go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: November 2021

Go to Homepage [0], contents or to navigation menu



Scammers impersonating Netflix, Disney+ and other streaming services – Red flags to watch for

Shaun sent this some days ago, but now I’m having time to read it. Its a thread on an email list that was discussed from this Kim Komando piece. We’ve talked about Kim on one of Throwback’s security segments for October, so was happy to see this. Take a look at this, as the holidays are upon us and they’ll stop at nothing to get our stuff.

Phishing scams are increasingly being used to impersonate streaming services. Here’s how to spot them to avoid falling victim.

Source: Scammers impersonating Netflix, Disney+ and other streaming services – Red flags to watch for

Comments (0)

This could be a cautionary tale, phones not to get

Some of the articles sent through the Security Box I’ve not read, and may have kept them around for some reason or another. This one I’m referencing can probabbly be a cautionary tale of what not to get, as I don’t know if they’re even still available.

The article is titled Security audit raises severe warnings on Chinese smartphone models and it comes from Ars Technica.

It talks about a couple different Chinese-made phones, which may be sold by Amazon and Walmart. The article doesn’t link these phones because there are quite a lot of problems with them.

The biggest thing, is that these phones will take you to different app stores, replacing the Google play store. It also can redirect you to potentially dangerous malware, depending on what you search for. legitimate pieces of software you’re looking for.

While this may be late, you should always check out where software is gotten from, as you don’t know at least with these devices if changes were made.

The article has complete details on what to look for but doesn’t cover what to do about it mainly because there isn’t anything you can do.

If this is still ttrue, please make sure you’re staying safe and getting what you really want this Holiday season.

Comments (0)

The NSO is finally getting sued

This is going to be a “things to ponder” for our next podcast, and I’ve submitted it to Throwback Saturday Night for future airplay. It isn’t an urgent thing for them, but something we all should be aware of.

The NSO group has been covered by numerous podcasts including Security Now and this one just for a two examples. I’m sure others have too. This is because of something called Pegasus which has been used as a surveilance tool at Journalists and other people.

Apple is suing them because they are targeting their products, and even one recent patched vulnerability is discussed. The NSO group claims their software has saved lives and governments have assisted in arresting pedophiles and other criminals thanks to the software.

The article indicates that there was no backup to the NSO claim of the above, and from what I’m hearing, it has done nothing but become a problem.

The Pegasus software can be installed without any knowledge of the victim, and it can do anything the NSO group wants. It is an Android and IOS problem, and the developers of this software bypass the software all of the time.

We’ll have to see what this lawsuit will look like as it proceeds.

What do you think of this one? A good thing or a bad thing? Why or why not?

Comments (0)

Linux has a serious vulnerability, I hope a patch is out soon

Hello folks,

I’m way behind on this blog, and really need to start writing about what I read. Today, I’m hoping to start that again.

This topic is going to be the main topic for our next security technology podcast, and it could possibly affect us. Why? Because one of the pieces of software it affects is Bind, whicjh allows sub-domains to be bound to the account, especially when it is on a shared server.

It is probably used through Linux, regardless of shared hosting or not, but when creating sub-domains, I always see messages from the control pannel that it is reloading bind. I suppose that unbind would take place for a deletion, but I don’t know anything about the third, dnsmasq. The show notes will not cover the other two, but if I’m completely wrong, someone can correct me.

The article was sent by Michael in Tennessee, and it is titled Linux has a serious security problem that once again enables DNS cache poisoning and comes from Ars Technica.

There is quoted material of all kinds, so go read and learn. Enjoy learning a little today.

Comments (0)

The Security box, podcasts 69-71

Hello everyone,

I know I’ve been devoid of blog postings lately, there’s a lot happening. However, the podcasts continue.

Podcast 69


Welcome to the security box, podcast 69. On this edition of the podcast, we turn our attention to another story, bullying over the telephone lines. We have some news, notes and commentary as well, but the bulk of this program is to think about what might go on these lines whether it is one you are on now, or one you’ve been on. Thanks for listening!

Podcast 70

Welcome to podcast 70 for the 17th. Its open forum today, hope you all enjoy it! Lots of different topics. Hope you enjoy!

Podcast 71


Welcome to the Security box, podcast 71. On this podcast, we’re going to cover things we did not cover last podcast including windows update and a very interesting report dealing with the threat trends for November 2021. We’ll have news notes and plenty of it too. Hope you enjoy the show!

Patch Tuesday

Threat trends and intelligence report

  • new-quarterly-threat-trends-intelligence-report-available Phishlabs
  • News Notes

    Below, please find the links for the news items that are going to be talked about for this week. We may have blog posts on some of these, so make sure you check out the blog for complete details on things and maybe you’ll find something you want to comment on.

    I hope you enjoy the program, we’ll have more news notes and another great program next time. Thanks for listening!



    All podcasts are on our RSS feed for you to go and get. If you need copies, please let me know. I’ll be happy to send you what you need.

    Thanks so much for listening to the programs, and I hope you’re getting something out of it. Replays are also available on Clubhouse, just search for my name and you’ll find me, my profile, and my clubs and replays. Contact me if you have any questions.

    Comments (0)

    Is it time for you to watch for packages? Beware of things to watch for

    Hello folks,

    I talked about this for a future program of Throwback Saturday Night which will air this Saturday on Server 2 on the mix. While I made it not article related, I said I’d be posting this to the blog and I amdoing that.

    There are lots of ways to get notified of packages without relying on the dreaded text messages telling us to click on links. Doing so, could get you in to a lot of trouble.

    As you’ll soon find out when we play the threat trends and intelligence report which I attended yesterday, I happened to ask about the recent barrage of texts about potential packages and the fact they have potentially been delivered or not, and the particulars of messages that say you’re due a prize for paying your bill.

    If you’ve not been to the quarterly trends reports, Here’s the one from Yesterday. We’ll be talking about it, and even Michael in Indiana talked to me about it last night as I uploaded a copy to Live Wire for their perusal.

    What does this have to do with packages? Plenty. The number one threat that is still talked about is Phishing, whether it is Email based, voice based, text messaging, social media or even an unpopular method with QR codes.

    I’ve seen these codes in setting up two-factor authentication with apps, but I am unfamiliar how they really work as it can include URL’s that phishers have used in certain circumstances. While it isn’t common here int the states, it has been used.

    They could in fact, get you to view a QR code instead of clicking on a link as we’ve seen through SMS and email in the future and that’s where our topic that is going to highlight this blog post comes in.

    The major carriers like UPS and Fedex use short codes instead of phone numbers for SMS communication. When you are signing up to get notification through their web sites, you give them your phone number, and you have to confirm receipt and can even ask for all deliveries to come to you. I did that through USPS where all updates are received when I submit to them a tracker.

    The article ‘Tis the Season for the Wayward Package Phish written by Krebs on Security talks about the various problems like Phishing emails perporting to be coming from fedex. According to the article, this can be bad, as it can ask you for another delivery time.

    The ones I’ve seen indicate that I’ve had packages attempted 4 times. They want a $2 processing fee, and then they ask me for name, address and the like on a completely separate domain from the one I start with. BTW, both domains I’ve seen aren’t your major carriers either. Please read this article all the way through, because it is important you do so. If you want your packages saved, you should read the article anyway.

    Have yourself a great day! Stay safe!

    Comments (1)

    Braille 2000 version 2.278

    Hello folks,

    A little bit late here, but if you run B2K, you’ve been tipped off in regards to an update which fixed some bugs.

    Here is what’s new, thanks to Bob.


    Hi,

    One more time… yet another B2K.

    There are five fixes:

    • 1. In Select Pages, The Include Current Page button did not update the display of selected pages.
    • 2. Substitutions (e.g., replacing tabs with spaces) didn’t work for Paste
    • 3. When Pasting material not in UEB, the target document code settings would go screwy
    • 4. If the cursor is in gray, Enter does nothing (might happen following paste)
    • 5. When doing interpoint, the file might end with a gray-fill blank back side. It can be awkward to input more prose (the cursor is in a sea of gray). The new feature Insert / Text Page will generate a new page (with a blank paragraph waiting for input) that is anchored using braille page break.

    Please use the panel, file management, check for updates option or download the full installer from our web site if needed.

    Comments (0)

    So … What Happens when you die? What will happen to your crypto currency?

    OK, I know its not a subject we want to talk about, and I recently signed paperwork for myself should something happen and I need medical care. But what about those who have crypto currency? I saw an article on Twitter that covers this aspect of things which I thought was quite interesting.

    One of the things it says is that Crypto is an investment and it can be rewarding. I do like the technology, but I just don’t feel that investing for me is the right thing to do.

    If you do invest, know what you need to do for your will in case you die. onal
    More
    navigation region end
    Business News
    is the article and I think it should be passed along.

    I don’t want to scare you one bit, but I’ve been told how crypto trading is worth it and all that, and I’m happy for people who do it. Just know what happens if you don’t do something if you suddenly die and your family and friends have to close things out for you. You don’t need to make a hard decision today, but you should make one just the same, and maybe sooner than later, depending on your health and other circumstances.

    I hope that this is of interest.

    Comments (0)

    Time change

    Hello everyone. This is a note to indicate that we’ve changed the time on the blog to match Pacific time for standard time.

    I’ll be starting to blog again, I’ve been lackluster at best, but i’m still here. I hope that you find the blog of interest and make it a great day!

    Comments (0)

    The Security Box, podcast 68: NCSAM extra! Social Media, News notes and more

    Hello everyone! The rss feed has the podcast up, and below you’ll find the show notes including a very interesting blog post that our own Shaun Everiss wrote.

    You should read it.


    Welcome to the Security Box, podcast 68. On this edition of the program, let’s talk about social media and phone line issues as it relates to cyberbullying and other related topics. We’ll also have news, notes and more.

    Social Media discussion

    In a very interesting turn of events, I wasn’t necessarily going to put anything in to this section because I was going to do a full vocal discussion. But when I saw my own digest on my blog, I saw a very interesting post dealing with Social Media and other things related that I’ll link here. I’ll still do vocal talk with no notations, but this post is worth bringing up.

    ,

    News Notes

    We hope you enjoy the program, and thanks for listening!

    Comments (0)

    go to sections menu


    navigation menu

    go to sections menu