go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: October 2019

Go to Homepage [0], contents or to navigation menu



site optimisation

Hi.
Well before I plunge into the load of comments, I have started extra site optimisation.
Once a year or maybe twice, or every so often, I will be sweeping the site of all unused things like spam, database comments, etc.
This is to reduce clutter and increase performance.
A note to users on the site.
For those like me that use wordpress as a direct login to the site 2step authentication is enabled on this site and on the wordpress system.
If you login via normal userid and password method you will still be able to get in.
But if you use wordpress to login, you will need to setup 2step.
Please backup the 10 backup codes you are given incase something happens.
If you end up using all or half or well whatever, just remember to regenerate your code list and keep it on a cloud storage device.
Another note, for admins, Site info is placed with the wordpress version, php, sql, etc.
Also note, that while it gripes on, healthcheck seems to want us to have php 7.3 and according to performance tips you don’t need this.
As well as this, jetpack now handles image and page caches via wordpress cloud services.
I have noticed immediate speeding up of the system.
Later on, I may concidder extra services like cloudflare and maxcdn but as I need to get more iinvolved lets try the easy solutions.
Oh, also, jetpack should in theory update plugins when they update, so no more me having to login all the time and update plugins.

Comments (0)

Tech podcast 326: Dice World, NCSAM, braille transcription, and more

The RSS feed found here found here and the telephone line Live Wire on my show and bulletine board 974 now have my latest podcast. The show is up now, but the board will pull it within the next 24 hours.

The show notes are sweet and to the point I think, I am also working on shortening the intro too. Lets see how it goes.


On this podcast, Jaws and firefox’s latest version. NCSAM should be all the time, yes or no? We’ve got a braille transcription update, and Dice World has a new layout.

Comments (0)

Brians club gets hacked, Uses Brian Krebs and his name

Brian Krebs talks about a carding shop entitled Brians Shop. The people behind this shop pedle Brian’s name and his web site Krebs on Security with a copyright notice. I don’t believe I’ve ever heard of this before, but yet, this just seems wrong. “BriansClub” Hack Rescues 26M Stolen Cards is the article.

Between 2015 and 2019 according to the article, this web site sold 9.1 million credit cards earning the site 126 million bucks. This was all stolen credit card data.

If I were to do this, and do it successfully, I would not use likenesses of a company, I’d use my own company. I’m surprised that Brian Krebs didn’t go after these guys for copyright or something, since his blog, and anything written is copyrighted by the site. Flashpoint helped with analysis of the data, and there’s definitely more to this story. I’m sure that this will get interesting as time passes.

Comments (0)

Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!

Comments (1)

NCSAM: Security features you should be using in password managers

While the article is actually entitled LastPass Security Features You Should Be Using I’ve been thinking of this more in regards to passwords in general. If you don;’t use passwords in a password manager, that is a choice that you make based on your own needs. I’m not going to change your mind. If you do use passwords in a password manager, have you explored its options to see what else you can store? I’ve not really understood Lastpass that well, especially when it comes to storing documents like birth certificates, passports, and the like, but i have stored notes such as product ID’s of products, and other notations including passwords for one of my network’s list management and other things.

I’m sure we can all learn about what our password manager of choice can hold, and we should continue to enquire in to what types of things it can do.

I would take the items within the last pass article, and see if your manager has similar features. Good luck!

Comments (0)

Capital One hacker … innocent or guilty? You decide!

According to the latest from CyberScoop, they are talking about the suspect Page Thompson may have had 20 to 30 TB of data from various companies. They also indicate that she is a flight risk. But what we didn’t find out, and I am not going to say one way or the other, but Page may have been male, now becoming female according to the article. Whether you’re male or female, it honestly doesn’t matter because there is a lot of data that the government is going through that you allegedly had on you. I think the judge is trying to treat Page as fairly as possible whether they are male or female. If the judge thinks she/he is a flight risk, and they think she/he is going to do something, than that should be taken in to account. If I rember correctly, this suspect pleaded not guilty correct? There are a bunch of links within this article including the not guilty plea which I was correct on. Read the article update from cyberscoop: Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say and make your own opinions on this one.

Comments (0)

Apple Releases iOS 13.1.3, iPadOS 13.1.3, and macOS Catalina Supplemental Update

This is the article title from apple vis. They cover whats new in these releases and you may want to take the time to update if you have had the issues mentioned in the article. go on over to apple vis to read more. Thanks for listening and reading.

Comments (0)

NCSAM: email delivery: check the sender of email

I may be a little bit behind, so excuse me. Today, I read a blog post as part of the NCSAM series that I think is appropriate. It talks about checking the senders email address as part of the verification process. This is especially true, as now a days, the sender can claim to be someone you know.

I have first hand experience with this. I know someone who will remain nameless for this blog post. I also have their email address. I got an email recently that had their full name. In the body, was a link.

When they originally sent links to me, they included a note such as “here you go” or something to indicate what I was getting as well as a subject line.

In the email preporting to be them, I forget what the subject line was if it had one, but the body had a link such as hxxp://aerifog.com (don’t go there) instead of something that i was expecting.

I think out of curiosity, I went to see what it was, as I felt it wasn’t melicious, but once I saw where I was headed, I backed out.

Today, I think its time to stop doing that. If I’m not expected to go somewhere based on an email I’m expecting, then I’m not going there. I’ve sometimes gotten curious, but I think it is becoming too much of a problem to do that now.

I’m not going to say that I won’t occasionally look, but I think eventually I’m going to get caught.

With shorteners like cutt.us you can add a character to see stats and see exactly where you’re going. I’ve done this when I’m curious and I know they’re available to check that.

Another thing this article mentions is to check the way the person writes.

  • Do they have a default signature?
  • Do they greet you by name?
  • If not by name, by company name?
  • Does the company send you promos and things like Amazon?
  • When you coorespond, does the company have a signature with phone number, address, hours of operation, or something that you spot in every communication?

These are some ideas I can think of and questions to ponder when you get email.

When I send email from my tech at menvi address, I have a signature, my name and technology blog and podcast is in the name, and if I send you something, I include a link directly to where you’re going. I also in the signature have a signature with my blog address and main web page.

If you communicate with me using other addresses, you’ll see various signatures except gmail where I just sign.

I suggest you take a look at this Phishlabs blog post entitled Beware of Account Takeover which may have other tips that I haven’t covered that may be of value to you as we learn how to stay safe in the ever changing landscape we call the Internet.

Please share what thoughts you might have when it comes to how you, the individual, or you as a company, tell customers how to stay safe when it comes to email delivery. Lets talk!

Comments (0)

HP launches Spectre x360 13 pre-installed with ExpressVPN

Just like an antivirus/anti-malware solution, having a VPN installed on your PC is very important. Are you ever concerned about the privacy of your online activity? Or worried about advertising trackers? Or maybe you are trying to access content that is prohibited by your government or Internet Service Provider (ISP)? Do you ever want to watch certain movies on Netflix only to find that they are not available in your country? A VPN will help you solve all the above problems. What’s more, a VPN is affordable and easy to use, especially in the case of the recent HP and ExpressVPN partnership where the VPN comes pre-installed on the latest HP performance laptop.

 

The HP and ExpressVPN partnership

Consumer VPN expert ExpressVPN recently announced its partnership with the giant tech company HP Inc. As part of the agreement, a selected number of PC’s will come pre-installed with ExpressVPN’s Windows app to help protect users’ privacy and security online. 

HP’s recently unveiled Spectre x360 13 laptop model will be the first one to enjoy this arrangement that includes a 30-day trial period to see if the VPN is a good fit for them. The product will, however, get incorporated on more HP models in the coming months.  After the trial period has elapsed, users will get an opportunity to either buy a longer plan or opt-out of the subscription. 

 

About ExpressVPN

ExpressVPN is the market leader in consumer VPNs. Its popularity stems from its speed, security, reliability, and ease-of-use. ExpressVPN helps users to secure their data traffic and guard their online presence against prying eyes. This VPN gives users peace of mind when they connect to untrusted or unsecured networks, such as public Wi-Fis at the coffee shops, hotels, and airports. You will be able to encrypt your network data and secure your internet browsing experience with one simple click!

 

ExpressVPN TrustedServer Technology

ExpressVPN’s TrustedServer technology presents a major surge in protecting consumer privacy and security by addressing key risks common with how VPN servers are conventionally run. 

Traditionally, server owners install the software and operating system during the initial set up of the server and then add amendments over time. Take note that every change made gives rise to the possible changes among servers, decreasing the trust that each one of them is using the same exact code. 

ExpressVPN’s TrustedServer technology ensures each of its 3,000+ VPN servers uses the most recent software. Every time the server reboots, it loads the most up-to-date read-only picture containing the whole software stack, OS, and others. This is to say that ExpressVPN is aware of everything that is running on all their servers, which minimizes the possibility of exposure or misconfiguration and greatly enhance VPN security.

 

HP Spectre x360 13 Features

HP’s newest Spectre x360 13 laptop model combines the cultivation of impressive design and mobility, with heightened security and performance features that allow users to enjoy their passions without limitations.

With 6 out of 10 PC users concerned about their privacy being compromised, the new Spectre model features a dedicated mute mic key, HP Webcam Kill Switch, and an extra HP Sure View display. It also features twice the performance of its predecessors with an extended battery life of up to 22 hours, enough to take you through the day. 

 

About HP

HP is a global IT corporation specializing in the sale of software, hardware, and other similar services. The company was founded in 1939 by engineers David Packard and William R. Hewlett. HP’s product line includes PCs and other computing devices, software, storage tools, scanners, printers, plotters, and enterprise and industry-standard servers among other imaging devices. In 2014, HP decided to split the company into two– HP, Inc. and Hewlett-Packard Enterprise.

People who use PC’s/laptops are mostly on the go, and this often results in the use of unsecured Wi-Fi networks. With a speedy and trustworthy VPN like ExpressVPN, users of the new Spectre x360 13 will walk with their head high knowing that their privacy and security remain unaffected regardless of whichever Wi-Fi network they are on. 

Comments (0)

Will Apple get hacked more in the future? Business insider says yes

With apples IOS 13, and very successful hacks in to the IOS platform, we’re starting to see Apple being targeted. According to this article from Business Insider entitled A cybersecurity expert explains why we’re likely to see more Apple hacks in the future we’re going to see more hacks toward IOS and Mac devices. Windows is also covered, and rightly so.

While my phone is older, and I’ll be looking to replace it soon, making sure our software is as up to date as possible is now more crucial. This is going to get interesting as we continue to see these types of issues including data breaches in general.

The fact that the article talks about whats app as an entry point, whats app developers need to fix that hole too. Its not all the operating systems fault, whether its windows, mac, ios, android, lynux, or any other operating system out there.

NCSAM

Comments (0)

British Airways data breach: class action lawsuit approved – IT Governance Blog

Here is British Airways news. I think I covered this back when it broke, so I found something and thought I’d post this update here to the blog.

We need to remember things are changing, and this is only the beginning of the problems if we can’t figure out how to protect ourselves the best we can.

A portion of the article and the link follow.

The High Court has granted a group litigation order, effectively giving the go-ahead to mass legal action from 500,000 victims of the 2018 BA data breach.

Source: British Airways data breach: class action lawsuit approved – IT Governance Blog

Comments (0)

Presidential campaigners are not secure … this can’t be good

According to an article I’ve thought about and saw today, 16 out of 23 potential candidates are not security concious and have some things to fix before next year and running for president.

I’m not going to rehash the articles I wrote on Donald Trump, you can go to my article listings page AND SEARCH them out on your own under the vocal heading. If this is in any indication, we’re going to have another long 4 years if someone new wins and their cybersecurity is not to par.

Article: U.S. Presidential Campaigns Struggle With Cybersecurity

Comments (0)

Alabama got hit with Ransomware, pays ransome

Hello all,

Well, the news this week deals with Alabama getting hit with Ransomware. According to this article entitled Ransomware attacks are insidious. Experts urged healthcare CIOs to invest in proactive security measures to combat the growing threat. Alabama was the target. Unfortunately, Ransomware is not going to be going away, and thats because its a great moneymaker.

I wonder how this type of thing is created to begin with? I’m not saying that I’d send it out and demand money, since my goal of the blog and podcast is to alert you all on whats out there so we can protect myself. We all need money, but we need to do it the right way.

For example, on one of the pages on the blog is a donations button I believe. But if not, thats OK. Money isn’t the object of this podcast, but if you’re interested in donation options, get in touch.

I’m confident when I reminisce about the story one of my buddies told me about one of our own in the blindness field getting targeted with Ransomware. Remember this article entitled ATPC Hit with Ransomware, Does Not Pay where I talked about a textbook case of doing it correctly? We should bring it out and show companies that a company serving the blind community did it correctly, and we should all learn.

Getting back to the article at hand, Security Now covered quite a bit of ransomware this week in their episode for this week. If that show goes in to ransomware mode, whereby they’re covering nothing but ransomware in the news, its going to be the whole entire show. This can’t be a good sign.

Here are the notations from that episode.

  • Ransomware hits schools, hospitals, and hearing aid manufacturers
  • Sodinokibi: the latest advances in Ransomware-as-a-Service
  • Win7 Extended Security Updates are extended
  • A new Nasty 0-Day RCE in vBulletin
  • There’s a new WannaCry in town

As you can see, there are lots of things going on here, and its not going to go away any time soon. The fact that the main topic of this blog is ta;lking about the Alabama case, there is a lot more happening that we should be learning about too, and thats why I find the story of value. This is going to get very interesting.

Comments (0)

Trend Micro’s next webinar

The title of the next webinar is going to be “What’s Up with Web Threats?” It’ll be held on October 29th at 1 ET 10 PT and I am going to try and make it. If not, a recording will be provided afterword.

Today’s threats are now hitting us hard. Web threats, email threats, telephone calls, and more. Please sign up and learn how you can protect yourself and teach others what they can do afterword. We can do this together.

With the popularity of the web, and everything that is connected to it, there is no surprise it is the second most detected threat within our customer
accounts.

In this month’s threat webinar, I will review the numerous types of web-based threats affecting your employees, such as embedded URLs within emails, malvertisements,
drive-by downloads, and command and control (C&C) servers.

As well, I will be reviewing some best practices you can use to better protect your organization, employees, and web servers from these attacks. Because
when you can prepare for, withstand, and rapidly recover from threats, you’re free to go further and do more.

That’s The Art of Cybersecurity.

I’ll see you there!

Comments (0)

Its time for another patch Tuesday: time to reboot and update your systems

Its time for another patch Tuesday, and Krebs On Security and Trend Micro are offering the articles in regards to whats out there. I’ve already taken the computer offline and did the reboot necessary. The computer seemed to be a little slow anyway, so the reboot helped clear that up.

Below, please find the articles from my sources. Stay safe!

Please feel free to check these articles out for more information. Trend Micro is the longer of the two, where they detail whats patched, while Krebs is good in its own right, some detail, but enough to cover everything since Adobe is covered in that post as well. Both are good for their own right, and I want people to choose what article they want to take from. Thanks so much for reading, and make it a great day!

Comments (0)

Magecart is at it again, this thing doesn’t die

According to FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops from the TREND MICRO intelligence blog, this thing isn’t going away any time soon. According to the beginning of the article, another 3126 sites are effected, and this is now on the web, not just your brick and morter shop now. Once this thing is installed, it scrapes credit card data through scripts through the SSL connection and out to the bad guys. There are links to various items on this article, so paraphraising is going to be difficult. I’m passing this along so that we all can be aware, and do the best we can to protect our cards from this attack.

The bad thing is that the site may even look normal, and we may never know it. It seems thats the risk we take now. Let me know your thoughts on this one. It can’t be good.

Comments (0)

The New Features, Changes, Improvements, and Bugs in macOS Catalina for Blind and Low Vision Users

A little bit of Mac news coming across our desk while perusing Apple vis. This blog post with the same article title has all of the details.

What I really like are the functions that remind me of Dragon during voice dictation. That is awesome! I tried Dragon with Jaws many years ago, but its been a long time.

There are some bugs in regards to playing podcasts, and another bug, but a lot of enhancements with this update.

Give it time, update at your convenience, and feel free to report any bugs to the AppleVis community so they’re aware of it and to Apple so they can fix it.

Do let me know if you find this info of value.

Comments (0)

NCSAM: Part 2: Scott Schober’s latest book is a must read

If you read nothing else this month, I’ve been referencing Scott Schober’s second book Cybersecurity’s Everyone’s Business and I read part 2. Part 2 of the book covered several breaches including the biggest in health care, Anthom Blue Cross, Equifax, and more.

Equifax still has a bunch to say for itself, and I have two articles myself I wrote through the Vocal platform. They are: Equifax Breach: Why You Should Be Worried After the Latest Breach September 15, 2017 and <a href=”More On the Equifax Breach: Why It’s Time to Keep that Software Up to Date which was posted to 01.media on September 26th of that same year. I’m sure you can find other articles and Krebs was also cited in this part in numerous breaches.

What I found amazing ws the details or lack there of when it came to DynDNS, which took half the net down, or so it seemed.

Some of these breaches we have no control of, especially the equifax breach. Some people even went so far as to call them equifish, (equiphish) and this is no joke. Steve Gibson, the guy behind Security Now on the twit network was at a loss. Nobody can really explain the hack, and the fact they paid millions of dollars doesn’t explain the piss poor job there.

Uber I was not a customer of when that breach happened. The fact they went through several CEO’s and the future of the company is still uncertain because it blows through money should probably not surprise me. I know I’ve blown through money when I was younger, and I bet you we all do it. I’ve had some great experiences with Uber, even at my new location, so I have nothing bad to say. A couple of times were interesting, but I was never stranded, thats paratransit for you.

The goal of this post is not to cover paratransit, but to cover the portion of the book I’ve read to date. These chapters are short, but delve out the information you need to know. I still feel the book is a must read for everyone. Have you gotten your copy?

Some articles this brings me back to include but not limited to:

Podcast 288 talks about Equifax one year later, in articles i’ve read and a whole lot more about the cybersecurity incident.

This also brings me back to the article I posted recently: Cybersecurity: 99% of email attacks rely on victims clicking links where one of the hacks was the cause of phishing or social engineering. This I feel is only going to get worse, and I don’t know what the solution is besides training. NCSAM: Is training to stay safe not sinking in? that is the big question here. I feel we all can use training. Every single one of us. It has to start somewhere.

Comments (0)

Technology podcast 325: Door dash, Commentary, NCSAM, Scotts New Book, and A Braille Transcription update

Welcome to the technology blog and podcast.

  • Doordash is the latest major breach, lots of coverage on it. It happened between the release of 324 and now. Is this the beginning of the end? Here is the blog post on it.
  • There is some commentary left by Joseph. We’d love to hear more on what you have to say, so please leave thoughts on segments.
  • Password managers and phone calls is the third segment as we start NCSAM. Here is the blog post on phone numbers which should be really discussed. JHere is the blog post on password managers as well.
  • Scott Schober wrote a new book. Here is the blog post on this book. I talk about chapter 3 specifically, and my thoughts on it, as it did hit home for me.
  • Finally, I’ve got a braille transcription update as I continue to struggle with assignment 15. I think I’m almost there! Thoughts?

My contact information is available at the end of the program, and thanks for listening.

Comments (0)

The court allowed the FCC to kill net neutrality because washing machines can’t make phone calls

I read a good portion of this, and I know the person who wrote this, I believe he was on This Week in Law on Twit. That podcast I quit listening to for some reason, I really should pck that podcast up. Check this article out, its lengthy, but yet goes in to the Net Neutrality debate, again. Oh Boy.


There is also a quote from Macbeth? Let’s experience this together.

Source: The court allowed the FCC to kill net neutrality because washing machines can’t make phone calls

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu