my team any.

Comments (0)

New ways on accessing books on BARD mobile for IOS

Here is something for those of us who use BARD. Remember, the new BARD app was released some time ago.

Over the coming weeks, they say, we’ll get info on some of the new features.

Here’s today’s email I found, and I hope it is of value to you.

---

New ways to find books with BARD Mobile for iOS

Hello everyone,

The new version of BARD Mobile for iOS includes a variety of exciting features, and we’ll tell you about several of them in detail over the next couple of months. One of the most exciting is how much easier it is to find books similar to your current book. From any list of books, you can easily select a book and find other books by the same author, in the same series, and on the same subject. Here’s how:

Open a list of books such as a bookshelf category, your wish list, or Recently Added to BARD.
Find a book that interests you.
If you use VoiceOver, touch the book title and flick up or down. You'll move through a set of options called an action menu. The menu wraps, so you will eventually reach all the options whether you flick up or down. Most of the options are the same regardless of the book list you are in, but some vary from one list to another. For instance, if a book isn't on your device, there's a Download option. If it isn't in your wish list, there's an Add to Wish List option. And if it is on your device, there's a Delete option.
All action menus include these options:
    All books by [author's name]. If there's more than one author, each author has a separate entry.
    All books in [subject]. If there's more than one subject, each subject has a separate entry.
    All books in [series] if the book is in a series.
Double-tap when you get to the option you want. A screen opens that lists the books in that category.

Note that every book on this new screen has the same options as in other lists. This makes it easy to download multiple books by the same author or in the same series or add them to your wish list.

If you don’t use VoiceOver, or you don’t want to use the action menu, you can reach the same options as follows:

Choose the More Info button to the right of the book of interest.
Choose the More Actions button to the right of the author's name, just below the title. A screen opens that lists all the options discussed above, as well as a Cancel button at the bottom.
Choose the option you want.

If your book is in a series, the final option before Cancel is a Subscribe button that allows you to subscribe to the series. If you do, any new books in the series are automatically added to your wish list when they are posted to BARD. We’ll talk about series subscriptions in more detail in a future post.

As you can see, it’s now easy to find and download multiple related books. Please remember, though, that these books aren’t going anywhere, and you don’t need to download them all at once. You can add them to your wish list and download them when you’re ready to read them.

Happy reading,

The BARD Support Team

---

Thanks for reading!

Comments (0)

Lets have some statistics, shall we?

Marina Zlatanovic always finds things of interest and this is no different; with statistics on Internet use from all sorts of categories For example: 90% of Americans have access to the internet in 2019, compared to 76% in 2009. Under Youth, I question American parents believe that their kids spend around two hours a month online.

For the full article 30 Enlightening Internet Statistics For the New Decade and thanks for sharing.

Comments (0)

Zoom is filled with problems, two in Mac and one potential in windows

If Zoom didn’t have enough problems, this article I’m going to link to indicates that you can have problems with the Zoom client for Mac. Zoom Bombing is when someone takes control of your meeting and does stuff that you’re not wanting. to happen. This is more to do with video conferencing and the different sharing aspects, so we may not have anything to worry about.

With the two Mac issues which can happen anywhere, I’m hopeful that the company will address and fix these vulnerabilities as a company in this space should do. The article Zoom’s Privacy Problems Snowball as Two Zero Days Uncovered should be read so you’re aware of it and take the necessary precautions as you see fit.

Comments (0)

Has Mariot been breached again?

I’m curious if there is any new news on Mariot? I know that recently it came out that there was a breach that effected millions, but This article entitled Marriott said it’s still investigating but it doesn’t believe credit card information, passport numbers or driver’s license information was accessed and I am seeing it on April 1st 2020. I know that Krebs reported some time ago an update on their breach, and if this is an April fools joke, I’m not finding this funny one bit. NBC Miami is having a photo from 2016, the story isn’t even dated besides that, and does go in to some detail.

If this is definitely a new breach, has Mariot learned from when they took over Starwood? This is going to get interesting.

Comments (0)

Do you use Go Daddy? You may be impacted by a problem

Krebs on Security is reporting that several accounts across Go Daddy’s platform was targeted by someone who was spear phished. There are many pages that you can use to define Spear Phishing. This Trend Micro page https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing is a specific targeting attack within an organization. While my goal is not to define this fully as there is a complete write up, I’ll be sure to read about this type of phishing so I can learn more about it.

The article from Krebs talks about an employee at Go Daddy falling for one of these attacks. Once in, the attackers were able to follow any notations in any account they had access to. This would then lead to DNS changes, in one case, an approved change that was orchestrated and planned out.

The article I’m talking about is the great article: Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others and you may want to read this and learn more on what was involved.

Were you effected at Go Daddy? Do you think your provider will have this problem? Sound off in he comments.

The gist of the article talks about DNS changes which could lead to other problems. Read through and lets talk.

Comments (0)

New Term, Zoom Bombing

Several articles and even talks like this mornings talk by Mikko Hyponen talked about Zoom Bombing. Zoom is a relatively new platform that has been around for a little bit. Blind Bargains used it when they hosted a webinar talking about a new braille display.

Several services like No Cost Conference, Go to Meeting, and others that I may not have mentioned have existed for quite awhile now.

The experts are describing Zoom Bombing as someone who is able to gain access to a conference and disrupt it either by causing havoc, or take over a conference by putting up images or anything else they want to do.

These types of services have controls in place to make it as secure as possible, and Mikko talked about Zoom Bombing during this morning’s talk. He says that people can set passwords, and even make screen sharing something that only the host can do.

The talk lasted about 45 minutes or so, and hopefully I can get this talk released.

‘Zoom Bombing’ is Real and Could Happen to You: FBI – NBC 7 San Diego is one such article with a search on zoom bombing to get a clear definition to post here.

You can do a search and see tons of coverage on this, and I think this should be talked about. This is sadly no April fools joke, its a real thing.

Comments (0)

With new things, comes different risks

I know that my twitter is several days behind, but I don’t read twitter every day, and I came across this article that I think is timely, even though it is several days old.

The article talks about Zoom, which I’ve used once for a webinar. It is accessible with Jaws and screen reading technology. While I’m unaware of much of what it does, I know the free version is 40 minutes which does not help me because if I were to do things, it would take longer than 40 minutes.

I think the 40 minute thing is treated as a demo, and that should be extended in my opinion. A conference can last awhile, depending on the topic. I definitely see the benefit of using this service, and I’ve got nothing bad to say about it.

While I mention Zoom in an assistive technology light as a product, this Zoom is a product that has Conferencing telephone capabilities as well as web. Other services I’ve used have only telephone, or only web. Some may have upgraded capability, check with the service to see what meets your needs!

In the article Holding Class on Zoom? Beware of These Hacks, Hijinks and Hazards we learn about some of the issues that may arrise, and probably have caused some people to wonder if this platform is secure.

As Steve Gibson has said on numerous podcasts, the fact is, we use default options and think they’re OK. This may not necessarily be the case.

I tend to look at options with conferencing and decide how I want to have it. I do set mine pretty much open, but I’ve also not used it all the time, so if people use it to hang out, the system I have can’t do much.

Even one facility I had used it worked where people were placed on hold and when I came in, it went ahead and started the conference. It was part of a package. Some services allow you to call out, and thats nice too.

If you use Zoom conferencing, what did you think of this article and how do you plan to change how you do your conferencing with this platform?

Comments (1)

A very thoughtful blog post from a technology guy now at home

I was looking at Apple Vis to determine what if anything I needed to talk about here as informational. I found a very thoughtful blog post on there on how technology is helping them stay in touch with the people they care about since nobody is venturing out. I thought this would be appropriate to share here, because there is no many articles out there about the dangers, and nothing about how technology is helping people like us, the disabled.

The article itself is not technical, and it doesn’t talk about any particular app, but is more of a thoughtful piece.

I’ll be putting this in the accessibility section, as it fits there. While a few apps are mentioned, nothing is detailed.

Staying Home: Already a Pro is the article title, and you’re welcome to discuss it here or on Apple Vis.

Comments (0)

Webinar on covid19 from a guy that should be giving this talk

Mikko Hypponen is the chief researcher at F-secure. This is going to be given on the first of April looking like Evening US time. I’m going to attend and see what he has to say. CYBER SECURITY AND COVID-19 is the page, please sign up if you can. I’ll try to tape this for future podcasting.

Comments (0)

Posting on a forum for credit card info: lets teach our kids

I’ve been trying to come up with a way for me to talk about something I saw on a forum, without making it sound like it is one of the worst things you can do.

While it isn’t advisable to be posting questions asking for different types of info, I want to be caucious at the fact that there are people here that may not know better and do something that could harm them.

We’ve all done it, posted something somewhere we shouldn’t have. Its a possibility that I did this, even in my adult years, so I’m going to harp on myself as well as part of this post.

One of the things in today’s internet we need to be aware of are sites called Dark Web sites. Sadly, the Dark Web and the Deep Web can be used interchangeably according to Wikipedia’s lookup on dark web.

Some of the things that can go on in the dark or deep web is credit card selling. Also, tons of personal information is sold in the dark or deep web. With that, what I saw was posted in a forum in the application Dice World, which would be considered the clear web, or the vast majority of the visible Internet.

I’ve talked about Dice World problems before with good news included. The latest bad thing was this post talking about cheating as it relates to games which would include Dice World. We’ve also talked about dice world in our podcasts like podcast 326 and podcast 341 just to name two of them.

I’m not going to talk about this on my podcast, but I want to highlight with this post that the information about asking for information can go on any type of forum or mailing list, and this should not be taken just from the forum on Dice World.

Someone posted on the forum for someone to give them access to a credit card because they could not pay for more space on their icloud. The person in question indicated that they were under the age of 18. I’m not going to mention the age, nor the user name because I do not remember the user name off hand, and the age would not be appropriate to disclose in case it is wrong.

I can tell you that I’ve never seen this type of thing, and responses indicated that people should not give them any information. I was caucious and said that you should only do this with people you trust, not from an open threat such as this.

Mistakes can happen, no matter what the platform is. We’ve talked about software stuff before and now the phishing attacks with the Corona Virus. I’ve also talked about scammers targeting the blind but I don’t feel that this was necessarily the case.

I feel that the report I was given was pretty genuine, this may have been a child. who didn’t know any better, and education is appropriate. If I were able to moderate this, I would educate them about the fact that this is not necessarily a good idea, and that their parent or legal guardian should be responsible for their spending. I know that my stuff is paid for in this way, although I do pay for other things as well.

I’ve made mistakes on mailing lists, and was talked to, so I’m not singling any person out when I say that this person should’ve been blocked. I would definitely hope that once the post was removed by Dice World, immediate communication comensed by Email or messaging through the application to explain that this was not a good thing to do.

We should teach the young, not give them harsh punishments. As it were, the account was created the very day that I saw the post. In part, “I don’t normally do this, but …” and it was followed by the request.

My blog tries to cator to everyone, so if the person effected was to read this, I’d love to talk to you about the Internet so you understand what is happening now especially since things are changing in this world.

Do you know anyone who may be doing this? Do teach them, lets not give them a hard time. They aren’t criminals, yet. Look at the intent and determine whether or not a harsh punishment is necessary.

Comments (0)

Instacart, please get it together

I’m reading from the Huffington Post an article that talks about Instacart, a grocery delivery service having problems delivering because workers want to strike for a very good reason.

If you help out your community like Uber is, than you’ll have happy employees. I’ve recently been told that I should get an instacart account, but after this, I really don’t want to buy from a company that wants to make a profit and not make sure their people are taken care of.

While the article has been updated since the initial publication, there are still things that they do not like that need addressing.

Now is not the time to play games with workers. As I saw somewhere, the next state for stay at home orders is North Carolina. If thats the case, and we have these problems, how are we going to have our needs met? Online is where we need to be, not at the store. I’m almost tempted to just send someone and my credit card. This is not the way I would do things, I would try my best to listen and make things right.

Instacart Gig Workers Threaten To Strike, Demand Hazard Pay And Sick Leave is the article with a video that seems to not have any audio. How nice!

Comments (0)

Russia picking up people doing cybercrime? Seriously?

Cyber Scoop and Kreb s on Security are reporting in two articles that 25 people have been picked up within the region for cybercrime activity. Russia is not necessarily known to pick up their own, let alone anyone for crime to my knowledge.

This is hopefully a step in the right direction, and I hope that this trend continues.

I read the article Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace that came from Cyber Scoop. According to this article, the people behind this activity were running shops such as buy best, or golden ring.

Brian Krebs recently penned an article Russians Shut Down Huge Card Fraud Ring which I’ve not read yet.

I believe in these difficult times, reading good news like this should put a smile on our faces. This is definitely something I like reporting and blogging on. I’m sure that Brian’s article is just as informative as Cyberscoop’s. I would not be surprised if Brian blogged on some of these guys through the years either through his former employer or on his blog.

Lets celebrate some good news for a change!

Comments (0)

More about the Operation Poison News coming from Trend Micro’s intelligence blog

One of the news items from this week deals with operation poison news. This article was posted on the intelligence blog. This is much bigger than the IOS aspect that I had read in the weekly news article found on this blog post.

As discussed, this is done through Hong Kong’s popular forums that people go to talk about various topics. According to the analysis from Trend Micro, this may have started as early as November 2019 since that is when IOS certificates were issued. This may not necessarily be just an IOS problem though, says the article. There may be an android app out there as well, or rather, Android may be targeted by just going to these forums that have these posts.

To make things worse, Trend Micro indicates that these are new accounts, and the posts are not targeting any one individual or group.

To read more about what they’ve found including topics that the posts may cover to get people to click, do click on this article entitled: Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links to read all the details. Very facinating stuff here, I must say.

Comments (0)

Older Posts »

go to sections menu

---