go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: January 2019

Go to Homepage [0], contents or to navigation menu



SN 699: Browser Extension Security

SN 699: Browser Extension Security

Tuesday, January 29, 2019, 7:18 PM

Security Now (Audio)

direct SN download

• The expressive power of the social media friends we keep
• The persistent DNS hijacking campaign which has the US Government quite concerned
• Last week’s iOS and macOS updates (and doubtless another one very soon!)
• A valiant effort to take down malware distribution domains
• Chrome catching up to IE and Firefox with drive-by file downloads
• Two particularly worrisome vulnerabilities in two Cisco router models publicly disclosed last Friday
• The state of the industry and the consequences of extensions to our web browsers.

We invite you to read our
show notes.

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sounds like another packed show, and I’m looking forward to it. This should be fun.

Comments (0)

Tech podcast 305

RSS and mixcloud have the show.


Hello everyone, welcome to podcast 305 of the tech series. On this podcast, I talk about the domain name system in the first segment. There is a very interesting issue that was recently disclosed, however, it isn’t so bad unless you give your credentials out to someone you don’t trust. Alert (AA19-024A) was posted to the blog which links directly to the advisory. Other news articles also talk about this as well as Security Now’s Steve Gibson. Pure Nature and the Ralphs Supermarket app are also demoed. The podcast will last you about an hour and 40 minutes and I hope you enjoy this extended program. Thanks for listening, and make it a great day!

Comments (0)

December Ouch! December 2018 Newsletter

Hi all, I know I’m late with this, and I’ve got some time to look at some email. I recently came across the December 2018 Ouch! newsletter. This newsletter is entitled Yes, You Are a Target. This is very interesting, because it talks about how criminals can get at you even though they don’t want you

A lot of what the article here I’ll be linking to talks about common sense. Antivirus isn’t necessarily ruled out, however, it is not going to protect you from every single thing.

OUCH! Newsletter: Yes, You Are a Target

Comments (0)

Alert (AA19-024A)

AA19024a is from the USCERT in regards to the DNS system and how it can be hijacked without your knowledge. This starts with creds stealing, and then moves on to takeover of the domain. This should be checked out, and steps should be taken where appropriate.

Comments (0)

Security Now, podcast 698

SN 698: Which Mobile VPN Client?
Tuesday, January 22, 2019, 6:01 PM

• Which is the right VPN client for Android, and which should you avoid at all costs?
• A very worrisome WiFi bug affecting billions of devices
• Hack a Tesla Model 3 at Pwn2Own
• Russia’s ongoing, failing and flailing efforts to control the Internet
• The return of the Anubis Android banking malware
• Google’s changing policy for phone and SMS App access
• Tim Cook’s note in TIME Magazine
• News of a nice Facebook Ad auditing page
• Another Cisco default password nightmare in widely used lower-end devices

Sounds like this is going to be a packed show. I can’t wait!

RSS for security Now

Download (filemail 60.3mb)

Comments (0)

IOS and Mac get updates

IOS and Mac hgetsupdates on January 22, 2019. Apple Releases iOS 12.1.3; Bringing Fixes for Bugs Affecting iPad Pro, HomePod, and CarPlay and Apple releases macOS 10.14.3, watchOS 5.1.3, and tvOS 12.1.2 are your two blog posts from apple vis. I hope this information is of value.

Comments (0)

Technology podcast 304 now out!

We are releasing podcast 304 of the tech podcast. RSS and Mixcloud has copies. For 7 days: File Mail will have this file up. It says its anonymous, but its mine. I wanted to see the linking option since you can have an email sent and also a link only. Show notes are below.


Welcome to podcast 304 of the technology blog and podcast series. Philmore Productions is back in the spotlight, this time, a very interesting voice mail saying that he’s getting a T1 update, but yet, you tell me if he’s describing voice ovr ip. I got a very interesting phone call, this happened in the middle of my blog post typing, so i stopped to answer the phone. The phone call didn’t identify itself from a company, but yet, went on to talk about the fact I was due 0 percent APR if I acted immediately. I talk about news notes, and things of interest that I’ve read including an article that was very interesting in court cases and jail time. Also, File Mail is a service that was discussed briefly from Security Now. Dice World has an update of interest, and of course contact information is available at the end of the program. I hope that you enjoy the program as much as I have putting it together for you. The program lasts 74 minutes.

Comments (0)

Strange looking emails for bitcoin

Hello all,

For the last few days, in multiple addresses that belong to me across my network, I’ve been getting email claiming that I’ve been doing some questionable things. There is only one problem that whoever sends these emails don’t know, and that they can’t use to their advantage.

The email claims that I’ve visited adult web sites and viewed teen material. If I were to view material, I would look for adult material.

Next, the message claims that I installed software which turned on my camera and they have video of me doing things while watching the video.

Next, they want bitcoin, which is a form of crypto currency. Its been around now for several years, and Security Now has talked about it in depth if you wish to learn more.

Whomever is sending these emails just wants payment. They claim to have my address book. Problem is, one of the addresses is a shared address and therefore doesn’t have an address book, so if they want to share something, they can, cause the mp4 which is a video file, would be blank.

As I’ve indicated, I’ve gotten several of these messages, and I believe all have gone to forwarders. Luckily, those addresses don’t have address books, right?

I would copy and paste the email in question, but i’ve decided that I don’t want to do that. What I want you to know, is that this is more than likely a scam. Even if they claim to hack your facebook like my various emails did, I know that I have two factor on my facebook, and it has not bothered me about potential log ins.

Stay safe out there, know what you have, and remember that this is just to get you to pay money you may not even have. Bitcoin can only be gotten in certain ways, and a search engine may not nevcessarily tell you where in your part of the world you can get bitcoin. I know of no place in which to get bitcoin, and I honestly haven’t invested any type of money to get coin. Its mainly used for illegal stuff anyway, although you can now use it at some places to buy, but its very few.

Thanks for reading, make it a great day.

Comments (0)

Here’s a change: change in court decisions

According to a recent article from Krebs on Security, it is looking like courts in different parts will be handing down harsher sentences for people who do denial of service attacks. Could this be a good thing? I really like the end of the article: “If you can’t do the time, than don’t do the crime.” I don’t remember at this moment if that is the exact quote at the end of the article, but it is going to fit.

According to the article, there are a lot of people who do this type of crime, and the consequences are not enough. They think that the crime should be punished harder because of the impact it has on business and the internet as a whole.

I’d invite you to read the article in full. The article is entitled: Courts Hand Down Hard Jail Time for DDoS and it was written on the 14th of January.

Comments (0)

Recent articles I’ve read, thoughts are welcome

Hello everyone,

Here are some of the items that I’ve read as of late that may be of interest to readers.

Two articles are of interest to me in regards to Germany. Seems as though they have a massive problem keeping data secure on people who are in Government. I’m hoping that this was a one time thing, and they’ve fixed the issues raised.

The other major article that interested me was the Apple Tech Support scam article that Krebs on Security had. written at the beginning of the year. If you’ve found anything of interest from this list, please feel free to let me know in the comments, or by sending me an email.

Comments (0)

Tech podcast 303

RSS has this as well as Mixcloud. Enjoy!


Here are the show notes.


Hello folks, welcome to podcast 303 of the technology blog and podcast series.

I’d like to start the podcast with something that came across my desk. This first segment deals with Swatting, and its a very interesting topic as now we’ve got a very interesting story that has a happy ending. Facebook cybersecurity exec victim of swatting call is the name of the article that sparked this discussion. When I retweeted this article, I got some likes and a conversation from someone who has been effected by swatting. The individual, whom I’m not naming talked to me about some things he’s been doing to learn, and he wrote an article A decidedly creepy story of how social media can impact your life. I told him my story of someone who had been wanting information from me, but yet, that individual was talked about on my podcast, and had to serve some time. He was able to gather that I’m blind, however, that isn’t top secret as its posted on my personal page, among other places as well. I sent some related articles his way which were written by me: Bullying, Is This Just a Disability Problem? and Can Social Media Really Be Bad for You? People need to think about their actions no matter whether they were targets of social engineering or swatting, both can have their own consequences. I think we really need to continue the conversation, and I’d love to hear from you on ways to curve the swatting and social engineering epidemic that has plagued us for way too long. Knowing that swatting has been a dacades long problem as of late isn’t going to make me feel better, thats for sure.

Next, I found someone with an interesting braille question, dealing with a contraction we’ve known for the longest time. While the contraction in question has not changed from English American Braille to Unified English Braille, the question was asked why the word here was spelled out with the “er” contraction and not the “dot 5, h” as we were taught. I’m curious on whether we have found an issue with the book with an error, or whether it was written that way by someone who doesn’t know the rules? I’m not going to speculate, but I’m putting it out there.

Next, Marty at Blindfold Games comes on the podcast to discuss his company Objective Education. I talk to him about some of the popular games, some that have dropped off, and about the new company. He gives his contact information at the end of that segment.

Finally, contact information as a whole, and a teaser on whats coming up on the next available podcast.

The podcast runs you 76 minutes, and I hope you enjoy! Thanks for listening!

Comments (0)

Facebook cybersecurity exec victim of swatting call | ZDNet

Hello folks, here’s something that I spotted while looking at twitter. It talks about another case of swatting, good thing nobody was killed in this incident. It links to other cases including Brian Krebs whom we talked about on our own podcast. This is scary, but yet real.

Prankster claimed exec had shot his wife, tied up his kids, and planted pipe bombs around the house.

Source: Facebook cybersecurity exec victim of swatting call | ZDNet

Comments (0)

Tech podcast 302

Tech podcast 302 is on our RSS feed for those who want it. I will make sure it gets on Mixcloud. In the meantime, I want to put up the show notes which you can see through the RSS already. Sorry for getting the show notes up late, I’ll do better next time.


Hello everyone, welcome to podcast 302 of Jared’s technology blog and podcast series. How many of you know about Live Wire and its sister system Ground Zero? If you don’t, I have a short segment in regards to both, and include Live Wire’s web site for you to go peruse its offerings. Next, BevMo payment breach affects thousands, with researchers pointing to Magecart is talked about, but yet, BevMo did the best they could. Next, Skype has some changes, and a potential bug that happened to me could happen to you. Finally, lesson 8 of the braille transcription course, and reading with Braille 2000 with JFW is demoed, as there is something that I’ve found that isn’t a show stopper, but yet, I’ve provided the file to Braille 2000 for their review and hopeful resolution. Contact information is at the end, and please feel free to utalize it. Thanks for reading the show notes, and enjoy your day!


I hope you enjoy the show as much as I have putting it together for you.

Comments (0)

Security Now, podcast 696

SN 696: Here Comes 2019!
Tuesday, January 8, 2019, 7:05 PM

Security Now (Audio)

list of 8 items
• The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people’s code.
• Emergency out-of-cycle patches from both Adobe and Microsoft.
• PewDiePie hacker strikes again.
• Prolific 0-day dropper SandboxEscaper ruffles some feathers.
• A new effort by the US government to educate industry about the risks of Cyber attacks.
• Welcome news on the ransomware front.
• VERY welcome news of a new Windows 10 feature.
• A note about a just-published side-channel attack on OS page caches.
list end

We invite you to read our
show notes.

Hosts:
Steve Gibson
and
Leo Laporte

Download or subscribe to this show at
https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the
GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.

Sponsors:

list of 3 items
• LastPass.com/twit
• securitynow.cachefly.com
• FreshBooks.com/securitynow
list end
Media files
sn0696.mp3
(audio/mpeg, 49.5 MB)

Comments (0)

Password Manager Users Exposed After Privacy Snafu

If you are a user of this service, it is important that you see this. I’m going through twitter, and saw this. I’ve never heard of the service, so I can’t comment on its use, but boy, this can’t be good.

Albine admits millions of Blur customers may have been affected

Source: Password Manager Users Exposed After Privacy Snafu

Comments (0)

What I’ve read the last little bit

Here’s what I’ve read in the last little bit.

Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes other countries need to learn what to look for so they aren’t bit, not saying that the United States doesn’t, but this article is targeting others outside the U.S. and we should teach tmem what they should look for.

In case you missed it, so I didn’t post this, DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy is the article.

Find anything that I’ve missed? Send it and lets talk.

Comments (0)

Why it’s Time to Switch from Facebook Login to a Password Manager

Hello folks,

In the continuing of catching up of news, Trend Micro has an interesting article dealing with Face Book, and its log in capabilities. We use whats called facebook connect to get connected to other apps and services. I’ve used it, but we now know that it isn’t the best thing we can do today.

Recently, Facebook disclosed a potential issue where data was exposed, because of the access to other apps, and this is done through their API and key system.

The article Why it’s Time to Switch from Facebook Login to a Password Manager talks about this more.

Whether you use Trend Micro’s solution, Lastpass, One Password, KeyPass, or another solution developed in the future, I know now that it isn’t a good idea to use facebook for my log in needs.

I decided with Dice World to go ahead and do that, but that was at a time when it wasn’t that big of a deal. I’m not going to change that now, but I won’t do it for anything else unless it recognizes where I am, like a game I’ve not talked about called Game World, by the same folks that make Dice World.

What do you guys think of this?

Comments (0)

Why are building systems connected to the Internet?

I have a question to start this post off. Why are building systems connected to the Internet, and what is their purpose? I’ve never heard of this until I heard it mentioned I believe near the end of Security Now’s recent podcasts. The article I found on this subject is called FBI warns industry that hackers could probe vulnerable connections in building systems which was published on the 21st of December, 2018. Here is a section, talking a particular port, that is wide open.

Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the
bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet
that could be of use to hackers.

“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against
known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.”

You’re welcome to check out this article in full, but I’ve never heard of this before. Is this the future of hacks? This can’t be good overall.

Comments (0)

Lets start the new year with more good news

Hello everyone,

Lets start the new year with some good news, although we all know that this is only a stepping stone. DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy was written on Cyber Scoop on the 20th of December, last year.

We all know that China is one of the forces, they targeted practically everyone with no mercy with their attacks.

The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S.
Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information
of over 100,000 Navy personnel, U.S. officials said.

This is just a highlight and this is only the beginning. Have you seen this?

Comments (0)

BevMo payment breach affects thousands, with researchers pointing to Magecart

Happy New Year,

I’m trying to catch up on 2018 news, and I found this article entitled BevMo payment breach affects thousands, with researchers pointing to Magecart and between BevMo and NCR, the companies could do no harm. The group behind this is known as Mage Cart, a loose hacking group looking for payment systems to target. The article has this as one word, but for ease of reading, I’m putting it as two words. NCR notified the BevMo company of the breach, they fixed the issue, and BevMo put out a release. While 14,500 plus is a small number, the company operates in three states, and sends to 8 others including Washington D.C. in the United States. Under the circumstances, both companies did the best they could, and I bet that we should see this type of response in the future.

What do you think? I’ll leave my thoughts on the podcast which will be number 302 in our series, and you can comment here or in my email box. Hope this partnership continues, this was the best under the circumstances.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu