go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: October 2021

Go to Homepage [0], contents or to navigation menu



Crypto might be in trouble? Check this out

So … I’ve had quite a number of people on clubhouse approach me about crypto and how I can make $16k if I just invest $5k in Crypto under Forex.

While I love the idea of Crypto and its technology, I, among other people in the disabled community, can’t invest such large numbers in to a system that could probably crash tomorrow.

One person, even went as far as to say that if I don’t, I’ll “be sorry” as this is the future. The profile said they were in hardship and a loss, and then he went in to how good Forex is.

Forex is automated, and like th stockmarket, could have consequences. If you do it, go at your own risk.

This morning, one of the listeners to the Security Box, sent me this Yahoo! news article Big Hires, Big Money and a D.C. Blitz: A Bold Plan to Dominate Crypto which I found interesting.

Two people are tryoing to dominate Crypto and get it the money of the future. My hunch is that at some point, Crypto including Bitcoin will fall, but not necessarily crash. Those who invest thousands of dollars and get double their investment better enjoy that for now, as at some point, it won’t happen anymore.

I’m not really sure what this article will say in the long run, but the problem is that crypto is not regulated, and if they think this will have any effect, I’m not sure.

Even those who have started taking Crypto as payment have backed out, although I have seen Namecheap taking crypto as payment which is awesome. But I’ve heard that others have backed out.

If you’ve read this article, what do you think? Is there a chance with what these guys are doing or not?

Do pass along your thoughts. I’d be curious on what you say!

Comments (1)

Don’t miss what’s happening People on Twitter are not the first to know.

Hi all.
Well I thought about posting this thing on my own blog but thought I should really release something on here which is not behind the scenes.
I have been reading titles and articles I am interested in, but due to the current apocolipse, I just don’t have the energy I once had to well actually post.
With each country and its dealings with covid, I have noticed the following 2 lines when visiting twitter.
Don’t miss what’s happening
People on Twitter are the first to know.

