go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: December 2022

Go to Homepage [0], contents or to navigation menu



QR codes on the loose, might not be legit

I had an experience with a QR code recently, but it was something discussed first. While people aren’t supposed to be coming around here selling things, I didn’t see any harm here.

When they saw I was disabled, they did assist where they could.

The article we’re talking about may end up spreading to the states or even somewhere else. They send you a document with a bit of info and a QR code. The site in question is having the same info, but then has buttons to give them info.

If that wasn’t bad enough, the actors may end up asking for credit limits and any other types of limits.

If you deal with QR codes, you might want to pay attention to this one. Be aware, be safe!

Comments (0)

This must be another great email, see if you can spot what’s wrong

After thinking about this email I got this morning,I think I’ve decided how i’m going to present it.

This email may look like your typical scareware whereby the sender wants you to do something or else something will happen. You’d be right, but what is interesting about this email is that it comes from a support email address. Here’s the email.

The subject is: Re [Reminder] Pending Payment – 417729-2717-757

That’s strange, I didn’t make a payment overnight at 1 am, and the body is definitely something interesting.


Greetings!

I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.

Here is the sequence of events:

Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online). I have easily managed to log in to your email account .

One week later, I have already installed the Cobalt Strike “Beacon” on the Operating Systems of all the devices you use to access your email. It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple. :).

This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list.

My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter.

While gathering information about you, i have discovered that you are a big fan of adult websites. You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure. Well, i have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, colleagues, and relatives. Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you.

I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest.
I guess you don’t want that to happen.

Let’s settle it this way:

You transfer 2.4 Bitcoin to me and once the transfer is received, I will delete all this dirty stuff right away. After that, we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me. I keep my word.

That is a fair deal, and the price is relatively low, considering that I have been checking out your profile and traffic for some time by now. If you don’t know how to purchase and transfer Bitcoin – you can use any modern search engine.

You need to send that amount here Bitcoin wallet:
bc1qfg5hsje7p38e3xvl2qawufjc97w2kcv72ry4kf

(The price is not negotiable).
You have 5 days in order to make the payment from the moment you opened this email.

Do not try to find and destroy my virus! (All your data is already uploaded to a remote server).
Do not try to contact me. Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

This is an APT Hacking Group. Don’t be mad at me, everyone has their own work.
I will monitor your every move until I get paid.
If you keep your end of the agreement, you won’t hear from me ever again.

Everything will be done fairly!
One more thing. Don’t get caught in similar kinds of situations anymore in the future!
My advice: keep changing all your passwords frequently.


This is interesting, they’re giving me advice but my passwords are held in my password manager of choice.

The mailing address of the email just pasted here is: which does not even exist.

The other piece of the headers which also indicates I can’t go to it is a domain claiming to be Microsoft.

That header comes from the envelope:

(envelope-from example.user50@chivunkentertaiment.onmicrosoft.com)

Microsoft doesn’t own onmicrosoft.com and it said I couldn’t go there. The first one gave me an ATT search page.

I’m not afraid of publishing this, because of the fact that they claim they’ve done things yet people would know if something wasn’t working right or sluggish.

I don’t follow links like I used to, this is how something like Cobolt Strike would be installed on the device.

I’m sure I could change my password, but go ahead, share whatever video you have because it won’t be on my facebook or other social media. Have fun! YOu didn’t even tell me who you were and people who would have data wouldn’t be snooping around for weeks waiting for something people need to do on a regular basis. Have fun because I don’t have a camera attached to this computer, and the one on my phone doesn’t record unless I open the app. Since I use speech, I’d know if my phone was messed with too. So again, have fun!

Also, have fun because there is no DMARC and DKIM in the headers. It says none on both.

Comments (0)

TikTok is at it again, now we have fintok

You’ve probably never heard of Fintok have you? Its the financial side of Tiktok, a side that could be benificial if you find the right tiktok person to view.

Komando.com is warning that there are a lot of people out there giving out financial advice that may not be the best advice to give.

I may give my advice to some people I know, but I also say that they should be making the best decision for themselves.

The article is titled Avoid these BAD money tips going viral on TikTok and read the 5 most popular don’t do advice that seems to be popular there.

I’m glad I’m not there on TikTok, I’d want to leave comments asking questions.

Comments (0)

Crypto currency scams on the rise, better watch out

I know of at least one person who has Crypto Currency. They like the idea of having it, and has no plans on really using it if they do at all. That’s awesome!

We’ve been tracking the Crypto Currency world because we find the technology interesting, but I, Jared, do not hold any crypto currency of any kind.

There are hundreds of types of crypto currency. The biggest one is Bitcoin, which continues to have a very interesting day of it.

According to the article This tricky scam campaign goes after those who lost money in crypto by komando.com, these guys may contact you by email, phone call or text message. Their goal is to get as much information as possible and their promises of helping you to get your ost money you may or may not have lost will possibly be jeopardized by them taking control of your wallet or even, your bank account.

If you do have Crypto, please feel free to check this out, learn what you need to learn to spot these things and pass it along to your friends.

I know my financial advisor has made it clear that I shouldn’t invest, but I’ve followed this too much to know that its vollatile. I don’t have a wallet and I know the exchanges like the one talked about in this article are probably not the best. They’re better than nothing, but if they have problems like this one, you’re also going to have problems.

Thanks so much for listening and we’ll be in touch!

Comments (0)

What has been posted on EMHS the past week

As I write this, its December 26, 2022. We have been doing quite a bit during the Christmas break, and we hope you enjoy the updates for this week.

The terms section has gotten a lift. We’ve added a new term, but we also alphabetized the list.

We moved the Know Before larger list of terms to its own section.

There is also another larger list of terms that you might be interested in. Thanks to the folks at knowb4 and the rooms I had been in on clubhouse, they were doing this and talking about some of the terms within the list. Its a great resource. Maybe you’ll find something you didn’t know that will help you!


Books

We added one more book that we found, thanks to podcasts.

If this book has been posted once before, sorry about that! Just want to make sure that I cover everything.


Blog posts

The blog posts have been few, but that’s OK. I’ve seen one that I thought I covered so I passed.


Companies and services

There are no new companies and services that we’ve added as of late.


Have you seen something we’ve not added? Send me a note and let me know what you’d like posted that you’ve learned.

Thanks for listening and reading. Learn with us, there’s so much to learn.

Comments (0)

We’ve got an update on the Lastpass Hack of August, it may not be good unless you took the recommended and best practice steps

Hello folks,

Let me just say that the opinions that are in this article are mine. They don’t represent the security community as a whole, and its based on my feeling of the service and how i have my account set at Lastpass. This information is brand new that we’re reading about and digesting, and people may decide that its time to jump ship. With that said, let’s get started.

On December 27, 2022: komando.com wrote an article penned Major password manager hacked – What you need to know and it continues Lastpass’s investigation of the august hack in to one of their third party providers.

Let me say that I’ve taken the precautions I needed to take by making sure I followed best practices and a secure master password, so I don’t think that my data is at risk.

Don’t think for one minute that I could be wrong, but I do have a strong master password, I’ve got two factor turned on using their authenticator app, and I know they use strong encryption and the backups use that same encryption scheme.

Here’s what we know about the virtual storage that was accessed and the data it contained.

  • • Company names.
  • • End-user names.
  • • Billing addresses.
  • • Email addresses.
  • • Telephone numbers.
  • • IP addresses from which customers were accessing the LastPass service.

To add insult to injury, the database also included backups of our vaults. While that is concerning as it may contain sensitive information such as credit card numbers, website usernames and passwords, the fact that it can’t easily be decrypted and the fact that it is decrypted with an algorithm that includes our password makes me feel more secure about my data.

People may say that they don’t feel comfortable now that we know that our data may have in fact gotten compromised and that is a valid concern. As Steve said on one podcast, its harder to leave a password manager because another one may not include fields for all of the things you have in your vault. He also said that all password managers are pretty much ran the same way.

The article talks about watching out for Phishing attempts by phone, email and text. Since I’m aware of what to look for, I haven’t been fooled yet, although I was taken by scareware many years ago.

Here are a few things you can do to stay protected, according to the article.

  • • Change your passwords regularly – Do this at least once every few months. If you haven’t done so, you should change your LastPass master password ASAP.
  • • Never use the same password for multiple accounts – Through a technique known as credential stuffing, hackers use the same stolen passwords on different services, hoping to find duplications.
  • • Where available, always use two-factor authentication – This additional security measure makes it difficult for hackers to break into accounts without the security code sent to your phone or an authentication app. 
  • • Protect your data – Remember that LastPass will never call, email, or text you and ask you to click on a link to verify personal information.
  • • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at  ProtectWithKim.com.
  • That’s over 85% off the regular price!

The JRN had Total AV tested and it is not accessible by computer but is accessible by IOS.

Again, this article is titled Major password manager hacked – What you need to know and I suggest you read this if you’re a lastpass customer. Please make your own decision based on your own needs. Don’t take what I say face value as your needs are different than mine.

Comments (0)

Fasten your seatbelts! 2 million more cars recalled

In today’s newsletter, we find that 2 million more cars have been recalled, and more could be on this list if you have an airbag.

While not tech related, we know that cars come with tech connected, and those that drive use the tech to assist them with driving and more.

This article comes from komando.com and is titled Vehicle recalls: Dodge Rams, Chevys, Chryslers and more.

This article was written today, and covers cars from 2005 to next year. Please check this list if you drive and make sure you’re not in immediate danger. The air bag section may be the most important, but your car as a whole is important.

Thanks for reading, make it a great day!

Comments (0)

Got new tech? Komando’s got some tips

Saw this in today’s newsletter. Let me say, there is a lot to change from Macs, to ipads, to even Windows machines.

These tips may help you out, feel free to check out the article written by Kim herself. Its titled Essential privacy and security steps if you unwrapped a tech gift this year.

I already have a post that will cover what has been posted to the site the past week for EMHS, but I’ll be making sure this one gets in to the first update of the year.

Remember, we’re going to have quite a bit in news, a topic, and much more. I’ll write more about the podcast on a different post. I’ll also be working on show notes for that show, so stay tuned.

Hope you’ll check out this article, and thanks for reading!

Comments (0)

What is happening with electric companies and cyber security?

Trend Micro has an article which I read and sent to our list titled Electricity/Energy Cybersecurity: Trends & Survey Response which I kept around.

This article is a Trend Micro article and one that might interest people.

At some point, this might affect us in some way if oil and gas companies don’t fix their Cyber Security Posture.

While this article was written around Thanksgiving, it is probabluy not too late to share this and make sure that people who have not seen it and can pass this along can do so.

We know about several different disruptions throughout industry, so why not pass this along so that people can learn what people are thinking and maybe can have that change?

Thanks for reading and make it a great day!

Comments (0)

Elon musk wanting encrypted messaging

A little back dated, I know that there has been discussion of getting encrypted in the messaging department just like Facebook did with Whats App and even Messenger.

Facebook has the pour of Signal behind it, but I don’t know of Twitter.

I also know that Twitter has third party apps that blind and visually impaired users can use on the computer. While that could be worked out, I’m curious what people think of encrypting twitter direct messages?

The article that prompted this is titled Elon Musk wants encrypted messaging for Twitter. It might not be that simple. which comes from Cyberscoop.

If it can be pulled off, I think that would be a good thing. While there is imessage for iphone which has “end to end” encryption, we know that Apple has the keys if absolutely necessary. They’ve definitely tried to look out for our best interest, I believe. That could be up for debate I suppose.

Let me know what you think. Nothing has been set in stone yet. The article indicates that its going to be a work in progress.

Comments (0)

Have you heard? Indiana sued TikTok

In Mid December, Terry from the jukebox sent me this article which I ended up reading and posting to our list talking about TikTok. The article is titled Indiana sues TikTok, claiming it exposes children to harmful content.

In the article which was mentioned in prior podcasts, we learn why Indiana wants to sue them, the fact that they want a bunch of money per each violation, and honestly I hope that other states follow suit.

TikTok has got to be one of the biggest stories of this year, and this must go in to that discussion.

I’m sure there were other articles like this that you might have seen from the press, and if so, I’d love to hear what else they had to say.

Take a look, and do comment if you’d like.

Comments (0)

We hope you’ve had a happy Christmas weekend

I hope that everyone has had a very happy holiday weekend this past weekend. I also hope that you all will end up getting the podcast talking about my lock’s application update that we released before the Christmas break.

While TSB is taking the week off this week, we’ve updated EMHS with a new term and we even alphabetized the list and moved the larger list of terms out of the main list.

We’ve since added one new book, and we’ll post the updates later on in the week.

May you have a joyous new year celebration and we’ll have plenty to talk about in the new year. Thanks so much for reading, listening and participating!

Comments (0)

The technology podcast, podcast 367: Utech app updates and thoughts

Hello folks,

Welcome to the final podcast of 2022 with a tech podcast that is not security related.

On this podcast, we’re going to cover some changes with the utech app which make it much more accessible.

Download the 36.91mb file for those who don’t have RSS.


On this edition, we talk about utech’s update to version 2. We also have thoughts on how we might be able to keep this podcast going. This is the last podcast of the year from the network. Enjoy!


Let me know what your thoughts are on how to continue this podcast and we’ll be back next time.

Comments (0)

Merry Christmas from the Jared Rimer Network

Hello folks,

Christmas has come and gone. Please feel free to contact the network and let us know what you got for Christmas.

Got a tech gadget? Make sure you protect it from hackers and crackers who love when things are not secured.

Sites like komando.com and others we may not list may have tips for you.

While we take one more week off from TSB, our goal will be to get the show notes together as well as listening to other newsy podcasts and other things we need to keep up on.

I hope that this week will be of joy as we turn the page on a new year next week. May it warm up and people can enjoy whatever they got as some tech may work better outside than in.

Comments (0)

Hacked ring cameras were used to record swatting victims, should we be concerned when other cameras lie about their security practices?

Hello everyone,

I recently read some good news coming out of Krebs on Security. It talks about two men arrested recently for swatting victims and using their ring cameras to taunt police and cause trouble.

Should we really be worried about hacked cameras when a company like Anker can lie about their privacy practices?

blog post leading to article and blog post leading to podcast 124 of tsb

When you listen to podcast 124, you’ll need the first hour where we talk about this in our news section.

Let me say that I’m happy that there may be justice that will come from this article titled Hacked Ring Cams Used to Record Swatting Victims. While swatting is not necessarily a good thing on its own, these suspects taunted police through the hacked cameras which made it much more dangerous in my opinion.

We’ve got plenty of blog posts covering swatting but it is still going on.

This blog post links to an article where the swatter only gets 1 year in jail for doing the crime. This blog post talks about me reading a book and learning that a blind swatter got 135 months in jail. That’s roughly 11 years, and I understand this individual is out.

In one of the other linked articles, the actor only got 5 years. There’s plenty to read on the Krebs article linked here, including that one of the suspects was bragging on discord, another social media platform.

Both suspects were in different parts of the United States, says the article.

Again, we want to bring to you what’s going on in this industry, and swatting, while not as big as ransomware, can still be a problem.

Again, the article is titled Hacked Ring Cams Used to Record Swatting Victims and it comes from Krebs on Security.

I’d suggest a read, learn how you can make sure your camera as safe as possible, and learn. Only have the video for you, not for everyone else to see or commandeer.

Thanks for reading, and have a happy holiday season! This will be the last blog post tuntil after the Christmas holiday. We’ll continue to blog but post stuff after the holidays to allow you to have time to spend with friends and family. Make a great weekend!

Comments (0)

Security Now, episode 902 for December 20, 2022

More burning questions await us in this episode.

title: A Generic WAF Bypass

This week we answer another collection of burning questions: Is there no honor among thieves? What was discovered during this year’s Toronto Pwn2Own competition? What did we learn from last Tuesday’s patchfest? Whose fault was the most recent Uber data breach? What happened when Elon tried to block all the bots? What’s the first web browser to offer native support for Mastodon? What exactly is “Coordinated Inauthentic Behavior” and why is it such a problem? What will happen to GitHub submitters at the end of next year? What measure could every member of the US senate possibly agree upon? Exactly what applications are there for a zero-width space character? And finally, what larger lesson are we taught by the discovery of a serious failure to block a problem that we should never have had in the first place? The answer to all those questions and more await the listeners of today’s Security Now podcast #902.

download the 49mb file if you wish.

Comments (0)

Security Now, episode 901 notice

Episode 901 of Security Now picks up where 900 left off with more questions. I’ve not heard this one yet, but its going to be a good one I’m sure.

title: Apple Encrypts the Cloud

This week we answer the following questions and more: What browser just added native support for passkeys and where are they stored? What service have I recommended that suffered a major multi-day service outage? How can you recognize a totally fake cryptocurrency trading site? Which messaging platform has become cybercrime’s favorite, and how would you go about monetizing desirable usernames? What’s the latest in TikTok legislative insanity, and is it insane? Which two major companies have been hit with class action lawsuits following security breaches? Was Medibank’s leaked data truly useless? And Apple has finally given us the keys to our encrypted data in the cloud, holding none for themselves… or have they?

download the 58mb file if you’d like to download the file. Thanks for listening!This program aired December 13, 2022 and podcasted the same day.

Comments (0)

Security Now notice: episode 900

This is an inaugril episode for Security Now. Steve indicates that there is only room for 999 episodes, but only time will tell. We wish them the best.

We’ve been talking about several different topics coming out of this episode, and episode 901 which I’ve not heard yet promises to have more questions.

Title: LastPass, Again

This week we answer a few questions: What if an Australian company doesn’t secure their own network? Has Ireland NOT levied fines against any major Internet property owned by Meta? What’s in REvil’s complete dump of Australia’s Medibank data disclosure? We finally answer the question: Is nothing sacred? (It turns out it’s not rhetorical.) Also, whose root cert just got pulled from all of our browsers, and how did a handful of Android platform certs escape? What US state has banned all use of Tik-Tok? What country is prosecuting its own ex-IT staff after a breach? How has memory-safe language deployment actually fared in the wild? Are last August’s BlackHat 2022 videos out yet? And which brand of IoT security camera do you probably NOT want to use or purchase? Which podcast had the most amazing guest last week? What happened when SpinRite was run on an SSD? And what does LastPass’s announcement of another hacker intrusion mean for it and its users? Answers to those questions and more coming your way during this week’s Security Now! podcast.

Want to download the file which was podcasted and taped December 6, 2022? Here’s the 49mb file for you all to have.

Comments (0)

Coupon scams

People always want to find a great deal, and with two days until Christmas, companies are scrambling to get your gifts delivered on time. You might be too late to get it delivered by Christmas, but you’ll need to know about coupon scams just the same.

Before we know it, our next major holiday, Valentines Day will be right around the corner, and scammers may try to take advantage of the situation.

Today’s article is titled Watch out: Fake coupons spreading on social media and gives ideas on what to look for when it comes to coupons.

If you’re a coupon finder, you might want to take a look at this and make sure you’re vigilent. They seem to be on social media and other places that you’ll not expect coupons to be.

Comments (0)

Draft Kings hacked, part of credential stuffing attack

Credential stuffing is when someone uses a username and password combination on other sites to see if it works there. Apparently, this is what happened to a site called Draft Kings, a sports betting site.

I’ve heard of them, they comercialize on quite a number of sports channels, especially during games.

komando.com has an article and its titled Gambling platform DraftKings breached – Do this if you have an account. This article was written today and you should read it.

Tell those you know who have an account there too, and let’s get the word out about this one.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu