go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: November 2020

Go to Homepage [0], contents or to navigation menu

sections menu

fine menu sezioni pagina

We already knew that ransomware gangs break promises

Well, an article that actually talks about what I had said some months ago when the ransomware gangs said that they would back off the hospitals until after Covid. This blog post leads to an article that talks about the fact that the Ransomware strain sent to this hospital did cause a death. There’s another potential death that was never confirmed, but one is too much.

The blog has lots of hospital articles since COVID started, and it hasn’t been good. I really don’t like covering bad news. For example, just searching hospitals, found this blog post from April 16th where I said I was right. Just go to the blog, its covered in show notes, blog posts in articles, and much more.

Today’s post however is going to be Ransomware Groups Break Promises, Leak Data Anyway which was read last week. Jessica Ellis is the person who blogged on Phish Labs about this one, and I found it of value now more than ever.

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another
layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse?  According to a recent report, it may not matter.
Data stolen in ransomware attacks is frequently becoming public even after the victim has paid. 

We know this because we’ve seen stories even if they weren’t blogged here about the fact that this hasn’t really stopped, and as I’ve said, the blog has plenty of hospital articles and ransomware articles in its midst.

Some of the major ransomware groups that have publicly disclosed information despite assurances otherwise include:

  • Sodinokibi
  • Maze
  • Netwalker
  • Mespinoza
  • Conti

I’m very familiar of talk of at least three of the five, in fact, Maze even promised to not hit hospitals until we were well under way of recovery from covid-19. Since Covid is sort of here to stay for now, the ransomware groups including maze are doubling their efforts on making you pay for making mistakes.

Want to know what the worst part of this is?

Ransomware gangs have also been observed coming back to victims that have paid and demanding a second ransom payment. Victims of the Sodinokibi ransomware
paid operators only to be extorted again with the same stolen data weeks later. Sodinokibi ransomware currently holds the greatest market share of ransomware
attacks in Q3.
 
Multiple factors can be attributed to data being leaked despite payment: 

Also, these groups can even go so far as to share their code with each other, making more potent their attacks as well as sharing data as shown below.

Ransomware groups are increasingly linking with other malware families and cybercrime operations to conduct campaigns. Attack collaboration and intelligence-sharing
are becoming the norm as seasoned attackers profit with Ransomware-as-a-Service (RaaS) and partnerships with emerging groups. 
 
There is no reason to believe that the data stolen during a ransomware attack will not be accessible to all parties involved. Lack of visibility into where
data goes after it is stolen or who may have acquired copies of it means that despite paying the operators what was negotiated, the victim is still prone
to future attacks. 

If this is the case, than we’re in real trouble, even if we do pay. I absolutely don’t know what the solution is except that we need to be very careful on what we do now a days, and its now more than ever. Its been a long year, and it is only barely coming to an end with one more month to go.

There is lots more to read from this article which is linked above. Please do your homework and learn how to protect yourself so you’re not a statistic in this ever changing landscape. This landscape is not going away any time soon. Thanks so much for reading.

Comments (0)

A networking company gets owned, info on employees and partners exposed

In a recent article I read over the weekend, A St. Louis company who does networking stuff recently reported that they got owned. According to the article, they made 2 billion dollars last year, wonder how much money is going to the cleanup this year?

Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current
and former employees, and some of its business partners.

Executives did not disclose how many people’s information was compromised. Belden spokesperson Rachael Matthews told CyberScoop the data may have included
sensitive personal information, including bank account information and Social Security numbers.

“Personal information accessed and stolen may have contained such information as names, birthdates, government-issued identification numbers (for example,
Social Security/national insurance), bank account information of North American employees on Belden payroll, home addresses, email addresses and other
general employment-related information,” Matthews said in an email. “Limited company information accessed and stolen related to some of our business partners
include bank account data and, for U.S. partners, their taxpayer ID numbers.”

Matthews said Belden is notifying all affected employees and business partners, and that the company is providing “individuals with free monitoring and
support services, where available.”

There are things that are linked within the article written by Cyberscoop on this one, so why not check it out. Networking giant Belden says hackers accessed data on employees, business partners is the article, and I hope that you find this of value. Thanks so much for reading!

Comments (0)

Its about time Nigerian scammers get caught … what about those sending Nigerian 419 scams?

This is not a normal occurrence where Nigeria is in the news for an arrest. We all know about the Nigeria letter or 419 scam FBI: Nigerian Letter or “419” Fraud) from the 90s and even in to the millennium. I’ve even seen it as of more recent the last two years.

The most recent was someone who folowed me on twitter. They asked me to email them at a specified address. When I did, I got this sob story on how they were in a military family and that there was a large amount of money I needed to be intrusted in and I would get a percentage.

I responded that this was a scam and that I wasn’t interested.

This is only one story of many that lots of people may have seen through the last 20 years. In fact, the Nigerian 419 scam has even been used as faxed to people or even sent in the mail as paper mail.

I learned about this scam through a site that no longer exists that was called about.com which was a guide site. They had a guide for scams and I subscribed to it and found it quite interesting. I’m sorry that site is gone.

In the most recent article I read about Nigeria and their crimes, we’re learning that there have been email scammers that have been busted for fraud from 50,000 victims.

You’re thinking what about all those scammers who took all those millions from people when they sent letters in the mail, faxed or later emailed? Sadly, I have not heard or recollect hearing any story saying any of those people were picked up.

Here is my response to this person after they contacted me on twitter and I reluctantly emailed them after I had some reserve. Later, their twitter account became disabled … I wonder why?

(website) So I like you to keep it to yourself as a secret and not tell anyone because I’m afraid of losing my life and the money if people know about it.

Remember I am giving you all this information due to the trust i deposed on you. I like honest people and understanding, true and people who have vision, and God fearing person worker. My favorite language is English and I speak very fluent English.

I can trust you as a true friend?

Meanwhile I would like you to call me, like I said, I have much to tell you ..
Have a nice day and think about my condition here
Attached here is my pictures for you,

Awaiting to hear from you soonest
Thanks and remain blessed.
with love. Lovely your claribel

“This group was running a well-established criminal business model,” said Craig Jones, Interpol’s cybercrime director. “From infiltration to cashing in,
they used a multitude of tools and techniques to generate maximum profits.”

The gang, dubbed TMT, is divided into numerous subgroups, according to Vesta Matveeva, head of Group-IB’s APAC Cyber Investigations Team. The three suspects
arrested in Lagos tallied 50,000 victims in government and industry, the company said. Matveeva said via email that TMT overall might have compromised
more than 500,000 victims since 2017.

What about those that did Nigerian 419? While this was more elaborate than the 419, we must remember those people who don’t understand that the above letter I got was in fact a scam, let alone the new forms of attacks which include the business email compromise and of course the ransomware attacks of today.

As discussed in the article, this TMT group is specialized in business email compromise attacks, which is very much more sophistocated than the above email asking for your safekeeping of money if only you send “x” amount of money as a fee.

Business email compromise happens because they appear to be trusted and contact you for authentic money transfers. I’d say that the Nigerian 419 scam is similar, as you’re sending money as a fee to claim the millions promised, and the BEC and that yields no win for you.

The Internet complaint center ran by the FBI had complaints of $1.7 billion in losses in 2019 alone.What aboug those losses dealing with Nigerian 419? We’ve not picked up any of those miscreants yet as far as I’m aware.

The article goes on to talk about what this gang does including deploying phishing campaigns and relies on spyware and other bad apps and decoys that they can use.

To read Tim Stark’s excellent write up on the gang and what they’re up to, the several that have been arrested, and find links to different things like the reported 1.7 billion dollars lost in 2019 alone, why not check out the article Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims for yourself and lets see how we can work together to take these people down!

Comments (0)

No Application is perfect even after halloween … but ghosts in the machine? This had to be the best halloween story ever

I read a very interesting article talking about ghosts in the machine. We know technology is quite interesting, and it can be quite interesting.

When I read this article, I completely was at a loss for words, becauseI’ve never heard of such a huge bug in any piece of software in my entire life and I’ve beta tested quite a number of pieces of software through the years.

The bug has since been fixed by Cisco, the people behind the Webex platform of conferencing, but boy is this quite interesting.

Want to read more about ghosts on the machine? Cyberscoop has: Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors and they were hidden all right, hidden and hard to extract. Never saw this before, and I don’t know if I want to after reading this.

Comments (0)

A spotify story reminds us … not to use the same password

Michael in Tennessee sent me this email with a link to a story that is relatively old. Some time ago, Spotify had recet over 350,000 accounts after a datadump indicated that them along with others may be at risk. The article was written on the 25th, but this seems to be an old story that Phone Arena is writing to highlight the problems of using the same password on different accounts and the consequences they bring.

I do not know who Phone Arena is, and I’m passing this along to you so you can decide how reputable this is. The information is sound, and the article is short and accurate, but the breach is old.

Comments (0)

Joe Biden has seemed to have picked a great pick to help him

As we all know, Christopher Krebs was ousted from the CISA roll by Mr. Trump for just doing his job. Joe Biden has seemed to have made a great pick for someone to help him with cybersecurity issues. The gentleman in question has been there before, and got his knowledge by asking people if he didn’t know, just like I do.

To learn more, Biden’s DHS pick was a ‘quick study’ of cybersecurity issues as the department’s deputy is the article and I want to hear what people think.

Comments (0)

In the better late than never, more great news as two get arrested

This past week, I said that I had multiple articles that included some good news. I recently saw a third liked on Linked in, but the one I’m talking about now … or will be shortly … will just make the holidays just as good.

Apparently, there was a service out on the Internet that distributed bad software. That’s nothing new, except that these arrests happened in Romaina. I guess that may not be a surprise to some, but when we’re in a deluge of nothing but bad news from several countries, you start to wonder whether there is good news in this world.

Romanian police have arrested two people for allegedly distributing malicious software designed to evade anti-virus protections to more than 1,560 accused
cybercriminals, Europol, the European Union’s law enforcement agency, said Friday.

In addition to the two arrests this week, law enforcement agencies in Romania, Norway and the U.S. seized computing infrastructure allegedly used by a
suspect, according to Europol which credited the FBI for helping. An FBI spokesperson did not immediately respond to a request for comment on the bureau’s
role in the operation.

This is awesome, and there is lots of linked text within the article: Police arrest 2 in connection with CyberSeal, Dataprotector crime services and they did not protect your data, they took it. Read the full article if this interests you, and make it a great day!

Comments (0)

The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more

Hello folks, welcome to the Security Box, podcast 20.

First of all, we’ve delayed this and all other posts a day so people can enjoy the thanksgiving holiday and not be bombarded with postings on that day. Be that as it may, I present you program 20, with a few technical problems that I couldn’t help.

Be that as it may, the show turned out well i hope, and I hope that the topics given here are of interest.

Don’t want to deal with the RSS where the program was uploaded? No problem! Download the 206.75mb file by using this link.

Below, please find the elaborate show notes with links to all kinds of things, and I hope you all enjoy the program!

Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.

These show notes are broken up in to segments, and even the news notes will look a little bit different. Let me know if you like these notes. I think it’ll be quite nice to do it this way.

Credit Card discussion:

We continue by talking about the credit card standard PCIDSS which is supposed to be followed. Last Podcast, I mentioned some items that I thought needed changing, but we’ll go through it all.

Apple VS Logging your application use:

  • In a turn of events,, it looks like Apple is getting targeted for logging every application launch. According to an article which I also talk about on the blog, this isn’t the case. It looks like apple has implemented something that has been talked about in the security field and podcasts like Security Now before called OCSP Stapling. In this podcast, we’ll talk about OCSP Stapling, and what it really means. You can also check out this write up Does Apple really log every app you run? A technical look and form your own opinion on what apple is doing.

Things to ponder:

  • Michael in Indiana is along with a very good reason why we need to look at our credit cards and our statements on a regular basis. This file should be listened to as a security 101 lesson to all people.

News notes:

We’re segmenting these notes, let me know what you think.

Good News!

We’ve finally got some good news around here, that’s quite awesome!

  • We’ve got good news coming out of Krebs on Security and I believe Cyberscoop has this as well. Krebs is reporting that an Irishman was caught as part of a sim swapping person was picked up.

    A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just
    under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft
    via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers
    control.

    Its best to read the article in full detail because it’ll talk about what this is, who is involved, and how this is a big ring that has recently been picked up. The article is entitled Convicted SIM Swapper Gets 3 Years in Jail is the article.

Government

  • Trump Fires Security Chief Christopher Krebs comes from Krebs on Security. I guess Mr. Trump isn’t too happy with the particulars of the election, and I understand his position. There may have been issues, but is there proof that the election issues this year happened because of foreign interfeerence? I’m not too sure on that, we did cover the article that indicated Christopher Krebs said there wasn’t anything foreign, and I believe what he is saying. There could have been local things that have happened across the country, none of which happened over the Internet as far as I can tell. Another article dealing with the firing of trump is entitled Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation for your perusal.

Bug bounty

  • Steve Gibson has always said that one particular Project Zero member has found the ideas for his bug bounties by taking a shower, and now its a woman’s turn to do the same. Facebook Messenger Bug Allows Spying on Android Users is the article and Natalie Silvanovich, the researcher, must be given propts for finding this and Facebook fixing this in over a month. She got $60k in bounty from this work.

Breaches

  • I can’t believe we have to go through this again. In the breach department, not only do we have a misconfiguration of an AWS cloud bucket, but even though one was made private, the large amount of data made available through the CDN is absolutely astronomical compared to the people that use said application. I’m glad the app is successful, but the app’s web site is not saying anything when contacted. From Threat post: Good Heavens! 10M Impacted in Pray.com Data Exposure should be read, and this can’t be good. This is the worst I think that can happen to us as a nation, and we don’t know who these people are. Luckily, it was researchers that found it as far as we know, but what if it wasn’t originally?

Catch up:

  • OK, so Michael in Tennessee is along with comments on several different things including the forementioned Google ordeal.
  • I touch more on the email I got (blog post) when Preston called in as part of the first segment talking about securing data and how the email said they had data. Don’t worry, I’ll still be blogging stuff throughout the weekend, and we’ll see how things go.

While the show had some technical difficulties, I think you’ll enjoy the program anyway. Its going to happen, and we have to go along with it. See you on another edition of the program, next week.

Next week, we’re going to talk about something that I think needs to be talked about even though places like Security Now and others may have talked about it. I mention this at the end of this week’s program, you don’t want to miss it. Its called Shaken and Stir, and its a very interesting protocol. We’ll take a dive in to it next week. Enjoy!

Comments (0)

Home Depot to pay massive amounts of money for 2014 breach

Do you honestly think that it is ok for companies like Home Depot to just pay tons of money and say how sorry they are for the breach that happened at their stores? According to an article I’ve recently read that indicate that this company has settled by paying millions of dollars.

I don’t think this is solving anything. The article that I’ve recently read said they had a smaller breach in Canada but yet many breaches happen every day from many different companies large and small.

The Home Depot breach is one of the biggest on record, according to the article. They claim that it cost them 179 million dollars to clean up, yet in the same breath, you talk about another breach you recently had too.

This settlement is with 46 states and the district of columbia. The settlement comes one month after their release of info about Canada and the breach there.

“Instead of building a secure system, The Home Depot failed to protect consumers and put their data at risk,” New York Attorney General Letitia James said
about the 2014 incident.

In that breach, hackers wormed their way into Home Depot’s network and implanted malware into its self-checkout system, thereby obtaining customer card
information over a five-month period.

There is more to this story, including information about what home depot needs to do including hiring someone who can help them find people that can help protect their network and other aspects the article covers well.

Home Depot to pay states $17.5 million over massive 2014 data breach is the article, and have fun with this one.

Comments (0)

TikTok making it possible to skip videos that may cause seizures?

The BBC is reporting that TikTok is going to roll out a feature that will allow users to skip videos that may cause seizures in people who have epilepsy. While I definitely applause the video sharing service for this move which is probably needed in the worst way, the company behind TikTok needs to get their privacy straight first. Here is a little bit what the article is saying.

TikTok has announced a new feature that will allow people with photosensitive epilepsy to skip videos that could trigger seizures.
It comes a few months after it began labelling videos featuring effects such as flashing lights.
The Skip All option, to be rolled out in the next few weeks, will allow users to set their profile to not show these videos.

An epilepsy charity said it hoped other social-media sites would follow suit.

Users who come across a photosensitive video will receive a notification inviting them to skip all similar videos in future.

TikTok said it wanted to make the platform “accessible for everyone”.
“Given the visual nature of our platform, we’re beginning this work with a series of photosensitivity features,” it added.

I wonder how this technology works? I like the idea, but don’t you think they should get their privacy and security taken care of at the same time they’re doing something good to a community that so badly needs technology in place so they can enjoy the videos that the sighted and other disabled communities take for granted?

The UK’s Epilepsy Society has previously raised concerns with TikTok about harmful content, after being alerted to strobe video filters and seizure-challenge
trends.

The challenge encouraged young people to mimic the effects of a seizure on camera, to the song Lucid Dreams, by rapper Juice WRLD, who died following a
seizure last year.

The trend was widely condemned by epilepsy charities and described as highly offensive.
Epilepsy Society acting head of external affairs Nicola Swanborough said of the new feature: “It is extremely encouraging to see a platform with such a
significant following as TikTok introducing algorithms to detect photosensitive content and protect people with epilepsy.”
And she hoped the move would “turn up the heat on other big players in the industry to take the safeguarding of its users with epilepsy seriously”.

I do hope the move goes well, but fixing your PR first should be your priority.

Have thoughts? Why not comment. The boards await you.

Comments (0)

Here we go with another fakery of scare tactic

I saw the following on my phone yesterday. These types of emails I’ve seen before, and I’m still here. They’re trying to scare you in to paying moneyy and as far as I’m concerned, this network is safe.

On top of this, they fill out both portions of the form with the same thing, and my web site has been stable since I fixed all the bugs after developing it in 2008.

Below is the result of your feedback form. It was submitted by () on Tuesday, November 24, 2020 at 21:50:32
—————————————————————————
Name: JimmyCom
phone: 86266635738
contact_method: phone
bug: no
additional_bug_info: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
comment_or_question: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
submit: Submit comment or question to the Jared Rimer Network
—————————————————————————

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
REMOTE_ADDR: 188.126.94.179

The IP belongs to an ISP, why are ISP’s allowing things like this to look like they’re coming from them? This is a data center web transit IP, one that should not be visiting any web site. I’ve seen and reported many of these through an abuse web page that tracks these types of things.

According to the reports, it has been reported 92 times and a 100 percent spam risk. So, what is going to happen next? I can surely block the range of IP on my domain, but that isn’t going to solve anything. ISP’s should not be allowed to have their networks being used like this. Take a look at this, and let’s come up with a solution we can present somewhere to fix this. This aught to get interesting.

Comments (0)

Tech podcast 356: The Braille Transcription course is a failure, a company getting in to trouble, Mac, IOS and more

Welcome to another edition of the technology podcast. The RSS feed has the podcast already, but I’ve been lackluster on getting things up as of late.

Want to take the downloaded 65.17 file instead of subscribing to the podcast? No problem. Here is the 65.17mb link for you to have.

Here are the show notes.

Welcome to the tech podcast. Assignment 19 was a complete fail, and I know that I had a lot of failure but not all was my fault. You can search out this write up on the blog, but I talk about it here. Next, a company may be getting themselves in some trouble Forget going to a hotel … especially since records go back to 2013 … were you effected is the blog post I wrote, are you effected? Next, JFW 2021 and MAC version 11 are out and I taklk about both. Finally, I found some good news in the security field and I even have one more. Finally, a laugh and contact info at the end. Hope that you enjoy the program and I’ll see you all later!

I hope you enjoy the podcast! Thanks so much for listening.

Comments (0)

Here we go, yet another 10 million people have been taken … from pray.com had no comment

I guess that we shouldn’t be surprised about the 10 million people that got breached this time, but the complexity of people who got breached.

This breach came from both a misconfiguration of AWS buckets and configured private buckets, but this goes beyond that.

Several open databases totaling 262gb of data is only the beginning of this article.

The article in part says:

80,000 files contained various personal identifiable information (PII) for tens of millions of people – and not just from Pray.com users.

There’s much more than this, and it isn’t looking good.

Cloud Complexity

Interestingly, a little over 80,000 files were made private, only accessible to people with the right security permissions. However, these files were being exposed through a second Amazon service, vpnMentor found, demonstrating the complexity that cloud configurations can entail.

“Through further investigation, we learned that Pray.com had protected some files, setting them as private on the buckets to limit access,” they explained. “However, at the same time, Pray.com had integrated its S3 buckets with another AWS service, the AWS CloudFront content delivery network (CDN). Cloudfront allows app developers to cache content on proxy servers hosted by AWS around the world – and closer to an app’s users – rather than load those files from the app’s servers. As a result, any files on the S3 buckets could be indirectly viewed and accessed through the CDN, regardless of their individual security settings.”

They added, “Pray.com’s developers accidentally created a backdoor that gave complete access to all the files they had tried to protect.”

They accidently did this? This is a big accident, and to read all the details on this, the article Good Heavens! 10M Impacted in Pray.com Data Exposure should be read and if you are effected by this, the security box or tech box want to talk to you about your use of this application.

Comments (0)

Facebook messenger gets updated for Android, serious bug nets 60k bounty

While I initially started reading this article this morning, I read the entire article now that we’ll be linking to.

According to Elizabeth Montalbano, an author at threatpost, she writes about the potential bug which was patched on November 19th.

Natalie Silvanovich is the researcher at Google Project Zero that reported this bug to Facebook, the company that runs messenger.

Natalie Silvanovich, a security researcher at
Google Project Zero, discovered the vulnerability, which she said existed in the app’s implementation of WebRTC, a protocol used to make audio and video calls by “exchanging
a series of thrift messages between the callee and caller,” she explained a
description posted online.

In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call. This is rendered
in the app by either not calling setLocalDescription until the person being called has clicked the “accept button,” or setting the audio and video media
descriptions in the local Session Description Protocol (SDP) to inactive and updating them when the user clicks the button, Silvanovich explained.

“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained.
“If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker
to monitor the callee’s surroundings.”

Silvanovich provided a step-by-step reproduction of the issue in her report. … however, an attacker would
already have to have permissions—i.e., be Facebook “friends” with the user–to call the person on the other end.

The last section is the most important thing to know, the two parties must have been facebook friends for this to work. We want these brave men and women to find these bugs before the bad guys can, and I’m glad this woman did. As Steve Gibson has said, one of the members may havingly found the idea while taking a shower. I know its probably a joke, but that may be when people can think, right? At least we know that the bug is fixed now.

Would you like to read more? No Problem! Facebook Messenger Bug Allows Spying on Android Users is the article, and I hope that people will read it. Its well worth learning about how this works and what happened.

Comments (0)

Good news! A sim swapper gets caught … hopefully more good news later

Hello folks, we’ve got some good news around here, and I’m sure it’ll be worth talking about. Krebs on Security has the article Convicted SIM Swapper Gets 3 Years in Jail which is good. This is probably the hardest type of thing to detect, because a little bit of social engineering will yield the criminal the goods they want.

The simulated swapping happens because the number is ported from your account and over to one that the attacker controls Then they can do a lot of damage including taking control of your account access online.

This isn’t the only good news we have, but this will start the idea of good news as part of news coming out this week.

According to the article from Krebs, an Irishman was picked up, and Krebs isn’t the only one that covered this. Cyberscoop I believe covered this as well. Go ahead … check out the article … we need some good news!

Comments (0)

The Security box, podcast 19: Credit Cards, part 1

Hello everyone, it has been a busy couple of days. After the box Wednesday, I felt a little on the tired side and got some shut eye. On Thursday, I had other commitments and returning phone calls, so never got the program up.

On this edition of the program, I talk about credit cards, how they work, and a little bit about thePCI DSS program that vendors, merchants and us as people should know about. Because of time, and the fact my documentation had some trouble getting here, I highlight 12 different steps on what an article I found on a blog talked about. We’ll highlight those this time, but go in to more detail this coming podcast. Below, please find the entire show notes which include links to things.

Welcome to podcast 19 of the security box.

This week, let’s talk about credit cards, PCIDSS, and more.

We’re putting the Wikipedia link in for reference. Please do not rely on it alone, as the page talks about a lot of unsourced material. We also posted two of those sources as I liked them, and we’ll use one of them to talk about what PCIDSS is, and what is required. PCIDSS will be discussed as part of the next podcast as we’ll go in to more detail as well.

News Notes

Other news

Looks like we’ve finally gotten something that might work. After some time, I am now back on MyTelespace, where they have a call in number for callers who do not have the other technology to use. That number is 720-787-1080 and my box number is 8347 over there. Just another option for people to use. Thanks so much for listening, and make it a great day.

Want a hard copy of the file without going to the RSS to pick it up? No problem! Here is the 173.43mb file for you to directly download. I hope that you enjoy the program as much as I am bringing it together for you.

Comments (0)

IOS 14.2.1 for Iphone 12

Perusing through Apple Vis, they are reporting that IOS 14.2.1 is available for Iphone 12 users. It fixes three specific items that are specific to iphone 12 use. If you use the iphone 12, you might want to take a look at this blog post, and see if you’re effected. Then if you are, instructions on how to upgrade are given.

Apple Releases iOS 14.2.1 for iPhone 12

Comments (0)

Chris Krebs gets the boot, seems to have done his job, Trump didn’t like that too much

Krebs on Security reports that Christopher Krebs, the head of CISA, who reported over the past weekend that there seemed to be no major interference from outside influencers has been fired from his job.

I’m not going to say there was absolutely no interference, however, in my opinion from what I’m reading, there wasn’t anything from your suspects that might do this type of thing. The interference was more concentrated and in certain states if there was at all.

While the states grapple with determining if everything is OK, we’ll just have to wait and see what eventually happens.

Krebs, 43, is a former Microsoft executive appointed by Trump to head the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S.
Department of Homeland Security. As part of that role, Krebs organized federal and state efforts to improve election security, and to dispel disinformation
about the integrity of the voting process.

Krebs’ dismissal was hardly unexpected. Last week, in the face of repeated statements by Trump that the president was robbed of re-election by buggy voting
machines and millions of fraudulently cast ballots, Krebs’ agency rejected the claims as “unfounded,” asserting that “the November 3rd election was the
most secure in American history.”

This was covered in an article I talked about as part of Sunday’s independent show, and we posted on the blog. Find that blog post right here.

I’m sure that every year, the election gets some sort of interference and it isn’t talked about. While this isn’t necessarily surprising in the trump era, let’s hoe that if Joe gets in, that he sees the type of work that Mr. Krebs has done. Being transparent and trying to be open about what they’re finding may have cost his job, and that is sad.

Want to read more about what Brian Krebs had to write about Chris and the news of his firing? No problem! Trump Fires Security Chief Christopher Krebs is the article, and enjoy!

Comments (0)

Jaws 2021 was released on November 12, 2020

Before I begin, let me tell you that the following text comes directly from the what’s new in Jaws 2021 web page. This page may have links to other information of interest including previous releases, download information and the like.

I’m providing the text here for convenience, but also provided a link to the release notes so you can go download your copy. I hope that this is of interest to you.

JAWS 2021 Features

Picture Smart Improvements

Introduced in JAWS and Fusion 2019, Picture Smart allows you to choose a photo and submit it to be analyzed. A description of the image is then displayed
in the Results Viewer. To use Picture Smart, press INSERT+SPACEBAR, followed by P to activate the Picture Smart layer. You can then press A to describe
a photo acquired from the PEARL camera or a flatbed scanner, F to describe a selected image file in Windows Explorer, C to describe the current control,
or B to describe an image on the Windows Clipboard.
JAWS and Fusion 2021 continues to expand this feature by offering several improvements including:

• Describing images on web pages: If focused on an image that is part of a web page, such as a photo on Facebook, pressing INSERT+SPACEBAR, P followed
by C now describes the photo.
• Submitting images to multiple services to help improve accuracy: By default, images are submitted to Microsoft for analyzing. However, the Results Viewer
now contains a More Results link which submits the image again to additional services for analyzing and displays an updated description. You can also add
SHIFT to a Picture Smart command to use multiple services. For example, INSERT+SPACEBAR, P followed by SHIFT+F, SHIFT+C, or SHIFT+B.
• Using Picture Smart in multiple languages: If you are using JAWS or Fusion in a language other than English and you attempt to use Picture Smart, JAWS
and Fusion will use machine translation to display descriptions in the particular language. You can also manually choose from 38 languages for displaying
results, configurable using the new Picture Smart Language option in Settings Center.

Please note that these changes, especially the machine translation for other languages, is still experimental, so things may not always work as expected.
Results will improve as we continue refining this functionality.
For more information on Picture Smart, press INSERT+SPACEBAR, P followed by QUESTION MARK or refer to the Picture Smart topic in the JAWS help.

OCR Text Directly into a Word Document

The Convenient OCR (Optical Character Recognition) feature has been enhanced to support sending recognized text directly to Word. Convenient OCR enables
you to access images containing text that is part of the image and displays this information in the Results Viewer. This includes onscreen images such
as the graphical setup screen for an application, an inaccessible PDF opened in Adobe Reader, a currently selected image file in Windows Explorer, or a
document acquired by the PEARL camera or a flatbed scanner.
If Microsoft Office is installed on your system, you can now:

• Use the new command INSERT+SPACEBAR, O followed by R to perform OCR on a selected image file in File Explorer or the Desktop and place the recognized
text directly into a Word document. You can also press the APPLICATIONS key and choose Convenient OCR to Word with JAWS or Fusion from the context menu.
• Use the new Open in Word link that appears at the bottom of the Results Viewer once the OCR process is complete.

For more information about using Convenient OCR, press INSERT+SPACEBAR, O followed by QUESTION MARK or refer to the Convenient OCR topic in the JAWS help.

New Voice Assistant to Help with Various JAWS Commands and Features

The new Voice Assistant provides a way to interact with JAWS in Windows 10 using speech input. Supported languages include English, Dutch, German, Spanish,
and French. Ask it to help you out with various JAWS features using natural speech. This means that the same action can be performed by more than one similar
phrase instead of a single predefined voice command. For instance, to launch JAWS Settings Center, you could say “Settings Center” or “change settings.”
Unlike keyboard shortcuts, which can be hard to remember, natural voice commands are an easier way to interact with the JAWS software. Using voice input
to control JAWS can also benefit users with certain conditions which prevent them from using a keyboard effectively.
The JAWS Voice Assistant uses your computer’s internal microphone or you can talk to it using an external microphone or headset. To tell the Voice Assistant
to begin listening for a specific command, there are three options:

• Press the key combination, INSERT+ALT+SPACEBAR.
• Speak a specific wake word which alerts the software to begin listening for a voice command, similar to using an Alexa or Google Home device. The wake
word is “Sharky.” Speak this word followed by a specific JAWS command, such as, “Sharky, list links.”

Note: The wake word is not available if you are using a Bluetooth microphone. In this case, you must use the keystroke before speaking the voice command.

• From the JAWS main window, press ALT+U to open the Utilities menu, expand the Voice Assistant submenu, and then select Talk to JAWS.

When the Voice Assistant starts listening for a voice command, a short audio indicator plays, and a visual indicator is displayed. After hearing a voice
command, a different audio indicator plays until the command is processed. After processing, the visual indicator is removed, a different, short, audio
indicator plays, and the desired JAWS action is performed.
If the Voice Assistant does not hear anything, the message, “Sorry, I didn’t hear anything” is spoken. If the Voice Assistant does not understand or if
the voice command is not supported, the message, “Sorry, I didn’t catch that” is spoken.
Note: Since all voice recognition processing is performed over the Internet using Microsoft Services in the cloud, there will be a slight delay depending
on your connection. Be patient and experiment with different commands. This is a new technology being added to our software products and will continue
to change and evolve over time. We welcome your suggestions and feedback.
To turn off the Voice Assistant or change other options, such as whether or not JAWS listens for the wake word or to turn off the sounds, open the JAWS
Utilities menu, expand the Voice Assistant submenu, and then select Settings.
You can also press INSERT+ALT+SPACEBAR twice quickly to immediately toggle the wake word on or off. When the wake word is off, you must always press INSERT+ALT+SPACEBAR
first to tell JAWS to begin listening for a command.
To learn more and to view a full list of voice commands for specific actions, say “Sharky, help.” You can also select Getting Started from the Voice Assistant
menu.
Here are a few commands you can try to help you get started. Remember to say “Sharky” or press INSERT+ALT+SPACEBAR before speaking each command.

• Help
• Talk faster
• Talk slower
• Change settings
• Command search
• What time is it
• List links
• List headings
• List spelling errors
• Tell me a joke

Improved Microsoft Teams Support

• If you press ENTER on a document in the Files list which opens the inaccessible document viewer, you can now press ESC to return to the files list. You
are also prompted to use the SHIFT+F10 context menu and open the document in the desktop application, which is the suggested method.
• You can now press ALT+1 through 5 to go directly to the first five tab pages.
• Pressing ALT+LEFT ARROW now automatically activates the back button from anywhere in Teams.
• You can now press ALT+H to hang up a call in progress.
• You can now press ALT+T to set focus to the Teams tree view, if visible. Note that it is usually only visible if CTRL+3 has been pressed to show the
teams and channels list. The screen should also be maximized to ensure this control is visible.
• Pressing ALT+R now raises or lowers your hand in a meeting.

Teams also allows you to show meetings and calls in separate windows with fewer controls. To do this, press CTRL+COMMA to open Preferences and select the
check box labeled: “Turn on new meeting experience (New meetings and calls will open in separate windows. Requires restarting Teams.)” While JAWS specific
keystrokes for meetings and calls will not work in this split mode, Microsoft has their own set of keystrokes you can review by pressing CTRL+PERIOD.

New Keystroke for Setting Punctuation Level

You can now press INSERT+SHIFT+2 on the number row (CAPS LOCK+SHIFT+2 in the Laptop keyboard layout) to cycle through the four punctuation levels which
controls how much punctuation JAWS and Fusion speak while reading. The available levels are None, Some, Most, and All. Similar to toggling Screen Echo
(INSERT+S) or Typing Echo (INSERT+2), the punctuation level will revert back to the previous setting when JAWS or Fusion is restarted. To permanently set
a punctuation level, use the JAWS Startup Wizard or Settings Center.
Note: Due to issues with some Dell keyboards when using the Laptop layout, you may need to use the RIGHT SHIFT key to perform this keystroke.

Announce Most Recent Windows Notification

You can now perform the new layered command INSERT+SPACEBAR followed by N to have JAWS repeat the last notification that was spoken. Notifications include
an incoming Teams or Skype call, a recent Zoom message, a new email in Outlook, and more. If you use a Focus braille display, you can also press RIGHT
SHIFT+N (DOTS 1-3-4-5). To view and manage all your Windows notifications, use the Microsoft keystroke WINDOWS Key+A.

FS Support Tool for Gathering System Information

The FS Support Tool is a new utility that collects information about your computer and sends a report to our Technical Support and Software Development
teams to help us troubleshoot any issues you may be experiencing while running JAWS, ZoomText, or Fusion. You will typically be asked to run this utility
during a technical support session if it is determined that additional details about your system are needed. Some information that is collected includes:

• System information such as processor, RAM, operating system, architecture, and more
• Event logs
• Version of Adobe Reader (if installed)
• Versions of all installed web browsers
• Information on installed Microsoft Office applications
• Crash dumps
• Installation logs
• Currently running system processes
• User settings

The FS Support Tool can be started from the Help menu in JAWS, or the Support menu in ZoomText or Fusion and guides you through collecting and submitting
a report.

Announce Accessible Notification Events

By default, JAWS now automatically announces Windows generated accessible event notifications in both speech and braille. These types of notifications
are found in a variety of places including business bars in Microsoft Office. If you do not want to hear these announcements, open Settings Center and
clear the Enable Accessible Notification Events check box.

Automatic Message Reading in Outlook 365

When you open a message from the Inbox in Outlook 365, JAWS and Fusion will now immediately begin reading the message contents without reading the title
or header information. Currently, messages are not automatically read if you ALT+TAB to an open message, or you press ENTER on a message in the Inbox that
is already open.
To further customize how messages are read, open Quick Settings (INSERT+V) while in Outlook, search for “message,” and configure any of the resulting options.
A few items you might want to change include:

• Message Header Field with Message Announcement: Turn this option on if you want JAWS and Fusion to announce the sender’s email address and the subject
of the message when a message opens or gains focus.
• Messages Automatically Read: Turn this option off if you do not want JAWS and Fusion to automatically read messages when they are opened.
• Speak Window Titles For Read-only Messages Automatically: Turn this option on if you want JAWS and Fusion to announce the title of the message window
when a message opens or gains focus.

General Changes

• Fixed a long-standing issue in File Explorer where JAWS would often not announce the correct number of files in the current folder.
• JAWS now properly reads as expected in Skype when moving focus back to the app withouth the need to first press ALT and ESC.
• Added a new Settings Center and Quick Settings option called “Pan Text by Paragraph” which is off by default. When enabled, JAWS sends an entire paragraph
to the braille display instead of only the current line as you navigate web pages and documents. This can help improve the flow of reading when panning
through text as you are less likely to encounter large amounts of empty space on the display when you reach the end of a line. You should now only encounter
blank space if you reach the end of a paragraph, and you would move to the start of the next paragraph when panning again.
• While in a Zoom meeting, you can now press CTRL+SHIFT+T to find out who is currently talking. Zoom recently added this option with CTRL+2 but we were
previously using it for a JAWS feature.
• The default graphics verbosity for JAWS is now to read only labeled graphics as it is no longer as important for JAWS to read graphics that are not labeled.
If you encounter a situation where you need to read unlabeled graphics, or you do not want to hear graphics at all, open Settings Center and search for
Graphics Verbosity.
• When using certain keyboards or headsets with multimedia controls, you can now press the layered command INSERT+SPACEBAR, followed by the GRAVE ACCENT
key to toggle volume notification announcements. These announcements are off by default.
• Removed the announcement of Tutor Messages in Microsoft Office Ribbons as they were very verbose when attempting to navigate.
• Increased the size of the Speech History Buffer to allow for 500 strings rather than just 50 when you press INSERT+SPACE, H to review the most recent
strings sent to the synthesizer.
• Updated braille drivers provided by Papenmeire.

That’s all folks! I hope that this is of value, and thanks for checking out the blog as usual.

Comments (0)

There is a question about apple logging apps being ran on your system

We don’t really get Mac news, but recently we’ve had some. First, we’ve got this blog post linking to an article about Macs and how they’re bypassing filtering and VPN software. Today, although read the same day, I’m going to talk a little bit about whether apple logs every app we run.

I could just imagine this being done for IOS too, not just for Mac. If they did, it could be done to allow people to diagnose issues through apple support, but there could also be melicious things that happen so the question is probably a good one.

I believe if I remember correctly, the answer is probably “no” only because the first heading is talking about OCSP stapling which has been talked about on programs like Security Now some time back.

OCSP stands for Online Certificate Status Protocol1. As the name implies, it is used to verify the validity of a certificate without having to download
and scan large certificate revocation lists. macOS uses OCSP to make sure that the developer certificate hasn’t been revoked before an app is launched.

As Jeff Johnson explains in his tweet above, if macOS cannot reach Apple’s OCSP responder it skips the check and launches the app anyway – it is basically
a fail-open behaviour. The problem is that Apple’s responder didn’t go down; it was reachable but became extremely slow, and this prevented the soft failure
from triggering and giving up the check.

It is clear that this mechanism requires macOS to contact Apple before an app is launched. The sudden public awareness of this fact, brought about by Apple’s
issues, raised some privacy concerns and a post from security researcher Jeffrey Paul2 became very popular on Twitter. He claims that

In the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it.

That would be creepy indeed. …

The issue is a well known issue with OCSP and that is the server contact on each app launch to verify the validity of the application’s certificate. By reading this article, the question on logging is a very clear no, but understanding what the technology is and how it works is the big question.

Do you want to learn more? Please feel free to read the article Does Apple really log every app you run? A technical look  and it comes from a blog entitled the Jacopo Jannone blog. The heading that says “diving deeper” goes in to detail about OCSP and some basics that need to be known. I would suggest reading this full blog post, because it’ll go in to much more detail than I could about this. I’ll be talking about this on a future security now program. Thanks so much for reading and participating, and make it a great day!

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu