The Technology blog and podcast

B2K 2.274 February 26, 2020

Folks,

There was a release on February 26th for Brille2000 version 2.274. This is a bug fix release fixing percent code logic in certain situations where it was not working corectly.

If you need assistance updating, please lt us know.

Go to pannel, file management, fetch software update.

Whn closing Braille2000, it’ll prompt you to install and downoad th verson.

If you’re working, you may use the program till you save and exit it.

Please contact the B2K team for more info an thanks for reading!

Comments (0)

What happened to respectible playing on games?

Hello,

I really didn’t want to post this kind of post, but I want this to be a thought peace, not bashing on any type of platform.

Recently, on Dice World, someone posted in the newly created forums that have been around for awhile now. They were asking why they could not participate in the tournaments and the people running it said they would look in to it.

Several days later, they said that they haven’t heard anything and posted again. My hunch was that they were cheating somehow, but yet, I do not know how since nothing was discussed. They went so far as to ask how to cheat in several other games. I finally responded saying that if they were cheating, chances were that they were banned for that. The developers of the software ended up confirming what I had suspected all along. I also posted that if they were cheating and asked for cheating in the other games that they should be banned from the forums and even the entire game!

No matter whether it is Dice World, some other poker game or any type of community, cheating should not be around, and those caught should be punished.

If there are laws to protect citizens from getting hurt and abused, there should be rules in place for the cheaters like this one player. The developers are now wondering if they should have moderators.

I’ve moderated email lists through the years and have been respected for the great job I have done. I won’t tolerate the types of crap that I’ve had to report to the developers whether through the messaging system or the email messages off system, and I know that whoever the developers choose, they will have guidelines to follow.

Its sad that we have to come to this! Where did communities go? Its beyond repair now.

Comments (1)

Another company, another patch

We haven’t talked about hardware patching before, and it used to be something you never thought about. For the last few years or so, the people behind all of the stuff we’ve been talking about have decided to target the hardware side of computing. In a very good piece by Krebs, we learn that a particular company patched hardware that was being used for ransomware attacks and that, may be the icing on the cake. I don’t believe I’ve ever heard of this before, and if that trend continues, we can be in for a very long year.

Patching hardware aspects of things can be quite difficult. It is not pushed to us like software can, we have to go get it. In the age of how things work today, we need to either be notified of the update, or it needs to be pushed directly to us. Especially if it is within network hardware or even software. The article Zyxel Fixes 0day in Network Storage Devices is what I’m posting about on this post, and this may be the beginning of the hardware patching for network stuff. Did you see this when it was posted and what are your thoughts?

Comments (1)

Another breach, yet another mistake

A company today called Slickwraps revealed they were yet another company that made a mistake in their trust of personal data. As indicated by security postings by people knowing more than I, its only going to get worse and this company claims in the posting that they hope to learn from this adominal error and hopes to regain their customers trust. Those who checked out as a guest were not effected, and no financial data was known to be harvested. The people behind the intrusion found a hole in Zendesk, the support forum which I’ve played with.

Slickwraps says customer trust was ‘violated’ in data breach caused by glaring security holes is the article, and they’re glaring.

Comments (1)

Is Paypal or Hacker One the bad guys here? You decide!

I was looking at my twitter and it talks about the particulars of these two companies.

Hacker One is one of the biggest agrigators of bugs around and they are to pay money to ethical people who report vulnerabilities.

In this article, Cybernews points out 6 different very serious bugs that could let an attacker take control, change the applicants name, and even bypass two-factor.

The report indicates that the people behind these bugs lost points because Paypal or Hacker One closed their cases and didn’t deem the issues seriously.

• the most severe to least severe, as well as how each vulnerability can lead to serious issues for the end user.
• #2 Phone verification without OTP
• #3 Sending money security bypass
• #4 Full name change
• #5 The self-help SmartChat stored XSS vulnerability
• #6 Security questions persistent XSS

Each of these has information on how the ethical hackers did each of the items and Paypal and Hacker One’s response.

Paypal wants these bugs, but it seems like they don’t want these bugs and or they quietly patch them without given time to the researcher(s) that have reported it.

We found 6 critical PayPal vulnerabilities – and PayPal punished us for it is the name of the article and it was written by Bernard Meyer for this web site.

This has to be bad, and both companies should be ashamed of themselves! Gives these ethical hackers and this team some credit to try and help you. Its OK to say two of these bugs were duplicates, but 4 other bugs were downgraded? I don’t understand this crap! Both companies have some explaining to do.

Comments (1)

Have You Heard of Kids Guard? You may, and its not good

Naked Security has a very detailed article on an IOS and Android app called Kids Guard.

The purpose of the app was to protect the child or person using it from their information getting out … so you thought. Problem is, both Android and IOS versions are melicious. This is categorized as stockerware, or stocking the user and taking their data with it.

Under what to do, it says:

Whittaker put together a “detect-and-destroy” guide for identifying and removing KidsGuard from your Android phone, but first, you need to to check whether the app has been installed: Go to Settings > Apps, and see if “System Update Service” is listed. This is the name that ClevGuard has given the stalkerware to hide it from the user.
If you think your Android device has been infected with KidsGuard stalkerware, check out the rest of his guide for instructions on removing it.

Under the IOS in the same section:

For iPhone users, Paul Ducklin has the following advice: If someone has full remote access to your iCloud then you’re in big trouble. They can find out loads about you, and can change it all, too, including resetting your own password and locking you out of your account. So don’t delay, use 2FA today.

If you suspect someone else has access to your iCloud but hasn’t locked you out, go in yourself, change your password and review your settings.

This has got to be the worst it can get. If a program is supposed to be here to help us protect our data, and our data can do so much to hurt us, than its no good! I don’t understand what this company is doing getting in to everyone’s account. Are there better things to do?

I retweeted this and said there was a blog post coming, and thats this post. They aught to be ashamed of themselves for getting in to icloud and having the capability of seeing everything one has up there and more. Distasteful!

Here we go again! KidsGuard is like other many other commercial-grade spyware in that the stalker needs to have physical access to a device in order to install it. It just takes a few minutes. Whittaker reports that after installation, there’s no rooting or jailbreaking required. ClevGuard says the app can also be used for iPhones without access to the device (as long as the user doesn’t have 2FA on, in which case you would need to access the phone) if you give it the target’s iCloud credentials.

There’s nore, so go read this naked security blog entitled KidsGuard stalkerware leaks data on secretly surveilled victims and make it a great day! Be careful out there!

Comments (1)

Ransomware Shuts Gas Compressor

This is coming across my desk, and this is getting bad. The article will speak for itself, and its something we should be concerned about.

A recent ransomware attack caused a U.S. natural gas compressor facility to shut for two days.

Source: Ransomware Shuts Gas Compressor

Comments (1)

Lots of evasion techniques including geoblocking and IP addresses

I recently read an article dealing with geoblocking and IP addresses. This is a phishlabs article, and it was quite interesting at what criminals can do. Evasion Techniques: Geoblocking by IP is the article and I think it is worth the read.

The post was posted on the 20th

In order to increase the lifespan of their campaigns, most threat actors implement evasion techniques to keep their activity from being detected by defenders
and their intelligence tools. In this blog post, we’ll take a look at how geoblocking by IP is used.

This was quite an interesting blog post, and it is definitely something to think about. Do read this one.

Comments (1)

AI having a help in cyberattacks?

Lastpass has an article talking about AI having a hand in protecting the user in regards to Cybercrime. I think this could be utalized in many different ways from password mitigation and saying that you can’t use such passwords or even in some way that you or I haven’t thought of. Using AI to Protect Your Business from Cyber Attacks is the article, and I don’t think I read the article yet. I was just contemplating it since I saw the title and I’m going to open it up for commentsto see what you guys think.

I’ll make sure to give this one a read.

Comments (1)

Pay up, … Google will ban your web site if you don’t pay

This is extortion at its best. In an article entitled Pay Up, Or We’ll Make Google Ban Your Ads Krebs On Security pens a tale of crooks who are trying to extort money by telling you that if you don’t pay the extortion, your web site will be banned by Google.

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

I’ve never used add sense, and if I had thought about using it, I definitely am not going to utalize it now. Thats going to ask for trouble. I don’t honestly know what sites are using now, I know that Blind Bargains may have used them at one point, and they may have moved away from it now. I honestly don’t know.

If you use this program to make money, you aught to watch out.

The article does go on to talk about someone who did have a spike in traffic from their account, and people may look in to this and determine that it may be legitiment.

Welcome to the Internet! This can’t be good.

Comments (1)

Los Angeles Metro reports Crime is down

In a non-tech posting turning tech posting, Los Angeles Metro reported that crime is down on the Metro system. Crime down on Metro system over past five years gives the stats on this.

Some things tech related:

• We’ve been asked to test out transit watch, an application to report incidents
• The app can be found on the app store and in google play
• you can report numerous types of things like ADA assistance and even particular crimes
• I’ve tested it by using it legitimently to report an esculator and they went and fixed it.

For those people who have other disabilities, you can now text the metro folks right from the app. If you provide an email or cell phone, they will communnicate with you when the issue is resolved. I did this and even verified things were reported correctly.

If you create an account, you can track their progress and your reports.

If you’ve used the older or newer transit watch, please let me know how you enjoyed it.

Comments (0)

Have you heard of Crooks encoding credit card data on bar codes? Not until I read this article

I sat this article in my brain for awhile coming up with a catchy title for something I’ve never heard of before. Apparently, crooks will not stop at nothing to get their wares out, or even use the wares they have. Krebs on Security penned an article entitled Encoding Stolen Credit Card Data on Barcodes and I found it facinating. I don’t believe I’ve heard of this one before, and its definitely clever.

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.

This is quite clever, and I don’t know how we could stop this one. Scanning bar codes is common in today’s technology, I do have to give them propts on a good one.

Comments (1)

This week in security news: Feb 21, 2020

I haven’t read the article yet, but I did want to post about the fact that Trend Micro put out their article for news, notes, and things of interest for the week of February 21, 2020. This Week in Security News: LokiBot Impersonates Popular Game Launcher and DRBControl Espionage Operation Hits Gambling, Betting Companies is the article title.

I think the biggest news is the bot activity which I covered on this article entitled: LokiBot is back, and its not getting better for users and it is probably the highlight of this news week.

I’m sure that I’ll find more, and only time will tell on what exactly happens with the bot and any other news that you, the reader, may want me to cover on a future podcast.

Find something? Get in touch. Enjoy!

Comments (0)

Using Social Security online

A lot of people use Social Security for living, because lets face it, getting a job is aweful when we have a disability.

My Social Security contact sent me this article from the blog: 10 Powerful Ways to Use Social Security Online which might be helpful. It all sounds interesting, and they do have great security. I’ll talk more about the security in an up coming podcast.

Have experience with the web site? What did you think?

Comments (1)

Android VS IOS, who wins?

In a thought piece The One OS to Rule Them All – 33 Android vs iOS Market Share Stats which was sent to me by email, it is looking like Androit is winning in most places but yet IOS wins here in the United States. Its interesting to see this because we know by reading numerous articles that Android has a big security problem which they’ve started to work on via Android Q and later.

If you read this article, what did you think of it? Its facinating to read how the breakdown is by country, or even as a whole just thinking about the various aspects of this debate.

The biggest stat?

1. Android and iOS jointly account for over 98% of the global smartphone operating systems market share.

That generally means that Windows phone is pretty much done, but yet, it may still be used in some aspect and in certain places. It isn’t mentioned however, but the two major ones are Android and IOS, so where is the other 2 percent world wide?

Read more in the article, and let me know your thoughts on it.

Comments (1)

Anatomy of an attack: Trend Micro February Webinar

John sent an email from Trend Micro about the webinar for February. Want to learn about the anatomy of an attack? Its not too late to post this link to the webinar and fill it out for you to join. My info may be populated and I just signed up.

---

In this webinar, I’ll share with you an example of an actual cybersecurity attack that occurred a while back. After taking deep dive into the cause, effect,
and aftermath of the attack, I’ll also share some hands-on information and best practices to follow.

Join my
monthly threat webinar and live Q&A
session to learn:
list of 3 items
• How the attack was achieved, alongside the ways in which the victim responded.
• Takeaways and best practices surrounding this and similar attacks.
• Valuable insight into how you can minimize your risk of compromise.

Come join me, I hope I can make it. It sounds like its going to be fun!

Comments (0)

Got a strong WIFI password? No? Better think about it

There has been a threat called emotet (emote t) that has been out there since 2014. The latest with this threat is taking advantage of weak, insecure wifi passwords.

When I got my Internet here, I was given a strong password, and I’m glad for that.

This article from Threat post Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm goes in to detail on this evolving security threat that is probably not going to ebate any time soon.

Better catch up on this one!

Comments (1)

Can you bank on backups for ransomware? Article says no

While I’m catching up on news from across the security landscape, I saw this article. It is entitled Why you can’t bank on backups to fight ransomware anymore and it goes in to really good detail on why backups aren’t the solution anymore.

Several different operators of ransomware are posting the dumps of their attacks because they are not getting paid. The places being targeted had backups and one still hasn’t put their web site and other services back online since they were attacked in November of last year.

This is a wake up call, I’d say. Wonder what we should be telling people now if we can’t tell them to make sure they have a good backup if possible?

Lets discuss!

Comments (1)

Hackers inside networks? You bet! Multiple articles showing what has been up

In recent more up-to-date news, I’ve been reading various articles about threat actors being in multiple high profile places.

Hackers Were Inside Citrix for Five Months is one article, but I know I’ve read a few more hat I can’t spot off hand. If this is any indication of whats happening now a days, we’ve got more problems than your typical computer or telephone device of choice.

Have you seen anything like the article I’m putting out here and what did you think? Sound off!

Comments (1)

Is google starting to do the right thing in blocking http downloads over https?

There are multiple articles in the Sans News Bites in regards to Google blocking by October the mixed content aspect of web sites. Say you are downloading a file, and it says its mixed content. The site is https but your download is http. So far it has worked, but this google blog Protecting users from insecure downloads in Google Chrome gives an overview to Chrome and what is expected.

Google has a lot of resources, and applying them to make the Chrome browser more restrictive on unsecure downloads is a good thing. However, I’d really like to see more Google posts about improvements in pre-release security and privacy testing of apps in Google Play. Google’s Vulnerability Reward Program bug bounty payouts almost doubled from 2018 to 2019, which is kind of like a restaurant saying, “Our volunteer food testers removed twice as many glass shards from our food!” Google’s Play Protect was ranked at or the near the bottom of malware detection by AV-TEST in 2019 – it would be good to see many fewer glass shards in published apps.

One of the reasons why I don’t recommend android is because of this insecurity of their apps. The blind community may not get hit with these types of apps, but as shown way back in podcast 3 of the podcast, it can happen.

I recently sent podcast 3 to someone, and while the technology used in that podcast isn’t the greatest, the fact is, that it is still valuable today to have this podcast available. It was the reason why I got started in this business.

If Google is starting to do this protection in Chrome which they should be commended for, than Google needs to start fixing their store and making their apps more secure for everyone. No more apps that act one way in one country, and do something completely different somewhere else. NCSAM: Do you think Android is as secure as they claim? This Android app says not so much! talks about an app that did this.

You can definitely find articles on the topic of google and their insecurities in the play store. I’m not saying that IOS is any better, they all have their issues, but Google’s problems are well known because of the fact its more open.

What are your thoughts on this latest development on Google’s end to be able to blocked the mixed content and whether they could take this to their app store and finally boot these apps and make policies to only allow good apps there? Is it possible?

Comments (1)

Older Posts »

go to sections menu

---