Now this appeared on twitter way before covid.
Don’t miss what’s happening
People on Twitter are the first to know.
Hmmm don’t miss whats happening, yeah a lot happens on social media.
People on platform x are the first to know.
Oh yeah?
So does that mean that everyone on social networking site x know before the media.
And is all the information on that site the best information?
Suggestions from governments to local media to even the lockdowns which exist here and other places would suggest not.
The line should read
Don’t miss what’s happening
People on Twitter are not the first to know.
Neither are they on facebook, youtube, etc.
Hell I wouldn’t even trust my email, my friends are not the first to know.
Now before I get hated on, I don’t trust the government, or the media, or anyone online but at least the government and media are official.
Maybe their social networking platforms.
But social networks in general while we as humans depend on them are as trustworthy as spam email is.
There is no verification on social media, no fact checking.
There are all sorts of groups.
Social media has enabled us to associate with who we want but the down side is if you want to stick your head in a bag and say obama is an alien parasite then you can.
No one is stopping you.
Yet social media in some cases updates faster than news so we actually use it more, so does the media but even so raw data is raw data.
Especially if it is just that.
This text by the way is my own opinion, its not fact and I admit it here obviously.
But no one is going to jump down my throat if I down out lie through my teeth and trousers.
At worst maybe I get my account banned from here but thats it.
You can be whoever you are on the social network just like you can be on email or the net with little to no checks or ballences if you wish to maliciously or by accident screw up.
So yeah its dangerous.
We consume a lot of the net.
Not saying its dangerous but if we were so scared about our privacy one thinks we wouldn’t post random garbage.
Now in some countries people don’t unlike some of us westerners have the luxury to just shoot off our mouths at just about everything and maybe its because we are to comfortable but who knows.
The net aint free, in fact the average 100 megabyte connection costs most of a hundred bucks there about so it has to be more than that.
Mobile phones, where you live depending, well data aint cheap,in fact it can be darn right expensive and roming even more so.
Boredom maybe but I doubt its the issue.
Maybe its because we can post what we want to people that want to hear it and can block people that don’t so we continue to believe what we want and screw everyone else and maybe thats it in a nutshell.
No one is going to call me out on this.
I am unsure about the answer, but I do think that places like twitter shouldn’t be so blatent with their titles of their pages.
It may have meant something back before, but this is now.
Social media while being one of the best things out is also is as dangerous as a nuclear reacter meltdown or a firework held in the hand.
Its not even the legal thing either, its commen sence we are talking about.
You don’t yell a certain black racest word in public without getting a swift kick to the chops.
But if I chose to I could do it freely.
If I got banned from my whatever site I could make another.
I know rules on the net are hard and well we don’t want massive control but its got its problems.
The fact you can post what you want and like without any action is a bit of a concern.
Even on social media I am making up profiles of people in my head without even meeting them and then when speaking with them later realise its different on a completely different level.
I have also fell into that trap on email and other forums being banned from some of them after mouthing off without thinking.
I was on my system and it was a nameless list and I lost it for a second.
After one of these big blowups, I have learned that text is really poor method of communication.
Its fast and small, and officient but thats about it.
Its not video or voice and it can lead to other issues.
For example your average whatever domain website could be registered somewhere, stored somewhere and its data stored somewhere else.
Ie your .com site may not be american or you are not on a american server.
The net is not a binary on and off thing its more than that.
Sadly its something some of us haven’t got round to thinking about that well.
The fact we trust an unknown user on a site we don’t know about is also an issue.
Then there are the terms on social media.
Lets get one thing straight.
None of the people you add on social media or the net, or email online or interact online with are ever your friends!
They could be mass murderers for all you know thats why we have scammers.
The social network idea sounded nice but its a pipedream at best and dangerous at worst.
I have many people that follow me, so at most they are subscribers but not my friends.
I have a lot of people I email, including friends but if they had been only online then they wouldn’t be my friends.
No one on the net is your friend they are just people.
No one you chat with on a forum or anything is your friend.
No one online at all no matter who they are is your friend.
If you physically meet them, chat to them, have some parties or go out, over a long time, say 6 months to a year then yeah maybe then or at least you can trust that link a bit more.
A friend is not a follow link, unfriending is unfollowing someone but it really doesn’t make sence.
Maybe some terms on social media need to be changed.
Friends could be followers or subscribers like on youtube.
I know we want to make it a nice friendly place but that ship sailed in 2007 or maybe even before that when all those ransom ware writers started making our lives hell and its only worse.
And until we learn that the next voice in the void can be totally trusted without question we will have issues.
Even those I know online, I trust to not do or do a certain thing but its not like I’d fully trust them.
Offline, its the same but because I have physically met them maybe more so, maybe not.
Now once your social text chat becomes more, like a voice call via zoom or skype, or maybe you trust them to give them your phone or cell number and you really talk for ages, maybe.
I have several methods of communication and use them a lot.
Nothing is secure as such but just basic commen sence security.
At the front of all this stuff is my email.
Its open to the net, anyone can use it.
I don’t mind who has it.
Same with my twitter though I don’t use it as such.
If I need voice I use zoom or skype.
If its a business and its local like in my country then yeah I’ll call them offline and conduct my business the old fashioned way.
Online though, most people only see my email.
My email aint timezone dependant.
I can block a certain person, or not respond to them.
If I need someone to get more involved than that then I have a skype I can use, or zoom or something like that.
So if it gets a bit more than that, I have my mobile phone and my landline.
For obvious reasons I don’t want my landline or even mobile phone known, I mean both aren’t hidden or anything but even so.
Rarely if ever unless its a business do I like to share my phone or mobile numbers which are offline contacts.
If it goes belly up online, I can easilly take action to secure myself, change my address, block people.
But if its on my phone or even someone comes about physically then its a bit more of an issue.
Now with that in mind if its a local business and its in my country I like to deal with the person direct because of the same reason as I just outlined.
We trust to much in what we read and lets face it reading is the thing here.
So when you look at your next twitter or social media post don’t take it at face value.

Comments (0)

Zales.com is next in the data leaking department

Its time that companies start getting in trouble for leaking data.

Its probably no surprise that we’re continuing to see stories like this, but this time, Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 from Krebs on Security is out with details.

Let me know if these paragraphs sound familiar.

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number.

The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information.

The company has the following quote within this article. It says:

“As a business principle we make consumer information protection the highest priority, and proactively initiate independent and industry-leading security testing. As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity.”

If you have industry standards, than why do you have another case of mismanagement of personally identifiable data leaking on the Internet for all to see?

While the issue may be fixed now, this isn’t the first, and the article rightly says this is miniscule to today’s problems we now have to face, but it is still reality.

I do know that I would do everything in my efforts to make sure that this type of thing would not happen.

This includes using payment processors like Stripe and billing software if appropriate like Freshbooks to do my workflows and billing.

If I couldn’t use Freshbooks because I sold product and it would be easier to bill the customer, I’d definitely use Stripe as buttons to buy and collect data is handled by them, and not by me.

There are probably other solutions that I am not aware of, and each company is going to be unique to this problem. The company needs to find the best solution for them.

What do you think dear readers? Let’s discuss.

But I do think one key reason we continue to see companies make these easily avoidable mistakes with their customer data is that there are hardly ever any real consequences for organizations that fail to take more care. Meanwhile, their customers’ data is free to be hoovered up by anyone or anything that cares to look for it or index it.

“Being a Web developer, the only thing I can chalk this up to is complete incompetence, and being very lazy and indifferent to your customers’ data,” Sheehy said. “This isn’t novel stuff, it’s basic Web site security.”

Take those last two paragraphs to heart, and make it a great day!

Comments (0)

Braille2000 2.277 now released

Braille2000 released Wednesday a new version of Braille2000 which brings bug fixes to the product.

One of the fixes was a continuing bug I’ve seen where closing indicaters were put in to documents where they shouldn’t be. Ever seen a closing number sign indicater in something like 4chan anyone?

One change may have you re-enter your license information, this is because of an internal change where that was stored before and where it will be stored going forward.

There may be other bug fixes that I’m not aware of that you might see.

To update, go to panel, file management, software update and select 2.77 from the list.

Alternitively, go to Braille2000’s web page to pick up an executable.

Happy brailling!

Comments (0)

The Security Box, podcast 67: NCSAM week 4: Protecting Your Children Online

Hello folks,

The following may be a touchy subject, but one that is quite important. In some weeks time, we’ll discuss this more in detail as this isn’t just an online problem. One of our regulars will be dharing a story, and while its long, we’ll have more details on how we’re going to handle this program next week.

For now, our RSS feed will have this podcast, and stay tuned to future podcasts.


Welcome to Week 4 of NCSAM. This week, we’re going to cover protecting your children online. Notations are taken from a presentation I heard about the topic, and I’ve summarized it to tell possibly some stories that may be similar to something you’ve heard or seen. We’ll also have news, notes and other comments as the program gets started.

Protecting Our Children online

  • Protecting your kids online. Including topics like grooming, cyberbullying and more.

News Notes

The following are some of the items that have been read within the past week. Feel free to read the ones that are of interest to you.

I’ll try and blog some of this older news we’ve got, so stay tuned. Hope you enjoy the show!

Comments (0)

Apple has released updates

Hello folks, welcome to another post here on the blog. This time, its an Apple post.

They’ve been releasing updates to variuous operating systems as of late, fixing bugs and possibly adding some additional features.

Apple Releases iOS 15.1 and iPadOS 15.1; Bringing Many Fixes for VoiceOver and Braille Users

This has a long list of fixes that plagued us from the onset of IOS 15. While some may have been experienced by me, some have not. This is definitely great news, and I’ll be looking to upgrade to 15.1 at some point within the coming days.

Apple Releases watchOS 8.1, tvOS 15.1, and HomePod 15.1 Software

Since I don’t have a watch, I’m unable to comment on anything here, although there are fixes that may be of benefit to you.

The New Features, Changes, Improvements, and Bugs in macOS 12 Monterey for Blind and Low Vision Users

I’m not a Mac user, however, there is a lengthy list of changes and new features, especially if you use Voice Over.

If you’re ready to update, all AppleVis artices indicate how to update your specific product. Stay well!

Comments (0)

The Security Box, podcast66: Verizon, AT&T, T-Mobile, Oh My!

We’re sorry for the delay in releasing the podcast. There were other commitments that needed dealing with, and we also had a technical issue that occurred too.

With all that said, I put the file on the rss feed for all to grab.

If you need me to send you a copy, please contact me and I’ll send it to you.

Below, please find the show notes for podcast 66 of the security box, and enjoy!


Welcome to the Security Box, podcast 66. Is 66 a lucky number? T-Mobile and Verizon are in the news with Spam messages, AT&T is in the mix as well in passing, Google is getting in the mix with two-factor authentication on more accounts, as well as news, notes and more.

Topics

NCSAM

News Notes read from around the landscape

The following are links to stories that have been read from across the landscape. In October, we do news notes live so that you, the listener, can get a benefit of this being a discussion. If you like the way this is being done, please let us know and I may do it full time.

Hope you all enjoy the program, and thanks for listening!

Comments (0)

Civil problems for companies that can’t talk about breaches?

OK, so I recently read a back dated article titled US gov’t will slap contractors with civil lawsuits for hiding breaches which was posted on Ars Technica.

As I’ve written in news notes, I don’t feel that companies like Colonial Pipeline and JBS Foods willingly put our lives and potential data at risk. I feel that the company who failed to patch their software in a timely matter that lead to a breach is more of the problem.

I think this article should be read and discussed, as it could bring a much needed change for all of us when it comes to knowing what is going on. I know I’ve got questions that may or may not be answered.

The good news is that companies will civilly be delbt with, not criminally delbt with, at least when dealing with the government problems, but is that the issue? Let’s discuss.

There’s more, read the article for more.

Comments (0)

NCSAM post 10: Use Android? Your phone may be handing over data, with no choice to discontinue it

I have two post 8’s, the last 8 should be 9, but I’m not changing it now. Here’s something in regards to Android, and I think I’m going to put this as an NCSAM article for today.


Hello folks. Welcome to another post here on the blog. Today, we’re going to talk about Android. Apparently, there’s a study that says that a phone that is minimally set up for service is sending tons of information to various companies like Microsoft and Facebook.

I worry about this as with IOS, you need to give permission to have apps access data, although I’ve heard in rooms that data is being sent to Apple without our knowledge as well. I’d rather trust Apple, as they’ve been known not to do what other companies have done.

The researchers intercepted and analyzed the data that was sent by the Android OS including the pre-installed system apps that we previously mentioned. The study assumes a situation where the device owner doesn’t enable his phone to share data but uses the default settings for everything else. The research team printed a chart that shows the data collected by each of the Android OS variants.

Here’s something else.

All of the companies whose Android OS variants were tracked shared information that can help identify a particular mobile device such as a handset’s unique
IMEI number. This data is transmitted along with data that the user can reset such as advertising IDs. But since the data is sent as a pair, resetting
the advertising ID won’t help the user since his device will always link to its IMEI identifier.

While I will be putting this as part of news notes, I’m wanting people to read the entire article Some versions of Android share users’ personal data with no chance to opt-out from Phone Arena to learn all of the details on what three well-known companies are doing at least with their stock versions of Android.

Sound off in the comments.

Comments (0)

Coin Base get an influx of users

Sometimes, sites get an influx of users, whether it was the mass exodus from What’s App when Facebook went down for 6 hours, phishing for credentials and being successful at it, or any other means that might have this happen to a site.

Today, we’re going to talk about a very interesting article that we’ve put in to our first item for news notes for Wednesday. It is a Krebs On Security article titled How Coinbase Phishers Steal One-Time Passwords.

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

After poking around the phishing site, there is a pannel that will notify the actors when their victims enter credentials on to the site. Also, according to the article, they can push a button in real time that asks the victim for more information. Sounds scary and something in a movie, but yet, its starting to happen.

Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

That puts another meaning in to two-step verification, yet they’re taking advantage of this by pushing buttons real-time.

I took a look at coin base’s web site before writing up the notes for it, and I must say, It Offers a bunch of info about crypto currency and various types of it to boot. I had no idea there were hundreds of crypto. I knew about Bitcoin, Litecoin, and Etherium and possibly a few others, but I saw some that I’ve never heard of.

Luckily, this campaign is not targeting the United States as of yet, signing up several million Italians first, says the article.

There’s plenty more I can quote and talk about, but I think you should read through to see all of the details. This is one that people should at least glance at, in case their favorite site may have this problem. Its definitely new and clever.

Comments (0)

Windows update, its time to update again

Its time to figure out when a good time to update will be. Windows had its update and as usual, our two major sources posted articles.Have you found a good time to update?

Trend Micro indicates that 11 of the 71 updates were submitted through the ZDI program. Only three of the patches were rated critical.

Krebs, on the other hand, covers the gamut of updates from Apple’s 15.0.2 to Adobe and even Windows and the miriad of CVE’s that are linked within both articles.

Comments (0)

NCSAM post 8: Verizon is getting phished now

Verizon customers, not the company is getting phished now. Verizon subscribers are the target of a phishing expedition; do not respond to this text message comes to us from Phone Arena.

The same day the Security Box was to air, I had signed up for a webinar dealing with 5 Things You Need To Know About Ransomware Before It’s Too Late begins in 1 hour – October 13, 2021 at 02:00 PMEDT. You may ">view and sign up for the web cast as the replay is available.

I bring this up in this post because one of the things even though it talks about ransomware, is that Phishing and Social Engineering are the steps that actors can take when it comes to getting information.

The article reminds us of the T-Mobile breach and what is going on there, but then goes on to say that Verizon customers may be getting similar things.

First of all, most Verizon subscribers have already paid their September bill so while it might seem that the text must be from Verizon since it knew that you paid last month’s invoice, as a Verizon customer this writer can tell you that the nation’s largest carrier doesn’t offer you a gift just for making your payment on time; heck, Verizon won’t send you a gift for paying your bill earlier than the due date. 

As I said in a previous post, I’ve seen messages identifying me by name, and telling me Thanks for paying my bill and offering me a prize too. That post talking about the T-mobile breach phishing expodition should be read too, as these two posts are related.

It would not surprise me if any of the other carriers around the country will be hit with actors doing the same thing.

You don’t need a smartphone for this, even flip phones with web capability could be used, as no application is ever downloaded. How do I know this? I’ve looked at these URL’s, and the prior post talks about what I’ve seen.

I’ll say that the paragraph I am quoting is specific to Verizon, I am not sure if it applies to T-Mobile or AT&T customers. That paragraph says:

With this information, you could lose control of your Verizon account while the bad actor changes the address, password, and other information. Once that is accomplished, this criminal orders expensive new phones that you’ll be paying for. The devices get sent to your account’s new address which is controlled by the crook.

I think the advice should be followed where it says that if you receive a questionable text, call the carrier to confirm things. Since I’ve seen how AT&T sends me free text messages, I know that there is a short code. The Verizon article linked here gives the short code to forward these bogus messages to. Please make sure you read both this article I link to here on this post, and the prior one for T-Mobile along with its accompanying article.

This seems to be a hot commodity right now, and this post is post 8, although both this and the prior post has the NCSAM tag i have on the blog.

This is valuable information. Please be aware of what is going on and stay safe. Know how your phone carrier sends you texts messages so you’re aware of what might lie ahead.

Thanks so much for reading!

Comments (0)

Haven’t updated to 15.0.2? Better think about it

In an earlier blog post, I linked to AppleVis and their coverage of IOS, Ipad and watch updates. This Phone Arena article titled Apple wants you to install iOS 15.0.2, iPadOS 15.0.2 and watchOS 8.0.1 ASAP goes in to more detail on this and even talks about 15.1.

YOu can read all of the details by clicking through to the article. Keep safe!

Comments (0)

Are you a T-Mobile customer? Better pay attention to this

In a batch of stuff that came from Michael in Tennessee, this one may be a little bit outdated but worth sharing anyway.

I’ve written T-Mobile as tmobile at times, and I think that needs to change. The reason is going to be clear when you read T-Mobile customers are receiving spam texts possibly related to August’s data breach which comes from Phone Arena.

The article covers the fact that actors are going around sending text messages apologizing for an outage that may or may not have recently occurred.

A portion of a paragraph says:

The text continues by noting that the person receiving it was “one of the 25,000 affected clients” belonging to the nation’s second-largest carrier. The bogus message goes on to ask recipients of the text to take a 30-second survey about T-Mobile (note in the image how the company’s name was written as Tmobile, something that the wireless provider would never do) in return for a free gift valued at $100.

Also, another paragraph states:

Pressing the link takes you to a new page where at the bottom, the truth is finally revealed. Reading the small print reveals the information that the company behind the survey is a marketing website that is not “affiliated” with T-Mobile. On that page is a button that says “Accept.” Don’t press it even if you feel pressured by the countdown timer on the page. And note that the October 1st deadline has already passed.

I’ve seen similar messages from various area codes about my payment being processed and that I get a free gift. Looking at the link took me to a page where I got to pay a $2 processing fee. Pressing the button on that page takes me yet to another domain where it asks for personal information including number if I remember right.

I’ve also seen these URL’s and they are not AT&T’s domain or any domain they claim to be. Its quite weird if you ask me.

Just be aware of this, know what’s out there, and make sure you check those URL links if you do press the link.

Comments (0)

The Security box, podcast 65: Twitch, NCSAM week 2, news notes and more

I know that the RSS feed is updated with the Security box for the week, and I know that there were two technical issues, but the show must go on.

I meant to post this yesterday, but took the afternoon off.

Below, please find the show notes which include links to various things that were discussed during yesterday’s program.

Please follow me on Clubhouse and feel free to join my club if you wish to do so.

Thanks so much for reading the blog, learning with us, and learning something that might help you.


Welcome to the Security Box, podcast 65. On this podcast, let’s discuss an article we read after the release of last week’s program in regards to Twitch and their recent breach we were alerted to during the live taping of the program. After that, we’re going to cover more NCSAM and even have some news notes. We’ll do news notes the same as we did last week, as it turned in to a lively discussion. I hope you’ll enjoy the program, and thanks so much for listening!

Breach topics

NCSAM: Scam apps

News Notes read from around the landscape

Comments (0)

NCSAM post 8: Phishing Tips to keep you safe online

This week seems to be a Phishing week. No, no, I’m not sending any phishing e-mails, but the topic of Phishing has been on everyone’s mind. I recently was on one of our Internet Radio channel’s shows talking about the landscape with folks on Teamtalk and Phishing was a topic there too.

I’ll be on that same program again this week, where we’ll go through the landscape again with the group. Not only am I doing that, but we also have a phishing article from Lastpass that we’re going to bring to everyone’s attention as well.

This time, Lastpass has the article Phishing Tips to Keep You Secure From Scams which I’ve been thinking about lately as well.

While I have an NCSAM topic for this week’s box, I don’t want to give anything a passup if I can help it, so we’ll blog this one.

Here are the tips which are headings in their article.

  • Carefully review messages from all channels
  • Make a habit of double-checking a sender’s email address
  • Trust your intuition
  • Your password manager can help you identify phishing sites
  • Be cautious of blindly accepting multi-factor authentication (MFA) prompts

All are good in their own right, but I definitely have been trying to encourage people to check those email addresses! Since Phishing can still be coming by email, and now there are more URL shorteners than the one I like we’ve mentioned, spotting email addresses as well as checking those links are important.

Trust your gut! If you think there’s something wrong, place a call to the company if you do business with them or delete that email or don’t respond to that direct message on social media!

If you have decided to use a password manager, if programmed correctly, the password manager should make sure that you are protected. When you save a password, it should capture the appropriate domain as well as your username and password. So, if you had an account on this blog and someone made a similar blog saying that you were on the technology blog and podcast, it knows what URL is the original by that name because it saves this blog.

I had that issue with Michael in Tennessee’s blog. I thought i was going to his blog, yet it didn’t fill in my creds. I ater looked at the URL I was going to, and it was completely different, and it didn’t let me log in even if I copied my creds from Lastpass or any other password manager I use.

I’ve not accepted any authentication requests as I’ve not gotten any. But when I do, its because I’m logging in to a site and need access to my app.

When I had facebook log in problems, I got texted and emailed by facebook, and while the emails were sent at night, I went to facebook’s site to confirm what was going on even though it identified me by full name.

Is there anything else that caught your attention on this article? Sound off in the article comments here on the blog, or better yet, subscribe to the TSB list by searching for the post on this blog on how to do that, or contact me for instructions.

Each heading which is listed above has paragraphs from Lastpass, but I decided to make my own and talked about what interested me about these headings. Feel free to read what they have to say, as its valuable information too. Some stuff may be linked as well, giving you more resources.

Stay safe! We’ve got a long way to go.

Comments (0)

NCSAM post 7: Insider threats, here’s a true story

Hello folks,

Ever think that an insider threat can’t occur? We know by word of mouth that AT&T had a breach that apparently was an insider threat, but now, we’ve got an article that says that there was a definite insider threat.

The article Former TD Bank, Bank of America employee allegedly helped email scammers launder money comes from Cyberscoop.

Three people were involved in this case and it was very well orchestrated.

An accused money launderer allegedly used his position as an employee at Bank of America and TD Bank to aid an email fraud scheme that scammed five businesses out of more than $1 million.

The U.S. Department of Justice announced Thursday that a grand jury had returned an indictment against three men — Onyewuchi Ibeh, Jason Joyner and Mouaaz Elkhebri — charging them with money laundering and aggravated identity theft. The defendants allegedly operated a business email compromise scheme, in which thieves pose as a business or associate in an email then ask a victim to wire up to hundreds of thousands of dollars at a time.

These are the first two paragraphs. Lots of links and even a link to their many articles tagged BEC which this could definitely qualify as BEC with all of the money taken.

There are plenty of linked content here as well as plenty more on the case. Feel free to check this one out.

Comments (0)

A company that has been hacked for 5 years? Is This Crazy?

I thought this story about a routing company being hacked for 5 years was quite crazy, but yet, that’s what it talks about. I know that a breach can take up to 191 days to be discovered, but this hack was from 2016 to 2021 when it was discovered.

My question is, how is this possible?I think this is the first I’ve heard of this.

The article is titled Company that routes SMS for all major US carriers was hacked for five years and our good buddy Michael posted this to our TSB list. This is absolutely crazy and I hope they come out and tell us whether SMS was affected by this hack. People can send anything through SMS, and this is going to get interesting if sensitive info were to be given out or leaked somehow as part of this whole mess. Better check this one out, we all need to watch this one.

Comments (0)

Apple releases updates yesterday

Late last night, I saw two posts in regards to apple updates. Both of these come from Apple Vis.

That’s it. These are the updates for now. Thanks for reading!

Comments (0)

My first day on IOS 15.x

Hello everyone,

Well, today is going to be my first fullday on IOS 15.x.

I got it installed last night, between 8 and 9 PM.

The good news is that I have not yet experienced the IOS 15.0 bugs although I did see that I couldn’t edit an alarm but it isn’t that big of a deal.

One of the biggest things that I like are the focuses. I finally can change my schedule for do not disturb which I did today. It is still new to do,

The thing I don’t like is the vibration when voiceover has nothing to read, but turing that off in touch, vibration under the accessibility makes your phone not vibrate for other things, so its a double edge sword.

I think this will be a work in process, but I do like the idea of focuses and will see if I want to set up others, although it is a set schedule from what I can gather.

I also like the alerts per app or people aspect of this too, its well thought out.

Anything you want to talk about? Sound off!

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu