go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: October 2019

Go to Homepage [0], contents or to navigation menu



NCSAM: protecting our kids online

We can’t forget the blog posts that are around the Internet dealing with protecting children online.

We all in our lives at one time or another have made mistakes. We must learn from them too. That also goes for children online. There is a bigger risk with children, and data minors know this and try to get kids to click on things just as much as us adults. This article Home and Away, All Year Round: How Can I Keep My Kids Safe Online? has 8 different points which I’m mentioning in an upcoming podcast that we can all take from, not just teaching the kids.

If we all on’t learn from these tips, the internet could become a very interesting place if it hasn’t already. I know there are other articles I may want to cover as NCSAM closes, so I’ll try to get them read within the next several days. This is going to get rather interesting don’t you think?

Comments Off on NCSAM: protecting our kids online

IOS 13.2 now out, lots fixed, a few new bugs

IOS 13.2 is now out. Apple vis has the details of lots of fixes, but 4 potential bugs that could have you holding off if you use braille. Spome may be device specific, so your milage will vary. Here is the Apple vis post on IOS 13.2 for you to peruse. Happy updating!

Comments Off on IOS 13.2 now out, lots fixed, a few new bugs

Jaws 2020 now or soon to be released

Hi all, I was going through and updating podcasts, and the freedom scientific podcast was released and I will be sure to check it out. It said that Jaws 2020 would be released ssoon. According to this Freedom Scientific news page it looks like its released today but I’m unclear. There are a lot in the show notes, so I’m not going to bore you with every little detail of the update. Lots of fixes though and some that might apply to you.

I can’t wait to see what might apply to me and to those that utalize it. I hope that this post is of value, and please email me or post a comment to tell me if this is an official release date, or release notes prior to the release which should be any day since the notes on the podcast say the end of the month.

Thanks for reading!

Comments Off on Jaws 2020 now or soon to be released

Whats going on with web threats? The October webinar by Trend Micro

This month, Trend Micro’s webinar was in regards to what is going on with web threats? This is the link to the on demand webinar. One of the things that I was quite interested in was the fact that web threats are now including sextortion. This is a term I’ve never heard of, and a brief lookup through wikipedia was quite interesting.

In an upcoming podcast, I discuss a little bit of this, what I’ve seen in my email for contact forms, and I look forward in relistening to this cast as I missed some parts.

Did you know that the majority of web threats start by email? The email is phishing in nature, but that may not always be the case. According to this, the actor may now be moving to social media platforms such as twitter, facebook, linked in, and others. The adds we see now may be melicious, and this is called Malvertising.

There’s plenty more, please feel free to check out the webinar, I am going to try and relisten to this within the coming days.

Thanks for reading, and look forward to a podcast topic on this real soon. Lets discuss what you’ve gotten and whether you’ve been bit.

Comments Off on Whats going on with web threats? The October webinar by Trend Micro

Chinese companies being eliminated in the tech industry? Two of them may be

I was just giving praise to China on trying to do something good, but we can’t forget two companies who apparently are using tech for bad. In a more recent article entitled FCC chair pitches rules to block Huawei, ZTE written by Cyber Scoop, I’m not even sure what to think.

I believe this is a slippery slope. The two companies mentioned are apparently spying and doing other things which they probably shouldn’t, however, wha t about the meriad of companies that do that just by collecting all this data to either use against you, or just to have it? It can’t work both ways.

While a company like apple collects this data from our phones for services, what makes you think that someone else isn’t in their systems and platforms right now gathering the data to do something more deadly with it? We don’t know if that is even going on.

I bet if these companies are banned by the government, than some others that may eventually be caught and doing the same thing would be forced out, even if they are here in the states. Its going to get interesting.

Comments Off on Chinese companies being eliminated in the tech industry? Two of them may be

China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020

I’m perusing Twitter, and several days ago, an article entitled China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020 was tweeted by a follower and it puzzles me. While I admire China to do good with the idea of this law, we do have a lot of bad coming out of there too. I’m not going to talk about the bad here, because if this new law works and something comes out of it, thats a good thing, correct? On this post, lets concentrate on just this … they’re trying to do something ith the technology to try and do good. This should be commended within their bad press.

Comments Off on China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020

Making The Smart Bet On Cybersecurity

This was quite interesting. Relaying the cybersecurity threats to a casino. This article is awesome, and I think its a good read so passing it along.

Cybersecurity strategy doesn’t have to be a gamble, but trying to beat the odds of a breach is not an easy task. Educating your entire organization, and automating the most data-heavy tasks provide the best defence.

Source: Making The Smart Bet On Cybersecurity

Comments Off on Making The Smart Bet On Cybersecurity

Tech podcast 327 for October 27, 2019

Hello folks,

Welcome to podcast 3247of the tech podcast. I have quite a bit for you.

Let me start by saying that on Segment 3, I am not looking for a replacement solution on the braille transcription course, I’m only looking for feedback. You’ll understand why when you hear the segment.

If anything is to be done, it will be a long term project, not a short term solution to something I feel that needs to be done.

With that, I want to give you the podcast, and it’ll be soon on Mixcloud as it is on audio RSS already.

Thanks so much for listening and here’s the show notes.


Welcome to podcast 327 for October 27, 2019.

  • What do you think about giving out or phone numbers? I’m not talking about business, I’m talking about phone numbers for personal use. I heard this on a telephone line on a bulletin board, and got to thinking.
  • VPN services is the next topic. I’m looking at express vpn as they were talked about on a prior post on the blog through tech warm. My thoughts are on this one.
  • I’m putting a feeler out there. On this third segment, I’m curious on your thoughts on the braille transcription course as a whole. I know I have had some struggles, but i’m curious on other people who have taken the course or are still taking it with me. Contact me by email for a phone call, as I’d like to discuss it with you.
  • Cachet Financial Reeling from MyPayrollHR Fraud is the next segment and the article is linked here. What an interesting story here.
  • Best Practices for Defanging Social Media Phishing Attacks is the final segment and lots of terms given here and info. This could be put under the NCSAM category as the cyber security awareness month is coming to an end.

Please feel free to contact me on the podcast contact info given, and I look forward in hearing from you!

Comments Off on Tech podcast 327 for October 27, 2019

NCSAM: Have you read Kevin Mitnick’s books?

I’ve read Kevin Mitnick’s books, three out of the 4 are on BARD. Nice to see him writing again!

Recently I got really board and wanted to see what Kevin Mitnick was up to. I then Started this book entitled The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data and I read the first chapter as a free sample. This book is not available on BARD, however, it is available on Bookshare. I decided to buy the book here at Amazon, and when I did, it updated itself with some 2019 notes in regards to the various breaches that have been notable since the beginning of the year.

About the Book

Kevin Mitnick, the world’s most famous hacker, teaches you easy cloaking and countermeasures for citizens and consumers in the age of Big Brother and Big
Data.

Like it or not, your every move is being watched and analyzed. Consumers’ identities are being stolen, and a person’s every step is being tracked and stored.
What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand.

In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge – and he teaches you “the art of invisibility”.
Mitnick is the world’s most famous – and formerly the most wanted – computer hacker. He has hacked in to some of the country’s most powerful and seemingly
impenetrable agencies and companies, and at one point he was on a three-year run from the FBI. Now, though, Mitnick is reformed and is widely regarded
as the expert on the subject of computer security. He knows exactly how vulnerabilities can be exploited and just what to do to prevent that from happening.

In The Art of Invisibility Mitnick provides both online and real-life tactics and inexpensive methods to protect you and your family, in easy step-by-step
instructions. He even talks about more advanced “elite” techniques, which, if used properly, can maximize your privacy. Invisibility isn’t just for superheroes
– privacy is a power you deserve and need in this modern age.

If you’ve never read anything by this hacker turned security professional, then I highly recommend that you start with Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker which is on BARD and is also available on Bookshare. I actually started this book through Learning Ally, formerly Recording for the Blind and Dyslexic.

Abpout the book

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies-and however
fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through
cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence
game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems,
and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat-and-mouse game that led through
false identities, a host of cities, plenty of close shaves, and to an ultimate showdown with the feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape and a portrait of a visionary whose creativity, skills, and
persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies
protect their most sensitive information.

I thoroughly enjoyed this book, and thought I would see if there was anything else. The first book in this article I’m writing now, was not known to me, although it may have been recommended to me through my reading of Scotts book Cybersecurity Is Everybody’s Business: Solve the Security Puzzle for Your Small Business and Home Kindle Edition which I only found here and on Amazon. BARD does not have any of Scott’s books, and with the advancement of hacking, the blind and disabled reader must learn how to protect themselves. These books are not difficult, technical, and with Scotts book, was very short chapters.

In my recommendations after downloading Scotts book, I found something that really caught my eye and I’m also reading as well. How I can read two books at the same time, I don’t know. The book is by Paul R. Wilson. The Art of the Con: How to Think Like a Real Hustler and Avoid Being Scammed 1st Edition, Kindle Edition is the name of the book. This guy, in short chapters, talks about cons and scams that have gone on for many years. Some of these are still successful today!

About the Book

A sucker is still born every minute. In this modern and interconnected world, con-men are lurking everywhere – it’s never been easier for them to dupe
us, take from us, and infiltrate our lives.  

One of the world’s leading and celebrated experts on con-games takes the reader through the history of cons, how they’ve been updated to the modern age,
how they work, how to spot them, and how to protect yourself from being the victim of one.

R. Paul Wilson is a con-man who works for the other side – our side. He has spent a lifetime learning, performing, studying, and teaching about the ins
and outs of the con world in order to open up our eyes to the dangers lurking about us – and to show us how not to get taken. Paul has never made a living
as a con-man, profiting off of marks – he has used his expertise throughout his life to help people avoid cons.

In this fascinating book, Paul takes the reader through the history and developments of the con game, what elements from the past are based on basic human
psychology and have stood the test of time, what has been updated for the modern era and how it’s getting used in the computer age, the structure of how
these cons work, and – most importantly – how to recognize one, protect yourself and your loved ones, and avoid becoming just another sucker.

I’m not sure if this book is available on BARD or Bookshare, but you can look.

About BARD and Bookshare

BARD is the Braille and Audio Reading Download service by the National Library Service in the United States. This service is available to international patrons, but only if they initially live in the United States and are traveling internationally for some reason.

Bookshare is a paid service, although with the NLS partnership, they’re offering free accounts for those of us who have NLS memberships. You can get books in multiple formats including daisy, aduio mp3 (TTS) and braille files.

In this NCSAM month, I’m hoping that these books are a symbol of something that people should read, and get interested in. As I’ve discussed, we can’t do it alone, and the email scams and cons will only trick you if you don’t know what to look for.

Other Books you can find on Bard

I’ve read all of these books, and forgot about the other two. The following are books that BARD has on Kevin Mitnick, that are authored by him. There is one about Kevin’s takedown written by another author, but I’m not going to put that book here.

Note, that for this blog, I’m putting the DB number for reference and nothing else.

  • Ghost in the wires: my adventures as the world’s most wanted hacker DB74947
  • The art of deception: controlling the human element of security DB56450
  • The art of intrusion: the real stories behind the exploits of hackers, intruders, & deceivers DB60593

Have you read the linked books? What about the others not linked but are listed? What have you thought? Please discuss it in the comments! I look forward in reading what you’ve got to say.

Comments Off on NCSAM: Have you read Kevin Mitnick’s books?

NCSAM: scam or not? You Decide

NCSAM: looks like a scam or Phish, can you tell?

Hello folks,

In the following exercise, I’m going to give you the beginning of two forms. One of which came through the IP Unblock form for my customers, and the other that came from MENVI. In both instances, they filled out the bug reporting yes, and the comments section.

Out of curious instincts, I went to the link separately and there is a picture, I didn’t go any further to identify it or anything.

Can you tell if this is a scam?

Below is the result of your feedback form. It was submitted by
(
lisadontate@gmail.com)
on Saturday, October 19, 2019 at 17:15:48
—————————————————————————
Name: Hellen[BqdeqwhVinejonuQ,2,5]
phone: 82919675993
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello, I apologize for this letter, but I have no other choice!

This is a 4-year-old girl Lisa Filameshina!
https://sun9-7.userapi.com/c848620/v848620572/b2c87/xpLF8Ynpc_0.jpg

Lisa has retinoblastoma (retinal cancer). Her eye needs urgent treatment! In the Swiss clinic «Hospital Ophtalmique Jules-Gonin» (Lausanne) they guarantee
the preservation of the organ so important for the future life of the child.

It is necessary to collect $9000 before October 31.

We will be grateful for any amount of money!

I beg you help!

That is wallet address for payment bitcoin :157CfZ3qhHpRWKbzqoroUAxTMgDhhmPfPt

I give the payment details in bitcoins, since another transfer is problematic in our country.

Sorry again.

The next one was sent overnight.

Below is the result of your feedback form. It was submitted by
(
lisadontate@gmail.com)
on Sunday, October 20, 2019 at 03:32:03
—————————————————————————
name: HellenInjex
City_State_Province: Avarua
country: Cook Islands
Phone: 81797884724
contactmethod: Please use both E-mail and telephone to contact me
contact: Please have Jared Rimer: (MENVI webmaster) to contact me
reporting_bug: No, I’m not reporting a bug with the web site at this time
reporting_bug_Yes: Hello, I apologize for this letter, but I have no other choice!

This is a 4-year-old girl Lisa Filameshina!
https://sun9-7.userapi.com/c848620/v848620572/b2c87/xpLF8Ynpc_0.jpg

Lisa has retinoblastoma (retinal cancer). Her eye needs urgent treatment! In the Swiss clinic «Hospital Ophtalmique Jules-Gonin» (Lausanne) they guarantee
the preservation of the organ so important for the future life of the child.

It is necessary to collect $9000 before October 31.

We will be grateful for any amount of money!

I beg you help!

That is wallet address for payment bitcoin :157CfZ3qhHpRWKbzqoroUAxTMgDhhmPfPt

I give the payment details in bitcoins, since another transfer is problematic in our country.

Sorry again.

Both messages look exactly the same. Both are pleading for money, and I believe there are two different bitcoin wallet addresses.

REMOTE_ADDR: 92.63.100.62 is on MENVI’s and REMOTE_ADDR: 188.120.249.122 is on the IP unblock request form.

My hunch is that this is part of the Nigerian 419 scam, begging for money but with a different purpose. The purpose is to help a little girl but now I got curious. As I write this, I ran Jaws picture smart on the photo on the URL. It says:

Caption is a little boy wearing a hat.

I’m unaware of NVDA having a picture smart option, but Jaws now tells me through this technology that it is a boy, not a girl. Very clever they are. The fact they say they want money by a certain time frame before its too late is also a telltale sign of a problem.

This network has a donations page found both on the blog pages and our main web site. In no way are we begging for money on any page, and in no way are we saying to donate by a certain time point.

While we would like people to donate to the network to offset costs of running it, and to help offset the independent artist project of playing independent music from around the world, there is no urgency. I have mentioned it on my shows, and on my show notes, but I don’t make it a habit either. Its just the way it is, and the way it must be so that we do not get flagged as a potential target.

This network also does not solicit any type of donations by email like this even though we’d love to get some money as described above.

I believe the goal of the email is entitled Phishing but it is targeted phishing for money. Its a bate to part with your money, the term of which you could look up and correct me if I’m wrong.

I don’t claim to know the exact terms correctly, because I get confused of what they are, but I know two things.

  • I do not have a bit coin wallet.
  • I do not know how to buy bitcoin, and if I did, I’d be using the money for my own purposes, I.E. buying things, or sending it to paypal for spending later.

I think we can utalize this as a point of learning to show people what types of things are being sent today.

Have you seen these and determined that it was no good? If you’ve been bitten, what did you think of this one that could have made you pause to think … “This can’t be right.”

Lets discuss this!

Comments Off on NCSAM: scam or not? You Decide

NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Today is October 18, 2019. I admire Android for making great strides in securing their operating system. On this day, I read an article that really made me think. Even while I napped this afternoon, I was wondering how I could cover this news about the app entitled Yellow Camera.

According to Trend Micro’s Intellegance Security Blog, this app isn’t a photo editing app at all.
Here are some details from Trend Micro’s analysis of this.

• [MCC+MNC].log, which contains the WAP billing site address and JS payloads, is downloaded from hxxp://new-bucket-3ee91e7f[-]yellowcamera[.]s3[-]ap[-]southeast[-]1[.]amazonaws[.]com.
MCC is the SIM provider’s mobile country code; MNC is the mobile network code.
• The WAP billing site runs in the background; the site accessed/displayed is telco-specific, based on the [MCC+MNC].log.
• The JS payloads auto-clicks Type Allocation Code (TAC) requests — codes used to uniquely identify wireless devices.

This article links to other articles and information that Trend Micro has found and published blog posts on, and luckily, this app hasn’t hit the United States yet from what I’ve tread.

What can you do?

  • Only get apps you’re searching for
  • Down the app from the official store, and read carefully on what you’re getting so you understand what permissions it wants
  • Don’t get anything from unofficial channels or linked you’re not expecting

I know looking may be of interest, but like I’ve said, it may be time to knock that off. It may be time to just say “I didn’t ask for it, I’m not looking, and I’m not wanting to get bitten.”

This is going to get rather interesting.

Have you seen this app, and what did you do when you saw it?

Comments Off on NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Credit Card shops, good or bad?

In an earlier ppost, we talked a little about a service called Brian’s shop. According to this article I’m going to link to, this shop was taken down, and in this case, I feel it is a great win! Its one more store that can’t sell our data to anyone. It was taken out of business, and I feel thats a good thing. The person behind it claims that the credit cards were removed from the store upon the hack, but it was later confirmed that they still had them for sale.

Getting an arrest out of this, even though the carder had been hacked is only the first step. We know that this will continue to occur, and we know that new card shops will be at play.

This is a win for the short term, but i’m sure that someone will have even more to sell soon.

When Card Shops Play Dirty, Consumers Win

However, as I noted in Tuesday’s story, multiple sources confirmed they were able to find plenty of card data included in the leaked database that was
still being offered for sale at BriansClub.

Perhaps inevitably, the admin of BriansClub took to the cybercrime forums this week to
defend his business and reputation,
re-stating his claim that all cards included in the leaked dump had been cleared from store shelves.

Thats just what I wanted to post as part of the article and there is a link there. Link to all of the links in this story, and learn what happened through the reporting of all of this stuff.

Comments Off on Credit Card shops, good or bad?

site optimisation

Hi.
Well before I plunge into the load of comments, I have started extra site optimisation.
Once a year or maybe twice, or every so often, I will be sweeping the site of all unused things like spam, database comments, etc.
This is to reduce clutter and increase performance.
A note to users on the site.
For those like me that use wordpress as a direct login to the site 2step authentication is enabled on this site and on the wordpress system.
If you login via normal userid and password method you will still be able to get in.
But if you use wordpress to login, you will need to setup 2step.
Please backup the 10 backup codes you are given incase something happens.
If you end up using all or half or well whatever, just remember to regenerate your code list and keep it on a cloud storage device.
Another note, for admins, Site info is placed with the wordpress version, php, sql, etc.
Also note, that while it gripes on, healthcheck seems to want us to have php 7.3 and according to performance tips you don’t need this.
As well as this, jetpack now handles image and page caches via wordpress cloud services.
I have noticed immediate speeding up of the system.
Later on, I may concidder extra services like cloudflare and maxcdn but as I need to get more iinvolved lets try the easy solutions.
Oh, also, jetpack should in theory update plugins when they update, so no more me having to login all the time and update plugins.

Comments Off on site optimisation

Tech podcast 326: Dice World, NCSAM, braille transcription, and more

The RSS feed found here found here and the telephone line Live Wire on my show and bulletine board 974 now have my latest podcast. The show is up now, but the board will pull it within the next 24 hours.

The show notes are sweet and to the point I think, I am also working on shortening the intro too. Lets see how it goes.


On this podcast, Jaws and firefox’s latest version. NCSAM should be all the time, yes or no? We’ve got a braille transcription update, and Dice World has a new layout.

Comments Off on Tech podcast 326: Dice World, NCSAM, braille transcription, and more

Brians club gets hacked, Uses Brian Krebs and his name

Brian Krebs talks about a carding shop entitled Brians Shop. The people behind this shop pedle Brian’s name and his web site Krebs on Security with a copyright notice. I don’t believe I’ve ever heard of this before, but yet, this just seems wrong. “BriansClub” Hack Rescues 26M Stolen Cards is the article.

Between 2015 and 2019 according to the article, this web site sold 9.1 million credit cards earning the site 126 million bucks. This was all stolen credit card data.

If I were to do this, and do it successfully, I would not use likenesses of a company, I’d use my own company. I’m surprised that Brian Krebs didn’t go after these guys for copyright or something, since his blog, and anything written is copyrighted by the site. Flashpoint helped with analysis of the data, and there’s definitely more to this story. I’m sure that this will get interesting as time passes.

Comments Off on Brians club gets hacked, Uses Brian Krebs and his name

Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!

Comments (2)

NCSAM: Security features you should be using in password managers

While the article is actually entitled LastPass Security Features You Should Be Using I’ve been thinking of this more in regards to passwords in general. If you don;’t use passwords in a password manager, that is a choice that you make based on your own needs. I’m not going to change your mind. If you do use passwords in a password manager, have you explored its options to see what else you can store? I’ve not really understood Lastpass that well, especially when it comes to storing documents like birth certificates, passports, and the like, but i have stored notes such as product ID’s of products, and other notations including passwords for one of my network’s list management and other things.

I’m sure we can all learn about what our password manager of choice can hold, and we should continue to enquire in to what types of things it can do.

I would take the items within the last pass article, and see if your manager has similar features. Good luck!

Comments Off on NCSAM: Security features you should be using in password managers

Capital One hacker … innocent or guilty? You decide!

According to the latest from CyberScoop, they are talking about the suspect Page Thompson may have had 20 to 30 TB of data from various companies. They also indicate that she is a flight risk. But what we didn’t find out, and I am not going to say one way or the other, but Page may have been male, now becoming female according to the article. Whether you’re male or female, it honestly doesn’t matter because there is a lot of data that the government is going through that you allegedly had on you. I think the judge is trying to treat Page as fairly as possible whether they are male or female. If the judge thinks she/he is a flight risk, and they think she/he is going to do something, than that should be taken in to account. If I rember correctly, this suspect pleaded not guilty correct? There are a bunch of links within this article including the not guilty plea which I was correct on. Read the article update from cyberscoop: Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say and make your own opinions on this one.

Comments Off on Capital One hacker … innocent or guilty? You decide!

Apple Releases iOS 13.1.3, iPadOS 13.1.3, and macOS Catalina Supplemental Update

This is the article title from apple vis. They cover whats new in these releases and you may want to take the time to update if you have had the issues mentioned in the article. go on over to apple vis to read more. Thanks for listening and reading.

Comments Off on Apple Releases iOS 13.1.3, iPadOS 13.1.3, and macOS Catalina Supplemental Update

NCSAM: email delivery: check the sender of email

I may be a little bit behind, so excuse me. Today, I read a blog post as part of the NCSAM series that I think is appropriate. It talks about checking the senders email address as part of the verification process. This is especially true, as now a days, the sender can claim to be someone you know.

I have first hand experience with this. I know someone who will remain nameless for this blog post. I also have their email address. I got an email recently that had their full name. In the body, was a link.

When they originally sent links to me, they included a note such as “here you go” or something to indicate what I was getting as well as a subject line.

In the email preporting to be them, I forget what the subject line was if it had one, but the body had a link such as hxxp://aerifog.com (don’t go there) instead of something that i was expecting.

I think out of curiosity, I went to see what it was, as I felt it wasn’t melicious, but once I saw where I was headed, I backed out.

Today, I think its time to stop doing that. If I’m not expected to go somewhere based on an email I’m expecting, then I’m not going there. I’ve sometimes gotten curious, but I think it is becoming too much of a problem to do that now.

I’m not going to say that I won’t occasionally look, but I think eventually I’m going to get caught.

With shorteners like cutt.us you can add a character to see stats and see exactly where you’re going. I’ve done this when I’m curious and I know they’re available to check that.

Another thing this article mentions is to check the way the person writes.

  • Do they have a default signature?
  • Do they greet you by name?
  • If not by name, by company name?
  • Does the company send you promos and things like Amazon?
  • When you coorespond, does the company have a signature with phone number, address, hours of operation, or something that you spot in every communication?

These are some ideas I can think of and questions to ponder when you get email.

When I send email from my tech at menvi address, I have a signature, my name and technology blog and podcast is in the name, and if I send you something, I include a link directly to where you’re going. I also in the signature have a signature with my blog address and main web page.

If you communicate with me using other addresses, you’ll see various signatures except gmail where I just sign.

I suggest you take a look at this Phishlabs blog post entitled Beware of Account Takeover which may have other tips that I haven’t covered that may be of value to you as we learn how to stay safe in the ever changing landscape we call the Internet.

Please share what thoughts you might have when it comes to how you, the individual, or you as a company, tell customers how to stay safe when it comes to email delivery. Lets talk!

Comments Off on NCSAM: email delivery: check the sender of email

Older Posts »

go to sections menu


navigation menu

go to sections menu