go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: January 2020

Go to Homepage [0], contents or to navigation menu

Use WordPress database? Better update it!

We do not use this plug in on the blog, but saw this article via Twitter called: This WordPress vulnerability could let hackers hijack your entire site and it talks about a plug in called word press database. It allows someone to manage the database, but the vulnerability makes the entire web site disappear if the hacker wanted. Read the entire article on this one, it sounds pretty serious enough.

Comments (0)

Chromebooks and the blind


I’ve answered this on mhy tech board, board 295 on Live wire. I’m posting this mainly to get some insight. How many people on here have used a Chrome book and if so, what are its accessibility features? With no hard drive for storage, you can’t install anything like NVDA or Jaws, and I’ve heard everything is in the cloud. With no experience in this field of computing, I’m seeking someone who has used one and can give some guideance.

I mentioned that everything is cloud based, I.E. Google Drive, and the like. You can’t install anything like NVDA and Jaws, and I believe the person is blind.

If anyone has used it, comment here, or contact me at:

  • E-mail/imessage tech at menvi.org
  • Text/whatsapp 804-442-6975
  • hangouts: jrimer 2010 at gmail.

I look forward in hearing from some of you on your experience with this. If you would like to call, please call the number for text/whats app. Thanks for your assistance!

Comments (0)

Trend Micro’s January webinar

This month, Trend Micro will go through the predictions of 2020.

• What threats your organization needs to prepare for in the coming year.
• How to pitch your focus towards what issues matter most to you.
• How protections can be put in place to mitigate the risks these predictions may bring.

John Clay will be hosting this, Here’s a link to sign up and just fill in your info. It may have mine, just overwrite it with yours to sign up.

I’ll do my best to tape this webinar and get it out there. I’ve not forgotten the webinar I said I’d cover, it’ll be coming. Hope to have you join me!

Comments (0)

Another article dealing with January’s patch tuesday

I recently read an article The NSA discovered a severe flaw in Microsoft Windows 10 and I found this one quite interesting. The fact the NSA now wants to have their name on vulnerability fixes is a step in the right direction. I’d suggest this article given a read, because it goes with the others in the set from this blog post and even this blog post covering a Trend Micro article as well. Just another article from a different point of view.

I think this must be the worse vulnerability Microsoft has had to date and it was recently talked about as part of Security Now 749 when it was linked to Krebs article found on the first 2020 patch tuesday blog which is linked here as well. Enjoy!

Comments (0)

Google Play is more Secure than other google stores according to Trend Micro

I just read an article which is number driven, and I covered one of these articles before. This one, from Trend Micro, is entitled Defend Yourself Now and in the Future Against Mobile Malware and its a great article to read. The topic of adware is really driven hone in this article, saying that a lot of apps in the android ecosystem are driven with this type of app.

One of the problems that Android and even IOS may have is that its hard to tell the difference between a fake application and a real one. Staying with the play store and IOS store and not jailbreaking your phone is the best solution, according to the article.

As 2020 is under way, here is what Trend Micro is thinking will be more of a problem.

• More intrusive adware.
• Cryptocurrency mining malware. This will run in the background, eating up your device battery and computing power. Trend Micro noted a 450% increase
in infections from 2017 to 2018.
• Banking Trojans designed to harvest your log-ins so hackers can get their hands on your savings. Our detections of this malware soared 98% between 2017-18.
• These attacks have evolved from simple screen lockers to malware designed to encrypt all the files on your device.
• Premium rate services. Some malware will covertly text or call premium rate SMS numbers under the control of the hacker, thus making them money and costing
you potentially significant sums.
ExpensiveWall malware, for example, was found in 50 Google Play apps and downloaded millions of times, charging victims’ accounts for fake services.
• Information theft. Some malware will allow hackers to eavesdrop on your conversations, and/or hoover up your personal data, including phone number, email
address, and account log-ins. This data can then be sold on the dark web and used in follow-on identity fraud attempts.

Its a good idea to read the section on how you can protect yourself, which includes staying on the official application stores.

Trend Micro blocked over 86 million mobile threats in 2018 and it is looking to grow quite exponentially. This is going to be the norm as people are moving mobile only.

There are a lot more linked things in this article besides what I’ve linked, and I think this is something we should be aware of. Have thoughts? Leave those comments!

Comments (0)

Do you use lastpass? A minimal issue has been found and fixed

Lastpass is reporting today that a small number of users were getting error messages due to an upgrade which they rolled back. This weekend blog update posted today, goe in to detail as much as they have. I feel that this is part of what I was saying within this blog post when we talked about password managers. No password manager is going to be bug free, and this Lastpass update is to notify the entire community what is going on and what they’re doing to fix the issue. This goes for those who may not have noticed like myself. I’m glad to know just the same!

Comments (0)

A very comprehensive password manager review

Hello folks,

I recently got an email from someone at a web site called Consumer Advocate. They have a very nice article which is lenghty that deals with password managers.

I personally use Lastpass, and yes, I do know about the breaches they’ve potentially had, but I feel that they’ve been straight forward with the information they had and what they were able to share.

This article, published on the 17th of January of this year, covers a number of managers I’ve never heard of. Best Password Manager and it is definitely comprehensive.

I want people to check it out, knowing that each manager may not meet your individual needs. While I did get a new phone and I had trouble with Lastpass a little bit, it wasn’t because of my lack of my password, Lastpass didn’t know who I was when I had clear my firefox and it caused issues with the phone not knowing who I was. It was rectified, although the first email didn’t elicite the response I needed.

I did like the idea of phone support, and there is only one company in the list that does this. Maybe 2 if you count the paid version of Roboform which I’ve heard of, and my dad had used.

The guy’s name is Joey who sent this, and we thank him for posting an email to us about this helpful resource for people who might find it of interest.
He wanted me to add it to the post Here’s something to ponder: Should User Passwords Expire? Microsoft Ends its Policy I posted that article in June of 2019 and while I don’t go back and add things like this to that post, a new post would be more helpful. I’m linking back to that piece in this post because I think its still valuable in the discussion. What do you guys think?

Please let me know what you think of the article.

Password managers that are mentioned include:


None of these i’ve ever heard of except Roboform. Lastpass is mentioned, but one gentleman quoted in this comprehensive article says that if your password manager of choice has been breached, than its not trusted. Lastpass fixed the breaches quickly, and from what I remember and its mentioned in the article, that particular aspect should be recommended. However, the person quoted said they can’t trust them. GRC’s Steve Gibson can, because he’s had insight conversations with the founder of Lastpass who is also named Joe. I’d use whatever you find of value, but i’d read the article anyhow and give these a try. I’m not looking to change at this time, but maybe someone who isn’t using any manager will find this of value.

Comments (0)

Phishing for apples, getting different links

I don’t want to use the same article title for this post as the post Krebs on Security wrote in regards to Apple and their recent Phishing expeditions. I’m not saying that Apple is sending out these emails at all, but I am saying that Apple is now the target of such email sending lately.

According to the article Phishing for Apples, Bobbing for Links apple’s web site is now being utalized to harvest these sites.

I don’t remember if I reported that Michael in Indiana, someone who has published some audio for the podcast as of late, sent me a very interesting email and asked me to look at it. The email in question was definitely a phish, but the web site went to apple’s web site but a very different link. I went to both pages, looking at the URL’s very carefully.

KrebsOnSecurity heard from a reader in South Africa who recently received a text message stating his lost iPhone X had been found. The message addressed
him by name and said he could view the location of his wayward device by visiting the link https://maps-icloud[.]com — which is most definitely not a legitimate
Apple or iCloud link and is one of countless spoofing Apple’s “Find My” service for locating lost Apple devices.

While maps-icloud[.]com is not a particularly convincing phishing domain, a review of the Russian server where that domain is hosted reveals a slew of
far more persuasive links spoofing Apple’s brand. Almost all of these include encryption certificates (start with “https://) and begin with the subdomains
“apple.” or “icloud.” followed by a domain name starting with “com-“.

This is just one paragraph of this article. The post has brackets to hobble the links from being clickable, and I think they’re worth sharing.

  • apple.com-support[.]id
  • apple.com-findlocation[.]id
  • apple.com-sign[.]in

  • apple.com-isupport[.]in
  • icloud.com-site-log[.]in

As people new to the Internet come to this blog to learn, the article mentions that savvy readers know this and normally either check the link to see where they’re really going, or don’t bother clicking.

The problem we as blind people have is that these emails just say verify your account, as the link, and we don’t have any way of verifying the link. To make matters worse, Safari to my knowledge will only show apple.com when we double tap on the link to see where we’re going. This makes it quite hard for us to really verify these links, so I aught to say, check the address. In Michael’s case, the address that it was sent from was completely different than those that apple may use. Also, keep in mind that not all Phishing emails will be alike. They may be still coming riddled with mistakes, non-sensical aspects to evade detection by changing letters in certain words, and other aspects that I may not cover here.

Of course, any domain can be used as a redirect to any other domain. Case in point: Targets of the phishing domains above who are undecided on whether the link refers to a legitimate Apple site might seek to load the base domain into a Web browser (minus the customization in the remainder of the link after the first forward slash). To assuage such concerns, the phishers in this case will forward anyone visiting those base domains to Apple’s legitimate iCloud login page (icloud.com).

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing
scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

This is sound advice, but sometimes the curious get curious. I would say to check the address. In mail, find the name where it says from and look carefully at the address. You can see where it goes without adding it to your contact. When done, double tap done.

Since a lot of people now have iphones and/or android devices and not necessarily a computer, this may be the only way for us to be safe. Thanks Brian for giving us yet another very interesting article to talk about and bring a different way of presenting a different aspect to this phishing problem.

Have any other advice to share? Please leave your comments here, and we’ll be in touch. Thanks so much for reading!

Comments (0)

Security Now from last week

I started doing this last year, and now I’ll try again. Here are the notations of Security Now!

Here is their RSS feed and here is the web page if you wish.

SN 749: Windows 7 – R. I. P.
?Tuesday, ?January ?14, ?2020, ??7:18:33 PMGo to full article
This Week’s Stories:

  • Windows 7 support dies today, but 1 in 7 PCs are still running it
  • Cablehaunt- the remote exploit with the catchy logo that works on ALL cable modems
  • US government still wants backdoor access to iPhones
  • CheckRain iPhone jailbreak keeps getting better
  • How Apple scans your photos for evidence of child abuse
  • The sim swapping threat
  • Anatomy/timeline of the exploitation of an unpatched VPN bug
  • And speaking of patching right away… patch your Firefox browser right now!
    Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Hope this finds some interest on people.

Comments (0)

A search engine for searching for personal info shut down

Hello folks,

In my article posting yesterday, it occurred to me that I didn’t cover something that made the cyberscoop news in a good way. Cyberscoop covers government stuff as well as good news like the article entitled WeLeakInfo, a search engine for breached personal data, shut down and thats a good thing. I’ve never heard of this site, but anything to allow people to search for things that could be harmful like breach info is a good thing.

U.S. authorities have shuttered a website claiming users could scour more than 12 billion records compiled from some 10,000 data breaches to purchase usernames,

Thats a lot of info, and I could see why this web site was shut down. If you were looking to see if your info was out, thats one thing, but to look to see about others so you can use it and use the info to take over other accounts isn’t OK and should not be allowed.

I’m passing this along in the good news category, let me know your thoughts. Should search engines up for people to search whatever you want to, even if that means that people can lose their accounts to others?

Comments (0)

Equifax is back in the news … can’t get a dime

Hello folks,

According to the latest on Equifax, also known as equiphish, they’re now claiming in this article entitled Equifax to pay customers $380.5 million as part of final breach settlement, I doubt that we will ever see a sent of that. For me anyway, I can’t prove that my info is being used or hahs been use for ill gain, so that means I don’t get a dime of this money. While the settlement is great for those who are effected, the reputation of the company is beyond repair. To make things worse, the other credit monitoring services are just as guilty for similar fates but not as bad. I really don’t know what else to write about this, except that I have articles on Vocal covering my thoughts long term.

Besides those two, this tech blog search will cover a ton of stuff from podcast notes, to many other articles across the landscape. I want some of that nmoney! Even if I have to put it away elsewhere for my future needs, this is something everyone has been effected from, even if its just news worthy and nothing personal has happened. The fact its out there is damaging enough.

January 18th, updated the post to fix HTML and some spelling mistakes found.

Comments (0)

Don’t let the vulnerabilities get you down

I read an article entitled Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601 and it was quite interesting. This is going in to more details on one of the worse vulns Microsoft has had, that they need to fix several major versions of Windows. This blog post which was posted several days ago talks about some of the articles I’d not had read and since have, in regards to patch tuesday. The lead article gives more info about the second Krebs article that was posted in the earlier blog post.

Comments (0)

We’ve got a capture, its hopefully the first of many

I meant to write about this, but now I’m thinking about it. Krebs on Security posted a blog post about a capture and I love posting these things. Alleged Member of Neo-Nazi Swatting Group Charged was posted on January 10th and I recently read it within the last couple of days. I found the story enlightening, and I think you might too.

What interested me about this story is that Brian, and/or his family, was eventually targeted in whatever this group was up to. Hopefully, there are more stories like this one this year, its lovely to see!

Comments (0)

NLS BARD releases Bard Express 2.0.32

I’m a little late for this, but I think that this is important to pass along. This comes directly from the BARD mailing list and from BARD themselves.

I hope the following is of interest to those who use this utility.

BARD Express Now Available

The National Library Service for the Blind and Print Disabled is pleased to announce the next version of BARD Express. Version brings many features
to NLS patrons, providing new ways to discover even more of the national collection of books and magazines.

Here is the list of the new features available in this release:

Public or Private:

By choosing the Public option during installation, the new version of BARD Express can be installed on computers that are available to the public. This
means the program will not retain user credentials any time the program is closed, or is left idol for 5 minutes.

Choose the Private option during installation to have BARD Express remember your username and password so you don’t have to.

Choosing Your Preferred Format:

Tell BARD Express your preferred format. Have BARD Express display audio, braille, or both formats, it’s up to you. Change it at any time by opening the
Preferences menu, or by using the keyboard command Control+E.


BARD Express can now search for, download, and copy braille books and magazines to an external storage device for your reading on the go.

Column Configuration:

There are 2 additional column types that can be found under Column Configuration: Format, and Date Added. Format lets you know if the book is braille or
audio. Date Added informs you when a title was added to BARD.

Back One View: Escape

You can now use the Escape key to return to a view you just came from. For example, perhaps you opened the book details page of a title that sounds interesting.
After reading the details, you decide that book is not for you. Press the Escape key to return to the list of Recently Added books and Magazines.

Manage Devices: Control+N

This is the new keyboard command assigned to open the view where you can manage external storage devices. In addition to the new keyboard command, this
dialog now provides a utility to eject the cartridge or thumb drive. The keyboard command to eject the drive is Alt+E while in the Manage Devices dialog.

Open the Download Status view: Control+T.

There is now a place to keep track of your downloads in progress. This is handy when you have multiple titles downloading at the same time.

Find: Control+F

This utility gives you even more control over finding which books and magazines you want. From within menus such as Recently Added Books and Magazines
for example, use the Find utility to sift through metadata to refine the type of material you want. After opening a view such as Recently Added Books and
Magazines, tab or shift-tab to locate the “Find” button and open it. As an alternative, use the keyboard command Control+F to open the Find dialog. This
feature works with any list of books such as your existing Bookshelf, Recently Added Books and Magazines, Most Popular Downloads, and after clicking a
specific subject under Browse By Subject. The various checkboxes in the Find dialog tells the program where to look for the text string you want to find.
The checkboxes include: Title, Author, Annotation, and Content Flags. They are checked by default, which means the program will sift through each of these
items to see if they contain your search criteria.

Reset Find utility to the default: Alt+E

This Reset button returns all options in the Find dialog to their defaults, and erases any text from the Search field.  Activating the Reset button will
result in the original book list repopulating. For example:

list of 6 items
1. Load the list of Most Popular Books.
2. Run the Find utility and type a search such as “Romance” without the quotes.
3. Choose the Okay button.
4. The resulting book list will likely be less than 50, assuming you have BARD Express to display 50 books at a time.
5. Open the Find utility again, and this time choose the Reset button.
6. The Find utility will close and focus will land in the original list of 50 books
list end

Filter utility: Alt+I

The Filter utility lets you choose to see only fiction, nonfiction, or music titles.

Bring up a list of books such as in Most Popular Downloads. Navigate this dialog and choose the “Filter” button. This dialog presents a few control types.

list of 4 items
• Use the “Item Type” combo box to choose either Books and Magazines, or Music.
• If Music is highlighted, you will see only music materials after clicking the Okay button.
• If Books And Magazines is highlighted in the “Book Type” combo box, use the set of radio buttons to choose fiction, nonfiction, or all if you want to
see both fiction and nonfiction titles in the same list.
• Click the Okay button to get the resulting list of books.
list end

Previous Downloads: Alt+V, P, P, Enter

Users of BARD Express now have the ability to access their list of previously downloaded books and magazines.

Under the View menu in the menu bar, choose Previous Downloads to see your list of previously downloaded titles.

Or, type the keyboard combination, Alt+V, P, P, and Enter

Sort: Alt+T

To try out the new keyboard command, navigate to a list of titles such as your Bookshelf, Wish List, Recently Added, Most Popular Downloads, or Browse
By Subject. After bringing up the “Sort” menu, explore the new ways you can sort the titles.

Subscribe to a book series or magazine: Alt+S

This keyboard command lets you subscribe to your favorite book series and magazines.

list of 4 items
• Locate a book series or magazine and open it so you see all the titles in that series or magazine publication.
• Choose the Subscribe button.
• BARD Express will say that you are now subscribed to the item.
• Choose Okay.
list end

Unsubscribe to a book series or magazine: Alt+U

list of 4 items
• Locate a book series or magazine and open it so you see all the titles in that series or magazine publication.
• To unsubscribe, choose the Unsubscribe button.
• BARD Express will say that you are now unsubscribed to the item.
• Choose Okay.
list end

Manage Subscriptions: Alt+V, S, S, Enter

An alternative to unsubscribing to a magazine or book series as described above, consider managing all your subscriptions from one place.

list of 4 items
• Open the View menu in the menu bar, Alt+V
• Scroll through this menu until you find the item named Subscriptions, and choose it. Alternatively, use the keyboard command listed above.
• Open the item you wish to unsubscribe to.
• Choose the Unsubscribe button as described above.
list end

Here’s how to download the software.

If you’re already using BARD Express:

list of 4 items
1. After running the program, open the Help menu and choose, “Check for Updates.”
2. If you’re not already running the latest version of BARD Express, the program will notify you that a new version is available.
3. Choose the option to download the software. BARD Express will download the new version and start the installation process.
4. Follow the prompts to complete the installation.
list end

Alternatively, you can download the software from:


Note, this version supports Windows 7.0 and above.


The BARD Support Team

Comments (0)

The first 2020 patch Tuesday is here, are you ready?

Hello all,

I have not gotten a chance to read any particular articles but the first patch Tuesday of 2020 is here being the week ending January 17, 2020. Tuesday is the 14th, and there are two articles from Krebs on Security on this one.

The second from Krebs seems quite interesting. The notations from Security Now! for this week indicate that they will be catching you up on the news of the final patch Tuesday for Windows 7. But the article from Krebs talks about a patch that goes back several windows versions.

You can’t forget the Trend Micro Security blog January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs to boot. I’ll get a chance to read some of this soon, but it is definitely time to see if its time to update your computer. While I am unable to do so at this time, I plan on doing so before my next Internet radio show which is on Saturday. That will be of importance Friday or Saturday.

Its important that we catch up with our patches as soon as we can. Lets stay safe, and thanks for reading and listening to the blog and podcast!

Comments (0)

Technology podcast 335: Trend Micro predictions, AVA and a talk, and the Canute 360 talk

I’ve got the podcast on the rss feed and an mp3 can be had upon request. WWe’ve got a wide variety of topics taking a little over an hour. Below, find the show notes.

Welcome to the Technology podcast, podcast 335. On this edition, we do talk about a few things including security, transportation, and braille, but in a different light. Translation software was talked about in the talk, but nothing too specific. Here are the topics.

  • On our first segment, Trend Micro’s 2019 report and 2020 predictions. I talk about the numbers and what sticks out with me. Incidently, the webinar that they’ll do this month is dealing with the predictions for 2020. I’ll blog about that after I get a chance to read the email. If you want to read my blog post about the threat report and predictions please go to the blog post entitled: Question: Are we looking for more or less threats this year and if so what kind? from blog The Technology blog and podcast and it links to the article in question.
  • On the second segment, we talk about the automated voice announcement system. Every bus here is supposed to call stops and every train is to call stops too. While it is technology, and it fails, the failure is also within the drivers. It has to work both ways, and my talk which will be presented on Thursday, January 16th, at an Accessibility Awards Luncheon will talk about this. At some point, we must have drivers and passengers work together to get passengers to where they need to go safely. How is it for you in your area? How is the AVA specifically for you? Lets talk!
  • Finally, the canute 360 is discussed. This blog post which was posted on the 10th talks about where to go and links to Blind Bargains. I attended this forum, and what I learned was quite interesting. I didn’t stay long for the questions and answers, but the presentation was quite interesting. Its supposed to be made available for listening at some point. I do want to catch this so I can take the time to listen to the rest of the questions in case there is something else I can learn.

Finally, what is coming up on future podcasts and contact information. I hope you will enjoy the program as much as I have putting it together for you. I look forward in hearing from you!

  • email/imessage tech at menvi.org
  • text/whats app 804-442-6975

If you have other social media, you can use that. The Jared Rimer Network has all contact info made available and links to social media as well. Thanks for listening!

Comments (0)

Join AT Guys on January 13th for an informal demo of a brand new display

Blind Bargains is asking people to join them for a demo of a brand new braille display which is 360 cells and a multi line display. The article Join Us Monday for a Canute Multiline E-Reader Live Demo and Q&A has all of the details of the presentation including dial in options.

Since this gets retweeted and resent one week after posting, it is important to note that its January 10th today, and when it gets retweeted, the event will have already passed. You may still be able to get a recording if one is available, I’m unclear if this is the case. I’m passing this along to subscribers in case they want to participate in this event.

It sounds facinating! Have you ever heard of this?

Comments (0)

Tech podcast 334: SBC Yahoo! having trouble, the beginning of a tutorial, and the Internet being gone for a day

This podcast is packed, and our RSS feed has been updated. I’ll make sure that Mixcloud will be updated as well. If you need an mp3, please contact me and I’ll ship one right away!

Hello everyone, welcome to podcast 334 for January 9, 2020. We’ve got a very interesting podcast comoing up, lets tell you whats on it.

  • What has been going on with SBC Yahoo! mail? Looks like they aren’t communicating with their customers about potential problems. I don’t think this is right, and my blog post entitled Yahoo forcing random password resets … am I the only one supporting someone having trouble? goes in to detail about this in writing.
  • As I tlak about what I want to do with the podcast, I give you the beginning of the Braille2000 tutorial I have created in regards to the talking edition. Go to the Braille Transcribing as a blind person web site to learn more, and download the full tutorial which is based on the documentation. We’ll have more from this tutorial over time.
  • In commentary from last podcast, Shaun Everess talks about how there is a video out there talking about not having the Internet for a day. Instead of linking to it I take this talk a little bit further by talking about it but bringing up the loss of power to boot. What would we do if one, the other, or both occurred? Lets take this for a spin.

As always, contact information is going to be available at the end of the program, and I hope you enjoy this podcast. The podcast runs over an hour in length. Thanks for listening, and make it a great day!

Stay tuned, I’ve got plenty more coming. Thanks for listening!

Comments (0)

Question: Are we looking for more or less threats this year and if so what kind?

Hey folks,

I want this to be a post where you can ponder and form your own opinion. The trends set forth by experts are predictions of what may happen, what may be seen, and what could happen. In no way is it exact, and its a retrospective.

With that out the way, the article entitled The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 caught my attention recently. Trend Micro has a great history of predicting what may happen, what is seen, and what is far out there. I really like the work they do in this field, and they can be known as a true leader in this field.

Headings within this article include:

  • Top five threats of 2019
  • What to look out for in 2020
  • How to stay safe
  • How Trend Micro can help

Trend Micro has had a lot of experience in this field, and the longest serving company and innovating to stay one step ahead of the threat actors if possible is a stepping stone.

Here are the top threats we need to be aware of. Remember there could be more we are not aware of.

  • Home network threats
  • end point threats
  • mobile security threats
  • online accounts under attack

  • breaches

You would want to hope that breaches which contain personally identifiable information would be going down, especially since services like Paypal, Apple Pay, Google Wallet, and others are in use by some people. I know that Apple Pay is being taken by stores because recently I’ve implemented and used it a few times within the last couple of weeks. It does make it convenient!

I see that when it bills my credit card, the credit card has the last 4 digets, and even in there, it has the last 4 of a different account number altogether. If there is a breach, nobody can do anything with that number as my understanding of this is tied to the phone itself, and so each phone will have a different account number.

If I’m wrong, someone please correct me, but this is how I understand it.

What can we expect in 2020 according to this article?

  • Smart homes under siege
  • Social engineering online and by phone
  • Threats on the move
  • Worms make a comeback

I’m not going to paste the article in full as there are links to various other aspects of this including text messaging and other things, so its best to click through to the article and read it.

Since I only have one computer, thats good enough for me. I must keep it as safe as possible, this is definitely something I’m trying to do every day.

There are basic common things we should do when it comes to staying safe. Make sure we apply patches and get router updates. I need to figure out how to get in to my router and see if there are any updates to apply. I’ve never had to worry about that, but at some point, I need to figure this out. I don’t even know the name of the modem/router I even have or how to get in to it.

Feel free to discuss this one, as I know it’ll be a big topic this year. Thoughts are welcome.

Comments (0)

Yahoo forcing random password resets … am I the only one supporting someone having trouble?

This is more of a curiosity thing than anything else, but I have a hunch from what I’m told that this has been going on for a number of years now.

The service AT&T has email service. When we started with this service it was known as SBC Yahoo! Through the years, some have gotten straight att.net addresses although the web site is a dot com for everything else.

In this world, we’ve got many types of people with varying degrees of capability in the technology world. We also know that Yahoo! email has been breached and that came to light three years after the fact.

When you authenticate as an SBC Yahoo! customer using mail, you go to the Yahoo! mail web site.

The authentication is your full email address I.E. which belongs to me. It also asks for your password, which is the account password for that address.

Here’s the problem. I was able to switch the account to a different interface two weeks or so ago. But for awhile now, ATT Yahoo! account holders need to reset their password every two weeks.

My grandmother has had an SBC Yahoo account for a number of years, and has never experienced this until recently. I never experienced it, although I don’t use my SBC address anymore, in favor of my accounts on my domain and my gmail. I understand this has been going on for a couple of years now, and enough is enough! The National Institute of Standards and Technology (NIST) folks changed the guidelines where passwords are not needing to be changed as often, as long as there is not a valid reason for the passwords to be reset.

My grandmother is older than most on this blog, reads facebook, comments on things, plays games, checks email, and does some shopping on amazon for things she needs. Nobody except ATT Yahoo! services have prompted her to change her password.

Here is my hunch based on what I know:

  • passwords may not be as secure as they should
  • company never sent email to my knowledge about said policy
  • too much time was spent on hold trying to get the issue resolved and
  • frustration as to why no email can be accessed and wondering why the account was locked out.

I’ve never seen any of this behavior with any company before. Unless there was a valid reason, I’ve never changed my password, even after all of these breaches. The fact my biological data is potentially out there now, its game over for me! I know this, and I’ve been working hard to make sure I don’t use the same password everywhere and thats why I have Lastpass, the last password you’ll ever need.

I’m thinking that this is targeted because of the potential weakness of the passwords given to me, yet my password may not be all that secure over there anyhow. I’m thinking it may be the same password i use somewhere else.

So ATT, what gives? Why are you making an elderly person who has no knowledge of why and what to do about the issue if you don’t tell them in writing or email or phone?

If this issue persists, I’ll have no choice but to help her either set up a gmail, or even set up an address on the domain purchased for her and hosted through me. Then, I’ll either have to show her that web mail, or set it up through Tunderbird.

For someone who has so much in the way of notifying people and companies, I’m not going to be impressed with having to have her do all of this, and I can hopefully have mail forwarded to the new address in the meantime, but this is enough! Was it the weak passwords? You can check the hashes without knowing the password, and if you notice its weak, reach out! There is no need to make someone change their password every two weaks without probable cause. I know nobody else who is going through this experience, and I’ve not been tipped off to any articles saying there is a problem of this scope.

If anyone else is experiencing this, I’d love to hear from you. Please get in touch!

Comments (2)

« Newer PostsOlder Posts »

go to sections menu

navigation menu

go to sections menu