go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: October 2020

Go to Homepage [0], contents or to navigation menu

What books to read, what did you find?

Well folks, this year’s NCSAM was quite different, and there may be articles that interest me that I’ve not yet read.

For those who may want to read, there are plenty of books of phishing, scams, and other topics on how to protect yourself. You can search the blog for NCSAM posts, and I’ve blogged about several different books on different topics.

Scott Schober has two great books which you can look up. I’ve also blogged about other books that I’ve read too.

The blog is open to allow you to post your recommendations on what books you’ve read.

Fraud!: how to protect yourself from schemes, scams, and swindles DB50194
Bertrand, Marsha. Reading time: 8 hours, 34 minutes.
Read by Gregory Gorton. A production of the National Library Service for the Blind and Physically Handicapped, Library of Congress.
True Crime
Examines economic fraud, a billion-dollar business that victimizes more people than violent crime. Describes Ponzi and pyramid schemes, affinity fraud,
and scams involving high-tech, stocks, commodities, and franchises. Discusses con artists’ techniques, how to prevent being duped, and how to react if
targeted. 2000.

Here are other links to things that may be of interest.

What did you end up reading and do you want to discuss them on a future tecch or security box podcast? I’ll be looking forward to your responses and feel free to get in touch!

Comments (0)

URL tracking systems being abused for phishing and other attacks

In the final NCSAM article this year, yes, I haven’t posted that many this year, we’re going to talk about URL tracking systems are abused.

First of all, the Jared Rimer Network does not uuse these systems at all. Such systems may include podcast tracker services, Google add words or google add cents. I’ve never used them as I can provide my own links, and even though Sendspace gives me a download count on files, I don’t know where it is downloaded and I don’t really want to know.

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive
carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads’ tracking system
to evade email filters. 

Even the URL shorteners like is.gd and others through the years I don’t use either. One service I talked about in podcast 318 was a site still operating called cutt.us. I do like them because you can check the URL and see where it really goes and get stats. The shortener bit.ly does the same thing, and I’m sure many others do too with an account.

I’ve always been in the belief of showing my visitors exactly where they are going. If it’s shortened, its shortened by services like twitter through their shortener which is checked for bad URLS and they disable those URL sites and not leave it up to others. Even Facebook shortens links at times, but its mainly used for twitter where the messages needed to be much shorter.

URL tracking systems use parameters to pass through various pieces of information for managing advertising campaigns. One of these parameters is typically
the final URL that the ad service should redirect users to after they have clicked on the tracking link.  For Google Ads, this is the adurl parameter. 
By replacing adurl value with a phishing link, threat actors can easily subvert a legitimate Google Ads tracking URL and use it in attacks.  
To demonstrate this, we took a Google Ad tracking URL, and modified the adurl value to our website:

While the URL given was a sample and leads to Phishlabs, this method can’t be trusted anymore and for one, I won’t ever use it. I understand these services pay pennies to the click anyway, so I never was on board with using such a service to make money.

There are several services that are abused besides google and one of them is Verizon Wireless’s site. The actors go where this is set up and abuse something that can be used for good.

Phishlabs has more on this, but I want to talk about the fact that I don’t use them, and if I do, it’ll be on request by the sender or if the URL is so long it just breaks. That’s why I build my sites with not so long URL’s. It is going to be a better trip for me in the long run as long URL’s would be flagged if people uploaded such things to my pages.

Want to learn more about this? How URL Tracking Systems are Abused for Phishing is the article and it is written by Sean Bell. I hope you enjoy reading this article and my thought on this topic.

Comments (0)

Blueprints released, company claims they aren’t a big deal

I was catching up with Krebs on Security today and a story a little back dated talks about a company who had security blueprints taken and an attack for the extortion variety type stopped.

As these cases go, it always starts somehow either by an email or through a vulnerability through software. After that, the actors can stay inside of the network for as long as they want.

Apparently 38,000 documents were extorted from the company, according to the article which has a link to a news report. This material was uploaded to a public server, the article continues.

Larsson quotes Gunnebo CEO Stefan Syrén saying the company never considered paying the ransom the attackers demanded in exchange for not publishing its
internal documents. What’s more, Syrén seemed to downplay the severity of the exposure.

“I understand that you can see drawings as sensitive, but we do not consider them as sensitive automatically,” the CEO reportedly said. “When it comes
to cameras in a public environment, for example, half the point is that they should be visible, therefore a drawing with camera placements in itself is
not very sensitive.”

It remains unclear whether the stolen RDP credentials were a factor in this incident. But the password to the Gunnebo RDP account — “password01” — suggests
the security of its IT systems may have been lacking in other areas as well.

The RDP credentials, according to the article, was set up by the hackers so they can have access in to the company any time they wish.

Want to read the entire story from Krebs? Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo is the article, and I hope you enjoy this one.

Comments (0)

Is Flash really dead? Naked Security says yes

I saw this opinion piece yesterday and finished it today. There is a KB article linked within this opinion piece that flash is now really dead.

As ann accessibility standpoint, flash was an on again off again accessibility nightmare. Sometimes it was easy to use, other times sites made it difficult. I honestly don’t remember the last time I was prompted to use flash within the last 6 years, and this computer was baught in 2018.

Security Now’s Steve Gibson from GRC has moaned for years about flash and the continuing patching that needed to be done. He and others have indicated that flash should be abanded unless its absolutely needed, I.E. install it only on a browser that you dedicate for using it.

Want to read the opinion piece I’m referring to that says flash is dead now for good? Adobe Flash – it’s the end of the end of the end of the road at last comes from Nakes Security at Sophos. Its a good read, and I hope this is the end.

Comments (0)

Apple Adding Customizable People Detection Capability to LiDAR-Equipped iPhones and iPad Pro with Upcoming Releases of iOS 14.2 and iPadOS 14.2

Apple Vis is having a blog post about the up coming IOS 14.2 which is not available to us yet. I read this blog post which i’m using for my title and this sounds quite interesting. Too bad I don’t have a 12, as I needed a phone earlier this year as my phone pretty much died. Want to read more about the new potential features of IOS 14.2 to soon be released? Apple Adding Customizable People Detection Capability to LiDAR-Equipped iPhones and iPad Pro with Upcoming Releases of iOS 14.2 and iPadOS 14.2 is the blog over at apple vis, and this should get interesting.

Comments (0)

76% of applications have at least one security flaw

This particular article was part of this week in security news, linked in a prior post here on the blog. Its a very interesting article, and i’m sure that these 130,000 applications are all mainstream applications covering a wide range of things.

Each week, the government’s email list I’m on sends out a vulnerability summary of various applications from adobe and many others. Last week saw a wide range of problems in high and medium categories from one app set alone. While I’m not targeting any one specific app, its important that 130,000 applications is probably a subset of the larger picture of which these applications are a part of.

Want to read more? 76% of applications have at least one security flaw comes from help net security. I’ve read from them before, and I’m happy to see them around. My blog post takes from the same title, which is linked here.

Comments (0)

Here’s what has been read, blogged, and talked about: news ending October 30, 2020

i was going to cover Twitter and their handling of misinformation, but seeing that the election is several days away now, I changed my mind. On the topic of misinformation, social media should not be your source for news because of the fact it is so open, and that can lead to lots of questionable things like people phishing you by posting through direct messaging systems enticing you to click because you’re interested in more information on a particular topic. It does go with the security landscape, but I’ve decided not to cover the article in such closeness to the day of election. Just be safe out there when searching for information.

This week in security news does cover something that I recently blogged about among many other things that might catch your attention. It should be no surprise that trick bot is up to no good, although they recently had to rebuild. Its now going after hospitals. Trend Micro for home networks under the free housecall brand was discussed as part of a tech show on the mix on Thursdays. I believe this is a good thing for people and can be looked at. I didn’t read this, but did you know that there are 76 percent of having at least one security problem? Google is still in it because they had to remove more apps with adware and infected to boot. We covered the Finland patent debacle Read my October 26th blog post on the matter and you can even link to a story from there, or look at the entire news from Trend Micro to find a story at the end of this section.

There may be other articles that I did not highlight in the list, but thats all right by me. Want to learn all of what Trend Micro highlighted in their roundup? This Week in Security News: Trend Micro Researcher Uncover Two Espionage Backdoors Associated with Operation Earth Kitsune and Trickbot and Ransomware
Attackers Plan Big Hit on U.S. Hospitals
is the article for this week. Discuss with us what you want and is of interest to you. Want to submit for a podcast? Record your file, and use the sendspace drop box facility to send files. Mp3, m4a, wav, and other audio formats are accepted.

Krebs on Security writes a blog post about a joint release by the FBI and others about a problem that we need to be aware of.

On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying
ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States.
Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning
about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The agencies on the conference call, which included the U.S. Department of Health and Human Services (HHS), warned participants about “credible information
of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”

The agencies said they were sharing the information “to provide warning to healthcare providers to ensure that they take timely and reasonable precautions
to protect their networks from these threats.”

There is an advisory out on it as well and is linked in the article FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals and this may also have been covered in this week in security news linked above.

Speaking of Phishing, NCSAM can’t be complete without a write up of an article I found about URL tracking systems like google add words. Its a good thing that the Jared Rimer Network does not use google add words and cents and any of these types of things. How URL Tracking Systems are Abused for Phishing is written by a new contributer to me from Phishlabs, Mr. Sean Bell.

Speaking of U.S. governmental stuff, I mise well put all of these articles together in here because of the fact security stuff was involved, and I’ll let you all form your own opinion on these.

The third article had interest here because I covered another article either in passing or by mention about that type of thing. Normally attribution is not this quick, but this was different to see in that third article.

From the U.S. Government email list, I’ll pass along what has been sent. Note that I’ve not fully read these, I’m only passing them along as they may be of interest to you.

How do Hackers get your passwords? NCSAM: how hackers get passwords links to an article that I wrote that links to Lastpass and a good article at that.

Have something I missed? Want to have your say? Get in touch and send those articles. Quite a lot here for this time, and I can’t wait to continue to post more throughout the rest of the year. Stay safe!

Comments (0)

The Security box, podcast 16: lots of items including catchup, the government and more

Hello folks,

After the show on Wednesday, I got involved with a potential new client, and yesterday I set up a new client along the network. Be that as it may, I want to try and get some stuff out, which include the notations and download link for this show, and other stuff that I’ve been reading.

Be advised that I’ll be also working on the next podcast, even I’ve got some ideas on the next full tech program, so we’ll have more coming soon.

Now, here are the show notes for this past wednesday’s show. The show is already on the the rss fed for those who want to have it. Those who get it via dropbox already have it.

Welcome to broadcast 16 of the Security Box.

Time to catch up:

Jennifer, the staple it seems to this program, comes in with 8 different commentary pieces we’ll step through in regards to last week’s significant program on privacy, personal information online and the like. We’ll see how this segment goes when it comes to whether there needs to be anything else said, or whether it’ll speak for itself.


  • What do you think when it comes to your web host and what they offer? Some web hosts are Windows based, some are linux based, some may have both, and some … well … may just not care what they host no matter what the platform. In an article entitled Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor which comes from Phish Labs, we’ll talk about a company that seems to be under multiple names, yet surves up all kinds of things that most web hosts would not tolerate. The group behind Planetary Reef leases IP space from a large reseller. I’m considered a reseller, selling space given to me, but a large reseller may be under a company that they buy their space from each month and they sell it to others. Let’s talk about this as there is a history behind the web space market throughout the years.
  • In a related topic I covered and didn’t originally cover under the rundown, we talk about this Krebs on Security article QAnon/8Chan Sites Briefly Knocked Offline and tie this and the first article together.
  • Has the Department of Justice not learned anything about why we need security today? I guess they really haven’t because a Cyberscoop article entitled DOJ efforts to weaken encryption place national security at risk, congressman says was written by Shannon Vavra and it is quite well written.

    Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data:
    This is a power grab.

    The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects
    who use encryption to hide illegal behavior. For Khanna, a California Democrat, the tradeoff is too dangerous

    Most in government do not understand this, and its time that someone really hit the hammer home with this nonsense and lets put it to bed once and for all.

News, notes, and more

For a complete news notes overview, watch this space on the blog. I may have posted more than what is covered here, and what I do cover is only a few items from the subset of things I thought would be of interest. We’re not going to link to everything, but maybe something else caught your attention that I did not cover. Let us see what you think of the news covered in the program, and of course, the comment boards await you.

Things to ponder

I honestly didn’t see this coming. Now, … for a random breach … a psychotherapy center is something I bring up in news notes, but yet it is a serious thing. In things to ponder, I’ll give my thoughts on this one. Its beyond repair.

Want to get the file and don’t want to mess with the RSS feed? No Problem! Download the 171.38mb file by selecting this link. I hope you enjoy the program as much as I have bringing it together for you, and we’ll have another edition very soon.

Comments (0)

NCSAM: how hackers get passwords

I’m continuing to read, and I feel that this article I’ll be linking to should be an NCSAM post. We’ll definitely have more stuff coming, don’t worry.

Today, Lastpass has an article explaining how hackers get passwords. The beginning of this article really hits home with what someone was asking about just today in one of the conference rooms on Livewire.

In every movie with a hacker, there is always that scene where the hacker must guess the right password. A blinking cursor in the password field looms
on a large computer monitor. The hacker is usually under a lot of pressure, with the seconds counting down. They make one or two wrong guesses, before
finally typing the right password, and presto! They’re in. Now they can launch the missile, or stop the missile from launching, or steal all the evidence
that will incriminate the crime boss.  

From what we see in movies and pop culture, you would think that “hacking” is a matter of guessing a few passwords and instantly gaining access to something.
You would also think that it’s usually a solo hacker targeting a specific person for a specific reason – perhaps because their target is a millionaire
or the CIO of a large company.  

But what you see on the big screen is pretty far from the truth about how hackers get passwords and how they use them. 

This is exactly what I’ve said today on Livewire, and that is, that this isn’t how it really works.

We know from experience that Hackers get password through software that isn’t updated, or through an insider, or even through a vulnerability. This is the most important thing we can take from an article like this.

According to the article we’ll be linking to, it says:

First, most passwords that hackers have access to are stolen in large data breaches from popular online services. When popular services like LinkedIn, eBay,
and Adobe have millions of records leaked, the passwords stolen in those breaches are compiled in large databases. Less well-known websites are also regularly
hacked due to poor security protocols. So, what do hackers do? They use these “dumps” of data to perform “credential stuffing”, where they use software (or
“bots”) to automatically test every username and password combination in the database to see if any successfully log on to another website (like a bank).  

Or, if a hacker knows an email address for a user’s account, they can use “password spraying” where they test known passwords (like 12345 and asdf) to
see if any work with that particular email address. Again, bots are running these tests, and only if a match is found does a hacker then use the valid
credentials to try taking over the account. 

My question about the last quoted paragraph is how would the bot know if the password worked? That’s my question.

Another way hackers can get passwords, although not so common today, is to hack your computer. most hackers won’t do that because most routers block incoming traffic by default. They’ll go after the sites that may not necessarily be secure, and sadly, we don’t have any control over that. The other thing this article mentions are keyloggers or even people with physical access trying to log in from your machine itself.

If you were sent a phishing email perporting to be Paypal, a password manager would not fill in your credentials as the password manager sees that the URL you’re on does not match the URL you went to so that you can log in. This is the most important thing you can learn during NCSAM. Whether you use Lastpass, Trend Micro, One Password or any other manager, you want to know where you’re logging in to and know that you can’t log in once you’re on a different site.

If you can add multifactor authentication or what is called two-factor, you’re better off. There are different kinds including authentication applications, SMS, or even touch or face ID. SMS is better than nothing, the apps are better, and even touch id or face ID is probably the best.

Want to learn about the hacking scene? Last pass has the article How Do Hackers Get Passwords? and thanks for reading!

Comments (0)

Now, … for a random breach … a psychotherapy center

First of all, any type of doctor, hospital, therapy office or any type of health place of any kind is probably the worst place you can have a breach. Time and time again, we’ve seen different places get breached, but this one is one I don’t think I even saw coming. To make matters worse, this happened in 2018 at some point and we’re finding out now. Like Yahoo’s problems were bad enough at 3 years, yet this isn’t the end of the story.

Cyberscoop’s Joe Warminsky wrote this article and I got to thinking while reading that F-Secure might weigh in. Sure enough, F-secure’s Mikko Hyppönen
did put his two cents worth in to this article as I would expect.

He thinks that this breach is from the work of more than one person. He may be on to something seeing how the company wasn’t contacted asking for a demand of payment some two years later.

If I were to breach a company like this and exfiltrate their data, I’d be wanting to get the maximum for the data I thought the company could pay. I wouldn’t want to wait some two years after the fact. I’d want to maximize my findings.

It is rare to see blackmail from an attack, says the article. A couple of paragraphs from the article indicate that both customers and employees have been victims.

Vastaamo said customers and employees had “personally been victims of extortion” in the case. Reports say that on Oct. 21 and Oct. 22, the cybercriminals
began posting batches of about 100 patient records on the dark web and allowing people to pay about 500 euros to have their information taken down.

The company has opened a crisis hotline for patients to call, with therapists available for free, and says it is working with credit-reporting organizations
to protect the personally identifiable information of anyone affected by the breach.

500 euros is roughly $591.07 at the time of writing. Its chunck change for some people, but could be a problem for others, especially when that $591 is needing to be paid in bitcoin.

Want good news out of this?

Vastaamo, which operates as a subcontractor for Finland’s national health system, said that as far as it knows, patient data created after November 2018
was not breached.

That is just like the breach at Door Dash where people that signed up in 2018 and before were targeted, but yet anyone after the targeted 2018 date was never effected. Here is the door dash blog post from September 2019. Here is a link to podcast 325 of the tech podcast where Doordash is one of the topics.

Want to read more about this bizarre case? Why not go over to cyberscoop and read Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts and let the blog comments begin.

Comments (0)

A big swath of internet space can be reclained

A hopefully good piece to reclaim internet space can be found in two companies that are technically not operating companies. According to Krebs on Security, these companies would have large amounts of IP space, and they would be used to spread information tht isn’t necessarily the best information. I don’t necessarily want to call it miss information since I’ve never seen anything from these companies to my knowledge, but the fact that they aren’t to be operating is probably a good thing. One is in California, the other in Nevada according to Krebs.

Want to read more? The Now-Defunct Firms Behind 8chan, QAnon is the article.

Comments (0)

Here is some more government news

Hey folks,

I think I want to try and catch up the blog, so I’m going to do a governmental post tonight, and we should be caught up.

I’m so tired of someone blaming someone, yet nothing is really done. We’ve got two articles of this nature.

First, Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

China is increasingly tolerant of criminal hackers on its soil if they are willing to hack on behalf of the Chinese government, a senior U.S. Justice Department
official has alleged.

If this is the beginning of the article, might I remind you that China was the first to develop what was once known as the “great firewall.” This firewall didn’t let Chinese citizens to go sites like Facebook, Twitter, or even their own versions of social media if they wanted to. We never reigned them in for that crap, and I talked about it in earlier blogs and podcasts. I’m sure I can find the podcasts if people want them, but this is enough. What are we as a nation going to do about their recent ordeals? Its time we as a nation step up, not just the United States, but all nations against what China has done.

Speaking of U.S. people blaming people and accusing people, how about this article? It is entitled US blames Iran for threatening emails sent to Florida voters and I’ll ask again, what are we doing about this one? To be fair, I’m not sure if Iron has really done anything like this before, so should we be sending them a warning not to do that crap? On top of that, while I did read the article, this type of thing of sending emails pretending to be other entities and the like are continuing to happen all the time, so what do we do about that? This isn’t the first time.

I give the FBI a lot of credit in regards to what they have been doing in the cyberspace arena. This article entitled What the FBI did to make headway against COVID-19 research hackers talks about how they have been trying to help people by sharing intelligence to other companies so they are better prepared. A lot of what they’re doing is permission based, according to the article. This is quite awesome!

Finally, EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack. Its about time someone goes after Fancy bare. This is the first time I’ve heard that they are now being targeted and wanted for something. Fancy Bear has been targeting people with all kinds of stuff.

The European Union on Thursday sanctioned the head of a Russian military intelligence unit, an alleged hacker wanted by the FBI and a Russian government-linked
hacking group over a 2015 cyberattack against Germany’s parliament.

We’ll have to see what happens with this one.

There is so much I’ve not read that I want to read, the fact I didn’t feel well didn’t help matters. I’ll be finding things I want to cover, but this should catch people up. Be well!

Comments (0)

Muddy water is still around, still causing havoc

We’ve not talked about muddy water, another termed group that is out there causing havoc. In an article by Sean Lyngaas, its time we catch up with this group. Seems like they want to go after bunches of stuff including governmental stuff as well as telecommunications.

One of the most prolific cyber-espionage groups linked to Iran has used old tricks — and perhaps a new hacking tool — in dozens of attempts to breach government
and telecommunications operators in the Middle East in recent months, security researchers said Wednesday.

“These actors are extremely focused in what they’re doing,” said Vikram Thakur, technical director at Symantec, a division of semiconductor and software
maker Broadcom. “They’re not using zero days. They’re just looking for commonly available methods along with their custom malware to get into these environments,
exfiltrate whatever they want and then move on.”

These actors have a different agenda which is good, but still as dangerous as shown in the quoted paragraph above. The thing is, we don’t know what they’re going to do next, so we all in company space need to be made aware of what this group is going to do.

‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms is the article from Cyberscoop, and feel free to learn more about what they’re up to and how you might be able to protect yourself.

Comments (0)

What has been read, blogged, and talked about in the Security Landscape: October 24, 2020

Welcome to another week here on the blog, and there’s been a bit of interesting things in the security landscape. There may be other articles, but I’ll only cover those in this post in the security landscape that might be of interest. That also includes the phishing aspect, as Security can only be a human learning experience based on what we see, correct?

Lots of items in this week’s Security News. Its packed from Fancy Bear being on a hacking spree for extortion, A ride on a self driving bus, Russian officers being caught up in stuff, a hacker selling info on 186 million people and more. This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree is the article.

This is why I would not trust the government in anything security related. While the intentions are good in their writing, seems as though the department of justice (DOJ) can’t seem to understand that encryption is the way forward, not trying to weaken it. In an article by Shannon Vavra at Cyberscoop, talks about this and I think its worth talking about. This is definitely going to get interesting as the year draws to a close.

Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data:
This is a power grab.

The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects
who use encryption to hide illegal behavior …

This is only the beginning of what I think we should be talking about. We should be convincing the department of justice to quit this, and support encryption. We know people will abuse it, but you can’t stop advancements in technology. It just isn’t going to work.

What do you think about when you look up a web hosting service similar to what I offer to people including the Mix, Internet Radio? Most providers are going to be honest, we’ll offer a level of service that is comperable to one another without stepping on each other’s toes. We all can’t offer the same thing, some providers offer different operating system environments, yet others may offer services and turn the other way to complaints. One particular situation in regards to hosting reminds me of a Colorado provider who was responsible for this, but I can’t find the article that caught my attention on this topic. If you search out bullet proof hosting, you’ll find many different types of articles from around the web.

The latest in this comes this year when Phish labs penned an article entitled Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor.

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using
this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been
dubbed Planetary Reef. 

This is the beginning of a big problem we definitely need to solve. We know that Phishing and other activities started with the free domain hosting services like ones issued by your ISP or Internet Service Provider. In no way am I saying that all pages hosted through ISP servers are bad, but I am saying that this can be a starting point.

There are other providers in this space which may not offer free services anymore like Homestead. That is where my first personal page came from, way before I baught my domain I use today. It was free, and easy to use. Free is good, but in today’s space, unless you know where to look, free isn’t going to be around. When you choose a provider whether it is homestead, any provider with Cpanel web services, or even a provider who may offer a Windows operating system platform, you want to make sure you choose something that will meet your needs, and you can surely enquire about what types of content are allowed by either viewing the site or contacting sales and support. I know I can’t get in to the illegal game, or my account can be flagged, and that is how all hosting providers should be. No provider should allow the types of things we’ve seen through the years from phishing pages to hosting ransomware and fake pages promoting to be from well-known companies. That should be the next thing we tackle, and how do you, dear reader, think we should do this?

What bothers me about this type of thing is the fact you can have shell companies. Here is something else this article has to say.

Planetary Reef’s infrastructure includes a large number of domains registered through a variety of well-known registrars. Each domain has a substantial
assortment of subdomains that they use to point to different phishing sites hosted on their IP space. In order to quickly set up these phishing sites and
effectively manage their inventory of domains, the group is utilizing dynamic DNS services.   
There are various behaviors that indicate Planetary Reef is acting as a bulletproof hosting provider. These types of hosts allow customers considerable
leniency in the types of illicit material they upload and distribute, and are favored among malicious actors. They have sold hosting services to another
actor targeting large social media platforms. They also have connections to known groups offering phishing-for-hire services. Additionally, we have observed
threats using Planetary Reef’s infrastructure targeting various brands and properties in ways that suggest distinct actors pursuing their own ends. 
The most prominent hosts run by Planetary Reef are Planet Hosting and CNF-HOST.  

More information about each is given, and I think this is definitely worth talking about. What do you all think?

Looks like Trick Bot has been having some big time problems. Trick Bot is really not tricked, it got disrupted and they’re trying to rebuild is an article I wrote after seeing an article talking about how this botnet has been crippled. This is definitely a good sign, and I hope that we can start taking other botnet services down. If it isn’t us in the states, I think it’ll eventually happen with another country. Let’s go!

There’s more in the governmental aspect that may be appropriate for this blog post, but I’ll cover them separately. I appreciate everyone checking out the blog and podcasts, and we’ll be sure to have more stuff coming soon. Thanks for reading!

Comments (0)

MyTelespace tweets, updates users

For the first time since MyTelespace’s outage, we saw a tweet I thought we should pass along from the team that manages the system.

MTS Support, Wanted to give you an update on the status of MTS. We’re waiting for hardware to arrive, so Wednesday is our target date for having the system back on line. 2 hours ago, Twitter Web App

As we reported earlier, the JRN was called about this outage and it seemed like it was technical and later it was confirmed. We’ll have to see what happens as the date comes closer, but I’m happy that they did tweet out to their users who follow them on the social media platform. Do keep up the work, and we’ll see how it performs once it is back up!

Comments (0)

Thunderbird 78 is now out

This Thunderbird page talks about the latest changes in the program version 78. Just by sending some email I needed to send, we can now use comma addressing like we did way back in the day. This is what it looks like.


The sample here shows that there are two addresses, and the program will send to each individual address separately.

There are also other changes that were made to the dialogues for accounts, and much more. I hope that you find this post of value, and visit the Thunderbird page to get your copy. Enjoy the changes!

Comments (0)

Tech podcast 355: 2020 predictions, what about those predictions today?

In a podcast I wanted to release like March or April, I’m glad I waited till now. I’m going to replay the webinar that I joined way back in January, and you’re to tell me what you think came true or not during this crazy year.

As you listen to this podcast, what came true and didn’t to date in regards to the 2020 report on what might happen in the security landscape? MyTelespace is currently down, blog posts are on the blog about it, and of course contact info as well. Enjoy!

Between the lines are the show notes. Download the 61.92mb file by using this link. I hope you enjoy the program as much as I have putting it together for you. Yes, it wasn’t much as it was attended months ago, but I want to hear what you have to say about this and your thoughts on what you’ve seen in the landscape. Enjoy the program!

Comments (0)

Trick Bot is really not tricked, it got disrupted and they’re trying to rebuild

Well, Its time to try and catch up with some of the news I’ve read, and I think I want to start this post about Trick Bot. We’ve covered on the blog trick bot quite a lot, and even a recent article about its potential disruption more than a takedown. Tim Starks at Cyberscoop is reporting that this botnet is really suffering now, and they’re trying to rebuild instead of trying to attack.

This is probably good news, maybe a lot of spam will be slowed down because of this botnet, but then again, as for spam coming through contact forms, that’ll happen no matter what.

After some initial doubts, Tuesday brought encouraging signs that a multi-front attempt to dismantle the massive TrickBot botnet in advance of Election
Day has taken root, perhaps thanks to an extra push.

This is how the article starts, and it has linked material for people to link to.

I don’t honestly remember if it was Cyberscoop or Krebs on Security that broke the news on this particular news of this botnet, but I think this is a promising sign.

TrickBot really is on the run after Microsoft, Cyber Command disruption is the article if you wish to read more. I hope this is a sign for operators of these things taking notice that at least here in the U.S., we’re starting to figure out where these things are hosted, and we’ll try to cause havoc since you are doing things that should be punishable by law.

As discussed in our own Security Podcast 15, we can’t do it alone as citizens, even though that podcast covered personal info and what people are doing as well as what is found online. The botnets aren’t helping either because they latch on to the machine and we don’t know either unless it is slowed down.

Did you read the article? Feel free to comment on this one.

Comments (0)

The Security box, podcast 15: Its time to check your privacy at the door

Today’s episode of the security box which should be on the rss feed covers all types of privacy. Armando is on, we have two people named Michael, and its well worth the conversation. The program lasts 4 hours.

Welcome to the Security box, podcast 15. It was mainly an open forum of privacy talk today.

  • Armando, a broadcaster here on the mix, was on talking about his experience with Covid and other privacy concerns he had in regards to that. We also got in to a twitter discussion with names we’ve seen. No mention of exact names are mentioned here but we do talk about this. The Melting Pot, October 9, 2020 and Armando’s Testimony can be listened to. These files will eventually expire, so get them while you can. Within the Internet Radio program, go in 86 minutes to hear the discussion.
  • In hour 2, I start and it continues in to hours 3-4 where we talk about privacy, the Internet, finding information, and other aspects of the discussion as Michael in Tennessee and Indiana both join me for hours 3-4 as part of this discussion.

This week’s show lasts about 4 hours, and I hope you enjoy!

If you want a downloadable copy of the program, download the 216.93mb file right here.

Thanks so much for listening to the program, and feel free to contribute! Again, the program is almost 4 hours in length.

Comments (0)

well its out

Hi all.
The latest windows 10 20h2 is out.
Some of you may get an enablement package but some like me may go and download and install via upgrade assistant or media tool you will certainly want to update your recovery media which which is what I did yesterday.
Biggest thing to notice is that control panel system is gone.
To invoke system, type control sysdm.cpl into the run box and it will run fine.
Everything goes to settings but we all know that there are a lot of settings still in control panel that have always worked for us users.
There are articles about lists of control panel commands.
Most of these have existed since xp days and earlier so most of these will work for us.
Sadly there were a few regressions for those that use media tool or update assistant.
The biggest seems to be the disabling of system restore.
I also managed to get explorer to crash once while processing things.
As usual you will need to reinstall your virtual midi controlers, adjust your recording devices,etc else they just won’t work.
This includes installing screen reader components so they actually run.
Remember to deauth and reauth itunes before you update and deactivate and reactivate your synths as well.
If you have shell things like ribbon disabler you need to reenable that to.

Here are the updated programs to be informed about.
For those on amd, amd drivers 20.10.1 is out.
In this update they actually do a good job on fixing the most critical issues in the current driver packages and while there are issues they are not critical.
Java 8.7.1 is out.
Be aware that java 8.6.1 will not be uninstalled after this and needs to be done manually.
Node js 15.0 is out and also we switch choco to using visual studio build tools 2019.
Remember to remove 2017 after update and be patient, I wasn’t and spent time yesterday finding how to reinstall the tools.
Thunderbird 78.4 is out.
Waterfox 2020.10 is out but if you use nvda please don’t bother with it, 08 works and doesn’t crash on a few sites.
Really which waterfox.net would actually fix their brouser instead of just securing it.
Some store stuff got updates to.
Due to be away for 3 days next week.
On a personal level I have applied for several jobs and while a couple have fallen through the rest look good.
Hopefully this year ends on a high with some more contracts.
For now thats me for a little.
On the subject of the suplamental cast, I have not forgotten you.
Its just because of some medical issues and the fact covid and various things have simply put my head in a different zone.
One of my major issues of late is the fact I go through several phases of sleep.
During winter I sleep and sleep deeply.
The rest of the time I may sleep but not all night, or at least 5 am in the morning.
At times I will sleep to 2 and thats way to early to get up.
At times I will sleep to 4 then get up.
Today is one of these times, I am up at 4.30 because I have things to listen to thank god and feel full of power.
If I sleep I will be sleeping till mid day.
This may actually happen.
Tomorrow I have an appointment to get my issues resolved.
I need to sleep till a good hour.
Training will not happen tomorrow because lets face it, I need to be at this thing at 9am.
Don’t know how long its going to take, so training is knocked out.
Depending on things I may also knock off training for the rest of the week, I have a full saturday session, and sessions on monday and friday.
And saturday.
Not sure what else I will do.
Laters just now I’m done.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu