go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: March 2020

Go to Homepage [0], contents or to navigation menu

With new things, comes different risks

I know that my twitter is several days behind, but I don’t read twitter every day, and I came across this article that I think is timely, even though it is several days old.

The article talks about Zoom, which I’ve used once for a webinar. It is accessible with Jaws and screen reading technology. While I’m unaware of much of what it does, I know the free version is 40 minutes which does not help me because if I were to do things, it would take longer than 40 minutes.

I think the 40 minute thing is treated as a demo, and that should be extended in my opinion. A conference can last awhile, depending on the topic. I definitely see the benefit of using this service, and I’ve got nothing bad to say about it.

While I mention Zoom in an assistive technology light as a product, this Zoom is a product that has Conferencing telephone capabilities as well as web. Other services I’ve used have only telephone, or only web. Some may have upgraded capability, check with the service to see what meets your needs!

In the article Holding Class on Zoom? Beware of These Hacks, Hijinks and Hazards we learn about some of the issues that may arrise, and probably have caused some people to wonder if this platform is secure.

As Steve Gibson has said on numerous podcasts, the fact is, we use default options and think they’re OK. This may not necessarily be the case.

I tend to look at options with conferencing and decide how I want to have it. I do set mine pretty much open, but I’ve also not used it all the time, so if people use it to hang out, the system I have can’t do much.

Even one facility I had used it worked where people were placed on hold and when I came in, it went ahead and started the conference. It was part of a package. Some services allow you to call out, and thats nice too.

If you use Zoom conferencing, what did you think of this article and how do you plan to change how you do your conferencing with this platform?

Comments (1)

A very thoughtful blog post from a technology guy now at home

I was looking at Apple Vis to determine what if anything I needed to talk about here as informational. I found a very thoughtful blog post on there on how technology is helping them stay in touch with the people they care about since nobody is venturing out. I thought this would be appropriate to share here, because there is no many articles out there about the dangers, and nothing about how technology is helping people like us, the disabled.

The article itself is not technical, and it doesn’t talk about any particular app, but is more of a thoughtful piece.

I’ll be putting this in the accessibility section, as it fits there. While a few apps are mentioned, nothing is detailed.

Staying Home: Already a Pro is the article title, and you’re welcome to discuss it here or on Apple Vis.

Comments (0)

Webinar on covid19 from a guy that should be giving this talk

Mikko Hypponen is the chief researcher at F-secure. This is going to be given on the first of April looking like Evening US time. I’m going to attend and see what he has to say. CYBER SECURITY AND COVID-19 is the page, please sign up if you can. I’ll try to tape this for future podcasting.

Comments (0)

Posting on a forum for credit card info: lets teach our kids

I’ve been trying to come up with a way for me to talk about something I saw on a forum, without making it sound like it is one of the worst things you can do.

While it isn’t advisable to be posting questions asking for different types of info, I want to be caucious at the fact that there are people here that may not know better and do something that could harm them.

We’ve all done it, posted something somewhere we shouldn’t have. Its a possibility that I did this, even in my adult years, so I’m going to harp on myself as well as part of this post.

One of the things in today’s internet we need to be aware of are sites called Dark Web sites. Sadly, the Dark Web and the Deep Web can be used interchangeably according to Wikipedia’s lookup on dark web.

Some of the things that can go on in the dark or deep web is credit card selling. Also, tons of personal information is sold in the dark or deep web. With that, what I saw was posted in a forum in the application Dice World, which would be considered the clear web, or the vast majority of the visible Internet.

I’ve talked about Dice World problems before with good news included. The latest bad thing was this post talking about cheating as it relates to games which would include Dice World. We’ve also talked about dice world in our podcasts like podcast 326 and podcast 341 just to name two of them.

I’m not going to talk about this on my podcast, but I want to highlight with this post that the information about asking for information can go on any type of forum or mailing list, and this should not be taken just from the forum on Dice World.

Someone posted on the forum for someone to give them access to a credit card because they could not pay for more space on their icloud. The person in question indicated that they were under the age of 18. I’m not going to mention the age, nor the user name because I do not remember the user name off hand, and the age would not be appropriate to disclose in case it is wrong.

I can tell you that I’ve never seen this type of thing, and responses indicated that people should not give them any information. I was caucious and said that you should only do this with people you trust, not from an open threat such as this.

Mistakes can happen, no matter what the platform is. We’ve talked about software stuff before and now the phishing attacks with the Corona Virus. I’ve also talked about scammers targeting the blind but I don’t feel that this was necessarily the case.

I feel that the report I was given was pretty genuine, this may have been a child. who didn’t know any better, and education is appropriate. If I were able to moderate this, I would educate them about the fact that this is not necessarily a good idea, and that their parent or legal guardian should be responsible for their spending. I know that my stuff is paid for in this way, although I do pay for other things as well.

I’ve made mistakes on mailing lists, and was talked to, so I’m not singling any person out when I say that this person should’ve been blocked. I would definitely hope that once the post was removed by Dice World, immediate communication comensed by Email or messaging through the application to explain that this was not a good thing to do.

We should teach the young, not give them harsh punishments. As it were, the account was created the very day that I saw the post. In part, “I don’t normally do this, but …” and it was followed by the request.

My blog tries to cator to everyone, so if the person effected was to read this, I’d love to talk to you about the Internet so you understand what is happening now especially since things are changing in this world.

Do you know anyone who may be doing this? Do teach them, lets not give them a hard time. They aren’t criminals, yet. Look at the intent and determine whether or not a harsh punishment is necessary.

Comments (0)

Instacart, please get it together

I’m reading from the Huffington Post an article that talks about Instacart, a grocery delivery service having problems delivering because workers want to strike for a very good reason.

If you help out your community like Uber is, than you’ll have happy employees. I’ve recently been told that I should get an instacart account, but after this, I really don’t want to buy from a company that wants to make a profit and not make sure their people are taken care of.

While the article has been updated since the initial publication, there are still things that they do not like that need addressing.

Now is not the time to play games with workers. As I saw somewhere, the next state for stay at home orders is North Carolina. If thats the case, and we have these problems, how are we going to have our needs met? Online is where we need to be, not at the store. I’m almost tempted to just send someone and my credit card. This is not the way I would do things, I would try my best to listen and make things right.

Instacart Gig Workers Threaten To Strike, Demand Hazard Pay And Sick Leave is the article with a video that seems to not have any audio. How nice!

Comments (0)

Russia picking up people doing cybercrime? Seriously?

Cyber Scoop and Kreb s on Security are reporting in two articles that 25 people have been picked up within the region for cybercrime activity. Russia is not necessarily known to pick up their own, let alone anyone for crime to my knowledge.

This is hopefully a step in the right direction, and I hope that this trend continues.

I read the article Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace that came from Cyber Scoop. According to this article, the people behind this activity were running shops such as buy best, or golden ring.

Brian Krebs recently penned an article Russians Shut Down Huge Card Fraud Ring which I’ve not read yet.

I believe in these difficult times, reading good news like this should put a smile on our faces. This is definitely something I like reporting and blogging on. I’m sure that Brian’s article is just as informative as Cyberscoop’s. I would not be surprised if Brian blogged on some of these guys through the years either through his former employer or on his blog.

Lets celebrate some good news for a change!

Comments (0)

More about the Operation Poison News coming from Trend Micro’s intelligence blog

One of the news items from this week deals with operation poison news. This article was posted on the intelligence blog. This is much bigger than the IOS aspect that I had read in the weekly news article found on this blog post.

As discussed, this is done through Hong Kong’s popular forums that people go to talk about various topics. According to the analysis from Trend Micro, this may have started as early as November 2019 since that is when IOS certificates were issued. This may not necessarily be just an IOS problem though, says the article. There may be an android app out there as well, or rather, Android may be targeted by just going to these forums that have these posts.

To make things worse, Trend Micro indicates that these are new accounts, and the posts are not targeting any one individual or group.

To read more about what they’ve found including topics that the posts may cover to get people to click, do click on this article entitled: Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links to read all the details. Very facinating stuff here, I must say.

Comments (0)

Taking the sensus? You can

I’ve never taken the sensus before, so when I got multiple letters saying ensus, I wasn’t sure what was happening. Using AIRA services, I got a code and a web site. I went there, entered the code, and found it to be very accessible. Blind Bargains has a post on this by J.J. and it may lend some additional information. It’s Time to be Counted: How to Take the 2020 U.S. Census Now is the post, and I hope it finds value if you need help.

Thanks for reading. And Thanks Sensus for making the site accessible to us.

Comments (0)

This week in security news, news ending the week March 28, 2020

Hello folks, what a week we’ve had in the cyber security field this week. We continue to see phishing in regards to Covid-19, security has gone up for those working from home, and of course the webinar that we published as part of podcast 342.

I think the biggest news out of this week comes out of Hong Kong. Their IOS users are targeted in an attack from poisoned news campaigns. While I’ve not read the article, this proves my point in Hey Criminals! Keep your hands off our kids and their data! That point I was making was that Google isn’t the only problem, yet we hear more about them than anything else.

Its sad that poisoned news is the topic, but the good news out of this is that these links are posted to forum sites leading to supposed news stories. My tip? Go to the news source for news, not a forum unless its a trusted link where a discussion of such things are regular like this blog for example.

News also came out about the Wawa Breach and an article talking why we should use dark web monitoring. I believe services like Lastpass do this, but I don’t remember whether or not they do this as part of their free services.

Other interesting news talks about how the cybersecurity industry is stepping up to defend places like hospitals and other essential services from these big time attacks that are targeting them during this difficult time. It was also reported by a source I follow that indicated that some ransomware gangs would stop targeting hospitals and the like until this crisis is over. I hope they’ll follow their word.

For links to these and other stories, Nefilim Ransomware Threatens to Expose Stolen Data is the article, and of course the comment boards here and there await your thoughts.

Please stay safe and do feel free to contact me with questions. I’ll be sure to answer them to the best of my knowledge.

Comments (0)

United States Government giving bad advice? This doesn’t surprise me

Hello all,

I’m trying to space out articles, and trying to find some good content within all of the stuff we’re seeing.

In this post, I want to talk about an article I read dealing with security and the government. We all know that the government is the last place we turn to learn about security because of the recent breaches within the sector and other stories that might just make you start asking questions.

In an article entitled US Government Sites Give Bad Security Advice some governmental sites indicate that you should be looking for the “s” in the link as well as it saying in part: “An official Web site of the United States government”

If I were to phish these sites, I could easily write this statement on my web site, make sure I had the secure certificates, and ask for all of the data that the sensus is asking for.

I recently took the sensus for the first time, and it was accessible. I’m hoping that it goes where it is supposed to go, and reading this article makes me think that this wasn’t the best idea.

While this blog post isn’t talking about the sensus per see, one of the sites highlighted is this sensus site that we’re getting mail on.

Brian also talks about sites in the governmental sector that does not have this phrase on it, but I can see why he is saying that it is misleading because anyone can put things up like that, and can copy logos and put them up too.

Its becoming a very interesting world out there. What do you all think?

Cyberscoop has a video on their page, I’m not sure about Krebs at this time.

Russian law enforcement action against accused cybercriminals inside Russian borders is exceedingly rare.

I know that if I were to do something, that I’d be looked for and arrested or questioned at best. I would like to hope that this is the beginning of a change within Russia and other countries that just hack with no consequence.

The comment boards await.

Comments (0)

Hey Criminals! Keep your hands off our kids and their data!

I was up late one evening, and decided to read an article. The article talked about how children are using applications from the Google Play store, using the same names as applications that these kids would be using like Google Hangouts, Facebook, tile puzzle match, and other similar program names. Note that these may or may not exist, but just examples. Just follow me here while I explain this a little bit.

Google! What are you thinking allowing names like this with apps that already having the same name? I didn’t think that was possible to have multiple applications using the exact same name.

In this article, Cyber Scoop tells us that 24 different apps for kids are used to infiltrate the phone and have these guys making money while the app may behave as designed. 56 total applications, according to the article were flagged and 24 of them were targeted toward kids.

The app names I mention may or may not be there except for possibly hangouts, but actual app names mentioned were mentioned in this article. They include a cooking app, a game puzzle, and more.

Tekya is the name of this malware which clicked on adds for the scammers. The applications are not available anymore, they were removed in Early March, according to the article.

I seriously have a question. Hey Google, how come we’re hearing this more from you than we are in the Apple IOS and Mac ecosystem? Sure! We’ve got apps that Trend Micro have reported to apple which do some crazy things when it hits its target, and is normal everywhere else, but come on! Remember this writeup entitled NCSAM: Do you think Android is as secure as they claim? This Android app says not so much! This blog post from NCSAM 2019 coverage covered an application called Yellow Camera. I give some basic highlights of the article and you can search this app name on Google to pull up articles. I thought I linked to it from there, but I don’t think I did by the looks of it.

I believe this was an Android app, but I honestly don’t remember.

Another question, Michael in Indiana reminded me that Google hired mobile security firms to help them to keep these types of applications out. In this case, the developers cloned already existing apps. Google asks mobile security vendors to help keep hackers out of the Play Store is the article linked within the app discussion article. I think it is relevant to this discussion today because we don’t see many IOS apps, and that doesn’t seem right. I’m sure that mistakes like this on IOS are made. While we assume that apple looks at their apps, I personally can’t confirm or deny this, and with the many apps needing approval for updates and the like, a mistake can be made.

I’m OK with an app store making a mistake, maybe a few. It happens! But why are we seeing more of these types on Android if they hired people to help vet these apps on an open ecosystem? Apple is closed as you know, but yet, they still have made the mistake because of the apps behavior and of course, the same encoding code so people can’t see what it does is going to be a problem.

Scammers tried using kids apps in the Google Play store to generate cash is the main article I want people to read from this discussion, but Scammers, leave our vulnerable children alone! They don’t know any better, we do! We may get bitten because of the description, but once we learn, we’ll know what to look for. Children don’t know about these types of dangers. Hands off!

Comments (0)

Podcast 342 is out

Hello all,

Its been a couple of days since I’ve released podcast 342. It was uploaded on the RSS feed on its release, and Mixcloud yesterday. Problem is, I never wrote the blog post, as I was involved in doing something which I needed more help than I could do alone.

Be that as it may, I’m here now, and I want to tell you about the podcast. Trend Micro had a webinar on Tuesday which I attended. I did ask a question which got answered, although site safety checks web sites but its worth it. I asked where we can send spam for the Corona virus stuff for them to see. Site Safety lets you check URL’s to see if they are melicious. Its a nice service they offer and I put my B2K site through there to see what it returns. My main jaredrimer.net site is clean, according to reports and I want to keep it that way.

The webinar is dealing with the major outbreak thats going on now called the Corona Virus, and what threat actors are doing. I’ve seen a lot that is discussed, including multiple emails for masks that are supposedly to be baught to help prevent this.

Here are the notations for the podcast, and I hope you enjoy the program as much as I have bringing it together. Normally I hold webinars to allow people to check it out first, but this is vital now more than the others I have lined up. Thanks so much for listening!

On this podcast, I’ve got a webinar that I would wait on, but its too important. Cyber criminals are taking advantage of this pendemic. I briefly talk about what the webinar has, then enjoy this 57 minute webinar which ends the podcast. Here’s the blog post with the link to the webinar so you may get the slides if you wish. Thanks for listening!

The program will last an hour. The intro isn’t the typical intro, as I discuss the webinar in audio as a whole. The webinar itself is 57 minutes.

Comments (0)

web listings, a true or fake company? You decide!

I read this very detailed article last night by Krebs On Security. Aparently, this company or shell companies, has been around for many years. Remember those emails we got claiming that we can get search engine optimization services for $85 or so? I sent one of these emails to my domain register people and they said the email was a solicitation for service. Since I visited one of these pages once, I was curious because I didn’t order such a service, and search engine optimization is done by putting keywords together in the meta tags of your pages.

Because I understood that much, I knew something about this was not quite right. The phraise “receiving what looked like a bill for search engine optimization (SEO) services” leads to this December 10, 2018 story How Internet Savvy are Your Leaders? which is a great question now more than ever since a lot of them may need to work from home because they are asked to or by something else.

I know many people named Mark, and Mark is a common name among us. This post isn’t about any Mark I know, but Mark is the name in this article where Brian asks a question. Who’s Behind the ‘Web Listings’ Mail Scam? This is the question, and a very interesting one at best.

Have you had dealings with this scam company? Lets discuss it! This is well befor all of the debacle of today, this company has been around here I believe at least 10 years.

Comment boards are open.

Comments (0)

Mac, Watch, TV, and other updates

Apple Vis is reporting that Mac, TV, Watch, and other products have been also updated today as well as the IOS updates. Here is the Mac, Watch, and TV post: Apple Releases macOS Catalina 10.15.4, watchOS 6.2, and tvOS 13.4 for those who want to review it themselves.

Comments (0)

Firefox gets an update in firefox 73 for low vision users who use magnification

In non-corona news, Blind Bargains is reporting that if you use options to magnify the screen for your use with firefox, there’s now going to be a global option for that in firefox 73. This deals with a global zoom option and some backplate options. Tangela has the complete details on this Blind Bargains post: Firefox version 73 introduces several low vision improvements which you can find of interest like I did. While I use a screen reader, its important to cover news like this for those who use magnification. Thanks Firefox!

Comments (0)

IOS 13.4 is released

Several posts ago, I posted an apple vis post talking about IOS 13.4 and its release today. They braught it up to the front of their page, and I think it’ll be good to post this. [Update: Now Available] Apple to Release iOS 13.4 and iPadOS 13.4 on March 24; With Several New Features, but Mixed News for Blind and Low Vision Users is the updated post and there may be new things that may or may not have been covered before.

Comments (0)

COVID phishing trends and campaign updates

I read a very interesting article by Phishlabs, a company tht gathers phishing and intellegance data to share with its customers and us as a whole. Jessica talks about some of the latest campaigns including one going out there that discusses a cure for this very interesting disease.

While we grapple with containing this virus, on top of the attempts also braught up by Today’s Trend Micro webinar that discussed this and other things to keep safe, we know that Spam and Phishing campaigns will attempt to get us to look at what they’re sending because we’re all interested in this particular development right now. I’ve seen spam that say tht we need to buy masks that will protect us from this virus, and I get several of those a day.

There are three different lures that are discussed in this article COVID-19 Phishing Update – Campaigns Exploiting Hope for a Cure which is a must read if you read nothing else today.

Thanks so much for reading!

Comments (0)

Jaws releases March 17, brings free use to everyone through June 30th

I’ve got two pieces of news crossing my desk. As part of the required reboot process for Windows Update, Jaws prompted me to get and install an update. It is dated 3/17/20 and here are the notations from Jaws’s web site.

• In Office 365 and 2019, JAWS and Fusion now properly announce column and row titles for tables in Word documents when navigating using JAWS table reading
keystrokes (ALT+CTRL+ARROW keys). For users who prefer to turn off reading of titles while navigating tables for the current document or for all documents,
these options can be configured through JAWS Quick Settings (INSERT+V) by searching for “table” or “title.”
• If the view in Outlook 365 or 2019 is set to show messages by date, JAWS and Fusion will now indicate using both speech and Braille the date change when
you move from one day to the next in messages lists. For example, as you navigate a list of messages covering multiple days, when you move to the first
message in the new date group, you will hear announcements such as “today,” “yesterday,” “last week,” or “two weeks ago.”
• In Microsoft Teams, addressed an issue where JAWS was not always reading as expected when navigating between messages in a conversation thread.
• Resolved an issue where Microsoft Teams would stop responding for several seconds when CTRL+BACKSPACE was pressed to delete a word in a chat edit field.
• Added a new Language Processing group, located under Text Processing in Settings Center. This group now contains the options for configuring language
detection which allows JAWS and Fusion to automatically switch to the appropriate synthesizer language when encountering text in documents and web pages
in different languages.
• In response to customer feedback, the keystroke to display the text of the current control in the JAWS Virtual Viewer so it can be selected and copied
has been changed to INSERT+SHIFT+V. In Microsoft Teams, this command will also virtualize the currently selected item in a list of messages in a conversation.
• The PC Cursor is now active by default in the Weather, News, and Windows Store applications. Since this cursor now works much better in these apps, it
is no longer necessary to use the Touch Cursor.
• JAWS now indicates when text on a web page is marked as deleted or inserted.
• Addressed issues with JAWS and Fusion not always reporting the correct information when navigating tables in Chrome and Edge Chromium.
• When using the ARROW keys or Navigation Quick Keys to move between controls on web pages like check boxes, resolved an issue where the visual highlight
was not properly tracking the location of the Virtual Cursor.
• Addressed an issue where pressing Navigation Quick Key G to move to graphics on web pages was not working as expected in both the Chrome and Edge Chromium
• Addressed a customer reported issue with JAWS not identifying edit fields on certain websites in Chrome.
• If Contracted Braille input is enabled and you select all text in a document using CTRL+A, resolved an issue where using the Braille command LEFT SHIFT+D
(DOTS 1-4-5) was not deleting the selected text as expected.
• Removed extra blank lines that were appearing in the JAWS Virtual Viewer when using WINDOWS Key+SEMICOLON to display comments in Word documents.
• Resolved a customer reported issue where attempting to use voice aliases to indicate attributes such as bolded text were not working when using Vocalizer
• Resolved an issue where the emoji for a red heart was being incorrectly spoken as a black heart.
• When using the Wikipedia Research It lookup source, only the link to the article is now displayed. Due to changes with the Wikipedia website, JAWS is
no longer able to retrieve the synopsis.
• You can now press INSERT+SHIFT+B in either desktop or laptop keyboard layout to obtain battery status and charging information as well as network connection
status. You can also still use CAPS LOCK+SHIFT+B in the laptop keyboard layout to read this info.
• Added a new dictionary entry for “endnote” that is specific to the Eloquence synthesizer to improve this announcement for Fusion users. Other synthesizers
like SAPI5 and Vocalizer Expressive already speak this correctly.
• Resolved a long-standing issue where configuring individual punctuation settings for a voice profile using the Voice Adjustment dialog box was not working
properly. For instance, if you set the punctuation level to None for the PC Cursor voice, but leave it set to Most for the JAWS Cursor, Keyboard, and Tutor
and Message voices, JAWS should now use the correct punctuation setting depending on the active voice.
• Updated the JAWS Hot Key Help (INSERT+H) for Skype to remove references to the Back button that existed in prior Skype versions and is now no longer

Also coming from Freedom Scientific’s home page, Jaws is now free for personal use through June 30, 2020. The entire message is available with a link on Freedom Scientific’s web site. During this difficult time, this is nice to see. Please stay safe, and thanks for reading.

Comments (0)

IOS 13.4 to be released on Tuesday

Tuesday is going to be a big day, according to an apple vis post talking about the release.

There are some bug fixes, and regressions according to the post. While they’re a small team, I want to make sure that you understand that the post linked to here may not be the case for you, and may experience things differently you might. Yes, I wrote it that way on purpose.

In any light, I want you to see this post, and you’re welcome to look at it and determine if you want to wait, or whether you want to go ahead and update.

Apple Vis: Apple to Release iOS 13.4 and iPadOS 13.4 on March 24; With Several New Features, but Mixed News for Blind and Low Vision Users

Comments (0)

This week in security news week ending March 21, 2020

In no surprise news, Covid-19 is the main topic this week from working from home, protecting yourself using your home network, and other types of news in that variety.

There may be other things that I may not have seen or decided not to post as an article.

Have you seen something you’d like me to cover? Get in touch.

This Week in Security News: How to Stay Safe as Online Coronavirus Scams Spread and Magecart Cyberattack Targets NutriBullet Website is the article and I will await your ideas on what we should talk about.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu