go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu

The Security box, podcast 39 for April 14, 2021

Welcome to podcast 39 of the Security Box. Looks like we’ve got commentary from the replay of broadcast 38’s airing. We’ll answer any questions from those comments if any, as well as talk about yet another story I read afterword in regards to Facebook and why it might be a good idea to remove your telephone number or use something like Google or Text Now as your number instead of your primary one. We’ll have news, notes, commentary and more. We hope you enjoy the program as much as I have bringing it to you. Thanks for listening!

Topic: More on Facebook, why Brian Krebs deleted his Facebook account

In an article that I read on April 7th, Brian goes in to detail on why he eventually deleted his Facebook account sometime in 2020.

According to the article, a paragraph says:

The phone number associated with my late Facebook account (which I deleted in Jan. 2020) was not in HaveIBeenPwned, but then again Facebook claims to have more than 2.7 billion active monthly users.

We know that Facebook has never been trustworthy after any type of incident, and I honestly don’t believe that Mr. Krebs couldn’t be part of the 533 million people affected by the breach. Checking with the site, yours truly isn’t effected either, but I honestly wouldn’t believe it now-a-day especially since news of this is two years old.

The supposed database has been kicking around the Internet Cybercrime community since Last Summer, according to the article. I’ve never seen any of these databases, and with the massive amounts of databases out there and what they contain, who could confirm every piece of data in it? I like what Have I been Poned and what it is trying to offer, so don’t get me wrong when it says that I’m not in there when I put my mobile number in the site to check.

We now learn that the database was put up since June 2020 and include names, mobile number, gender, occupation, city, country and marital status. It includes data for 100 different countries and there is a link to a January 2021 twitter post within the article.

KrebsOnSecurity goes on to talk about what might happen if someone with malicious intent gets ahold of your mobile number. One of the things that could happen is your phone number changing hands, otherwise known as a Sim-swapping attack. This happens because an employee at the store you got service is tricked in to changing the information to the attacker and you don’t find out until you use your phone.

Brian talks about how it is probably time to remove your number from services like Facebook once verification of the account is complete. I’m almost tempted on doing this myself. There is a very interesting paragraph in which I got interested in. It says:

Why did KrebsOnSecurity delete its Facebook account early last year? Sure, it might have had something to do with the incessant stream of breaches, leaks and privacy betrayals by Facebook over the years. But what really bothered me were the number of people who felt comfortable sharing extraordinarily sensitive
information with me on things like Facebook Messenger, all the while expecting that I can vouch for the privacy and security of that message just by virtue of my presence on the platform.

We can’t vouch for a presence of a sensitive message just because we’re on the platform. I’ve never used Facebook or its messenger client for anything secure anyway, but that paragraph is very important.

Are You One of the 533M People Who Got Facebooked? is the question and article title we’re talking about in this segment, do read the article.

News Notes and more

  • According to an article found on April 8th and written the day before, shopify let data go and it isn’t as we would think. According to the article, the California man, Tassilo Heinrich, is charged with identity theft and conspiracy to commit wire fraud; while two people outside the United States, were not charged. These other two were located in Portugal and the Philippines, according to the article. I don’t understand why these two outside of the United States aren’t charged, they received stolen data, and could have had the oppertunity of using it. California man indicted for stealing Shopify customer data is the article do give it a read.
  • Think Ransomware is going away? Not so fast! This time, an article talks about emailing customers of the companies that they hack to tell the customer that they got hacked. The purpose of emailing customers is of course to get the company to pay up, although as we know, that doesn’t necessarily mean anything as ransomware gangs are only in it for the money. Ransom Gangs Emailing Victim Customers for Leverage comes from Krebs on Security and is definitely a good read.
  • I blogged about this article on the tech blog, but it never made it in to news notes from what I can recall. Brian Krebs talked about someone who registered the domain krebonsecurity.top and what they’re using it for. I’ll just quote one of the paragraphs outright, it says: “Let’s just get this out of the way right now: It wasn’t me.” The article talks about the Shadowserver Foundation, who has tracked the exchange server attacks and their progress of getting patched or lack there of. According to the article, David Watson, a director of the Shadow Server Foundation Europe, tracked hundreds of unique variants of backdoors that allow the actors to keep access. What was very interesting to me, was the fact that an executable was called krebsonsecurity.exe and Brian talking about this plus the malicious domain made the article worth blogging. I just didn’t have a chance to put it in to news notes till now. Read No, I Did Not Hack Your MS Exchange Server for all of these very interesting details.
  • So there was a breach of a water utility in 2019. Cyberscoop’s Sean Lyngaas wrote this article on a Kansas man who was indicted because of that breach. Wyatt Travnichek is alleged to have done it, as they claim he logged in to Ellsworth County Rural Water District’s computer system
    in 2019 and it was unauthorized access. This unauthorized access lead to a shutdown of the facility in question. He is also charged with causing damage to a computer system. According to a customer service rep, Angela Naegele, said the issue was not effected in the drinking water supply. There is no word on whether he bypassed any security controls. Kansas man indicted in connection with 2019 hack at water utility is the article, go on and check it out.
  • Finally, in the “I can’t believe i heard this article” department, Michael in Tennessee read this article via arstechnica which really started me thinking about this company’s security posture. The company’s name is Q Link Wireless. They apparently had an app that allowed you to enter any customer telephone number which you had to know. After doing this within their application for IOS and Android, the person could see anything they wanted within the account with “no password required.” According to the article, this company known as a “Mobile Virtual Network Operator,” according to the article. They are based in the state of Florida. It provides government and subsidized phones to people who qualify under the lifeline program. They apparently serve at least 2 million customers, according to the article. I suggest you check jaredtech.help as I have a bunch more to say in regards to this story, suffice it to say, they apparently closed this hole by doing it server-side and no communication with any researcher or anyone who reported this to the company. For full reading of this disaster, I give you: No password required: Mobile carrier exposes data for millions of accounts: Q Link Wireless made data available to anyone who knows a customer’s phone number. is what you need to read. Have fun!

We hope you enjoy the program as much as I have bringing it together, make it a great day!

Comments (0)

Why is there “no password required” when accessing accounts? What not to do when setting up accounts for services

I’ve been contemplating this article Michael in Tennessee sent me in regards to a wireless company that thought it would be a great idea to have applications for IOS and Android that allowed people to put in any phone number of a customer and allowing anyone to have full read access to all of the data of the account.

When writing up the news notes, I wrote:

Finally, in the “I can’t believe i heard this article” department, Michael in Tennessee read this article via arstechnica which really started me thinking about this company’s security posture. The company’s name is Q Link Wireless. They apparently had an app that allowed you to enter any customer telephone number which you had to know. After doing this within their application for IOS and Android, the person could see anything they wanted within the account with “no password required.” According to the article, this company known as a “Mobile Virtual Network Operator,” according to the article. They are based in the state of Florida. It provides government and subsidized phones to people who qualify under the lifeline program. They apparently serve at least 2 million customers, according to the article. I suggest you check jaredtech.help as I have a bunch more to say in regards to this story, suffice it to say, they apparently closed this hole by doing it server-side and no communication with any researcher or anyone who reported this to the company.

The sub-titled of today’s article is entitled: “Q Link Wireless made data available to anyone who knows a customer’s phone number.” and I suppose it just fits, doesn’t it?

The article was written for Arstechnica on April 9th, and sadly the last item for news notes. People aught to be ashamed of themselves at this company for thinking this was a great idea.

Q link offers a mobile app called “my mobile account” for both IOS and Android as stated in the notations quoted above as well as within the article which I’ll link here as well.

Besides the app allowing you to see data usage, minutes available, buying minutes, minute usage, text usage and even to buy more minutes or data. It also can display the customer’s:

  • First and last name
  • Home address
  • Phone call history (from/to)
  • Text message history (from/to)
  • Phone carrier account number needed for porting
  • Email address
  • Last four digits of the associated payment card

This is a lot of data for one account, especially when the company had it to where anyone can enter a subscriber’s phone number. Can you imagine what would happen when someone malicious came in and decided that they would take a look around?

According to the article, this wide open access has been available since December of last year, but the article only states since December.

According to a person on reddit, they reported this glaring report to the company with only a “thank you for reporting this to us.” He later reported the same issue twice this year, February and also in April. Then this past thurdday, the app stopped connecting to accounts with a message that says that the number is invalid.

I wonder what they ended up doing? Why did it take this long to fix it? Why didn’t the CEO respond to the reporter’s email(s) when it was braught to his attention?

For the complete write up by DAN GOODIN of Ars, please read: No password required: Mobile carrier exposes data for millions of accounts: Q Link Wireless made data available to anyone who knows a customer’s phone number. for complete details. This is security at its worst. Good job, q link wireless, keep up the great work.

Comments (0)

I love good news, Kansas man indicted in connection with 2019 hack at water utility

I love covering articles like this, especially when charges are filed.

A U.S. grand jury has indicted a 22-year-old man for allegedly hacking the computer system of a rural water utility in Kansas and shutting down processes
that affect procedures for cleaning and disinfecting water.

Angela Naegele, a customer service specialist at the water utility who answered the phone Thursday, said the 2019 incident had no impact on customers’ drinking water. The utility continuously monitors its water quality and safety, Naegele added.

The indictment did not specify whether Travnichek allegedy circumvented any security controls in his alleged break-in. Prosecutors cited the Safe Drinking Water Act, a 1974 law that mandates contamination-free standards for U.S. water systems, in bringing the charges.  

There’s definitely more here including:

Travnichek’s indictment comes two months after another high profile digital intrusion into a water treatment facility near Tampa, Florida. In that incident,
an unidentified hacker used a remote software program to breach the facility’s computer system, and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, according to local authorities.  A plant operator noticed and reversed the change.

This is critical infrastructure we’re dealing with, and people like this guy just don’t care.I’m glad he’s been picked up and charged.

For complete details: Kansas man indicted in connection with 2019 hack at water utility is what you need to read, and enjoy.

Comments (0)

Ransomware gangs not going away? Ransomware and their gangs now have something else up their sleeves

Ransomware isn’t going anywhere In fact, its been reported in podcasts that the actors are now emailing or even calling their victim customers to force the customers to call the victim to have them pay. If I remember correctly from reports I’ve heard, it hasn’t worked so well, or even if the customer calls the company and the company pays, its not the end of it in regards to possible problems.

Krebs on Security covers this quite well, and I think its worth passing along to my readers as well.

According to Brian’s article, he gives a letter that was sent to a customer of a business.

This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site.

“Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim],” the missive reads. “The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data.”

“We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us,” the message concludes. “Call or write to this store and ask to protect your privacy!!!!”

To make things worse, the company that was hit this time came back and said that they were part of a third-party breach, and as we know, those can’t be good.

In response to questions from KrebsOnSecurity, RaceTrac said it was recently impacted by a security incident affecting one of its third-party service providers, Accellion Inc.

We talked about Accelion and their FTP client on a recent Security Box, which this blog and podcast seems to be going that way. Don’t worry, I still need to get a tech podcast out, although now I don’t remember what I wanted to do with it. I digress.

The University of California was one of several universities that had been hit with Klop’s ransomware, and I’m sure that this isn’t going to be the last we hear from this gang.

There are lots of links and lots more, so Ransom Gangs Emailing Victim Customers for Leverage is the article, go and check it out. Enjoy!

Comments (0)

Rogue Employees can be part of the breach problem … hope these two emplpoyees got fired

According to an article I read from the Verge, rogue employees can be part of the breach problem. The article was written on April 7th, and was found on my twitter feed

The article is entitled California man indicted for stealing Shopify customer data and talks about a man by the name of Tassilo Heinrich, who paid Shopify employees to get him data on customers which he then he sold to two people outside the United States. According to the article, this breach affected fewer than 200 merchants and it was because of employee abuse, according to the article. A linked article said that one of the merchants involved was Kylie Jenner’s makeup company Kylie Cosmetics.

For full information on this one, please read the article. Glad in this case it was bad employees, and not a full blown breach. As a side note, these employees gave access to Google Drive via links, as well as giving images as well.

According to the article, Mr. Heinrich is charged with identity theft and conspiracy to commit wire fraud; his two co-conspirators, based in Portugal and the Philippines, were not charged.

Comments (0)

The Security box, podcast 38: Facebook at it again, news, notes and more

Hello folks,

The RSS is updated with today’s program that was aired on the Independent artist channel on the mix. Don’t have RSS? Don’t worry! Here is the 100.8mb file.

Below, please find the entire show notes for all to read. The News Notes section is shorter due to time constraints, but good stuff too.

Welcome to the Security box, podcast 38. This week, we had planned to go back to DKIM and have a discussion on it, but we aren’t going to do that. Why? It looks like news has gotten about Facebooks’s 2019 breach and 535 million people whose information may now be out there on the free Internet as well as it already being sold to the dark web when the initial breach occurred. We’ll have news, notes and more as well as your thoughts and comments to boot. Enjoy the program!

Topic: Has Facebook done it again?

Michael in Tennessee sent me an article from Phone Scoop, as well as me seeing the article we’ll be taking from, which came from Cyberscoop. It looks like Facebook is really paying for a 2019 breach in which 500 plus million people’s information including phone number were exposed somehow and later patched by Facebook.

The data, which comes from people from over 100 countries, includes users’ phone numbers, email addresses, full names, birthdates and location, among other
identifiers, according to Insider, which first “reported the news.”

The leak, was first reported by Motherboard, according to the article. The only thing that I’m unclear on is the section that talks about the fact that the leak was reported by Motherboard in January.

The information was made available by paying a Telegram bot a couple of bucks for the details according to the article. According to the article, Facebook removed the ability of searching people by telephone number after the breach. Facebook will be probed by Ireland, and its unclear if the Unnited States will follow suit by the FTC.

The article goes on on what the actors may do with the information now that the information has been made available for free. The website “have I been poned” has been updated by Mr. Troy Hunt with the information that was made available by the breach.

For more information and to read the full article, 533 million Facebook users’ personal data leaked online is the article and do read this.

News Notes for podcast 38

  • Office 365 is no stranger to attack. A Phishlabs article talks about the latest threat. This time, actors can mimic websites by using Google’s API through Google Ads that allow redirects to whatever they want. The issue with this one is that once you log in, they capture your credentials as well as sending you to your account. For complete information, Breaking Down the Latest O365 Phishing Techniques is the article, which will talk about this entire process.
  • Ubiquiti is back in the news. A post by Krebs on Security talks about the latest drama at the company who now has come out saying that there was a problem. After making a change that forced people to log in to their network, they were later told to reset their passwords because of a “third-party cloud provider” may have been breached. There’s more including the very interesting fact that this company should have invalidated all credentials. Ubiquiti All But Confirms Breach Response Iniquity is the article. This is going to get very interesting now.
  • Finally, due to time constraints, I’ve got some good news I want to pass along. Another web boss now has been pleaded and this guy pleaded guilty. This boss was behind selling heroin, firearms and hacking tools. He pleaded guilty on charges of money laundering. Tal Prihar was captured by French authorities. Read Cyberscoop’s article DeepDotWeb boss pleads guilty to laundering millions for more.

Thanks so much for listening!

Comments (0)

The Security Box, podcast 37: The Beginning of DKIM and other stuff

It looks like I did not put the show notes up on the blog for podcast 37’s Security Box. Sorry about that!

The rss feed has been updated after the program was updated.

Don’t worry, those who don’t have RSS can get the 166.76mb file right here.

Want the show notes? You’ve got those coming right up.

Welcome to the Security Box, podcast 37. On this episode of the program, we’re going to talk about something I don’t think people know much about dealing with email, verification of domains in the process, the standards of what it is and how it came to be. We will also cover a very interesting webinar that I listened to by Trend Micro that delbt with the security predictions for 2021. We’ll also have news, notes, questions, comments and more as the show progresses and the listeners choice on whether they have something to contribute. I hope you enjoy the show as much as I have bringing it together for you, and thanks so much for listening!

Topic: DKIM

DKIM is a short form of a longer term which means Domain Keys Identify Mail. This may take several programs to cover, and I think its time, seeing how we had some issues that were the result of it in passing. I’ll talk about those issues in this episode and we’ll get through some of the document.

Webinar: Turning the Tide: Security Predictions 2021

This was quite eye-opening. Usually these predictions are in writing on a blog, and we can pick them apart. This time its in a video, and I hope people enjoy it. I did.

News Notes and more

  • Phishing is definitely continuing to be the topic of the landscape more now than ever, even with the pandemic continuing to rage on. In an article I spotted on Phishlabs, they analyzed 100,000 different web sites of phishing because they indicate that some are on free hosts, some are compromised web sites, yet others may be domains that have expired that they snatched up. The site analysis took place through a three month period and they found the following things: 38.3% used compromised websites, 37.4% abused free hosting services, and 24.3% used maliciously-registered domain names. Within the article, the different terms such as malicious registered are defined. There are two main headings “Discerning Compromised vs Malicious Domain Registration” and “Free Hosting Abuse” which should be read if nothing else. This was definitely a great read, and news worth sharing. Most Phishing Attacks Use Compromised Domains and Free Hosting is the article.
  • Shortly after podcast 35’s airing, there was an article that was posted that made it in to Trend Micro’s “This Week in Security News” roundup which is posted to our blog. While I’m not going to link to that article in news notes, one article about the Solar Winds breach came to light. According to a Swis firm, an actor had APT access to networks for quite awhile. The name of this group is Silverfish. The firm that was named in the article is called Prodaft. Silverfish took advantage by carrying out a sophistocated attack on at least 4720 targets which included governmental institutions, global IT providers, dozens of banking institutions in the U.S. and EU, major auditing/consulting firms, one of the world’s leading Covid-19 test kit manufacturers, and aviation and defense companies. The hackers worked a normal day, monday through friday 8 am to 8 PM according to the article. The report is linked within the article which is entitled Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker so go ahead and read this one if you read nothing else.
  • Speaking of Phishing, we can’t forget to mention the fact that Covid-19 scams are still out there. A cyberscoop article goes in to detail about the recent rounds of phishing pages to ask for credentials to Office 365 accounts while they send you an email about potential issues or otherwise in regards to the vaccines. All of us now have a chance to get vaccinated, check with your state or pharmacy for complete details for your needs. COVID-19 vaccine scammers are still lurking is the article, and please give it a read.
  • Finally, patching after the massive flaw in Redmond is well under way with 92 percent of servers that were now patched after the biggest breach in business history to date as far as we’re aware. There’s lots of links within Cyberscoop’s article, so its best to read the article entitled Patching is trucking along on Microsoft flaws, but hackers are still meddling.

Thanks so much for listening, and make it a great day!

Comments (0)

Looks like Facebook is now paying for an old breach

According to several articles out there, Facebook is now paying for their apparent mistake that allowed people to get access to phone numbers. While they fixed the vulnerability, hackers have now made the data from the 533 million breach which includes 32 million in the United States alone publically available.

Apparently, this breach occurred in 2019, and a telegram bot could accept a couple of bucks to have access to the data.

Now, you know where this is going, right? The actors can now call you or do anything they want with your phone number, so be aware of what is happening now.

Cyberscoop is one who has details on this latest facebook ordeal, so go read it. 533 million Facebook users’ personal data leaked online is the article.

Comments (0)

mobile news for april7 could be a potential issue

Firstly from redmondpie, we have.
1. lg is shutting down.

LG Confirms It Will No Longer Be Making Smartphones Anymore

From july 31 this year lg will be dieing out.
If you want an lg unit get one now.
Aparently they have good audio etc and will have updates and support for a while but still, lg is switching to components and electric cars, etc.
No more phones though but well there we go its been rumored for ages.

The second and more troubling is this.

uMobix Lets You Keep Track Of Your iPhone And Android With Ease

the article intro blurb states
Keeping tabs on iPhones and Android phones is something that plenty of people have legitimate reasons to want to do. Parents in particular need to know what their children are doing with their devices, not to mention where they’re going. uMobix is an app and service that makes that possible.
uMobix is an app and service that makes that possible.
Once the uMobix client has been installed on the device that needs to be tracked it’s easy to keep tabs on call history, text messages, social media apps that are being used, and more.
You’ll also have access to a GPS location tracker so you’ll always know where the phone has been and when it was there.
Need to know exactly what someone is doing with their device?
uMobix also includes a keylogger so you will always know what your kids are typing.
uMobix captures and records all user keyboard activity, whether into web browsers, messaging, or apps. You can get full insight into all keystrokes initiated.
The uMobix website has a handy demo to show what all of the features do and how they operate, and you can take it for a spin in no time at all by creating an account there and then.
The amount of information you’ll be able to track is impressive and, importantly, it could be hugely important as well.
The article doesn’t go intothe obvious downfalls of this.
1. who is you.
Is it you or is it a hacker.
Sure I could see a reason to use this.
Teen agers, children the list can go on, elderly people other cases like that, people like myself.
But when is to much to much.
1. tracking where you are.
Ok I guess that happens anyway.
2. your text messages, phone calls, what apps you use and what you type online.
I admit it here I am well an absolute bastard online, I wouldn’t trust myself with an laser rifle not to mention that humans can post without thinking.
Its hard to have your digital and real worlds to mesh, its really hard to try to equate real and virtual rules to your real world profile.
You build a profile up of whoever you are posting to and its more than often totally wrong.
I’d have a lagit issue with everyone knowing what I do online, twitter and social networks, I guess if you were a bully or predator maybe but I see no other reason for all this.
Assuming this all complies with the google permitions policies coming into force even then.
Checking emails, knowing where you are and logging your keystrokes.
No human should have that information.
Now I haven’t nore will I be visiting the site in question but assuming all the information is in a secured account, assuming its actually secured with encription, passwords and extra on extra security assuming it works then yeah this would be really good.
Sadly I can find a lot more issues than well good points.
1. Its known hackers will use lagit software to do bad things.
2. all that information is on your phone, assuming its all dialing home somewhere which means everything you do is no longer private or secure.
If this was like this on windows I’d remove all my security software, firewalls and everything, I’d set weak passwords to my bank and I’d post all my information to every hacker out there.
Its just not a good idea to handle this like this.
Next has anyone thought about the battery drains and what we have had to let go.
Covid19 has meant you need to be tracked and the government needs to know where you are.
Granted that information needs to be transfered via randomly generated security access code and that program is held by the government and the tracers need to give you a security code to enter and none know it but still.
We need to be tracked, we allready push so much online, data use and costs, data caps not to mention the battery.
Next, avoiding the first thing made in point 1, there is almost no need to have the information, in other words the same things that would need the information there are also a lot of reasons why not.
The biggest thing is us humans put to much out allready even when we don’t want to.
And automation does more.
I am currently away, and have had to remove printers, tvs, and a host of other extra programs and other things off of my workstation because windows assumes on each network I access I will want access to the devices in question.
Next of course is how secure is the client to access.
One would assume there would be a password but kids are smart.
I know friends with blocking programs set on their systems to track them because of actual good reasons, friends that have managed to hack or get by other means, like watching their parents access them, to remember the passwords turning the program on and off.
Even if we do take all this away, can you imagine what someone could do with every keystroke, everything written, passwords, etc, you may as well not use security software or any passwords at all.
We get so many spam calls and the like.
Can you imagine if you are told by someone they have your umobix password and you need to pay a million to stop your information being uploaded.
And what if it actually is.
Everypassword is compromised.
Your identity stolen.
Your credit cards gone, and you are in jail for multiple crimes you havn’t physically done but all the data is that you have.
The hackers have broken into everything from government to police and have control of all data.
All the lawsuits.
Then what.
Things will have to be made more secure which means legit reasons to get into things will become even harder and round and round it will go till world war 3 happens.
Oh did I mention that that may happen to.
In short its just not a good idea to use this.
Umobix could become the next security nightmare.
The easiest thing to do is not start.
On the other hand, this could actually work.
But no one will want to be tracked and can you imagine all the family and other relationship squobbles that will result in this program.
I have a few extreme religious families that have broken up due to restrictions.
And while a couple got away and won’t be back, one is completely on the give me cash because god told me and the other has gone away and is mentally unstable.
Won’t even talk to her mum, and is on who knows what and wants things.
This is without umobix.
Even if this does go through even without all this is it worth it.
I suspect its not.

Comments (0)

With status you may get malware named after you

Krebs On Security has been around for many years now, and recently celebrated a birthday in December. With the aging of the domain and the excellent writing comes the potential of your name and likeness to come in to light in malware.

In an article titled No, I Did Not Hack Your MS Exchange Server Brian Krebs talks about a domain that is not safe to go to called KrebOnSecurity_top and it is not a good web site to go to.

I put the underline in place of the dot, instead of putting brackets which is common to show not safe urll’s when writing about them.

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.

David Watson who is a long time member of the Shadow Server Foundation was quoted within this article. It says:

David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).

According to this article, the new place the attackers are utalizing is quite different than things the Shadow Server has ever seen. There are at least 367 web shell access points, according to the article.

There’s tons more to read including on what the krebsonsecurity.exe file does including the ip mentioned within the article.

No, I Did Not Hack Your MS Exchange Server is the article that you should read, and thanks for reading!

Comments (0)

Krebs on security covers Woodland Hills, California: but this company … isn’t all that great

I’ve lived in Woodland Hills, California for all of my life. When going through Krebs on Security and coming across an article talking about it was quite interesting except for the shadiness of at least one character who has been trying to make business work for him.

The article is entitled RedTorch Formed from Ashes of Norse Corp. and talks about a couple of people who haven’t found their business instincts yet. Since there are a lot of links to various things including a link to Woodland Hills via Wikipedia, you might just want to read it.

The main heading of the article asks the question of who is redtorch? To read it, and the characters who need to figure it out before our LAPD does, click on over and read it.

Comments (0)

Here’s some of what I’ve read of late

While I’d love to put everything in news notes that I’ve read, I’ve realized that instead of throwing it away, I’d put it up here like I used to do.

I may cover some of these in future articles, I know I’m going to at least cover one which kind of hits home for me just a little bit. My goal was to blog everything in news notes, but I’m finding it a little bit difficult, so I think this is going to be good unless I am able to do it. I started to, but then it became a little much.

Maybe this will be a great compromise.

Comments (0)

This week in security news, news ending March 26, 2021

There’s always something good to look at in News Notes from Trend Micro. One of the things that might be of interest is that a Swis security firm may have access to servers that were used for the biggest breach in 2020 to date, the Solar Winds hack.

Instead of me talking about what I think you might want to read, I’ll just link to the article This Week in Security News – March 26, 2021 for all of the details. I hope you’ll find something of interest to read.

Comments (0)

This week in Security news, news ending March 26, 2021

I’m going to try and keep up now, at least on the security front and Trend Micro’s news. Lots to see here. One of the things that may be of value is that a Swis firm may have a line on a server that was used for the Solar Winds breach that happened in December 2020, and was long lived as this was well orchestrated and a good job it was at that. Hackers are going around infecting developers of apple, websites that host cracks are now spreading malware, Purple fox is back, and much much more.

If you click through to read the post from Trend Micro, what did you think? I look forward in hearing from you.

This Week in Security News – March 26, 2021 is the article and I hope you find something that is of interest for you to read.

Comments (0)

Turning the Tide: Security Predictions 2021

This video was done by Trend Micro and was quite interesting. This is the first time I’ve seen a video on their predictions for 2021, usually its in writing. This definitely was a very interesting video to watch, and you might find it of value too. If possible, we’ll be playing the video on the Security box for people to listen to and comment. The video lasts 40 minutes, and if you watch it and comment here, let us know if we can air your comments and I’ll be happy to put it together.

Here’s the link to the video.

Comments (0)

The Security box, podcast 36: Choosing a good password manager

Happy Saturday folks, welcome to the security box for this week. I normally get the blog up within 24 hours, better late than never posting it at all.

The show notes are extensive as normal, and I think its the way to go so people can read my thoughts on the items as well as listening to them on the podcast.

The RSS has had the program up, Here is the link to the RSS for those who need it.

Don’t have RSS? Here is the 156.28mb file for you to get.

I hope those who listen find the shows of value, and I’ll be back this coming Wednesday on the independent channel of the mix’s suite of servers for another edition of the program.

Have you really thought on password managers lately? If not, the main topic may be of interest to you. While there were no calls this week, I feel the way I did the notations and lead the discussion, may make you think about whether its time to get one.

Welcome to podcast 36 of the security box. On this edition of the program, we’ll be talking about password managers. Herbie Allen is along with a Things to Ponder section talking about Scams, one in particular dealing with Amazon. We also have a webinar that will be of interest from F-secure. We’ll have news, notes and more. Hope you’ll enjoy the program!

Topic: Choosing a good password manager

Lastpass writes good articles, and this one is no different. How would you choose a good password manager? There are 5 different things that could make your decision that are highlighted within this article. They include:

  • How many devices do you own? 
  • What are those devices (Android, Apple)? 
  • Who do you need to share with? 
  • What other type of information would you want to store besides passwords? 
  • Are you concerned about data breaches and your personal information being at risk? 

While the article talks about Lastpass features, the heading entitled “Choosing a password manager ” goes in to detail about the different teers of Lastpass. There are definitely alternitives, and you can explore those alternitives. While Lastpass has lots of features, you don’t need all of these features, and you alone need to decide what will work for you.

Webinar: Attackers Get Personal | F-Secure Live Webcast

Over the weekend, I had decided to go through Youtube and found this very interesting webinar. It talked about three different topics by three different people.

About the webinar:

Taken from Youtube directly it states:

Get an inside view into the cyber threats that challenge our recovery from the pandemic and beyond.

Highlights from the Threat Landscape – Christine Bejerasco

2020 was an unprecedented year. But did this reflect in the threat landscape? Christine takes a look at various areas that highlight some of the threats recently encountered.

Healthcare data under attack – Mikko Hyppönen

The healthcare industry’s outdated IT and security infrastructure has caught the attention of cyber criminals, right when we need it the most. Mikko will discuss what we can do to secure our most essential industry.

Thinking like an attacker – Tomi Tuominen

The different stages of a targeted attack keep evolving. Tomi offers the latest insight into how attackers think and how to make their life more difficult.

Topic covered

  • Which threats businesses must face
  • How cyber criminals threaten the health care sector
  • Why a good cyber defense depends on seeing weaknesses through an attackers’ perspective

What to Watch

Things to ponder

Herbie Allen, main owner of the Mix, will be submitting something of interest dealing with scams and Amazon. Its a three minute listen, and we can open it up to thoughts on that. I later show a recent text message, go through the link, and show you what going on with the link.

News Notes and commentary

  • Fiserv used an unclaimned domain that sent out email to customers to do various email tasks like varifying accounts, automating password resets and other tasks that may not have been thought of. A researcher, Abraham Vegh,, contacted Krebs on Security to discuss what he found with the elicit domain which he baught to see what he was seeing. Some of what he saw included bounce messages, messages for out of office replies and even more. To read more, read the Krebs on Security article entitled Fintech Giant Fiserv Used Unclaimed Domain for all of the details.
  • Is it really time to get rid of SMS verification?I think it’ll be time sooner than later. Customer service representatives can be tricked in to changing account info, especially if they are low paid, according to the article from Krebs on Security. The article talks about a company called Sakari , who offers a $16 product that allows you to receive text messages from any phone number in the United States. The letter of authorization that needed to be signed by the customer indicated that it could not be used for harassment, inappropriate behavior, or possibly violating the law. As the researcher has indicated, people were able to sign up with the service and do what they want. When approached with more detail, the researcher in question said that it was not just this company that can do this. The article goes in to more detail on this research including Sim Swapping and possibly other tactics that might be used. The question: Can We Stop Pretending SMS Is Secure Now? should be asked and the article is well worth the read.
  • You think Joker and his stash of jokes are gone? Let’s think again. According to a Trend Micro report, not so fast. I’m not sure what happened to the article, somehow something happened where parts may be missing. We’ll link it here, but they’re back to their old tricks that may be new. This article talks about signing up for services by selecting the phone operator, put in the MSISDN (Mobile Subscriber Integrated Services Digital Network,) get a One Time Password, enter that code and bingo, you’re subscribed to services. While the text I have may have been truncated, the article should be read just the same. No Laughing Matter: Joker’s Latest Ploy is the article, take this very seriously.
  • Think using one password was absolutely safe? Better think again. According to an article by Lastpass’s Amber Steel, hackers found a username and password online, used it, and gained access to 150,000 cameras in places like schools, fire departments, offices, gyms and more. These are security cameras for some 24,000 customers. The article linked here will have more. 150,000 Security Cameras Hacked Because of One Password is the article, give it a read. Think about changing your password immediately.
  • WeLeak.Info is back in the news, but probabluy not in a good way. According to an article by Krebs on Security, the site now leaks information about the customers that were at the site buying and selling information. The first paragraph says:

    A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo
    let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

    The article talks about putting an email address in the site, and getting all possible passwords available with that email address. There’s more, WeLeakInfo Leaked Customer Payment Info is the article, better take a look at it.

  • Finally, we’ve got some good news in two members getting arrested and charged. These two have also been sentenced as well. According to the article, “in fraud we trust” is the mantra of the group, and the two people are named Sergey Medvedev of Russia and Marko Leopard of North Macedonia. There’s more to the story, so read Two Infraud members sentenced for role in $568 million crime gang, US says and we hope that it will be called “In Fraud we don’t trust” in the future.

Thanks so much for listening to today’s program and reading the accompanying notations. We hope you’ve enjoyed the program as much as I have putting it together for you, and make it a great day!

Comments (0)

Firefox 87 has just been installed here

Hello folks,

Just running firefox as I wanted to do something and it popped up a notice that installed firefox 87/. Tjhere are some accessibility changes as well as security changes.

POne of the things they highlight is that they now work with the Mac’s Voiceover program. I don’t know if it works with IOS, I have not tried. Be that as it may, I think this is important for those who want a choice in browser.

My limited use of the Mac (2017) indicated that I could use Safari and Chrome and both seemed to work. Now you can add a third browser if you’re using the Mac.

To read all of the release notes from Mozilla, head on over to this link to read them and let me know what interested you in these notes.

Thanks so much for reading, and make it a great day!

Comments (0)

How would you choose the best password manager for you? Lastpass has some ideas

Lastpass always has some great articles that I find that could be covered. As the work from home option remains in effect, its now more important for you to choose something that works for you.

There are specific questions the article asks which need to be thought of. It covers things like how many devices are used, the type of devices that are used, how many passwords and other types of information may be stored, whether you’re concerned of potential data breaches, and who needs the information that you have that you need to share with.

When getting the best out of your password manager, Lastpass talks about their various teers of service and asks if the password manager you decide to choose provides what they’re highlighting are in the manager you choose.

I think this article is of important, and we’ll definitely be talking about this on the Box this week. I feel that this is of importance.

If you use a password manager, what do you use and why? If you don’t, what is holding you back?

Comments (0)

Attackers Get Personal | F-Secure Live Webcast | Christine Bejerasco, Mi…

The other day, I was looking in my Youtube feed and found something I thought would be interesting to share, and even have it aired on the Security Box. Attackers Get Personal | F-Secure Live Webcast | Christine Bejerasco, Mi… is the webinar hosted by F-secure and several people including Mikko Hyponen is there. Hope you enjoy it.

Comments (0)

The Technology podcast series presents podcast 35 of the Security Box, audio-centric applications like clubhouse

Welcome to the security box, podcast 35. The program I thoink was very interesting, and we covered everything I had on file.

I’m thinkking of changing the show notes for the RSS to have just the links to things, and the extended version for the blog as I have done it done a little bit differently.

The The RSS feed has the program and had it Wednesday.

Don’t want to deal with RSS? Here is the 91.31mb file for each of you to download.

Show notes

Welcome to the security box, podcast 35. We talk about Clubhouse, the security of audio apps like clubhouse and what experts are saying. We also have news, notes, questions, comments and more. Enjoy!

Topic: Apps like Club House and audio-centric apps and their security

Sex workers, for instance, have historically encountered abuse, harassment and employment discrimination in instances when aspects of their private lives
are made public. The issue is particularly acute on Clubhouse, where users must agree to share their list of contacts with the app in order to invite a
friend. Even users who declined to share their contacts with the app could have identifying information exposed in the event that one of their contacts
authorizes Clubhouse to access their information. 

The result has been to inadvertently out sex workers, and then make it difficult for affected parties to delete their account, and thus protect themselves, as Mashable reported. 

Is it necessary for apps like this to mass collect contact details of everyone on their phone? Linkedin, the work version of Facebook, collects contacts so if they do join, you’re notified. I don’t have a problem with this practice, but Facebook, Twitter and even Club House seem to collect data just because. Facebook has notified me of people joining, but I may have telephone numbers for doctors and the like that will become theirs. Google Voice and Hangouts utalize the contacts for me to use Google to call them, and I’ve not had a problem with me giving that permission. I believe Whats App even does this.

According to the article, researchers at Stanford University Agora Inc. transferred information of clubhouse users to servers in China. They are a Shanghai-based provider of engagement software. They apparently transmitted Clubhouse users’ ID numbers and chatroom ID details, though not their username, in plaintext. The discovery meant that Agora would have had access to some raw Clubhouse audio files, and as a China-based company could be required to provide that information to the communist government. 

I read clubhouse’s rules and how they intended recordings to be managed, and how the recording is during the time of the room’s creation and how it is deleted if nobody flags it as part of a review process for abuse.

There were other aspects talked about in this article that came to light, and will be addressed, according to clubhouse representatives.

In another article, Trend Micro talks about the security implications of apps like Clubhouse and the potential of information being stolen. Some of these applications can even be used for command and control servers, (C&C) for short. Trend Micro has information on sample attacks that can be used on apps like this.

The attack points are: Network Traffic Interception and Wiretapping, User Impersonation and Deepfake Voice, Opportunistic Recording, Harassment and Blackmailing, Underground Services, and Audio Covert Channels.

There are best practices Trend Micro recommends.

  • Join public rooms and speak as if in public. Users should only say things that they are comfortable sharing with the public, as there is a possibility
    that someone in the virtual room is recording (even if recording without written consent is against the Terms of Service of most, if not all, of these
  • Do not trust someone by their name alone. These apps currently have no account-verification processes implemented; always double-check that the bio,
    username, and linked social media contacts are authentic.
  • Only grant the necessary permissions and share the needed data. For example, if users don’t want the apps to collect all data from their address book,
    they can deny the permission requested.

The article even has information here for providers to implement if they haven’t done so already. They include:

  • Do not store secrets (such as credentials and API keys) in the app. We have found cases of apps embedding  credentials in plain text right in the app
    manifest, which would allow any malicious actor to impersonate them on third-party services.
  • Offer encrypted private calls. While there are certainly some trade-offs between performance and encryption, state-of-the-art messaging apps support
    encrypted group conversations; their use case is different, but we believe that future audio-only social networks should offer a privacy level on par with
    their text-based equivalent. For example, Secure Realtime Transport Protocol (SRTP)
    should be used instead of RTP.
  • User account verification. None of the audio-only social networks currently support verified accounts like Twitter, Facebook or Instagram do, and we
    have  already seen fake accounts appearing on some of them. While waiting for account-verification features, we recommend users to manually check whether the account they’re interacting with is genuine (e.g., check the number of followers or connected social network accounts).
  • Real-time content analysis. All of the content-moderation challenges that traditional social networks face are harder on audio- or video-only social
    networks because it’s intrinsically harder to analyze audio (or video) than text (i.e., speech-to-text takes resources). On the one hand, there’s a clear
    privacy challenge that arises if these services implement content inspection (because it  means that they have a way to tap into the audio streams). However,
     content inspection offers some benefits, for instance, in prioritizing incidents.

What to read:

h2> News Notes

  • I’m being told that Philmore Productions plans to get rid of their privacy policy and terms of service, not like they were utalizing them anyway, but this could be big news if Philmore gets potentially litigated in the future.
  • Last podcast, I talked a little bit about an article that was part of this week in security news which I’m a bit behind on. Long story short, there are a lot of numbers in this article entitled 119,000 Threats Per Minute Detected in 2020 which wasquite interesting. Phishing is still the the main vector and the Pandemic isn’t helping much. Email threats which include Phishing are 91 percent of the threats according to the Trend Micro report. 14 million detected URL’s were detected with home networks the primary target, according to the article. There’s more to read, Sarah did a great job covering this for the Info Security Magazine.
  • As usual, Windows has their updates that came out, and we have the two articles from Krebs on Security and Trend Micro. According to Krebs on Security, there are over 82 flaws in Windows and supported software. 10 of these are critical, meaning that they can be exploited without you having to do much of anything. One of the biggest flaws is within IE 11 or older edge. Its got a CVE number, and as we know IE11 isn’t really being supported by web sites anymore, especially with sites possibly going to SSL version 1.2 like Live Wire did. Trend Micro says that there are close to 100, almost doubling the amount of patches from last month. Podcast 808 covered the exchange flaws and its big enough news that we really don’t know how many people are effected. Trend Micro says that 14 are critical and the rest are important. Both articles are worth the read.
  • How has Emotet been doing since we talked about its takedown? According to an article, it talks about the story of several members behind this botnet, but it does state there are members at large. that will more than likely go elsewhere because they’re funded and well funded at best. This is a Trend Micro article, Emotet One Month After the Takedown is the article, and it was a good one.
  • On the third of March, I read about an article where scammers took some control over a cloud security firm named Qualys. This article comes from Cyberscoop’s Sean Lyngaas. According to the article, Qualys CISO Ben Carr said the attackers had accessed files hosted on an Accellion server. . Mandiant has been hired in the case, and I’m sure that it’ll be a hot topic of late. Cloud security firm Qualys reportedly victimized by prolific scammers is the article.
  • Have you ever heard of ransomware hackers turning to virtual machines to do their dirty work? An article I read near the end of February was quite interesting, and you may find this of interest too. The article is quoted in saying:

    Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity
    of the operating software.

    CrowdStrike is mentioned in here because the hypervisor computrer servers that organizations use are now being used to deploy their schemes. There’s plenty to read here, Ransomware hackers turn to virtual machine software to boost extortion schemes i what you need to read.

  • There are numerous articles in regards to the massive problem at Microsoft with their exchange server problems. Krebs on Security indicates, and I have heard this on podcasts, that this started as early as January 2021. All of the articles linked within this section were of value, and I don’t want to miss anything.
  • Thanks for listening, and make it a great day!

    Comments (0)

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu