go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: January 2020

Go to Homepage [0], contents or to navigation menu



Justice served, work that was authorized should not be prosecuted

In an article penned by Krebs today, Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security talks about a couple of people that were hired to do what is called Penetration testing. This allows you to come in and do things that may be illegal. These men were arrested after the sheriff in Iowa came by to see what was going on. The men in question produced the documents which claimed what they were doing was authorized. The state of Iowa hired these men to do this job and they got licked for awhile.

The good news is that justice was served, and the men can go back to work. If you’re looking for some good news, this type of thing covers that very well.

Have you seen this article? What did you think? I’d be curious on your thoughts on it and what might be done better so law enforcement knows about the work that was authorized by these types of people.

Thanks so much for reading, and comment! The boards await you.

Comments Off on Justice served, work that was authorized should not be prosecuted

Maryland wanting to pass a ransomware bill making it illegal, thoughts?

According to an article I found on twitter that leads to a site called bitcoinist, the article within this article is talking about Maryland and the attempt to make the ransomware holding a crime. The article is entitled MARYLAND INTRODUCES BILL TO MAKE RANSOMWARE POSSESSION ILLEGAL and I’m not sure how successful this is.

We must remember that the actors who may be releasing the attacks may be outside the United States. If this is the case, this is going to be a big problem, because some places outside the United States don’t turnn over the purps, even though it will then be illegal if they infect the state’s computers.

Lots of numbers stand out at me, and I don’t want to single anything out by stressing that Ransomware payments are on the rise, and while there may be a low percentage who don’t get their data, most do, and that in itself makes it a great business model.

The Criminal s or purps in these cases want to do good business, you pay, they deliver. Some may be gredy, but some do the business model well.

I’m curious on your thoughts on this one, and we’ll be in touch.

Comments Off on Maryland wanting to pass a ransomware bill making it illegal, thoughts?

Braille Transcription using WYSIWYG

Hello folks,

Today, on Vocal, is another article that I had published. This article covers Braille2000 and how it became more accessible. If you’ve been to the blog, we’ve got an entire category called Braille2000 which has all the details.

Since I publish all my tech articles here, why not include this one?

The simulated braille is from assignment 1, and it is probably imaged right, but Jaws does read the assignment and it is in grade one.

I may have that changed to an image, I’ll inquire.

Braille Transcription using WYSIWYG: How Braille2000 became more accessible to the blind transcriber education.media January 31, 2020 is the article, and I hope you enjoy it! Thanks for reading my work, and make it a great day!

Comments Off on Braille Transcription using WYSIWYG

Microsoft Xbox offering bug bounty

In an article by Cyberscoop, Microsoft is giving up to quite a bit of money for high quality bugs. Microsoft offers up to $20,000 in Xbox bug bounty program is the article and I think this a step forward in the company since Xbox has had a number of problems through the years between account takeovers and other aspects. Nice going!

Comments Off on Microsoft Xbox offering bug bounty

Avast shuts down its data-selling subsidiary … why is it collecting that data?

I read today this article about Avast. Its shutting down the portion of their company that collected personal data on its users. According to the article, a person quoted as saying that its time. The full title of the article is: Anti-virus firm Avast shuts down its data-selling subsidiary and it was a very interesting read. Wonder why they were selling this data anyway? Collecting it to help their product is one thing, but to sell it, I’m not too fond of. Not without us knowing, in todays computing landscape. Thoughts?

Comments Off on Avast shuts down its data-selling subsidiary … why is it collecting that data?

Mac, Watc, and TVOS get updates

I’m coming across an AppleVis post in regards to Mac updates, TVOS, and Watch updates. This is the Apple Vis post that has all of the details.

In summary, it looks like this is a security release, and there are not any major changes for usability for the blind and low vision community. Have a great day!

Comments Off on Mac, Watc, and TVOS get updates

Scammers hitting the blind, same as my talks earlier

Dice World has been talked about on my podcast as well as it being demoed in various aspects throughout the podcast. I’ve been recently looking at the forums that have now been added, and it looks like the scammers are now targeting the blind.

On podcasts prior, I’ve talked about multiple people who have added me to twitter and have asked for my Hangouts. After getting me on Hangouts, they insist on either having me pay to get them here to see me, asking for gift cards, or even money.

One of these people I said that I couldn’t pay for anything, and that they’re a scammer. They were rude saying that I shouldn’t mess with their business and that their lawyer would contact me. I told them that I would tell them everything, and yet, still no lawyer. Its a business to scam people out of money and try to get people to have a so-called relationship with no voice or video communication?

While I’ve been on dice world for a number of years, it saddens me that the blind community is now being targeted with people who are doing this type of thing. I’ve not encountered them on my own through that platform, but the developer is encouraging players to report this to them by email.

Podcast 289 which is available upon request if you can’t find it through RSS, talks about one such person who followed me on twitter. As someone who has been on the Internet for quite a number of years, before some, I’ve read plenty of articles and even some books about what these people can do. This Blog Post talking about Scam me if you can is one such book, and I’m sure there are others.

Since this is a blog talking about all sorts of things, I want people to know what I’m seeing. If you think that scams like this could happen on a gaming platform like Diceworld, this article talking about employment scams may be a reminder that it isn’t just the above mention we should be talking about or even this tech support article where scammers will go after your hard earned files and even try to have you pay money to supposedly fix the problem they will or have already started.

Think thats all we have to deal with? > Phone Phishing, Data Breaches, and Banking Scams is something else, and you can search this blog for more.

The fact that the scammers, one of whom is changing their name from male to female, is coming over to a platform like Diceworld, means nothing. This is sad! Some of the people on this type of platform don’t know a whole lot about these people, and they can fall for whatever they ask, and question it afterword or even while communicating with them.

This is a sad state of affairs. I’m saddened that these people have nothing else to do with their lives. I think some of these people are very employable and can use their skills for good instead of getting money out of a community that relies on money to survive.

This is not going to go away any time soon, and if you search scam on this blog, you’ll find lot of articles besides the ones I’m linking here in this post. Use your gut. Its there to tell you if something is not right. Follow what it says. There’s a community out there who are bringing it up, and asking questions, and thats great! Keep it up!

If I can be of help, please feel free to reach out. I’m just an email, imessage, phone call, or text message away!

Comments Off on Scammers hitting the blind, same as my talks earlier

Braille2000 being talked about on internet radio

Hello folks,

I just want to come in and let you know about Braille2000 being talked about on Internet Radio. Besides my shows which mentioned it by passing, there is now a show which featured me as being interviewed recently.

On this podcast, I talk about the benefits of Braille2000’s talking edition, how it came about, the various methods of getting braille including the percent codes, B2K itself, and the like.

If you wish to listen to the program, you can go to the go to the RSS feed or you may download the 220mb file right here.

I’ll have it up on jaredrimer.info next week, but the mix gets first dibs.

Its also available on livewire on my tree at box 2276.

I hope that you enjoy the program, and please tell your friends!

Comments Off on Braille2000 being talked about on internet radio

Here is some breach stuff I’ve found as of late

I’m a little behind on posting, but I thought I’d come by and tell you what I’ve been reading and what attracted me reading wise in the breach department.

Of course, there may be more, but thats been the particulars of things that caught my attention. only the last item I’ve not read yet, but boy, if this is only the beginning of the year, I don’t want to have any idea what will be coming later.

Comments Off on Here is some breach stuff I’ve found as of late

Apple Releases iOS 13.3.1 and iPadOS 13.3.1 with Some Improvements to Smart Invert

The applevis linked here: https://www.applevis.com/blog/apple-releases-ios-1331-and-ipados-1331-some-improvements-smart-invert talks about smart invert fixes. While I’m a low-vision user, I mainly use speech, not the vision aspects of IOS.

There are two bulleted lists:

  • The first covers what has been fixed
  • the second covers what may be still broken

and comments are still welcome on what you’re experiencing.

The post is unaware of any other fixes for blind and low vision users, this may include regressions as well.

Comments Off on Apple Releases iOS 13.3.1 and iPadOS 13.3.1 with Some Improvements to Smart Invert

Braille2000 version 2.274 Jan 25, 2020: brings simbraille and a transcription fix

The update that is released for January 25, 2020 fixes a translation issue that was found, as well as simulated braille issues.

Part of the simulated braille aspect includes simulating a braille page as part of an exercise that you want to do when showing an example of formatting or other aspects for a class. There were issues with this, and percent codes have been added to support this including the aformentioned pager and interpoint tags I’ve mentioned before.

to update your copy of Braille2000 to this release:

    Select panel, file management

  • Select fetch software update.

When you get to the screen, hit the down arrow key and it’ll say Braille2000 2.274 1/25/20 14:07 or similar text. Pressing enter selects OK and it’ll prompt you to exit Braille2000 when you’re ready. We don’t want you to stop what you’re doing, so work as normal. When you exit, it’ll start the installation and no data is lost. After downloading, it’ll run the installer, and follow its prompts.

Should you have any questions about the update process, please contact us through the Braille Transcription done as a blind person or Braille2000 web sites.

No matter whom you choose, we’ll be happy to help you!

Comments Off on Braille2000 version 2.274 Jan 25, 2020: brings simbraille and a transcription fix

Do criminals care if its a network of value? Research says no

I have been thinking about this article from Cyberscoop entitled Researchers set up a mock factory network — and watched the criminals rush in and its definitely a thinking article. While we mourne the loss of Basketball’s Legend, Kobe Bryant, criminals will stop at nothing to get their wares out there. According to Cyberscoop, the researchers did this as an experiment, and the criminals came calling, even though it wasn’t a real factory doing real work.

Here’s a section of this article.

“These are career ransomware actors that are doing these things,” Trend Micro senior threat researcher Stephen Hilt told CyberScoop, reflecting on how professionalized and sector-agnostic ransomware attacks have become.

In both cases, the attackers were able to lock up files on the network by breaching the faux factory’s robotics workstation, which was exposed to the internet. The researchers had very weak security controls in place to make a point: some small businesses, even those in critical infrastructure sectors, fail to do the basics.

There was also raw opportunism on display.

“They were going after [the honeypot] because it was a computer on the internet,” Hilt said. For the attackers, it was just another potential ransomware target, albeit one that purported to support critical manufacturing processes.

While this was a simulated test, and there are other links within this which is why I didn’t take from there, what can we learn? Wannacry was a true tale, and if you want to learn from it, simulated tests like this are crucial to this. I say: Go for it! Simulate another attack to see what you can learn. Its elsewhere, and not harming anyone, and the data may be of value.

Have you seen this article? Let me know what your thoughts are.

Comments Off on Do criminals care if its a network of value? Research says no

BREAKING: Kobe Bryant, 13-Year-Old Daughter and 3 Others Dead in Helicopter Crash

I’m posting this to my main live journal, as well as this blog. I post this for illustration purposes of what you might see after this tragic event today.

I did not read the article until after the post went up, but its unfortunate and these things happen.

The article I want to post about this tragedy follows the separator line.


Today is a sad day in the sports world. While I’m not going to read the article in full for writing purposes for this article, I’m posting this both on my personal blog and tech blog.

  • People who want to know about this, or any other piece of news needs to look at legitiment sources.
  • Actors know about articles like this, and the article title for the blog posts will have subject lines like this article title.
  • If it entices you, they’ll have things in the message to have you click to learn more about the story, although it might not be what exactly you’re looking for.
  • It may have clips of older news, and or words put together to make a story that may or may not be what you’re looking for in regards to the situation.

If you’re looking for the NBA superstar from the late 90s to the 2000s and what he did on the NBA front, then I present you the story from KNX 1070’s web site: BREAKING: Kobe Bryant, 13-Year-Old Daughter and 3 Others Dead in Helicopter Crash for you to read.

There are other news sources and sports sites in which you can look for accurate news like this. Let this be a reminder of what you might see after an event like this.

Thanks for reading, and make it a great day.

Comments Off on BREAKING: Kobe Bryant, 13-Year-Old Daughter and 3 Others Dead in Helicopter Crash

Domains being hijacked? Its quite a challenge to prevent it

Hello,

I recently read an article that I thought we should talk about. Krebs on security is reporting that a domain was hijacked even though the registry lock to prevent transfers was on. I’ve never heard of the provider that was mentioned in the article, but if this is a warning sign, this could happen to anyone. The article aasks the question: Does Your Domain Have a Registry Lock? I would urge all of you to give this one a read. This is something I definitely not seen before, but I want to pass this along.There is a video attached to this one too.

Comments Off on Domains being hijacked? Its quite a challenge to prevent it

Assignment 17: I passed!

Hello everyone, yesterday after writing the first post, I got my report back. There are three errors that were in my assignment.

  • A contraction (groupsign) error
  • Two quote errors

The quote errors are up for interpretation. I understood it to be one way based on the text, and I’m looking for clarification on this because of how the narative of the problem occurred. Be that as it may, I passed!

As I discussed in my prior post on 17 Braille2000 as it currently stands played a very crucial role on my work. While I got four brailleouts, I was able to still check the formatting, and even check other aspects that I could only do with braille.

At some point, I’ll do a full write up on assignment 17 which will include audio, as I’ve done to date with the rest of the assignments.

I’ll also get clarification on 18 and how I understand it to be done.

Are there any questions about B2K and how it may help you check work? The Braille2000 team is here to help you. Please go either to the Braille Transcription as a blind person web page and select contact, or you may go to the Braille2000 web site directly and find contact info for Bob.

We look forward in serving you for your needs in regards to B2k, and if this is any indication of what you’d like to do, we want to help. Only you can make the decision on what you need, but we can definitely help answer questoions if this intrigues you. Thanks so much for reading, and make it a great day!

Comments Off on Assignment 17: I passed!

Security Now, podcast 750

Security Now, released podcast 750. Twit.tv’s sn page and the RSS for you here.

Below, find the stories talked about.


SN 750: The Crypto CurveBall
?Tuesday, ?January ?21, ?2020, ??6:41:14 PM
This Week’s Stories:

  • iPhones join Android in being a Google account security key.
  • How much “substantive assistance” did Apple provide in the Pensacola investigation?
  • A brand new serious Internet Explorer 0-day
  • Giving Windows an additional Edge
  • FBI says nation-state actors breached a US city government and a US financial entity by exploiting Pulse Secure VPN servers.
  • Critical new Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability
  • SQRL for Drupal
  • Microsoft issues security update to fix “CurveBall” vulnerability
    Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Comments Off on Security Now, podcast 750

Assignment 17 has been submitted for grading

4 braille copies later, lots of time understanding what is wanted, I believe that the assignment is finally ready for grading. The purpose of this blog post is to describe how I put this assignment together. I’d like to thank Bob for sending me the text, so that I have it.

First, I took the text, and put percent codes where I thought they needed to be. For example: I used the percent code %pn=1|10 which started the page numbering for the assignment. This is a brand new percent code to have page numbers that are hyphenated. Next, I used the usual percent codes for formatting which include %3-1 and %1-3 in spots. Braille copies indicated that I need to continually change things, and my mentor gave me prompts on what may be wrong without giving me the answers.

I continued to ask questions to understand what was needed. I definitely got confused on one part where it said to use list format, but also said to use cell 5 runover 5 (5-5) for the footnotes. That understanding and clarification is crucial to this assignment, and I’m not going to give any answers to how it should be done as there may still be an issue.

I also used simulated braille to have the note separation line that is discussed. I was unclear if every note needed a line or just the first one, so that was confusing to me. While I kept reading the book, trying to understand what is required, it left some very interesting questions.

I’ll have more on this assignment on a full write up through jaredrimer.info once the assignment is graded. For now, know that this uses lots of different formatting, and a full understanding of what is required is definitely important.

Braille2000’s talking edition played a crucial part, as I was able to check the formatting based on what I wanted, and how I understood the assignment. Each time I changed something, I checked its formatting carefully, then got a braille out of that copy to determine whether I was reading it correctly.

Initial versions did not understand the new symbols I’ve never seen until now for dagger and double dagger. B2K was updated to handle this in import.

I think thats all for now, but I wanted to take an opportunity to talk about my experience to date and how I used B2K for this as well as various percent codes.

Comments Off on Assignment 17 has been submitted for grading

Another suspect arrested, charges out for a year

Cyber Scoop is reporting that a meth suspect got picked up a year after charges were filed/. Another Methbot suspect, Sergey Denisoff, arrested more than a year after initial charges is the article.

Police in New York City this month arrested Sergey Denisoff on charges that he allegedly helped members of the Methbot ad fraud crew by setting up dummy web pages where other conspirators could direct illegitimate traffic. Members then charged U.S. advertising companies for access to visitors who didn’t actually exist.

This is becoming more of a problem now, and I don’t know what the solution is on dealing with this. There’s more to this article, and it was a very interesting story, but we can’t fight this alone. Add networks are being bilked out of money with schemes like this, and I don’t believe this is the first time this has happened and it won’t be the last.

You might be interested in this one, thanks Cyberscoop for reporting on this.

Comments Off on Another suspect arrested, charges out for a year

There’s an iphone 11 location issue

Hi all,

I don’t remember if we covered an iphone 11 issue which Krebs on Security is updating us on. Apple first indicated that this particular issue was not a concern because it was supposed to be used in countries with specfific situations. I honestly don’t remember much about the original case, but the next version of IOS will have a switch for phones to check if its communicating with another phone or needs to. Thats all I remember. I did read this article, and was trying to think about how to write it, but its confusing to me. The updated article Apple Addresses iPhone 11 Location Privacy Concern updates you, and gives you a linkback to the original story. I honestly didn’t think there was much of a problem since we’re in the states and location sharing is sort of the norm and if its turned off, it isn’t used. That is the gist of what this new potential switch, found in betas, is for.

Comments Off on There’s an iphone 11 location issue

Breach at online chain, takes credit cards, CVV, and magecart is to blame

Today, OI read an article about a breach at a children’s retailer who was bilked out of credit card data, CVV, and potentially more. You’d think this type of story came from Krebs on Security, but it didn’t. This story came from Cyberscoop. Children’s apparel company Hanna Andersson discloses data breach is the name of the article, and its the first of its kind for this year.

I’m not sure if other children’s stores were hit, although Target of 2014 sells everything including children’s clothing. This outfit sells pajamas of different kinds A Magecart-style attack was put on this web site, and of course we’ve talked about magecart before and how difficult it is to defend from.

The exposed data included payment card numbers, expiration dates, and CVV codes, along with customers’ names, billing addresses, and shipping addresses. Law enforcement officials recently told executives at Portland, Oregon-based Hanna Andersson that there was evidence of a breach, Edwards said.

I’m not sure if this will be the last timne we see this, because Magecart is so pervasive once embedded in websites.

I’m wondering if we’ll see more types of this sort this year? Only time will tell.

It is unclear how many customers were affected by the incident. While it doesn’t appear that every customer who visited the website during the two month
period was victimized, Edwards said, the company is notifying anyone potentially affected. It is also offering customers a year of credit monitoring and
a $1 million “insurance reimbursement policy.”

If you are effect by this breach, watch your statements for any type of unauthorized charge. Even the small ones can be trouble if you know you didn’t do it. They start small, and then get larger, so please make sure to do this.

The company didn’t respond to comment before press time.

Hanna Andersson is known for selling pajamas, some of which are themed around popular Disney movies. The breach shows that, regardless of the end product
being sold, anywhere on the web that houses financial data is a potential target for criminals.

Hanna Andersson’s letter to customers did not identify any suspects who may be behind the breach.

There are other types of links leading to other things that might be of interest, so please read the full article.

Thanks so much for reading, and make it a great day!

Comments Off on Breach at online chain, takes credit cards, CVV, and magecart is to blame

Older Posts »

go to sections menu


navigation menu

go to sections menu