The Technology blog and podcast

---

Comments (0)

The Psychology of passwords, 2021 report

I read this some time ago, but preparing the show notes, its time to start by blogging this one.

The article is titled New Report: 2021 Psychology of Passwords and it was written by Lastpass.

While I took highlights from the article to make talking points, knowing that 68% of people use the same passwords because it is easier with 79% knowing it is a problem, what, if anything are you going to change so you aren’t in that category?

I know that there is still things to work on for me, although I know I have, for the most part, stopped signing up for things with the same password set.

While I have had facebook problems, I recently gotten them resolved once and for all with the correct password now in Lastpass, or whatever password manager you choose.

I’m not here to force change, bt to bring up articles that may be of interest for you to decide if you’re part of a problem that we’ve not solved yet.

There’s plenty linked, including the report. If you’ve read the article at least, what if anything do you need to change? Please don’t disclose any passwords or similar passwords as this is a public forum. If you’d rather email me, you can. Thanks for listening, reading and participating!

Comments (0)

TTEC is next with ransomware

We’ve got so much in the Ransomware space its not even funny. I meant to blog this before the Security Box this past week and although its linked there, I’m bringing it to the forefront as I prepare to start work on the next Security Box.

TTEC seems to be hiring while other companies are telling workers not to come or even telling them they’re no longer employed.

The problem is, that the ransomware attack made it to where the employees couldn’t do their jobs and were told to go home. They worked for companies such as your flower shop, your bank, or any other company you could think of. The bank mentioned in the article was Wells Fargo, but that isn’t all that was affected.

For full details on this story, check out this article titled Customer Care Giant TTEC Hit By Ransomware which comes from Krebs On Security.

Lets hope that the employees can go back to work and do their jobs. It was definitely a very interesting story when I read it.

Comments (0)

The Security Box, podcast 62: Windows Update, a veryinteresting botnet, news notes and more!

The 130.1mb file can be downloaded right here. The show is over 2 hours and some great discussion too.

We’ll be back next week, with another program, and this time, its on our RSS feed unlike last time when I said it was and I found out I uploaded it to the wrong place.

Here are the show notes for today’s program.

---

Welcome to the Security box, program number 62. On this program, we’re going to cover Windows Update as well as a very interesting article from Krebs about a new botnet that seems to have done quite a bit of damage. It is an IOT botnet called Meris. We’ll also have news, notes and lots more.

Windows Update

There are the usual two articles on Windows Update. This time, Krebs has quite a bit on these updates while Trend Micro covers the highlights but also gives some info of value too. They’re both good for their reasons, so read them both.

• Microsoft Patch Tuesday, September 2021 Edition Krebs on Security
• September Patch Tuesday: 66 Bulletins, Only 3 Critical Trend Micro

Meris

There is one article which we’re taking from for this one, but did you listen to podcast 836?

• KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” Krebs On Security

News Notes

• Security researchers at Wiz discover another major Azure vulnerability Ars Technica
• Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware Ars Technica
• Trial Ends in Guilty Verdict for DDoS-for-Hire Boss Krebs On Security
• Customer Care Giant TTEC Hit By Ransomware Krebs On Security

I hope you enjoy the program and thanks so much for listening!

Comments (0)

Security Now! Podcast 837: Cobalt Strike

This week we examine a devastating and still ongoing DDoS attack against the latest in a series of VoIP service providers. We checkout the once again mixed blessing of last Tuesday’s Microsoft patches, and we examine a welcome feature of Android 11 that’s being back-ported through Android 6. We catch-up with Chrome’s patching of two more new 0-day vulnerabilities and attacks, then we look at a “Pwnage” eMail I received from Troy Hunt’s Have I Been Pwned site – was GRC Pwned? I then have a quick Sci-Fi reminder for the end of the week, a SpinRite update and a fun related YouTube posting. Then we’ll wrap up by introducing the latest weapon in the malign perpetrator’s arsenal, the powerful commercial tool known as Cobalt Strike.

Download the 48mb audio file for your listening pleasure.

Comments (0)

Apple TV OS version 15 is also released

In looking at AppleVis, they also have a post on TV OS with informatoion that may be of interest for those who have them. I don’t have a TV and the one we had at my older place was not an apple TV.

You may find this blog post from AppleVis not of much value unless you have a TV and you read everything at the page. I’ll leave it up to you on what you want to read or not. just passing it along.

Comments (0)

IOS 15 is now released, lots of things to be aware of

AppleVis has a great writeup found by the article title Apple Releases iOS 15 and iPadOS 15; Bringing Focus Modes, Live Text, and Enhancements to Multitasking, Notifications, FaceTime, Safari, Privacy, and More that covers podcasts, blog posts for the blind and deaf blind, as well as Ipad specifics.

I did read the post The Accessibility Bugs Introduced and Resolved in iOS 15 and iPadOS 15 for Blind and Low Vision Users which details the bugs AppleVis knows about that might impact users. The one that might be of concern details the wallet and multiple items and only having access to the first one, but the others may be of concern in the critical section if you use those options.

Under moderate, there are 9 potential issues including Voice Over not speaking apps while in the app switcher. It does it for a couple of them, but more than so many, it has problems. I try only to have two or three open at any given time, but this one does concern me.

If you use a braille display, the 2nd item in the list may be of importance.

Need to edit an alarm? You’ll probably have to delete it and recreate it, says the post. I personally don’t do this often but knowing this is annoying but at least we can work around it. I’ve not used alarms much since the Pandemic, and mine are pretty set anyway.

There are 12 different items under minor that might be of concern for people. I’m not sure what might be of importance to you, I didn’t see anything that might be a problem for me but we’ll see.

There are other bugs that have been reported but have not been seen that is also part of this post.

I’m only seeing this blog post titled What’s New in iOS 15 Accessibility for Blind and DeafBlind Users and as I write my own blog post, I’ll have to give this a perusal to see what is up that might be of value.

---

The main blog post linked above talks about how to update your IOS device, and I’ll probably do it after all of my meetings for the week conclude. I’d rather be stable on a version that I don’t have to worry about a lot of things while I deal with TSB, PSAC Wednesday night and the board meeting on Thursday.

Comments (0)

Have you Patched IOS?

While IOS 15 is slated to be released today, did you get IOS 14.8 last week? Michael in Tennessee sent this article about the forced entry vulnerability which Apple fixed within their line of Mac, Watch and IOS products. This is as bad as it probably gets when it comes to having hardly anything to do with your device to infect you.

We know that Pegasus is out there, we also know that the NSO group has said their products are used lawfully by law enforcement personnel, but we also know that they lie and Security Now has covered this time and time again.

For all of the details, please read this ARS Technica article Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware and make sure your as protected as possible.

You never know how bad its going to get.

Comments (0)

Azure is in a heap of trouble, more vulnerabilities found in it

Security researchers at Wiz discover another major Azure vulnerability from Ars Technica is something that thoe users using this product need to be aware of. I’m getting news notes together, and decided that this particular one needs to get out there even before the full list of items are out there.

This particular vulnerability, according to the article, affects Linux machines, which means that it could in theory affect hosting environments. I do not believe I’m using it, and I thought this was a Microsoft product but I could be completely wrong.

Go through and read the article, it definitely may be of use to those using the product, and thanks for reading!

Comments (0)

The Technology podcast, podcast 361: Come listen to a very interesting open security forum on Vaccines and more

It has been quite awhile since I released a technology podcast. I got permission to air this one, and it was a room on Clubhouse. Go over to my website and look under social media for a link to my profile there.

The rss has the show, unlike when I announced the Security Box having been put up there and then finding out it went to the wrong feed.

Its the way it goes.

Now, please sit back as we give you the show notes and I send you on your way.

I’ll have more posting later and remember to join me for the Security Box on Wednesday!

---

---

Scott Schober is on Clubhouse, and he invited me over to his club which talks about cyber security topics. Here is a link to his Cyber Security club where members can join the conversation. The discussion started with whether we’ve gotten the vaccine or not, whether restaurants and other places are collecting that data let alone securely, and more. I decided to join the stage and while I applauded the conversation about covid-19 vaccines, what aout other problems we’re still dealing with lik the open databases problem? Take a listen to this, and let’s discuss whether I’m right, or whether we need to be concerned about this. I’ll have more talks soon.

Scott Schober’s web site

Comments (2)

Security Now! podcast 836: The Meris Botnet

We are going to talk about this botnet thanks to this article by Krebs On Security called KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” but I did hear the end of this week’s Security Now which I intend to listen to and may have other thoughts put in to the notes for the podcast which I’m now working on.

The description of this program is taken from This GRC Security Now page which you can download the program from.

---

This week we’re going to note the apparent return of REvil–not nearly as dead and gone as many hoped. We’re going to look at a new and quite worrisome 0-day exploitation of an old Windows IE MHTML component. Even though IE is gone, it’s guts live on in Windows. We’re going to share the not surprising but still interesting results of security impact surveys taken of IT and home workers, after which we’ll examine a fully practical JavaScript based Spectre attack on Chrome. I have bit of closing the loop feedback to share and a surprisingly serious question about the true nature of reality for us to consider. Then we’ll finish out today’s podcast by looking at the evolution of Internet DoS attacks through the years which recently culminated in the largest ever seen, most problematic to block and contain RPS DDoS attack where RPS stands for Requests Per Second.

---

I urge people to download and listen to this show (57mb) as it may contain news that may be of importance for you. Most importantly, you should listen to the final segment, but I’m not going to hold your hand, so if this interests you, go for it. Enjoy!

Comments (0)

Its time to get your windows update on as well as other software as well

Windows and other related software need to be updated. Krebs On Security and Trend Micro have all of the details.

Trend Micro indicates that there are 66 patches throughout the Windows ecosystem which include 3 critical and 11 reported through the ZDI.

Besides IOS 14.8 released on Monday, Google Chrome also has an update which fixes 9 vulns with 2 actively exploited in the wild.

Please read the article in which you’re interested in, both have good information to provide.

Comments (0)

Apple’s California Event wrapup

This page is the writeup of yesterday’s event. I heard a portion of it through Twit yesterday, but I was getting tired when it replayed and they also had other shows.

The writeup is quite interesting, but like the author of the post, I’ve got my 11 which was baught last year, and I don’t know if we’re going to get new phones or not.

I don’t have a watch, but right now I’m passing on one. Never had an Ipad, as I use a Windows PC as well.

Let’s see what you decided on getting after you read this accompanying article on IOS and other apple things.

Comments (0)

The Security box, podcast 61: CSAM gets a pushback, news notes and other stuff too

The 125.21mb file is here. The RSS is here.

Here are the show notes.

---

Welcome to the Security Box, podcast 61. On this podcast, let’s discuss the updates on CSAM as it pertains to Apple. We’ll have news, notes and more.

Topics

• Under fire from privacy advocates, Apple delays controversial photo scanning plan Cyberscoop

News Notes

• “FudCo” Spam Empire Tied to Pakistani Software Firm Krebs On Security
• 15-Year-Old Malware Proxy Network VIP72 Goes Dark Krebs on Security
• Microsoft: Attackers Exploiting Windows Zero-Day Flaw Krebs on Security
• IRS used vape store receipts to gather evidence against alleged Ukrainian scammer Cyberscoop

Comments (0)

There was an event today, which I did see an email about from apple but didn’t read it. We’ll see if a blog post comes up on it but here’s some news from AppleVis about this important update.

Ahead of tomorrow’s “California streaming” event, Apple has released iOS 14.8, iPadOS 14.8, macOS 11.6, and watchOS 7.6.2. The main changes in these releases are two security updates. Apple has also released a security update for macOS Catalina, however, this has just the one security fix.

Comments (0)

The Security box, podcast 60: The Security Landscape as a whole from broadcasting software and web site services to T-Mobile’s Fiasco

This is the link for the download to last week’s program. Its been a busy time here at the JRN, but I’ll be doing my best to try and do some serious blogging of things I’ve read and try to get back in to things. The file size is 124.5mb. I hope you’ll enjoy the program as much as I have bringing it to you.

---

What has changed on the security landscape? We learn about T-Mobile’s recent failure, and even web sites are braught up as well as broadcasting software among other things. This turned out to be a very interesting show. What do you think has changed? What have we done wrong? What do you think it’ll take to fix it if it can be fixed at all? No news notes this week, but they’ll be back next week.

Comments (0)

supporters webpage

Hi.
I have a supporters/ partners webpage.
It can be found here.
https://wp.me/P1ssMG-1v6
Currently I have the blind perspective and top tech tidbits magazine listed.
Sadly perspective hasn’t returned a request but tidbits has.
The site will be featured in the next issue as a 1 off and this site is classified as a supporter/ partner.
www.toptechtidbits.com/partners.html is the site for the profiles.

I will be working on more casts but these may take a bit.

Comments (0)

The Security box, podcast 59: Scott Schober, The Q2 Intelligence Report, News Notes and plenty of commentary

Hello folks,

Welcome to podcast 59 of the security box. It was recorded on September 2, 2021.

This is our longest podcast to date, but it is well worth the listen. I really liked the interview I did with Scott, but the podcast really took a turn after news notes.

The show notes with all of the links follow.

---

Hello folks, welcome to the Security box, podcast 59. On this edition of the program we have two different prerecorded segments for you.

First, we interview Scott Schober of Berkeley Varitronics Systems, Inc. He’s written various books which we talk about, as well as some of what is going on in the security landscape.

Next, we have a talk that was done by Phishlabs, who did the Quarter 2 Phishing Trends report.

To top it all off, we’ll have news and notes from around the landscape as well as questions and comments after each segment if any.

>

BV Systems
• Scott’s Web Site
• new-quarterly-threat-trends-intelligence-report-now-available Phishlabs

News Notes from around the web

• FBI warns that Hive ransomware hackers are calling victims by phone Cyberscoop
• What the Norton-Avast Merger Means for Cybersecurity Trend Micro
• FCC proposes record $5 million robocall fine for voter suppression scam Cyberscoop
• Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack Cyberscoop
• Microsoft Azure vulnerability exposed thousands of cloud databases Cyberscoop
• Scammers impersonate Europol chief in an effort to defraud Belgians Cyberscoop

Thanks for listening!

---

Don’t have RSS? No problem! Download our 245.1mb file which you can find by using this link. I hope you enjoy the program and thanks again for listening!

Comments (0)

go to sections menu

---