go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: November 2020

Go to Homepage [0], contents or to navigation menu



MyTelespace is back up and running, go sign up

Hello folks, some good news for those who have been waiting word on MyTelespace. As of the time of this blog post, MyTelespace is back up and running once again after their outage. I’ve just been notified by John, one of the people that works at Sip Meeting, the company behind MyTelespace’s operation.

There had been speculation by someone that indicated that MyTelespace would probably not be back, and how this blog helped them find out information on what was going on. The person named is not going to be mentioned as it isn’t important to do so except to tell them that if they do a search and come across this, they’re also notified it is back up.

Its about 2 PM as I write this, and I can’t wait to see what happens with the system now that it is back up and operating. May the signups begin!

Comments (0)

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Malware can easily exploit the feature and send people’s data directly to remote servers, posing a massive privacy and security risk, researchers said.

Source: Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

This is the beginning of a very interesting article. Still need to see what Herbie sent me, and I retweeted this at him. This threat post article covers this very dangerous behavior, and boy, apple is getting slammed for this and I can see why. Let the comments begin on this Apple recent development.

Comments (0)

This last week in security news, news ending November 17, 2020

There is quite a bit of news within this past week, and some of it might be of interest. Meant to do this post yesterday, but its all good.


Trend Micro has this week in security news and its got quite a bit of things in it. 17 critical bugs are fixed in this month’s patch Tuesday, and this Trend Micro blog post goes in to all of the details on that. I also have a blog post where I talk about it and link to Brian Kreb’s article.

Also in this past week’s news, Get hub is being used to hide melicious activity in things. Gethub is a repository for people who do various types of work, I haven’t fixed a visit over there, so I’m not sure what is all there. I think it has to do with programming but I’m not completely sure.

We know that IOT (internet of things) has been a mess, but how should we clean it up? An article within the list of this week’s past news covers that.

Tech security managers, there is an article in this list for you. There is a new program for you from the U.S. department of energy.

We know ransomware has really been a problem. Now in the list of articles, you’ll learn that they can make tens of millions of dollars, all in bitcoin.

There’s plenty more, but I know something will peek your interest. Want to learn more? This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs was taken from the simply security blog which I resubscribed to.


Tiktok has drawn sharp criticism from a lot of people, nevermind the fact that we don’t know if it is accessible. TikTok gets reprieved, better late than never was blogged by me and it links to an article talking about it being allowed to be continued through the 14th of this month. Knowing the deadline is passed, and its better late than never, what do you think the next steps would be for this troubled social network and its parent chinese company?


Android is being talked about in an article I found on twitter. Apparently, Google is getting sued because of a hidden feature that is not disclosed whereby people are getting sucked on cellular data when the phone is idol and not in use. I pen my thoughts in a blog post entitled Still want Android? I certainly don’t think so and it links to the article in question.


Have you gotten your patch on? Patch tuesday, November edition is my blog post where I link to Krebs on Security’s post which is quite good as usual.


I think this should probably do it. A ransomware group is turning to facebook to get their victims to pay. In this blog post I link to an article that talks about this. I have no idea what’s going to happen, but it is definitely a true story that we should be watching out for.



Find something else you want to talk about? Bring it up, and lets talk!

Comments (0)

TikTok gets reprieved, better late than never

So, in the better late than never department, TikTok got a reprieve Somehow, I remember the 14th of November or the 15th of November being the date, but reviewing the article again I can’t find it off hand. Regardless of the deadline coming or past, I’ll be looking to see what ends up happening with this.

I’m not a Tiktok user, and I don’t even know if it is even accessible to anyone who is disabled.

To learn more, read Cyberscoop’s article TikTok gets extensions on US sale order, ban enforcement let the comments begin.

Comments (0)

Still want Android? I certainly don’t think so

I just saw a potential new lawsuit that states that Google is collecting and downloading data for potential use on a phone that is not even actively being used. The article from the register talks about this hidden practice, and something in which Google needs to come out and tell people about. What type of crap are they trying to do now?

The complaint contends that Google is using Android users’ limited cellular data allowances without permission to transmit information about those individuals
that’s unrelated to their use of Google services.

Data sent over Wi-Fi is not at issue, nor is data sent over a cellular connection in the absence of Wi-Fi when an Android user has chosen to use a network-connected
application. What concerns the plaintiffs is data sent to Google’s servers that isn’t the result of deliberate interaction with a mobile device – we’re
talking passive or background data transfers via cell network, here.

“Google designed and implemented its Android operating system and apps to extract and transmit large volumes of information between Plaintiffs’ cellular
devices and Google using Plaintiffs’ cellular data allowances,” the complaint claims. “Google’s misappropriation of Plaintiffs’ cellular data allowances
through passive transfers occurs in the background, does not result from Plaintiffs’ direct engagement with Google’s apps and properties on their devices,
and happens without Plaintiffs’ consent.”

Google has a lot of explaining to do, and Android people need to understand this. If I were on that 300mb plan that I was on when I first started, even if I didn’t do anything with the phone, my data would just about be gone. That’s uncalled for.

Want to read more including linked material? New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they’re not even in use? is the article, and its time to have fun. Let your voice be heard. Comment if you wish. The boards await you.

Comments (0)

MSN says: All Trump’s recent lies will bite him … right where we thought it should

Ok, OK, maybe this is exaggerated, but Mr. Trump looks to have lost according to this article that I found on my twitter which debunks all of Trump’s alligations of fraud and other voting problems.

Mr. Chris Krebs has been mentioned in numerous articles including ones from Cyberscoop which covers government and the security aspect of lack there of. The article from MSN is entitled Rebuking Trump, DHS cybersecurity agency says no evidence of deleted, changed votes and the author goes in to detail on what Mr. Krebs said. I have a feeling I should believe him, because none of what Mr. Trump said which some is covered here is making any sense.

Mr. Krebs said that according to their team at CISSA. Trump went so far as to say that there were software glitches, dead people voting, and even more may be out there.

While this isn’t truly tech related, the fact is, we need to cover this here because of the fact it is now proven that the administration has lost it. There is more to the article, please read it at your own time, and congrads to the winner of the election!

Comments (0)

more security updates

Hi all.
Well in the attempt to push more user spam off the blog the following will be noticed.
1 effective immediately well at least till we get hit again, if you do not login for more than a week 10 days right now, you will be deleted for safety.
We use 0spam with the wordpress spam user remover plugin.
If you are a current author or admin I have seen to it that you are excluded.
If you are a new user and are trusted by any of us admins, and get author status you will be added to the list as long as you can be trusted and post.
This rule does not apply to the admins or authors even though the 2 authors have not posted in a while.
As part of registration, if you want to do more than comment or subscribe to the blog then you need to ask the admins to add you to the list.
I put the spam plugin up but jared or myself have control of the system so we can all do it.
Note I realise this will affect subscribers that want to do this.
If it gets bad I will extend this to 30 days but the idea is to keep spam out of the site after all.
If you post frequently then you won’t have this limit.
If you want an account but will not post for a while, you can always email an admin.
Jared is on quite a lot and I am on at least once or twice a week.
Even if I don’t post I do check at least once a month or so.
With the new plugin, I will try to check once a week if I can to see what happens.
Even if you are deleted everything is logged so if it doesn’t work tell us you need to be on the list of ignors and either of us can do it.
If you want action, email me first then jared if I don’t answer.
I do have a little more time than jared to handle day to day tasks.
Be aware that I am in a slightly different timezone to us time but I promise to get any urgent things settled with in a 48 hour period.
If I don’t, then I will always be checking once a week for issues.
Note that depending who you have registered and contacted I may have to verify.
I will be checking for any failures as well.
If you were not aware we had a mail issue with the blog.
This shouldn’t effect many users but after resetting the information for the server it works.
Anyway, lets see how this holds.
till next time.

Comments (0)

The Security box, podcast 18: Election stuff in a different light, news, notes and more

The show notes are packed, and the RSS only got a subset of them. It has been a bit busy as of late, but we need to try and catch up with things and get these notes out.

For those of you who need a direct download to podcast 18, i’ve got you covered. Here is the link to the 191.52mb file!

The blog will have two more articles I talk about which I decided not to include in the show notes. Feel free to read anything here in the show notes that interests you, and remember to feel free to submit those comments. Thanks so much for listening!


This week on the security box, its one week after the election and results may or may not be in, depending on what is happening. Let us recollect on some of the election coverage where security has played a part. We are still having problems with misinformation, misconfigured servers, and more.

The goal is not to talk about the elections per see, but the articles that talk about the problems like misconfigured servers, probes in to what we have, and the election voting machines as a whole and how they are secure or not secure. Articles will be used for reference purposes.

  • Iranian hackers probed election-related websites in 10 states, US officials say should really be talked about, because of the fact that we do have misconfigured servers. Why in today’s environment are we still talking about misconfigured servers?

    Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel
    told election security officials on Friday.

    The suspected Iranian hackers have been attempting to exploit known software vulnerabilities in their search for voter data, federal officials said. They
    did not say which states were targeted. An FBI official on the briefing said attackers had probed websites in 10 states.

    “We weren’t able to attribute all of this activity to the same threat actor,” but there was overlap in IP addresses, IP ranges, virtual private network
    exit nodes, and other technical data, Roebuck said.

    There is no evidence that any of the activity has affected voting procedures, and U.S. officials stressed that the integrity of the vote is protected.
    CISA and the FBI used the briefing to encourage state and local officials to harden their IT systems days before Election Day. “We know that activity is
    out there, we know the steps” you can take to address it, said Matt Masterson, a CISA senior adviser.

    With voting underway across the country, U.S. officials have publicly attributed a series of foreign cyber campaigns related to the elections sector. It’s
    a federal effort to be more transparent about foreign threats compared to 2016, and at the same time reassure voters their ballots are being protected.

    The Iranian Mission to the United Nations did not immediately respond to a request for comment on the allegations.

    Why was there no comment by the government?

  • Here is some more government news was posted at a time I had several other articles I had read that I lumped in to one blog post. We should not be surprised when China is a safe haven for cybercriminals, seeing they were the first to build a firewall and have an Internet that is completely different. Then, in the same post, I link to the article about the Florida debacle I mentioned in a prior podcast. There are others, but they don’t qualify for this discussion.
  • Robocalls urging voters to skip Election Day are subject of FBI investigation, DHS official says comes from Cyberscoop. A very well written article about how Robo calls were part of a big problem where if you’re registered to vote, the calls basically said not to even bother. If you did vote, thank you! I know people aren’t registered, and that is a choice. Maybe after all of this is over, I’ll consider registering. I’ve really given it a thought. I would not listen to a call telling me that I shouldn’t go, if I didn’t go and I was registered, that is my own choice.
  • Its great when you have great partnerships especially if you can get better from the last election. Election security pros focus on effective partnerships comes from Cyberscoop.
  • Courts are busy, and one article entitled Last-minute court rulings on election go against GOP, voting restrictions from Cyberscoop is one of many. I won’t publish them all, but this one is in this list because it was just shy of the election and I thought it would be beneficial on the various types of issues. Its only a matter of time, but the courts must hear each case in turn and make decisions so the election is fair.
  • Finally, in a lengthy list, After a quiet election night on the cyber front, officials preach vigilance as results come in was posted on the 4th. This will be the last article in this rundown, as I don’t want to publish every single article that comes through, you can definitely find more through Cyberscoop and other sites. I’m definitely happy there was no major problems in the cyber relm, but there have been other problems not within the scope of this program or discussion.

There may be more, so please check the blog in case there are others that peek my interest. Also, check sites around, you might find something too.

Things to ponder

Disclaimer: The following are going to be things to ponder. Some things could be posted as a blog post, others are just thoughts based on one topic or another and may not be linked to anything. The opinions expressed are those of the presenter, and may not necessarily be those of the JRN, its staff, providers of software and services, or the like.

  • I got the best email ever. What was so interesting about it was the domain. Normally, I don’t comment on Spam, but Just saw the best email ever … in my inbox … domain is relatively new is the blog post. You’ll see the domain, as well as my thoughts. I talk about this one.
  • Amazon put a little bit of a scare in me by sending me an OTP when I did not even request one. I did some quick investigating and found I was not compromised, but turn on two factor (2sv) on Saturday, the 7th. I checked my transactions, card history, and other log in activity and didn’t find anything suspicious.
  • On podcast 6 of the Security Box, it was discussed that Michael in Tennessee had a security concern about his apartment WIFI setup. He isn’t wrong, as on September 7th, he called in to Twit’ The Tech Guy and asked Leo. On this podcast, we’ll play said segment and play Michael’s things to ponder segment as we give an update on the worst security ever. If you want to listen to podcast 6 from August 19, 2020 here’s the link to use (162162.33mb) for your enjoyment. Also read the text from tech guy labs, the tech guy: episode 1743.

News, notes, and more

The news notes section is quite interesting. this blog post from November 9, 2020: What has been read, blogged, and talked about: News ending November 7, 2020 goes in to some, but of course the blog has plenty of more, and a full rundown of some of the articles are mentioned. The linked post here lists 5 other articles I never blogged about because I got involved in other activities. I really need to just blog and quit keeping them around for long term storage. If you find something you want to talk about, please get in touch, and we’ll be happy to bring you on to any podcast.

We hope you enjoy the program as much as we have putting it together, thanks so much for listening and having a voice in a different type of podcast than others. Enjoy!

Comments (0)

Here are a couple of articles of government stuff

In late podcast finding, I found two articles that I did talk about as part of the election coverage but did not put in to the show notes.


Biden transition efforts on cybersecurity uncertain as Trump administration throws up obstacles comes from Cyberscoop. While we assume that the democrats won, I’m not going to say one way or the other here on the blog. But I can say, that if it is held up that Joe won, than our current president Trump is causing a whole bunch of havoc by doing what he is doing.

The president elect has named his team which includes the security team, that is important now. The transition team must be able to do their job, and this is the first year that they can’t do it. Its bad enough that we’ve had a horid year altogether, but this is aweful.

Here are three paragraphs from this article.

Former Department of Homeland Security chiefs cautioned Tuesday that President Donald Trump is endangering national security by blocking the transition
to Joe Biden’s presidency, as the standoff stretched days after news organizations declared Biden the victor.

“At this period of heightened risk for our nation, we do not have a single day to spare to begin the transition,” said the four former DHS secretaries
Tom Ridge, Michael Chertoff, Janet Napolitano and Jeh Johnson. “For the good of the nation, we must start now.”

If Trump is doing what he is accused of doing, than we’ve got huge problems! Even if votes are recounted, and it is still determined Trump to lose, he’ll have no other choice.

Trump is a technological threat as well as a threat elsewhere in my opinion, especially after you read this article.


Former DOJ officials slam Barr’s new policy on election investigations is he second article. I am not sure what the rules are, and since technology plays a part in elections now a day with having things available online in lookup forms, this can eventually be a big deal.

Former Justice Department officials on Tuesday sharply criticized Attorney General William Barr for reportedly reversing a longstanding department policy
and clearing federal prosecutors to investigate alleged voting irregularities before election results have been certified.

“The voters decide the winner in an election, not the president, and not the attorney general,” reads the statement from the Bipartisan Advisory Board
of the Voter Protection Program, a nonpartisan election security initiative …

If this is how it is, let it take its course, and lets be done with this! I suggest you all read this one too, as it may shed some light in to the crazy election we’ve had.



Have something else election based and technology you want to bring up? We’d love to hear from you! Let your voice be heard.

Comments (0)

Apple releases Mac version 11

Applevis posts about mac version 11. I’m not a mac user, but maybe some people who visit this blog will find this post of value. I did learn the Mac some years ago but my knowledge of it has faded, so I can’t be of help here. The New Features, Changes, Improvements, and Bugs in macOS 11 Big Sur for Blind and Low Vision Users comes from Apple Vis and I hope it is of value to you.

Comments (0)

Its official … Google Hangouts is going away in early 2021 … time to switch

Michael in Tennessee indicated to me that it was reported that Hangouts was going away in 2020.

I opened Hangouts on November 12th to look at text messages and at the top of the screen in blue it gives a notice about hangouts going away. It links to a support article which I read, and a couple of buttons. I don’t have time at the moment, but I did tell it to switch to voice, and I’ll deal with setup and other things later on. Once that’s done, I’ll delete hangouts and look at voice and test it out.

Would you like to learn more about the change? Here’s the support article about google hangouts and google voice for you to peruse. We hope that this information is valuable to you.

Comments (0)

I love this type of spam, it just amuses me

I just love spam like this. Clearly I don’t have the email address they claim to send it from, and in both sections, they put the page they’re on, which is my contact page. What are they trying to accomplish with this? You can’t fool me, and I’m not going to bite.


Below is the result of your feedback form. It was submitted by () on Wednesday, November 11, 2020 at 20:50:55
—————————————————————————
Name: Raina
phone: (03) 9265 5606
contact_method: both E-mail and phone
bug: no
additional_bug_info: Good day

CAREDOGBEST? ¢ – Personalized Dog Harness. All sizes from XS to XXL. Easy ON/OFF in just 2 seconds. LIFETIME WARRANTY.

FREE Worldwide Shipping!

Click here: caredogbest.online

Best,

The Jared Rimer Network, where everything is listed in one place: contact page
comment_or_question: Good day

CAREDOGBEST? ¢ – Personalized Dog Harness. All sizes from XS to XXL. Easy ON/OFF in just 2 seconds. LIFETIME WARRANTY.

FREE Worldwide Shipping!

Click here: caredogbest.online

All the best,

The Jared Rimer Network, where everything is listed in one place: contact page
—————————————————————————

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 185.230.126.12


Have fun with this one.

Comments (0)

Lastpass asks … Are your passwords strong enough?

Even though NCSAM is over, we always can improve our security and Internet learning, right? I know, I know, there are probably better things to write about besides the onslaught of security things this blog seems to have taken on.

We have to start with the basics as people are always coming online and this type of thing is going to be a continuing problem until we can properly teach this stuff as part of school. I never learned this in school, and maybe when they teach typing and the like, they can talk about online accounts and teach students with accounts set up for them that protecting it is important. It wouldn’t be a long course, but maybe something along those lines would be good.

There are three headings in this article. They are:

  • Why strong passwords matter 
  • Creating a strong password
  • Checking the strength of your password

and this could be taught somehow to children to teach them early on protecting an account to be used later on.

I’m not sure what grade this should be taught in, but definitely before college.

Want to read more about what Lastpass has to say? Are Your Passwords Strong Enough? That is the question, the article title, now go click!

Comments (0)

Have you gotten your patch on? Patch tuesday, November edition

I have decided to resubscribe to simply security’s blog at Trend Micro and will try to get their writeup on the patch Tuesday. Krebs does a good job with this one as usual, and I don’t think that we should discredit this post.

One of the changes that is documented in Krebs on Security’s write up of the monthly edition is the change to better align with standards for the CVSS scoring system.

For full details on the Krebs on Security article go ahead and read Patch Tuesday, November 2020 Edition and patch when you’re ready. Enjoy!

Comments (0)

A ransomware group is now turning to facebook, buying ads and getting those ads to get people to pay ransomware

I think I ended up getting a comment on this article well after I read it, but a comment none the less. Its not my article of course, but an “oh my” comment on an article like this yields something.

I guess it shouldn’t surprise me that criminals and actors turn to major platforms like twitter and facebook to get their victims to pay up, or get their data sold in the black market.

The latest campaign came from the Ragnar Locker Team who was responsible for lifting the Campari Site folks to pay up. They acknowledged on the third that computer systems in their control were taken by a malware attack.

According to the article, one paragraph says:

On Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some personal and business data has been taken.”

After that, Krebs on Security continues writing about the particular ad that was posted. He writes:

“This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group. “We can confirm that confidential data was
stolen and we talking about huge volume of data.”

The ad went on to say Ragnar Locker Team had offloaded two terabytes of information and would give the Italian firm until 6 p.m. EST today (Nov. 10) to
negotiate an extortion payment in exchange for a promise not to publish the stolen files.

The worst of this scheme is that the ad was paid by a facebook user named Chris Hodson, a DJ who is based in Chicago, Illinois. According to the article, Krebs continues:

Contacted by KrebsOnSecurity, Hodson said his Facebook account indeed was hacked, and that the attackers had budgeted $500 for
the entire campaign.

This is why two factor is more important than ever today. I recently added it to my Amazon account after receiving an Amazon code at a time I wasn’t even on Amazon. Further investigation indicated that nothing was amiss, and a potential password reset and the fact a code came to me saved me. I turned that on within 24 hours of that.

“I thought I had two-step verification turned on for all my accounts, but now it looks like the only one I didn’t have it set for was Facebook,” Hodson
said.

Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result
of 21 cents. Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently
detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign.

I honestly think that Facebook could be doing more. Maybe they aught to send the owner of the account a code to verify that is what they want to do, but then again if the account gets hacked its game over no matter what they do. cudos to Facebook for detecting the problem before it became a huge problem.

To read more about this crazy new idea these criminals and actors have, please check out the Krebs article Ransomware Group Turns to Facebook Ads as it links to stuff some of which I’ve linked to here. I hope that everyone is doing well, and we’ll catch up later. Thanks for reading as usual!

Comments (0)

Applevis has coverage of the one more thing event

I didn’t forget about the one more thing event, but I had another webinar scheduled too. The one more thing event started at 10, my webinar at 11, and I can’t attend both.

The long of the story is that a new chip was talked about, and the blogger for applevis has quite a bit here. I read some last night, and it reminded me that I wanted to go to that too.

Want to read more about the one more thing event? Picking Apart Apple’s “One More Thing” Announcements is the blog from Applevis, feel free to check it out.

Comments (0)

Look alike domain webinar

Hello folks, I had the pleasure of attending the look alike domain webinar that was hosted by Phishlabs. It was very interesting, and definitely covered quite a bit. As they indicated, not all attacks are going to have look like domains or domains that might mimic your web site or brand.

One of these that didn’t mimic anything except copyright per see was the email host security domain that I talked about last Friday in this blog post titled: Just saw the best email ever … in my inbox … domain is relatively new which talks about this in a spam email through my forms. Just to give you an update on that case, it looks like now that the domain is still registered but shows a blank page. I don’t know what was done, but I do know that the domain is still existing. According to the icann who is look up web page it is still registered and had pointed where I saw it through Ultrahost.

According to the webinar, this type of thing can be used to keep tabs on domains, although I think the presenter forgot that the who is directory doesn’t seem to show anything anymore on address, phone number, and the like. I’ve tested that on my domain and on one I have a who is protection on.

There was a lot more, and I know that they’ll provide a recording. Maybe at some point, I’ll record it and present it on a podcast. Thanks for reading, and we’ll chat soon!

Comments (0)

Do you think the Internet is for everyone? Graphic, graphic, unlabeled buttons, and more still rule the Internet today

I started on the Internet way back in the early 90s before graphics became a thing for the Internet. I’m sure that there could have been small little icons made for Dos that could’ve appeared, but it wasn’t a big deal. Links were numbered, and it was easy to navigate.

Fast forward to the windows age, and graphics started. Using a screen reader myself as I do every day, I admire an article like this. We covered the Dominos case and I know the person named in the article that filed that suit.

In this wired piece entitled The Internet Is for Everyone, Right? Not With a Screen Reader is a great article. The subheading says:

Blind users have been fighting for a more inclusive web for over 20 years. Are lawsuits like the one against Domino’s going to make a difference?

I’m unsure at this time if this suit will have implications on whether the Internet will change. This goes on way beyond ordering a pizza.

This article talks about someone finding out that clothing stores are closed, and that everything is going to go online. That is all well and good if the images are labeled correctly so we know what they are and can make an informed decision on what we’re buying.

When I last baught a fanny pack, I asked my person who comes to assist me to look at the various options where he can see the pictures. I told him which ones based on description I didn’t want, and we picked one and I made the purchase through amazon. While Amazon is usually pretty good with their buttons to buy and the like, there are still sites tha don’t do this.

When I learned how to code, I learned how I can make my images have alt text or alternitive text. Take the following code taken from MENVI’s web site.

I have the image tag, the path to the file, and alternitive text in a piece of code. It’s described below.

The first tag is the center tag to tell the browser that I want to center the logo on to the page. Then the image tag and the pointer to the file. After that, I have “alt equals” and in quotation marks a small description of the image. This is a sample, and it can be used as a sample for you to describe your images.

If you want to see the code, contact me, as I tried to get it in place but it didn’t show the code based on how I understand how to do this. I’ll be happy to share it!

Buttons are harder, I use a standard button with the input type for submitting and resetting the form. I have sample code to make images clickable links, if I were to do that, but I’d rather be simple.

One of the things I had trouble with was my edit boxes weren’t working right. I would tab around and nothing would read. I was sent information about titles within edit boxes, and now I use them within the forms of my site.

As you can see, I have even taken the steps as a blind web master to make sure I learn how this is done as I don’t want to have a site I can’t even use. It doesn’t benefit me or my visitors, especially through MENVI. MENVI has blind and sighted people, and I need to make it accessible for all.

Have you read this wired article and what have you thought of it? Have any other ideas if you’ve looked at my site(s) that I can learn? I’d love to hear from you, so do contact me, register and comment, and make that voice be heard. We’re all in this together, let the learning begin!Read the article, because it’ll be an eye opener on how the technology works. Don’t be afraid to close your eyes and picture what is written.

Comments (0)

Forget going to a hotel … especially since records go back to 2013 … were you effected?

I’m not going to say that 10 million records is nothing, especially with the billions of records that have already been taken and potentially used already.

In an article written by Threatpost, we are learning that a processor that many chains of hotels used had a misconfiguration in their Amazon S3 bucket that exposed millions of records going all the way back to 2013.

The records, according to the article, include names, credit card numbers including CVV, reservation info, and potentially more.

What fraudsters and scammers can do according to the article can be anything from credit card fraud, blackmail, and potentially much more.

The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests;
card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates
of a stay, special requests made by guests, number of people, guest names and more.

Continuing the article says:

The exposure affects a wide number of platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees,
Sabre and more.
“Every website and booking platform connected to Cloud Hospitality was probably affected,” according to Website Planet. “These websites are not responsible
for any data exposed as a result.”
Hotel guests affected could be the targets of a wide range of attacks, from identity theft and phishing to someone hijacking their vacations, researchers
said. For instance, they pointed out that cybercriminals could use details of hotel stays to create convincing scams and target wealthy individuals who
have stayed at expensive hotels. And if any hotel stays revealed embarrassing or compromising info about a person’s life, it could be used to blackmail
and extort them.

This is probably the worst I have ever seen in this space since I’ve been keeping track of this. This is definitely not going to be the end.

The article continues:

For instance, they pointed out that cybercriminals could use details of hotel stays to create convincing scams and target wealthy individuals who
have stayed at expensive hotels. And if any hotel stays revealed embarrassing or compromising info about a person’s life, it could be used to blackmail
and extort them.
“We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it,” researchers said. “So far, there is no
evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed.”
Other attack scenarios include credit-card fraud and longer scam efforts where an attacker could use the details to establish trust, and then ask encourage
people to click on malicious links, download malware or provide valuable private data.

As for Prestige, it’s subject to General Data Protection Regulation and the Payment Card Industry Data Security Standard, known as PCI DSS. GDPR violations
can result in large fines. And non-compliance to the PCI DSS may mean that Prestige’s ability to accept and process credit-card payments will be stripped,
researchers noted.

“The international travel and hospitality industries have been devastated by the coronavirus crisis, with many companies struggling to survive, and millions
of people out of work,” researchers said. “By exposing so much data and putting so many people at risk in such a delicate time, Prestige Software could
face a PR disaster due to this breach.”

Researchers contacted AWS directly, and the S3 bucket was secured the following day. Prestige, they said, confirmed that it owned the data. Threatpost
has reached out to Prestige for a comment on the incident.

We don’t know what these other details may be, but this is something that this company who does this type of thing should be aware of. The credit card processor has rules they need to follow including making sure they protect the credit card data. This is something that needs to be addressed. If they violated those rules, than they should be stripped of processing credit cards. This could effect millions!

The article states:

“We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it,” researchers said. “So far, there is no
evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed.”
Other attack scenarios include credit-card fraud and longer scam efforts where an attacker could use the details to establish trust, and then ask encourage
people to click on malicious links, download malware or provide valuable private data.
As for Prestige, it’s subject to General Data Protection Regulation and the Payment Card Industry Data Security Standard, known as PCI DSS. GDPR violations
can result in large fines. And non-compliance to the PCI DSS may mean that Prestige’s ability to accept and process credit-card payments will be stripped,
researchers noted.

That is the most important thing we can take out of this.

What to read

Were you effected by this? Sound off, and let your voice be heard. This has got to be the worst thing I’ve ever seen, and I’m sure we are not done with the story yet. Oh boy.

Updated 19:09 11/9/20: with the following disclaimer:

The wikipedia article linked here may have lots of promotional sourcing, something frowned upon. Read it at your own risk, you may be able to find something elsewhere about the PCIDSS standard elsewhere or through a credible source linked within.

Comments (0)

Are block lists effected in phishing attacks?

I read a very interesting article dealing with phishing and blocklists from … you guessed it … Phishlabs. Limited Impact of Phishing Site Blocklists and Browser Warnings is the article and I found it quite interesting.

One of the things this article talks about is the blocklists from Google Safe and Microsoft to prevent people from getting hit. People ignore these warnings, according to the article, and get taken anyhow. Sometimes, although I doubt I’ll be doing this anymore, I would cauciously look to see why it is blocked. I am not interested in getting hit with potential ransomware, so I’ve decided if I got curious and I saw the warnings that I’d get the hell out.

Headings in the article include:

  • Detection Early in the Phishing Lifecycle
  • Mitigating Phishing Sites and Minimizing Impact
  • Additional Resources:

The last one is at the end and links to other things that might be of interest. Our smarts need to play a part in this, and sadly, I think thats the only way to win this. Have other thoughts after reading this one? I’d love to hear from you.

Comments (0)

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu