The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
SN 699: Browser Extension Security
SN 699: Browser Extension Security
Tuesday, January 29, 2019, 7:18 PM
Security Now (Audio)
• The expressive power of the social media friends we keep
• The persistent DNS hijacking campaign which has the US Government quite concerned
• Last week’s iOS and macOS updates (and doubtless another one very soon!)
• A valiant effort to take down malware distribution domains
• Chrome catching up to IE and Firefox with drive-by file downloads
• Two particularly worrisome vulnerabilities in two Cisco router models publicly disclosed last Friday
• The state of the industry and the consequences of extensions to our web browsers.
We invite you to read our
show notes.
Hosts:
Steve Gibson
and
Leo Laporte
Download or subscribe to this show at
https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the
GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.
Sounds like another packed show, and I’m looking forward to it. This should be fun.
Comments (0)
Tech podcast 305
RSS and mixcloud have the show.
Hello everyone, welcome to podcast 305 of the tech series. On this podcast, I talk about the domain name system in the first segment. There is a very interesting issue that was recently disclosed, however, it isn’t so bad unless you give your credentials out to someone you don’t trust. Alert (AA19-024A) was posted to the blog which links directly to the advisory. Other news articles also talk about this as well as Security Now’s Steve Gibson. Pure Nature and the Ralphs Supermarket app are also demoed. The podcast will last you about an hour and 40 minutes and I hope you enjoy this extended program. Thanks for listening, and make it a great day!
Comments (0)
December Ouch! December 2018 Newsletter
Hi all, I know I’m late with this, and I’ve got some time to look at some email. I recently came across the December 2018 Ouch! newsletter. This newsletter is entitled Yes, You Are a Target. This is very interesting, because it talks about how criminals can get at you even though they don’t want you
A lot of what the article here I’ll be linking to talks about common sense. Antivirus isn’t necessarily ruled out, however, it is not going to protect you from every single thing.
OUCH! Newsletter: Yes, You Are a Target
Comments (0)
Alert (AA19-024A)
AA19024a is from the USCERT in regards to the DNS system and how it can be hijacked without your knowledge. This starts with creds stealing, and then moves on to takeover of the domain. This should be checked out, and steps should be taken where appropriate.
Comments (0)
Security Now, podcast 698
SN 698: Which Mobile VPN Client?
Tuesday, January 22, 2019, 6:01 PM
• Which is the right VPN client for Android, and which should you avoid at all costs?
• A very worrisome WiFi bug affecting billions of devices
• Hack a Tesla Model 3 at Pwn2Own
• Russia’s ongoing, failing and flailing efforts to control the Internet
• The return of the Anubis Android banking malware
• Google’s changing policy for phone and SMS App access
• Tim Cook’s note in TIME Magazine
• News of a nice Facebook Ad auditing page
• Another Cisco default password nightmare in widely used lower-end devices
Sounds like this is going to be a packed show. I can’t wait!
Comments (0)
IOS and Mac get updates
IOS and Mac hgetsupdates on January 22, 2019. Apple Releases iOS 12.1.3; Bringing Fixes for Bugs Affecting iPad Pro, HomePod, and CarPlay and Apple releases macOS 10.14.3, watchOS 5.1.3, and tvOS 12.1.2 are your two blog posts from apple vis. I hope this information is of value.
Comments (0)
Technology podcast 304 now out!
We are releasing podcast 304 of the tech podcast. RSS and Mixcloud has copies. For 7 days: File Mail will have this file up. It says its anonymous, but its mine. I wanted to see the linking option since you can have an email sent and also a link only. Show notes are below.
Welcome to podcast 304 of the technology blog and podcast series. Philmore Productions is back in the spotlight, this time, a very interesting voice mail saying that he’s getting a T1 update, but yet, you tell me if he’s describing voice ovr ip. I got a very interesting phone call, this happened in the middle of my blog post typing, so i stopped to answer the phone. The phone call didn’t identify itself from a company, but yet, went on to talk about the fact I was due 0 percent APR if I acted immediately. I talk about news notes, and things of interest that I’ve read including an article that was very interesting in court cases and jail time. Also, File Mail is a service that was discussed briefly from Security Now. Dice World has an update of interest, and of course contact information is available at the end of the program. I hope that you enjoy the program as much as I have putting it together for you. The program lasts 74 minutes.
Comments (0)
Strange looking emails for bitcoin
Hello all,
For the last few days, in multiple addresses that belong to me across my network, I’ve been getting email claiming that I’ve been doing some questionable things. There is only one problem that whoever sends these emails don’t know, and that they can’t use to their advantage.
The email claims that I’ve visited adult web sites and viewed teen material. If I were to view material, I would look for adult material.
Next, the message claims that I installed software which turned on my camera and they have video of me doing things while watching the video.
Next, they want bitcoin, which is a form of crypto currency. Its been around now for several years, and Security Now has talked about it in depth if you wish to learn more.
Whomever is sending these emails just wants payment. They claim to have my address book. Problem is, one of the addresses is a shared address and therefore doesn’t have an address book, so if they want to share something, they can, cause the mp4 which is a video file, would be blank.
As I’ve indicated, I’ve gotten several of these messages, and I believe all have gone to forwarders. Luckily, those addresses don’t have address books, right?
I would copy and paste the email in question, but i’ve decided that I don’t want to do that. What I want you to know, is that this is more than likely a scam. Even if they claim to hack your facebook like my various emails did, I know that I have two factor on my facebook, and it has not bothered me about potential log ins.
Stay safe out there, know what you have, and remember that this is just to get you to pay money you may not even have. Bitcoin can only be gotten in certain ways, and a search engine may not nevcessarily tell you where in your part of the world you can get bitcoin. I know of no place in which to get bitcoin, and I honestly haven’t invested any type of money to get coin. Its mainly used for illegal stuff anyway, although you can now use it at some places to buy, but its very few.
Thanks for reading, make it a great day.
Comments (0)
Here’s a change: change in court decisions
According to a recent article from Krebs on Security, it is looking like courts in different parts will be handing down harsher sentences for people who do denial of service attacks. Could this be a good thing? I really like the end of the article: “If you can’t do the time, than don’t do the crime.” I don’t remember at this moment if that is the exact quote at the end of the article, but it is going to fit.
According to the article, there are a lot of people who do this type of crime, and the consequences are not enough. They think that the crime should be punished harder because of the impact it has on business and the internet as a whole.
I’d invite you to read the article in full. The article is entitled: Courts Hand Down Hard Jail Time for DDoS and it was written on the 14th of January.
Comments (0)
Recent articles I’ve read, thoughts are welcome
Hello everyone,
Here are some of the items that I’ve read as of late that may be of interest to readers.
- Tech Support Scams: What are They and How do I Stay Safe?
- Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users
- January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities
- Patch Tuesday, January 2019 Edition
- Dirt-Cheap, Legit, Windows Software: Pick Two
- Vast breach exposes German politicians’ personal data
- Germany sought NSA help after breach exposed lawmakers’ data
- Apple Phone Phishing Scams Getting Better
Two articles are of interest to me in regards to Germany. Seems as though they have a massive problem keeping data secure on people who are in Government. I’m hoping that this was a one time thing, and they’ve fixed the issues raised.
The other major article that interested me was the Apple Tech Support scam article that Krebs on Security had. written at the beginning of the year. If you’ve found anything of interest from this list, please feel free to let me know in the comments, or by sending me an email.
Comments (0)
Tech podcast 303
RSS has this as well as Mixcloud. Enjoy!
Here are the show notes.
Hello folks, welcome to podcast 303 of the technology blog and podcast series.
I’d like to start the podcast with something that came across my desk. This first segment deals with Swatting, and its a very interesting topic as now we’ve got a very interesting story that has a happy ending. Facebook cybersecurity exec victim of swatting call is the name of the article that sparked this discussion. When I retweeted this article, I got some likes and a conversation from someone who has been effected by swatting. The individual, whom I’m not naming talked to me about some things he’s been doing to learn, and he wrote an article A decidedly creepy story of how social media can impact your life. I told him my story of someone who had been wanting information from me, but yet, that individual was talked about on my podcast, and had to serve some time. He was able to gather that I’m blind, however, that isn’t top secret as its posted on my personal page, among other places as well. I sent some related articles his way which were written by me: Bullying, Is This Just a Disability Problem? and Can Social Media Really Be Bad for You? People need to think about their actions no matter whether they were targets of social engineering or swatting, both can have their own consequences. I think we really need to continue the conversation, and I’d love to hear from you on ways to curve the swatting and social engineering epidemic that has plagued us for way too long. Knowing that swatting has been a dacades long problem as of late isn’t going to make me feel better, thats for sure.
Next, I found someone with an interesting braille question, dealing with a contraction we’ve known for the longest time. While the contraction in question has not changed from English American Braille to Unified English Braille, the question was asked why the word here was spelled out with the “er” contraction and not the “dot 5, h” as we were taught. I’m curious on whether we have found an issue with the book with an error, or whether it was written that way by someone who doesn’t know the rules? I’m not going to speculate, but I’m putting it out there.
Next, Marty at Blindfold Games comes on the podcast to discuss his company Objective Education. I talk to him about some of the popular games, some that have dropped off, and about the new company. He gives his contact information at the end of that segment.
Finally, contact information as a whole, and a teaser on whats coming up on the next available podcast.
The podcast runs you 76 minutes, and I hope you enjoy! Thanks for listening!
Comments (0)
Facebook cybersecurity exec victim of swatting call | ZDNet
Hello folks, here’s something that I spotted while looking at twitter. It talks about another case of swatting, good thing nobody was killed in this incident. It links to other cases including Brian Krebs whom we talked about on our own podcast. This is scary, but yet real.
Prankster claimed exec had shot his wife, tied up his kids, and planted pipe bombs around the house.
Source: Facebook cybersecurity exec victim of swatting call | ZDNet
Comments (0)
Tech podcast 302
Tech podcast 302 is on our RSS feed for those who want it. I will make sure it gets on Mixcloud. In the meantime, I want to put up the show notes which you can see through the RSS already. Sorry for getting the show notes up late, I’ll do better next time.
Hello everyone, welcome to podcast 302 of Jared’s technology blog and podcast series. How many of you know about Live Wire and its sister system Ground Zero? If you don’t, I have a short segment in regards to both, and include Live Wire’s web site for you to go peruse its offerings. Next, BevMo payment breach affects thousands, with researchers pointing to Magecart is talked about, but yet, BevMo did the best they could. Next, Skype has some changes, and a potential bug that happened to me could happen to you. Finally, lesson 8 of the braille transcription course, and reading with Braille 2000 with JFW is demoed, as there is something that I’ve found that isn’t a show stopper, but yet, I’ve provided the file to Braille 2000 for their review and hopeful resolution. Contact information is at the end, and please feel free to utalize it. Thanks for reading the show notes, and enjoy your day!
I hope you enjoy the show as much as I have putting it together for you.
Comments (0)
Security Now, podcast 696
SN 696: Here Comes 2019!
Tuesday, January 8, 2019, 7:05 PM
Security Now (Audio)
list of 8 items
• The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people’s code.
• Emergency out-of-cycle patches from both Adobe and Microsoft.
• PewDiePie hacker strikes again.
• Prolific 0-day dropper SandboxEscaper ruffles some feathers.
• A new effort by the US government to educate industry about the risks of Cyber attacks.
• Welcome news on the ransomware front.
• VERY welcome news of a new Windows 10 feature.
• A note about a just-published side-channel attack on OS page caches.
list end
We invite you to read our
show notes.
Hosts:
Steve Gibson
and
Leo Laporte
Download or subscribe to this show at
https://twit.tv/shows/security-now.
You can submit a question to Security Now! at the
GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site:
grc.com,
also the home of the best disk maintenance and recovery utility ever written
Spinrite 6.
Sponsors:
list of 3 items
• LastPass.com/twit
• securitynow.cachefly.com
• FreshBooks.com/securitynow
list end
Media files
sn0696.mp3
(audio/mpeg, 49.5 MB)
Comments (0)
Password Manager Users Exposed After Privacy Snafu
If you are a user of this service, it is important that you see this. I’m going through twitter, and saw this. I’ve never heard of the service, so I can’t comment on its use, but boy, this can’t be good.
Albine admits millions of Blur customers may have been affected
Source: Password Manager Users Exposed After Privacy Snafu
Comments (0)
What I’ve read the last little bit
Here’s what I’ve read in the last little bit.
Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes other countries need to learn what to look for so they aren’t bit, not saying that the United States doesn’t, but this article is targeting others outside the U.S. and we should teach tmem what they should look for.
In case you missed it, so I didn’t post this, DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy is the article.
Find anything that I’ve missed? Send it and lets talk.
Comments (0)
Why it’s Time to Switch from Facebook Login to a Password Manager
Hello folks,
In the continuing of catching up of news, Trend Micro has an interesting article dealing with Face Book, and its log in capabilities. We use whats called facebook connect to get connected to other apps and services. I’ve used it, but we now know that it isn’t the best thing we can do today.
Recently, Facebook disclosed a potential issue where data was exposed, because of the access to other apps, and this is done through their API and key system.
The article Why it’s Time to Switch from Facebook Login to a Password Manager talks about this more.
Whether you use Trend Micro’s solution, Lastpass, One Password, KeyPass, or another solution developed in the future, I know now that it isn’t a good idea to use facebook for my log in needs.
I decided with Dice World to go ahead and do that, but that was at a time when it wasn’t that big of a deal. I’m not going to change that now, but I won’t do it for anything else unless it recognizes where I am, like a game I’ve not talked about called Game World, by the same folks that make Dice World.
What do you guys think of this?
Comments (0)
Why are building systems connected to the Internet?
I have a question to start this post off. Why are building systems connected to the Internet, and what is their purpose? I’ve never heard of this until I heard it mentioned I believe near the end of Security Now’s recent podcasts. The article I found on this subject is called FBI warns industry that hackers could probe vulnerable connections in building systems which was published on the 21st of December, 2018. Here is a section, talking a particular port, that is wide open.
Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the
bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet
that could be of use to hackers.“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against
known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.”
You’re welcome to check out this article in full, but I’ve never heard of this before. Is this the future of hacks? This can’t be good overall.
Comments (0)
Lets start the new year with more good news
Hello everyone,
Lets start the new year with some good news, although we all know that this is only a stepping stone. DOJ indicts 2 hackers linked to Chinese spy agency for breaching tech firms, U.S. Navy was written on Cyber Scoop on the 20th of December, last year.
We all know that China is one of the forces, they targeted practically everyone with no mercy with their attacks.
The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S.
Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information
of over 100,000 Navy personnel, U.S. officials said.
This is just a highlight and this is only the beginning. Have you seen this?
Comments (0)
BevMo payment breach affects thousands, with researchers pointing to Magecart
Happy New Year,
I’m trying to catch up on 2018 news, and I found this article entitled BevMo payment breach affects thousands, with researchers pointing to Magecart and between BevMo and NCR, the companies could do no harm. The group behind this is known as Mage Cart, a loose hacking group looking for payment systems to target. The article has this as one word, but for ease of reading, I’m putting it as two words. NCR notified the BevMo company of the breach, they fixed the issue, and BevMo put out a release. While 14,500 plus is a small number, the company operates in three states, and sends to 8 others including Washington D.C. in the United States. Under the circumstances, both companies did the best they could, and I bet that we should see this type of response in the future.
What do you think? I’ll leave my thoughts on the podcast which will be number 302 in our series, and you can comment here or in my email box. Hope this partnership continues, this was the best under the circumstances.
Comments (0)
navigation menu
- Archives
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 8 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”