go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu

sections menu

fine menu sezioni pagina

Scammers impersonating Netflix, Disney+ and other streaming services – Red flags to watch for

Shaun sent this some days ago, but now I’m having time to read it. Its a thread on an email list that was discussed from this Kim Komando piece. We’ve talked about Kim on one of Throwback’s security segments for October, so was happy to see this. Take a look at this, as the holidays are upon us and they’ll stop at nothing to get our stuff.

Phishing scams are increasingly being used to impersonate streaming services. Here’s how to spot them to avoid falling victim.

Source: Scammers impersonating Netflix, Disney+ and other streaming services – Red flags to watch for

Comments (0)

This could be a cautionary tale, phones not to get

Some of the articles sent through the Security Box I’ve not read, and may have kept them around for some reason or another. This one I’m referencing can probabbly be a cautionary tale of what not to get, as I don’t know if they’re even still available.

The article is titled Security audit raises severe warnings on Chinese smartphone models and it comes from Ars Technica.

It talks about a couple different Chinese-made phones, which may be sold by Amazon and Walmart. The article doesn’t link these phones because there are quite a lot of problems with them.

The biggest thing, is that these phones will take you to different app stores, replacing the Google play store. It also can redirect you to potentially dangerous malware, depending on what you search for. legitimate pieces of software you’re looking for.

While this may be late, you should always check out where software is gotten from, as you don’t know at least with these devices if changes were made.

The article has complete details on what to look for but doesn’t cover what to do about it mainly because there isn’t anything you can do.

If this is still ttrue, please make sure you’re staying safe and getting what you really want this Holiday season.

Comments (0)

The NSO is finally getting sued

This is going to be a “things to ponder” for our next podcast, and I’ve submitted it to Throwback Saturday Night for future airplay. It isn’t an urgent thing for them, but something we all should be aware of.

The NSO group has been covered by numerous podcasts including Security Now and this one just for a two examples. I’m sure others have too. This is because of something called Pegasus which has been used as a surveilance tool at Journalists and other people.

Apple is suing them because they are targeting their products, and even one recent patched vulnerability is discussed. The NSO group claims their software has saved lives and governments have assisted in arresting pedophiles and other criminals thanks to the software.

The article indicates that there was no backup to the NSO claim of the above, and from what I’m hearing, it has done nothing but become a problem.

The Pegasus software can be installed without any knowledge of the victim, and it can do anything the NSO group wants. It is an Android and IOS problem, and the developers of this software bypass the software all of the time.

We’ll have to see what this lawsuit will look like as it proceeds.

What do you think of this one? A good thing or a bad thing? Why or why not?

Comments (0)

Linux has a serious vulnerability, I hope a patch is out soon

Hello folks,

I’m way behind on this blog, and really need to start writing about what I read. Today, I’m hoping to start that again.

This topic is going to be the main topic for our next security technology podcast, and it could possibly affect us. Why? Because one of the pieces of software it affects is Bind, whicjh allows sub-domains to be bound to the account, especially when it is on a shared server.

It is probably used through Linux, regardless of shared hosting or not, but when creating sub-domains, I always see messages from the control pannel that it is reloading bind. I suppose that unbind would take place for a deletion, but I don’t know anything about the third, dnsmasq. The show notes will not cover the other two, but if I’m completely wrong, someone can correct me.

The article was sent by Michael in Tennessee, and it is titled Linux has a serious security problem that once again enables DNS cache poisoning and comes from Ars Technica.

There is quoted material of all kinds, so go read and learn. Enjoy learning a little today.

Comments (0)

The Security box, podcasts 69-71

Hello everyone,

I know I’ve been devoid of blog postings lately, there’s a lot happening. However, the podcasts continue.

Podcast 69

Welcome to the security box, podcast 69. On this edition of the podcast, we turn our attention to another story, bullying over the telephone lines. We have some news, notes and commentary as well, but the bulk of this program is to think about what might go on these lines whether it is one you are on now, or one you’ve been on. Thanks for listening!

Podcast 70

Welcome to podcast 70 for the 17th. Its open forum today, hope you all enjoy it! Lots of different topics. Hope you enjoy!

Podcast 71

Welcome to the Security box, podcast 71. On this podcast, we’re going to cover things we did not cover last podcast including windows update and a very interesting report dealing with the threat trends for November 2021. We’ll have news notes and plenty of it too. Hope you enjoy the show!

Patch Tuesday

Threat trends and intelligence report

  • new-quarterly-threat-trends-intelligence-report-available Phishlabs

    • News Notes

    Below, please find the links for the news items that are going to be talked about for this week. We may have blog posts on some of these, so make sure you check out the blog for complete details on things and maybe you’ll find something you want to comment on.

    I hope you enjoy the program, we’ll have more news notes and another great program next time. Thanks for listening!

    All podcasts are on our RSS feed for you to go and get. If you need copies, please let me know. I’ll be happy to send you what you need.

    Thanks so much for listening to the programs, and I hope you’re getting something out of it. Replays are also available on Clubhouse, just search for my name and you’ll find me, my profile, and my clubs and replays. Contact me if you have any questions.

    Comments (0)

    Is it time for you to watch for packages? Beware of things to watch for

    Hello folks,

    I talked about this for a future program of Throwback Saturday Night which will air this Saturday on Server 2 on the mix. While I made it not article related, I said I’d be posting this to the blog and I amdoing that.

    There are lots of ways to get notified of packages without relying on the dreaded text messages telling us to click on links. Doing so, could get you in to a lot of trouble.

    As you’ll soon find out when we play the threat trends and intelligence report which I attended yesterday, I happened to ask about the recent barrage of texts about potential packages and the fact they have potentially been delivered or not, and the particulars of messages that say you’re due a prize for paying your bill.

    If you’ve not been to the quarterly trends reports, Here’s the one from Yesterday. We’ll be talking about it, and even Michael in Indiana talked to me about it last night as I uploaded a copy to Live Wire for their perusal.

    What does this have to do with packages? Plenty. The number one threat that is still talked about is Phishing, whether it is Email based, voice based, text messaging, social media or even an unpopular method with QR codes.

    I’ve seen these codes in setting up two-factor authentication with apps, but I am unfamiliar how they really work as it can include URL’s that phishers have used in certain circumstances. While it isn’t common here int the states, it has been used.

    They could in fact, get you to view a QR code instead of clicking on a link as we’ve seen through SMS and email in the future and that’s where our topic that is going to highlight this blog post comes in.

    The major carriers like UPS and Fedex use short codes instead of phone numbers for SMS communication. When you are signing up to get notification through their web sites, you give them your phone number, and you have to confirm receipt and can even ask for all deliveries to come to you. I did that through USPS where all updates are received when I submit to them a tracker.

    The article ‘Tis the Season for the Wayward Package Phish written by Krebs on Security talks about the various problems like Phishing emails perporting to be coming from fedex. According to the article, this can be bad, as it can ask you for another delivery time.

    The ones I’ve seen indicate that I’ve had packages attempted 4 times. They want a $2 processing fee, and then they ask me for name, address and the like on a completely separate domain from the one I start with. BTW, both domains I’ve seen aren’t your major carriers either. Please read this article all the way through, because it is important you do so. If you want your packages saved, you should read the article anyway.

    Have yourself a great day! Stay safe!

    Comments (1)

    Braille 2000 version 2.278

    Hello folks,

    A little bit late here, but if you run B2K, you’ve been tipped off in regards to an update which fixed some bugs.

    Here is what’s new, thanks to Bob.

    Hi,

    One more time… yet another B2K.

    There are five fixes:

    • 1. In Select Pages, The Include Current Page button did not update the display of selected pages.
    • 2. Substitutions (e.g., replacing tabs with spaces) didn’t work for Paste
    • 3. When Pasting material not in UEB, the target document code settings would go screwy
    • 4. If the cursor is in gray, Enter does nothing (might happen following paste)
    • 5. When doing interpoint, the file might end with a gray-fill blank back side. It can be awkward to input more prose (the cursor is in a sea of gray). The new feature Insert / Text Page will generate a new page (with a blank paragraph waiting for input) that is anchored using braille page break.

    Please use the panel, file management, check for updates option or download the full installer from our web site if needed.

    Comments (0)

    So … What Happens when you die? What will happen to your crypto currency?

    OK, I know its not a subject we want to talk about, and I recently signed paperwork for myself should something happen and I need medical care. But what about those who have crypto currency? I saw an article on Twitter that covers this aspect of things which I thought was quite interesting.

    One of the things it says is that Crypto is an investment and it can be rewarding. I do like the technology, but I just don’t feel that investing for me is the right thing to do.

    If you do invest, know what you need to do for your will in case you die. onal
    More
    navigation region end
    Business News
     is the article and I think it should be passed along.

    I don’t want to scare you one bit, but I’ve been told how crypto trading is worth it and all that, and I’m happy for people who do it. Just know what happens if you don’t do something if you suddenly die and your family and friends have to close things out for you. You don’t need to make a hard decision today, but you should make one just the same, and maybe sooner than later, depending on your health and other circumstances.

    I hope that this is of interest.

    Comments (0)

    Time change

    Hello everyone. This is a note to indicate that we’ve changed the time on the blog to match Pacific time for standard time.

    I’ll be starting to blog again, I’ve been lackluster at best, but i’m still here. I hope that you find the blog of interest and make it a great day!

    Comments (0)

    The Security Box, podcast 68: NCSAM extra! Social Media, News notes and more

    Hello everyone! The rss feed has the podcast up, and below you’ll find the show notes including a very interesting blog post that our own Shaun Everiss wrote.

    You should read it.

    Welcome to the Security Box, podcast 68. On this edition of the program, let’s talk about social media and phone line issues as it relates to cyberbullying and other related topics. We’ll also have news, notes and more.

    Social Media discussion

    In a very interesting turn of events, I wasn’t necessarily going to put anything in to this section because I was going to do a full vocal discussion. But when I saw my own digest on my blog, I saw a very interesting post dealing with Social Media and other things related that I’ll link here. I’ll still do vocal talk with no notations, but this post is worth bringing up.

    ,

    News Notes

    We hope you enjoy the program, and thanks for listening!

    Comments (0)

    Crypto might be in trouble? Check this out

    So … I’ve had quite a number of people on clubhouse approach me about crypto and how I can make $16k if I just invest $5k in Crypto under Forex.

    While I love the idea of Crypto and its technology, I, among other people in the disabled community, can’t invest such large numbers in to a system that could probably crash tomorrow.

    One person, even went as far as to say that if I don’t, I’ll “be sorry” as this is the future. The profile said they were in hardship and a loss, and then he went in to how good Forex is.

    Forex is automated, and like th stockmarket, could have consequences. If you do it, go at your own risk.

    This morning, one of the listeners to the Security Box, sent me this Yahoo! news article Big Hires, Big Money and a D.C. Blitz: A Bold Plan to Dominate Crypto which I found interesting.

    Two people are tryoing to dominate Crypto and get it the money of the future. My hunch is that at some point, Crypto including Bitcoin will fall, but not necessarily crash. Those who invest thousands of dollars and get double their investment better enjoy that for now, as at some point, it won’t happen anymore.

    I’m not really sure what this article will say in the long run, but the problem is that crypto is not regulated, and if they think this will have any effect, I’m not sure.

    Even those who have started taking Crypto as payment have backed out, although I have seen Namecheap taking crypto as payment which is awesome. But I’ve heard that others have backed out.

    If you’ve read this article, what do you think? Is there a chance with what these guys are doing or not?

    Do pass along your thoughts. I’d be curious on what you say!

    Comments (1)

    Don’t miss what’s happening People on Twitter are not the first to know.

    Hi all.
    Well I thought about posting this thing on my own blog but thought I should really release something on here which is not behind the scenes.
    I have been reading titles and articles I am interested in, but due to the current apocolipse, I just don’t have the energy I once had to well actually post.
    With each country and its dealings with covid, I have noticed the following 2 lines when visiting twitter.
    Don’t miss what’s happening
    People on Twitter are the first to know.

    Now this appeared on twitter way before covid.
    Don’t miss what’s happening
    People on Twitter are the first to know.
    Hmmm don’t miss whats happening, yeah a lot happens on social media.
    People on platform x are the first to know.
    Oh yeah?
    So does that mean that everyone on social networking site x know before the media.
    And is all the information on that site the best information?
    Suggestions from governments to local media to even the lockdowns which exist here and other places would suggest not.
    The line should read
    Don’t miss what’s happening
    People on Twitter are not the first to know.
    Neither are they on facebook, youtube, etc.
    Hell I wouldn’t even trust my email, my friends are not the first to know.
    Now before I get hated on, I don’t trust the government, or the media, or anyone online but at least the government and media are official.
    Maybe their social networking platforms.
    But social networks in general while we as humans depend on them are as trustworthy as spam email is.
    There is no verification on social media, no fact checking.
    There are all sorts of groups.
    Social media has enabled us to associate with who we want but the down side is if you want to stick your head in a bag and say obama is an alien parasite then you can.
    No one is stopping you.
    Yet social media in some cases updates faster than news so we actually use it more, so does the media but even so raw data is raw data.
    Especially if it is just that.
    This text by the way is my own opinion, its not fact and I admit it here obviously.
    But no one is going to jump down my throat if I down out lie through my teeth and trousers.
    At worst maybe I get my account banned from here but thats it.
    You can be whoever you are on the social network just like you can be on email or the net with little to no checks or ballences if you wish to maliciously or by accident screw up.
    So yeah its dangerous.
    We consume a lot of the net.
    Not saying its dangerous but if we were so scared about our privacy one thinks we wouldn’t post random garbage.
    Now in some countries people don’t unlike some of us westerners have the luxury to just shoot off our mouths at just about everything and maybe its because we are to comfortable but who knows.
    The net aint free, in fact the average 100 megabyte connection costs most of a hundred bucks there about so it has to be more than that.
    Mobile phones, where you live depending, well data aint cheap,in fact it can be darn right expensive and roming even more so.
    Boredom maybe but I doubt its the issue.
    Maybe its because we can post what we want to people that want to hear it and can block people that don’t so we continue to believe what we want and screw everyone else and maybe thats it in a nutshell.
    No one is going to call me out on this.
    I am unsure about the answer, but I do think that places like twitter shouldn’t be so blatent with their titles of their pages.
    It may have meant something back before, but this is now.
    Social media while being one of the best things out is also is as dangerous as a nuclear reacter meltdown or a firework held in the hand.
    Its not even the legal thing either, its commen sence we are talking about.
    You don’t yell a certain black racest word in public without getting a swift kick to the chops.
    But if I chose to I could do it freely.
    If I got banned from my whatever site I could make another.
    I know rules on the net are hard and well we don’t want massive control but its got its problems.
    The fact you can post what you want and like without any action is a bit of a concern.
    Even on social media I am making up profiles of people in my head without even meeting them and then when speaking with them later realise its different on a completely different level.
    I have also fell into that trap on email and other forums being banned from some of them after mouthing off without thinking.
    I was on my system and it was a nameless list and I lost it for a second.
    After one of these big blowups, I have learned that text is really poor method of communication.
    Its fast and small, and officient but thats about it.
    Its not video or voice and it can lead to other issues.
    For example your average whatever domain website could be registered somewhere, stored somewhere and its data stored somewhere else.
    Ie your .com site may not be american or you are not on a american server.
    The net is not a binary on and off thing its more than that.
    Sadly its something some of us haven’t got round to thinking about that well.
    The fact we trust an unknown user on a site we don’t know about is also an issue.
    Then there are the terms on social media.
    Lets get one thing straight.
    None of the people you add on social media or the net, or email online or interact online with are ever your friends!
    They could be mass murderers for all you know thats why we have scammers.
    The social network idea sounded nice but its a pipedream at best and dangerous at worst.
    I have many people that follow me, so at most they are subscribers but not my friends.
    I have a lot of people I email, including friends but if they had been only online then they wouldn’t be my friends.
    No one on the net is your friend they are just people.
    No one you chat with on a forum or anything is your friend.
    No one online at all no matter who they are is your friend.
    If you physically meet them, chat to them, have some parties or go out, over a long time, say 6 months to a year then yeah maybe then or at least you can trust that link a bit more.
    A friend is not a follow link, unfriending is unfollowing someone but it really doesn’t make sence.
    Maybe some terms on social media need to be changed.
    Friends could be followers or subscribers like on youtube.
    I know we want to make it a nice friendly place but that ship sailed in 2007 or maybe even before that when all those ransom ware writers started making our lives hell and its only worse.
    And until we learn that the next voice in the void can be totally trusted without question we will have issues.
    Even those I know online, I trust to not do or do a certain thing but its not like I’d fully trust them.
    Offline, its the same but because I have physically met them maybe more so, maybe not.
    Now once your social text chat becomes more, like a voice call via zoom or skype, or maybe you trust them to give them your phone or cell number and you really talk for ages, maybe.
    I have several methods of communication and use them a lot.
    Nothing is secure as such but just basic commen sence security.
    At the front of all this stuff is my email.
    Its open to the net, anyone can use it.
    I don’t mind who has it.
    Same with my twitter though I don’t use it as such.
    If I need voice I use zoom or skype.
    If its a business and its local like in my country then yeah I’ll call them offline and conduct my business the old fashioned way.
    Online though, most people only see my email.
    My email aint timezone dependant.
    I can block a certain person, or not respond to them.
    If I need someone to get more involved than that then I have a skype I can use, or zoom or something like that.
    So if it gets a bit more than that, I have my mobile phone and my landline.
    For obvious reasons I don’t want my landline or even mobile phone known, I mean both aren’t hidden or anything but even so.
    Rarely if ever unless its a business do I like to share my phone or mobile numbers which are offline contacts.
    If it goes belly up online, I can easilly take action to secure myself, change my address, block people.
    But if its on my phone or even someone comes about physically then its a bit more of an issue.
    Now with that in mind if its a local business and its in my country I like to deal with the person direct because of the same reason as I just outlined.
    We trust to much in what we read and lets face it reading is the thing here.
    So when you look at your next twitter or social media post don’t take it at face value.

    Comments (0)

    Zales.com is next in the data leaking department

    Its time that companies start getting in trouble for leaking data.

    Its probably no surprise that we’re continuing to see stories like this, but this time, Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 from Krebs on Security is out with details.

    Let me know if these paragraphs sound familiar.

    In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

    Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number.

    The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information.

    The company has the following quote within this article. It says:

    “As a business principle we make consumer information protection the highest priority, and proactively initiate independent and industry-leading security testing. As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity.”

    If you have industry standards, than why do you have another case of mismanagement of personally identifiable data leaking on the Internet for all to see?

    While the issue may be fixed now, this isn’t the first, and the article rightly says this is miniscule to today’s problems we now have to face, but it is still reality.

    I do know that I would do everything in my efforts to make sure that this type of thing would not happen.

    This includes using payment processors like Stripe and billing software if appropriate like Freshbooks to do my workflows and billing.

    If I couldn’t use Freshbooks because I sold product and it would be easier to bill the customer, I’d definitely use Stripe as buttons to buy and collect data is handled by them, and not by me.

    There are probably other solutions that I am not aware of, and each company is going to be unique to this problem. The company needs to find the best solution for them.

    What do you think dear readers? Let’s discuss.

    But I do think one key reason we continue to see companies make these easily avoidable mistakes with their customer data is that there are hardly ever any real consequences for organizations that fail to take more care. Meanwhile, their customers’ data is free to be hoovered up by anyone or anything that cares to look for it or index it.

    “Being a Web developer, the only thing I can chalk this up to is complete incompetence, and being very lazy and indifferent to your customers’ data,” Sheehy said. “This isn’t novel stuff, it’s basic Web site security.”

    Take those last two paragraphs to heart, and make it a great day!

    Comments (0)

    Braille2000 2.277 now released

    Braille2000 released Wednesday a new version of Braille2000 which brings bug fixes to the product.

    One of the fixes was a continuing bug I’ve seen where closing indicaters were put in to documents where they shouldn’t be. Ever seen a closing number sign indicater in something like 4chan anyone?

    One change may have you re-enter your license information, this is because of an internal change where that was stored before and where it will be stored going forward.

    There may be other bug fixes that I’m not aware of that you might see.

    To update, go to panel, file management, software update and select 2.77 from the list.

    Alternitively, go to Braille2000’s web page to pick up an executable.

    Happy brailling!

    Comments (0)

    The Security Box, podcast 67: NCSAM week 4: Protecting Your Children Online

    Hello folks,

    The following may be a touchy subject, but one that is quite important. In some weeks time, we’ll discuss this more in detail as this isn’t just an online problem. One of our regulars will be dharing a story, and while its long, we’ll have more details on how we’re going to handle this program next week.

    For now, our RSS feed will have this podcast, and stay tuned to future podcasts.

    Welcome to Week 4 of NCSAM. This week, we’re going to cover protecting your children online. Notations are taken from a presentation I heard about the topic, and I’ve summarized it to tell possibly some stories that may be similar to something you’ve heard or seen. We’ll also have news, notes and other comments as the program gets started.

    Protecting Our Children online

    • Protecting your kids online. Including topics like grooming, cyberbullying and more.

    News Notes

    The following are some of the items that have been read within the past week. Feel free to read the ones that are of interest to you.

    I’ll try and blog some of this older news we’ve got, so stay tuned. Hope you enjoy the show!

    Comments (0)

    Apple has released updates

    Hello folks, welcome to another post here on the blog. This time, its an Apple post.

    They’ve been releasing updates to variuous operating systems as of late, fixing bugs and possibly adding some additional features.

    Apple Releases iOS 15.1 and iPadOS 15.1; Bringing Many Fixes for VoiceOver and Braille Users

    This has a long list of fixes that plagued us from the onset of IOS 15. While some may have been experienced by me, some have not. This is definitely great news, and I’ll be looking to upgrade to 15.1 at some point within the coming days.

    Apple Releases watchOS 8.1, tvOS 15.1, and HomePod 15.1 Software

    Since I don’t have a watch, I’m unable to comment on anything here, although there are fixes that may be of benefit to you.

    The New Features, Changes, Improvements, and Bugs in macOS 12 Monterey for Blind and Low Vision Users

    I’m not a Mac user, however, there is a lengthy list of changes and new features, especially if you use Voice Over.

    If you’re ready to update, all AppleVis artices indicate how to update your specific product. Stay well!

    Comments (0)

    The Security Box, podcast66: Verizon, AT&T, T-Mobile, Oh My!

    We’re sorry for the delay in releasing the podcast. There were other commitments that needed dealing with, and we also had a technical issue that occurred too.

    With all that said, I put the file on the rss feed for all to grab.

    If you need me to send you a copy, please contact me and I’ll send it to you.

    Below, please find the show notes for podcast 66 of the security box, and enjoy!

    Welcome to the Security Box, podcast 66. Is 66 a lucky number? T-Mobile and Verizon are in the news with Spam messages, AT&T is in the mix as well in passing, Google is getting in the mix with two-factor authentication on more accounts, as well as news, notes and more.

    Topics

    NCSAM

    News Notes read from around the landscape

    The following are links to stories that have been read from across the landscape. In October, we do news notes live so that you, the listener, can get a benefit of this being a discussion. If you like the way this is being done, please let us know and I may do it full time.

    Hope you all enjoy the program, and thanks for listening!

    Comments (0)

    Civil problems for companies that can’t talk about breaches?

    OK, so I recently read a back dated article titled US gov’t will slap contractors with civil lawsuits for hiding breaches which was posted on Ars Technica.

    As I’ve written in news notes, I don’t feel that companies like Colonial Pipeline and JBS Foods willingly put our lives and potential data at risk. I feel that the company who failed to patch their software in a timely matter that lead to a breach is more of the problem.

    I think this article should be read and discussed, as it could bring a much needed change for all of us when it comes to knowing what is going on. I know I’ve got questions that may or may not be answered.

    The good news is that companies will civilly be delbt with, not criminally delbt with, at least when dealing with the government problems, but is that the issue? Let’s discuss.

    There’s more, read the article for more.

    Comments (0)

    NCSAM post 10: Use Android? Your phone may be handing over data, with no choice to discontinue it

    I have two post 8’s, the last 8 should be 9, but I’m not changing it now. Here’s something in regards to Android, and I think I’m going to put this as an NCSAM article for today.

    Hello folks. Welcome to another post here on the blog. Today, we’re going to talk about Android. Apparently, there’s a study that says that a phone that is minimally set up for service is sending tons of information to various companies like Microsoft and Facebook.

    I worry about this as with IOS, you need to give permission to have apps access data, although I’ve heard in rooms that data is being sent to Apple without our knowledge as well. I’d rather trust Apple, as they’ve been known not to do what other companies have done.

    The researchers intercepted and analyzed the data that was sent by the Android OS including the pre-installed system apps that we previously mentioned. The study assumes a situation where the device owner doesn’t enable his phone to share data but uses the default settings for everything else. The research team printed a chart that shows the data collected by each of the Android OS variants.

    Here’s something else.

    All of the companies whose Android OS variants were tracked shared information that can help identify a particular mobile device such as a handset’s unique
    IMEI number. This data is transmitted along with data that the user can reset such as advertising IDs. But since the data is sent as a pair, resetting
    the advertising ID won’t help the user since his device will always link to its IMEI identifier.

    While I will be putting this as part of news notes, I’m wanting people to read the entire article Some versions of Android share users’ personal data with no chance to opt-out from Phone Arena to learn all of the details on what three well-known companies are doing at least with their stock versions of Android.

    Sound off in the comments.

    Comments (0)

    Coin Base get an influx of users

    Sometimes, sites get an influx of users, whether it was the mass exodus from What’s App when Facebook went down for 6 hours, phishing for credentials and being successful at it, or any other means that might have this happen to a site.

    Today, we’re going to talk about a very interesting article that we’ve put in to our first item for news notes for Wednesday. It is a Krebs On Security article titled How Coinbase Phishers Steal One-Time Passwords.

    A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

    Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

    After poking around the phishing site, there is a pannel that will notify the actors when their victims enter credentials on to the site. Also, according to the article, they can push a button in real time that asks the victim for more information. Sounds scary and something in a movie, but yet, its starting to happen.

    Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

    That puts another meaning in to two-step verification, yet they’re taking advantage of this by pushing buttons real-time.

    I took a look at coin base’s web site before writing up the notes for it, and I must say, It Offers a bunch of info about crypto currency and various types of it to boot. I had no idea there were hundreds of crypto. I knew about Bitcoin, Litecoin, and Etherium and possibly a few others, but I saw some that I’ve never heard of.

    Luckily, this campaign is not targeting the United States as of yet, signing up several million Italians first, says the article.

    There’s plenty more I can quote and talk about, but I think you should read through to see all of the details. This is one that people should at least glance at, in case their favorite site may have this problem. Its definitely new and clever.

    Comments (0)

    Older Posts »

    go to sections menu

    navigation menu

    go to sections menu