go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: December 2020

Go to Homepage [0], contents or to navigation menu

The Security Box, podcast 25

Thanks so much for checking out the Security Box if you listened on the Independent channel while we took the time off.

The RSS feed should have the file as we scheduled it to be released about now. Don’t want to deal with RSS? Download the 148.90mb file and enjoy.

Show notes

Welcome to podcast 25 of the security box. This podcast was compiled on Christmas day, but was released on the 30th of December. On it, we go through podcasts 341-357 of tech, playing a few segments which were also covered on this podcast like catphishing, some of the security items throughout the year from the blog, and even other highlights. Highlights the security box and some of what we covered in podcasts including two interviews. This podcast is 167 minutes and is the last of the two podcasts before we resume the first week in January. Hope everyone enjoys the lookback, and thanks for listening!

I’ll be back with a live program next week. Thanks for listening!

Comments (0)

A little behind, but still worth posting: Crowd Strike doesn’t get owned

While we’ve been on break, I’ve had an article sitting here that I read in regards to the Solar Winds breach which was talked about on this past Tuesday’s Security Now which I’d like to try and catch.

The article is entitled SolarWinds hackers also went after CrowdStrike and it was definitely interesting to read it when I did.

There really isn’t much neews since then except that people should be more aware of whats going on, and watch for possible attacks, but I sense we won’t have anything new until next year.

What was interesting about this article is that the actors attempted to breach Crowd Strike and was unsucessful. This is probably the best news we can get out of this ordeal, and its a glimmer of hope anyway.

Microsoft told CrowdStrike that “several months ago,” the Microsoft Azure account of a Microsoft reseller was making “abnormal calls” to Microsoft cloud
application programming interfaces (APIs). The account managed Microsoft Office licenses for CrowdStrike.

The attackers tried to access emails, but Microsoft said the attempt was unsuccessful, according to CrowdStrike. “As part of our secure IT architecture,
CrowdStrike does not use Office 365 email,” Sentonas said.

“We have conducted an extensive review of our production and internal environments and found no impact,” Sentonas said. “CrowdStrike conducted a thorough
review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft.” <;/blockquote> This is similar to me getting email saying that my account would be closed if I didn’t provide details, yet the email was sent through a contact form, or even directly.

If my account were to be closed, I could just bring it back, as it is under my control. Good job, Crowd Strike, you succeeded in this one because they tried to get at something you didn’t have.

Want to read more about this latest I’ve been holding on to? The link is above, and lets open this up for comment.

Comments (0)

Weather apps for IOS

I posted this on a site called Apple Vis, and I’m sure I’ll hear from them, but if you aren’t over there, I’ll post here so it gets some attention. I’m in no rush to switch, just looking around.

Hello folks,

I’m writing today as I’ve thought about this long and hard. I was recommended Weather Radio which I’ve enjoyed. I had written them about some issues which they confirmed via voiceover this year. Sadly, when I wrote through the app to find out about the status of the bug which has to do with reading the alerts and the constant back reading it does, I was informed that the app was removed from the app store.

I got to thinking about what app to use as I liked weather radio and the way it gave alerts. I did try and podcasted about Weather Underground but I agree with the presenter, it doesn’t feel that great, and the alerts are vague. It took me a bit to set up locations, the current, plus two others I have people in.

Then I got to looking at Dark Sky which is a paid app. I’m not opposed for paying for an app, but the developer of this app says Apple. I remember reading on this site from someone from this app that was going to make changes, which were then implemented. I also saw something here called Carrot Weather which I only read here.

What I’d like to do is find something similar to weather radio where I can customize the alerts I get like weather radio did. Weather Underground doesn’t seem to cut it, the alerts they do have are good, and the forecast is nice, but am just looking to see what people are using.

I would greatly appreciate if someone can assist me in this endeavor so I can make the best choice. Thanks for reading!

I’m using an Iphone 11 gotten at the beginning of 2020, latest IOS 14.3 and use voice over exclusively with no braille.

Comments (0)

Travel Booking company pays out money for 2016 breach

I took the Christmas break off from posting, hope everyone has enjoyed their holiday as much as I enjoyed the break. We’re going to start with some interesting news coming out of Cyberscoop I recently read in regards to a booking company having to pay out some money for a 2016 breach.

The company in question is called Sabre Corp who I’ve never heard of.

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated
a breach of its hotel-booking technology.

The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality
Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards.

Letitia James is the New York attorney mentioned in this story.

The article indicates that there were multiple failures which I thought we should talk about. First, they had a susceptible security system, then they didn’t notify their customers in a timely manner. That’s two big failures which one should’ve never happened.

I completely get that there are going to be mistakes, notifying your customers of that mistake should not be one of your mistakes. This is beyond repair, the money should go to the customers and not to the states though. The customers are at a loss here by the first mistake which could be anything from a software breach which is understandable, seeing how company assets are upgraded differently than consumers as we’ve learned.

“Today’s agreement not only imposes a hefty fine on Sabre but will ensure that the company has the appropriate security and incident response plan in place
so that its failure does not take place again.”

The failures may happen again, See the blog for articles like this one on InterContinental Confirms Breach at 12 Hotels amog many others.

Its been confirmed, Mariot suffered another breach was many breaches at the Mariot chain, but they were up front with what was going on, and you can read those articles to form your own opinion.

The settlement requires Sabre to “implement and maintain a comprehensive information security program, and a written incident response and data breach
notification plan,” according to the attorneys general. “Sabre must also obtain an independent third-party security assessment and implement any recommendations
to improve network security.”

Should cybersecurity be everyone’s business by now? Why does it take a settlement with states or individuals to make companies wake up to the security problems of today.

According to the article, the hotel chains effected by the breach included Trump Hotels, The Four Seasons and Loews Hotels.

Trump Hotels have been talked about in other articles on the blog, search it out. I know the blog starts April 2011, but that can’t be helped now, but you can even search the Internet for articles about that hotel chain.

Sabre’s revenues were reported to be nearly 4 billion dollars so they should be able to shore up their defenses. Since I onbly read the article on the 27th, the quote

The company had not issued a comment about the settlement as of Thursday morning.

should not be much of a surprise to anyone in this industry.

Would you like to read more about this facinating piece of good news? Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data is the Cyberscoop article we’ve taken from.

Lets show companies that this is not exceptable behavior and we want our information regarded as secure as possible. The public understands that there are going to be mistakes, some may not be your fault. Your immediate reaction such as notifying us of the breach or intrusion, finding out what happened, figuring out how to prevent the problem from occuring again, and we can’t forget training your customer service reps to respond to questions from customers who may call you about the breach.

When I got notified by mail from OPM about their breach, the customer service rep knew what was going on, was able to identify what was going on, and answered my questions. While I didn’t ever do business with them, they told me the information I needed to know, based on me identifying myself as who I said I was, Jared Rimer. I won’t disclose the rest of what was disclosed, but suffice it to say, I wasn’t necessarily impressed I was involved with a company I had no direct contact with, but understood what they did. That is the most important thing we can take out of these breaches, the up front nature of what is disseminated to us. Let us hope that 2021 will teach companies that this is the most important thing they can learn from this breach pandemic year that is 2020. Make it a great day.

Comments (0)

Research: nearly all of your messaging apps are secure

I’m going to use the article title Research: nearly all of your messaging apps are secure for this article, because I believe it fits.

I saw this article on twitter today, and it isn’t too late to post it. Some of the apps listed, I’ve not heard of such as Cyberdust, and this article is talking about security of apps. Only two of the apps, Messenger and Telegram needed some adjustments which are already in the apps, but for the most part, apps for messaging are pretty secure.

This is great mews for those who use these apps. Imessaging is part of iphones by default, and we can turn that off, and there are certain circumstances where imessage is not secure, but like all apps and products, there are going to be drawbacks.

What do you think of the apps you use for messaging? Are you overly concerned? Sound off in the comments!

Comments (0)

The breach that is: … Solar Winds takes a very interesting turn: part 3

So far, we’ve written two parts, and I know there is a lot more to write. I know there is a lot more to read too, and I know the time and effort i’m putting in to making sense of this and putting my thoughts in to this will be worth the read. Let’s continue on with more of what I have on th Solar Winds debacle as it is continuing to unfold.

There are two articles where the government is involved, and the government tag will be used in this part of the article. You can search Solar Winds and get all of the articles regardless if I used tags or not.

The first article is Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts which was quite interesting too.

According to this article: whoever is responsible got in to the highest departments of the government in regards to email access. The Department of Treasury still does not know what extent the hackers did to their network, and the investigation continues.

I want to reitterate that is apparent espionage, the places I monitor aren’t saying one way or the other. When we first blogged this as breaking they even said it wasn’t espionage. If this is the beginning of this being so, we’ve got to get these guys punished.

According to this particular article, the breach at treasury started in July. According to that paragraph, it says:

The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency that dozens
of email accounts were compromised,” he said.

This proves that whomever targeted the government, did gain access to Microsoft property such as office365 accounts and the like. How extensive, we’ll never know.

The scope of the breach at the Commerce Department is gradually being revealed, too. The hackers breached some three dozen email accounts since June at
Commerce’s National Telecommunications and Information Administration, a U.S. official familiar with the investigation said. It’s unclear what information
they were after, but such email access could be valuable for espionage. A Commerce Department spokesperson did not immediately respond to a request for
comment. …

This is becoming good news, at least on this front so please continue to share the news when you have something to share.

In this article, William Barr joined others in saying that Russia is involved in this, but I definitely want a 100 percent proof before I write that it is definitely Russia.

As reported earlier and in the video I linked in a prior part to this article, only 50 targets were the true target of whatever they decided to do. What makes this worse, the researchers found evidence of another hacking group who deployed code affecting Solar Wind products as well.

Finally, someone is really interested in what is going on with the government and what they’re doing about this breach. This article entitled: Biden takes aim at Trump, Russia over SolarWinds breach is the last in this series that I’m going to write about.

President-elect Joe Biden pressured Donald Trump on Tuesday to name the hackers behind the SolarWinds breach, saying that the evidence suggests Russia
is responsible.

Biden also faulted the incumbent president for his handling of the nation’s digital defenses and vowed to do “all that needs to be done” to get to the
bottom of the sweeping cyber espionage campaign, then punish the culprits.

“It is a grave risk and it continues. I see no evidence that it’s under control,” Biden said during a speech in Wilmington, Delaware. “The Defense Department
won’t even brief us on many things. So I know of nothing that suggests it’s under control. This president hasn’t even identified who is responsible yet.”

Mr. Biden, I don’t believe that Mr. Trump will ever come out and tell the American people who did anything, because his own company was breached three times before he even took office. This blog post from 2016 titled WHY BLIND AMERICANS ARE WORRIED ABOUT TRUMP’S TECH POLICY really speaks volumes, as I don’t believe he had a tech policy if now he’s being questioned about what happened in the solar winds breach. He can’t even pass email security tests (blog post) and even before he took office he was winning but hotels continued to be breached. This blog post Trump continues to win, hotels continue to be breached talks about that aspect of his ordeal.

I’ve got other articles on Mr. Trump you can find on my articles page that I won’t spend any more time on trump and linking articles here.

Back to the article at hand, Mr. Trump can’t even tell us much of anything, and if these articles I’ve linked to from 2016 indicate, we’re still behind. Mr. Trump hasn’t even helped us in that regard I must think.

This article says that Mr. Trump downplayed the attack, just like he downplayed other aspects of things that has come up that he has had delbt with either by others, or by downplaying the event entirely.

“Cyberattacks must be treated as a serious threat by our leadership at the highest level,” Biden said. “That means making clear and [public] who’s responsible
for the attack and taking meaningful steps to hold them to account.”

Why did you think that I wrote up this post-mortem report in regards to customtumblers.us even though there was no security attack? What about this post-mortem report when jaredrimer.net couldn’t be accessed by AT&T for several hours? I’ve been lucky, but other companies haven’t been so lucky.

Because Trump fired many people after he lost the election in 2020, he has downplayed cybersecurity in a big way, and I don’t blame Mr. Trump for attacking him one bit. Here is the last paragraphs of this article and they are worth quoting.

“It’s a sign that with a new administration, we can confront these threats on a bipartisan basis here at home,” he said. “That should be encouraging to
the American people.”

Overall, Biden said his approach on cybersecurity would be to work toward “international rules of the road on cybersecurity,” and he said that it could
take billions more in funding to secure the U.S. in cyberspace.

He said he would make it a priority to get to the bottom of the SolarWinds breach, determine how extensive the damage is and formally declare who’s responsible.

“When I learn the extent of the damage and in fact who is formally responsible, they can be assured that we will respond, probably respond in kind,” Biden
said. “There are many options which I will not discuss now.”

He wouldn’t discuss those options, he said, because it’s similar to any other international crisis where the U.S. doesn’t spell out its precise remedy
in advance.

Addressing the massive cyber espionage campaign “will be an overwhelming focus for my administration,” Biden said.

I hope that we can really come down to the bottom of this entire mess, get a handle on cybersecurity norms, and start behaving normally. If we get in trouble doing something wrong, we pay for it. If it is in cyberspace, seems like nothing is done because there are no treaties or the like to pick up these actors. How do we get them to understand that this is enough? The comment boards await you.

This completes the 3 part series to date, I’m sure I’ll have more to post about this as I read more. Let the comments reign!

Comments (0)

The breach that is: … Solar Winds takes a very interesting turn: part 2

6:16 PM 12/23/2020 Edited this as I wrote Suntrust and it was supposed to be sunburst in one of the paragraphs.

In part 1 of this article, we talked about several articles that make this story very interesting as the company behind it had its own breach to contend with and found something very interesting. We continue with the rest of the stuff we’ve found, including what SunBurst is, according to Trend Micro.

This Week in Security News, news ending December 18, 2020 covers quite a number of varying things that may be of interest, including other issues. The biggest thing hear is dealing with critical infrostructure, which Solar Wind hasn’t gotten in to according to all of the reports to date. It wouldn’t be out of the ordinary that Pawn Storm, a remote access trojan or Rat, wouldn’t be out of the ordinary for whoever is behind solar winds anyway, but could be of interest too. In the news for the week, an article entitled Overview of Recent Sunburst Targeted Attacks which we’ll get in to in a bit. The news does also cover Solar Winds recommending a hot patch, so there is definitely things in this week’s news that might be of interest to you.

Let us define what Sun burst is.

The long of the short of this, sunburst is mainly a backdoor that can access anything on the system including rebooting, registry processes, file operations, stopping services and more that may not be listed. Since we know that Orion is a network monitoring tool, a malware version was distributed at some point either last year or this year, and it set it to motion. Sunburst may not be the only way the actors can control these systems, but one that is greatly talked about now.

Please read the trend Micro article on sunburst for more detail if this is of interest to you.

Attribution is quite hard in this field, but one of the things that I am reading is that this could be the work of a persistent working group like APT 29 otherwise known in the circles as “Cozy Bear.” They’re not so cozy, according to the article I’ll be linking to next, with Fire Eye’s Kevin Mandian mentioning in the video that he wants to be 100 percent sure who did it so we can properly take the appropriate steps, unless it gets worse too. The President has repeatedly said that it was China, according to reports and the video I linked to in part 1 of this article.

According to one of the paragraphs, this is a well designed, patient and well focused. They have the resources to take their time. In the interview linked to in part 1, the reporter asked about who did it, and it is mentioned that it looks like someone we’ve delbt with before who will take their time on things. I urge everyone to watch the video linked there, because it may be some insite on what is going on.

According to this article, nobody has formerly been blamed, and that is the most important thing we can take out of this picture. Again, Nobody Has Been Blamed at all for this breach as of yet.

One of the things mentioned in the interview, is that this could’ve been an ongoing attack since last year, but it stops there. According to who Cozy Bear is, the article says:

Cozy Bear is thought to be made up of several different networks of hackers, which can also make attribution difficult, said Matthieu Faou, a malware researcher
at Slovakia-based ESET, which has not linked the group to the SolarWinds breach.

Just because one group takes responsibility, doesn’t necessarily mean that we know they did it, or it points to them. They could do it just to get us to stop investigating the matter, although I don’t know that to be factual.

There is a lot more information including information about who Cozy Bear attacked in the heading called “doubling down.” Here is some more taken from several paragraphs from this article.

“Everybody’s talking about SUNBURST … but SUNBURST is just the initial show, it’s just the stage one,” said Kyle Hanslovan, the co-founder and CEO of Huntress
Labs and a former National Security Agency employee. “We’re hardly talking about TEARDROP or the use of Cobalt Strike within the network, which is designed
to be a sophisticated, unattributable nation-state level capability. … That’s where I think this real story is going to happen.”

Huntress Labs has not blamed Cozy Bear for the SolarWinds breach.

System administrators should prepare for the hackers to have moved laterally, says Chris Kubic, the former chief information security officer at the NSA
and senior security architect for the Intelligence Community Information Environment.

“I fully expect for any network that they were interested in that they used SolarWinds to gain initial access [to], they certainly would have laid down
persistent accesses within those networks,” said Kubic, now CISO at Fidelis Cybersecurity. “It’s expensive to get access to one of those networks, so once
they do, they’re going to take advantage of it, so I fully expect that they tried where the could to move laterally and compromise other systems.”

Fidelis also has not linked Cozy Bear with the SolarWinds operation.

APT29’s stubbornness doesn’t just stand out once it’s inside a network — it is dogged from the outset, said Jamil Jaffer, a former House Intelligence Committee
and White House aide.

“An attacker like Cozy Bear will spend the time and energy to get in where they want to get in, they will take as long as they need to, and use the resources
they can,” said Jaffer, senior vice president at IronNet Cybersecurity and founder and executive director of the National Security Institute at George
Mason University. “If it’s a high-enough value target, they will wait until they’re in.”

There is a heading called “twists and turns” which makes this more complicated.The final paragraph illustrates this. It says:

That unpredictability, and the diversity of Cozy Bear’s tactics through the years, may make it harder to know right now whether the suspected SolarWinds
hackers have other tricks up their sleeve or whether they will retreat from their apparent espionage operation. “They don’t give up easily,” Faou noted.
“But when they give up, they totally disappear.”

What should you be reading from this section of the article? Easy! How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game and let us know what you think.

We’ll need a part 3, there’s still more that I want to write, be on the look out for this as the series continues.

Comments (0)

The breach that is: … Solar Winds takes a very interesting turn: part 1

This is the first of a multi-part article, as its lengthy and many articles and commentary await. Enjoy!

On catchup as usual, Solar Winds takes a very interesting turn going all the way back to December 8th. Why do I say that? We learn about the fact that Fire Eye, the company behind finding the Solar Wind breach to begin with was breached, with hackers making off with “red team tools” which could change the game for the cybersecurity industry.

I’m going to have to play major catchup, or just start fresh, as there’s still a lot I need to read in the landscape, although no podcast or blog is going to cover everything passing their desk.

The first article I’m going to start with is FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame which was quite interesting just the same. The CEO, Kevin Mandia indicates that the actors behind their hack used sophistocated techniques and some of these tools are used to simulate attacks. Here is the blog post linked within this article from Fire eye.

If attacker stole so called red team tools as mentioned in this article and linked, than we’ve got a bigger problem than who did who.

The response from Capitol Hill was swift.

Rep. Adam Schiff, D-Calif., chairman of the House Intelligence Committee, said he had asked intelligence agencies to brief his panel on the FireEye hack,
including “any vulnerabilities that may arise from it and actions to mitigate the impacts.”

Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, said the incident “shows the difficulty of stopping determined nation-state

“As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors
on which we all rely,” Warner added.

The Next article is quite interesting because Kevin is even interviewed on Face the Nation, A CBS news program that airs on Sundays. You can watch the portion of the video he’s in by entering this link. The article itself is entitled FireEye’s Mandia on SolarWinds hack: ‘This was a sniper round’ which is interesting to say the least. Now, we’re learning that this was a foreign espionage attack after all, although it was earlier reported that it wasn’t. As I’ve written in prior articles on this whole ordeal, we’ve still got a whole lot to learn. The first paragraph says: The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth,
according to FireEye CEO Kevin Mandia, whose company discovered the activity. While Fire Eye got breached themselves, they’re definitely trying to do good under the face of their own issues that they might have faced at the beginning of the month, and that we need to praise them for. It takes guts and encouragement to go from breached, to finding what I believe to be the biggest breach we have to date, and that doesn’t necessarily include other well-known breaches like Sony Pictures, Target and others that may be discussed within these linked articles. What interested me, about these articles is the fact that they talked about the fact that Security companies are a prime target. in this space because of the knowledge they have to offer.

Despite bearing the hallmarks of a familiar hacking group, this particular campaign was “totally unique” and “utterly clandestine” in how it happened,
Mandia said.

“And quite frankly, it was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our
careers,” Mandia said.

According to the analysis to date in this article,

Although many details about the SolarWinds hack are unclear, Mandia and other analysts have settled on a rough timeline: The attackers breached the software
update platform for the company’s Orion product in October 2019 and inserted what Mandia called “innocuous” code. In March of this year, the foreign operators
returned to add malware — essentially a backdoor that allowed them access into the network of any organization that installed it.

This is definitely significant, this means that the actors have been working on this for at least a year, if not more. As we continue to do analysis, you’ll learn about the potential threat group that may be responsible for all of this, but I’m not in the business to say whether it is or isn’t a particular actor group.

According to the article the experts continue to say that it is Russia, but our president continues to indicate that it is China, which could be a possibility if multiple actor groups are involved.

Remember when I mentioned that there could be a second hacking group behind this whole debacle that grips us right now besides covid-19 problems? Well, this article Microsoft identifies second hacking group affecting SolarWinds software covers this aspect of this very interesting story. While Fire Eye was looking in to their own problems which started at the beginning of today’s article, they found this, and even a potential vulnerability unrelated to the initial breach as well. This blog post from Microsoft goes in to more detail about that.

The particular malware that was additionally discovered is called Supernova. This malware uses in memory execution instead of the hard drive, thereby hiding from research tools and other techniques to find it unless it scans for memory. I’m not about to say that Moscow is the culprit of this whole ordeal, but they are denying it just the same. If it wasn’t them, who was it?

I’ll end this article here, as there is more to write, and a lot more commentary I have. Stay tuned for part two of this, as this saga continues.

Comments (0)

The Security box, podcast 24: The breach that is, year end review part 1

Hello folks, welcome to the podcasted version of the Security Box. On this version of the show, we’ll be covering the biggest breach to date. We also have our year end stuff which we look back on the podcast coverage on the year that was. Here are the notes for this show.

Welcome to podcast 24 of the security box. This is a full podcast, as we’re on a two week break. Here is what we have for the podcast.

  • The biggest item that we have in the podcast is the biggest breach in the Solar Winds feasco. We’re still learning, check the blog for more. Here is a blog post to get you started with the whole fiasco, but there is definitely more.
  • Podcasts 333-340 is covered in different segments throughout the year in regards to what has happened throughout the year. We’ll continue it next podcast.

The podcast is a little over 2 hours including our final track. Thanks so much for listening!

Don’t want to deal with RSS? No problem! Here is the 114.41mb file for you to digest. Thanks so much for listening!

Comments (0)

sites asking for permissions by giving you popups for site notifications

Well, some of these articles are old, but not so old i did a mass delete. Thing is, I’ve been thinking about some of these topics, and during the Christmas break and in between security box releases and other Mix programming I’m doing, I’l be catching up with stuff and also finding things new.

Don’t worry, the Solar Winds fiasco isn’t going anywhere, looks like I’ve got reading to do on that as well.

First article I’m going to cover from the backlog deals with notifications from websites. You’ve seen the popups asking for permission for location and the like and those may not be so bad. This particular I’ve been thinking about lately has some good reasons why you shouldn’t allow notifications to be used on websites.

First of all, this article comes from our good friend Brian Krebs. I always find very interesting things on this site, and this is one I’ve been thinking about as of late, and want to start sharing what I’ve read and put in my own insite on this.

Brian’s first paragraph of the article is really what got me thinking about this again, even though I read it last month, and its a little over a month old. The paragraph says:

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s
mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts
and then selling that communications pathway to scammers and online hucksters.

So you’re saying that because people are paying for this now that this is bad? I know that I receive a lot of Spam through my web site, and its gotten so bad, that I’ve used an IP lookup tool to determine these IP’s. Most are IP transit IP’s, like they belong to a network that isn’t supposed to be browsing the Internet. There was one that filled out my form 6 times with the same timestamp. I also blocked several IP ranges because clearly its spam riddled. But when combined to this paragraph where it talks about your browser, the browser is the most important thing we have because it is our gateway to the web, just like email clients like Thunderbird and others get you connected to email. Let me repeat this paragraph again. Itt says:

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts
and then selling that communications pathway to scammers and online hucksters.

I wonder how we can then remove that access if we find that to be the case, and how would one know if this is the case?

This article talks about an internet standard for push notifications. I don’t believe I’ve been to a website for push notifications, only location services like Metro. I Normally don’t allow notifications, especially if I’m there to read an article or something. Now that I know there are suspicious things, I won’t be excepting notifications on any site as it can happen to anyone. Here’s the link to the internet standard from Kreb’s article. Kreb’s article talks about a push company located in Montenegro , which I believe is outside of the United States. This site is among the top 2000 acording to alexa.com not to be confused with the Amazon device Alexa. I’m going to have to take a look at this site one day.

According to Krebs, he writes:

Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many
cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests
designed to distinguish automated bot traffic from real visitors.

If this is the case, I will never accept push notifications on my browser knowing this.

To add insult to injury, the article states:

Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever
they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts
to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities.

So this company has the opportunity to do spam like activity like we continue to get through email through our forms or other contact methods these guys find to spue their wares.

I’ll let you read the complete article which includes links, images of what is taken from this site, and much more. Be Very Sparing in Allowing Site Notifications is the article, and the comment boards await you!

Comments (0)

NSO is still in the news, this time … a 0 click iphone attack

The NSO group can’t keep their nose clean by the looks of things. It rturns out, that they may be behind an iphone attack where you don’t have to click on a thing.

Shannon Vavra writes for Cyberscoop on this article, and I found it of interest. This group says that their software is not used in the manners that are portrayed in this, or any other article that has been written. Sure looks like it to me, unless someone somewhere is using the software in this way, violating terms of service.

Hackers suspected to work for the governments of Saudi Arabia and the United Arab Emirates breached 36 devices belonging to Al Jazeera journalists in recent
months by using a zero-click iPhone exploit and NSO Group spyware, according to new Citizen Lab research published Sunday.

The suspected government hackers behind the operations had a particularly pernicious tactic for accessing their targets — an iPhone iMessage that requires
zero interaction from the target to work, according to the researchers. Citizen Lab is based at the Munk School of Global Affairs and Public Policy at
the University of Toronto.

The hacking operations, which researchers attribute to the governments of Saudi Arabia and the UAE with “medium confidence,” could have allowed the operators
to record audio, take pictures, track device location and access passwords or stored credentials on compromised phones, the researchers said.

Qatar, where Al Jazeera is based, historically has a fraught relationship with both Saudi Arabia and the UAE. Citizen Lab said the spy campaign’s targets
include Al Jazeera investigative journalist Tamer Almisshal as well as Rania Dridi, a presenter for a London-based network, Al Araby TV.

So if this is the case, based on these paragraphs I quoted from the beginning of the article, why does the company not go after these guys for violations of terms of service? The terms are there for a reason, I don’t understand why they aren’t followed. I’m sure if I were to use something like Jaws, Window-Eyes, Station Playlist, Winamp, Windows, or any other software in this way, I would be found out, caught, and delbt with. Let me make it clear that I have no intention of anything, I used it as an example.

There is more to this story including links to other things around the web including a blog post talking about the shift in zero click attacks and what they might present.

Want to read more from Cyberscoop? Zero-click iPhone exploit, NSO Group spyware used to target Mideast journalists, Citizen Lab says is the article, and do feel free to leave those comments.

Comments (0)

Security post-mortem report: CustomTumblers.us

The following report has been submitted to my main live journal, the journal to the blog and this blog. The network wants to be transparent in the security of our sites, and we were made of a potential issue which turns out to be a false report, but one which we looked in to. Below, please find the report, and please contact the network with further questions using the contact information at the end of the report.

On December 21, 2020: an email caught my attention that sounded a little alarming.

The email said:

Hi Jared. Can you please check and make sure I have a valid certificate for customtumblers.us.

I signed up for a free thing that can help me with things to know on my website and it says I don’t. It says I have no valid security certificate. I don’t know how to look.

Thank you

I’ve removed the name of the customer to protect their identity, and I promptly responded to the customer. I advised them that certificates for the domain in question were installed, how to access the area in question, told them to take a look and have them report back to me.

At 8:40 am, I got the following question:

Ok thank you. Are you also saying they are installed?

The short answer is yes. The control panel in question looks for new domains and gets what is called a domain validated certificate and installs that. At 10:01, the customer wrote:

It’s there.  I’ll write back to the company and see what they say.  Weird!

There was a little more discussion with a question on who the provider was that was recently installed. Earlier this afternoon, I was advised that the provider service is DIIB which has services for search engine optimization, web site analysis, works with over 100 different platforms including wordpress, shopify, and more as well as a scanner to scan web sites for security alerts. It looks to have a free plan for one site, but the professional plan is $30 and allows you to have 30 web sites monitored.

In no way is the Jared Rimer Network blaming DIIB for this mistake, I bet it can happen to anyone. I’m hoping that the issue will be promptly resolved and that the network and this web site and other sites that belong to it are as covered as they can be in today’s environment.

Should you have any questions about any of the sites, please go to the Jared Rimer Network web site and fill out a form and ask questions.

While the report given by the provider here was negative, I bet this isn’t the first one, and it won’t be the last. I’m glad that the customer here reached out to verify things were as secure as possible, just in case.

This domain did have some issues to start with, but were resolved within a week after being created. We set up the account July 24th of this year. The Jared Rimer Network does not believe the account is in any jeopardy.

Jared Rimer
The Jared Rimer Network
Contact: 804-442-6975 for voice and text
Email: Please use the contact form on the web site
imessage: please use the tech address for the tech podcast tech at menvi.org (remove spaces and add appropriate punctuation)

Comments (0)

Netflicks introduces audio only? What about IOS?

So I saw a retweet about Netflicks and audio only and they do a good job over at Engadget on describing this as an Android feature. Why is this only an Android feature? I bet IOS users would love this as well. Since I am not on the ?Android side, I can’t comment any on how it works, but also, I don’t have Netflicks as it is. If users have it, I’d love to hear what you think of it.

Comments (0)

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.

Source: Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

This should probably not be a surprise. I saw this via twitter, and its only posted a day ago. Android users should be aware of this, and take the necessary precautions.

Comments (0)

VMware, can it be a problem too?

In my last write up, I neglected to write about one article that is related to the Solar Wind fiasco, and that is dealing with VMware. The article is entitled VMware Flaw a Vector in SolarWinds Breach? and so far, there is no indication of this.

According to this article, it says:

In its advisory on the VMware vulnerability, the NSA urged patching it “as soon as possible,” specifically encouraging the National Security System, Department
of Defense, and defense contractors to make doing so a high priority.

The NSA said that in order to exploit this particular flaw, hackers would already need to have access to a vulnerable VMware device’s management interface
— i.e., they would need to be on the target’s internal network (provided the vulnerable VMware interface was not accessible from the Internet). However,
the SolarWinds compromise would have provided that internal access nicely.

In response to questions from KrebsOnSecurity, VMware said it has “received no notification or indication that the CVE 2002-4006 was used in conjunction
with the SolarWinds supply chain compromise.”

VMware added that while some of its own networks used the vulnerable SolarWinds Orion software, an investigation has so far revealed no evidence of exploitation.

“While we have identified limited instances of the vulnerable SolarWinds Orion software in our environment, our own internal investigation has not revealed
any indication of exploitation,” the company said in a statement. “This has also been confirmed by SolarWinds own investigations to date.”

The NSA has not yet responded to requests for comment.

It is possible that VMware may have a foothold if the actors used it, but from what I’m reading to date, this doesn’t seem to be the case. Thoughts on this one?

Comments (0)

Solar Wind update: update as of December 19, 2020

Continuing to read on December 18, 2020, there are some articles that came across my desk.

Security Notification: SolarWinds Supply Chain Attack is the first article. This came from Lastpass and was written by someone by the name of Ian Pitt. As I’ve said before, some of these articles I’m linking to may be behind, but worth the read anyhow. The reason this article is of importance is because of what LastPass and LogMain do, secure our lives by making a password manager that can do so much.

I really like the transparancy this company gives us in to their strategy and understanding of the issue(s) they must face to prevent a big time problem. While LastPass have had issues just like any other company, this company has been transparent behind what they’ve disclosed and what they’re doing about it.

I really think that this article should be read, because of the work they do.

We know that our current President, president Trump has not really said anything about the Solar Winds fiasco. While he ahs fired multiple people because he feels the election is fraud, and he continues to make waves with his lawsuits, I do have to give praise to Mr. Biden for coming out and saying he’ll be looking in to this. The article Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on seems very promising.

In my discussions with someone, they had told me that Mr. Biden has pretty much taken the same people our former president Obama took, and he’ll not really do anything as he’s a puppet to the agenda. I’m not sure, I guess we’ll see for now about all that, but the fact that he’s saying he’ll be looking in to this and bulster the landscape is a good sign. I have no idea really who Biden is, but now is his time to shine in the limelight of what our efforts are in this field.

I believe that cybersecurity should be imperative everywhere, it is something we should all be doing whether it is government or otherwise. The fact that the Government has said to do certain things, yet a big huge breach like this in the supply chain goes unnoticed for months. The Government should be at the top of their game.

This article also goes in to account and says that it is now the Russians that had something to do with this, not the Chinese as first reported.

As I’ve written many times, we’re still learning about this. Speaking of learning, I’ve got my Trend Micro blog issues resolved, and I’ll be reading more about Suntrust, the supposed problem that has plagued the government. I’ll also get back to posting the news and talking about what I’ve seen from there now that I got this resolved. So there is definitely more coming on this front.

Speaking of the Supply Chain which Trend Micro has covered numerous times, the last article for now seems to cover the supply chain as it is entitled SolarWinds hack exposes underbelly of supply-chain attacks and it was quite interesting.

Hackers of lore are often depicted breaking into prominent targets by typing frantically on keyboards in dark rooms and yelling “I’m in!” when they’ve
purportedly breached their victim’s systems. But the sweeping SolarWinds breach, which has reportedly impacted the U.S. Treasury and Commerce departments,
shows the reality is much less flashy and can be far more devastating.

This is why I’ve never really liked the idea of Crime Scene Investigation because its a 30 minute program that may talk about a particular crime which they enact. If it was a hacking crime they covered, they hit a few buttons and they’re in and can find the bad guys.

This is not how this works, and I’ve known this. This is why I liked Dragnet, because even though it was a 30 minute show, they said that time passed by mentioning a date, a time, a place, where they were and what was happening. If these other CSI shows did this, I could have gotten in to it, and my family for years would watch it. I watched one and it didn’t feel realistic to me.

Even when we talked about some of the things like Dread Pirate Roberts who was eventually jailed, I knew it was quite a long time before he was caught. Even when we released podcast 216 back in 2015 we’ve read a bunch on that, and several articles were quite good.

If we’re ever going to get to the bottom of the supply chain problem like Solar Winds, we need to take in what is going on just like they did with Silk Road, Pirate Roberts, the articles that were covered in 216 and even others that have been arrested afterword.

The problem is that Solar Winds have now 300,000 customers which is the latest number, and they include:

the likes of the Pentagon, the Navy, the Army, Cyber Command, the FBI and the departments of Homeland Security,
Defense and Health and Human Services

which makes this more important to make sure that you’re as up-to-date as possible. The number we saw was 18,000 and I wrote that it is probably much more and not everything is known.

Do you think Solar Winds reminds you a little bit like the small company, Philmore, whom we’ve talked about in many podcasts?

That’s it. Lots of linked stuff in all articles, let the reading begin.You can search out any of the terms throughout the Internet you want and feel free to comment onm this or anything else we have to offer.

Comments (0)

We’ve still got problems, CISA still doesn’t have a director unless Mr. Wales is more permanent

Back In November, I blogged a post entitled Chris Krebs gets the boot, seems to have done his job, Trump didn’t like that too much and I got to thinking about this during the Solar Wind fiasco which we’re still learning about. I’m sure there are more articles that will come out, but that isn’t what this post is going to cover.

As far as we can tell, Mr. Krebs (no relation to Brian) had things under control and while there may have been metaling in this years election, it was not because of foreign influence. I’ve got two articles I read around that time that question who is going to head CISA.

The first talks about an Energy official being eyed for the position of director. The guy’s name is Sean Plankey, the current senior official at the department of energy. As we’ve learned within recent days, the department of energy is part of this massive breach, and just looking at DLVR to see that things are working, we’ve got more today on this breach.

I don’t want to talk bad about people, but Sean seems to have some problems that are reported in this article. I’m going to quote several paragraphs that talk about this.

The status of Plankey’s security clearance, however, hangs in the balance. Three former U.S. officials told CyberScoop that an issue with Plankey’s security
clearance came up in the last year, prompting a review of his status as a clearance holder. It’s unclear if those issues have been resolved, and if Plankey
still holds a clearance.

Reached by phone Thursday, Plankey declined to comment on the status of his clearance or when he would join CISA.

Not having a clearance would prevent Plankey from receiving the classified information that CISA officials draw on to help protect government agencies
and the private sector from hacking.

If this is definitely the case, than we have more things to worry about like someone who either doesn’t qualify, or can’t get the necessary clearance because of some issue needing to be resolved. I feel that the government has a lot of issues, and the current issue is just the beginning. While this article was written well before this week’s breach, and I didn’t blog about it then, I think now it is.

Plankey has an extensive background in cybersecurity. A Coast Guard veteran, he has served as a senior official at DOE’s Office of Cybersecurity, Energy
Security and Emergency Response, and done stints at U.S. Cyber Command and as a security adviser to oil giant BP.

When I read this paragraph, I thought, “well, that is great, maybe someone with experience that could actually do a great job.” We haven’t heard anything since.

While that is some hopeful news, I then read an article entitled DHS’s cyber agency is led by career official Brandon Wales. For now. which was great news for a quick turnaround.

Less than 24 hours after President Donald Trump fired Chris Krebs, the dust is still settling at the Department of Homeland Security cybersecurity agency
that Krebs led.

Officials at the Cybersecurity and Infrastructure Security Agency (CISA) who have spent months refuting conspiracy theories and battling disinformation
surrounding the election say they will continue to do so, despite a White House purge of the agency’s leadership.

He’s a 15 year veteran of DHS, and understands the needs of what needs to go on at this agency. The article goes on:

In an email to the CISA workforce Wednesday afternoon, Wales urged his colleagues to continue to provide cybersecurity support to health care organizations
threatened by ransomware attacks during the pandemic, and to prioritize election security efforts as states certify vote tallies.

“We made great strides in our election security efforts, and we need to stay focused on continuing to provide the assistance and guidance that state and
local election officials have come to rely on,” Wales wrote.

How long Wales will lead the agency remains unclear. The dismantling of CISA’s leadership has employees on edge. And CISA’s continued work to debunk fraud
claims could draw additional White House scrutiny.

To add insult to injury,

But Trump cannot easily fire all of CISA’s senior officials. Wales’ status as a civil servant, for example, protects him from being sacked without cause.
And CISA’s existence as an agency is codified into a law that Trump himself signed in 2018.

Since the DHS is involved in this breach and CISA is involved in figuring out how bad this is, what will our current president do with this latest breach? Apparently he has not said anything, and I’ve only heard Brandon’s name in the article I linked below the list item linking the first story.

There’s more to Brandon and what he’s done. Again, the article is entitled DHS’s cyber agency is led by career official Brandon Wales. For now. and is linked here again for your convenience. This is going to be interesting if Mr. Wales stays on, or whether he gets axed before or after the transition, if that even goes through. I hope it does, but there may be still obsticles in regards to that, according to what I’ve heard.

Comments? Let us hear what you have to say about these stories as the breach news continues.

Comments (0)

Adam Levin’s blog says that the Solar Wind breach is worst thought

According to one of my follower’s blog, Adam Levin tweeted an article to his blog indicating that this is worst than initially thought. As I predicted, we wouldn’t hear the end of this, and I believe this article is a case of that. Dated December 18th, and found after my multi article blog post on the subject found here we definitely know that this article is the latest.

While initial reports had confirmed the breach of email systems belonging to the U.S. Departments of Treasury and Commerce, the list of affected entities
now includes the Department of Homeland Security (under whose jurisdiction CISA operates), the Pentagon, the Postal Service, the National Institutes of
Health, The Department of Energy, and the National Nuclear Security Administration.

We knew the Neuclear Administration was hit thanks to this article linked within the prior post. This article says in part:

“This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions,” said the CISA in a public alert released
December 17. “CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”
The CISA went on to specify that “SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.”
The CISA warned that the threat actors behind the breaches utilized several advanced hacking methodologies including steganographic hacking, user impersonation,
“impossible” logins and tokens, and still other sophisticated penetration methodologies.

If this is the case, we really still have a long way to go, and for podcast sake, I am not going to record files on everything I read on the subject. I’ll continue to provide updates and analysis and even commentary where I can, as this is still a breaking story. We’re still learning more every day about this very sophistocated attack which was definitely planned for months.

Want to read the latest from Adam’s blog? Russian APT Breach of Federal Government Worse Than Initially Estimated is the article, written by Travis Taylor. Oh boy.

Comments (0)

Solar Wind news as of Friday, December 18th, 2020: lunch time

Some of the news here may be a little back dated within the week, but I’ve got 5 or six different items here.

When we release the year end podcasts, these will be linked only, and my thoughts will be blogged for people to find.

SolarWinds attack is not ‘espionage as usual,’ Microsoft president says

The breach of SolarWinds software that allowed widespread espionage on U.S. government agencies and other organizations worldwide is more than just a shocking
use of digital spycraft, Microsoft’s top executive said Thursday.

Brad Smith has been working at Microsoft for many years, and there is a linked blog post with his thoughts. While I don’t know what would present an attack for espionage, this is why we rely on the experts to tell us what type of attack this is.

To add insult to injury:

The breach, which multiple U.S. sources have pinned on Russian intelligence, “is not ‘espionage as usual,’ even in the digital age,” Smith writes. In an
addendum to the blog post, Microsoft said that it found no indications that its own software systems were used to attack others, but it did find “malicious
SolarWinds binaries in our environment, which we isolated and removed.”

This should make us feel better knowing that it wasn’t China, but yet it is more wide spread than just one company like Microsoft.

According to the article: Microsoft is notifying more than 40 customers. The paragraph reads:

Microsoft was working to notify more than 40 customers targeted by the attackers, according to Smith.

Are these customers Microsoft customers?

Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected

To add insult to injury, we now find out that the Energy Department is a potential target. While the article says that some systems may be a problem, nothing critical was attacked. I guess that is a good sign in the long run, don’t you think?

The Department of Energy on Thursday said it had found malicious software related to the breach of contractor SolarWinds on the department’s IT networks,
making it the latest federal agency to be swept up in a hacking campaign reportedly tied to Russia.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national
security functions of the Department, including the National Nuclear Security Administration,” Department of Energy spokeswoman Shaylyn Hynes said in a

DOE joins a growing list of federal agencies, including the departments of Homeland Security and Treasury, that have been reportedly breached in the hacking
campaign. …

“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack
was disconnected from the DOE network,” Hynes added.

I hope that it was disconnected from the network, I would hope that it was. If you say that it was, and it wasn’t, you’ll have a lot of explaining to do.

To add insult to injury, this article says:

The Russian government has denied involvement in the hacking campaign.

Of course you’ll deny involvement, this way, nothing happens to you. The president elect is being briefed by the Trump administration, and articles talk about that, so we’ll see if they get in trouble, or the culprits who actually did this get in trouble as well. No matter who did it, the United States is aware of what is going on, so someone needs to come clean.

FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware

This is a similar article from the one that I published from Krebs on Security who was mentioned in the article. I’m not going to spend a lot of time on this one as it is similar to the one I blogged when we broke the news at the beginning of the week.

There is a lot of linking within this article, so you’ll need to read this on your own.

Senators press Treasury to speak about breach, planned response to hackers

I always see the same names asking about all these types of breaches through the years, and its a good thing. Companies sometimes respond, sometimes don’t, but its time to figure out why all of these breaches are coming out and becoming such a problem. As we’ve learned throughout this fiasco, it isn’t all of these companies faults that the software they chose to use to protect them was compromised since March. We need answers on all of these breaches and we need to know how companies will respond after the mistake is found to have caused the issue in the first place.

This article is very interesting because two key senators who are Democrats want to know if those responsible for the treasury portion of the breach will be sanctioned or even caught would be better.

As with a lot of articles, there is linking within, so I don’t want to take the article word for word. Check it out and see if there is something you want braught up when we return to the airwaves.

SolarWinds breach has industrial firms checking their networks for vulnerabilities

Why do we need to check for problems after a big breach like this? Why aren’t we checking for problems before a breach? Are you claiming you’ve not patched for any vulnerabilities and this is your wakeup call?

Executives from multiple U.S. electric utilities on Monday convened a phone call to discuss a critical vulnerability in software made by SolarWinds, the
federal contractor at the heart of an apparent cyber-espionage operation.

The briefing, hosted by an industry-government group known as the Electricity Subsector Coordinating Council, is just one example of the wide ripple effects
of the malicious tampering of SolarWinds’ software by suspected state-sponsored hackers.

They now need to see what the problem is? Have they not been paying attention to other sectors like the shopping industry get taken by third party contractors like what happened in Target? This isn’t going away any time oon, and some year end articles I’ll cover more in other blog posts don’t look promising. This is beyond repair. Let us work together to tell people what is happening, they need to know they need to patch to the best of their ability, and definitely update that software.

National security officials brief Biden team on SolarWinds hacking campaign

Its nice to see that the two teams in the white house are working together to share information. While the presidency election was a problem in the states this year, the fact that Biden is being briefed in this ordeal is a good thing.

U.S. national security officials have briefed the transition team for President-elect Joe Biden and Capitol Hill aides on the consequences of a suspected
government-backed hacking campaign affecting multiple federal agencies, according to multiple people familiar with the matter.

Trump administration officials held multiple briefings on the topic for Biden aides on Monday, and there is a classified briefing slated for Tuesday, according
to a person familiar with the briefings. Among the agencies briefing Biden staff on Monday was the Department of Homeland Security’s Cybersecurity and
Infrastructure Security Agency, a CISA official said.

Some information may be repeated here as reported in other posts already, but this is definitely a good sign. Let’s see what the president elect has to say about cybersecurity when he takes office.

“We are in daily communication with federal agencies on a wide range of topics, but cannot confirm the details of any specific briefings,” said a spokesman
for the Biden transition team.

the post ends by saying:

CISA also briefed Capitol Hill aides on Monday on an emergency directive the agency issued requiring all federal civilian agencies to check for signs of
the malicious activity on their networks. During that briefing, CISA officials said at least one federal agency had discovered it was affected by the campaign
in the day since the directive was issued, according to a congressional aide who participated in the briefing.

That’s nice to see, let’s see what else you’ll find as the weeks go on. I’m sure that this story will continue to develop. That’s all the news I have for now … we’ll be on this as much as we can.

Comments (0)

Zodiac Killer cipher is cracked after eluding sleuths for 51 years

Michael in Tennessee sent me this arstechnica article on the Zodiac killer. The article is Zodiac Killer cipher is cracked after eluding sleuths for 51 years and I find this quite interesting. It took many years to decode a message, and the message you’ll have to find when you read the article.

I don’t know if the suspect is still living, but if this is any clue on his identity, they should be picking him up real soon, I hope.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu